github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-30 03:34:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

sync code

Browse Source
This commit is contained in:
Ned Wright
2024-09-17 10:53:09 +00:00
parent 3fe0b42fcd
commit 586150fe4f
143 changed files with 1886 additions and 380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/utils/CMakeLists.txt
View File

@@ -4,3 +4,4 @@ add_subdirectory(http_transaction_data)
add_subdirectory(ip_utilities)
add_subdirectory(keywords)
add_subdirectory(pm)
add_subdirectory(service_health_status)

2
components/utils/generic_rulebase/triggers_config.cc
View File

@@ -173,7 +173,7 @@ LogTriggerConf::load(cereal::JSONInputArchive& archive_in)
setTriggersFlag("webUrlQuery", archive_in, WebLogFields::webUrlQuery, log_web_fields);
setTriggersFlag("logToAgent", archive_in, ReportIS::StreamType::JSON_LOG_FILE, active_streams);
setTriggersFlag("logToCloud", archive_in, ReportIS::StreamType::JSON_FOG, active_streams);
setTriggersFlag("logToContainerService", archive_in, ReportIS::StreamType::JSON_CONTAINER_SVC, active_streams);
setTriggersFlag("logTolocalTuning", archive_in, ReportIS::StreamType::JSON_CONTAINER_SVC, active_streams);
setTriggersFlag("logToSyslog", archive_in, ReportIS::StreamType::SYSLOG, active_streams);
setTriggersFlag("logToCef", archive_in, ReportIS::StreamType::CEF, active_streams);
setTriggersFlag("acAllow", archive_in, SecurityType::AccessControl, should_log_on_detect);

2
components/utils/ip_utilities/ip_utilities.cc
View File

@@ -301,7 +301,7 @@ ConvertToIpAddress(const IPAddr &addr) {
break;
}
default:
dbgAssert(false) << "Unsupported IP type";
dbgAssert(false) << AlertInfo(AlertTeam::CORE, "ip utilities") << "Unsupported IP type";
}
return address;
}

8
components/utils/keywords/data_keyword.cc
View File

@@ -74,7 +74,9 @@ private:
uint
moveOnNoMatch(uint offset_from_end, unsigned char first_unmatched_byte) const
{
dbgAssert(shift.size() > offset_from_end) << "Shift table of the 'data' keyword is shorter than the offset";
dbgAssert(shift.size() > offset_from_end)
<< AlertInfo(AlertTeam::CORE, "keywords")
<< "Shift table of the 'data' keyword is shorter than the offset";
uint skip_size;
if (skip[first_unmatched_byte]>offset_from_end) {
@@ -350,7 +352,9 @@ DataKeyword::bytesMatched(const Buffer &buf, uint offset) const
MatchStatus
DataKeyword::isMatch(const I_KeywordRuntimeState *prev) const
{
dbgAssert(pattern.size()>0) << "Trying to run on an uninitialized keyword data";
dbgAssert(pattern.size()>0)
<< AlertInfo(AlertTeam::CORE, "keywords")
<< "Trying to run on an uninitialized keyword data";
dbgDebug(D_KEYWORD) << "Searching for " << dumpHex(pattern);

2
components/utils/keywords/jump_keyword.cc
View File

@@ -143,7 +143,7 @@ jumpKeyword::getStartOffset(uint buf_size, const I_KeywordRuntimeState *prev) co
return prev->getOffset(ctx);
}
}
dbgAssert(false) << "Invalid jumping 'from' parameter";
dbgAssert(false) << AlertInfo(AlertTeam::CORE, "keywords") << "Invalid jumping 'from' parameter";
return 0;
}

2
components/utils/keywords/keywords_rule.cc
View File

@@ -90,7 +90,7 @@ SentinelRuntimeState::getOffset(const std::string &) const
uint
SentinelRuntimeState::getVariable(uint var_id) const
{
dbgAssert(false) << "Could not find the variable ID: " << var_id;
dbgAssert(false) << AlertInfo(AlertTeam::CORE, "keywords") << "Could not find the variable ID: " << var_id;
return 0;
}
// LCOV_EXCL_STOP

4
components/utils/keywords/pcre_keyword.cc
View File

@@ -297,7 +297,9 @@ PCREKeyword::getStartOffsetAndLength(uint buf_size, const I_KeywordRuntimeState
MatchStatus
PCREKeyword::isMatch(const I_KeywordRuntimeState *prev) const
{
dbgAssert(pcre_machine!=nullptr) << "Trying to run on an uninitialized keyword 'pcre'";
dbgAssert(pcre_machine!=nullptr)
<< AlertInfo(AlertTeam::CORE, "keywords")
<< "Trying to run on an uninitialized keyword 'pcre'";
auto part = Singleton::Consume<I_Environment>::by<KeywordComp>()->get<Buffer>(static_cast<string>(ctx));

