appsec: missing err check when initializing out-of-band engine (#3344)

pkg/acquisition/modules/appsec/appsec_runner.go

@@ -91,6 +91,10 @@ func (r *AppsecRunner) Init(datadir string) error {
 	}
 	r.AppsecOutbandEngine, err = coraza.NewWAF(outbandCfg)
 
+	if err != nil {
+		return fmt.Errorf("unable to initialize outband engine : %w", err)
+	}
+
 	if r.AppsecRuntime.DisabledInBandRulesTags != nil {
 		for _, tag := range r.AppsecRuntime.DisabledInBandRulesTags {
 			r.AppsecInbandEngine.GetRuleGroup().DeleteByTag(tag)
@@ -118,10 +122,6 @@ func (r *AppsecRunner) Init(datadir string) error {
 	r.logger.Tracef("Loaded inband rules: %+v", r.AppsecInbandEngine.GetRuleGroup().GetRules())
 	r.logger.Tracef("Loaded outband rules: %+v", r.AppsecOutbandEngine.GetRuleGroup().GetRules())
 
-	if err != nil {
-		return fmt.Errorf("unable to initialize outband engine : %w", err)
-	}
-
 	return nil
 }
 

pkg/acquisition/modules/appsec/appsec_runner_test.go

@@ -130,6 +130,20 @@ func TestAppsecRuleLoad(t *testing.T) {
 				require.Len(t, runner.AppsecInbandEngine.GetRuleGroup().GetRules(), 4)
 			},
 		},
+		{
+			name:             "invalid inband rule",
+			expected_load_ok: false,
+			inband_native_rules: []string{
+				"this_is_not_a_rule",
+			},
+		},
+		{
+			name:             "invalid outofband rule",
+			expected_load_ok: false,
+			outofband_native_rules: []string{
+				"this_is_not_a_rule",
+			},
+		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {

pkg/acquisition/modules/appsec/appsec_test.go

@@ -96,8 +96,14 @@ func loadAppSecEngine(test appsecRuleTest, t *testing.T) {
 	}
 	err = runner.Init("/tmp/")
 	if err != nil {
+		if !test.expected_load_ok {
+			return
+		}
 		t.Fatalf("unable to initialize runner : %s", err)
 	}
+	if !test.expected_load_ok {
+		t.Fatalf("expected load to fail but it didn't")
+	}
 
 	if test.afterload_asserts != nil {
 		//afterload asserts are just to evaluate the state of the runner after the rules have been loaded