mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 19:24:26 +03:00
sync code
This commit is contained in:
Ned Wright
@@ -26,6 +26,8 @@ static const map<string, IPSConfiguration::Context> default_conf_mapping = {
|
||||
};
|
||||
|
||||
static const IPSConfiguration default_conf(default_conf_mapping);
|
||||
static const IPSSignatures default_ips_sigs;
|
||||
static const SnortSignatures default_snort_sigs;
|
||||
|
||||
IPSEntry::IPSEntry() : TableOpaqueSerialize<IPSEntry>(this) {}
|
||||
|
||||
@@ -51,9 +53,9 @@ IPSEntry::respond(const ParsedContext &parsed)
|
||||
ctx.registerValue(name, buf);
|
||||
|
||||
ctx.activate();
|
||||
auto &signatures = getConfigurationWithDefault(IPSSignatures(), "IPS", "IpsProtections");
|
||||
auto &signatures = getConfigurationWithDefault(default_ips_sigs, "IPS", "IpsProtections");
|
||||
bool should_drop = signatures.isMatchedPrevent(parsed.getName(), buf);
|
||||
auto &snort_signatures = getConfigurationWithDefault(SnortSignatures(), "IPSSnortSigs", "SnortProtections");
|
||||
auto &snort_signatures = getConfigurationWithDefault(default_snort_sigs, "IPSSnortSigs", "SnortProtections");
|
||||
should_drop |= snort_signatures.isMatchedPrevent(parsed.getName(), buf);
|
||||
ctx.deactivate();
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ TEST(configuration, basic_context)
|
||||
|
||||
IPSConfiguration::Context ctx1(IPSConfiguration::ContextType::HISTORY, 254);
|
||||
EXPECT_EQ(ctx1.getType(), IPSConfiguration::ContextType::HISTORY);
|
||||
EXPECT_EQ(ctx1.getHistorySize(), 254);
|
||||
EXPECT_EQ(ctx1.getHistorySize(), 254u);
|
||||
|
||||
IPSConfiguration::Context ctx2(IPSConfiguration::ContextType::NORMAL, 0);
|
||||
EXPECT_EQ(ctx2.getType(), IPSConfiguration::ContextType::NORMAL);
|
||||
@@ -42,7 +42,7 @@ TEST(configuration, read_configuration)
|
||||
|
||||
auto body = conf.getContext("HTTP_REQUEST_BODY");
|
||||
EXPECT_EQ(body.getType(), IPSConfiguration::ContextType::HISTORY);
|
||||
EXPECT_EQ(conf.getHistorySize("HTTP_REQUEST_BODY"), 100);
|
||||
EXPECT_EQ(conf.getHistorySize("HTTP_REQUEST_BODY"), 100u);
|
||||
|
||||
auto header = conf.getContext("HTTP_REQUEST_HEADER");
|
||||
EXPECT_EQ(header.getType(), IPSConfiguration::ContextType::KEEP);
|
||||
|
||||
@@ -137,8 +137,8 @@ private:
|
||||
TEST_F(EntryTest, basic_inherited_functions)
|
||||
{
|
||||
EXPECT_EQ(IPSEntry::name(), "IPS");
|
||||
EXPECT_EQ(IPSEntry::currVer(), 0);
|
||||
EXPECT_EQ(IPSEntry::minVer(), 0);
|
||||
EXPECT_EQ(IPSEntry::currVer(), 0u);
|
||||
EXPECT_EQ(IPSEntry::minVer(), 0u);
|
||||
EXPECT_NE(IPSEntry::prototype(), nullptr);
|
||||
EXPECT_EQ(entry.getListenerName(), IPSEntry::name());
|
||||
|
||||
|
||||
@@ -71,7 +71,7 @@ TEST(resources, basic_resource)
|
||||
Singleton::Consume<Config::I_Config>::from(conf)->loadConfiguration(resource);
|
||||
|
||||
auto loaded_resources = getSettingWithDefault(IPSSignaturesResource(), "IPS", "protections");
|
||||
EXPECT_EQ(loaded_resources.getSignatures().size(), 2);
|
||||
EXPECT_EQ(loaded_resources.getSignatures().size(), 2u);
|
||||
auto version = getSettingWithDefault<string>("", "IPS", "VersionId");
|
||||
EXPECT_EQ(version, "1234567");
|
||||
}
|
||||
|
||||
@@ -247,7 +247,9 @@ Layer7AccessControlTest::verifyReport(
|
||||
string log = reportToStr(report);
|
||||
dbgTrace(D_L7_ACCESS_CONTROL) << "Report: " << log;
