Merge branch 'Dec-24-2023' of https://github.com/openappsec/openappsec into Dec-24-2023

Logging changes
Moving checking for declarative
2025-11-16 17:31:52 +03:00 · 2023-12-26 20:48:33 +00:00 · 2023-12-26 20:46:23 +00:00 · 2023-12-26 14:53:59 +00:00 · 2023-12-26 13:10:04 +00:00 · 2023-12-26 12:50:52 +00:00
9 changed files with 303 additions and 295 deletions
--- a/components/security_apps/orchestration/include/declarative_policy_utils.h
+++ b/components/security_apps/orchestration/include/declarative_policy_utils.h
@@ -80,6 +80,7 @@ public:
    std::string getUpdate(CheckUpdateRequest &request) override;
    bool shouldApplyPolicy() override;
    void turnOffApplyPolicyFlag() override;
+    void turnOnApplyPolicyFlag() override;

    std::string getCurrPolicy() override { return curr_policy; }

--- a/components/security_apps/orchestration/include/i_declarative_policy.h
+++ b/components/security_apps/orchestration/include/i_declarative_policy.h
@@ -23,6 +23,7 @@ public:
    virtual std::string getCurrPolicy() = 0;

    virtual void turnOffApplyPolicyFlag() = 0;
+    virtual void turnOnApplyPolicyFlag() = 0;

 protected:
    virtual ~I_DeclarativePolicy() {}
--- a/components/security_apps/orchestration/orchestration_comp.cc
+++ b/components/security_apps/orchestration/orchestration_comp.cc
@@ -219,12 +219,9 @@ private:
    start()
    {
        auto update_communication = Singleton::Consume<I_UpdateCommunication>::by<OrchestrationComp>();
-        auto agent_mode = Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>()->getOrchestrationMode();
+        auto agent_mode = getOrchestrationMode();
        auto policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
-        if (agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative") {
-            update_communication->authenticateAgent();
-            return Maybe<void>();
-        }
+        bool declarative = agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative";

        bool enforce_policy_flag = false;
        Maybe<OrchestrationPolicy> maybe_policy = genError("Empty policy");
@@ -299,6 +296,7 @@ private:
            }
        }

+	if (declarative) Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOnApplyPolicyFlag();
        return authentication_res;
    }

--- a/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
+++ b/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
@@ -57,6 +57,12 @@ DeclarativePolicyUtils::turnOffApplyPolicyFlag()
    should_apply_policy = false;
 }

+void
+DeclarativePolicyUtils::turnOnApplyPolicyFlag()
+{
+    should_apply_policy = true;
+}
+
 Maybe<string>
 DeclarativePolicyUtils::getLocalPolicyChecksum()
 {
--- a/components/security_apps/rate_limit/rate_limit.cc
+++ b/components/security_apps/rate_limit/rate_limit.cc
@@ -114,7 +114,7 @@ public:
            }

            string application_uri = maybe_uri.unpack();
-            if (application_uri.back() == '/') application_uri.pop_back();
+            if (!application_uri.empty() && application_uri.back() == '/') application_uri.pop_back();

            for (const auto &rule : rate_limit_config.getRateLimitRules()) {
                string full_rule_uri = application_uri + rule.getRateLimitUri();
@@ -227,7 +227,7 @@ public:
            << " seconds";

        string unique_key = asset_id + ":" + source_identifier + ":" + uri;
-        if (unique_key.back() == '/') unique_key.pop_back();
+        if (!unique_key.empty() && unique_key.back() == '/') unique_key.pop_back();

        auto verdict = decide(unique_key);
        if (verdict == RateLimitVedict::ACCEPT) {
--- a/components/security_apps/waap/waap_clib/Waf2Engine.cc
+++ b/components/security_apps/waap/waap_clib/Waf2Engine.cc
@@ -1741,7 +1741,7 @@ Waf2Transaction::sendLog()

    static int cur_grace_logs = 0;
    bool grace_period = is_hybrid_mode && cur_grace_logs < max_grace_logs;
-    bool send_extended_log = grace_period || shouldSendExtendedLog(triggerLog);
+    bool send_extended_log = shouldSendExtendedLog(triggerLog);
    if (grace_period) {
        dbgTrace(D_WAAP)
            << "Waf2Transaction::sendLog: current grace log index: "
@@ -2339,7 +2339,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger:
    ReportIS::Severity severity = Waap::Util::computeSeverityFromThreatLevel(
        autonomousSecurityDecision->getThreatLevel());

