add waf-tag to openappsec

2025-09-30 03:34:26 +03:00 · 2025-05-19 15:40:17 +03:00
parent 5aaf787cfa
commit e96d4701a1
8 changed files with 89 additions and 75 deletions
--- a/components/utils/generic_rulebase/evaluators/http_transaction_data_eval.cc
+++ b/components/utils/generic_rulebase/evaluators/http_transaction_data_eval.cc
@@ -103,6 +103,35 @@ WildcardHost::evalVariable() const
    return lower_host_ctx == lower_host;
 }

+EqualWafTag::EqualWafTag(const vector<string> &params)
+{
+    if (params.size() != 1) reportWrongNumberOfParams("EqualWafTag", params.size(), 1, 1);
+    waf_tag = params[0];
+}
+
+Maybe<bool, Context::Error>
+EqualWafTag::evalVariable() const
+{
+    I_Environment *env = Singleton::Consume<I_Environment>::by<EqualWafTag>();
+    auto maybe_waf_tag_ctx = env->get<string>(HttpTransactionData::waf_tag_ctx);
+
+    if (!maybe_waf_tag_ctx.ok())
+    {
+        dbgTrace(D_RULEBASE_CONFIG) << "didnt find waf tag in current context";
+        return false;
+    }
+
+    auto waf_tag_ctx = maybe_waf_tag_ctx.unpack();
+
+    dbgTrace(D_RULEBASE_CONFIG)
+        << "trying to match waf tag context with its corresponding waf tag: "
+        << waf_tag_ctx
+        << ". Matcher waf tag: "
+        << waf_tag;
+
+    return waf_tag_ctx == waf_tag;
+}
+
 EqualListeningIP::EqualListeningIP(const vector<string> &params)
 {
    if (params.size() != 1) reportWrongNumberOfParams("EqualListeningIP", params.size(), 1, 1);
--- a/components/utils/generic_rulebase/generic_rulebase.cc
+++ b/components/utils/generic_rulebase/generic_rulebase.cc
@@ -80,6 +80,7 @@ GenericRulebase::Impl::preload()
    addMatcher<IpProtocolMatcher>();
    addMatcher<UrlMatcher>();
    addMatcher<EqualHost>();
+    addMatcher<EqualWafTag>();
    addMatcher<WildcardHost>();
    addMatcher<EqualListeningIP>();
    addMatcher<EqualListeningPort>();
--- a/components/utils/http_transaction_data/http_transaction_data.cc
+++ b/components/utils/http_transaction_data/http_transaction_data.cc
@@ -53,6 +53,7 @@ const string HttpTransactionData::req_body           = "transaction_request_body
 const string HttpTransactionData::source_identifier  = "sourceIdentifiers";
 const string HttpTransactionData::proxy_ip_ctx       = "proxy_ip";
 const string HttpTransactionData::xff_vals_ctx       = "xff_vals";
+const string HttpTransactionData::waf_tag_ctx       = "waf_tag";

 const CompressionType HttpTransactionData::default_response_content_encoding = CompressionType::NO_COMPRESSION;