Merge pull request #21 from softonic/bugfix/bypassing-adaptive-rules

bypass the google adaptive rules as there are not IPs

app/actor/armor_actor.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"io/ioutil"
 	"os"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -102,7 +103,14 @@ func getIPsAlreadyBlockedFromRules(g *GCPArmorActor, securityPolicy string) ([]s
 
 	for _, singleRule := range resp.Rules {
 
-		if *singleRule.Action != "allow" && singleRule.Match.Config.SrcIpRanges != nil {
+		match := false
+		match, _ = regexp.MatchString("Google suggested rule for attack ID", *singleRule.Description)
+
+		if match {
+			continue
+		}
+
+		if *singleRule.Action != "allow" && *singleRule.Match.VersionedExpr == 70925961 {
 
 			sourceIps = computepb.SecurityPolicyRuleMatcherConfig{
 				SrcIpRanges: singleRule.Match.Config.SrcIpRanges,
@@ -319,7 +327,16 @@ func getBlockedIPsFromActorThatCanBeUnblocked(g *GCPArmorActor) []string {
 
 	for _, singleRule := range resp.Rules {
 
-		if *singleRule.Action != "allow" {
+		match := false
+		match, _ = regexp.MatchString("Google suggested rule for attack ID", *singleRule.Description)
+
+		if match {
+			continue
+		}
+
+		// && singleRule.Match.VersionedExpr == computepb.SecurityPolicyRuleMatcher_SRC_IPS_V1.Enum()
+
+		if *singleRule.Action != "allow" && *singleRule.Match.VersionedExpr == 70925961 {
 
 			n, err := strconv.ParseInt(*singleRule.Description, 10, 64)
 			if err != nil {
@@ -403,7 +420,14 @@ func getRuleFromIP(g *GCPArmorActor, ips []string) []int32 {
 
 	for _, singleRule := range resp.Rules {
 
-		if *singleRule.Action != "allow" {
+		match := false
+		match, _ = regexp.MatchString("Google suggested rule for attack ID", *singleRule.Description)
+
+		if match {
+			continue
+		}
+
+		if *singleRule.Action != "allow" && *singleRule.Match.VersionedExpr == 70925961 {
 
 			for _, k := range singleRule.Match.Config.SrcIpRanges {
 				for _, m := range ips {

main.go

@@ -34,7 +34,7 @@ func main() {
 
 	flag.StringVar(&project, "project", "project", "kubernetes GCP project")
 	flag.StringVar(&policy, "policy", "default", "The firewall rule that we will modify")
-	flag.IntVar(&intervalBlockTime, "intervalBlockTime", 5, "check the 429s that we returned in the last N min")
+	flag.IntVar(&intervalBlockTime, "intervalBlockTime", 1, "check the 429s that we returned in the last N min")
 	flag.IntVar(&ttlRules, "ttlRules", 60, "TTL in minutes of Firewall Rules. Once the ttl is exceeded, the rule is removed and the IPs are unblocked")
 	flag.IntVar(&threshold, "threshold", 5, "we will check which IPs are being throttle , with a 429 code, per min, if exceed the threshold, there will be included in a blocked rule for at least ttlRules min")
 	flag.StringVar(&cacert, "cacert", "", "If you are connecting to a ES that needs TLS, this is the ca certificate")