Aug 20th update

components/include/generic_rulebase/match_query.h

@@ -89,7 +89,9 @@ private:
     bool matchAttributesRegEx(const std::set<std::string> &values,
             std::set<std::string> &matched_override_keywords) const;
     bool matchAttributesString(const std::set<std::string> &values) const;
+    bool matchAttributesIp(const std::set<std::string> &values) const;
     bool isRegEx() const;
+    bool isIP() const;
 
     MatchType type;
     Operators operator_type;

components/security_apps/layer_7_access_control/layer_7_access_control.cc

@@ -385,8 +385,29 @@ Layer7AccessControl::Impl::init()
     i_intelligence = Singleton::Consume<I_Intelligence_IS_V2>::by<Layer7AccessControl>();
     i_mainloop = Singleton::Consume<I_MainLoop>::by<Layer7AccessControl>();
 
-    chrono::minutes expiration(
+    int cache_expiration_in_seconds = 30;
-        getProfileAgentSettingWithDefault<uint>(60u, "layer7AccessControl.crowdsec.cacheExpiration")
+    string cache_expiration_env = getenv("CROWDSEC_CACHE_EXPIRATION") ? getenv("CROWDSEC_CACHE_EXPIRATION") : "";
+    if (!cache_expiration_env.empty()) {
+        if (
+            all_of(cache_expiration_env.begin(), cache_expiration_env.end(), ::isdigit)
+            && stoi(cache_expiration_env) > 0
+        ) {
+            cache_expiration_in_seconds = stoi(cache_expiration_env);
+            dbgInfo(D_L7_ACCESS_CONTROL)
+                << "Successfully read cache expiration value from env: "
+                << cache_expiration_env;
+        } else {
+            dbgWarning(D_L7_ACCESS_CONTROL)
+                << "An invalid cache expiration value was provided in env: "
+                << cache_expiration_env;
+        }
+    }
+
+    chrono::seconds expiration(
+        getProfileAgentSettingWithDefault<uint>(
+            cache_expiration_in_seconds,
+            "layer7AccessControl.crowdsec.cacheExpiration"
+        )
     );
 
     ip_reputation_cache.startExpiration(

components/security_apps/orchestration/include/updates_process_event.h

@@ -117,6 +117,7 @@ public:
     OrchestrationStatusResult getOrchestrationStatusResult() const;
 
     std::string parseDescription() const;
+    std::string getDescriptionWithoutErrors() const;
 
 private:
     UpdatesProcessResult result;

components/security_apps/orchestration/modules/modules_ut/orchestration_status_ut.cc

@@ -556,7 +556,7 @@ TEST_F(OrchestrationStatusTest, checkErrorByRaiseEvent)
             "Time",
             "Online upgrades",
             fog_address,
-            "Failed. Reason: Registration failed. Error: " + registar_error,
+            "Failed. Reason: Registration failed.",
             "Failed. Reason: " + manifest_error
         ),
         result

components/security_apps/orchestration/modules/orchestration_status.cc

@@ -473,7 +473,11 @@ public:
     void
     upon(const UpdatesProcessEvent &event) override
     {
-        setFieldStatus(event.getStatusFieldType(), event.getOrchestrationStatusResult(), event.parseDescription());
+        setFieldStatus(
+            event.getStatusFieldType(),
+            event.getOrchestrationStatusResult(),
+            event.getDescriptionWithoutErrors()
+        );
     }
 
 private:

components/security_apps/orchestration/updates_process_reporter/updates_process_event.cc

