github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Mar 26th 2023 Dev

Browse Source
This commit is contained in:
Ned Wright
2023-03-27 15:06:15 +00:00
parent 5848f1d7e3
commit 3f5a3b27a4
68 changed files with 1534 additions and 1836 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/security_apps/waap/waap_clib/DeepParser.cc
View File

@@ -323,6 +323,8 @@ int DeepParser::onKv(const char* k, size_t k_len, const char* v, size_t v_len, i
if (shouldUpdateKeyStack) {
m_key.pop("deep parser key");
}
m_depth--;
return rc;
}
@@ -1013,6 +1015,7 @@ void DeepParser::createInternalParser(const char *k, size_t k_len, std::string&
}
}
void DeepParser::apiProcessKey(const char* v, size_t v_len)
{
// Build dot-formatted full keyword name

6
components/security_apps/waap/waap_clib/WaapAssetState.cc
View File

@@ -102,8 +102,6 @@ static const boost::regex utf_evasion_for_dot_regex(utf_evasion_for_dot_helper);
static const std::string sqli_comma_evasion_regex_helper = "\"\\s*,\\s*\"";
static const boost::regex sqli_comma_evasion_regex(sqli_comma_evasion_regex_helper);
static const boost::regex space_evasion_regex("[[:space:]]{2,}");
WaapAssetState::WaapAssetState(const std::shared_ptr<WaapAssetState>& pWaapAssetState,
const std::string& waapDataFileName,
const std::string& id) :
@@ -279,10 +277,6 @@ WaapAssetState::WaapAssetState(std::shared_ptr<Signatures> signatures,
return;
}
boost::cmatch what;
if (!boost::regex_search(text.c_str(), what, space_evasion_regex))
return;
dbgTrace(D_WAAP) << "Boost regex passed";
for (;position < text.size(); position++) {
code = text[position];
switch (code) {

34
components/security_apps/waap/waap_clib/WaapConfigApi.cc
View File

@@ -56,47 +56,14 @@ WaapConfigAPI::clearAssetsCount()
WaapConfigAPI::assets_ids_aggregation.clear();
}
#if 0 // maybe will be used in the future
WaapConfigAPI::WaapConfigAPI(
bool autonomousSecurity,
string autonomousSecurityLevel,
string assetId,
string assetName,
string practiceId,
string practiceName,
string ruleId,
string ruleName,
bool schemaValidation) :
WaapConfigBase(
autonomousSecurity,
autonomousSecurityLevel,
assetId,
assetName,
practiceId,
practiceName,
ruleId,
ruleName),
m_schemaValidation(schemaValidation)
{
}
#endif
void WaapConfigAPI::load(cereal::JSONInputArchive& ar)
{
// order has affect - we need to call base last because of triggers and overrides
readJSONByCereal(ar);
WaapConfigBase::load(ar);
assets_ids_aggregation.insert(m_assetId);
}
void WaapConfigAPI::readJSONByCereal(cereal::JSONInputArchive &ar)
{
}
bool WaapConfigAPI::operator==(const WaapConfigAPI& other) const
{
const WaapConfigBase* configBase = this;
@@ -114,4 +81,3 @@ const string& WaapConfigAPI::get_PracticeSubType() const
{
return s_PracticeSubType;
}

17
components/security_apps/waap/waap_clib/WaapConfigApi.h
View File

@@ -18,7 +18,6 @@
#include <set>
#include "WaapConfigBase.h"
#include "log_generator.h"
#include "debug.h"
@@ -26,18 +25,6 @@ class WaapConfigAPI : public WaapConfigBase
{
public:
WaapConfigAPI();
#if 0 // maybe will be used in the future
WaapConfigAPI(
bool autonomousSecurity,
std::string autonomousSecurityLevel,
std::string assetId,
std::string assetName,
std::string practiceId,
std::string practiceName,
std::string ruleId,
std::string ruleName,
bool schemaValidation);
#endif
void load(cereal::JSONInputArchive& ar);
bool operator==(const WaapConfigAPI& other) const;
@@ -49,10 +36,6 @@ public:
static void clearAssetsCount();
private:
void readJSONByCereal(cereal::JSONInputArchive&ar);
std::string m_schemaValidationPoicyStatusMessage;
static const std::string s_PracticeSubType;
static std::set<std::string> assets_ids;

