diff --git a/_plugins/decision/simple.go b/_plugins/decision/simple.go index 94a125595c29c1824d87b17d9554a988f6bf9dc2..c410e4df14ccbb398327068db8c93d15add9886c 100644 --- a/_plugins/decision/simple.go +++ b/_plugins/decision/simple.go @@ -25,13 +25,19 @@ func CheckResults(transactionID string, modelRes map[string]float64, modelWeight totalModelW += modelWeight[key] } } + + // DEBUG: print WAF data + for key, value := range WAFdata { + logger.TPrintf(lg.DEBUG, transactionID, "simple | WAF data: %v: %v", key, value) + } + // if we have some model results if modelDetectionCount > 0 { totalModelProb = totalModelW / float64(modelDetectionCount) } if len(WAFdata) != 0 { - as, _ := strconv.Atoi(WAFdata["anomalyscore"]) - it, _ := strconv.Atoi(WAFdata["inboundthreshold"]) + as, _ := strconv.Atoi(WAFdata["inbound_blocking"]) + it, _ := strconv.Atoi(WAFdata["inbound_threshold"]) logger.TPrintf(lg.DEBUG, transactionID, "ModSecurity | Anomaly score: %v Anomaly score threshold: %v ", as, it) if as >= it && totalModelProb > 0.5 { // modsec wants to block diff --git a/configstore/configstore.go b/configstore/configstore.go index e6e2ef93bd417bb87e69eda1adf3616aa41814e0..0489774da6985574d163325b9d07b11a19dc31ea 100644 --- a/configstore/configstore.go +++ b/configstore/configstore.go @@ -7,11 +7,9 @@ package configstore import ( "fmt" - "io/ioutil" "os" "strconv" - - "gopkg.in/yaml.v3" + "io/ioutil" lg "github.com/tilsor/ModSecIntl_logging/logging" ) @@ -124,7 +122,7 @@ type configFileDecisionPlugin struct { Params map[string]string } -type configFileData struct { +type ConfigFileData struct { Logpath string Loglevel string Listenaddress string @@ -133,7 +131,7 @@ type configFileData struct { Decisionplugins []configFileDecisionPlugin } -func checkLogging(inConf configFileData) error { +func checkLogging(inConf ConfigFileData) error { // check logpath if inConf.Logpath == "" { return fmt.Errorf("log path empty") @@ -152,7 +150,7 @@ func checkLogging(inConf configFileData) error { // CheckConfig verifies if the configuration read from the config file // is correct. -func checkConfig(inConf configFileData) error { +func checkConfig(inConf ConfigFileData) error { err := checkLogging(inConf) if err != nil { return fmt.Errorf("invalid log path %s: %v", inConf.Logpath, err) @@ -191,19 +189,13 @@ func checkConfig(inConf configFileData) error { return fmt.Errorf("%s plugin path is empty, please provide a valid path", decisionP.ID) } } + return nil } // LoadConfigYaml loads a configuration from a yaml string -func (cs *ConfigStore) LoadConfigYaml(config []byte) error { - var inConf configFileData - - err := yaml.Unmarshal(config, &inConf) - if err != nil { - return err - } - - err = checkConfig(inConf) +func (cs *ConfigStore) SetConfig(inConf ConfigFileData) error { + err := checkConfig(inConf) if err != nil { return err } @@ -243,14 +235,4 @@ func (cs *ConfigStore) LoadConfigYaml(config []byte) error { } return nil -} - -// LoadConfig loads the configuration from the config file to memory -func (cs *ConfigStore) LoadConfig(configFilePath string) error { - var file, err = ioutil.ReadFile(configFilePath) - if err != nil { - return err - } - - return cs.LoadConfigYaml(file) -} +} \ No newline at end of file diff --git a/pluginmanager/pluginmanager.go b/pluginmanager/pluginmanager.go index b1f9b7009ad4e94f8e9e45e3f0c6c2da2ab59245..e1a2ba911c385ee0d00354dbb318902b6b642777 100644 --- a/pluginmanager/pluginmanager.go +++ b/pluginmanager/pluginmanager.go @@ -260,7 +260,10 @@ func (p *PluginManager) CheckResult(transactID, decisionID string, wafParams