github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #89 from openappsec/Dec-24-2023

Browse Source 
Dec 24 2023
This commit is contained in:
WrightNed 2023-12-27 12:46:53 +02:00 committed by GitHub
commit 12da9547dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
components/security_apps/orchestration/include/declarative_policy_utils.h
View File

@ -80,6 +80,7 @@ public:
std::string getUpdate(CheckUpdateRequest &request) override; std::string getUpdate(CheckUpdateRequest &request) override;
bool shouldApplyPolicy() override; bool shouldApplyPolicy() override;
void turnOffApplyPolicyFlag() override; void turnOffApplyPolicyFlag() override;
void turnOnApplyPolicyFlag() override;
std::string getCurrPolicy() override { return curr_policy; } std::string getCurrPolicy() override { return curr_policy; }

1
components/security_apps/orchestration/include/i_declarative_policy.h
View File

@ -23,6 +23,7 @@ public:
virtual std::string getCurrPolicy() = 0; virtual std::string getCurrPolicy() = 0;
virtual void turnOffApplyPolicyFlag() = 0; virtual void turnOffApplyPolicyFlag() = 0;
virtual void turnOnApplyPolicyFlag() = 0;
protected: protected:
virtual ~I_DeclarativePolicy() {} virtual ~I_DeclarativePolicy() {}

6
components/security_apps/orchestration/orchestration_comp.cc
View File

@ -221,10 +221,7 @@ private:
auto update_communication = Singleton::Consume<I_UpdateCommunication>::by<OrchestrationComp>(); auto update_communication = Singleton::Consume<I_UpdateCommunication>::by<OrchestrationComp>();
auto agent_mode = getOrchestrationMode(); auto agent_mode = getOrchestrationMode();
auto policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode"); auto policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
if (agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative") { bool declarative = agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative";
update_communication->authenticateAgent();
return Maybe<void>();
}
bool enforce_policy_flag = false; bool enforce_policy_flag = false;
Maybe<OrchestrationPolicy> maybe_policy = genError("Empty policy"); Maybe<OrchestrationPolicy> maybe_policy = genError("Empty policy");
@ -299,6 +296,7 @@ private:
} }
} }
if (declarative) Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOnApplyPolicyFlag();
return authentication_res; return authentication_res;
} }

6
components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
View File

@ -57,6 +57,12 @@ DeclarativePolicyUtils::turnOffApplyPolicyFlag()
should_apply_policy = false; should_apply_policy = false;
} }
void
DeclarativePolicyUtils::turnOnApplyPolicyFlag()
{
should_apply_policy = true;
}
Maybe<string> Maybe<string>
DeclarativePolicyUtils::getLocalPolicyChecksum() DeclarativePolicyUtils::getLocalPolicyChecksum()
{ {

4
components/security_apps/rate_limit/rate_limit.cc
View File

@ -114,7 +114,7 @@ public:
} }
string application_uri = maybe_uri.unpack(); string application_uri = maybe_uri.unpack();
if (application_uri.back() == '/') application_uri.pop_back(); if (!application_uri.empty() && application_uri.back() == '/') application_uri.pop_back();
for (const auto &rule : rate_limit_config.getRateLimitRules()) { for (const auto &rule : rate_limit_config.getRateLimitRules()) {
string full_rule_uri = application_uri + rule.getRateLimitUri(); string full_rule_uri = application_uri + rule.getRateLimitUri();
@ -227,7 +227,7 @@ public:
<< " seconds"; << " seconds";
string unique_key = asset_id + ":" + source_identifier + ":" + uri; string unique_key = asset_id + ":" + source_identifier + ":" + uri;
if (unique_key.back() == '/') unique_key.pop_back(); if (!unique_key.empty() && unique_key.back() == '/') unique_key.pop_back();
auto verdict = decide(unique_key); auto verdict = decide(unique_key);
if (verdict == RateLimitVedict::ACCEPT) { if (verdict == RateLimitVedict::ACCEPT) {

6
components/security_apps/waap/waap_clib/Waf2Engine.cc
View File

@ -1741,7 +1741,7 @@ Waf2Transaction::sendLog()
static int cur_grace_logs = 0; static int cur_grace_logs = 0;
bool grace_period = is_hybrid_mode && cur_grace_logs < max_grace_logs; bool grace_period = is_hybrid_mode && cur_grace_logs < max_grace_logs;
bool send_extended_log = grace_period || shouldSendExtendedLog(triggerLog); bool send_extended_log = shouldSendExtendedLog(triggerLog);
if (grace_period) { if (grace_period) {
dbgTrace(D_WAAP) dbgTrace(D_WAAP)
<< "Waf2Transaction::sendLog: current grace log index: " << "Waf2Transaction::sendLog: current grace log index: "
@ -2339,7 +2339,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger:
ReportIS::Severity severity = Waap::Util::computeSeverityFromThreatLevel( ReportIS::Severity severity = Waap::Util::computeSeverityFromThreatLevel(
autonomousSecurityDecision->getThreatLevel()); autonomousSecurityDecision->getThreatLevel());
if (trigger_log->extendLoggingMinSeverity == "Critical") if (trigger_log->extendLoggingMinSeverity == "Critical" || trigger_log->extendLoggingMinSeverity == "critical")
{ {
if (severity == ReportIS::Severity::CRITICAL) if (severity == ReportIS::Severity::CRITICAL)
{ {
@ -2349,7 +2349,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger:
dbgTrace(D_WAAP) << "Should not send extended logging. Min Severity Critical. Severity: " << (int) severity; dbgTrace(D_WAAP) << "Should not send extended logging. Min Severity Critical. Severity: " << (int) severity;
return false; return false;
} }
else if (trigger_log->extendLoggingMinSeverity == "High") else if (trigger_log->extendLoggingMinSeverity == "High" || trigger_log->extendLoggingMinSeverity == "high")
{ {
if (severity == ReportIS::Severity::CRITICAL || severity == ReportIS::Severity::HIGH) if (severity == ReportIS::Severity::CRITICAL || severity == ReportIS::Severity::HIGH)
{ {

1
nodes/orchestration/package/cpnano_debug/cpnano_debug.cc
View File

@ -577,6 +577,7 @@ public:
{ {
try { try {
cereal::load(ar, streams); cereal::load(ar, streams);
if (streams["Output"].empty()) streams["Output"] = "STDOUT";
if (streams["Output"] != "FOG" && streams["Output"] != "STDOUT" && streams["Output"].front() != '/') { if (streams["Output"] != "FOG" && streams["Output"] != "STDOUT" && streams["Output"].front() != '/') {
streams["Output"] = log_files_path + "/" + streams["Output"]; streams["Output"] = log_files_path + "/" + streams["Output"];
} }