diff --git a/components/security_apps/orchestration/include/declarative_policy_utils.h b/components/security_apps/orchestration/include/declarative_policy_utils.h index 1db30ce..73861c7 100644 --- a/components/security_apps/orchestration/include/declarative_policy_utils.h +++ b/components/security_apps/orchestration/include/declarative_policy_utils.h @@ -80,6 +80,7 @@ public: std::string getUpdate(CheckUpdateRequest &request) override; bool shouldApplyPolicy() override; void turnOffApplyPolicyFlag() override; + void turnOnApplyPolicyFlag() override; std::string getCurrPolicy() override { return curr_policy; } diff --git a/components/security_apps/orchestration/include/i_declarative_policy.h b/components/security_apps/orchestration/include/i_declarative_policy.h index 1390766..0401463 100644 --- a/components/security_apps/orchestration/include/i_declarative_policy.h +++ b/components/security_apps/orchestration/include/i_declarative_policy.h @@ -23,6 +23,7 @@ public: virtual std::string getCurrPolicy() = 0; virtual void turnOffApplyPolicyFlag() = 0; + virtual void turnOnApplyPolicyFlag() = 0; protected: virtual ~I_DeclarativePolicy() {} diff --git a/components/security_apps/orchestration/orchestration_comp.cc b/components/security_apps/orchestration/orchestration_comp.cc index 9b7863b..33af4f5 100755 --- a/components/security_apps/orchestration/orchestration_comp.cc +++ b/components/security_apps/orchestration/orchestration_comp.cc @@ -221,10 +221,7 @@ private: auto update_communication = Singleton::Consume::by(); auto agent_mode = getOrchestrationMode(); auto policy_mgmt_mode = getSettingWithDefault("management", "profileManagedMode"); - if (agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative") { - update_communication->authenticateAgent(); - return Maybe(); - } + bool declarative = agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative"; bool enforce_policy_flag = false; Maybe maybe_policy = genError("Empty policy"); @@ -299,6 +296,7 @@ private: } } + if (declarative) Singleton::Consume::from()->turnOnApplyPolicyFlag(); return authentication_res; } diff --git a/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc b/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc index 1d85a0d..00e8a49 100644 --- a/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc +++ b/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc @@ -57,6 +57,12 @@ DeclarativePolicyUtils::turnOffApplyPolicyFlag() should_apply_policy = false; } +void +DeclarativePolicyUtils::turnOnApplyPolicyFlag() +{ + should_apply_policy = true; +} + Maybe DeclarativePolicyUtils::getLocalPolicyChecksum() { diff --git a/components/security_apps/rate_limit/rate_limit.cc b/components/security_apps/rate_limit/rate_limit.cc index 5ef7aed..2025c9b 100755 --- a/components/security_apps/rate_limit/rate_limit.cc +++ b/components/security_apps/rate_limit/rate_limit.cc @@ -114,7 +114,7 @@ public: } string application_uri = maybe_uri.unpack(); - if (application_uri.back() == '/') application_uri.pop_back(); + if (!application_uri.empty() && application_uri.back() == '/') application_uri.pop_back(); for (const auto &rule : rate_limit_config.getRateLimitRules()) { string full_rule_uri = application_uri + rule.getRateLimitUri(); @@ -227,7 +227,7 @@ public: << " seconds"; string unique_key = asset_id + ":" + source_identifier + ":" + uri; - if (unique_key.back() == '/') unique_key.pop_back(); + if (!unique_key.empty() && unique_key.back() == '/') unique_key.pop_back(); auto verdict = decide(unique_key); if (verdict == RateLimitVedict::ACCEPT) { diff --git a/components/security_apps/waap/waap_clib/Waf2Engine.cc b/components/security_apps/waap/waap_clib/Waf2Engine.cc index 8922fc0..188a264 100755 --- a/components/security_apps/waap/waap_clib/Waf2Engine.cc +++ b/components/security_apps/waap/waap_clib/Waf2Engine.cc @@ -1741,7 +1741,7 @@ Waf2Transaction::sendLog() static int cur_grace_logs = 0; bool grace_period = is_hybrid_mode && cur_grace_logs < max_grace_logs; - bool send_extended_log = grace_period || shouldSendExtendedLog(triggerLog); + bool send_extended_log = shouldSendExtendedLog(triggerLog); if (grace_period) { dbgTrace(D_WAAP) << "Waf2Transaction::sendLog: current grace log index: " @@ -2339,7 +2339,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptrgetThreatLevel()); - if (trigger_log->extendLoggingMinSeverity == "Critical") + if (trigger_log->extendLoggingMinSeverity == "Critical" || trigger_log->extendLoggingMinSeverity == "critical") { if (severity == ReportIS::Severity::CRITICAL) { @@ -2349,7 +2349,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptrextendLoggingMinSeverity == "High") + else if (trigger_log->extendLoggingMinSeverity == "High" || trigger_log->extendLoggingMinSeverity == "high") { if (severity == ReportIS::Severity::CRITICAL || severity == ReportIS::Severity::HIGH) { diff --git a/nodes/orchestration/package/cpnano_debug/cpnano_debug.cc b/nodes/orchestration/package/cpnano_debug/cpnano_debug.cc index 1461b71..70789ac 100755 --- a/nodes/orchestration/package/cpnano_debug/cpnano_debug.cc +++ b/nodes/orchestration/package/cpnano_debug/cpnano_debug.cc @@ -577,6 +577,7 @@ public: { try { cereal::load(ar, streams); + if (streams["Output"].empty()) streams["Output"] = "STDOUT"; if (streams["Output"] != "FOG" && streams["Output"] != "STDOUT" && streams["Output"].front() != '/') { streams["Output"] = log_files_path + "/" + streams["Output"]; }