mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 19:24:26 +03:00
Jun 16th update
This commit is contained in:
noam
@@ -154,6 +154,10 @@ private:
|
||||
stringstream handler_path;
|
||||
handler_path << handler_path_format;
|
||||
switch(type) {
|
||||
case (AttachmentType::SQUID_ATT_ID): {
|
||||
handler_path << "squid-http-transaction-handler-";
|
||||
break;
|
||||
}
|
||||
case (AttachmentType::NGINX_ATT_ID): {
|
||||
handler_path << "http-transaction-handler-";
|
||||
break;
|
||||
@@ -177,7 +181,8 @@ private:
|
||||
stringstream registration_command;
|
||||
registration_command<< registration_format;
|
||||
switch(type) {
|
||||
case (AttachmentType::NGINX_ATT_ID): {
|
||||
case (AttachmentType::SQUID_ATT_ID):
|
||||
case (AttachmentType::NGINX_ATT_ID):{
|
||||
registration_command << "/etc/cp/HttpTransactionHandler/cp-nano-http-transaction-handler";
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -54,7 +54,7 @@ CIDRSData::CIDRSData(const string &str_cidr)
|
||||
string str_prefix = pos != string::npos ? str_cidr.substr(0, pos) : str_cidr;
|
||||
// get subnet mask from targetCidr or calculate it based on ipv4 / ipv6
|
||||
string str_suffix;
|
||||
if (pos != string::npos) {
|
||||
if (pos != string::npos && (pos + 1) <= str_cidr.size()) {
|
||||
str_suffix = str_cidr.substr(pos + 1);
|
||||
} else if (str_cidr.find(':') == string::npos) {
|
||||
str_suffix = "32";
|
||||
|
||||
@@ -44,7 +44,6 @@
|
||||
#include "buffer.h"
|
||||
#include "enum_array.h"
|
||||
#include "shmem_ipc.h"
|
||||
#include "sasal.h"
|
||||
#include "i_http_manager.h"
|
||||
#include "http_transaction_common.h"
|
||||
#include "nginx_attachment_common.h"
|
||||
@@ -68,8 +67,6 @@
|
||||
|
||||
#endif // FAILURE_TEST
|
||||
|
||||
SASAL_START // HTTP Manager main
|
||||
|
||||
USE_DEBUG_FLAG(D_NGINX_ATTACHMENT);
|
||||
USE_DEBUG_FLAG(D_COMPRESSION);
|
||||
USE_DEBUG_FLAG(D_METRICS_NGINX_ATTACHMENT);
|
||||
@@ -1781,5 +1778,3 @@ NginxAttachment::preload()
|
||||
BasicRuleConfig::preload();
|
||||
WebTriggerConf::preload();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -18,11 +18,8 @@
|
||||
#include "boost/uuid/uuid_io.hpp"
|
||||
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
#include "virtual_modifiers.h"
|
||||
|
||||
SASAL_START // HTTP Manager - Transaction data
|
||||
|
||||
using namespace std;
|
||||
using namespace boost::uuids;
|
||||
|
||||
@@ -34,6 +31,7 @@ NginxAttachmentOpaque::NginxAttachmentOpaque(HttpTransactionData _transaction_da
|
||||
transaction_data(move(_transaction_data)),
|
||||
ctx(),
|
||||
session_tenant(),
|
||||
session_profile(),
|
||||
uuid()
|
||||
{
|
||||
try {
|
||||
@@ -65,10 +63,10 @@ NginxAttachmentOpaque::NginxAttachmentOpaque(HttpTransactionData _transaction_da
|
||||
auto decoder = makeVirtualContainer<HexDecoder<'%'>>(transaction_data.getURI());
|
||||
string decoded_url(decoder.begin(), decoder.end());
|
||||
auto question_mark_location = decoded_url.find('?');
|
||||
if (question_mark_location != string::npos) {
|
||||
if (question_mark_location != string::npos && (question_mark_location + 1) <= decoded_url.size()) {
|
||||
ctx.registerValue(HttpTransactionData::uri_query_decoded, decoded_url.substr(question_mark_location + 1));
|
||||
}
|
||||
ctx.registerValue(HttpTransactionData::uri_path_decoded, decoded_url.substr(0, question_mark_location));
|
||||
ctx.registerValue(HttpTransactionData::uri_path_decoded, decoded_url);
|
||||
}
|
||||
|
||||
NginxAttachmentOpaque::~NginxAttachmentOpaque()
|
||||
@@ -85,10 +83,14 @@ NginxAttachmentOpaque::prototype()
|
||||
// LCOV_EXCL_STOP
|
||||
|
||||
void
|
||||
NginxAttachmentOpaque::setSessionTenant(const string &tenant)
|
||||
NginxAttachmentOpaque::setSessionTenantAndProfile(const string &tenant, const string &profile)
|
||||
{
|
||||
session_tenant = tenant;
|
||||
Singleton::Consume<I_Environment>::by<NginxAttachmentOpaque>()->setActiveTenant(session_tenant);
|
||||
session_profile = profile;
|
||||
Singleton::Consume<I_Environment>::by<NginxAttachmentOpaque>()->setActiveTenantAndProfile(
|
||||
session_tenant,
|
||||
session_profile
|
||||
);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -117,5 +119,3 @@ NginxAttachmentOpaque::setSavedData(const string &name, const string &data, EnvK
|
||||
saved_data[name] = data;
|
||||
ctx.registerValue(name, data, log_ctx);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -38,7 +38,10 @@ public:
|
||||
ctx.activate();
|
||||
gen_ctx.activate();
|
||||
if (session_tenant != "") {
|
||||
Singleton::Consume<I_Environment>::by<NginxAttachmentOpaque>()->setActiveTenant(session_tenant);
|
||||
Singleton::Consume<I_Environment>::by<NginxAttachmentOpaque>()->setActiveTenantAndProfile(
|
||||
session_tenant,
|
||||
session_profile
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -47,7 +50,7 @@ public:
|
||||
deactivateContext()
|
||||
{
|
||||
if (session_tenant != "") {
|
||||
Singleton::Consume<I_Environment>::by<NginxAttachmentOpaque>()->unsetActiveTenant();
|
||||
Singleton::Consume<I_Environment>::by<NginxAttachmentOpaque>()->unsetActiveTenantAndProfile();
|
||||
}
|
||||
gen_ctx.deactivate();
|
||||
ctx.deactivate();
|
||||
@@ -66,7 +69,7 @@ public:
|
||||
static uint minVer() { return 0; }
|
||||
|
||||
const std::string & getSessionTenant() const { return session_tenant; }
|
||||
void setSessionTenant(const std::string &tenant);
|
||||
void setSessionTenantAndProfile(const std::string &tenant, const std::string &profile);
|
||||
void setSourceIdentifier(const std::string &header_key, const std::string &source_identifier);
|
||||
const std::string & getSourceIdentifiersType() const;
|
||||
|
||||
@@ -85,6 +88,7 @@ private:
|
||||
GenericRulebaseContext gen_ctx;
|
||||
Context ctx;
|
||||
std::string session_tenant;
|
||||
std::string session_profile;
|
||||
std::string uuid;
|
||||
std::string source_identifier;
|
||||
std::string identifier_type;
|
||||
|
||||
@@ -153,6 +153,29 @@ genHeaders(const Buffer &raw_data)
|
||||
return headers;
|
||||
}
|
||||
|
||||
static vector<string>
|
||||
getActivetenantAndProfile(const string &str, const string &deli = ",")
|
||||
{
|
||||
vector<string> elems;
|
||||
elems.reserve(2);
|
||||
|
||||
int start = 0;
|
||||
int end = str.find(deli);
|
||||
while (end != -1) {
|
||||
elems.push_back(str.substr(start, end - start));
|
||||
start = end + deli.size();
|
||||
end = str.find(deli, start);
|
||||
}
|
||||
|
||||
elems.push_back(str.substr(start, end - start));
|
||||
|
||||
if (elems.size() == 1) {
|
||||
elems.push_back("");
|
||||
}
|
||||
|
||||
return elems;
|
||||
}
|
||||
|
||||
Maybe<vector<HttpHeader>>
|
||||
NginxParser::parseRequestHeaders(const Buffer &data)
|
||||
{
|
||||
@@ -182,8 +205,8 @@ NginxParser::parseRequestHeaders(const Buffer &data)
|
||||
<< ", Value: "
|
||||
<< dumpHex(header.getValue());
|
||||
|
||||
string active_tenant(static_cast<string>(header.getValue()));
|
||||
opaque.setSessionTenant(active_tenant);
|
||||
auto active_tenant_and_profile = getActivetenantAndProfile(header.getValue());
|
||||
opaque.setSessionTenantAndProfile(active_tenant_and_profile[0], active_tenant_and_profile[1]);
|
||||
} else if (proxy_ip_header_key == header.getKey()) {
|
||||
source_identifiers.setXFFValuesToOpaqueCtx(header, UsersAllIdentifiersConfig::ExtractType::PROXYIP);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user