github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2026-01-02 14:44:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix specific path

Browse Source
This commit is contained in:
wiaamm
2025-11-24 09:55:57 +02:00
parent f0c3dd8efc
commit 6180aea3d4
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
View File

@@ -165,6 +165,11 @@ function NanoHandler.header_filter(conf)
end end
ctx.expect_body = not (status_code == 204 or status_code == 304 or (100 <= status_code and status_code < 200) or content_length == 0) ctx.expect_body = not (status_code == 204 or status_code == 304 or (100 <= status_code and status_code < 200) or content_length == 0)
-- Initialize response body processing start time for timeout tracking
if ctx.expect_body then
ctx.res_body_start_time = ngx.now() * 1000 -- Convert to milliseconds
end
end end
function NanoHandler.body_filter(conf) function NanoHandler.body_filter(conf)
@@ -183,10 +188,27 @@ function NanoHandler.body_filter(conf)
local chunk = ngx.arg[1] local chunk = ngx.arg[1]
local eof = ngx.arg[2] local eof = ngx.arg[2]
-- Check if response body processing has timed out
if ctx.res_body_start_time and not ctx.res_body_timeout_triggered then
local elapsed_time = (ngx.now() * 1000) - ctx.res_body_start_time
local timeout = conf.res_body_thread_timeout_msec or 150
if elapsed_time > timeout then
ctx.res_body_timeout_triggered = true
kong.log.warn("Response body processing timeout exceeded (", elapsed_time, "ms > ", timeout, "ms). Failing open - skipping body inspection.")
end
end
-- Handle body chunks -- Handle body chunks
if chunk and #chunk > 0 then if chunk and #chunk > 0 then
ctx.body_seen = true ctx.body_seen = true
-- If timeout triggered, skip nano inspection and just pass through
if ctx.res_body_timeout_triggered then
-- Just pass the chunk through without inspection
return
end
-- Initialize chunk index if not exists -- Initialize chunk index if not exists
if not ctx.body_buffer_chunk then if not ctx.body_buffer_chunk then
ctx.body_buffer_chunk = 0 ctx.body_buffer_chunk = 0
@@ -218,6 +240,15 @@ function NanoHandler.body_filter(conf)
-- Handle end of response -- Handle end of response
if eof then if eof then
if ctx.body_seen or ctx.expect_body == false then if ctx.body_seen or ctx.expect_body == false then
-- If timeout was triggered, finalize without sending end inspection
if ctx.res_body_timeout_triggered then
nano.fini_session(session_data)
nano.cleanup_all()
ctx.session_finalized = true
kong.log.debug("Response body inspection skipped due to timeout. Session finalized.")
return
end
local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END) local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) nano.fini_session(session_data)

1
attachments/kong/plugins/open-appsec-waf-kong-plugin/schema.lua
View File

@@ -16,6 +16,7 @@ return {
type = "record", type = "record",
fields = { fields = {
{ debug = { type = "boolean", default = false } }, { debug = { type = "boolean", default = false } },
{ res_body_thread_timeout_msec = { type = "number", default = 150, gt = 0 } },
}, },
}, },
}, },