8000 AP: log-conf escaping chars (#2691) · nginx/kubernetes-ingress@6611a9b · GitHub
[go: up one dir, main page]
Skip to content

Commit 6611a9b

Browse files
rafwegvRafal Wegrzycki
rafwegv
and
Rafal Wegrzycki
authored
AP: log-conf escaping chars (#2691)
add escape chars to logconf Co-authored-by: Rafal Wegrzycki <r.wegrzycki@f5.com>
1 parent 5568e1f commit 6611a9b

File tree

4 files changed

+79
-16
lines changed

4 files changed

+79
-16
lines changed

deployments/common/crds/appprotect.f5.com_aplogconfs.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,15 @@ spec:
3333
properties:
3434
content:
3535
properties:
36+
escaping_characters:
37+
items:
38+
properties:
39+
from:
40+
type: string
41+
to:
42+
type: string
43+
type: object
44+
type: array
3645
format:
3746
enum:
3847
- splunk
@@ -43,6 +52,12 @@ spec:
4352
type: string
4453
format_string:
4554
type: string
55+
list_delimiter:
56+
type: string
57+
list_prefix:
58+
type: string
59+
list_suffix:
60+
type: string
4661
max_message_size:
4762
pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
4863
type: string

deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,15 @@ spec:
3333
properties:
3434
content:
3535
properties:
36+
escaping_characters:
37+
items:
38+
properties:
39+
from:
40+
type: string
41+
to:
42+
type: string
43+
type: object
44+
type: array
3645
format:
3746
enum:
3847
- splunk
@@ -43,6 +52,12 @@ spec:
4352
type: string
4453
format_string:
4554
type: string
55+
list_delimiter:
56+
type: string
57+
list_prefix:
58+
type: string
59+
list_suffix:
60+
type: string
4661
max_message_size:
4762
pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
4863
type: string

tests/data/ap-waf/logconf-esc.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
apiVersion: appprotect.f5.com/v1beta1
2+
kind: APLogConf
3+
metadata:
4+
name: logconf-esc
5+
spec:
6+
content:
7+
format: user-defined
8+
max_message_size: 64k
9+
max_request_size: any
10+
format_string: "{\"my_attack_type\": \"%attack_type%\"}"
11+
escaping_characters:
12+
- from: '"'
13+
to: '\"'
14+
list_prefix: "["
15+
list_delimiter: ","
16+
list_suffix: "]"
17+
18+
filter:
19+
request_type: all

tests/suite/test_app_protect_waf_policies.py

Lines changed: 30 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -400,11 +400,14 @@ def test_ap_waf_policy_multi_logs(
400400
src_syslog_yaml = f"{TEST_DATA}/ap-waf/syslog.yaml"
401401
src_syslog_yaml_additional = f"{TEST_DATA}/ap-waf/syslog-1.yaml"
402402
log_loc = f"/var/log/messages"
403+
src_log_yaml_escape = f"{TEST_DATA}/ap-waf/logconf-esc.yaml"
404+
log_esc_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml_escape, test_namespace)
403405
create_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
404406
create_items_from_yaml(kube_apis, src_syslog_yaml_additional, test_namespace)
405407
syslog_dst1 = f"syslog-svc.{test_namespace}"
406408
syslog_dst2 = f"syslog-svc-1.{test_namespace}"
407-
syslog_pods = kube_apis.v1.list_namespaced_pod(test_namespace, label_selector="app in (syslog, syslog-1)").items
409+
syslog_pod = kube_apis.v1.list_namespaced_pod(test_namespace, label_selector="app=syslog").items
410+
syslog_esc_pod = kube_apis.v1.list_namespaced_pod(test_namespace, label_selector="app=syslog-1").items
408411
print(f"Create waf policy")
409412
create_ap_multilog_waf_policy_from_yaml(
410413
kube_apis.custom_objects,
@@ -414,7 +417,7 @@ def test_ap_waf_policy_multi_logs(
414417
True,
415418
True,
416419
ap_pol_name,
417-
[log_name, log_name],
420+
[log_name, log_esc_name],
418421
[f"syslog:server={syslog_dst1}:514",f"syslog:server={syslog_dst2}:514"]
419422
)
420423
wait_before_test()
@@ -440,27 +443,38 @@ def test_ap_waf_policy_multi_logs(
440443
headers={"host": virtual_server_setup.vs_host},
441444
)
442445
print(response.text)
443-
log_contents = ["",""]
446+
log_contents = ""
444447
retry = 0
445-
for i in range(2):
446-
while "ASM:attack_type" not in log_contents[i] and retry <= 30:
447-
log_contents[i] = get_file_contents(
448-
kube_apis.v1, log_loc, syslog_pods[i].metadata.name, test_namespace
449-
)
450-
retry += 1
451-
wait_before_test(1)
452-
print(f"Security log not updated, retrying... #{retry}")
448+
while "ASM:attack_type" not in log_contents and retry <= 30:
449+
log_contents = get_file_contents(
450+
kube_apis.v1, log_loc, syslog_pod[0].metadata.name, test_namespace
451+
)
452+
retry += 1
453+
wait_before_test(1)
454+
print(log_contents)
455+
print(f"Security log not updated, retrying... #{retry}")
456+
457+
log_esc_contents = ""
458+
retry = 0
459+
while "attack_type" not in log_esc_contents and retry <= 30:
460+
log_esc_contents = get_file_contents(
461+
kube_apis.v1, log_loc, syslog_esc_pod[0].metadata.name, test_namespace
462+
)
463+
retry += 1
464+
wait_before_test(1)
465+
print(log_esc_contents)
466+
print(f"Security log not updated, retrying... #{retry}")
453467

454468
delete_policy(kube_apis.custom_objects, "waf-policy", test_namespace)
455469
self.restore_default_vs(kube_apis, virtual_server_setup)
456470

457471
assert_invalid_responses(response)
458472

459-
for log_cont in log_contents:
460-
assert f'ASM:attack_type="Non-browser Client,Abuse of Functionality,Cross Site Scripting (XSS)"' in log_cont
461-
assert f'severity="Critical"' in log_cont
462-
assert f'request_status="blocked"' in log_cont
463-
assert f'outcome="REJECTED"' in log_cont
473+
assert f'ASM:attack_type="Non-browser Client,Abuse of Functionality,Cross Site Scripting (XSS)"' in log_contents
474+
assert f'severity="Critical"' in log_contents
475+
assert f'request_status="blocked"' in log_contents
476+
assert f'outcome="REJECTED"' in log_contents
477+
assert f'"my_attack_type": "[Non-browser Client' in log_esc_contents
464478

465479
@pytest.mark.skip_for_nginx_oss
466480
@pytest.mark.appprotect

0 commit comments

Comments
 (0)
0