appsec: less verbose logging for allowlists and headers check (#3498)

2025-05-10 20:05:55 +02:00 · 2025-03-12 10:55:06 +01:00 · 2025-03-12 10:55:06 +01:00 · 941b3d98b9
commit 941b3d98b9
parent c4f9adb799
3 changed files with 30 additions and 2 deletions
--- a/pkg/acquisition/modules/appsec/appsec_hooks_test.go
+++ b/pkg/acquisition/modules/appsec/appsec_hooks_test.go
@ -367,6 +367,32 @@ func TestAppsecOnMatchHooks(t *testing.T) {
 				require.NotNil(t, events[1].Overflow.Alert)
 			},
 		},
+		{
+			name:             "on_match: no alert with default config",
+			expected_load_ok: true,
+			outofband_rules: []appsec_rule.CustomRule{
+				{
+					Name:      "rule42",
+					Zones:     []string{"ARGS"},
+					Variables: []string{"foo"},
+					Match:     appsec_rule.Match{Type: "regex", Value: "^toto"},
+					Transform: []string{"lowercase"},
+				},
+			},
+			on_match: []appsec.Hook{},
+			input_request: appsec.ParsedRequest{
+				RemoteAddr: "1.2.3.4",
+				Method:     "GET",
+				URI:        "/urllll",
+				Args:       url.Values{"foo": []string{"toto"}},
+			},
+			output_asserts: func(events []types.Event, responses []appsec.AppsecTempResponse, appsecResponse appsec.BodyResponse, statusCode int) {
+				require.Len(t, events, 1)
+				require.Equal(t, types.LOG, events[0].Type)
+				require.Len(t, responses, 1)
+				require.Equal(t, appsec.AllowRemediation, responses[0].Action)
+			},
+		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
--- a/pkg/appsec/allowlists/allowlists.go
+++ b/pkg/appsec/allowlists/allowlists.go
@ -62,6 +62,8 @@ func (a *AppsecAllowlist) FetchAllowlists(ctx context.Context) error {

 	a.lock.Lock()
 	defer a.lock.Unlock()
+	prevIPsLen := len(a.ips)
+	prevRangesLen := len(a.ranges)
 	a.ranges = []rangeAllowlist{}
 	a.ips = []ipAllowlist{}

@ -93,7 +95,7 @@ func (a *AppsecAllowlist) FetchAllowlists(ctx context.Context) error {
 		}
 	}

-	if len(a.ips) != 0 || len(a.ranges) != 0 {
+	if (len(a.ips) != 0 || len(a.ranges) != 0) && (prevIPsLen != len(a.ips) || prevRangesLen != len(a.ranges)) {
 		a.logger.Infof("fetched %d IPs and %d ranges", len(a.ips), len(a.ranges))
 	}
 	a.logger.Debugf("fetched %d IPs and %d ranges", len(a.ips), len(a.ranges))
--- a/pkg/appsec/request.go
+++ b/pkg/appsec/request.go
@ -333,7 +333,7 @@ func NewParsedRequestFromRequest(r *http.Request, logger *log.Entry) (ParsedRequ
 		} else {
 			r.Proto = "HTTP/" + string(major) + "." + string(minor)
 		}
-	} else {
+	} else if httpVersion != "" {
 		logger.Warnf("Invalid value %s for HTTP version header", httpVersion)
 	}