mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 19:24:26 +03:00
Apr 27th Update
This commit is contained in:
Ned Wright
@@ -68,6 +68,11 @@ public:
|
||||
void
|
||||
init()
|
||||
{
|
||||
I_AgentDetails *agentDetails = Singleton::Consume<I_AgentDetails>::by<ReputationFeaturesAgg>();
|
||||
|
||||
if (agentDetails->getOrchestrationMode() != OrchestrationMode::ONLINE) {
|
||||
return;
|
||||
}
|
||||
registerListener();
|
||||
I_MainLoop* i_mainLoop = Singleton::Consume<I_MainLoop>::by<ReputationFeaturesAgg>();
|
||||
I_MainLoop::Routine routine = [this]() { reportReputationFeatures(); };
|
||||
@@ -77,6 +82,11 @@ public:
|
||||
void
|
||||
fini()
|
||||
{
|
||||
I_AgentDetails *agentDetails = Singleton::Consume<I_AgentDetails>::by<ReputationFeaturesAgg>();
|
||||
|
||||
if (agentDetails->getOrchestrationMode() != OrchestrationMode::ONLINE) {
|
||||
return;
|
||||
}
|
||||
unregisterListener();
|
||||
}
|
||||
|
||||
|
||||
@@ -118,15 +118,13 @@ void TuningDecision::updateDecisions()
|
||||
{
|
||||
TuningEvents tuningEvents;
|
||||
RemoteFilesList tuningDecisionFiles;
|
||||
if (m_baseUri == "") {
|
||||
I_AgentDetails *agentDetails = Singleton::Consume<I_AgentDetails>::by<WaapComponent>();
|
||||
if (agentDetails->getOrchestrationMode() != OrchestrationMode::ONLINE) {
|
||||
m_baseUri = "/api/";
|
||||
} else {
|
||||
m_baseUri = "/storage/waap/";
|
||||
}
|
||||
dbgTrace(D_WAAP) << "URI prefix: " << m_baseUri;
|
||||
I_AgentDetails *agentDetails = Singleton::Consume<I_AgentDetails>::by<WaapComponent>();
|
||||
if (agentDetails->getOrchestrationMode() != OrchestrationMode::ONLINE) {
|
||||
m_baseUri = "/api/";
|
||||
} else {
|
||||
m_baseUri = "/storage/waap/";
|
||||
}
|
||||
dbgTrace(D_WAAP) << "URI prefix: " << m_baseUri;
|
||||
bool isSuccessful = sendObject(tuningDecisionFiles,
|
||||
I_Messaging::Method::GET,
|
||||
m_baseUri + "?list-type=2&prefix=" + m_remotePath);
|
||||
|
||||
@@ -42,35 +42,6 @@ namespace Waap {
|
||||
|
||||
auto preconditions = jsObj.at("preconditions").get<picojson::value::object>();
|
||||
|
||||
// Build full list of words to load into aho-corasick pattern matcher
|
||||
dbgTrace(D_WAAP_REGEX) << "Loading regex precondition_keys into Aho-Corasick pattern matcher...";
|
||||
|
||||
auto preconditionKeys = jsObj.at("precondition_keys").get<picojson::value::array>();
|
||||
std::set<PMPattern> pmPatterns;
|
||||
|
||||
for (const auto &preconditionKey : preconditionKeys) {
|
||||
std::string wordStr(preconditionKey.get<std::string>());
|
||||
|
||||
// Do not load the "empty" word into Aho-Corasick. It's meaningless and Aho prepare() call would fail.
|
||||
if (wordStr.empty()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
WordIndex wordIndex = registerWord(wordStr);
|
||||
pmPatterns.insert(PMPattern(wordStr, false, false, wordIndex));
|
||||
}
|
||||
|
||||
// Initialize the aho-corasick pattern matcher with the patterns
|
||||
Maybe<void> pmHookStatus = m_pmHook.prepare(pmPatterns);
|
||||
|
||||
if (!pmHookStatus.ok()) {
|
||||
dbgError(D_WAAP_REGEX) << "Aho-Corasick engine failed to load!";
|
||||
error = true;
|
||||
return;
|
||||
}
|
||||
|
||||
dbgTrace(D_WAAP_REGEX) << "Aho-Corasick engine loaded.";
|
||||
|
||||
// Loop over pre-conditions (rules) and load them
|
||||
dbgTrace(D_WAAP_REGEX) << "Loading regex preconditions...";
|
||||
|
||||
@@ -140,6 +111,7 @@ namespace Waap {
|
||||
if (flags == "_noregex") {
|
||||
// Add regex pattern to set of "noRegex" patterns
|
||||
m_noRegexPatterns.insert(regexPattern);
|
||||
m_pmWordInfo[wordIndex].noRegex = true;
|
||||
}
|
||||
|
||||
m_regexToWordMap[regexPattern] = wordIndex;
|
||||
@@ -167,6 +139,43 @@ namespace Waap {
|
||||
}
|
||||
}
|
||||
|
||||
// Build full list of words to load into aho-corasick pattern matcher
|
||||
dbgTrace(D_WAAP_REGEX) << "Loading regex precondition_keys into Aho-Corasick pattern matcher...";
|
||||
|
||||
auto preconditionKeys = jsObj.at("precondition_keys").get<picojson::value::array>();
|
||||
std::set<PMPattern> pmPatterns;
|
||||
|
||||
for (const auto &preconditionKey : preconditionKeys) {
|
||||
std::string wordStr(preconditionKey.get<std::string>());
|
||||
|
||||
// Do not load the "empty" word into Aho-Corasick. It's meaningless and Aho prepare() call would fail.
