From abe275c82895a6dead9aad05369e8abcb944ded7 Mon Sep 17 00:00:00 2001
From: Ned Wright <nedwright@proton.me>
Date: Thu, 27 Jul 2023 15:41:41 +0000
Subject: [PATCH] Add check if obfuscation is enabled

---
 components/security_apps/ips/helper_open_source.cc   | 8 ++++++++
 components/security_apps/ips/include/helper.h        | 1 +
 components/security_apps/ips/ips_basic_policy.cc     | 2 ++
 components/security_apps/ips/ips_ut/signatures_ut.cc | 6 ++++++
 4 files changed, 17 insertions(+)

diff --git a/components/security_apps/ips/helper_open_source.cc b/components/security_apps/ips/helper_open_source.cc
index dfe750c..35a873a 100644
--- a/components/security_apps/ips/helper_open_source.cc
+++ b/components/security_apps/ips/helper_open_source.cc
@@ -7,6 +7,14 @@ using namespace std;
 namespace IPSHelper
 {
 
+bool has_deobfuscation = false;
+
+bool
+hasDeobfuscation()
+{
+    return has_deobfuscation;
+}
+
 string
 deobfuscateString(const string &str)
 {
diff --git a/components/security_apps/ips/include/helper.h b/components/security_apps/ips/include/helper.h
index 340e294..47ec4bd 100644
--- a/components/security_apps/ips/include/helper.h
+++ b/components/security_apps/ips/include/helper.h
@@ -6,6 +6,7 @@
 namespace IPSHelper
 {
 
+bool hasDeobfuscation();
 std::string deobfuscateString(const std::string &str);
 std::string deobfuscateKeyword(const std::string &str);
 
diff --git a/components/security_apps/ips/ips_basic_policy.cc b/components/security_apps/ips/ips_basic_policy.cc
index 25d7eb8..b285429 100644
--- a/components/security_apps/ips/ips_basic_policy.cc
+++ b/components/security_apps/ips/ips_basic_policy.cc
@@ -25,6 +25,8 @@ RuleSelector::selectSignatures() const
 {
     vector<IPSSignatureSubTypes::SignatureAndAction> res;
 
+    if (!IPSHelper::hasDeobfuscation()) return res;
+
     auto all_signatures = getResource<IPSSignaturesResource>("IPS", "protections");
     if (!all_signatures.ok()) return res;
     auto signatures_version = getResourceWithDefault<string>("", "IPS", "VersionId");
diff --git a/components/security_apps/ips/ips_ut/signatures_ut.cc b/components/security_apps/ips/ips_ut/signatures_ut.cc
index 0024f0a..cdff454 100644
--- a/components/security_apps/ips/ips_ut/signatures_ut.cc
+++ b/components/security_apps/ips/ips_ut/signatures_ut.cc
@@ -23,6 +23,11 @@
 using namespace testing;
 using namespace std;
 
+namespace IPSHelper
+{
+extern bool has_deobfuscation;
+} // namespace IPSHelper
+
 MATCHER_P(IsLog, IteratableFields, "")
 {
     stringstream ss;
@@ -53,6 +58,7 @@ class SignatureTest : public Test
 public:
     SignatureTest()
     {
+        IPSHelper::has_deobfuscation = true;
         generic_rulebase.preload();
         EXPECT_CALL(logs, getCurrentLogId()).Times(AnyNumber());
         ON_CALL(table, getState(_)).WillByDefault(Return(&ips_state));