mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 11:16:30 +03:00
Apr 27th Update
This commit is contained in:
Ned Wright
@@ -27,6 +27,7 @@ public:
|
||||
metaDataReport(const metaDataReport &) = default;
|
||||
|
||||
metaDataReport & operator<<(const std::pair<std::string, std::string> &data);
|
||||
bool operator==(const metaDataReport &other) const;
|
||||
void serialize(cereal::JSONOutputArchive &out_ar) const;
|
||||
|
||||
private:
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
#define __I_INTELLIGENCE_IS_V2_H__
|
||||
|
||||
#include <chrono>
|
||||
#include <string>
|
||||
|
||||
#include "maybe_res.h"
|
||||
#include "i_messaging.h"
|
||||
@@ -130,6 +131,14 @@ private:
|
||||
);
|
||||
}
|
||||
|
||||
dbgTrace(D_INTELLIGENCE)
|
||||
<< "Sending intelligence request with IP: "
|
||||
<< ip
|
||||
<< " port: "
|
||||
<< server_port
|
||||
<< " query_uri: "
|
||||
<< query_uri;
|
||||
|
||||
return i_message->sendObject(
|
||||
intelligence_query,
|
||||
I_Messaging::Method::POST,
|
||||
@@ -248,10 +257,11 @@ private:
|
||||
"intelligence",
|
||||
is_primary_port ? primary_port_setting : secondary_port_setting
|
||||
);
|
||||
|
||||
if (!server_port.ok()) return false;
|
||||
|
||||
conn_flags.reset();
|
||||
|
||||
|
||||
if (intelligence_query.getPagingStatus().ok()) {
|
||||
return sendPagingQueryMessage(
|
||||
intelligence_query,
|
||||
@@ -275,12 +285,22 @@ private:
|
||||
auto i_message = getMessaging();
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
|
||||
bool crowdsec_enabled = std::getenv("CROWDSEC_ENABLED") ?
|
||||
std::string(std::getenv("CROWDSEC_ENABLED")) == "true" :
|
||||
false;
|
||||
|
||||
crowdsec_enabled = getProfileAgentSettingWithDefault<bool>(
|
||||
crowdsec_enabled,
|
||||
"layer7AccessControl.crowdsec.enabled"
|
||||
);
|
||||
|
||||
bool use_local_intelligence = getProfileAgentSettingWithDefault<bool>(
|
||||
false,
|
||||
"agent.config.useLocalIntelligence"
|
||||
);
|
||||
|
||||
auto server_ip = getSetting<std::string>("intelligence", "local intelligence server ip");
|
||||
if (server_ip.ok() && use_local_intelligence) {
|
||||
if (server_ip.ok() && (use_local_intelligence || crowdsec_enabled)) {
|
||||
if (sendQueryObjectToLocalServer(
|
||||
intelligence_query,
|
||||
query_uri,
|
||||
|
||||
@@ -61,6 +61,8 @@ public:
|
||||
|
||||
virtual Maybe<I_MainLoop::RoutineID> getCurrentRoutineId() const = 0;
|
||||
|
||||
virtual void updateCurrentStress(bool is_busy) = 0;
|
||||
|
||||
virtual void run() = 0;
|
||||
|
||||
// When a routine yields the scheduler may choose to let it continue to run (in the case the routine didn't use
|
||||
|
||||
@@ -58,6 +58,8 @@ enum class ResponseStatus
|
||||
IN_PROGRESS
|
||||
};
|
||||
|
||||
enum class ObjectType { ASSET, ZONE, CONFIGURATION, COUNT };
|
||||
|
||||
const std::string & convertConditionTypeToString(const Condition &condition_type);
|
||||
const std::string & convertOperationTypeToString(const Operator &operation_type);
|
||||
std::string createAttributeString(const std::string &key, AttributeKeyType type);
|
||||
|
||||
@@ -63,6 +63,8 @@ public:
|
||||
);
|
||||
|
||||
void setTenantsList(const std::vector<std::string> tenants);
|
||||
void setCrossTenantAssetDB(bool cross_tenant_asset_db);
