Feb 15th 2023 update

2025-09-29 11:16:30 +03:00 · 2023-02-15 19:09:38 +00:00
parent f7934cd09d
commit 6a9b33ff93
159 changed files with 16474 additions and 2096 deletions
--- a/components/include/WaapEnums.h
+++ b/components/include/WaapEnums.h
@@ -48,6 +48,7 @@ enum ParamType {
    HTML_PARAM_TYPE,
    URL_PARAM_TYPE,
    FREE_TEXT_PARAM_TYPE,
+    FREE_TEXT_FRENCH_PARAM_TYPE,
    PIPE_PARAM_TYPE,
    LONG_RANDOM_TEXT_PARAM_TYPE,
    BASE64_PARAM_TYPE,
--- a/components/include/generic_rulebase/match_query.h
+++ b/components/include/generic_rulebase/match_query.h
@@ -18,6 +18,7 @@
 #include <string>
 #include <set>
 #include <map>
+#include <memory>
 #include <arpa/inet.h>

 #include "cereal/types/string.hpp"
@@ -45,6 +46,13 @@ public:
        Domain,
        NotStatic
    };
+    struct MatchResult
+    {
+        bool is_match;
+        std::shared_ptr<std::set<std::string>> matched_keywords;
+    };
+
+    MatchQuery(): is_specific_label(false), is_ignore_keyword(false) {}

    void load(cereal::JSONInputArchive &archive_in);

@@ -58,6 +66,7 @@ public:
    const std::vector<IpProtoRange> & getProtoValue() const { return ip_proto_value; }
    const std::vector<MatchQuery> & getItems() const { return items; }
    std::string getFirstValue() const { return first_value; }
+    MatchResult getMatch(const std::unordered_map<std::string, std::set<std::string>> &key_value_pairs) const;
    bool matchAttributes(const std::unordered_map<std::string, std::set<std::string>> &key_value_pairs) const;
    bool matchException(const std::string &behaviorKey, const std::string &behaviorValue) const;
    bool isKeyTypeIp() const;
@@ -69,9 +78,14 @@ public:
    std::set<std::string> getAllKeys() const;

 private:
+    bool matchAttributes(
+            const std::unordered_map<std::string, std::set<std::string>> &key_value_pairs,
+            std::set<std::string> &matched_override_keywords) const;
    StaticKeys getKeyByName(const std::string &key_type_name);
-    bool matchAttributes(const std::set<std::string> &values) const;
-    bool matchAttributesRegEx(const std::set<std::string> &values) const;
+    bool matchAttributes(const std::set<std::string> &values,
+            std::set<std::string> &matched_override_keywords) const;
+    bool matchAttributesRegEx(const std::set<std::string> &values,
+            std::set<std::string> &matched_override_keywords) const;
    bool matchAttributesString(const std::set<std::string> &values) const;
    bool isRegEx() const;

@@ -88,6 +102,7 @@ private:
    std::vector<PortsRange> port_value;
    std::vector<IpProtoRange> ip_proto_value;
    std::vector<MatchQuery> items;
+    bool is_ignore_keyword;
 };

 #endif // __MATCH_QUERY_H__
--- a/components/include/generic_rulebase/parameters_config.h
+++ b/components/include/generic_rulebase/parameters_config.h
@@ -200,6 +200,11 @@ public:
    std::set<ParameterBehavior>
    getBehavior(const std::unordered_map<std::string, std::set<std::string>> &key_value_pairs) const;

+    std::set<ParameterBehavior>
+    getBehavior(
+            const std::unordered_map<std::string, std::set<std::string>> &key_value_pairs,
+            std::set<std::string> &matched_override_keywords) const;
+
    static bool isGeoLocationExceptionExists() { return is_geo_location_exception_exists; }

 private:
@@ -218,4 +223,6 @@ private:
    static bool is_geo_location_exception_being_loaded;
 };

+static const ParameterBehavior action_ignore(BehaviorKey::ACTION, BehaviorValue::IGNORE);
+
 #endif //__PARAMETERS_CONFIG_H__
--- a/components/include/generic_rulebase/triggers_config.h
+++ b/components/include/generic_rulebase/triggers_config.h
@@ -160,8 +160,10 @@ private:

    std::string name;
    std::string verbosity;
-    std::string url_for_syslog = "";
-    std::string url_for_cef = "";
+    std::string url_for_syslog = "UDP";
+    std::string url_for_cef = "UDP";
+    std::string syslog_protocol = "";
+    std::string cef_protocol = "";
    Flags<ReportIS::StreamType> active_streams;
    Flags<SecurityType> should_log_on_detect;
    Flags<SecurityType> should_log_on_prevent;
--- a/components/include/i_service_controller.h
+++ b/components/include/i_service_controller.h
@@ -42,7 +42,8 @@ public:
        const std::string &new_settings_path,
        const std::vector<std::string> &new_data_files = {},
        const std::string &tenant_id = "",
-        const std::string &profile_id = ""
+        const std::string &profile_id = "",
+        const bool last_iteration = false
    ) = 0;

    virtual bool isServiceInstalled(const std::string &service_name) = 0;
--- a/components/include/nginx_attachment.h
+++ b/components/include/nginx_attachment.h
@@ -21,6 +21,9 @@
 #include "i_http_manager.h"
 #include "i_static_resources_handler.h"
 #include "i_socket_is.h"
+#include "i_environment.h"
+#include "i_shell_cmd.h"
+#include "i_tenant_manager.h"
 #include "transaction_table_metric.h"
 #include "nginx_attachment_metric.h"
 #include "nginx_intaker_metric.h"
@@ -38,7 +41,10 @@ class NginxAttachment
    Singleton::Consume<I_HttpManager>,
    Singleton::Consume<I_TimeGet>,
    Singleton::Consume<I_Socket>,
-    Singleton::Consume<I_InstanceAwareness>
+    Singleton::Consume<I_InstanceAwareness>,
+    Singleton::Consume<I_Environment>,
+    Singleton::Consume<I_ShellCmd>,
+    Singleton::Consume<I_TenantManager>
 {
 public:
    NginxAttachment();