Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

internal/appsec: security events obfuscation #1237

Merged
merged 21 commits into from
Apr 12, 2022
Merged

internal/appsec: security events obfuscation #1237

merged 21 commits into from
Apr 12, 2022

Conversation

Hellzy
Copy link
Contributor

@Hellzy Hellzy commented Apr 6, 2022
edited
Loading

Summary

The WAF takes care of obfuscation and the library needs to create the obfuscator configuration that will then be passed to the WAF. The obfuscator can be configured using 2 environment variables:

  • DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP: regexp used to obufscate matched parameters keys
  • DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP: regexp used to obfuscate matched parameters values and highlights.
    A default key regexp is used if none is provided. No value regexp is used if none is provided

Changes

internal/appsec

  • appsec.go: pass down obfuscator config during WAF registration
  • config.go: add obfuscator config creation and setup from env
  • config_test.go: add testing for obfuscator config
  • rule_test.go: adapt a test due to changed function prototype
  • waf.go: retrieve obfuscator config and pass it down for handle creation
  • waf_test.go: add library->WAF end-to-end obfuscation test

internal/appsec/dyngo/instrumentation/httpsec

  • http.go: add cookies parsing

internal/appsec/waf

  • include/ddwaf.h: update header wrt WAF v1.3.0
  • lib/*: update WAF static libraries to v1.3.0
  • waf.go: retrieve obfuscator config and pass over to the WAF
  • waf_test.go: add testing for WAF obfuscator config

@Hellzy Hellzy changed the base branch from v1 to francois.mazeau/libddwaf-update April 6, 2022 14:37
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-1.3.0 branch from 9bee9e8 to 6728ef0 Compare April 6, 2022 14:41
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 67f7c7f to 2f5dda5 Compare April 7, 2022 08:38
@Hellzy Hellzy added the appsec label Apr 7, 2022
@Hellzy Hellzy self-assigned this Apr 7, 2022
@Hellzy Hellzy added this to the 1.38.0 milestone Apr 7, 2022
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-1.3.0 branch from 632f1b2 to 28259ef Compare April 7, 2022 11:40
@Hellzy Hellzy requested a review from Julio-Guerra April 7, 2022 14:11
@Hellzy Hellzy marked this pull request as ready for review April 7, 2022 14:49
@Hellzy Hellzy requested a review from a team as a code owner April 7, 2022 14:49
@Hellzy Hellzy marked this pull request as draft April 7, 2022 15:13
Base automatically changed from francois.mazeau/libddwaf-update to v1 April 7, 2022 16:21
@Julio-Guerra Julio-Guerra changed the title internal/appsec: update libddwaf to 1.3.0 and add obfuscator config internal/appsec: security events obfuscation Apr 7, 2022
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-1.3.0 branch 2 times, most recently from 3f2316a to 97d0d26 Compare April 8, 2022 08:53
@Hellzy Hellzy mentioned this pull request Apr 8, 2022
Closed
@Hellzy Hellzy marked this pull request as ready for review April 8, 2022 10:00
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-1.3.0 branch 2 times, most recently from 4728912 to a4339c2 Compare April 8, 2022 10:07
@Hellzy
Copy link
Contributor Author

Hellzy commented Apr 8, 2022

@Julio-Guerra right now if a user-provided regexp doesn't compile the default configuration is used.
What do you think of this? We could also decide to error out since only logging the error can be misleading.

@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-1.3.0 branch from a4339c2 to 6e53c9a Compare April 8, 2022 10:28
@Hellzy
internal/appsec: handle empty ruleset errors marshaling
95b25fe 
Also move rule version span tagging out of sync.Once closures
Julio-Guerra
Julio-Guerra requested changes Apr 11, 2022
View reviewed changes
internal/appsec/config.go Show resolved Hide resolved
internal/appsec/config.go Outdated Show resolved Hide resolved
internal/appsec/config.go Outdated Show resolved Hide resolved
internal/appsec/config.go Outdated Show resolved Hide resolved
internal/appsec/config.go Outdated Show resolved Hide resolved
internal/appsec/waf/waf.go Outdated Show resolved Hide resolved
internal/appsec/waf/waf.go Outdated Show resolved Hide resolved
internal/appsec/waf/waf.go Outdated Show resolved Hide resolved
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-1.3.0 branch from 3052260 to 8d0342f Compare April 12, 2022 12:10
Hellzy and others added 2 commits April 12, 2022 17:31
Julio-Guerra
Julio-Guerra approved these changes Apr 12, 2022
View reviewed changes
Copy link
Contributor

@Julio-Guerra Julio-Guerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Congrats 👏

@Julio-Guerra Julio-Guerra merged commit 0b58eb8 into v1 Apr 12, 2022
@Julio-Guerra Julio-Guerra deleted the francois.mazeau/libddwaf-1.3.0 branch April 12, 2022 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Julio-Guerra Julio-Guerra Julio-Guerra approved these changes

Assignees

@Hellzy Hellzy

Labels
appsec
Projects
None yet
Milestone
1.38.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Hellzy @Julio-Guerra