Created
January 5, 2021 19:53
-
-
Save rikatz/debc8eedfc9f9947c758947568c73e5e to your computer and use it in GitHub Desktop.
list transaction
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 80ms 44.11s (flat, cum) 91.61% of Total | |
| . . 7: | |
| . . 8: "unicode/utf8" | |
| . . 9:) | |
| . . 10: | |
| . . 11://ModsecTransaction parses a request and return if it needs intervention | |
| 20ms 20ms 12:func ModsecTransaction(request *apis.Request, agent *ModsecAgent) (intervention bool, err error) { | |
| . . 13: | |
| . . 14: var path string | |
| . . 15: | |
| . 40ms 16: clientIP := fmt.Sprintf("%s:12345", request.ClientIP) | |
| . 20ms 17: srvIP := fmt.Sprintf("%s:%d", request.ServerIP, request.ServerPort) | |
| . . 18: | |
| 20ms 2.92s 19: transaction, err := agent.rules.NewTransaction(clientIP, srvIP) | |
| . . 20: | |
| . . 21: if err != nil { | |
| . . 22: return false, fmt.Errorf("Modsecurity: Failed to process the connection: %v", err) | |
| . . 23: } | |
| . . 24: | |
| . . 25: if request.IgnoreRules != "" { | |
| . . 26: transaction.IgnoreRules = request.IgnoreRules | |
| . . 27: } | |
| . . 28: defer func() { | |
| . . 29: transaction.ProcessLogging() | |
| . . 30: transaction.Cleanup() | |
| . . 31: }() | |
| . . 32: | |
| . . 33: path = request.Path | |
| . . 34: if request.Query != "" { | |
| . . 35: path = fmt.Sprintf("%s?%s", request.Path, request.Query) | |
| . . 36: } | |
| . . 37: | |
| . 20ms 38: if transaction.ProcessUri(path, request.Method, request.Version) != nil { | |
| . . 39: return false, fmt.Errorf("Modsecurity: Failed to process the URI: %s", err.Error()) | |
| . . 40: } | |
| . 10ms 41: if transaction.ShouldIntervene() { | |
| . . 42: registerMetrics(request, transaction.BlockedBy) | |
| . . 43: return true, nil | |
| . . 44: } | |
| . . 45: | |
| . 20ms 46: for key, values := range request.Headers { | |
| 10ms 10ms 47: for _, value := range values { | |
| . 340ms 48: if transaction.AddRequestHeader([]byte(key), []byte(value)) != nil { | |
| . . 49: return false, fmt.Errorf("Modsecurity: Failed to Add Headers: %s", err.Error()) | |
| . . 50: } | |
| . . 51: } | |
| . . 52: } | |
| . . 53: | |
| . . 54: // Kubernetes specific. Add the directives into headers to be logged :) | |
| . . 55: if request.IngressName != "" && request.Namespace != "" { | |
| . 50ms 56: if transaction.AddRequestHeader([]byte("x-kubernetes-namespace"), []byte(request.Namespace)) != nil { | |
| . . 57: return false, fmt.Errorf("Modsecurity: Failed to Kubernetes Namespace Headers: %s", err.Error()) | |
| . . 58: } | |
| . . 59: | |
| . 40ms 60: if transaction.AddRequestHeader([]byte("x-kubernetes-ingressname"), []byte(request.IngressName)) != nil { | |
| . . 61: return false, fmt.Errorf("Modsecurity: Failed to Kubernetes Ingress Name Headers: %s", err.Error()) | |
| . . 62: } | |
| . . 63: } | |
| . . 64: | |
| . 18.51s 65: if transaction.ProcessRequestHeaders() != nil { | |
| . . 66: return false, fmt.Errorf("Modsecurity: Failed to process the Headers: %s", err.Error()) | |
| . . 67: } | |
| . . 68: | |
| . 20ms 69: if transaction.ShouldIntervene() { | |
| . . 70: registerMetrics(request, transaction.BlockedBy) | |
| . . 71: return true, nil | |
| . . 72: } | |
| . . 73: | |
| . 20ms 74: if transaction.AppendRequestBody(request.Body) != nil { | |
| . . 75: return false, fmt.Errorf("Modsecurity: Failed to append the Body: %s", err.Error()) | |
| . . 76: } | |
| . . 77: | |
| . 16.08s 78: if transaction.ProcessRequestBody() != nil { | |
| . . 79: return false, fmt.Errorf("Modsecurity: Failed to process the Body: %s", err.Error()) | |
| . . 80: } | |
| . . 81: | |
| 10ms 50ms 82: if transaction.ShouldIntervene() { | |
| . . 83: registerMetrics(request, transaction.BlockedBy) | |
| . . 84: return true, nil | |
| . . 85: } | |
| . . 86: | |
| 20ms 5.94s 87: return false, nil | |
| . . 88:} | |
| . . 89: | |
| . . 90:func registerMetrics(request *apis.Request, blockedBy []string) { | |
| . . 91: for _, rule := range blockedBy { | |
| . . 92: blockCountRule.WithLabelValues(rule).Inc() | |
| ROUTINE ======================== github.com/rikatz/ingress-security-agent/pkg/agents/modsecurity.ModsecTransaction.func1 in /go/src/app/pkg/agents/modsecurity/transaction.go | |
| 0 5.92s (flat, cum) 12.29% of Total | |
| . . 24: | |
| . . 25: if request.IgnoreRules != "" { | |
| . . 26: transaction.IgnoreRules = request.IgnoreRules | |
| . . 27: } | |
| . . 28: defer func() { | |
| . 4.45s 29: transaction.ProcessLogging() | |
| . 1.47s 30: transaction.Cleanup() | |
| . . 31: }() | |
| . . 32: | |
| . . 33: path = request.Path | |
| . . 34: if request.Query != "" { | |
| . . 35: path = fmt.Sprintf("%s?%s", request.Path, request.Query) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment