April 21th 2024 update

2025-09-29 19:24:26 +03:00 · 2024-04-21 12:38:24 +00:00
parent 189c9209c9
commit 66ed4a8d81
73 changed files with 994 additions and 1166 deletions
--- a/components/security_apps/local_policy_mgmt_gen/new_log_trigger.cc
+++ b/components/security_apps/local_policy_mgmt_gen/new_log_trigger.cc
@@ -27,7 +27,7 @@ NewAppsecTriggerAccessControlLogging::load(cereal::JSONInputArchive &archive_in)
 {
    dbgTrace(D_LOCAL_POLICY) << "Loading AppSec Trigger - Access Control Logging";
    parseAppsecJSONKey<bool>("allowEvents", ac_allow_events, archive_in, false);
-    parseAppsecJSONKey<bool>("dropEvents", ac_drop_events, archive_in, false);
+    parseAppsecJSONKey<bool>("dropEvents", ac_drop_events, archive_in, true);
 }

 void
@@ -36,8 +36,7 @@ NewAppsecTriggerAdditionalSuspiciousEventsLogging::load(cereal::JSONInputArchive
    dbgTrace(D_LOCAL_POLICY) << "Loading AppSec Trigger - Additional Suspicious Events Logging";
    parseAppsecJSONKey<bool>("enabled", enabled, archive_in, true);
    parseAppsecJSONKey<bool>("responseBody", response_body, archive_in, false);
-    //the old code didn't parse the responsecode so ask Noam what is the currenct default value for it
-    parseAppsecJSONKey<bool>("responseCode", response_code, archive_in, false);
+    parseAppsecJSONKey<bool>("responseCode", response_code, archive_in, true);
    parseAppsecJSONKey<string>("minSeverity", minimum_severity, archive_in, "high");
    if (valid_severities.count(minimum_severity) == 0) {
        dbgWarning(D_LOCAL_POLICY)
@@ -175,8 +174,12 @@ void
 NewAppsecTriggerLogDestination::load(cereal::JSONInputArchive &archive_in)
 {
    dbgTrace(D_LOCAL_POLICY) << "Loading AppSec Trigger LogDestination";
-    // TBD: support "file"
-    parseAppsecJSONKey<bool>("cloud", cloud, archive_in, false);
+    if (getConfigurationFlag("orchestration-mode") != "hybrid_mode") {
+        // TBD: support "file"
+        parseAppsecJSONKey<bool>("cloud", cloud, archive_in, false);
+    } else {
+        cloud = false;
+    }
    auto mode = Singleton::Consume<I_AgentDetails>::by<NewAppsecTriggerLogDestination>()->getOrchestrationMode();
    auto env_type = Singleton::Consume<I_EnvDetails>::by<NewAppsecTriggerLogDestination>()->getEnvType();
    bool k8s_service_default = (mode == OrchestrationMode::HYBRID && env_type == EnvType::K8S);
@@ -184,7 +187,7 @@ NewAppsecTriggerLogDestination::load(cereal::JSONInputArchive &archive_in)

    NewStdoutLogging stdout_log;
    parseAppsecJSONKey<NewStdoutLogging>("stdout", stdout_log, archive_in);
-    agent_local = !(stdout_log.getFormat().empty());
+    parseAppsecJSONKey<bool>("logToAgent", agent_local, archive_in, true);
    beautify_logs = stdout_log.getFormat() == "json-formatted";
    parseAppsecJSONKey<NewLoggingService>("syslogService", syslog_service, archive_in);
    parseAppsecJSONKey<NewLoggingService>("cefService", cef_service, archive_in);
--- a/components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc
+++ b/components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc
@@ -147,7 +147,7 @@ string
 PolicyMakerUtils::dumpPolicyToFile(
    const PolicyWrapper &policy,
    const string &policy_path,
-    const string &settings_path)
+    const string &)
 {
    clearElementsMaps();

@@ -170,6 +170,7 @@ PolicyMakerUtils::dumpPolicyToFile(
        cereal::JSONOutputArchive ar(settings_ss);
        policy.getSettings().save(ar);
    }
+#if 0
    string settings_str = settings_ss.str();
    try {
        ofstream settings_file(settings_path);
@@ -179,6 +180,7 @@ PolicyMakerUtils::dumpPolicyToFile(
        dbgDebug(D_NGINX_POLICY) << "Error while writing settings to " << settings_path << ", Error: " << e.what();
    }
    dbgDebug(D_LOCAL_POLICY) << settings_path << " content: " << settings_str;
+#endif

    return policy_str;
 }
--- a/components/security_apps/local_policy_mgmt_gen/triggers_section.cc
+++ b/components/security_apps/local_policy_mgmt_gen/triggers_section.cc
@@ -387,8 +387,12 @@ void
 AppsecTriggerLogDestination::load(cereal::JSONInputArchive &archive_in)
 {
    dbgTrace(D_LOCAL_POLICY) << "Loading AppSec Trigger LogDestination";
-    // TBD: support "file"
-    parseAppsecJSONKey<bool>("cloud", cloud, archive_in, false);
+    if (getConfigurationFlag("orchestration-mode") != "hybrid_mode") {
+        // TBD: support "file"
+        parseAppsecJSONKey<bool>("cloud", cloud, archive_in, false);
+    } else {
+        cloud = false;
+    }
    auto mode = Singleton::Consume<I_AgentDetails>::by<AppsecTriggerLogDestination>()->getOrchestrationMode();
    auto env_type = Singleton::Consume<I_EnvDetails>::by<AppsecTriggerLogDestination>()->getEnvType();
    bool k8s_service_default = (mode == OrchestrationMode::HYBRID && env_type == EnvType::K8S);