mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 19:24:26 +03:00
My 11th 2023 update
This commit is contained in:
Ned Wright
@@ -137,9 +137,13 @@ bool ConfidenceCalculator::postData()
|
||||
dbgTrace(D_WAAP_CONFIDENCE_CALCULATOR) << "Sending the data to: " << url;
|
||||
|
||||
WindowLogPost currentWindow(m_time_window_logger_backup);
|
||||
return sendNoReplyObjectWithRetry(currentWindow,
|
||||
bool ok = sendNoReplyObjectWithRetry(currentWindow,
|
||||
I_Messaging::Method::PUT,
|
||||
url);
|
||||
if (!ok) {
|
||||
dbgError(D_WAAP_CONFIDENCE_CALCULATOR) << "Failed to post collected data to: " << url;
|
||||
}
|
||||
return ok;
|
||||
}
|
||||
|
||||
void ConfidenceCalculator::pullData(const std::vector<std::string>& files)
|
||||
@@ -149,7 +153,7 @@ void ConfidenceCalculator::pullData(const std::vector<std::string>& files)
|
||||
mergeProcessedFromRemote();
|
||||
}
|
||||
std::string url = getPostDataUrl();
|
||||
std::string sentFile = url.erase(0, url.find_first_of('/') + 1);
|
||||
std::string sentFile = url.erase(0, strlen("/storage/waap/"));
|
||||
dbgTrace(D_WAAP_CONFIDENCE_CALCULATOR) << "pulling files, skipping: " << sentFile;
|
||||
for (auto file : files)
|
||||
{
|
||||
@@ -159,10 +163,15 @@ void ConfidenceCalculator::pullData(const std::vector<std::string>& files)
|
||||
}
|
||||
dbgTrace(D_WAAP_CONFIDENCE_CALCULATOR) << "Pulling the file: " << file;
|
||||
WindowLogGet getWindow;
|
||||
sendObjectWithRetry(getWindow,
|
||||
bool ok = sendObjectWithRetry(getWindow,
|
||||
I_Messaging::Method::GET,
|
||||
getUri() + "/" + file);
|
||||
|
||||
if (!ok) {
|
||||
dbgError(D_WAAP_CONFIDENCE_CALCULATOR) << "Failed to get file: " << file;
|
||||
continue;
|
||||
}
|
||||
|
||||
KeyValSourcesLogger remoteLogger = getWindow.getWindowLogger().unpack();
|
||||
for (auto& log : remoteLogger)
|
||||
{
|
||||
@@ -215,6 +224,10 @@ void ConfidenceCalculator::pullProcessedData(const std::vector<std::string>& fil
|
||||
m_confidence_level = getConfFile.getConfidenceLevels().unpackMove();
|
||||
}
|
||||
}
|
||||
// is_first_pull = false -> at least one file was downloaded and merged
|
||||
if (is_first_pull) {
|
||||
dbgError(D_WAAP_CONFIDENCE_CALCULATOR) << "Failed to get the remote state";
|
||||
}
|
||||
}
|
||||
|
||||
void ConfidenceCalculator::postProcessedData()
|
||||
|
||||
@@ -100,9 +100,13 @@ bool ScannerDetector::postData()
|
||||
dbgTrace(D_WAAP) << "Sending the data to: " << url;
|
||||
|
||||
SourcesMonitorPost currentWindow(m_sources_monitor_backup);
|
||||
return sendNoReplyObjectWithRetry(currentWindow,
|
||||
bool ok = sendNoReplyObjectWithRetry(currentWindow,
|
||||
I_Messaging::Method::PUT,
|
||||
url);
|
||||
if (!ok) {
|
||||
dbgError(D_WAAP) << "Failed to post collected data to: " << url;
|
||||
}
|
||||
return ok;
|
||||
}
|
||||
|
||||
void ScannerDetector::pullData(const std::vector<std::string>& files)
|
||||
@@ -118,10 +122,15 @@ void ScannerDetector::pullData(const std::vector<std::string>& files)
|
||||
}
|
||||
dbgTrace(D_WAAP) << "Pulling the file: " << file;
|
||||
SourcesMonitorGet getMonitor;
|
||||
sendObjectWithRetry(getMonitor,
|
||||
bool ok = sendObjectWithRetry(getMonitor,
|
||||
I_Messaging::Method::GET,
|
||||
getUri() + "/" + file);
|
||||
|
||||
if (!ok) {
|
||||
dbgError(D_WAAP) << "Failed to get data from: " << file;
|
||||
continue;
|
||||
}
|
||||
|
||||
