github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add check if obfuscation is enabled

Browse Source
This commit is contained in:
Ned Wright 2023-07-27 15:41:41 +00:00
parent 71d198f41a
commit abe275c828
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
components/security_apps/ips/helper_open_source.cc
View File

@ -7,6 +7,14 @@ using namespace std;
namespace IPSHelper namespace IPSHelper
{ {
bool has_deobfuscation = false;
bool
hasDeobfuscation()
{
return has_deobfuscation;
}
string string
deobfuscateString(const string &str) deobfuscateString(const string &str)
{ {

1
components/security_apps/ips/include/helper.h
View File

@ -6,6 +6,7 @@
namespace IPSHelper namespace IPSHelper
{ {
bool hasDeobfuscation();
std::string deobfuscateString(const std::string &str); std::string deobfuscateString(const std::string &str);
std::string deobfuscateKeyword(const std::string &str); std::string deobfuscateKeyword(const std::string &str);

2
components/security_apps/ips/ips_basic_policy.cc
View File

@ -25,6 +25,8 @@ RuleSelector::selectSignatures() const
{ {
vector<IPSSignatureSubTypes::SignatureAndAction> res; vector<IPSSignatureSubTypes::SignatureAndAction> res;
if (!IPSHelper::hasDeobfuscation()) return res;
auto all_signatures = getResource<IPSSignaturesResource>("IPS", "protections"); auto all_signatures = getResource<IPSSignaturesResource>("IPS", "protections");
if (!all_signatures.ok()) return res; if (!all_signatures.ok()) return res;
auto signatures_version = getResourceWithDefault<string>("", "IPS", "VersionId"); auto signatures_version = getResourceWithDefault<string>("", "IPS", "VersionId");

6
components/security_apps/ips/ips_ut/signatures_ut.cc
View File

@ -23,6 +23,11 @@
using namespace testing; using namespace testing;
using namespace std; using namespace std;
namespace IPSHelper
{
extern bool has_deobfuscation;
} // namespace IPSHelper
MATCHER_P(IsLog, IteratableFields, "") MATCHER_P(IsLog, IteratableFields, "")
{ {
stringstream ss; stringstream ss;
@ -53,6 +58,7 @@ class SignatureTest : public Test
public: public:
SignatureTest() SignatureTest()
{ {
IPSHelper::has_deobfuscation = true;
generic_rulebase.preload(); generic_rulebase.preload();
EXPECT_CALL(logs, getCurrentLogId()).Times(AnyNumber()); EXPECT_CALL(logs, getCurrentLogId()).Times(AnyNumber());
ON_CALL(table, getState(_)).WillByDefault(Return(&ips_state)); ON_CALL(table, getState(_)).WillByDefault(Return(&ips_state));