4
components/utils/keywords/single_keyword.cc
View File

@@ -250,7 +250,9 @@ ComparisonAttr::operator()(int first_val, int second_val) const
return first_val >= second_val;
}
}
dbgAssert(false) << "ComparisonAttr::operator found an invalid comparison operator";
dbgAssert(false)
<< AlertInfo(AlertTeam::CORE, "keywords")
<< "ComparisonAttr::operator found an invalid comparison operator";
return false;
}

2
components/utils/keywords/stateop_keyword.cc
View File

@@ -131,7 +131,7 @@ StateopKeyword::isMatch(const I_KeywordRuntimeState *prev) const
if (table->hasState<KeywordStateop>()) table->getState<KeywordStateop>().removeVariable(var_name);
return runNext(prev);
} else {
dbgAssert(false) << "Impossible 'stateop' keyword without operation";
dbgAssert(false) << AlertInfo(AlertTeam::CORE, "keywords") << "Impossible 'stateop' keyword without operation";
}
// If there was no matches and the keyword is effected by other keywords, then we know that the rule won't match

2
components/utils/pm/kiss_patterns.cc
View File

@@ -80,7 +80,7 @@ kiss_pmglob_string_s::kiss_pmglob_string_s(const char *buffer, size_t size, int
kiss_pmglob_string_s::kiss_pmglob_string_s(const u_char *buffer, size_t size, int _pattern_id, u_int _flags)
{
dbgAssert(buffer && size > 0) << "Illegal arguments";
dbgAssert(buffer && size > 0) << AlertInfo(AlertTeam::CORE, "pattern matcher") << "Illegal arguments";
buf.resize(size);
memcpy(buf.data(), buffer, size);
pattern_id = _pattern_id;

4
components/utils/pm/kiss_thin_nfa.cc
View File

@@ -430,7 +430,9 @@ kiss_thin_nfa_exec(KissThinNFA *nfa_h, const Buffer& buf, std::vector<std::pair<
{
struct kiss_bnfa_runtime_s bnfa_runtime;
dbgAssert(nfa_h != nullptr) << "kiss_thin_nfa_exec() was called with null handle";
dbgAssert(nfa_h != nullptr)
<< AlertInfo(AlertTeam::CORE, "pattern matcher")
<< "kiss_thin_nfa_exec() was called with null handle";
if (buf.size() == 0) {
return;

6
components/utils/pm/pm_hook.cc
View File

@@ -105,7 +105,7 @@ PMHook::prepare(const set<PMPattern> &inputs)
set<PMPattern>
PMHook::scanBuf(const Buffer &buf) const
{
dbgAssert(handle != nullptr) << "Unusable Pattern Matcher";
dbgAssert(handle != nullptr) << AlertInfo(AlertTeam::CORE, "pattern matcher") << "Unusable Pattern Matcher";
vector<pair<uint, uint>> pm_matches;
kiss_thin_nfa_exec(handle.get(), buf, pm_matches);
dbgTrace(D_PM) << pm_matches.size() << " raw matches found";
@@ -121,7 +121,7 @@ PMHook::scanBuf(const Buffer &buf) const
set<pair<uint, uint>>
PMHook::scanBufWithOffset(const Buffer &buf) const
{
dbgAssert(handle != nullptr) << "Unusable Pattern Matcher";
dbgAssert(handle != nullptr) << AlertInfo(AlertTeam::CORE, "pattern matcher") << "Unusable Pattern Matcher";
vector<pair<uint, uint>> pm_matches;
kiss_thin_nfa_exec(handle.get(), buf, pm_matches);
@@ -135,7 +135,7 @@ PMHook::scanBufWithOffset(const Buffer &buf) const
void
PMHook::scanBufWithOffsetLambda(const Buffer &buf, I_PMScan::CBFunction cb) const
{
dbgAssert(handle != nullptr) << "Unusable Pattern Matcher";
dbgAssert(handle != nullptr) << AlertInfo(AlertTeam::CORE, "pattern matcher") << "Unusable Pattern Matcher";
unordered_map<uint, uint> match_counts;
vector<pair<uint, uint>> pm_matches;

2
components/utils/service_health_status/CMakeLists.txt Executable file
View File

@@ -0,0 +1,2 @@
add_library(service_health_status service_health_status.cc)
add_subdirectory(service_health_status_ut)

104
components/utils/service_health_status/service_health_status.cc Normal file
View File