@@ -122,3 +122,62 @@ UpdatesProcessEvent::parseDescription() const
     }
     return err.str();
 }
+
+string
+UpdatesProcessEvent::getDescriptionWithoutErrors() const
+{
+    stringstream err;
+    if (description.empty() || result == UpdatesProcessResult::SUCCESS) return "";
+
+    switch (reason) {
+        case UpdatesFailureReason::CHECK_UPDATE: {
+            err << description;
+            break;
+        }
+        case UpdatesFailureReason::REGISTRATION: {
+            err << "Registration failed.";
+            break;
+        }
+        case UpdatesFailureReason::GET_UPDATE_REQUEST: {
+            err << "Failed to get update request.";
+            break;
+        }
+        case UpdatesFailureReason::DOWNLOAD_FILE : {
+            err << "Failed to download the file " << detail;
+            break;
+        }
+        case UpdatesFailureReason::HANDLE_FILE : {
+            err << "Failed to handle the file " << detail;
+            break;
+        }
+        case UpdatesFailureReason::INSTALLATION_QUEUE : {
+            err << "Installation queue creation failed.";
+            break;
+        }
+        case UpdatesFailureReason::INSTALL_PACKAGE : {
+            err << "Failed to install the package " << detail;
+            break;
+        }
+        case UpdatesFailureReason::CHECKSUM_UNMATCHED : {
+            err << "Checksums do not match for the file: " << detail;
+            break;
+        }
+        case UpdatesFailureReason::POLICY_CONFIGURATION : {
+            err << "Failed to configure policy version: " << detail;
+            break;
+        }
+        case UpdatesFailureReason::POLICY_FOG_CONFIGURATION : {
+            err << "Failed to configure the fog address: " << detail;
+            break;
+        }
+        case UpdatesFailureReason::ORCHESTRATION_SELF_UPDATE : {
+            err << description;
+            break;
+        }
+        case UpdatesFailureReason::NONE : {
+            err << description;
+            break;
+        }
+    }
+    return err.str();
+}

components/security_apps/waap/include/i_serialize.h

@@ -57,7 +57,6 @@ private:
     std::vector<std::string> filesPathsList;
 };
 
-
 class I_Serializable {
 public:
     virtual void serialize(std::ostream& stream) = 0;

components/security_apps/waap/waap_clib/Serializator.cc

@@ -397,7 +397,7 @@ SerializeToLocalAndRemoteSyncBase::SerializeToLocalAndRemoteSyncBase(
     const string &owner
 ) :
     SerializeToFileBase(filePath),
-    m_remotePath(remotePath),
+    m_remotePath(replaceAllCopy(remotePath, "//", "/")),
     m_interval(0),
     m_owner(owner),
     m_pMainLoop(nullptr),
@@ -407,7 +407,7 @@ SerializeToLocalAndRemoteSyncBase::SerializeToLocalAndRemoteSyncBase(
     m_windowsCount(0),
     m_intervalsCounter(0),
     m_remoteSyncEnabled(true),
-    m_assetId(assetId),
+    m_assetId(replaceAllCopy(assetId, "/", "")),
     m_isAssetIdUuid(Waap::Util::isUuid(assetId)),
     m_shared_storage_host(genError("not set")),
     m_learning_host(genError("not set"))
@@ -439,7 +439,7 @@ SerializeToLocalAndRemoteSyncBase::SerializeToLocalAndRemoteSyncBase(
     }
     if (remotePath != "") {
         // remote path is /<tenantId>/<assetId>/<type>
-        auto parts = split(remotePath, '/');
+        auto parts = split(m_remotePath, '/');
         if (parts.size() > 2) {
             size_t offset = 0;
             if (parts[0].empty()) {
@@ -656,8 +656,7 @@ void SerializeToLocalAndRemoteSyncBase::syncWorker()
     OrchestrationMode mode = Singleton::exists<I_AgentDetails>() ?
         Singleton::Consume<I_AgentDetails>::by<WaapComponent>()->getOrchestrationMode() : OrchestrationMode::ONLINE;
 
-    if (mode == OrchestrationMode::OFFLINE  || !m_remoteSyncEnabled || isBase() ||
+    if (mode == OrchestrationMode::OFFLINE  || !m_remoteSyncEnabled || isBase() || !postData()) {
-        (mode == OrchestrationMode::ONLINE && !m_isAssetIdUuid) || !postData()) {
         dbgDebug(D_WAAP_CONFIDENCE_CALCULATOR)
             << "Did not synchronize the data. for asset: "
             << m_assetId

components/security_apps/waap/waap_clib/Telemetry.cc

@@ -37,7 +37,14 @@ WaapTelemetryBase::sendLog(const LogRest &metric_client_rest) const
     if (mode == OrchestrationMode::ONLINE) {
         return;
     }
-    auto svc_host = getConfigurationWithDefault(default_host, "Logging", "K8sSvc Log host");
+    const char* host_env_var = getenv("TUNING_HOST");
+    string host;
+    if (host_env_var != nullptr && strlen(host_env_var) > 0) {
+        host = string(host_env_var);
+    } else {
+        host = default_host;
+    }
+    auto svc_host = getConfigurationWithDefault(host, "Logging", "Container Log host");
     string fog_metric_uri = getConfigurationWithDefault<string>("/api/v1/agents/events", "metric", "fogMetricUri");
     MessageMetadata req_md(svc_host, 80);
     req_md.insertHeader(

components/security_apps/waap/waap_clib/TuningDecision.cc

@@ -15,6 +15,7 @@
 #include "i_mainloop.h"
 #include "i_serialize.h"
 #include "waap.h"
+#include "Waf2Util.h"
 
 using namespace std;
 