|
||||
void setObjectType(const ObjectType &obj_type);
|
||||
|
||||
void setAssetsLimit(uint _assets_limit);
|
||||
bool checkMinConfidence(uint upper_confidence_limit);
|
||||
@@ -83,11 +85,13 @@ public:
|
||||
private:
|
||||
uint assets_limit = default_assets_limit;
|
||||
bool full_response = false;
|
||||
Maybe<ObjectType> object_type = genError("uninitialized");
|
||||
Maybe<RequestCursor> cursor = genError("Cursor not initialized");
|
||||
SerializableQueryFilter query;
|
||||
SerializableAttributesMap requested_attributes;
|
||||
SerializableQueryTypes query_types;
|
||||
QueryRequest calcQueryRequestOperator(const QueryRequest &other_query, const Operator &operator_type);
|
||||
Maybe<std::string> convertObjectTypeToString() const;
|
||||
};
|
||||
|
||||
class BulkQueryRequest
|
||||
|
||||
@@ -19,35 +19,26 @@
|
||||
#include "cereal/types/tuple.hpp"
|
||||
#include "cereal/types/vector.hpp"
|
||||
#include "intelligence_types_v2.h"
|
||||
#include "maybe_res.h"
|
||||
|
||||
#include <vector>
|
||||
#include <unordered_map>
|
||||
|
||||
class serializableTenantList
|
||||
{
|
||||
public:
|
||||
serializableTenantList(const std::vector<std::string> &_tenants)
|
||||
:
|
||||
tenants(_tenants)
|
||||
{}
|
||||
|
||||
void serialize(cereal::JSONOutputArchive &ar) const;
|
||||
|
||||
private:
|
||||
std::vector<std::string> tenants;
|
||||
};
|
||||
|
||||
class SerializableQueryTypes
|
||||
{
|
||||
public:
|
||||
SerializableQueryTypes() {};
|
||||
|
||||
void save(cereal::JSONOutputArchive &ar) const;
|
||||
void setSerializableTenantList(const std::vector<std::string> tenants);
|
||||
void setSerializableTenantList(const std::vector<std::string> &tenant_list);
|
||||
void setQueryCrossTenantAssetDB(bool query_cross_tenant_asset_db);
|
||||
|
||||
private:
|
||||
std::vector<std::string> tenants;
|
||||
bool is_nsaas = false;
|
||||
void serializeMultiTenant(cereal::JSONOutputArchive &ar) const;
|
||||
void serializeCrossTenantAssetDB(cereal::JSONOutputArchive &ar) const;
|
||||
|
||||
Maybe<std::vector<std::string>> tenants = genError("tenant list is uninitialized");
|
||||
Maybe<bool> query_cross_tenant_asset_db = genError("cross tenant asset db query is uninitialized");
|
||||
};
|
||||
|
||||
#endif // __QUERY_TYPES_V2_H__
|
||||
|
||||
@@ -26,6 +26,8 @@ public:
|
||||
|
||||
MOCK_CONST_METHOD0(getCurrentRoutineId, Maybe<I_MainLoop::RoutineID> ());
|
||||
|
||||
MOCK_METHOD1(updateCurrentStress, void (bool));
|
||||
|
||||
MOCK_METHOD1(yield, void (bool));
|
||||
MOCK_METHOD1(yield, void (std::chrono::microseconds));
|
||||
|
||||
|
||||
@@ -7,6 +7,13 @@
|
||||
#include "singleton.h"
|
||||
#include "cptest.h"
|
||||
|
||||
static std::ostream &
|
||||
operator<<(std::ostream &os, const Maybe<std::pair<std::string, int>> &val)
|
||||
{
|
||||
if (val.ok()) return os << "<" << (*val).first << ", " << (*val).second << ">";
|
||||
return os;
|
||||
}
|
||||
|
||||
class MockShellCmd : public Singleton::Provide<I_ShellCmd>::From<MockProvider<I_ShellCmd>>
|
||||
{
|
||||
public:
|
||||
@@ -15,10 +22,4 @@ public:
|
||||
MOCK_METHOD3(getExecOutputAndCode, Maybe<std::pair<std::string, int>>(const std::string &, uint, bool));
|
||||
};
|
