github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-11-18 02:00:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

sync code

Browse Source
This commit is contained in:
Ned Wright
2025-08-08 11:06:28 +00:00
parent dd19bf6158
commit da20943c09
145 changed files with 4157 additions and 1016 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/utils/generic_rulebase/generic_rulebase.cc
View File

@@ -87,6 +87,7 @@ GenericRulebase::Impl::preload()
addMatcher<BeginWithUri>();
BasicRuleConfig::preload();
LogTriggerConf::preload();
ReportTriggerConf::preload();
ParameterException::preload();
registerExpectedConfiguration<Zone>("rulebase", "zones");
registerExpectedConfigFile("zones", Config::ConfigFileType::Policy);

4
components/utils/generic_rulebase/match_query.cc
View File

@@ -50,7 +50,7 @@ static const string ip_proto_type_name = "IP protocol";
static const unordered_map<string, MatchQuery::StaticKeys> string_to_key = {
{ "sourceIP", MatchQuery::StaticKeys::SrcIpAddress },
{ "sourceIpAddr", MatchQuery::StaticKeys::SrcIpAddress },
{ "sourceIdentifier", MatchQuery::StaticKeys::SrcIpAddress },
{ "destinationIP", MatchQuery::StaticKeys::DstIpAddress },
{ "destinationIpAddr", MatchQuery::StaticKeys::DstIpAddress },
{ "ipAddress", MatchQuery::StaticKeys::IpAddress },
@@ -319,7 +319,7 @@ MatchQuery::matchAttributes(
match = matchAttributesString(values);
dbgTrace(D_RULEBASE_CONFIG) << "Match result for string: " << match;
}
dbgTrace(D_RULEBASE_CONFIG) << "Should negate match? " << negate;
return negate ? !match : match;
}

7
components/utils/generic_rulebase/parameters_config.cc
View File

@@ -125,9 +125,10 @@ ParameterException::getBehavior(
// When matching indicators with action=ignore, we expect no behavior override.
// Instead, a matched keywords list should be returned which will be later removed from score calculation
if (match_res.matched_keywords->size() > 0 && match_behavior_pair.behavior == action_ignore) {
dbgTrace(D_RULEBASE_CONFIG) << "Got action ignore";
matched_override_keywords.insert(match_res.matched_keywords->begin(),
match_res.matched_keywords->end());
dbgTrace(D_RULEBASE_CONFIG) << "Got action ignore, found " <<
matched_override_keywords.size() << "keywords";
} else {
matched_behaviors.insert(match_behavior_pair.behavior);
}
@@ -143,6 +144,8 @@ ParameterException::getBehavior(
if (match_res.matched_keywords->size() > 0 && behavior == action_ignore) {
matched_override_keywords.insert(match_res.matched_keywords->begin(),
match_res.matched_keywords->end());
dbgTrace(D_RULEBASE_CONFIG) << "Got action ignore, found " <<
matched_override_keywords.size() << "keywords";
} else {
matched_behaviors.insert(behavior);
}
@@ -155,6 +158,6 @@ ParameterException::getBehavior(
set<ParameterBehavior>
ParameterException::getBehavior(const unordered_map<string, set<string>> &key_value_pairs) const
{
set<string> keywords;
set<string> keywords; // placeholder only, this function will be used where there's no need for ignored keywords
return getBehavior(key_value_pairs, keywords);
}

6
components/utils/generic_rulebase/triggers_config.cc
View File

@@ -241,3 +241,9 @@ LogTriggerConf::load(cereal::JSONInputArchive& archive_in)
archive_in.setNextName(nullptr);
}
}
void
ReportTriggerConf::load(cereal::JSONInputArchive& archive_in)
{
parseJSONKey<string>("triggerName", name, archive_in);
}