Feature/nano attachment delayed verdict response body (#50)

* Add delayed verdict support for response body in nano attachment Summary: * Implement TRAFFIC_VERDICT_DELAYED handling in SendResponseBody function * Add delayed verdict thread spawning when response body returns delayed verdict This change mirrors the existing delayed verdict handling in SendRequestBody to ensure consistent behavior for both request and response body processing. * Redirect kong nano attachment output from stdout to stderr
2025-12-31 05:39:07 +03:00 · 2025-12-23 11:23:14 +02:00
parent d723e297d1
commit 41e13b1bba
2 changed files with 26 additions and 1 deletions
--- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/lua_attachment_wrapper.c
+++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/lua_attachment_wrapper.c
@@ -12,7 +12,7 @@ static int lua_init_nano_attachment(lua_State *L) {
    int worker_id = luaL_checkinteger(L, 1);
    int num_workers = luaL_checkinteger(L, 2);

-    NanoAttachment* attachment = InitNanoAttachment(0, worker_id, num_workers, fileno(stdout));
+    NanoAttachment* attachment = InitNanoAttachment(0, worker_id, num_workers, fileno(stderr));
    if (!attachment) {
        lua_pushnil(L);
        lua_pushstring(L, "Failed to initialize NanoAttachment");
--- a/attachments/nano_attachment/nano_attachment_sender.c
+++ b/attachments/nano_attachment/nano_attachment_sender.c
@@ -636,6 +636,31 @@ SendResponseBody(NanoAttachment *attachment, AttachmentData *data)
        ctx.res
    );

+    if (session_data_p->verdict == TRAFFIC_VERDICT_DELAYED) {
+        write_dbg(attachment, session_id, DBG_LEVEL_DEBUG, "spawn SendDelayedVerdictRequestThread");
+        res = NanoRunInThreadTimeout(
+            attachment,
+            data,
+            SendDelayedVerdictRequestThread,
+            (void *)&ctx,
+            attachment->waiting_for_verdict_thread_timeout_msec,
+            "SendDelayedVerdictRequestThread",
+            RESPONSE
+        );
+        if (!res) {
+            updateMetricField(attachment, HOLD_THREAD_TIMEOUT, 1);
+            return SendThreadTimeoutVerdict(attachment, session_id, &ctx);
+        }
+
+        write_dbg(
+            attachment,
+            session_id,
+            DBG_LEVEL_DEBUG,
+            "finished SendDelayedVerdictRequestThread successfully. res=%d",
+            ctx.res
+        );
+    }
+
    if (ctx.res != NANO_HTTP_FORBIDDEN && ctx.res != NANO_OK) {
        return FinalizeFailedResponse(attachment, session_id, &ctx);
    }