github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

update checkpoint to openappsec

Browse Source
This commit is contained in:
davidga 2022-11-16 10:34:13 +02:00
parent b0b813ace5
commit 03949a3cb7
3 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h
View File

@ -14,7 +14,10 @@
#ifndef __APPSEC_PRACTICE_SECTION_H__ #ifndef __APPSEC_PRACTICE_SECTION_H__
#define __APPSEC_PRACTICE_SECTION_H__ #define __APPSEC_PRACTICE_SECTION_H__
#include <list>
#include <cereal/archives/json.hpp> #include <cereal/archives/json.hpp>
#include <cereal/types/list.hpp>
#include <boost/uuid/uuid.hpp> #include <boost/uuid/uuid.hpp>
#include <boost/uuid/uuid_generators.hpp> #include <boost/uuid/uuid_generators.hpp>
#include <boost/uuid/uuid_io.hpp> #include <boost/uuid/uuid_io.hpp>
@ -697,6 +700,8 @@ public:
const std::string & getMode() const { return mode; } const std::string & getMode() const { return mode; }
void setHost(const std::string &_host) { host = _host; };
void setMode(const std::string &_mode) { mode = _mode; }; void setMode(const std::string &_mode) { mode = _mode; };
const std::string & getCustomResponse() const { return custom_response; } const std::string & getCustomResponse() const { return custom_response; }
@ -749,16 +754,18 @@ public:
if (default_mode_annot.ok() && !default_mode_annot.unpack().empty() && default_rule.getMode().empty()) { if (default_mode_annot.ok() && !default_mode_annot.unpack().empty() && default_rule.getMode().empty()) {
default_rule.setMode(default_mode_annot.unpack()); default_rule.setMode(default_mode_annot.unpack());
} }
parseAppsecJSONKey<std::vector<ParsedRule>>("specific-rules", specific_rules, archive_in); default_rule.setHost("*");
parseAppsecJSONKey<std::list<ParsedRule>>("specific-rules", specific_rules, archive_in);
specific_rules.push_front(default_rule);
} }
const ParsedRule & getDefaultRule() const { return default_rule; } const ParsedRule & getDefaultRule() const { return default_rule; }
const std::vector<ParsedRule> & getSpecificRules() const { return specific_rules; } const std::list<ParsedRule> & getSpecificRules() const { return specific_rules; }
private: private:
ParsedRule default_rule; ParsedRule default_rule;
std::vector<ParsedRule> specific_rules; std::list<ParsedRule> specific_rules;
}; };
class AppsecLinuxPolicy : Singleton::Consume<I_Environment> class AppsecLinuxPolicy : Singleton::Consume<I_Environment>

4
components/security_apps/orchestration/local_policy_mgmt_gen/local_policy_mgmt_gen.cc
View File

@ -289,7 +289,7 @@ public:
return appsec_policy; return appsec_policy;
}); });
vector<ParsedRule> specific_rules = appsec_policy.getAppsecPolicySpec().getSpecificRules(); list<ParsedRule> specific_rules = appsec_policy.getAppsecPolicySpec().getSpecificRules();
ParsedRule default_rule = appsec_policy.getAppsecPolicySpec().getDefaultRule(); ParsedRule default_rule = appsec_policy.getAppsecPolicySpec().getDefaultRule();
string asset; string asset;
@ -672,7 +672,7 @@ public:
AppsecSpecParser<AppsecPolicySpec> appsec_policy = maybe_appsec_policy.unpack(); AppsecSpecParser<AppsecPolicySpec> appsec_policy = maybe_appsec_policy.unpack();
dbgTrace(D_K8S_POLICY) << "Succeessfully retrieved AppSec policy: " << appsec_policy.getSpec(); dbgTrace(D_K8S_POLICY) << "Succeessfully retrieved AppSec policy: " << appsec_policy.getSpec();
vector<ParsedRule> specific_rules = appsec_policy.getSpec().getSpecificRules(); list<ParsedRule> specific_rules = appsec_policy.getSpec().getSpecificRules();
ParsedRule default_rule = appsec_policy.getSpec().getDefaultRule(); ParsedRule default_rule = appsec_policy.getSpec().getDefaultRule();
for (const ParsedRule &parsed_rule : specific_rules) { for (const ParsedRule &parsed_rule : specific_rules) {

9
nodes/orchestration/package/local-default-policy.yaml
View File

@ -7,13 +7,6 @@ policies:
- webapp-default-practice - webapp-default-practice
custom-response: appsec-default-web-user-response custom-response: appsec-default-web-user-response
specific-rules: specific-rules:
- host: "*"
triggers:
- appsec-default-log-trigger
mode: detect-learn
practices:
- webapp-default-practice
custom-response: appsec-default-web-user-response
practices: practices:
- name: webapp-default-practice - name: webapp-default-practice
@ -62,7 +55,7 @@ logtriggers:
cloud: false cloud: false
file: file:
stdout: stdout:
format: json-formatted format: json
syslog-service: syslog-service:
cef-service: cef-service: