github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2026-01-02 06:34:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

sync code

Browse Source
This commit is contained in:
Ned Wright
2025-08-08 11:06:28 +00:00
parent dd19bf6158
commit da20943c09
145 changed files with 4157 additions and 1016 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/utils/generic_rulebase/generic_rulebase.cc
View File

@@ -87,6 +87,7 @@ GenericRulebase::Impl::preload()
addMatcher<BeginWithUri>();
BasicRuleConfig::preload();
LogTriggerConf::preload();
ReportTriggerConf::preload();
ParameterException::preload();
registerExpectedConfiguration<Zone>("rulebase", "zones");
registerExpectedConfigFile("zones", Config::ConfigFileType::Policy);

4
components/utils/generic_rulebase/match_query.cc
View File

@@ -50,7 +50,7 @@ static const string ip_proto_type_name = "IP protocol";
static const unordered_map<string, MatchQuery::StaticKeys> string_to_key = {
{ "sourceIP", MatchQuery::StaticKeys::SrcIpAddress },
{ "sourceIpAddr", MatchQuery::StaticKeys::SrcIpAddress },
{ "sourceIdentifier", MatchQuery::StaticKeys::SrcIpAddress },
{ "destinationIP", MatchQuery::StaticKeys::DstIpAddress },
{ "destinationIpAddr", MatchQuery::StaticKeys::DstIpAddress },
{ "ipAddress", MatchQuery::StaticKeys::IpAddress },
@@ -319,7 +319,7 @@ MatchQuery::matchAttributes(
match = matchAttributesString(values);
dbgTrace(D_RULEBASE_CONFIG) << "Match result for string: " << match;
}
dbgTrace(D_RULEBASE_CONFIG) << "Should negate match? " << negate;
return negate ? !match : match;
}

7
components/utils/generic_rulebase/parameters_config.cc
View File

@@ -125,9 +125,10 @@ ParameterException::getBehavior(
// When matching indicators with action=ignore, we expect no behavior override.
// Instead, a matched keywords list should be returned which will be later removed from score calculation
if (match_res.matched_keywords->size() > 0 && match_behavior_pair.behavior == action_ignore) {
dbgTrace(D_RULEBASE_CONFIG) << "Got action ignore";
matched_override_keywords.insert(match_res.matched_keywords->begin(),
match_res.matched_keywords->end());
dbgTrace(D_RULEBASE_CONFIG) << "Got action ignore, found " <<
matched_override_keywords.size() << "keywords";
} else {
matched_behaviors.insert(match_behavior_pair.behavior);
}
@@ -143,6 +144,8 @@ ParameterException::getBehavior(
if (match_res.matched_keywords->size() > 0 && behavior == action_ignore) {
matched_override_keywords.insert(match_res.matched_keywords->begin(),
match_res.matched_keywords->end());
dbgTrace(D_RULEBASE_CONFIG) << "Got action ignore, found " <<
matched_override_keywords.size() << "keywords";
} else {
matched_behaviors.insert(behavior);
}
@@ -155,6 +158,6 @@ ParameterException::getBehavior(
set<ParameterBehavior>
ParameterException::getBehavior(const unordered_map<string, set<string>> &key_value_pairs) const
{
set<string> keywords;
set<string> keywords; // placeholder only, this function will be used where there's no need for ignored keywords
return getBehavior(key_value_pairs, keywords);
}

6
components/utils/generic_rulebase/triggers_config.cc
View File

@@ -241,3 +241,9 @@ LogTriggerConf::load(cereal::JSONInputArchive& archive_in)
archive_in.setNextName(nullptr);
}
}
void
ReportTriggerConf::load(cereal::JSONInputArchive& archive_in)
{
parseJSONKey<string>("triggerName", name, archive_in);
}