|
||||
|
||||
if (!source_identifier.empty()) EXPECT_THAT(log, HasSubstr("\"httpSourceId\": \"" + source_identifier + "\""));
|
||||
if (!source_identifier.empty()) {
|
||||
EXPECT_THAT(log, HasSubstr("\"httpSourceId\": \"" + source_identifier + "\""));
|
||||
}
|
||||
EXPECT_THAT(log, HasSubstr("\"securityAction\": \"" + security_action + "\""));
|
||||
EXPECT_THAT(log, HasSubstr("\"eventName\": \"Access Control External Vendor Reputation\""));
|
||||
EXPECT_THAT(log, HasSubstr("\"httpHostName\": \"juice-shop.checkpoint.com\""));
|
||||
|
||||
@@ -404,6 +404,7 @@ AppsecPracticeAntiBotSection::save(cereal::JSONOutputArchive &out_ar) const
|
||||
}
|
||||
|
||||
// LCOV_EXCL_START Reason: no test exist
|
||||
// Used for V1Beta1
|
||||
WebAppSection::WebAppSection(
|
||||
const string &_application_urls,
|
||||
const string &_asset_id,
|
||||
@@ -417,7 +418,7 @@ WebAppSection::WebAppSection(
|
||||
const LogTriggerSection &parsed_log_trigger,
|
||||
const string &default_mode,
|
||||
const AppSecTrustedSources &parsed_trusted_sources,
|
||||
const vector<InnerException> &parsed_exceptions)
|
||||
const std::map<std::string, std::vector<InnerException>> &exceptions)
|
||||
:
|
||||
application_urls(_application_urls),
|
||||
asset_id(_asset_id),
|
||||
@@ -449,8 +450,11 @@ WebAppSection::WebAppSection(
|
||||
overrides.push_back(AppSecOverride(source_ident));
|
||||
}
|
||||
|
||||
for (const InnerException &exception : parsed_exceptions) {
|
||||
overrides.push_back(AppSecOverride(exception));
|
||||
for (const auto &exception : exceptions) {
|
||||
|
||||
for (const auto &inner_exception : exception.second) {
|
||||
overrides.push_back(AppSecOverride(inner_exception));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -146,7 +146,9 @@ AppsecException::load(cereal::JSONInputArchive &archive_in)
|
||||
{
|
||||
dbgTrace(D_LOCAL_POLICY) << "Loading AppSec exception";
|
||||
parseAppsecJSONKey<string>("name", name, archive_in);
|
||||
archive_in(CEREAL_NVP(exception_spec));
|
||||
AppsecExceptionSpec single_exception_spec;
|
||||
single_exception_spec.load(archive_in);
|
||||
exception_spec.push_back(single_exception_spec);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -174,7 +176,7 @@ ExceptionMatch::ExceptionMatch(const AppsecExceptionSpec &parsed_exception)
|
||||
{
|
||||
bool single_condition = parsed_exception.isOneCondition();
|
||||
for (auto &attrib : attributes) {
|
||||
auto &attrib_name = attrib.first;
|
||||
auto attrib_name = (attrib.first == "sourceIp" ? "sourceIP" : attrib.first);
|
||||
auto &attrib_getter = attrib.second;
|
||||
auto exceptions_value = attrib_getter(parsed_exception);
|
||||
if (exceptions_value.empty()) continue;
|
||||
|
||||
@@ -275,7 +275,7 @@ public:
|
||||
const LogTriggerSection &parsed_log_trigger,
|
||||
const std::string &default_mode,
|
||||
const AppSecTrustedSources &parsed_trusted_sources,
|
||||
const std::vector<InnerException> &parsed_exceptions
|
||||
const std::map<std::string, std::vector<InnerException>> &exceptions
|
||||
);
|
||||
|
||||
// used for V1beta2
|
||||
|
||||
@@ -44,7 +44,7 @@ public:
|
||||
bool isOneCondition() const;
|
||||
|
||||
private:
|
||||
int conditions_number;
|
||||
int conditions_number = 0;
|
||||
std::string action;
|
||||
std::vector<std::string> country_code;