||||
|
||||
static std::ostream &
|
||||
operator<<(std::ostream &os, const std::pair<std::string, int> &val)
|
||||
{
|
||||
return os << "<" << val.first << ", " << val.second << ">";
|
||||
}
|
||||
|
||||
#endif // __MOCK_SHELL_CMD_H__
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
#include "cptest.h"
|
||||
#include "common.h"
|
||||
|
||||
std::ostream & operator<<(std::ostream &os, const Maybe<std::vector<char>> &) { return os; }
|
||||
|
||||
class MockSocketIS : public Singleton::Provide<I_Socket>::From<MockProvider<I_Socket>>
|
||||
{
|
||||
public:
|
||||
|
||||
@@ -30,17 +30,22 @@ class AgentDataReport
|
||||
{
|
||||
public:
|
||||
AgentDataReport() = default;
|
||||
AgentDataReport(bool disable_report_sending) { should_report = disable_report_sending; }
|
||||
~AgentDataReport();
|
||||
|
||||
AgentDataReport & operator<<(const std::pair<std::string, std::string> &data);
|
||||
|
||||
bool operator==(const AgentDataReport& other) const;
|
||||
|
||||
void setPolicyVersion(const std::string &policy_version);
|
||||
void setPlatform(const std::string &platform);
|
||||
void setArchitecture(const std::string &architecture);
|
||||
void setAgentVersion(const std::string &_agent_version);
|
||||
void disableReportSending();
|
||||
|
||||
private:
|
||||
metaDataReport agent_details;
|
||||
bool should_report = true;
|
||||
Maybe<std::string> policy_version = genError("Not set");
|
||||
Maybe<std::string> platform = genError("Not set");
|
||||
Maybe<std::string> architecture = genError("Not set");
|
||||
|
||||
@@ -131,6 +131,7 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
|
||||
DEFINE_FLAG(D_SDWAN_POLICY, D_SDWAN)
|
||||
DEFINE_FLAG(D_SDWAN_DATA, D_SDWAN)
|
||||
DEFINE_FLAG(D_LOGGER_SDWAN, D_SDWAN)
|
||||
DEFINE_FLAG(D_SDWAN_API, D_SDWAN)
|
||||
DEFINE_FLAG(D_REVERSE_PROXY, D_COMPONENT)
|
||||
DEFINE_FLAG(D_PLATFORM, D_REVERSE_PROXY)
|
||||
DEFINE_FLAG(D_NGINX_MESSAGE_READER, D_REVERSE_PROXY)
|
||||
@@ -143,11 +144,15 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
|
||||
DEFINE_FLAG(D_IOT_AUXILIARY, D_IOT_NEXT)
|
||||
DEFINE_FLAG(D_IOT_REPORT_STATUS, D_IOT_AUXILIARY)
|
||||
DEFINE_FLAG(D_IOT_COLLECT_METADATA, D_IOT_AUXILIARY)
|
||||
DEFINE_FLAG(D_IOT_QUERY_INTELLIGENCE, D_IOT_AUXILIARY)
|
||||
DEFINE_FLAG(D_IOT_SAVE_PERSISTENT, D_IOT_AUXILIARY)
|
||||
DEFINE_FLAG(D_IOT_DOCKER, D_IOT_AUXILIARY)
|
||||
DEFINE_FLAG(D_IOT_ENFORCE, D_IOT_NEXT)
|
||||
DEFINE_FLAG(D_IOT_ENFORCE_POLICY, D_IOT_ENFORCE)
|
||||
DEFINE_FLAG(D_IOT_ENFORCE_ASSETS, D_IOT_ENFORCE)
|
||||
DEFINE_FLAG(D_IOT_DOCTOR, D_IOT_NEXT)
|
||||
DEFINE_FLAG(D_IOT_RISK, D_IOT_NEXT)
|
||||
DEFINE_FLAG(D_IOT_QUERY_ASSETS, D_IOT_RISK)
|
||||
DEFINE_FLAG(D_IOT_INDICATOR_DATA, D_IOT_RISK)
|
||||
DEFINE_FLAG(D_IOT_INDICATORS, D_IOT_RISK)
|
||||
DEFINE_FLAG(D_IOT_DISCOVERY, D_IOT_NEXT)
|
||||
@@ -159,6 +164,7 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
|
||||
DEFINE_FLAG(D_CPVIEW_METRIC_PROVIDER, D_COMPONENT)
|
||||
DEFINE_FLAG(D_GEO_FILTER, D_COMPONENT)
|
||||
DEFINE_FLAG(D_URL_FILTERING, D_COMPONENT)
|
||||
DEFINE_FLAG(D_L7_ACCESS_CONTROL, D_COMPONENT)
|
||||
DEFINE_FLAG(D_IOT_ACCESS_CONTROL, D_COMPONENT)
|
||||
|
||||
DEFINE_FLAG(D_FLOW, D_ALL)
|
||||
|
||||
82