SourceKeyValsMap remoteMonitor = getMonitor.getSourcesMonitor().unpack();
|
||||
for (const auto& srcData : remoteMonitor)
|
||||
{
|
||||
|
||||
@@ -96,9 +96,13 @@ bool TrustedSourcesConfidenceCalculator::postData()
|
||||
dbgTrace(D_WAAP_CONFIDENCE_CALCULATOR) << "Sending the data to: " << url;
|
||||
|
||||
TrsutedSourcesLogger logger(m_logger);
|
||||
return sendNoReplyObjectWithRetry(logger,
|
||||
bool ok = sendNoReplyObjectWithRetry(logger,
|
||||
I_Messaging::Method::PUT,
|
||||
url);
|
||||
if (!ok) {
|
||||
dbgError(D_WAAP_CONFIDENCE_CALCULATOR) << "Failed to post collected data to: " << url;
|
||||
}
|
||||
return ok;
|
||||
}
|
||||
|
||||
void TrustedSourcesConfidenceCalculator::pullData(const std::vector<std::string>& files)
|
||||
@@ -116,7 +120,12 @@ void TrustedSourcesConfidenceCalculator::pullData(const std::vector<std::string>
|
||||
bool res = sendObjectWithRetry(getTrustFile,
|
||||
I_Messaging::Method::GET,
|
||||
getUri() + "/" + file);
|
||||
if (res && getTrustFile.getTrustedLogs().ok())
|
||||
if (!res)
|
||||
{
|
||||
dbgError(D_WAAP_CONFIDENCE_CALCULATOR) << "Failed to get file: " << file;
|
||||
continue;
|
||||
}
|
||||
if (getTrustFile.getTrustedLogs().ok())
|
||||
{
|
||||
mergeFromRemote(getTrustFile.getTrustedLogs().unpack());
|
||||
}
|
||||
@@ -134,20 +143,22 @@ void TrustedSourcesConfidenceCalculator::updateState(const std::vector<std::stri
|
||||
pullProcessedData(files);
|
||||
}
|
||||
|
||||
void TrustedSourcesConfidenceCalculator::pullProcessedData(const std::vector<std::string>& files)
|
||||
{
|
||||
void TrustedSourcesConfidenceCalculator::pullProcessedData(const std::vector<std::string>& files) {
|
||||
dbgTrace(D_WAAP_CONFIDENCE_CALCULATOR) << "Fetching the logger object for trusted sources";
|
||||
for (auto file : files)
|
||||
{
|
||||
bool pull_ok = false;
|
||||
for (auto file: files) {
|
||||
GetTrustedFile getTrustFile;
|
||||
bool res = sendObjectWithRetry(getTrustFile,
|
||||
I_Messaging::Method::GET,
|
||||
getUri() + "/" + file);
|
||||
if (res && getTrustFile.getTrustedLogs().ok())
|
||||
{
|
||||
if (res && getTrustFile.getTrustedLogs().ok()) {
|
||||
mergeFromRemote(getTrustFile.getTrustedLogs().unpack());
|
||||
pull_ok = true;
|
||||
}
|
||||
}
|
||||
if (!pull_ok && !files.empty()) {
|
||||
dbgError(D_WAAP_CONFIDENCE_CALCULATOR) << "Failed to pull state data";
|
||||
}
|
||||
}
|
||||
|
||||
void TrustedSourcesConfidenceCalculator::postProcessedData()
|
||||
|
||||
@@ -37,5 +37,6 @@ SampleValue::getSampleString() const
|
||||
void
|
||||
SampleValue::findMatches(const Regex &pattern, std::vector<RegexMatch> &matches) const
|
||||
{
|
||||
pattern.findAllMatches(m_sample, matches, m_regexPreconditions ? &m_pmWordSet : nullptr);
|
||||
static const size_t maxMatchesPerSignature = 5;
|
||||
pattern.findAllMatches(m_sample, matches, m_regexPreconditions ? &m_pmWordSet : nullptr, maxMatchesPerSignature);
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ bool SingleRegex::hasMatch(const std::string& s) const {
|
||||
return true;
|
||||
}
|
||||
|
||||
size_t SingleRegex::findAllMatches(const std::string& s, std::vector<RegexMatch>& matches) const {
|
||||
size_t SingleRegex::findAllMatches(const std::string& s, std::vector<RegexMatch>& matches, size_t maxMatches) const {
|
||||
size_t matchesCount = 0;
|
||||
|
||||
