github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2026-01-02 06:34:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

proper fini of session data

Browse Source
This commit is contained in:
wiaamm
2025-11-30 01:41:06 +02:00
parent dee2d3a5db
commit a698d6023a
1 changed files with 34 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
View File

@@ -196,9 +196,14 @@ function NanoHandler.body_filter(conf)
if current_time - ctx.body_filter_start_time > 150000 then if current_time - ctx.body_filter_start_time > 150000 then
kong.log.warn("body_filter timeout exceeded (2.5 minutes), failing open") kong.log.warn("body_filter timeout exceeded (2.5 minutes), failing open")
if not ctx.session_finalized then if not ctx.session_finalized then
-- Invalidate session references BEFORE finalization to prevent lingering IPC signals
ctx.session_id = nil
ctx.session_data = nil
ctx.session_finalized = true
-- Now finalize and cleanup
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all() nano.cleanup_all()
ctx.session_finalized = true
end end
return return
end end
@@ -224,9 +229,14 @@ function NanoHandler.body_filter(conf)
ctx.body_buffer_chunk = ctx.body_buffer_chunk + 1 ctx.body_buffer_chunk = ctx.body_buffer_chunk + 1
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) -- Invalidate session references BEFORE finalization
local temp_session_data = session_data
ctx.session_id = nil
ctx.session_data = nil
ctx.session_finalized = true ctx.session_finalized = true
local custom_result = nano.handle_custom_response(session_data, response)
nano.fini_session(temp_session_data)
local custom_result = nano.handle_custom_response(temp_session_data, response)
nano.cleanup_all() nano.cleanup_all()
return custom_result return custom_result
end end
@@ -234,9 +244,14 @@ function NanoHandler.body_filter(conf)
-- Nano failed - finalize session and pass through -- Nano failed - finalize session and pass through
kong.log.warn("nano.send_body failed, failing open: ", tostring(result)) kong.log.warn("nano.send_body failed, failing open: ", tostring(result))
if not ctx.session_finalized then if not ctx.session_finalized then
nano.fini_session(session_data) -- Invalidate session references BEFORE finalization
nano.cleanup_all() local temp_session_data = session_data
ctx.session_id = nil
ctx.session_data = nil
ctx.session_finalized = true ctx.session_finalized = true
nano.fini_session(temp_session_data)
nano.cleanup_all()
end end
end end
return return
@@ -253,17 +268,27 @@ function NanoHandler.body_filter(conf)
local response = result[2] local response = result[2]
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) -- Invalidate session references BEFORE finalization
local temp_session_data = session_data
ctx.session_id = nil
ctx.session_data = nil
ctx.session_finalized = true ctx.session_finalized = true
local custom_result = nano.handle_custom_response(session_data, response)
nano.fini_session(temp_session_data)
local custom_result = nano.handle_custom_response(temp_session_data, response)
nano.cleanup_all() nano.cleanup_all()
return custom_result return custom_result
end end
end end
nano.fini_session(session_data) -- Invalidate session references BEFORE finalization
nano.cleanup_all() local temp_session_data = session_data
ctx.session_id = nil
ctx.session_data = nil
ctx.session_finalized = true ctx.session_finalized = true
nano.fini_session(temp_session_data)
nano.cleanup_all()
end end
end end
end end