From 3d8351007d8a34483b3578f4b8cf3a12d9829597 Mon Sep 17 00:00:00 2001
From: davidga <davidga@checkpoint.com>
Date: Tue, 15 Nov 2022 14:00:53 +0200
Subject: [PATCH] update checkpoint to openappsec

---
 .../include/appsec_practice_section.h         |  6 ++++-
 external/makeself/makeself-header.sh          | 18 ++++++-------
 nodes/orchestration/package/cp-nano-cli.sh    | 26 +++++++++----------
 .../package/local-default-policy.yaml         |  2 +-
 .../package/orchestration_package.sh          | 16 ++++++------
 5 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h b/components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h
index 640dcab..cc0dfe2 100644
--- a/components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h
+++ b/components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h
@@ -182,8 +182,12 @@ public:
     {
         dbgTrace(D_K8S_POLICY) << "Loading AppSec practice spec";
         parseAppsecJSONKey<AppSecWebAttackProtections>("protections", protections, archive_in);
-        parseAppsecJSONKey<std::string>("minimum-confidence", minimum_confidence, archive_in, "critical");
         parseAppsecJSONKey<std::string>("override-mode", mode, archive_in, "Unset");
+        if (getMode() == "Prevent") {
+            parseAppsecJSONKey<std::string>("minimum-confidence", minimum_confidence, archive_in, "critical");
+        } else {
+            minimum_confidence = "Transparent";
+        }
         parseAppsecJSONKey<int>("max-body-size-kb", max_body_size_kb, archive_in, 1000000);
         parseAppsecJSONKey<int>("max-header-size-bytes", max_header_size_bytes, archive_in, 102400);
         parseAppsecJSONKey<int>("max-object-depth", max_object_depth, archive_in, 40);
diff --git a/external/makeself/makeself-header.sh b/external/makeself/makeself-header.sh
index 3e6e0c0..44a3949 100755
--- a/external/makeself/makeself-header.sh
+++ b/external/makeself/makeself-header.sh
@@ -127,9 +127,9 @@ MS_Help()
 {
   local install_usage=
   if test x"\$additional_args_help" != x; then
-      install_usage="--install [additional arguments]    Install Check Point Nano service"
+      install_usage="--install [additional arguments]    Install open-appsec Nano service"
   else
-      install_usage="--install                           Install Check Point Nano service"
+      install_usage="--install                           Install open-appsec Nano service"
   fi
   
   additional_args_help=\$(if test x"\$additional_args_help" != x; then echo "Aditional arguments for the --install property are:\$additional_args_help"; fi)
@@ -138,8 +138,8 @@ MS_Help()
 Usage: \$0 [options]
 With following options
   \$install_usage
-  --uninstall                         Uninstall Check Point Nano service
-  --version                           Check Point package version
+  --uninstall                         Uninstall open-appsec Nano service
+  --version                           open-appsec package version
   \$additional_args_help
 EOH
 }
@@ -158,11 +158,11 @@ MS_Advanced_Help()
  2) Running \$0 :
   \$0 [options] [--] [additional arguments to embedded script]
   with following options (in that order)
-  --install              Install Check Point service
-  --uninstall            Uninstall Check Point service
-  --pre_install_test     Preform pre installation test for Check Point service
-  --post_install_test    Preform post installation test for Check Point service
-  --version              Check Point package version
+  --install              Install open-appsec service
+  --uninstall            Uninstall open-appsec service
+  --pre_install_test     Preform pre installation test for open-appsec service
+  --post_install_test    Preform post installation test for open-appsec service
+  --version              open-appsec package version
   --confirm              Ask before running embedded script
   --quiet                Do not print anything except error messages
   --noexec               Do not run embedded script
diff --git a/nodes/orchestration/package/cp-nano-cli.sh b/nodes/orchestration/package/cp-nano-cli.sh
index 1f7c0df..d590a02 100755
--- a/nodes/orchestration/package/cp-nano-cli.sh
+++ b/nodes/orchestration/package/cp-nano-cli.sh
@@ -278,7 +278,7 @@ usage()
     printf "%s %s : Load configuration\n" "$load_config_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#load_config_option})))")"
     printf "%s %s : Set proxy\n" "$proxy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#proxy_option})))")"
     printf "%s %s : Display configuration\n" "$display_config_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#display_config_option})))")"
-    printf "%s %s : Create Openappsec agent info\n" "$cp_agent_info_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#cp_agent_info_option})))")"
+    printf "%s %s : Create open-appsec agent info\n" "$cp_agent_info_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#cp_agent_info_option})))")"
     printf "%s %s : Display current policy\n" "$display_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#display_policy_option})))")"
     printf "%s %s : Load gradual policy\n" "$set_gradual_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#set_gradual_policy_option})))")"
     printf "%s %s : Remove gradual policy\n" "$delete_gradual_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#delete_gradual_policy_option})))")"
@@ -463,15 +463,15 @@ read_agent_run_status() # Initials - rars
     rars_output=$(tail -n 1 /tmp/agent-status.txt)
     if [ "$1" = "start" ]; then
         if [ "$rars_output" = "running" ]; then
-            echo "Openappsec Nano Agent watchdog started successfully"
+            echo "open-appsec Nano Agent watchdog started successfully"
         else
-            echo "Openappsec Nano Agent is already running"
+            echo "open-appsec Nano Agent is already running"
         fi
     else # "$1" = "stop"
         if [ "$rars_output" = "down" ]; then
-            echo "Openappsec Nano Agent stopped successfully"
+            echo "open-appsec Nano Agent stopped successfully"
         else
-            echo "Openappsec Nano Agent is not running"
+            echo "open-appsec Nano Agent is not running"
         fi
     fi
 }
@@ -527,7 +527,7 @@ run_stop_agent()
 
