github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2026-01-17 16:00:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

add custom block page

Browse Source
This commit is contained in:
wiaamm
2026-01-14 19:01:47 +02:00
parent 5dfa150635
commit db963739bd
3 changed files with 72 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
attachments/kong/plugins/open-appsec-waf-kong-plugin/lua_attachment_wrapper.c
View File

@@ -104,6 +104,49 @@ static int lua_get_redirect_page(lua_State *L) {
return 1; return 1;
} }
static int lua_get_custom_response_with_headers(lua_State *L) {
NanoAttachment* attachment = (NanoAttachment*)lua_touserdata(L, 1);
HttpSessionData* session_data = (HttpSessionData*)lua_touserdata(L, 2);
AttachmentVerdictResponse* response = (AttachmentVerdictResponse*)lua_touserdata(L, 3);
if (!attachment || !session_data || !response) {
return luaL_error(L, "invalid args to get_custom_response_with_headers");
}
CustomResponseWithHeaders* custom_response = GetCustomResponseWithHeaders(attachment, session_data, response);
if (!custom_response) {
lua_pushnil(L);
lua_pushstring(L, "Failed to get custom response with headers");
return 2;
}
// Create a table to return the data
lua_newtable(L);
// Add response code
lua_pushinteger(L, custom_response->response_code);
lua_setfield(L, -2, "response_code");
// Add headers as a nested table
lua_newtable(L);
for (uint8_t i = 0; i < custom_response->headers_count; i++) {
lua_pushlstring(L, custom_response->headers[i].key, custom_response->headers[i].key_size);
lua_pushlstring(L, custom_response->headers[i].value, custom_response->headers[i].value_size);
lua_settable(L, -3);
}
lua_setfield(L, -2, "headers");
// Add body
if (custom_response->body_size > 0 && custom_response->body) {
lua_pushlstring(L, custom_response->body, custom_response->body_size);
} else {
lua_pushstring(L, "");
}
lua_setfield(L, -2, "body");
return 1;
}
static int lua_free_http_metadata(lua_State *L) { static int lua_free_http_metadata(lua_State *L) {
HttpMetaData *metadata = (HttpMetaData *)lua_touserdata(L, 1); HttpMetaData *metadata = (HttpMetaData *)lua_touserdata(L, 1);
if (!metadata) return 0; if (!metadata) return 0;
@@ -537,6 +580,7 @@ static const struct luaL_Reg nano_attachment_lib[] = {
{"get_response_code", lua_get_response_code}, {"get_response_code", lua_get_response_code},
{"get_block_page", lua_get_block_page}, {"get_block_page", lua_get_block_page},
{"get_redirect_page", lua_get_redirect_page}, {"get_redirect_page", lua_get_redirect_page},
{"get_custom_response_with_headers", lua_get_custom_response_with_headers},
{"createNanoStrAlloc", lua_createNanoStrAlloc}, {"createNanoStrAlloc", lua_createNanoStrAlloc},
{"freeNanoStr", lua_freeNanoStr}, {"freeNanoStr", lua_freeNanoStr},
{"setHeaderElement", lua_setHeaderElement}, {"setHeaderElement", lua_setHeaderElement},

30
attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua
View File

@@ -29,9 +29,11 @@ nano.HttpChunkType = {
nano.WebResponseType = { nano.WebResponseType = {
CUSTOM_WEB_RESPONSE = 0, CUSTOM_WEB_RESPONSE = 0,
RESPONSE_CODE_ONLY = 1, CUSTOM_WEB_BLOCK_PAGE_RESPONSE = 1,
REDIRECT_WEB_RESPONSE = 2, RESPONSE_CODE_ONLY = 2,
NO_WEB_RESPONSE = 3, REDIRECT_WEB_RESPONSE = 3,
CUSTOM_RESPONSE_WITH_HEADERS = 4,
NO_WEB_RESPONSE = 5,
} }
local ffi = require "ffi" local ffi = require "ffi"
@@ -47,8 +49,10 @@ typedef enum HttpModificationType
typedef enum NanoWebResponseType typedef enum NanoWebResponseType
{ {
CUSTOM_WEB_RESPONSE, CUSTOM_WEB_RESPONSE,
CUSTOM_WEB_BLOCK_PAGE_RESPONSE,
RESPONSE_CODE_ONLY, RESPONSE_CODE_ONLY,
REDIRECT_WEB_RESPONSE, REDIRECT_WEB_RESPONSE,
CUSTOM_RESPONSE_WITH_HEADERS,
NO_WEB_RESPONSE NO_WEB_RESPONSE
} NanoWebResponseType; } NanoWebResponseType;
@@ -109,6 +113,26 @@ function nano.get_custom_response_data(session_data, response)
return code, "", { ["Location"] = location } return code, "", { ["Location"] = location }
end end
if response_type == nano.WebResponseType.CUSTOM_RESPONSE_WITH_HEADERS then
local custom_response, err = nano_attachment.get_custom_response_with_headers(attachment, session_data, response)
if not custom_response then
kong.log.err("Failed to get custom response with headers: ", err)
return 500, "Internal Server Error"
end
local code = custom_response.response_code
if not code or code < 100 or code > 599 then
kong.log.warn("Invalid response code in custom response: ", code, " - using 403 instead")
code = 403
end
local headers = custom_response.headers or {}
local body = custom_response.body or ""
kong.log.debug("Custom response with headers: code=", code, ", headers_count=", #headers, ", body_size=", #body)
return code, body, headers
end
local block_page = nano_attachment.get_block_page(attachment, session_data, response) local block_page = nano_attachment.get_block_page(attachment, session_data, response)
if not block_page then if not block_page then
kong.log.debug("Failed to retrieve custom block page for session ", session_data) kong.log.debug("Failed to retrieve custom block page for session ", session_data)

2
attachments/kong/plugins/open-appsec-waf-kong-plugin/open-appsec-waf-kong-plugin-1.0.0-1.rockspec
View File

@@ -3,7 +3,7 @@ version = "1.0.0-1"
source = { source = {
url = "git://github.com/openappsec/attachment.git", url = "git://github.com/openappsec/attachment.git",
tag = "main" tag = "custom-block-page"
} }
description = { description = {