github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-08-14 05:45:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix cleanup calls

Browse Source
This commit is contained in:
wiaamm 2025-07-05 22:55:25 +03:00
parent cd5123f32c
commit ba216839e6
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
attachments/kong/handler.lua
View File

@ -47,9 +47,10 @@ function NanoHandler.access(conf)
local verdict, response = nano.send_data(session_id, session_data, meta_data, req_headers, contains_body, nano.HttpChunkType.HTTP_REQUEST_FILTER) local verdict, response = nano.send_data(session_id, session_data, meta_data, req_headers, contains_body, nano.HttpChunkType.HTTP_REQUEST_FILTER)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.blocked = true kong.ctx.plugin.blocked = true
return nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.cleanup_all()
return result
end end
if contains_body == 1 then if contains_body == 1 then
@ -58,9 +59,10 @@ function NanoHandler.access(conf)
verdict, response = nano.send_body(session_id, session_data, body, nano.HttpChunkType.HTTP_REQUEST_BODY) verdict, response = nano.send_body(session_id, session_data, body, nano.HttpChunkType.HTTP_REQUEST_BODY)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.blocked = true kong.ctx.plugin.blocked = true
return nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.cleanup_all()
return result
end end
else else
-- Body might be buffered to file, try to read it using nginx variables -- Body might be buffered to file, try to read it using nginx variables
@ -99,9 +101,10 @@ function NanoHandler.access(conf)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
file:close() file:close()
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.blocked = true kong.ctx.plugin.blocked = true
return nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.cleanup_all()
return result
end end
end end
@ -137,9 +140,10 @@ function NanoHandler.access(conf)
verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_REQUEST_END) verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_REQUEST_END)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.blocked = true kong.ctx.plugin.blocked = true
return nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.cleanup_all()
return result
end end
end end
@ -208,10 +212,11 @@ function NanoHandler.body_filter(conf)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) nano.fini_session(session_data)
ctx.session_finalized = true
local result = nano.handle_custom_response(session_data, response)
-- Clean up allocated memory -- Clean up allocated memory
nano.cleanup_all() nano.cleanup_all()
ctx.session_finalized = true return result
return nano.handle_custom_response(session_data, response)
end end
return return
end end
@ -220,10 +225,11 @@ function NanoHandler.body_filter(conf)
local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END) local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
nano.fini_session(session_data) nano.fini_session(session_data)
ctx.session_finalized = true
local result = nano.handle_custom_response(session_data, response)
-- Clean up allocated memory -- Clean up allocated memory
nano.cleanup_all() nano.cleanup_all()
ctx.session_finalized = true return result
return nano.handle_custom_response(session_data, response)
end end
nano.fini_session(session_data) nano.fini_session(session_data)

12
attachments/kong/nano_ffi.lua
View File

@ -96,6 +96,12 @@ function nano.handle_custom_response(session_data, response)
if response_type == nano.WebResponseType.RESPONSE_CODE_ONLY then if response_type == nano.WebResponseType.RESPONSE_CODE_ONLY then
local code = nano_attachment.get_response_code(response) local code = nano_attachment.get_response_code(response)
-- Validate HTTP status code
if not code or code < 100 or code > 599 then
kong.log.warn("Invalid response code received: ", code, " - using 403 instead")
code = 403
end
kong.log.debug("Response code only: ", code)
return kong.response.exit(code, "") return kong.response.exit(code, "")
end end
@ -110,6 +116,12 @@ function nano.handle_custom_response(session_data, response)
return kong.response.exit(500, { message = "Internal Server Error" }) return kong.response.exit(500, { message = "Internal Server Error" })
end end
local code = nano_attachment.get_response_code(response) -- Get the intended status code local code = nano_attachment.get_response_code(response) -- Get the intended status code
-- Validate HTTP status code
if not code or code < 100 or code > 599 then
kong.log.warn("Invalid response code received: ", code, " - using 403 instead")
code = 403
end
kong.log.debug("Block page response with code: ", code)
return kong.response.exit(code, block_page, { ["Content-Type"] = "text/html" }) return kong.response.exit(code, block_page, { ["Content-Type"] = "text/html" })
end end