 uninstall_agent() # Initials - ua
 {
-    printf "Are you sure you want to uninstall Openappsec Nano Agent? (Y/N): " && read -r ua_confirm
+    printf "Are you sure you want to uninstall open-appsec Nano Agent? (Y/N): " && read -r ua_confirm
     case $ua_confirm in
     [Yy] | [Yy][Ee][Ss]) ;;
     *) exit 1 ;;
@@ -540,9 +540,9 @@ uninstall_agent() # Initials - ua
     fi
     ${ua_uninstall_script}
     if test "$?" = "0"; then
-        echo "Openappsec Nano Agent successfully uninstalled"
+        echo "open-appsec Nano Agent successfully uninstalled"
     else
-        echo "Failed to uninstall Openappsec Nano Agent"
+        echo "Failed to uninstall open-appsec Nano Agent"
         exit 1
     fi
 }
@@ -824,7 +824,7 @@ print_single_service_status() # Initials - psss
         return
     fi
 
-    echo "---- Openappsec $(format_nano_service_name "$psss_service_name") Nano Service ----"
+    echo "---- open-appsec $(format_nano_service_name "$psss_service_name") Nano Service ----"
 
     psss_is_userspace_process_running=$(is_userspace_running "$psss_service_name")
 
@@ -900,7 +900,7 @@ run_status() # Initials - rs
         rs_agent_version="Version $rs_agent_version"
     fi
 
-    echo "---- Openappsec Nano Agent ----"
+    echo "---- open-appsec Nano Agent ----"
     echo "$rs_agent_version"
     if [ "$(is_userspace_running "watchdog")" = true ] || [ "$(is_userspace_running "agent")" = true ]; then
         format_colored_status_line "Status: Running"
@@ -1434,16 +1434,16 @@ set_mode()
     if [ "$mode" = "online_mode" ]; then
         time_sleep=2
         time_out=60
-        echo "Registering Openappsec Nano Agent to Fog.."
+        echo "Registering open-appsec Nano Agent to Fog.."
         until $USR_SBIN_PATH/${CP_NANO_CTL} -s 2> /dev/null | grep -q "Registration status: Succeeded"; do
             time_out=$(( time_out - time_sleep ))
             if [ $time_out -le 0 ]; then
-                echo "Openappsec Nano Agent registration failed. Failed to register to Fog: $fog_address"
+                echo "open-appsec Nano Agent registration failed. Failed to register to Fog: $fog_address"
                 exit 1
             fi
             sleep ${time_sleep}
         done
-        echo "Openappsec Nano Agent is registered to $fog_address"
+        echo "open-appsec Nano Agent is registered to $fog_address"
         echo "Orchestration mode changed successfully"
     else
         echo "Orchestration mode was changed successfully"
diff --git a/nodes/orchestration/package/local-default-policy.yaml b/nodes/orchestration/package/local-default-policy.yaml
index d369eda..34705de 100644
--- a/nodes/orchestration/package/local-default-policy.yaml
+++ b/nodes/orchestration/package/local-default-policy.yaml
@@ -34,7 +34,7 @@ practices:
       max-header-size-bytes: 102400
       max-object-depth: 40
       max-url-size-bytes: 32768
-      minimum-confidence: Transparent
+      minimum-confidence: critical
       override-mode: detect-learn
       protections:
         csrf-protection: detect-learn
diff --git a/nodes/orchestration/package/orchestration_package.sh b/nodes/orchestration/package/orchestration_package.sh
index 47fe0b7..253dad8 100755
--- a/nodes/orchestration/package/orchestration_package.sh
+++ b/nodes/orchestration/package/orchestration_package.sh
@@ -833,7 +833,7 @@ install_orchestration()
         exit 0
     fi
 
