implement timeout

attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua

@@ -87,11 +87,11 @@ function NanoHandler.access(conf)
                 return result
             end
         else
-            kong.log.debug("Request body not in memory, attempting to read from buffer/file")
+            kong.log.err("Request body not in memory, attempting to read from buffer/file")
 
             local body_data = ngx.var.request_body
             if body_data and #body_data > 0 then
-                kong.log.debug("Found request body in nginx var, size: ", #body_data)
+                kong.log.err("Found request body in nginx var, size: ", #body_data)
                 verdict, response = nano.send_body(session_id, session_data, body_data, nano.HttpChunkType.HTTP_REQUEST_BODY)
                 if verdict == nano.AttachmentVerdict.DROP then
                     kong.ctx.plugin.blocked = true
@@ -106,7 +106,7 @@ function NanoHandler.access(conf)
             else
                 local body_file = ngx.var.request_body_file
                 if body_file then
-                    kong.log.debug("Reading request body from file: ", body_file)
+                    kong.log.err("Reading request body from file: ", body_file)
                     local file = io.open(body_file, "rb")
                     if file then
                         local entire_body = file:read("*all")
@@ -115,7 +115,7 @@ function NanoHandler.access(conf)
                         if not entire_body then
                             kong.log.err("Failed to read body file: ", body_file)
                         elseif entire_body and #entire_body > 0 then
-                            kong.log.debug("Sending entire body of size ", #entire_body, " bytes to C module")
+                            kong.log.err("Sending entire body of size ", #entire_body, " bytes to C module")
                             verdict, response = nano.send_body(session_id, session_data, entire_body, nano.HttpChunkType.HTTP_REQUEST_BODY)
                             if verdict == nano.AttachmentVerdict.DROP then
                                 kong.ctx.plugin.blocked = true
@@ -128,11 +128,11 @@ function NanoHandler.access(conf)
                                 return result
                             end
                         else
-                            kong.log.debug("Empty body file")
+                            kong.log.err("Empty body file")
                         end
                     end
                 else
-                    kong.log.warn("Request body expected but no body data or file available")
+                    kong.log.err("Request body expected but no body data or file available")
                 end
             end
         end
@@ -230,18 +230,20 @@ function NanoHandler.body_filter(conf)
     local session_data = ctx.session_data
 
     if not session_id or not session_data or ctx.session_finalized then
+        kong.log.err("No session data found or session already finalized in body_filter")
         return
     end
 
     -- Initialize timeout tracking on first call
     if not ctx.body_filter_start_time then
+        kong.log.err("Initializing body filter start time")
         ctx.body_filter_start_time = ngx.now()
     end
 
     -- Check for timeout (150 seconds)
     local elapsed_time = ngx.now() - ctx.body_filter_start_time
     if elapsed_time > 150 then
-        kong.log.warn("Body filter timeout after ", elapsed_time, " seconds - failing open")
+        kong.log.err("Body filter timeout after ", elapsed_time, " seconds - failing open")
         nano.fini_session(session_data)
         nano.cleanup_all()
         collectgarbage("restart")
@@ -256,14 +258,15 @@ function NanoHandler.body_filter(conf)
     local eof = ngx.arg[2]
 
     if chunk and #chunk > 0 then
+        -- Initialize if not exists
+        ctx.body_buffer_chunk = ctx.body_buffer_chunk or 0
+        
+        kong.log.err("Processing response body chunk #", ctx.body_buffer_chunk, "  bytes, EOF: ", tostring(eof))
         ctx.body_seen = true
         
         -- Process chunk by chunk to avoid loading entire large body into memory
         local verdict, response, modifications = nano.send_body(session_id, session_data, chunk, nano.HttpChunkType.HTTP_RESPONSE_BODY)
 
-        -- Initialize if not exists
-        ctx.body_buffer_chunk = ctx.body_buffer_chunk or 0
-
         -- Handle body modifications if any
         if modifications then
             chunk = nano.handle_body_modifications(chunk, modifications, ctx.body_buffer_chunk)
@@ -294,7 +297,10 @@ function NanoHandler.body_filter(conf)
 
     -- Handle end of stream
     if eof then
+        kong.log.err("End of response body stream reached, body_seen: ", tostring(ctx.body_seen), ", expect_body: ", tostring(ctx.expect_body))
+        -- Always finalize at EOF, whether we saw body chunks or expected no body
         if ctx.body_seen or ctx.expect_body == false then
+            kong.log.err("Ending response body inspection")
             local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)
             if verdict == nano.AttachmentVerdict.DROP then
                 ctx.blocked = true