github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

update embedded nginx support for openappsec and bug fixes and schema changes

Browse Source
This commit is contained in:
dgambarin
2022-11-16 17:56:41 +02:00
parent 03949a3cb7
commit 8bbd856d92
13 changed files with 90 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h
View File

@@ -119,9 +119,9 @@ public:
load(cereal::JSONInputArchive &archive_in)
{
dbgTrace(D_K8S_POLICY) << "Loading AppSec Web Attack Protections";
parseAppsecJSONKey<std::string>("csrf-protection", csrf_protection, archive_in, "Inactive");
parseAppsecJSONKey<std::string>("error-disclosure", error_disclosure, archive_in, "Inactive");
parseAppsecJSONKey<std::string>("open-redirect", open_redirect, archive_in, "Inactive");
parseAppsecJSONKey<std::string>("csrf-enabled", csrf_protection, archive_in, "inactive");
parseAppsecJSONKey<std::string>("error-disclosure-enabled", error_disclosure, archive_in, "inactive");
parseAppsecJSONKey<std::string>("open-redirect-enabled", open_redirect, archive_in, "inactive");
parseAppsecJSONKey<bool>("non-valid-http-methods", non_valid_http_methods, archive_in, false);
}
@@ -253,7 +253,7 @@ public:
{
dbgTrace(D_K8S_POLICY) << "Loading AppSec Snort Signatures practice";
parseAppsecJSONKey<std::string>("override-mode", override_mode, archive_in, "Inactive");
parseAppsecJSONKey<std::vector<std::string>>("configmap", config_map, archive_in);
parseAppsecJSONKey<std::vector<std::string>>("files", config_map, archive_in);
}
const std::string & getOverrideMode() const { return override_mode; }
@@ -285,7 +285,7 @@ public:
{
dbgTrace(D_K8S_POLICY) << "Loading AppSecPracticeOpenSchemaAPI practice";
parseAppsecJSONKey<std::string>("override-mode", override_mode, archive_in, "Inactive");
parseAppsecJSONKey<std::vector<std::string>>("configmap", config_map, archive_in);
parseAppsecJSONKey<std::vector<std::string>>("files", config_map, archive_in);
}
const std::string & getOverrideMode() const { return override_mode; }
@@ -777,12 +777,12 @@ public:
dbgTrace(D_K8S_POLICY) << "Loading AppSec policy spec";
parseAppsecJSONKey<AppsecPolicySpec>("policies", policies, archive_in);
parseAppsecJSONKey<std::vector<AppSecPracticeSpec>>("practices", practices, archive_in);
parseAppsecJSONKey<std::vector<AppsecTriggerSpec>>("logtriggers", log_triggers, archive_in);
parseAppsecJSONKey<std::vector<AppSecCustomResponseSpec>>("customresponses", custom_responses, archive_in);
parseAppsecJSONKey<std::vector<AppsecTriggerSpec>>("log-triggers", log_triggers, archive_in);
parseAppsecJSONKey<std::vector<AppSecCustomResponseSpec>>("custom-responses", custom_responses, archive_in);
parseAppsecJSONKey<std::vector<AppsecExceptionSpec>>("exceptions", exceptions, archive_in);
parseAppsecJSONKey<std::vector<TrustedSourcesSpec>>("trustedsources", trusted_sources, archive_in);
parseAppsecJSONKey<std::vector<TrustedSourcesSpec>>("trusted-sources", trusted_sources, archive_in);
parseAppsecJSONKey<std::vector<SourceIdentifierSpecWrapper>>(
"sourceidentifiers",
"source-identifier",
sources_identifier,
archive_in
);

4
components/security_apps/orchestration/local_policy_mgmt_gen/include/trusted_sources_section.h
View File

@@ -34,7 +34,7 @@ public:
{
dbgTrace(D_K8S_POLICY) << "Loading trusted sources spec";
parseAppsecJSONKey<int>("minNumOfSources", min_num_of_sources, archive_in, 3);
parseAppsecJSONKey<std::vector<std::string>>("sourcesIdentifiers", sources_identifiers, archive_in);
parseAppsecJSONKey<std::vector<std::string>>("sources-identifiers", sources_identifiers, archive_in);
parseAppsecJSONKey<std::string>("name", name, archive_in);
}
@@ -110,7 +110,7 @@ public:
load(cereal::JSONInputArchive &archive_in)
{
dbgTrace(D_K8S_POLICY) << "Loading trusted sources spec";
parseAppsecJSONKey<std::string>("sourceIdentifier", source_identifier, archive_in);
parseAppsecJSONKey<std::string>("source-identifier", source_identifier, archive_in);
parseAppsecJSONKey<std::vector<std::string>>("value", value, archive_in);
}

20
components/security_apps/orchestration/local_policy_mgmt_gen/local_policy_mgmt_gen.cc
View File

@@ -28,6 +28,7 @@
#include <boost/uuid/uuid_generators.hpp>
#include "rest.h"
#include "report/report.h"
#include "debug.h"
#include "config.h"
#include "connkey.h"
@@ -1218,27 +1219,10 @@ private:
LocalPolicyEnv env_type;
map<string, string> practice_name_to_id_map;
bool
isPlaygroundEnv()
{
string playground_variable = "PLAYGROUND";
const char* env_string = getenv(playground_variable.c_str());
if (env_string)
{
string env_value = env_string;
std::transform(env_value.begin(), env_value.end(), env_value.begin(),
[](unsigned char c){ return std::tolower(c); });
return env_value == "true";
}
return false;
}
bool
getClusterId()
{
string playground_uid = isPlaygroundEnv() ? "playground-" : "";
string playground_uid = Report::isPlaygroundEnv() ? "playground-" : "";
dbgTrace(D_K8S_POLICY) << "Getting cluster UID";
auto maybe_namespaces_data = getObjectFromCluster<NamespaceData>("/api/v1/namespaces/");

6
components/security_apps/orchestration/orchestration_comp.cc
View File

@@ -596,6 +596,10 @@ private:
auto team = i_env->get<AudienceTeam>("Audience Team");
if (team.ok()) audience_team = *team;
string agent_uid =
(Report::isPlaygroundEnv() ? "playground-" : "") +
Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>()->getAgentId();
Report policy_update_message(
"Agent's policy has been updated",
curr_time,
@@ -607,7 +611,7 @@ private:
Severity::INFO,
Priority::LOW,
chrono::seconds(0),
LogField("agentId", Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>()->getAgentId()),
LogField("agentId", agent_uid),
Tags::ORCHESTRATOR
);
policy_update_message.addToOrigin(LogField("policyVersion", new_policy_version));