@@ -25,7 +26,7 @@ USE_DEBUG_FLAG(D_WAAP);
 
 TuningDecision::TuningDecision(const string& remotePath)
         :
-    m_remotePath(remotePath + "/tuning"),
+    m_remotePath(replaceAllCopy(remotePath + "/tuning", "//", "/")),
     m_baseUri()
 {
     if (remotePath == "")

components/security_apps/waap/waap_clib/Waf2Util.h

@@ -733,6 +733,12 @@ inline void replaceAll(std::string& str, const std::string& from, const std::str
         start_pos += to.length(); // In case 'to' contains 'from', like replacing 'x' with 'yx'
     }
 }
+
+inline std::string replaceAllCopy(std::string str, const std::string& from, const std::string& to) {
+    replaceAll(str, from, to);
+    return str;
+}
+
 inline void alignBase64Chunk (std::string &chunk)
 {
     size_t len = chunk.length() % 4;

components/utils/generic_rulebase/match_query.cc

@@ -299,7 +299,16 @@ MatchQuery::matchAttributes(
 {
     auto &type = condition_type;
     bool negate = type == MatchQuery::Conditions::NotEquals || type == MatchQuery::Conditions::NotIn;
-    bool match = isRegEx() ? matchAttributesRegEx(values, matched_override_keywords) : matchAttributesString(values);
+    bool match = false;
+
+    if (isIP()) {
+        match = matchAttributesIp(values);
+    } else if (isRegEx()) {
+        match = matchAttributesRegEx(values, matched_override_keywords);
+    } else {
+        match = matchAttributesString(values);
+    }
+
     return negate ? !match : match;
 }
 
@@ -340,8 +349,26 @@ MatchQuery::matchAttributesString(const set<string> &values) const
     return false;
 }
 
+bool
+MatchQuery::matchAttributesIp(const set<string> &values) const
+{
+    for (const IPRange &rule_ip_range : ip_addr_value) {
+        for (const string &requested_value : values) {
+            IpAddress ip_addr = IPUtilities::createIpFromString(requested_value);
+            if (IPUtilities::isIpAddrInRange(rule_ip_range, ip_addr)) return true;
+        }
+    }
+    return false;
+}
+
 bool
 MatchQuery::isRegEx() const
 {
     return key != "protectionName";
 }
+
+bool
+MatchQuery::isIP() const
+{
+    return key == "sourceIP" || key == "destinationIP";
+}

core/logging/k8s_svc_stream.cc

@@ -35,7 +35,14 @@ ContainerSvcStream::~ContainerSvcStream()
 void
 ContainerSvcStream::sendLog(const Report &log)
 {
-    auto svc_host = getConfigurationWithDefault(default_host, "Logging", "Container Log host");
+    const char* host_env_var = getenv("TUNING_HOST");
+    string host;
+    if (host_env_var != nullptr && strlen(host_env_var) > 0) {
+        host = string(host_env_var);
+    } else {
+        host = default_host;
+    }
+    auto svc_host = getConfigurationWithDefault(host, "Logging", "Container Log host");
     auto svc_log_uri = getConfigurationWithDefault(default_log_uri, "Logging", "Container Log URI");
     LogRest rest(log);
 
@@ -66,7 +73,14 @@ ContainerSvcStream::sendLog(const LogBulkRest &logs, bool persistence_only)
         return;
     }
 
-    auto svc_host = getConfigurationWithDefault(default_host, "Logging", "Container Log host");
+    const char* host_env_var = getenv("TUNING_HOST");
+    string host;
+    if (host_env_var != nullptr && strlen(host_env_var) > 0) {
+        host = string(host_env_var);
+    } else {
+        host = default_host;
+    }
+    auto svc_host = getConfigurationWithDefault(host, "Logging", "Container Log host");
     auto svc_log_uri = getConfigurationWithDefault(default_bulk_uri, "Logging", "Container Bulk Log URI");
 
     MessageMetadata rest_req_md(svc_host, 80);