|
||||
std::vector<std::string> country_name;
|
||||
|
||||
@@ -543,21 +543,25 @@ K8sPolicyUtils::createPolicy(
|
||||
}
|
||||
|
||||
for (const IngressDefinedRule &rule : item.getSpec().getRules()) {
|
||||
string url = rule.getHost();
|
||||
string host = rule.getHost();
|
||||
for (const IngressRulePath &uri : rule.getPathsWrapper().getRulePaths()) {
|
||||
if (!appsec_policy.getAppsecPolicySpec().isAssetHostExist(url + uri.getPath())) {
|
||||
if (uri.getPath() != "/") {
|
||||
host = host + uri.getPath();
|
||||
}
|
||||
if (!appsec_policy.getAppsecPolicySpec().isAssetHostExist(host)) {
|
||||
dbgTrace(D_LOCAL_POLICY)
|
||||
<< "Inserting Host data to the specific asset set:"
|
||||
<< "URL: '"
|
||||
<< url
|
||||
<< rule.getHost()
|
||||
<< "' uri: '"
|
||||
<< uri.getPath()
|
||||
<< "'";
|
||||
K ingress_rule = K(url + uri.getPath());
|
||||
K ingress_rule = K(host);
|
||||
policies[annotations_values[AnnotationKeys::PolicyKey]].addSpecificRule(ingress_rule);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
std::tuple<map<string, AppsecLinuxPolicy>, map<string, V1beta2AppsecLinuxPolicy>>
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
using namespace std;
|
||||
|
||||
USE_DEBUG_FLAG(D_NGINX_POLICY);
|
||||
USE_DEBUG_FLAG(D_LOCAL_POLICY);
|
||||
|
||||
void
|
||||
SecurityAppsWrapper::save(cereal::JSONOutputArchive &out_ar) const
|
||||
@@ -185,6 +186,33 @@ PolicyMakerUtils::dumpPolicyToFile(
|
||||
return policy_str;
|
||||
}
|
||||
|
||||
template<class R>
|
||||
vector<string>
|
||||
extractExceptionAnnotationNames(
|
||||
const R &parsed_rule,
|
||||
const R &default_rule,
|
||||
const string &policy_name)
|
||||
{
|
||||
vector<string> annotation_names;
|
||||
|
||||
const R &rule = (!parsed_rule.getExceptions().empty() ? parsed_rule : default_rule);
|
||||
for (const string &exception_name : rule.getExceptions()) {
|
||||
if (exception_name.empty()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
const auto policy_exception = policy_name + "/" + exception_name;
|
||||
|
||||
dbgTrace(D_NGINX_POLICY) << "Adding " << policy_exception << " to exception vector";
|
||||
|
||||
annotation_names.push_back(policy_exception);
|
||||
}
|
||||
|
||||
dbgTrace(D_NGINX_POLICY) << "Number of exceptions related to rule: " << annotation_names.size();
|
||||
|
||||
return annotation_names;
|
||||
}
|
||||
|
||||
template<class R>
|
||||
map<AnnotationTypes, string>
|
||||
extractAnnotationsNames(
|
||||
@@ -217,18 +245,6 @@ extractAnnotationsNames(
|
||||
rule_annotation[AnnotationTypes::TRIGGER] = policy_name + "/" + trigger_annotation_name;
|
||||
}
|
||||
|
||||
string exception_annotation_name;
|
||||
// TBD: support multiple exceptions
|
||||
if (!parsed_rule.getExceptions().empty() && !parsed_rule.getExceptions()[0].empty()) {
|
||||
exception_annotation_name = parsed_rule.getExceptions()[0];
|
||||
} else if (!default_rule.getExceptions().empty() && !default_rule.getExceptions()[0].empty()) {
|
||||
exception_annotation_name = default_rule.getExceptions()[0];
|
||||
}
|
||||
|
||||
if (!exception_annotation_name.empty()) {
|
||||
rule_annotation[AnnotationTypes::EXCEPTION] = policy_name + "/" + exception_annotation_name;
|
||||
}
|
||||
|
||||
string web_user_res_annotation_name =
|
||||
parsed_rule.getCustomResponse().empty() ?
