Waf tag (#317)

* add waf-tag to openappsec * fix waf tag to openappsec --------- Co-authored-by: wiaamm <wiaamm@checkpoint.com>
2026-01-02 14:44:42 +03:00 · 2025-06-11 11:34:48 +03:00
parent bc1eac9d39
commit 782dfeada6
8 changed files with 71 additions and 3 deletions
--- a/components/attachment-intakers/nginx_attachment/user_identifiers_config.cc
+++ b/components/attachment-intakers/nginx_attachment/user_identifiers_config.cc
@@ -366,6 +366,24 @@ UsersAllIdentifiersConfig::setCustomHeaderToOpaqueCtx(const HttpHeader &header)
    return;
 }

+void
+UsersAllIdentifiersConfig::setWafTagValuesToOpaqueCtx(const HttpHeader &header) const
+{
+    auto i_transaction_table = Singleton::Consume<I_TableSpecific<SessionID>>::by<NginxAttachment>();
+    if (!i_transaction_table || !i_transaction_table->hasState<NginxAttachmentOpaque>()) {
+        dbgDebug(D_NGINX_ATTACHMENT_PARSER) << "Can't get the transaction table";
+        return;
+    }
+
+    NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>();
+    opaque.setSavedData(HttpTransactionData::waf_tag_ctx, static_cast<string>(header.getValue()));
+
+    dbgDebug(D_NGINX_ATTACHMENT_PARSER)
+        << "Added waf tag to context: "
+        <<  static_cast<string>(header.getValue());
+    return;
+}
+
 Maybe<string>
 UsersAllIdentifiersConfig::parseCookieElement(
    const string::const_iterator &start,