map logger.TPrintf(lg.INFO, transactID, "%s | transaction checked. Block: %t ", decisionID, res) // clean of the result data after the check - delete(p.results, transactID) + // TODO review if it should be passed the number of the phase or an id like "last" + if res || wafParams["phase"] == "4" { // if the transaction is blocked or it is the last phase + delete(p.results, transactID) + } p.resultsMutex.Unlock() return res, err diff --git a/waceconfig.yaml b/waceconfig.yaml index 9a11a2b658e5b3d17a97a05327800c916fa4ffd4..121e12784be9316dff89ebd59829522febbb367a 100644 --- a/waceconfig.yaml +++ b/waceconfig.yaml @@ -3,7 +3,7 @@ # WACE general configuration #The full path to the wace log file -logpath: "/var/log/wace.log" +# logpath: "/mnt/c/Users/tobia/Documents/Proyecto de grado/dev/log/wace.log" #The level of debug, the valid options are - ERRO, WARN, INFO, DEBUG loglevel: "INFO" #The address WACE listens for connections @@ -13,11 +13,23 @@ listenport: "50051" #The model plugins configuration modelplugins: + - id: "trivial" + plugintype: RequestHeaders + # path: "/mnt/c/Users/tobia/Documents/Proyecto de grado/dev/ModSecIntl_wace_core/_plugins/model/trivial2.so" + # wafweight: 0.5 + # decisionbalance: 0.5 + - id: "trivial2" + plugintype: RequestHeaders + # path: "/mnt/c/Users/tobia/Documents/Proyecto de grado/dev/ModSecIntl_wace_core/_plugins/model/trivial2.so" #The decision plugin configuration decisionplugins: - id: "simple" - path: "/usr/lib64/wace/plugins/decision/simple.so" + # path: "/mnt/c/Users/tobia/Documents/Proyecto de grado/dev/ModSecIntl_wace_core/_plugins/decision/simple.so" # wafweight: 0.5 # decisionbalance: 0.5 # params: + +options: + crs_version: "4.4.0-dev" + early_blocking: "true" \ No newline at end of file diff --git a/wacecore.go b/wacecore.go index 377d8f747c7a4b8f6bec4939257db0e158e95529..5436738064c55e75befba05aa030241a2dbb7ee6 100644 --- a/wacecore.go +++ b/wacecore.go @@ -8,6 +8,7 @@ import ( "os" "strings" "sync" + cf "gitlab.fing.edu.uy/gsi/pgrado-wace/ModSecIntl_wace_core/configstore" pm "gitlab.fing.edu.uy/gsi/pgrado-wace/ModSecIntl_wace_core/pluginmanager" @@ -38,14 +39,17 @@ var ( func addTransactionAnalysis(transactionID string) { analysisMutex.Lock() - sync, exists := analysisMap[transactionID] + _, exists := analysisMap[transactionID] if !exists { analysisMap[transactionID] = transactionSync{ Channel: make(chan string), Counter: 1, } } else { - sync.Counter++ + analysisMap[transactionID] = transactionSync{ + Channel: analysisMap[transactionID].Channel, + Counter: analysisMap[transactionID].Counter + 1, + } } analysisMutex.Unlock() } @@ -168,24 +172,11 @@ func CheckTransaction(transactionID, decisionPlugin string, wafParams map[string -func Init(configFilePath string) { +func Init() { logger := lg.Get() - logger.Println(lg.DEBUG, "Opening wace configuration file...") - // Load the configuration - // TODO: Analyze if os.Exit is the best way to handle errors in this case - if configFilePath == "" { - logger.Println(lg.ERROR, "ERROR: Please specify the path to the WACE configuration file as an argument") - os.Exit(1) - } conf := cf.Get() - err := conf.LoadConfig(configFilePath) - if err != nil { - logger.Printf(lg.ERROR, "ERROR: could not load configuration: %v", err) - os.Exit(1) - } - logger.Printf(lg.DEBUG, "Configuration loaded successfully from %s", configFilePath) - err = logger.LoadLogger(conf.LogPath, conf.LogLevel) + err := logger.LoadLogger(conf.LogPath, conf.LogLevel) if err != nil { logger.Printf(lg.ERROR, "ERROR: could not open wace log file: %v", err) os.Exit(1)