// Optimized regex that always immediately reports a "simulated" match without spending time to do a scan
|
||||
@@ -234,7 +234,7 @@ size_t SingleRegex::findAllMatches(const std::string& s, std::vector<RegexMatch>
|
||||
// continue searching for next match starting from end of this match
|
||||
// (first two entries in ov[] are start and end offsets of current full match)
|
||||
startOffset = ov[1];
|
||||
} while (true);
|
||||
} while (matchesCount < maxMatches);
|
||||
|
||||
return matchesCount;
|
||||
}
|
||||
@@ -418,7 +418,7 @@ bool Regex::hasMatch(const std::string& s) const {
|
||||
}
|
||||
|
||||
size_t Regex::findAllMatches(const std::string& s, std::vector<RegexMatch>& matches,
|
||||
const Waap::RegexPreconditions::PmWordSet *pmWordSet) const {
|
||||
const Waap::RegexPreconditions::PmWordSet *pmWordSet, size_t maxMatches) const {
|
||||
matches.clear();
|
||||
|
||||
if (m_regexPreconditions && pmWordSet) {
|
||||
@@ -442,7 +442,7 @@ size_t Regex::findAllMatches(const std::string& s, std::vector<RegexMatch>& matc
|
||||
}
|
||||
|
||||
// Scan only regexes that are enabled by aho-corasick scan
|
||||
m_sre[regexIndex]->findAllMatches(s, matches);
|
||||
m_sre[regexIndex]->findAllMatches(s, matches, maxMatches);
|
||||
dbgTrace(D_WAAP_REGEX) << "Regex['" << m_sre[regexIndex]->getName() <<
|
||||
"',index=" << regexIndex << "]::findAllMatches(): " << matches.size() << " matches found (so far)";
|
||||
|
||||
@@ -453,7 +453,7 @@ size_t Regex::findAllMatches(const std::string& s, std::vector<RegexMatch>& matc
|
||||
else {
|
||||
// When optimization is disabled - scan all regexes
|
||||
for (SingleRegex* pSingleRegex : m_sre) {
|
||||
pSingleRegex->findAllMatches(s, matches);
|
||||
pSingleRegex->findAllMatches(s, matches, maxMatches);
|
||||
dbgTrace(D_WAAP_REGEX) << "Regex['" << m_regexName << "']['" << pSingleRegex->getName() <<
|
||||
"']::findAllMatches(): " << matches.size() << " matches found (so far)";
|
||||
}
|
||||
|
||||
@@ -55,7 +55,8 @@ public:
|
||||
const std::string ®exMatchName="", const std::string ®exMatchValue="");
|
||||
~SingleRegex();
|
||||
bool hasMatch(const std::string &s) const;
|
||||
size_t findAllMatches(const std::string &s, std::vector<RegexMatch> &matches) const;
|
||||
size_t findAllMatches(const std::string &s, std::vector<RegexMatch> &matches,
|
||||
size_t max_matches = std::string::npos) const;
|
||||
size_t findMatchRanges(const std::string &s, std::vector<RegexMatchRange> &matchRanges) const;
|
||||
const std::string &getName() const;
|
||||
private:
|
||||
@@ -76,8 +77,8 @@ public:
|
||||
std::shared_ptr<Waap::RegexPreconditions> regexPreconditions);
|
||||
~Regex();
|
||||
bool hasMatch(const std::string &s) const;
|
||||
size_t findAllMatches(const std::string &v, std::vector<RegexMatch> &maches,
|
||||
const Waap::RegexPreconditions::PmWordSet *pmWordSet=nullptr) const;
|
||||
size_t findAllMatches(const std::string &v, std::vector<RegexMatch> &matches,
|
||||
const Waap::RegexPreconditions::PmWordSet *pmWordSet=nullptr, size_t max_matches = std::string::npos) const;
|
||||
std::string sub(const std::string &s, const std::string &repl="") const;
|
||||
// Run regex search, and for each found match - run callback.
|
||||
// The callback can cancel replacement of the match (leave source match "as-is"), provide a replacement string,
|
||||
|
||||
Reference in New Issue
Block a user