github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Mar 2nd 2023 update

Browse Source
This commit is contained in:
Ned Wright
2023-03-02 17:08:49 +00:00
parent fef95b12b3
commit 2a7ddf0666
14 changed files with 170 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
View File

@@ -50,7 +50,7 @@ checkIDP(shared_ptr<istream> file_stream)
if (line.find("<identity_portal/>") != string::npos) {
return string("false");
}
if (line.find("identity_provider") != string::npos) {
if (line.find("<central_idp ") != string::npos) {
return string("true");
}
}

5
components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
View File

@@ -46,12 +46,7 @@ SHELL_CMD_HANDLER(
getSmbObjectName
)
#endif//smb
#endif // SHELL_CMD_HANDLER
// use SHELL_CMD_OUTPUT(key as string, shell command as string) to return a shell command output as the value
// for a given key
#ifdef SHELL_CMD_OUTPUT
SHELL_CMD_OUTPUT("kernel_version", "uname -r")
SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")
#endif // SHELL_CMD_OUTPUT

2
components/security_apps/orchestration/manifest_controller/manifest_controller.cc
View File

@@ -397,7 +397,7 @@ ManifestController::Impl::handlePackage(
if (!package.isInstallable().ok()) {
string report_msg =
"Skipping installation of " + package.getName() + ". Reason: " + package.isInstallable().getErr();
"Skipping installation of package: " + package.getName() + ". Reason: " + package.isInstallable().getErr();
dbgWarning(D_ORCHESTRATOR) << report_msg;
LogGen(report_msg, Audience::SECURITY, Severity::CRITICAL, Priority::HIGH, Tags::ORCHESTRATOR);
current_packages.insert(make_pair(package.getName(), package));

14
components/security_apps/orchestration/orchestration_comp.cc
View File

@@ -1342,6 +1342,18 @@ private:
<< LogField("agentType", "Orchestration")
<< LogField("agentVersion", Version::get());
auto email = getSettingWithDefault<string>("", "email-address");
if (email != "") {
dbgInfo(D_ORCHESTRATOR) << "Sending registration data";
LogGen(
"Local Agent Data",
Audience::INTERNAL,
Severity::INFO,
Priority::LOW,
Tags::ORCHESTRATOR
) << LogField("userDefinedId", email);
}
reportAgentDetailsMetaData();
if (!Singleton::Consume<I_ManifestController>::by<OrchestrationComp>()->loadAfterSelfUpdate()) {
@@ -1683,5 +1695,7 @@ OrchestrationComp::preload()
registerExpectedSetting<vector<string>>("orchestration", "Orchestration status ignored policies");
registerExpectedSetting<string>("agentType");
registerExpectedSetting<string>("upgradeMode");
registerExpectedSetting<string>("email-address");
registerExpectedConfigFile("orchestration", Config::ConfigFileType::Policy);
registerExpectedConfigFile("registration-data", Config::ConfigFileType::Policy);
}

19
components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc
View File

@@ -456,6 +456,25 @@ TEST_F(OrchestrationTest, register_config)
env.fini();
}
TEST_F(OrchestrationTest, registertion_data_config)
{
EXPECT_CALL(rest, mockRestCall(RestAction::ADD, "declare-boolean-variable", _))
.WillOnce(WithArg<2>(Invoke(this, &OrchestrationTest::declareVariable)));
preload();
env.init();
string config_json =
"{\n"
" \"email-address\": \"fake@example.com\"\n"
"}";
istringstream ss(config_json);
Singleton::Consume<Config::I_Config>::from(config_comp)->loadConfiguration(ss);
EXPECT_THAT(getSetting<string>("email-address"), IsValue("fake@example.com"));
env.fini();
}
TEST_F(OrchestrationTest, orchestrationPolicyUpdate)
{
waitForRestCall();

74
components/security_apps/waap/waap_clib/WaapAssetState.cc
View File

@@ -102,6 +102,8 @@ static const boost::regex utf_evasion_for_dot_regex(utf_evasion_for_dot_helper);
static const std::string sqli_comma_evasion_regex_helper = "\"\\s*,\\s*\"";
static const boost::regex sqli_comma_evasion_regex(sqli_comma_evasion_regex_helper);
static const boost::regex space_evasion_regex("[[:space:]]{2,}");
WaapAssetState::WaapAssetState(const std::shared_ptr<WaapAssetState>& pWaapAssetState,
const std::string& waapDataFileName,
const std::string& id) :
@@ -267,6 +269,76 @@ WaapAssetState::WaapAssetState(std::shared_ptr<Signatures> signatures,
}
#endif
void trimSpaces(std::string & text) {
size_t result_position = 0;
size_t position = 0;
space_stage state = NO_SPACES;
uint32_t code;
if (text.empty()) {
return;
}
boost::cmatch what;
if (!boost::regex_search(text.c_str(), what, space_evasion_regex))
return;
dbgTrace(D_WAAP) << "Boost regex passed";
for (;position < text.size(); position++) {
code = text[position];
switch (code) {
case '\t':
case ' ':
case '\f':
case '\v':
if (state == NO_SPACES) {
state = SPACE_SYNBOL;
text[result_position++] = code;
}
break;
case '\r':
switch (state) {
case (SPACE_SYNBOL):
text[result_position - 1] = code;
state = BR_SYMBOL;
break;
case (NO_SPACES):
text[result_position++] = code;
state = BR_SYMBOL;
break;
case (BN_SYMBOL):
text[result_position++] = code;
state = BNR_SEQUENCE;
break;
default:
break;
}
break;
case '\n':
switch (state) {
case (SPACE_SYNBOL):
text[result_position - 1] = code;
state = BN_SYMBOL;
break;
case (NO_SPACES):
text[result_position++] = code;
state = BN_SYMBOL;
break;
case (BR_SYMBOL):
text[result_position++] = code;
state = BRN_SEQUENCE;
break;
default:
break;
}
break;
default:
text[result_position++] = code;
state = NO_SPACES;
}
}
text.erase(result_position, position - result_position);
}
// Python equivalent: text = re.sub(r'[^\x00-\x7F]+',' ', text)
void replaceUnicodeSequence(std::string & text, const char repl) {
std::string::iterator it = text.begin();
@@ -432,6 +504,8 @@ WaapAssetState::WaapAssetState(std::shared_ptr<Signatures> signatures,
dbgTrace(D_WAAP_SAMPLE_PREPROCESS) << "unescape: (11) '" << text << "'";
trimSpaces(text);
// 12. finally, apply tolower() to all characters of a string
// std::for_each(text.begin(), text.end(), [](char &c) { c = tolower(c); });
for (std::string::iterator pC = text.begin(); pC != text.end(); ++pC) {

3
components/security_apps/waap/waap_clib/WaapAssetState.h
View File

@@ -34,6 +34,8 @@
#include "ScanResult.h"
#include "WaapSampleValue.h"
enum space_stage {SPACE_SYNBOL, BR_SYMBOL, BN_SYMBOL, BRN_SEQUENCE, BNR_SEQUENCE, NO_SPACES};
class IWaf2Transaction;
class WaapAssetState : public boost::noncopyable, public I_WaapAssetState
@@ -155,6 +157,7 @@ inline std::size_t hash_value(WaapAssetState::CacheKey const &cacheKey)
}
void filterUnicode(std::string & text);
void trimSpaces(std::string & text);
void replaceUnicodeSequence(std::string & text, const char repl);
std::string unescape(const std::string & s);