-    if (trigger_log->extendLoggingMinSeverity == "Critical")
+    if (trigger_log->extendLoggingMinSeverity == "Critical" || trigger_log->extendLoggingMinSeverity == "critical")
    {
        if (severity == ReportIS::Severity::CRITICAL)
        {
@@ -2349,7 +2349,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger:
        dbgTrace(D_WAAP) << "Should not send extended logging. Min Severity Critical. Severity: " << (int) severity;
        return false;
    }
-    else if (trigger_log->extendLoggingMinSeverity == "High")
+    else if (trigger_log->extendLoggingMinSeverity == "High" || trigger_log->extendLoggingMinSeverity == "high")
    {
        if (severity == ReportIS::Severity::CRITICAL || severity == ReportIS::Severity::HIGH)
        {
--- a/core/debug_is/debug.cc
+++ b/core/debug_is/debug.cc
@@ -109,6 +109,7 @@ public:
    load(cereal::JSONInputArchive &ar)
    {
        ar(cereal::make_nvp("Output", stream_name));
+        if (stream_name.empty()) stream_name = "STDOUT";
        if (stream_name != "FOG" && stream_name != "STDOUT" && stream_name.front() != '/') {
            stream_name = getLogFilesPathConfig() + "/" + stream_name;
        }
--- a/nodes/orchestration/package/cpnano_debug/cpnano_debug.cc
+++ b/nodes/orchestration/package/cpnano_debug/cpnano_debug.cc
@@ -577,6 +577,7 @@ public:
    {
        try {
            cereal::load(ar, streams);
+            if (streams["Output"].empty()) streams["Output"] = "STDOUT";
            if (streams["Output"] != "FOG" && streams["Output"] != "STDOUT" && streams["Output"].front() != '/') {
                streams["Output"] = log_files_path + "/" + streams["Output"];
            }
Author	SHA1	Message	Date
Ned Wright	6a7c2402a5	Merge branch 'Dec-24-2023' of https://github.com/openappsec/openappsec into Dec-24-2023	2023-12-26 20:48:33 +00:00
Ned Wright	c4d7ab54a6	Logging changes	2023-12-26 20:46:23 +00:00
root	1eee88cba5	Moving checking for declarative	2023-12-26 14:53:59 +00:00
Ned Wright	d91a1c4ca5	Fix rate limit string handling	2023-12-26 13:10:04 +00:00
Ned Wright	596033391b	Turning on local policy after initial orcherstation load	2023-12-26 12:50:52 +00:00
Ned Wright	eb1bc9227b	Minor cpnano_debug fix	2023-12-26 11:36:21 +00:00
Ned Wright	3084641737	Change declarative policy initialization	2023-12-25 16:45:45 +00:00
Ned Wright	3282774432	Checking mode directly	2023-12-21 17:53:03 +00:00
Ned Wright	de31400712	Fixing dos2unix	2023-12-21 13:28:25 +02:00
WrightNed	8d0a44acac	Merge pull request #86 from openappsec/Dec-12th-2023 AppSec mode fix	2023-12-20 16:16:38 +02:00
Ned Wright	b71d772e7a	Add string empty check	2023-12-19 18:23:05 +00:00
WrightNed	62e75b8739	Merge pull request #85 from openappsec/Dec-12th-2023 Dec 12th 2023	2023-12-19 19:39:51 +02:00