core/include/services_sdk/resources/report/Log_modifiers.h
Normal file
82
core/include/services_sdk/resources/report/Log_modifiers.h
Normal file
@@ -0,0 +1,82 @@
|
||||
#ifndef __LOG_MODIFIERS_H__
|
||||
#define __LOG_MODIFIERS_H__
|
||||
|
||||
#include <string>
|
||||
#include "virtual_modifiers.h"
|
||||
|
||||
namespace LogModifiers
|
||||
{
|
||||
|
||||
class ReplaceBackslash : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceBackslash() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "\\";
|
||||
std::string dst = "\\\\";
|
||||
};
|
||||
|
||||
class ReplaceCR : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceCR() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "\r";
|
||||
std::string dst = "\\r";
|
||||
};
|
||||
|
||||
class ReplaceLF : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceLF() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "\n";
|
||||
std::string dst = "\\n";
|
||||
};
|
||||
|
||||
class ReplaceDoubleOuotes : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceDoubleOuotes() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "\"";
|
||||
std::string dst = "\\\"";
|
||||
};
|
||||
|
||||
class ReplaceQuote : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceQuote() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "'";
|
||||
std::string dst = "\\'";
|
||||
};
|
||||
|
||||
class ReplaceClosingBrace : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceClosingBrace() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "]";
|
||||
std::string dst = "\\]";
|
||||
};
|
||||
|
||||
class ReplaceEqualSign : public ReplaceSubContiners<std::string>
|
||||
{
|
||||
public:
|
||||
ReplaceEqualSign() { init(&src, &dst); }
|
||||
|
||||
private:
|
||||
std::string src = "=";
|
||||
std::string dst = "\\=";
|
||||
};
|
||||
|
||||
} // namesapce LogModifiers
|
||||
|
||||
#endif // __LOG_MODIFIERS_H__
|
||||
@@ -25,6 +25,8 @@
|
||||
#include "debug.h"
|
||||
#include "flags.h"
|
||||
#include "config.h"
|
||||
#include "virtual_container.h"
|
||||
#include "Log_modifiers.h"
|
||||
|
||||
enum class LogFieldOption { XORANDB64, COUNT };
|
||||
|
||||
@@ -72,8 +74,7 @@ class LogField : Singleton::Consume<I_Environment>
|
||||
|
||||
virtual void serialize(cereal::JSONOutputArchive &ar) const = 0;
|
||||
virtual void addFields(const LogField &log) = 0;
|
||||
virtual std::string getSyslog() const = 0;
|
||||
virtual std::string getCef() const = 0;
|
||||
virtual std::string getSyslogAndCef() const = 0;
|
||||
|
||||
template <typename ... Strings>
|
||||
Maybe<std::string, void>
|
||||
@@ -107,15 +108,17 @@ class LogField : Singleton::Consume<I_Environment>
|
||||
}
|
||||
|
||||
std::string
|
||||
getSyslog() const override
|
||||
getSyslogAndCef() const override
|
||||
{
|
||||
return name + "='" + Details::getValueAsString(getValue()) + "'";
|
||||
}
|
||||
|
||||
std::string
|
||||
getCef() const override
|
||||
{
|
||||
return name + "=" + Details::getValueAsString(getValue());
|
||||
std::string value(Details::getValueAsString(getValue()));
|
||||
auto modifier1 = makeVirtualContainer<LogModifiers::ReplaceBackslash>(value);
|
||||
auto modifier2 = makeVirtualContainer<LogModifiers::ReplaceCR>(modifier1);
|
||||