|
||||
default_rule.getCustomResponse() :
|
||||
@@ -444,6 +460,7 @@ template<class T, class R>
|
||||
R
|
||||
getAppsecExceptionSpec(const string &exception_annotation_name, const T &policy)
|
||||
{
|
||||
dbgFlow(D_NGINX_POLICY) << "anotation name: " << exception_annotation_name;
|
||||
auto exceptions_vec = policy.getAppsecExceptions();
|
||||
auto exception_it = extractElement(exceptions_vec.begin(), exceptions_vec.end(), exception_annotation_name);
|
||||
|
||||
@@ -776,6 +793,7 @@ createExceptionSection(
|
||||
const string &exception_annotation_name,
|
||||
const T &policy)
|
||||
{
|
||||
dbgFlow(D_NGINX_POLICY) << "exception annotation name" << exception_annotation_name;
|
||||
AppsecException exception_spec =
|
||||
getAppsecExceptionSpec<T, AppsecException>(exception_annotation_name, policy);
|
||||
vector<InnerException> res;
|
||||
@@ -784,6 +802,7 @@ createExceptionSection(
|
||||
ExceptionBehavior exception_behavior(exception.getAction());
|
||||
res.push_back(InnerException(exception_behavior, exception_match));
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
@@ -896,13 +915,16 @@ createMultiRulesSections(
|
||||
const string &web_user_res_vec_id,
|
||||
const string &web_user_res_vec_type,
|
||||
const string &asset_name,
|
||||
const string &exception_name,
|
||||
const vector<InnerException> &exceptions)
|
||||
const std::map<std::string, std::vector<InnerException>> &exceptions)
|
||||
{
|
||||
PracticeSection practice = PracticeSection(practice_id, practice_type, practice_name);
|
||||
vector<ParametersSection> exceptions_result;
|
||||
for (auto exception : exceptions) {
|
||||
exceptions_result.push_back(ParametersSection(exception.getBehaviorId(), exception_name));
|
||||
|
||||
const auto &exception_name = exception.first;
|
||||
for (const auto &inner_exception : exception.second) {
|
||||
exceptions_result.push_back(ParametersSection(inner_exception.getBehaviorId(), exception_name));
|
||||
}
|
||||
}
|
||||
|
||||
vector<RulesTriggerSection> triggers;
|
||||
@@ -1344,6 +1366,7 @@ PolicyMakerUtils::combineElementsToPolicy(const string &policy_version)
|
||||
convertMapToVector(log_triggers), convertMapToVector(web_user_res_triggers)
|
||||
)
|
||||
);
|
||||
|
||||
ExceptionsWrapper exceptions_section({
|
||||
ExceptionsRulebase(convertExceptionsMapToVector(inner_exceptions))
|
||||
});
|
||||
@@ -1381,6 +1404,7 @@ PolicyMakerUtils::createPolicyElementsByRule(
|
||||
const string &policy_name)
|
||||
{
|
||||
map<AnnotationTypes, string> rule_annotations = extractAnnotationsNames(rule, default_rule, policy_name);
|
||||
|
||||
if (
|
||||
!rule_annotations[AnnotationTypes::TRIGGER].empty() &&
|
||||
!log_triggers.count(rule_annotations[AnnotationTypes::TRIGGER])
|
||||
@@ -1403,15 +1427,27 @@ PolicyMakerUtils::createPolicyElementsByRule(
|
||||
);
|
||||
}
|
||||
|
||||
if (
|
||||
!rule_annotations[AnnotationTypes::EXCEPTION].empty() &&
|
||||
!inner_exceptions.count(rule_annotations[AnnotationTypes::EXCEPTION])
|
||||
) {
|
||||
inner_exceptions[rule_annotations[AnnotationTypes::EXCEPTION]] =
|
||||
createExceptionSection<T>(
|
||||
rule_annotations[AnnotationTypes::EXCEPTION],
|
||||
policy
|
||||
);
|
||||
const auto exceptions_annotations = extractExceptionAnnotationNames(rule, default_rule, policy_name);
|
||||
std::map<std::string, std::vector<InnerException>> rule_inner_exceptions;
|
||||
if (!exceptions_annotations.empty()) {
|
||||
for (const auto &exception_name :exceptions_annotations) {
|
||||
dbgWarning(D_LOCAL_POLICY) << "exceptions name: " << exception_name;
|
||||
|
||||
if (rule_inner_exceptions.count(exception_name)) {
|
||||
dbgWarning(D_LOCAL_POLICY) << "exception name already exists for that rule: " << exception_name;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (inner_exceptions.count(exception_name)) {
|
||||
dbgWarning(D_LOCAL_POLICY) << "exception name already exists in inner exceptions: " << exception_name;
|
||||
rule_inner_exceptions[exception_name] = inner_exceptions[exception_name];
|
||||
continue;
|
||||
}
|
||||
|
||||
auto exception_section = createExceptionSection<T>(exception_name, policy);
|
||||
rule_inner_exceptions[exception_name] = exception_section;
|
||||