13
components/utils/http_transaction_data/http_transaction_data.cc
View File

@@ -220,6 +220,18 @@ HttpTransactionData::createTransactionData(const Buffer &transaction_raw_data)
dbgTrace(D_NGINX_ATTACHMENT) << "Successfully deserialized parsed URI: " << ngx_parsed_uri.unpack();
}
// Try to read waf_tag if available
string waf_tag;
if (cur_pos < transaction_raw_data.size()) {
Maybe<string> maybe_waf_tag = deserializeStrParam(transaction_raw_data, cur_pos);
if (maybe_waf_tag.ok()) {
waf_tag = maybe_waf_tag.unpackMove();
dbgTrace(D_NGINX_ATTACHMENT) << "Successfully deserialized waf_tag: " << waf_tag;
}
} else {
dbgTrace(D_NGINX_ATTACHMENT) << "No waf_tag to deserialize, using empty string";
}
// Fail if after parsing exact number of items, we didn't exactly consume whole buffer
if (cur_pos != transaction_raw_data.size()) {
dbgWarning(D_NGINX_ATTACHMENT) << "Nothing to deserialize, but raw data still remain";
@@ -239,6 +251,7 @@ HttpTransactionData::createTransactionData(const Buffer &transaction_raw_data)
client_port.unpackMove()
);
transaction.setWafTag(waf_tag);
return transaction;
}

2
components/utils/http_transaction_data/http_transaction_data_ut/http_transaction_data_ut.cc
View File

@@ -12,7 +12,7 @@ Buffer
encodeInt16(uint16_t val)
{
vector<u_char> raw_data(reinterpret_cast<u_char*>(&val), reinterpret_cast<u_char*>(&val) + sizeof(uint16_t));
return move(Buffer(raw_data));
return Buffer(raw_data);
}
class HttpTransactionTest : public Test

4
components/utils/ip_utilities/ip_utilities.cc
View File

@@ -265,7 +265,7 @@ IpAddrToString(const IpAddress &address)
sa6.sin6_addr = address.ip.ipv6;
inet_ntop(AF_INET6, &(sa6.sin6_addr), ip_str, INET6_ADDRSTRLEN);
return move(string(ip_str));
return string(ip_str);
}
char ip_str[INET_ADDRSTRLEN];
@@ -275,7 +275,7 @@ IpAddrToString(const IpAddress &address)
sa.sin_addr = address.ip.ipv4;
inet_ntop(AF_INET, &(sa.sin_addr), ip_str, INET_ADDRSTRLEN);
return move(string(ip_str));
return string(ip_str);
}
IpAddress

3
components/utils/utilities/nginx_conf_collector/CMakeLists.txt
View File

@@ -8,7 +8,7 @@ link_directories(${CMAKE_BINARY_DIR}/core)
link_directories(${CMAKE_BINARY_DIR}/core/compression)
SET(EXECUTABLE_NAME "nginx_conf_collector_bin")
add_executable(${EXECUTABLE_NAME} nginx_conf_collector.cc)
add_executable(${EXECUTABLE_NAME} nginx_conf_collector.cc fog_connection.cc)
target_compile_definitions(${EXECUTABLE_NAME} PRIVATE "NGINX_CONF_COLLECTOR_VERSION=\"$ENV{CI_PIPELINE_ID}\"")
target_link_libraries(${EXECUTABLE_NAME}
@@ -26,6 +26,7 @@ target_link_libraries(${EXECUTABLE_NAME}
report
config
environment
curl_http_client
singleton
rest
boost_context

87
components/utils/utilities/nginx_conf_collector/nginx_conf_collector.cc
View File