@@ -0,0 +1,104 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "service_health_status.h"
#include <fstream>
#include <string>
#include "debug.h"
#include "rest.h"
#include "customized_cereal_map.h"
#include "service_health_update_event.h"
using namespace std;
USE_DEBUG_FLAG(D_SERVICE_HEALTH_STATUS);
class I_ServiceHealthStatusImpl
{
public:
virtual const map<string, string> & getErrors() const = 0;
protected:
virtual ~I_ServiceHealthStatusImpl() {}
};
class ServiceHealthStatus::Impl
:
public Singleton::Provide<I_ServiceHealthStatusImpl>::SelfInterface,
public Listener<ServiceHealthUpdateEvent>
{
public:
void init();
const map<string, string> & getErrors() const override { return errors_map; }
void upon(const ServiceHealthUpdateEvent &event) override;
private:
map<string, string> errors_map;
};
class ServiceHealthStatusRest
:
public ServerRest,
Singleton::Consume<I_ServiceHealthStatusImpl>
{
using ErrorsMap = map<string, string>;
public:
void
doCall()
{
errors = Singleton::Consume<I_ServiceHealthStatusImpl>::by<ServiceHealthStatusRest>()->getErrors();
healthy = errors.get().empty();
dbgTrace(D_SERVICE_HEALTH_STATUS)
<< "Heath status requested. "
<< (healthy ? "Service is healthy." : "Service is not healthy.");
}
private:
S2C_PARAM(bool, healthy);
S2C_PARAM(ErrorsMap, errors);
};
void
ServiceHealthStatus::Impl::init()
{
if (!Singleton::exists<I_RestApi>()) return;
Singleton::Consume<I_RestApi>::by<ServiceHealthStatus>()->addRestCall<ServiceHealthStatusRest>(
RestAction::SHOW,
"health"
);
registerListener();
}
void
ServiceHealthStatus::Impl::upon(const ServiceHealthUpdateEvent &event)
{
dbgTrace(D_SERVICE_HEALTH_STATUS)
<< "Service health update event. Error: "
<< event.getComponent()
<< " - "
<< event.getError();
if (event.isHealthyUpdate()) {
errors_map.clear();
} else {
errors_map[event.getComponent()] = event.getError();
}
}
ServiceHealthStatus::ServiceHealthStatus() : Component("ServiceHealthStatus"), pimpl(make_unique<Impl>()) {}
ServiceHealthStatus::~ServiceHealthStatus() {}
void ServiceHealthStatus::init() { pimpl->init(); }

8
components/utils/service_health_status/service_health_status_ut/CMakeLists.txt Executable file
View File

@@ -0,0 +1,8 @@
include_directories(${Boost_INCLUDE_DIRS})
link_directories(${BOOST_ROOT}/lib)
add_unit_test(
service_health_status_ut
"service_health_status_ut.cc"
"service_health_status;rest;event_is;connkey;mainloop;encryptor;messaging;-lz;metric;-lboost_regex;-lboost_context;-lcrypto;"
)

73
components/utils/service_health_status/service_health_status_ut/service_health_status_ut.cc Normal file
View File

@@ -0,0 +1,73 @@
#include "service_health_status.h"
#include "cptest.h"
#include "environment.h"
#include "config.h"
#include "config_component.h"
#include "debug.h"
#include "connkey.h"
#include "rest.h"
#include "rest_server.h"
#include "mock/mock_rest_api.h"
#include "service_health_update_event.h"
using namespace std;
using namespace testing;
USE_DEBUG_FLAG(D_GEO_DB);
class HealthCheckStatusTest : public Test
{
public:
HealthCheckStatusTest()
{
EXPECT_CALL(mock_rest, mockRestCall(RestAction::SHOW, "health", _))
.WillOnce(WithArg<2>(Invoke(this, &HealthCheckStatusTest::showHealthCheckStatus)));
health_check_status.init();
}
bool
showHealthCheckStatus(const unique_ptr<RestInit> &p)
{
show_health_check_status = p->getRest();
return true;
}
::Environment env;
ConfigComponent config;
ServiceHealthStatus health_check_status;
NiceMock<MockRestApi> mock_rest;
unique_ptr<ServerRest> show_health_check_status;
};
TEST_F(HealthCheckStatusTest, testHealthCheckStatus)
{
ServiceHealthUpdateEvent().notify();
stringstream ss("{}");
Maybe<string> maybe_res = show_health_check_status->performRestCall(ss);
EXPECT_TRUE(maybe_res.ok());
EXPECT_EQ(maybe_res.unpack(),
"{\n"
" \"healthy\": true,\n"
" \"errors\": {}\n"
"}"
);
}
TEST_F(HealthCheckStatusTest, testNotHealthyService)
{
ServiceHealthUpdateEvent("test", "test description").notify();
stringstream ss("{}");
Maybe<string> maybe_res = show_health_check_status->performRestCall(ss);
EXPECT_TRUE(maybe_res.ok());
EXPECT_EQ(maybe_res.unpack(),
"{\n"
" \"healthy\": false,\n"
" \"errors\": {\n"
" \"test\": \"test description\"\n"
" }\n"
"}"
);
}