inner_exceptions[exception_name] = exception_section;
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
@@ -1470,8 +1506,7 @@ PolicyMakerUtils::createPolicyElementsByRule(
|
||||
web_user_res_triggers[rule_annotations[AnnotationTypes::WEB_USER_RES]].getTriggerId(),
|
||||
"WebUserResponse",
|
||||
full_url,
|
||||
rule_annotations[AnnotationTypes::EXCEPTION],
|
||||
inner_exceptions[rule_annotations[AnnotationTypes::EXCEPTION]]
|
||||
rule_inner_exceptions
|
||||
);
|
||||
rules_config[rule_config.getAssetName()] = rule_config;
|
||||
|
||||
@@ -1498,7 +1533,7 @@ PolicyMakerUtils::createPolicyElementsByRule(
|
||||
log_triggers[rule_annotations[AnnotationTypes::TRIGGER]],
|
||||
rule.getMode(),
|
||||
trusted_sources[rule_annotations[AnnotationTypes::TRUSTED_SOURCES]],
|
||||
inner_exceptions[rule_annotations[AnnotationTypes::EXCEPTION]]
|
||||
rule_inner_exceptions
|
||||
);
|
||||
web_apps[rule_config.getAssetName()] = web_app;
|
||||
}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
static std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "cptest.h"
|
||||
#include "config.h"
|
||||
#include "config_component.h"
|
||||
|
||||
@@ -35,6 +35,8 @@ enum class UpdatesFailureReason {
|
||||
INSTALL_PACKAGE,
|
||||
CHECKSUM_UNMATCHED,
|
||||
POLICY_CONFIGURATION,
|
||||
SERVISE_CONFIGURATION,
|
||||
SERVISE_CONFIGURATION_TIMEOUT,
|
||||
POLICY_FOG_CONFIGURATION,
|
||||
NONE
|
||||
|
||||
@@ -57,6 +59,8 @@ convertUpdatesFailureReasonToStr(UpdatesFailureReason reason)
|
||||
case UpdatesFailureReason::INSTALL_PACKAGE : return "INSTALL_PACKAGE";
|
||||
case UpdatesFailureReason::CHECKSUM_UNMATCHED : return "CHECKSUM_UNMATCHED";
|
||||
case UpdatesFailureReason::POLICY_CONFIGURATION : return "POLICY_CONFIGURATION";
|
||||
case UpdatesFailureReason::SERVISE_CONFIGURATION : return "SERVISE_CONFIGURATION";
|
||||
case UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT : return "SERVISE_CONFIGURATION_TIMEOUT";
|
||||
case UpdatesFailureReason::POLICY_FOG_CONFIGURATION : return "POLICY_FOG_CONFIGURATION";
|
||||
case UpdatesFailureReason::NONE : return "NONE";
|
||||
}
|
||||
|
||||
@@ -21,20 +21,24 @@
|
||||
#include "config.h"
|
||||
#include "debug.h"
|
||||
#include "i_orchestration_status.h"
|
||||
#include "i_service_controller.h"
|
||||
#include "health_check_status/health_check_status.h"
|
||||
#include "updates_process_event.h"
|
||||
#include "updates_process_report.h"
|
||||
|
||||
class UpdatesProcessReporter : public Listener<UpdatesProcessEvent>
|
||||
class UpdatesProcessReporter
|
||||
:
|
||||
public Listener<UpdatesProcessEvent>,
|
||||
Singleton::Consume<I_ServiceController>
|
||||
{
|
||||
public:
|
||||
void upon(const UpdatesProcessEvent &event) override;
|
||||
|
||||
private:
|
||||
void sendReoprt();
|
||||
void sendReoprt(const std::string &version);
|
||||
|
||||
static std::vector<UpdatesProcessReport> reports;
|
||||
uint report_failure_count = 0;
|
||||
std::map<std::string, uint> report_failure_count_map;
|
||||
};
|
||||
|
||||
#endif // __UPDATES_PROCESS_REPORTER_H__
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
static std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "manifest_controller.h"
|
||||
|
||||
#include <vector>
|
||||
|
||||
@@ -43,8 +43,8 @@ TEST_F(PolicyTest, serialization)
|
||||
ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what();
|
||||
}
|
||||
|
||||
EXPECT_EQ(15, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(20, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ(15u, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(20u, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ("http://10.0.0.18:81/control/", orchestration_policy.getFogAddress());
|
||||
}
|
||||
|
||||
@@ -63,8 +63,8 @@ TEST_F(PolicyTest, noAgentType)
|
||||
ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what();
|
||||
}
|
||||
|
||||
EXPECT_EQ(15, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(20, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ(15u, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(20u, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ("http://10.0.0.18:81/control/", orchestration_policy.getFogAddress());
|
||||
}
|
||||
|
||||