@@ -11,8 +11,12 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <cstddef>
#include <iostream>
#include <unistd.h>
#include <sstream>
#include <fstream>
#include <getopt.h>
#include "agent_core_utilities.h"
#include "debug.h"
@@ -20,6 +24,7 @@
#include "mainloop.h"
#include "nginx_utils.h"
#include "time_proxy.h"
#include "fog_connection.h"
using namespace std;
@@ -43,6 +48,7 @@ public:
environment.fini();
time_proxy.fini();
}
private:
ShellCmd shell_cmd;
MainloopComponent mainloop;
@@ -63,12 +69,17 @@ printVersion()
void
printUsage(const char *prog_name)
{
cout << "Usage: " << prog_name << " [-v] [-i /path/to/nginx.conf] [-o /path/to/output.conf]" << '\n';
cout << "Usage: " << prog_name << " [-v] [-i /path/to/nginx.conf] [-o /path/to/output.conf]" <<
" [--upload --token <token> [--fog <address>]]" << '\n';
cout << " -V Print version" << '\n';
cout << " -v Enable verbose output" << '\n';
cout << " -i input_file Specify input file (default is /etc/nginx/nginx.conf)" << '\n';
cout << " -o output_file Specify output file (default is ./full_nginx.conf)" << '\n';
cout << " -h Print this help message" << '\n';
cout << " --upload Upload configuration to FOG (requires --token)" << '\n';
cout << " --token <token> profile token for FOG upload" << '\n';
cout << " --fog <address> FOG server address (default: inext-agents.cloud.ngen.checkpoint.com)" << '\n';
cout << " --proxy <address> Proxy server to send the request through" << '\n';
}
int
@@ -76,9 +87,21 @@ main(int argc, char *argv[])
{
string nginx_input_file = "/etc/nginx/nginx.conf";
string nginx_output_file = "full_nginx.conf";
string fog_address = "inext-agents.cloud.ngen.checkpoint.com";
string token;
string proxy_host;
bool upload_flag = false;
int opt;
while ((opt = getopt(argc, argv, "Vvhi:o:h")) != -1) {
static struct option long_options[] = {
{"upload", no_argument, 0, 'u'},
{"token", required_argument, 0, 1001},
{"fog", required_argument, 0, 1002},
{"proxy", required_argument, 0, 1003},
{0, 0, 0, 0}
};
while ((opt = getopt_long(argc, argv, "Vvhi:o:", long_options, nullptr)) != -1) {
switch (opt) {
case 'V':
printVersion();
@@ -95,18 +118,36 @@ main(int argc, char *argv[])
case 'h':
printUsage(argv[0]);
return 0;
case 'u':
upload_flag = true;
break;
case 1001: // --token
token = optarg;
break;
case 1002: // --fog
fog_address = optarg;
break;
case 1003: // --proxy
proxy_host = optarg;
break;
default:
printUsage(argv[0]);
return 1;
}
}
for (int i = optind; i < argc;) {
for (int i = optind; i < argc; ++i) {
cerr << "Unknown argument: " << argv[i] << '\n';
printUsage(argv[0]);
return 1;
}
if (upload_flag && token.empty()) {
cerr << "Error: --upload requires --token to be specified" << '\n';
printUsage(argv[0]);
return 1;
}
dbgTrace(D_NGINX_MANAGER) << "Starting nginx configuration collector";
MainComponent main_component;
@@ -144,5 +185,43 @@ main(int argc, char *argv[])
cout << "Full nginx configuration file was successfully generated: " << result.unpack() << '\n';
if (upload_flag) {
cout << "Uploading configuration to FOG server: " << fog_address << '\n';
string full_fog_url = fog_address;
if (fog_address.find("http://") != 0 && fog_address.find("https://") != 0) {
full_fog_url = "https://" + fog_address;
}
FogConnection fog_connection(token, full_fog_url);
if (!proxy_host.empty()) {
fog_connection.setProxy(proxy_host);
}
auto credentials_result = fog_connection.getCredentials();
if (!credentials_result.ok()) {
cerr
<< "Failed to register agent with the FOG. with error: "
<< credentials_result.getErr()
<< '\n';
return 1;
}
auto jwt_result = fog_connection.getJWT();
if (!jwt_result.ok()) {
cerr << "Failed to get JWT token. with error:" << jwt_result.getErr() << '\n';
return 1;
}
auto upload_result = fog_connection.uploadNginxConfig(result.unpack());
if (!upload_result.ok()) {
cerr << "Failed to upload nginx config file to FOG. with error:" << upload_result.getErr() << '\n';
return 1;
}
cout << "Successfully uploaded configuration to FOG server." << '\n';
}
return 0;
}