Skip to content

Commit

Permalink
remove enhanced logs
Browse files Browse the repository at this point in the history
  • Loading branch information
@jptosso
jptosso committed May 13, 2023
1 parent 07d9820 commit fb9eea8
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 58 deletions.
10 changes: 4 additions & 6 deletions config.yaml.default
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ applications:
#
# Download the OWASP CRS from https://github.com/coreruleset/coreruleset/releases
# and copy crs-setup.conf & the rules, plugins directories to /etc/coraza-spoa
rules:
- /etc/coraza-spoa/coraza.conf
- /etc/coraza-spoa/crs-setup.conf
- /etc/coraza-spoa/rules/*.conf
directives: |
Include /etc/coraza-spoa/coraza.conf
Include /etc/coraza-spoa/crs-setup.conf
Include /etc/coraza-spoa/rules/*.conf

# HAProxy configured to send requests only, that means no cache required
no_response_check: false
Expand All @@ -29,5 +29,3 @@ applications:
log_level: info
# The log file path
log_file: /dev/stdout
# Use JSON enhanced audit logs (with host, method and other fields) on interrupted transaction
enhanced_log: false
13 changes: 6 additions & 7 deletions config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,12 @@ type Config struct {

// Application is used to manage the haproxy configuration and waf rules.
type Application struct {
EnhancedLog bool `yaml:"enhanced_log"`
LogLevel string `yaml:"log_level"`
LogFile string `yaml:"log_file"`
NoResponseCheck bool `yaml:"no_response_check"`
Rules []string `yaml:"rules"`
TransactionTTLMilliseconds int `yaml:"transaction_ttl_ms"`
TransactionActiveLimit int `yaml:"transaction_active_limit"`
LogLevel string `yaml:"log_level"`
LogFile string `yaml:"log_file"`
NoResponseCheck bool `yaml:"no_response_check"`
Directives string `yaml:"directives"`
TransactionTTLMilliseconds int `yaml:"transaction_ttl_ms"`
TransactionActiveLimit int `yaml:"transaction_active_limit"`
}

// InitConfig initializes the configuration.
Expand Down
8 changes: 4 additions & 4 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ go 1.19

require (
github.com/bluele/gcache v0.0.2
github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230331084731-c04b1a72fd2c
github.com/corazawaf/coraza/v3 v3.0.0-rc.2
github.com/criteo/haproxy-spoe-go v1.0.6
github.com/magefile/mage v1.14.0
github.com/magefile/mage v1.15.0
go.uber.org/zap v1.24.0
gopkg.in/yaml.v3 v3.0.1
)
Expand All @@ -21,7 +21,7 @@ require (
github.com/tidwall/pretty v1.2.1 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/sys v0.6.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/sys v0.8.0 // indirect
rsc.io/binaryregexp v0.2.0 // indirect
)
8 changes: 8 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ github.com/corazawaf/coraza/v3 v3.0.0-rc.1 h1:Jcr5HB7eUyUaaNhmc9+Q5xZqlCzs2Bp9RH
github.com/corazawaf/coraza/v3 v3.0.0-rc.1/go.mod h1:GhpyYpKaOG/wHZtdyUpu74wo9StS3fzmtKvgSzms/XQ=
github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230331084731-c04b1a72fd2c h1:e1Uaes184+rXJZ2ZmOOy4RqNUDtb8OreGvWRUChWk4I=
github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230331084731-c04b1a72fd2c/go.mod h1:BKoHfX9ElA9uw7GBtKisLYM1snL2TRnA55GTA+Z/4ow=
github.com/corazawaf/coraza/v3 v3.0.0-rc.2 h1:nV80E4+d5qQhH8NY6SyYP7YMQpfbZ2TnZHQT29/zU6M=
github.com/corazawaf/coraza/v3 v3.0.0-rc.2/go.mod h1:TKREBLh55w3SiBbLsQpH9EFzjBAmEUH4KRaZ/kFYz20=
github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM=
github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
Expand All @@ -25,6 +27,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8=
github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw=
Expand Down Expand Up @@ -57,10 +61,14 @@ go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
Expand Down
38 changes: 4 additions & 34 deletions internal/request.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ package internal

import (
"fmt"
"net"
"time"

"github.com/corazawaf/coraza/v3/types"
spoe "github.com/criteo/haproxy-spoe-go"
"go.uber.org/zap"
"net"
"strings"
"time"
)

func (s *SPOA) processRequest(msg spoe.Message) ([]spoe.Action, error) {
Expand All @@ -20,7 +20,6 @@ func (s *SPOA) processRequest(msg spoe.Message) ([]spoe.Action, error) {
path = "/"
query = ""
version = "1.1"
host = ""
srcIP net.IP
srcPort = 0
dstIP net.IP
Expand All @@ -34,17 +33,7 @@ func (s *SPOA) processRequest(msg spoe.Message) ([]spoe.Action, error) {
return
}
if tx.IsInterrupted() {
if app.cfg.EnhancedLog {
for _, rule := range tx.MatchedRules() {
if rule.Message() == "" || rule.Rule().Severity() < 1 || rule.Rule().Severity() < 1 {
continue
}
s.enhancedLog(app, rule, host, method)
}
} else {
tx.ProcessLogging()
}

tx.ProcessLogging()
if err := tx.Close(); err != nil {
app.logger.Error("failed to close transaction", zap.String("transaction_id", tx.ID()), zap.String("error", err.Error()))
}
Expand Down Expand Up @@ -145,9 +134,6 @@ func (s *SPOA) processRequest(msg spoe.Message) ([]spoe.Action, error) {
for _, v := range values {
tx.AddRequestHeader(key, v)
}
if strings.ToLower(key) == "host" {
host = strings.Join(values, ",")
}
}
case "body":
body, ok := arg.Value.([]byte)
Expand Down Expand Up @@ -185,19 +171,3 @@ func (s *SPOA) processRequest(msg spoe.Message) ([]spoe.Action, error) {
}
return s.message(miss), nil
}

func (s *SPOA) enhancedLog(app *application, rule types.MatchedRule, host string, method string) {
app.logger.Error("waf_intruder_alert",
zap.String("message", rule.Message()),
zap.Int("rule_id", rule.Rule().ID()),
zap.String("data", rule.Data()),
zap.String("client_ip", rule.ClientIPAddress()),
zap.String("host", host),
zap.String("method", method),
zap.String("uri", rule.URI()),
zap.String("transaction_id", rule.TransactionID()),
zap.String("file", rule.Rule().File()),
zap.Int("line", rule.Rule().Line()),
zap.Int("phase", int(rule.Rule().Phase())),
)
}
11 changes: 4 additions & 7 deletions internal/spoa.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,13 +184,10 @@ func New(conf *config.Config) (*SPOA, error) {

logger := zap.New(core)

conf := coraza.NewWAFConfig()
for _, rule := range cfg.Rules {
conf = conf.WithDirectivesFromFile(rule)
}
if !cfg.EnhancedLog {
conf = conf.WithErrorCallback(logError(logger))
}
conf := coraza.NewWAFConfig().
WithDirectives(cfg.Directives).
WithErrorCallback(logError(logger))

waf, err := coraza.NewWAF(conf)
if err != nil {
logger.Error("unable to create waf instance", zap.String("app", name), zap.Error(err))
Expand Down

0 comments on commit fb9eea8

Please sign in to comment.