|
||||
if (wordStr.empty()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
WordIndex wordIndex = registerWord(wordStr);
|
||||
WordIndex napreWordIndex = m_pmWordInfo[wordIndex].napreWordIndex;
|
||||
WordIndex napostWordIndex = m_pmWordInfo[wordIndex].napostWordIndex;
|
||||
WordIndex napostNapreWordIndex = m_pmWordInfo[wordIndex].napostNapreWordIndex;
|
||||
|
||||
bool noRegex = ((napreWordIndex != emptyWordIndex) && m_pmWordInfo[napreWordIndex].noRegex) ||
|
||||
((napostWordIndex != emptyWordIndex) && m_pmWordInfo[napostWordIndex].noRegex) ||
|
||||
((napostNapreWordIndex != emptyWordIndex) && m_pmWordInfo[napostNapreWordIndex].noRegex);
|
||||
|
||||
pmPatterns.insert(PMPattern(wordStr, false, false, wordIndex, noRegex));
|
||||
}
|
||||
|
||||
// Initialize the aho-corasick pattern matcher with the patterns
|
||||
Maybe<void> pmHookStatus = m_pmHook.prepare(pmPatterns);
|
||||
|
||||
if (!pmHookStatus.ok()) {
|
||||
dbgError(D_WAAP_REGEX) << "Aho-Corasick engine failed to load!";
|
||||
error = true;
|
||||
return;
|
||||
}
|
||||
|
||||
dbgTrace(D_WAAP_REGEX) << "Aho-Corasick engine loaded.";
|
||||
|
||||
dbgTrace(D_WAAP_REGEX) << "Aho-corasick pattern matching engine initialized!";
|
||||
}
|
||||
|
||||
@@ -225,17 +234,17 @@ namespace Waap {
|
||||
dbgTrace(D_WAAP_REGEX) << "Rules pass #1: collect OR sets";
|
||||
|
||||
m_pmHook.scanBufWithOffsetLambda(buffer, [this, &wordsSet, &buffer]
|
||||
(u_int endMatchOffset, const PMPattern &pmPattern)
|
||||
(u_int endMatchOffset, const PMPattern &pmPattern, bool matchAll)
|
||||
{
|
||||
uint offset = endMatchOffset + 1 - pmPattern.size(); // reported offset points to last character of a match
|
||||
|
||||
// Extract the word index from the PMPattern object (we do not need the string part of it)
|
||||
WordIndex wordIndex = pmPattern.getIndex();
|
||||
|
||||
bool regexWordBefore = (offset != 0) &&
|
||||
(isRegexWordChar(buffer.data()[offset - 1]));
|
||||
bool regexWordAfter = (offset + pmPattern.size() < buffer.size()) &&
|
||||
(isRegexWordChar(buffer.data()[offset + pmPattern.size()]));
|
||||
bool regexWordBefore = !matchAll && (offset != 0) &&
|
||||
(isRegexWordChar(buffer.data()[offset - 1]));
|
||||
bool regexWordAfter = !matchAll && (offset + pmPattern.size() < buffer.size()) &&
|
||||
(isRegexWordChar(buffer.data()[offset + pmPattern.size()]));
|
||||
|
||||
processWord(wordsSet, wordIndex);
|
||||
|
||||
|
||||
@@ -67,6 +67,7 @@ namespace Waap {
|
||||
WordIndex napreWordIndex;
|
||||
WordIndex baseWordIndex;
|
||||
std::string wordStr;
|
||||
bool noRegex;
|
||||
|
||||
WordInfo()
|
||||
:
|
||||
@@ -74,7 +75,8 @@ namespace Waap {
|
||||
napostWordIndex(emptyWordIndex),
|
||||
napreWordIndex(emptyWordIndex),
|
||||
baseWordIndex(0),
|
||||
wordStr()
|
||||
wordStr(),
|
||||
noRegex(false)
|
||||
{
|
||||
}
|
||||
};
|
||||
|
||||
@@ -2205,6 +2205,9 @@ Waf2Transaction::shouldIgnoreOverride(const Waf2ScanResult &res) {
|
||||
for (auto &keyword : res.keyword_matches) {
|
||||
exceptions_dict["indicator"].insert(keyword);
|
||||
}
|
||||
for (auto &it : res.found_patterns) {
|
||||
exceptions_dict["indicator"].insert(it.first);
|
||||
}
|
||||
|
||||
// calling behavior and check if there is a behavior that match to this specific param name.
|
||||
auto behaviors = exceptions.unpack().getBehavior(exceptions_dict,
|
||||
|
||||
@@ -1186,7 +1186,7 @@ static const SingleRegex base64_key_value_detector_re(
|
||||
err,
|
||||
"base64_key_value");
|
||||
static const SingleRegex json_key_value_detector_re(
|
||||
"^[^<>{};,&\\?|=\\s]+={.+:.+}\\z",
|
||||
"^[^<>{};,&\\?|=\\s]+={.+(?s):.+(?s)}\\z",
|
||||
err,
|
||||
"json_key_value");
|
||||
static const SingleRegex base64_key_detector_re(
|
||||
|
||||
Reference in New Issue
Block a user