@@ -83,8 +83,8 @@ TEST_F(PolicyTest, zeroSleepIntervels)
|
||||
ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what();
|
||||
}
|
||||
|
||||
EXPECT_EQ(0, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(0, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ(0u, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(0u, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ("http://10.0.0.18:81/control/", orchestration_policy.getFogAddress());
|
||||
}
|
||||
|
||||
@@ -152,7 +152,7 @@ TEST_F(PolicyTest, newOptionalFields)
|
||||
ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what();
|
||||
}
|
||||
|
||||
EXPECT_EQ(10, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(30, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ(10u, orchestration_policy.getErrorSleepInterval());
|
||||
EXPECT_EQ(30u, orchestration_policy.getSleepInterval());
|
||||
EXPECT_EQ("https://fog-api-gw-agents.cloud.ngen.checkpoint.com", orchestration_policy.getFogAddress());
|
||||
}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
static std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "orchestration_status.h"
|
||||
|
||||
#include <string>
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
static std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "url_parser.h"
|
||||
|
||||
#include "cptest.h"
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "orchestration_comp.h"
|
||||
|
||||
#include "cptest.h"
|
||||
@@ -471,6 +475,9 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
)
|
||||
).WillOnce(Return(Maybe<void>()));
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "orchestration_comp.h"
|
||||
|
||||
#include "cptest.h"
|
||||
@@ -380,6 +384,10 @@ TEST_F(OrchestrationTest, hybridModeRegisterLocalAgentRoutine)
|
||||
EXPECT_CALL(mock_status, setLastUpdateAttempt());
|
||||
EXPECT_CALL(mock_status, setIsConfigurationUpdated(_));
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
|
||||
EXPECT_CALL(mock_ml, yield(A<chrono::microseconds>()))
|
||||
.WillOnce(Return())
|
||||
.WillOnce(Invoke([] (chrono::microseconds) { throw invalid_argument("stop while loop"); }));
|
||||
@@ -587,6 +595,9 @@ TEST_F(OrchestrationTest, check_sending_registration_data)
|
||||
EXPECT_CALL(mock_status, setLastUpdateAttempt());
|
||||
EXPECT_CALL(mock_status, setIsConfigurationUpdated(_));
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
EXPECT_CALL(mock_ml, yield(A<chrono::microseconds>()))
|
||||
.WillOnce(Return())
|
||||
.WillOnce(Invoke([] (chrono::microseconds) { throw invalid_argument("stop while loop"); }));
|
||||
@@ -718,6 +729,9 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdatRollback)
|
||||
EXPECT_CALL(mock_status, setPolicyVersion(third_val));
|
||||
EXPECT_CALL(mock_status, setPolicyVersion(second_val));
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
string policy_versions;
|
||||
EXPECT_CALL(mock_service_controller, getPolicyVersions()).WillRepeatedly(ReturnRef(policy_versions));
|
||||
EXPECT_CALL(mock_update_communication, sendPolicyVersion("13", _)).Times(1).WillOnce(Return(Maybe<void>()));
|
||||
@@ -895,6 +909,9 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdate)
|
||||
);
|
||||
EXPECT_CALL(mock_status, setPolicyVersion(third_val));
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
string policy_versions;
|
||||
EXPECT_CALL(mock_service_controller, getPolicyVersions()).WillRepeatedly(ReturnRef(policy_versions));
|
||||
EXPECT_CALL(mock_update_communication, sendPolicyVersion("13", _)).Times(1).WillOnce(Return(Maybe<void>()));
|
||||
@@ -1112,6 +1129,9 @@ TEST_F(OrchestrationTest, manifestUpdate)
|
||||
)
|
||||
);
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
GetResourceFile manifest_file(GetResourceFile::ResourceFileType::MANIFEST);
|
||||
EXPECT_CALL(mock_downloader,
|
||||
downloadFile(
|
||||
@@ -1150,6 +1170,8 @@ TEST_F(OrchestrationTest, manifestUpdate)
|
||||
|
||||
TEST_F(OrchestrationTest, getBadPolicyUpdate)
|
||||
{
|
||||
Debug::setUnitTestFlag(D_UPDATES_PROCESS_REPORTER, Debug::DebugLevel::NOISE);
|
||||
|
||||
EXPECT_CALL(
|
||||
rest,
|
||||
mockRestCall(RestAction::ADD, "proxy", _)
|
||||
@@ -1196,6 +1218,13 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate)
