refactor: split checks into individual rules #6
Conversation
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
fzipi
force-pushed
the
refactor/split-linting-rules
branch
from
6919dc7 to
c5b7eca
Compare
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
fzipi
changed the title
|
Finally got the time (and will) to finish this refactor. |
airween
left a comment
airween
left a comment
There was a problem hiding this comment.
After my first review I have some comments.
| if tags is None: | ||
| return | ||
|
|
||
| chained = False |
There was a problem hiding this comment.
chained is not used here. In the current code it used to get the rule ID, but you don't use that (eg. in message), so you should remove this, or use the rule ID in message, for eg.
| from crs_linter.rule import Rule | ||
|
|
||
|
|
||
| class CrsTag(Rule): |
There was a problem hiding this comment.
In the meantime, an addition was made to the original code: we have added a new function to check whether the rule has a tag for its filename. I think we need this here too. For details please check #27
| """check there is no ctl:auditLogParts action in any rules""" | ||
| for d in data: | ||
| if "actions" in d: | ||
| current_ruleid = 0 |
There was a problem hiding this comment.
Here you don't use the rule ID either so you should remove this line and below the block (or add rule ID to the message, for eg.).
| from crs_linter.rule import Rule | ||
|
|
||
|
|
||
| class Deprecated(Rule): |
There was a problem hiding this comment.
Does this class have the same functionality like ctl_audit_log above? Why are both necessary?
| if "actions" in d: | ||
| max_order = 0 # maximum position of read actions | ||
| if not chained: | ||
| current_rule_id = get_id(d["actions"]) |
There was a problem hiding this comment.
Here you don't use variable current_rule_id, you should remove it or add it to message.
| if a["act_name"] == "tag": | ||
| tags.append(a) | ||
| if a["act_name"] == "setvar": | ||
| if a["act_arg"][0:2].lower() == "tx": |
There was a problem hiding this comment.
In current (old) implementation I explained here why is this hack needs. I think that would be useful here too. (This is the parser's deficiency.)
| for d in data: | ||
| # only SecRule counts | ||
| if d['type'] == "SecRule": | ||
| for a in d['actions']: |
There was a problem hiding this comment.
Here you don't need to iterate through all actions, just use your implemented get_id(). I think that would make the code a bit more clear. (But you will need the id in two formats: int and string)
|
|
||
| val_act = [] | ||
| val_act_arg = [] | ||
| if "act_arg" in a and a["act_arg"] is not None: |
There was a problem hiding this comment.
I think the explanation from current code would be useful here.
| for v in d["variables"]: | ||
| if v["variable"].lower() == "tx": | ||
| if not v["counter"]: | ||
| rvar = v["variable_part"].lower() |
what
why