add accept

2025-12-31 13:49:09 +03:00 · 2025-12-10 15:28:54 +02:00
parent 616aeddbb2
commit 2dd1968723
1 changed files with 36 additions and 0 deletions
--- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
+++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
@@ -78,6 +78,10 @@ function NanoHandler.access(conf)
            if verdict == nano.AttachmentVerdict.DROP then
                kong.ctx.plugin.cleanup_needed = true
                return nano.handle_custom_response(session_data, response)
+            elseif verdict == nano.AttachmentVerdict.ACCEPT then
+                kong.log.debug("Request body passed inspection")
+                kong.ctx.plugin.cleanup_needed = true
+                return
            end
        else
            --kong.log.err("Request body not found in memory, checking nginx vars")
@@ -91,6 +95,10 @@ function NanoHandler.access(conf)
                if verdict == nano.AttachmentVerdict.DROP then
                    kong.ctx.plugin.cleanup_needed = true
                    return nano.handle_custom_response(session_data, response)
+                elseif verdict == nano.AttachmentVerdict.ACCEPT then
+                    kong.log.debug("Request body from nginx var passed inspection")
+                    kong.ctx.plugin.cleanup_needed = true
+                    return
                end
                kong.log.err("Sent request body from nginx var to C module")
            else
@@ -113,6 +121,10 @@ function NanoHandler.access(conf)
                            if verdict == nano.AttachmentVerdict.DROP then
                                kong.ctx.plugin.cleanup_needed = true
                                return nano.handle_custom_response(session_data, response)
+                            elseif verdict == nano.AttachmentVerdict.ACCEPT then
+                                kong.log.debug("Request body from file passed inspection")
+                                kong.ctx.plugin.cleanup_needed = true
+                                return
                            end
                        else
                            kong.log.debug("Empty body file")
@@ -137,6 +149,10 @@ function NanoHandler.access(conf)
        if verdict == nano.AttachmentVerdict.DROP then
            kong.ctx.plugin.cleanup_needed = true
            return nano.handle_custom_response(session_data, response)
+        elseif verdict == nano.AttachmentVerdict.ACCEPT then
+            kong.log.debug("Request end inspection passed")
+            kong.ctx.plugin.cleanup_needed = true
+            return
        end
    else
        kong.log.err("No request body to inspect, ending inspection directly")
@@ -144,6 +160,10 @@ function NanoHandler.access(conf)
        if verdict == nano.AttachmentVerdict.DROP then
            kong.ctx.plugin.cleanup_needed = true
            return nano.handle_custom_response(session_data, response)
+        elseif verdict == nano.AttachmentVerdict.ACCEPT then
+            kong.log.debug("Request end inspection passed (no body)")
+            kong.ctx.plugin.cleanup_needed = true
+            return
        end
    end
 end
@@ -190,6 +210,10 @@ function NanoHandler.header_filter(conf)
    if verdict == nano.AttachmentVerdict.DROP then
        kong.ctx.plugin.cleanup_needed = true
        return nano.handle_custom_response(session_data, response)
+    elseif verdict == nano.AttachmentVerdict.ACCEPT then
+        kong.log.debug("Response headers passed inspection")
+        kong.ctx.plugin.cleanup_needed = true
+        return
    end
    --kong.log.err("NanoHandler header_filter phase sent response headers")

@@ -203,6 +227,10 @@ function NanoHandler.header_filter(conf)
            kong.log.err("DROP verdict after response end inspection")
            ctx.cleanup_needed = true
            return nano.handle_custom_response(session_data, response)
+        elseif verdict == nano.AttachmentVerdict.ACCEPT then
+            kong.log.debug("Response end inspection passed (no body expected)")
+            ctx.cleanup_needed = true
+            return
        end
        ctx.cleanup_needed = true
    end
@@ -263,6 +291,10 @@ function NanoHandler.body_filter(conf)
            ngx.arg[1] = ""
            ngx.arg[2] = true
            return nano.handle_custom_response(session_data, response)
+        elseif verdict == nano.AttachmentVerdict.ACCEPT then
+            kong.log.debug("Response body chunk passed inspection")
+            ctx.cleanup_needed = true
+            return
        end
    end

@@ -279,6 +311,10 @@ function NanoHandler.body_filter(conf)
                ngx.arg[1] = ""
                ngx.arg[2] = true
                return nano.handle_custom_response(session_data, response)
+            elseif verdict == nano.AttachmentVerdict.ACCEPT then
+                kong.log.debug("Response end inspection passed")
+                ctx.cleanup_needed = true
+                return
            end
            --kong.log.err("Response inspection ended successfully")