github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-12-31 13:49:09 +03:00
Code Issues Packages Projects Releases Wiki Activity

return the logs

Browse Source
This commit is contained in:
wiaamm
2025-12-08 13:39:56 +02:00
parent 869df17efd
commit d5580839d3
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
View File

@@ -27,6 +27,7 @@ function NanoHandler.access(conf)
local session_data = nano.init_session(session_id) local session_data = nano.init_session(session_id)
if not session_data then if not session_data then
kong.log.err("Failed to initialize session - failing open")
return return
end end
@@ -35,6 +36,7 @@ function NanoHandler.access(conf)
local meta_data = nano.handle_start_transaction() local meta_data = nano.handle_start_transaction()
if not meta_data then if not meta_data then
kong.log.err("Failed to handle start transaction - failing open")
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all() nano.cleanup_all()
-- collectgarbage("restart") -- collectgarbage("restart")
@@ -46,6 +48,7 @@ function NanoHandler.access(conf)
local req_headers = nano.handleHeaders(headers) local req_headers = nano.handleHeaders(headers)
if not req_headers then if not req_headers then
kong.log.err("Failed to handle request headers - failing open")
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all() nano.cleanup_all()
-- collectgarbage("restart") -- collectgarbage("restart")
@@ -121,6 +124,7 @@ function NanoHandler.access(conf)
end) end)
if not ok then if not ok then
kong.log.err("Error ending request inspection: ", pcall_verdict, " - failing open")
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all() nano.cleanup_all()
-- collectgarbage("restart") -- collectgarbage("restart")
@@ -157,7 +161,9 @@ end
function NanoHandler.header_filter(conf) function NanoHandler.header_filter(conf)
local ctx = kong.ctx.plugin local ctx = kong.ctx.plugin
if ctx.blocked or ctx.cleanup_needed then kong.log.err("header_filter: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL")
if ctx.blocked or ctx.cleanup_needed then
return return
end end
@@ -165,6 +171,7 @@ function NanoHandler.header_filter(conf)
local session_data = ctx.session_data local session_data = ctx.session_data
if not session_id or not session_data then if not session_id or not session_data then
kong.log.err("No session data found in header_filter - session_id:", session_id, " session_data:", session_data)
return return
end end
@@ -172,6 +179,7 @@ function NanoHandler.header_filter(conf)
local header_data = nano.handleHeaders(headers) local header_data = nano.handleHeaders(headers)
if not header_data then if not header_data then
kong.log.err("Failed to handle response headers - failing open")
return return
end end
@@ -192,10 +200,14 @@ function NanoHandler.body_filter(conf)
local ctx = kong.ctx.plugin local ctx = kong.ctx.plugin
local chunk = ngx.arg[1] local chunk = ngx.arg[1]
local eof = ngx.arg[2] local eof = ngx.arg[2]
ctx.response_body_size = (ctx.response_body_size or 0) + (chunk and #chunk or 0)
kong.log.err("Response body size so far: ", ctx.response_body_size)
--kong.log.err("body_filter START: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL") --kong.log.err("body_filter START: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL")
if ctx.blocked or ctx.cleanup_needed then if ctx.blocked or ctx.cleanup_needed then
kong.log.err("Fail-open mode - blocked/cleanup chunk without inspection, passing through")
ngx.arg[1] = chunk
return return
end end
@@ -204,8 +216,12 @@ function NanoHandler.body_filter(conf)
local session_data = ctx.session_data local session_data = ctx.session_data
-- kong.log.err("Session id after: ", session_id, " session_data: ", session_data and "EXISTS" or "NIL") -- kong.log.err("Session id after: ", session_id, " session_data: ", session_data and "EXISTS" or "NIL")
if not session_id or not session_data or ctx.session_finalized then if not session_id or not session_data or ctx.session_finalized then
kong.log.err("No session data found in body_filter - session_id:", session_id, " session_data:", session_data)
ngx.arg[1] = chunk
return return
end end
kong.log.err("Session id after 2")
-- Timeout handling -- Timeout handling
if not ctx.body_filter_start_time then if not ctx.body_filter_start_time then
ctx.body_filter_start_time = ngx.now() ctx.body_filter_start_time = ngx.now()
@@ -270,7 +286,7 @@ function NanoHandler.log(conf)
local ctx = kong.ctx.plugin local ctx = kong.ctx.plugin
kong.log.err("log phase: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL") kong.log.err("log phase: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL")
-- Cleanup session if it was blocked (kong.response.exit was called) -- Cleanup session if it was blocked (kong.response.exit was called)
if ctx.cleanup_needed and ctx.session_data then if ctx.cleanup_needed or ctx.session_data then
nano.fini_session(ctx.session_data) nano.fini_session(ctx.session_data)
nano.cleanup_all() nano.cleanup_all()
ctx.session_data = nil ctx.session_data = nil