auto modifier3 = makeVirtualContainer<LogModifiers::ReplaceLF>(modifier2);
|
||||
auto modifier4 = makeVirtualContainer<LogModifiers::ReplaceDoubleOuotes>(modifier3);
|
||||
auto modifier5 = makeVirtualContainer<LogModifiers::ReplaceQuote>(modifier4);
|
||||
auto modifier6 = makeVirtualContainer<LogModifiers::ReplaceClosingBrace>(modifier5);
|
||||
auto modifier7 = makeVirtualContainer<LogModifiers::ReplaceEqualSign>(modifier6);
|
||||
return name + "=\"" + std::string(modifier7.begin(), modifier7.end()) + "\"";
|
||||
}
|
||||
|
||||
// LCOV_EXCL_START Reason: seems that assert prevent the LCOV from identifying that method was tested
|
||||
@@ -180,27 +183,14 @@ class LogField : Singleton::Consume<I_Environment>
|
||||
}
|
||||
|
||||
std::string
|
||||
getSyslog() const override
|
||||
getSyslogAndCef() const override
|
||||
{
|
||||
if (fields.size() == 0) return "";
|
||||
|
||||
std::string res;
|
||||
for (auto &field : fields) {
|
||||
if (res.size() > 0) res += " ";
|
||||
res += field.getSyslog();
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
std::string
|
||||
getCef() const override
|
||||
{
|
||||
if (fields.size() == 0) return "";
|
||||
|
||||
std::string res;
|
||||
for (auto &field : fields) {
|
||||
if (res.size() > 0) res += " ";
|
||||
res += field.getCef();
|
||||
res += field.getSyslogAndCef();
|
||||
}
|
||||
return res;
|
||||
}
|
||||
@@ -252,15 +242,9 @@ public:
|
||||
}
|
||||
|
||||
std::string
|
||||
getSyslog() const
|
||||
getSyslogAndCef() const
|
||||
{
|
||||
return field->getSyslog();
|
||||
}
|
||||
|
||||
std::string
|
||||
getCef() const
|
||||
{
|
||||
return field->getCef();
|
||||
return field->getSyslogAndCef();
|
||||
}
|
||||
|
||||
void
|
||||
|
||||
@@ -61,6 +61,7 @@ enum class Tags {
|
||||
WEB_SERVER_KONG,
|
||||
DEPLOYMENT_EMBEDDED,
|
||||
DEPLOYMENT_K8S,
|
||||
LAYER_7_ACCESS_CONTROL,
|
||||
|
||||
COUNT
|
||||
};
|
||||
|
||||
@@ -74,6 +74,7 @@ public:
|
||||
bool emplaceEntry(const Key &key, const Value &val);
|
||||
bool emplaceEntry(const Key &key, Value &&val);
|
||||
Value & getEntry(const Key &key);
|
||||
Maybe<Value, void> getEntry(const Key &key) const;
|
||||
microseconds getEntryTimeLeft(const Key &key);
|
||||
};
|
||||
|
||||
|
||||
@@ -232,6 +232,14 @@ TemporaryCache<Key, Value>::getEntry(const Key &key)
|
||||
return entries.at(key).getValue();
|
||||
}
|
||||
|
||||
template <typename Key, typename Value>
|
||||
Maybe<Value, void>
|
||||
TemporaryCache<Key, Value>::getEntry(const Key &key) const
|
||||
{
|
||||
if (!BaseTemporaryCache<Key, Value>::doesKeyExists(key)) return genError(0);
|
||||
return entries.at(key).getValue();
|
||||
}
|
||||
|
||||
template <typename Key, typename Value>
|
||||
std::chrono::microseconds
|
||||
TemporaryCache<Key, Value>::getEntryTimeLeft(const Key &key)
|
||||
|
||||
@@ -50,6 +50,7 @@ public:
|
||||
void setNewTime(I_TimeGet *timer) { timer != nullptr ? time = timer->getMonotonicTime() : microseconds(0); }
|
||||
bool isExpired(const microseconds &expired) const { return time < expired; }
|
||||
Value & getValue() { return val; }
|
||||
const Value & getValue() const { return val; }
|
||||
microseconds getTime() { return time; }
|
||||
|
||||
private:
|
||||
|
||||
Reference in New Issue
Block a user