Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds Log() to MatchedRule, fixes audit log without log #848

Merged
merged 7 commits into from
Jul 25, 2023

Conversation

M4tteoP
Copy link
Member

@M4tteoP M4tteoP commented Jul 20, 2023

This PR proposes to enrich MatchedRule with Log() for filtering purposes.
It permits to:

  • Filter the MatchedRules and obtain only the ones meant to be logged (indeed similar to what the original reporter (@joshi-mohit) tried to do with relying on Rule().Severity(), but that field was not suitable for this purpose).
	for _, matchedRule := range tx.MatchedRules() {
		if matchedRule.Log() {
		....
	}

Edit: with the workaround:

	for _, matchedRule := range tx.MatchedRules() {
		type ruleLogger interface{ Log() bool }
		mrWithlog, ok := matchedRule.(types.RuleLogger)
		if ok && mrWithlog.Log() {
			....
	}

Supersedes #840
Fixes #839

@codecov
Copy link

codecov bot commented Jul 20, 2023

Codecov Report

Patch coverage: 80.30% and project coverage change: +0.07 🎉

Comparison is base (1b8a007) 81.51% compared to head (42eedcd) 81.58%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #848      +/-   ##
==========================================
+ Coverage   81.51%   81.58%   +0.07%     
==========================================
  Files         158      159       +1     
  Lines        8947     9010      +63     
==========================================
+ Hits         7293     7351      +58     
- Misses       1408     1412       +4     
- Partials      246      247       +1     
Flag Coverage Δ
default 76.63% <82.17%> (+0.46%) ⬆️
examples 25.52% <16.66%> (+<0.01%) ⬆️
ftw 46.85% <40.47%> (-0.24%) ⬇️
ftw-multiphase 48.98% <40.47%> (-0.25%) ⬇️
tinygo 74.85% <96.59%> (+2.62%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
http/e2e/cmd/httpe2e/main.go 0.00% <ø> (ø)
internal/actions/allow.go 100.00% <ø> (ø)
internal/actions/auditlog.go 72.72% <ø> (ø)
internal/actions/block.go 100.00% <ø> (ø)
internal/actions/capture.go 100.00% <ø> (ø)
internal/actions/chain.go 100.00% <ø> (ø)
internal/actions/ctl.go 92.87% <ø> (ø)
internal/actions/deny.go 84.21% <ø> (ø)
internal/actions/drop.go 84.21% <ø> (ø)
internal/actions/exec.go 70.00% <ø> (ø)
... and 32 more

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@jptosso
Copy link
Member

jptosso commented Jul 20, 2023

#846 back to this

@M4tteoP M4tteoP marked this pull request as ready for review July 20, 2023 11:29
@M4tteoP M4tteoP requested a review from a team as a code owner July 20, 2023 11:29
types/rule_match.go Outdated Show resolved Hide resolved
testing/auditlog_test.go Outdated Show resolved Hide resolved
testing/auditlog_test.go Outdated Show resolved Hide resolved
testing/auditlog_test.go Outdated Show resolved Hide resolved
var al2 auditlog.Log
// there should be no audit log because of nolog
if err := json.NewDecoder(file).Decode(&al2); err == nil {
if al2.Messages() != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there any assertions about the content of the logs?

types/rule_match.go Outdated Show resolved Hide resolved
@jcchavezs jcchavezs merged commit 435d15a into corazawaf:main Jul 25, 2023
7 of 9 checks passed
@jcchavezs jcchavezs deleted the matchdata_log_filter branch July 25, 2023 05:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

MatchedRules filled by rules without log directive
4 participants