From d526a070a4a34f045d53bf1c2fa675db5d99e62c Mon Sep 17 00:00:00 2001 From: Ned Wright Date: Wed, 20 Dec 2023 16:15:17 +0200 Subject: [PATCH] AppSec mode fix --- .../local_policy_mgmt_gen/appsec_practice_section.cc | 8 ++++---- .../local_policy_mgmt_gen/include/local_policy_common.h | 8 ++++++++ .../security_apps/local_policy_mgmt_gen/new_practice.cc | 4 ++-- 3 files changed, 14 insertions(+), 6 deletions(-) mode change 100644 => 100755 components/security_apps/local_policy_mgmt_gen/include/local_policy_common.h diff --git a/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc b/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc index b190d6d..bc1007c 100755 --- a/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc +++ b/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc @@ -187,11 +187,11 @@ AppSecPracticeWebAttacks::getMinimumConfidence() const const string & AppSecPracticeWebAttacks::getMode(const string &default_mode) const { - if (mode == "Unset" || (key_to_practices_val.find(mode) == key_to_practices_val.end())) { + if (mode == "Unset" || (key_to_practices_val2.find(mode) == key_to_practices_val2.end())) { dbgError(D_LOCAL_POLICY) << "Couldn't find a value for key: " << mode << ". Returning " << default_mode; return default_mode; } - return key_to_practices_val.at(mode); + return key_to_practices_val2.at(mode); } void @@ -433,7 +433,7 @@ WebAppSection::WebAppSection( anti_bots(parsed_appsec_spec.getAntiBot()), trusted_sources({ parsed_trusted_sources }) { - web_attack_mitigation = true; + web_attack_mitigation = web_attack_mitigation_mode != "Disabled"; web_attack_mitigation_action = web_attack_mitigation_mode != "Prevent" ? "Transparent" : web_attack_mitigation_severity == "critical" ? "low" : @@ -481,7 +481,7 @@ WebAppSection::WebAppSection( anti_bots(_anti_bots), trusted_sources({ parsed_trusted_sources }) { - web_attack_mitigation = true; + web_attack_mitigation = web_attack_mitigation_mode != "Disabled"; web_attack_mitigation_action = web_attack_mitigation_mode != "Prevent" ? "Transparent" : web_attack_mitigation_severity == "critical" ? "low" : diff --git a/components/security_apps/local_policy_mgmt_gen/include/local_policy_common.h b/components/security_apps/local_policy_mgmt_gen/include/local_policy_common.h old mode 100644 new mode 100755 index 85f6d1e..1c7583b --- a/components/security_apps/local_policy_mgmt_gen/include/local_policy_common.h +++ b/components/security_apps/local_policy_mgmt_gen/include/local_policy_common.h @@ -56,6 +56,14 @@ static const std::unordered_map key_to_practices_val = { "inactive", "Inactive"} }; +static const std::unordered_map key_to_practices_val2 = { + { "prevent-learn", "Prevent"}, + { "detect-learn", "Learn"}, + { "prevent", "Prevent"}, + { "detect", "Detect"}, + { "inactive", "Disabled"} +}; + static const std::string default_appsec_url = "http://*:*"; template diff --git a/components/security_apps/local_policy_mgmt_gen/new_practice.cc b/components/security_apps/local_policy_mgmt_gen/new_practice.cc index 883dd16..c612319 100755 --- a/components/security_apps/local_policy_mgmt_gen/new_practice.cc +++ b/components/security_apps/local_policy_mgmt_gen/new_practice.cc @@ -210,11 +210,11 @@ NewAppSecPracticeWebAttacks::getMinimumConfidence() const const string & NewAppSecPracticeWebAttacks::getMode(const string &default_mode) const { - if (mode == "Unset" || (key_to_practices_val.find(mode) == key_to_practices_val.end())) { + if (mode == "Unset" || (key_to_practices_val2.find(mode) == key_to_practices_val2.end())) { dbgError(D_LOCAL_POLICY) << "Couldn't find a value for key: " << mode << ". Returning " << default_mode; return default_mode; } - return key_to_practices_val.at(mode); + return key_to_practices_val2.at(mode); } SnortProtectionsSection::SnortProtectionsSection(