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::SHA256, data_file_path))
|
||||
.WillOnce(Return(data_checksum));
|
||||
|
||||
string manifest = "";
|
||||
string policy = "111111";
|
||||
string setting = "";
|
||||
|
||||
string second_val = "12";
|
||||
string third_val = "13";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillRepeatedly(ReturnRef(third_val));
|
||||
Maybe<string> new_policy_checksum(string("111111"));
|
||||
|
||||
GetResourceFile policy_file(GetResourceFile::ResourceFileType::POLICY);
|
||||
@@ -1207,12 +1236,6 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate)
|
||||
policy_file
|
||||
)
|
||||
).WillOnce(Return(Maybe<std::string>(string(new_policy_path))));
|
||||
string manifest = "";
|
||||
string policy = "111111";
|
||||
string setting = "";
|
||||
|
||||
string second_val = "12";
|
||||
string third_val = "13";
|
||||
EXPECT_CALL(mock_service_controller, getPolicyVersion())
|
||||
.Times(4)
|
||||
.WillOnce(ReturnRef(first_policy_version))
|
||||
@@ -1246,8 +1269,6 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate)
|
||||
)
|
||||
);
|
||||
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillRepeatedly(ReturnRef(third_val));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(string("policy path"), "", expected_data_types, "", "", _)
|
||||
@@ -1341,6 +1362,9 @@ TEST_F(OrchestrationTest, failedDownloadSettings)
|
||||
|
||||
EXPECT_CALL(mock_status, setLastUpdateAttempt());
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
string manifest_err =
|
||||
"Critical Error: Agent/Gateway was not fully deployed on host 'hostname' "
|
||||
"and is not enforcing a security policy. Retry installation or contact Check Point support.";
|
||||
@@ -1456,6 +1480,10 @@ TEST_P(OrchestrationTest, orchestrationFirstRun)
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
EXPECT_CALL(mock_service_controller, getPolicyVersion()).WillRepeatedly(ReturnRef(first_policy_version));
|
||||
EXPECT_CALL(mock_update_communication, getUpdate(_)).WillOnce(
|
||||
Invoke(
|
||||
@@ -1654,6 +1682,10 @@ TEST_F(OrchestrationTest, dataUpdate)
|
||||
.WillOnce(Return(data_instance_checksum));
|
||||
|
||||
EXPECT_CALL(mock_service_controller, getPolicyVersion()).WillRepeatedly(ReturnRef(first_policy_version));
|
||||
|
||||
string version = "1";
|
||||
EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version));
|
||||
|
||||
EXPECT_CALL(mock_update_communication, getUpdate(_)).WillOnce(
|
||||
Invoke(
|
||||
[&](CheckUpdateRequest &req)
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
static std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "package_handler.h"
|
||||
|
||||
#include "cptest.h"
|
||||
|
||||
@@ -29,6 +29,7 @@
|
||||
#include "i_orchestration_tools.h"
|
||||
#include "customized_cereal_map.h"
|
||||
#include "declarative_policy_utils.h"
|
||||
#include "updates_process_event.h"
|
||||
|
||||
using namespace std;
|
||||
using namespace ReportIS;
|
||||
@@ -65,6 +66,13 @@ public:
|
||||
}
|
||||
if (error.get()) {
|
||||
service_controller->updateReconfStatus(id.get(), service_name.get(), ReconfStatus::FAILED);
|
||||
UpdatesProcessEvent(
|
||||
UpdatesProcessResult::FAILED,
|
||||
UpdatesConfigType::GENERAL,
|
||||
UpdatesFailureReason::SERVISE_CONFIGURATION,
|
||||
string(service_name.get() + ", ID: " + to_string(id.get())),
|
||||
(error_message.isActive() ? " Error: " + error_message.get() : "")
|
||||
).notify();
|
||||
dbgError(D_SERVICE_CONTROLLER)
|
||||
<< "Request for service reconfiguration failed to complete. ID: "
|
||||
<< id.get()
|
||||
@@ -1028,6 +1036,12 @@ ServiceController::Impl::sendSignalForServices(
|
||||
}
|
||||
|
||||
dbgDebug(D_SERVICE_CONTROLLER) << "The reconfiguration has reached a timeout";
|
||||
UpdatesProcessEvent(
|
||||
UpdatesProcessResult::FAILED,
|
||||
UpdatesConfigType::GENERAL,
|
||||
UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT,
|
||||
"The reconfiguration has reached a timeout"
|
||||
).notify();
|
||||
services_reconf_status.clear();
|
||||
services_reconf_names.clear();
|
||||
return genError("The reconfiguration has reached a timeout");
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#include <sstream>
|
||||
class Package;
|
||||
