| 583 | } |
| 584 | |
| 585 | func (wc *AppsecConfig) Build(ctx context.Context, hub *cwhub.Hub) (*AppsecRuntimeConfig, error) { |
| 586 | ret := &AppsecRuntimeConfig{Logger: wc.Logger.WithField("component", "appsec_runtime_config")} |
| 587 | |
| 588 | ret.RequestValidator = apivalidation.NewRequestValidator(wc.Logger.WithField("component", "api_validator")) |
| 589 | |
| 590 | if wc.BouncerBlockedHTTPCode == 0 { |
| 591 | wc.BouncerBlockedHTTPCode = http.StatusForbidden |
| 592 | } |
| 593 | |
| 594 | if wc.BouncerPassedHTTPCode == 0 { |
| 595 | wc.BouncerPassedHTTPCode = http.StatusOK |
| 596 | } |
| 597 | |
| 598 | if wc.UserBlockedHTTPCode == 0 { |
| 599 | wc.UserBlockedHTTPCode = http.StatusForbidden |
| 600 | } |
| 601 | |
| 602 | if wc.UserPassedHTTPCode == 0 { |
| 603 | wc.UserPassedHTTPCode = http.StatusOK |
| 604 | } |
| 605 | |
| 606 | if wc.DefaultPassAction == "" { |
| 607 | wc.DefaultPassAction = AllowRemediation |
| 608 | } |
| 609 | |
| 610 | if wc.DefaultRemediation == "" { |
| 611 | wc.DefaultRemediation = BanRemediation |
| 612 | } |
| 613 | |
| 614 | // set the defaults |
| 615 | switch wc.DefaultRemediation { |
| 616 | case BanRemediation, CaptchaRemediation, AllowRemediation: |
| 617 | // those are the officially supported remediation(s) |
| 618 | default: |
| 619 | wc.Logger.Warningf("default '%s' remediation of %s is none of [%s,%s,%s] ensure bouncer compatbility!", wc.DefaultRemediation, wc.Name, BanRemediation, CaptchaRemediation, AllowRemediation) |
| 620 | } |
| 621 | |
| 622 | ret.Name = wc.Name |
| 623 | ret.Config = wc |
| 624 | ret.DefaultRemediation = wc.DefaultRemediation |
| 625 | ret.BodySettings = BodySettings{ |
| 626 | MaxSize: DefaultMaxBodySize, |
| 627 | Action: BodySizeActionDrop, |
| 628 | } |
| 629 | |
| 630 | wc.Logger.Tracef("Loading config %+v", wc) |
| 631 | // load rules |
| 632 | for _, rule := range wc.OutOfBandRules { |
| 633 | wc.Logger.Infof("loading outofband rule %s", rule) |
| 634 | |
| 635 | collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"), hub) |
| 636 | if err != nil { |
| 637 | return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err) |
| 638 | } |
| 639 | |
| 640 | ret.OutOfBandRules = append(ret.OutOfBandRules, collections...) |
| 641 | } |
| 642 | |