github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-06-28 16:41:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: Override existing x-waf-tag headers with configured value

Browse Source
This commit is contained in:
Roy Barda 2025-04-01 15:48:06 +03:00
parent 83fccba6a5
commit 82d382ec18
1 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
attachments/nginx/ngx_module/ngx_cp_io.c
View File

@ -1008,7 +1008,8 @@ ngx_http_cp_header_sender(
ngx_list_part_t *headers_list, ngx_list_part_t *headers_list,
ngx_http_chunk_type_e header_type, ngx_http_chunk_type_e header_type,
uint32_t cur_request_id, uint32_t cur_request_id,
ngx_uint_t *num_messages_sent ngx_uint_t *num_messages_sent,
ngx_str_t *waf_tag
) )
{ {
ngx_uint_t header_idx = 0; ngx_uint_t header_idx = 0;
@ -1024,6 +1025,7 @@ ngx_http_cp_header_sender(
const ngx_uint_t max_bulk_size = 10; const ngx_uint_t max_bulk_size = 10;
char *fragments[HEADER_DATA_COUNT * max_bulk_size + 4]; char *fragments[HEADER_DATA_COUNT * max_bulk_size + 4];
uint16_t fragments_sizes[HEADER_DATA_COUNT * max_bulk_size + 4]; uint16_t fragments_sizes[HEADER_DATA_COUNT * max_bulk_size + 4];
ngx_flag_t waf_tag_found = 0;
write_dbg( write_dbg(
DBG_LEVEL_TRACE, DBG_LEVEL_TRACE,
@ -1034,6 +1036,38 @@ ngx_http_cp_header_sender(
// Sets fragments identifier to the provided body type. // Sets fragments identifier to the provided body type.
set_fragments_identifiers(fragments, fragments_sizes, (uint16_t *)&header_type, &cur_request_id); set_fragments_identifiers(fragments, fragments_sizes, (uint16_t *)&header_type, &cur_request_id);
// If waf_tag is provided and valid, check for existing x-waf-tag headers
if (waf_tag != NULL && waf_tag->len > 0) {
for (headers_iter = headers_list; headers_iter; headers_iter = headers_iter->next) {
headers_to_inspect = headers_iter->elts;
for (header_idx = 0; header_idx < headers_iter->nelts; ++header_idx) {
header = headers_to_inspect + header_idx;
if (header->key.len == 9 && ngx_strncasecmp(header->key.data, (u_char *)"x-waf-tag", 9) == 0) {
// Found existing x-waf-tag header, override its value
header->value = *waf_tag;
waf_tag_found = 1;
write_dbg(DBG_LEVEL_DEBUG, "Overriding existing x-waf-tag header with value: %.*s", waf_tag->len, waf_tag->data);
break;
}
}
if (waf_tag_found) break;
}
// If no existing x-waf-tag header found, add a new one
if (!waf_tag_found) {
ngx_table_elt_t waf_header;
waf_header.hash = 1;
ngx_str_set(&waf_header.key, "x-waf-tag");
waf_header.value = *waf_tag;
waf_header.lowcase_key = NULL; // Not needed for sending to agent
add_header_to_bulk(fragments, fragments_sizes, &waf_header, idx_in_bulk);
idx_in_bulk++;
part_count++;
write_dbg(DBG_LEVEL_DEBUG, "Adding new x-waf-tag header with value: %.*s", waf_tag->len, waf_tag->data);
}
}
for (headers_iter = headers_list; headers_iter ; headers_iter = headers_iter->next) { for (headers_iter = headers_list; headers_iter ; headers_iter = headers_iter->next) {
// Going over the header list. // Going over the header list.
for (header_idx = 0 ; header_idx < headers_iter->nelts ; ++header_idx) { for (header_idx = 0 ; header_idx < headers_iter->nelts ; ++header_idx) {