static std::ostream & operator<<(std::ostream &os, const Package &) { return os; }
|
||||
|
||||
#include "cptest.h"
|
||||
#include <string>
|
||||
#include "orchestration_tools.h"
|
||||
|
||||
@@ -120,10 +120,9 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file,
|
||||
}
|
||||
|
||||
Maybe<void>
|
||||
HybridCommunication::sendPolicyVersion(const string &policy_version, const string &) const
|
||||
HybridCommunication::sendPolicyVersion(const string &, const string &) const
|
||||
{
|
||||
dbgFlow(D_ORCHESTRATOR);
|
||||
policy_version.empty();
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
|
||||
@@ -111,6 +111,18 @@ UpdatesProcessEvent::parseDescription() const
|
||||
err << "Failed to configure the fog address: " << detail << ". Error: " << description;
|
||||
break;
|
||||
}
|
||||
case UpdatesFailureReason::SERVISE_CONFIGURATION : {
|
||||
err
|
||||
<< "Request for service reconfiguration failed to complete. Service name: "
|
||||
<< detail
|
||||
<< ". Error: "
|
||||
<< description;
|
||||
break;
|
||||
}
|
||||
case UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT : {
|
||||
err << detail;
|
||||
break;
|
||||
}
|
||||
case UpdatesFailureReason::ORCHESTRATION_SELF_UPDATE : {
|
||||
err << description;
|
||||
break;
|
||||
@@ -170,6 +182,14 @@ UpdatesProcessEvent::getDescriptionWithoutErrors() const
|
||||
err << "Failed to configure the fog address: " << detail;
|
||||
break;
|
||||
}
|
||||
case UpdatesFailureReason::SERVISE_CONFIGURATION : {
|
||||
err << "Request for service reconfiguration failed to complete. Service name: " << detail;
|
||||
break;
|
||||
}
|
||||
case UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT : {
|
||||
err << detail;
|
||||
break;
|
||||
}
|
||||
case UpdatesFailureReason::ORCHESTRATION_SELF_UPDATE : {
|
||||
err << description;
|
||||
break;
|
||||
|
||||
@@ -29,14 +29,21 @@ void
|
||||
UpdatesProcessReporter::upon(const UpdatesProcessEvent &event)
|
||||
{
|
||||
if (event.getReason() == UpdatesFailureReason::CHECK_UPDATE) {
|
||||
auto i_controller = Singleton::Consume<I_ServiceController>::by<UpdatesProcessReporter>();
|
||||
string version = i_controller->getUpdatePolicyVersion();
|
||||
if (event.getResult() == UpdatesProcessResult::SUCCESS && reports.empty()) {
|
||||
dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished successfully";
|
||||
report_failure_count = 0;
|
||||
report_failure_count_map.erase(version);
|
||||
return;
|
||||
}
|
||||
dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished with errors";
|
||||
report_failure_count++;
|
||||
if (report_failure_count <= 1) {
|
||||
if (report_failure_count_map.find(version) == report_failure_count_map.end()) {
|
||||
report_failure_count_map[version] = 0;
|
||||
}
|
||||
report_failure_count_map[version]++;
|
||||
dbgTrace(D_UPDATES_PROCESS_REPORTER)
|
||||
<< "Update proccess finished with errors. Count: "
|
||||
<< report_failure_count_map[version];
|
||||
if (report_failure_count_map[version] <= 1) {
|
||||
reports.clear();
|
||||
return;
|
||||
}
|
||||
@@ -48,7 +55,7 @@ UpdatesProcessReporter::upon(const UpdatesProcessEvent &event)
|
||||
event.parseDescription()
|
||||
)
|
||||
);
|
||||
sendReoprt();
|
||||
sendReoprt(version);
|
||||
return;
|
||||
}
|
||||
if (event.getResult() == UpdatesProcessResult::SUCCESS || event.getResult() == UpdatesProcessResult::UNSET) return;
|
||||
@@ -58,12 +65,13 @@ UpdatesProcessReporter::upon(const UpdatesProcessEvent &event)
|
||||
}
|
||||
|
||||
void
|
||||
UpdatesProcessReporter::sendReoprt()
|
||||
UpdatesProcessReporter::sendReoprt(const string &version)
|
||||
{
|
||||
stringstream full_reports;
|
||||
UpdatesFailureReason failure_reason = UpdatesFailureReason::NONE;
|
||||
full_reports << "Updates process reports:" << endl;
|
||||
full_reports << "report failure count:" << report_failure_count << endl;
|
||||
full_reports << "Policy version: " << version << endl;
|
||||
full_reports << "report failure count:" << report_failure_count_map[version] << endl;
|
||||
for (const auto &report : reports) {
|
||||
if (report.getReason() != UpdatesFailureReason::CHECK_UPDATE) {
|
||||
failure_reason = report.getReason();
|
||||
|
||||
Reference in New Issue
Block a user