mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-11 12:25:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

appsec: less verbose logging for allowlists and headers check (#3498)

Browse source
This commit is contained in:
blotus 2025-03-12 10:55:06 +01:00 committed by GitHub
parent c4f9adb799
commit 941b3d98b9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 30 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

26
pkg/acquisition/modules/appsec/appsec_hooks_test.go
View file

@ -367,6 +367,32 @@ func TestAppsecOnMatchHooks(t *testing.T) {
require.NotNil(t, events[1].Overflow.Alert) require.NotNil(t, events[1].Overflow.Alert)
}, },
}, },
{
name: "on_match: no alert with default config",
expected_load_ok: true,
outofband_rules: []appsec_rule.CustomRule{
{
Name: "rule42",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
on_match: []appsec.Hook{},
input_request: appsec.ParsedRequest{
RemoteAddr: "1.2.3.4",
Method: "GET",
URI: "/urllll",
Args: url.Values{"foo": []string{"toto"}},
},
output_asserts: func(events []types.Event, responses []appsec.AppsecTempResponse, appsecResponse appsec.BodyResponse, statusCode int) {
require.Len(t, events, 1)
require.Equal(t, types.LOG, events[0].Type)
require.Len(t, responses, 1)
require.Equal(t, appsec.AllowRemediation, responses[0].Action)
},
},
} }
for _, test := range tests { for _, test := range tests {
t.Run(test.name, func(t *testing.T) { t.Run(test.name, func(t *testing.T) {

4
pkg/appsec/allowlists/allowlists.go
View file

@ -62,6 +62,8 @@ func (a *AppsecAllowlist) FetchAllowlists(ctx context.Context) error {
a.lock.Lock() a.lock.Lock()
defer a.lock.Unlock() defer a.lock.Unlock()
prevIPsLen := len(a.ips)
prevRangesLen := len(a.ranges)
a.ranges = []rangeAllowlist{} a.ranges = []rangeAllowlist{}
a.ips = []ipAllowlist{} a.ips = []ipAllowlist{}
@ -93,7 +95,7 @@ func (a *AppsecAllowlist) FetchAllowlists(ctx context.Context) error {
} }
} }
if len(a.ips) != 0 || len(a.ranges) != 0 { if (len(a.ips) != 0 || len(a.ranges) != 0) && (prevIPsLen != len(a.ips) || prevRangesLen != len(a.ranges)) {
a.logger.Infof("fetched %d IPs and %d ranges", len(a.ips), len(a.ranges)) a.logger.Infof("fetched %d IPs and %d ranges", len(a.ips), len(a.ranges))
} }
a.logger.Debugf("fetched %d IPs and %d ranges", len(a.ips), len(a.ranges)) a.logger.Debugf("fetched %d IPs and %d ranges", len(a.ips), len(a.ranges))

2
pkg/appsec/request.go
View file

@ -333,7 +333,7 @@ func NewParsedRequestFromRequest(r *http.Request, logger *log.Entry) (ParsedRequ
} else { } else {
r.Proto = "HTTP/" + string(major) + "." + string(minor) r.Proto = "HTTP/" + string(major) + "." + string(minor)
} }
} else { } else if httpVersion != "" {
logger.Warnf("Invalid value %s for HTTP version header", httpVersion) logger.Warnf("Invalid value %s for HTTP version header", httpVersion)
} }