5
components/security_apps/waap/waap_clib/WaapConfigApplication.cc
View File

@@ -72,12 +72,15 @@ const string& WaapConfigApplication::get_PracticeSubType() const
void WaapConfigApplication::load(cereal::JSONInputArchive& ar)
{
WaapConfigBase::load(ar);
// order has affect - we need to call base last because of triggers and overrides
loadOpenRedirectPolicy(ar);
loadErrorDisclosurePolicy(ar);
loadCsrfPolicy(ar);
loadSecurityHeadersPolicy(ar);
WaapConfigBase::load(ar);
assets_ids_aggregation.insert(m_assetId);
}

12
components/security_apps/waap/waap_clib/WaapConfigApplication.h
View File

@@ -29,18 +29,6 @@ class WaapConfigApplication
{
public:
WaapConfigApplication();
#if 0 // maybe will be used in the future
WaapConfigApplication(
bool autonomousSecurity,
std::string autonomousSecurityLevel,
std::string assetId,
std::string assetName,
std::string practiceId,
std::string practiceName,
std::string ruleId,
std::string ruleName,
bool botProtection);
#endif
bool operator==(const WaapConfigApplication& other) const;

2
components/security_apps/waap/waap_clib/WaapConfigBase.cc
View File

@@ -23,7 +23,9 @@
#include "Waf2Util.h"
USE_DEBUG_FLAG(D_WAAP_ULIMITS);
USE_DEBUG_FLAG(D_WAAP);
using boost::algorithm::to_lower_copy;
using namespace std;
WaapConfigBase::WaapConfigBase()
:

1
components/security_apps/waap/waap_clib/WaapConfigBase.h
View File

@@ -96,6 +96,7 @@ private:
std::shared_ptr<Waap::Parameters::WaapParameters> m_waapParameters;
std::shared_ptr<Waap::OpenRedirect::Policy> m_openRedirectPolicy;
std::shared_ptr<Waap::ErrorDisclosure::Policy> m_errorDisclosurePolicy;
std::string m_schemaValidationPoicyStatusMessage;
std::shared_ptr<Waap::Csrf::Policy> m_csrfPolicy;
std::shared_ptr<Waap::RateLimiting::Policy> m_rateLimitingPolicy;
std::shared_ptr<Waap::RateLimiting::Policy> m_errorLimitingPolicy;

9
components/security_apps/waap/waap_clib/Waf2Engine.cc
View File

@@ -553,7 +553,6 @@ bool Waf2Transaction::checkIsScanningRequired()
auto csrfPolicy = m_siteConfig ? m_siteConfig->get_CsrfPolicy() : NULL;
auto userLimitsPolicy = m_siteConfig ? m_siteConfig->get_UserLimitsPolicy() : nullptr;
result |= m_siteConfig->get_WebAttackMitigation();
if (rateLimitingPolicy) {
result |= m_siteConfig->get_RateLimitingPolicy()->getRateLimitingEnforcementStatus();
}
@@ -1007,7 +1006,6 @@ void Waf2Transaction::add_request_hdr(const char* name, int name_len, const char
}
void Waf2Transaction::end_request_hdrs() {
dbgFlow(D_WAAP) << "[transaction:" << this << "] end_request_hdrs";
m_isScanningRequired = setCurrentAssetContext();
if (m_siteConfig != NULL)
@@ -1468,23 +1466,20 @@ Waf2Transaction::decideFinal(
sitePolicy = &ngenAPIConfig;
m_overrideState = getOverrideState(sitePolicy);
// User limits
shouldBlock = (getUserLimitVerdict() == ngx_http_cp_verdict_e::TRAFFIC_VERDICT_DROP);
}
else if (WaapConfigApplication::getWaapSiteConfig(ngenSiteConfig)) {
dbgTrace(D_WAAP) << "Waf2Transaction::decideFinal(): got relevant Application configuration from the I/S";
sitePolicy = &ngenSiteConfig;
m_overrideState = getOverrideState(sitePolicy);
// Autonomus Security
shouldBlock = decideAutonomousSecurity(
*sitePolicy,
mode,
false,
transactionResult,
realPoolName,
fpClassification
);
fpClassification);
// CSRF Protection
auto csrfPolicy = m_siteConfig ? m_siteConfig->get_CsrfPolicy() : nullptr;
if(csrfPolicy && csrfPolicy->enable) {

1
components/security_apps/waap/waap_clib/Waf2Engine.h
View File

@@ -184,7 +184,6 @@ public:
void handleSecurityHeadersInjection(std::vector<std::pair<std::string, std::string>>& injectHeaderStrs);
void disableShouldInjectSecurityHeaders();
bool shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger::Log> &trigger_log) const;
// query