-    cp_print "\nStarting installation of Check Point Nano Agent [$INSTALLATION_TIME]" ${FORCE_STDOUT}
+    cp_print "\nStarting installation of open-appsec Nano Agent [$INSTALLATION_TIME]" ${FORCE_STDOUT}
 
     cp_exec "rm -rf ${FILESYSTEM_PATH}/${SERVICE_PATH}"
     cp_exec "rm -rf ${FILESYSTEM_PATH}/${WATCHDOG_PATH}"
@@ -975,21 +975,21 @@ install_orchestration()
     install_watchdog
 
     cp_print "Note: in order for the agent to remain active and effective it must connect to the Fog/Cloud at least every 45 days" ${FORCE_STDOUT}
-    cp_print "Check Point Nano Agent installation completed successfully" ${FORCE_STDOUT}
+    cp_print "open-appsec Nano Agent installation completed successfully" ${FORCE_STDOUT}
 
     if [ $var_hybrid_mode = false ] && [ $var_offline_mode = false ] && [ $var_no_otp = false ] && [ $var_skip_registration = false ]; then
         time_sleep=2
         time_out=60
-        cp_print "Registering Check Point Nano Agent to Fog.." ${FORCE_STDOUT}
+        cp_print "Registering open-appsec Nano Agent to Fog.." ${FORCE_STDOUT}
         until $USR_SBIN_PATH/${CP_NANO_CTL} -s 2> /dev/null | grep -q "Registration status: Succeeded"; do
             time_out=$(( time_out - time_sleep ))
             if [ $time_out -le 0 ]; then
-                cp_print "Check Point Nano Agent registration failed. Failed to register to Fog: $var_fog_address" ${FORCE_STDOUT}
+                cp_print "open-appsec Nano Agent registration failed. Failed to register to Fog: $var_fog_address" ${FORCE_STDOUT}
                 exit 1
             fi
             sleep ${time_sleep}
         done
-        cp_print "Check Point Nano Agent is registered to $var_fog_address" ${FORCE_STDOUT}
+        cp_print "open-appsec Nano Agent is registered to $var_fog_address" ${FORCE_STDOUT}
     fi
 }
 
@@ -1032,7 +1032,7 @@ uninstall_orchestration()
     if [ ! -f "$uninstall_script" ]; then
         cp_dir="${FILESYSTEM_PATH}"
         if [ ! -d "$cp_dir" ]; then
-            echo "Check Point Nano Agent is not installed"
+            echo "open-appsec Nano Agent is not installed"
             exit 1
         fi
         echo "Failed to uninstall Orchestration Nano Service, uninstall script was not found in: $uninstall_script "
@@ -1040,9 +1040,9 @@ uninstall_orchestration()
     fi
      cp_exec "${uninstall_script}"
     if test "$?" = "0"; then
-        cp_print "Check Point Nano Agent successfully uninstalled" ${FORCE_STDOUT}
+        cp_print "open-appsec Nano Agent successfully uninstalled" ${FORCE_STDOUT}
     else
-        cp_print "Check Point Nano Agent failed to uninstall" ${FORCE_STDOUT}
+        cp_print "open-appsec Nano Agent failed to uninstall" ${FORCE_STDOUT}
         exit 1
     fi
 }