UPT: annotation enhancement for resty-lua-waf

2018-10-05 12:24:37 +08:00 · 2018-10-05 12:24:37 +08:00 · 04a89ce234
commit 04a89ce234
parent a3bf5dadaf
5 changed files with 140 additions and 10 deletions
--- a/internal/ingress/annotations/luarestywaf/main.go
+++ b/internal/ingress/annotations/luarestywaf/main.go
@ -31,10 +31,13 @@ var luaRestyWAFModes = map[string]bool{"ACTIVE": true, "INACTIVE": true, "SIMULA

 // Config returns lua-resty-waf configuration for an Ingress rule
 type Config struct {
-	Mode               string   `json:"mode"`
-	Debug              bool     `json:"debug"`
-	IgnoredRuleSets    []string `json:"ignored-rulesets"`
-	ExtraRulesetString string   `json:"extra-ruleset-string"`
+	Mode                 string   `json:"mode"`
+	Debug                bool     `json:"debug"`
+	IgnoredRuleSets      []string `json:"ignored-rulesets"`
+	ExtraRulesetString   string   `json:"extra-ruleset-string"`
+	Score                int      `json:"score"`
+	AllowUnknownContent  bool     `json:"allow-unknown-content"`
+	DisableMultipartBody bool     `json:"disable-multipart-body"`
 }

 // Equal tests for equality between two Config types
@ -57,6 +60,15 @@ func (e1 *Config) Equal(e2 *Config) bool {
 	if e1.ExtraRulesetString != e2.ExtraRulesetString {
 		return false
 	}
+	if e1.Score != e2.Score {
+		return false
+	}
+	if e1.AllowUnknownContent != e2.AllowUnknownContent {
+		return false
+	}
+	if e1.DisableMultipartBody != e2.DisableMultipartBody {
+		return false
+	}

 	return true
 }
@ -95,10 +107,19 @@ func (a luarestywaf) Parse(ing *extensions.Ingress) (interface{}, error) {
 	// TODO(elvinefendi) maybe validate the ruleset string here
 	extraRulesetString, _ := parser.GetStringAnnotation("lua-resty-waf-extra-rules", ing)

+	score, _ := parser.GetIntAnnotation("lua-resty-waf-score", ing)
+
+	allowUnknownContent, _ := parser.GetBoolAnnotation("lua-resty-waf-allow-unknown-content", ing)
+
+	disableMultipartBody, _ := parser.GetBoolAnnotation("lua-resty-waf-disable-multipart-body", ing)
+
 	return &Config{
-		Mode:               mode,
-		Debug:              debug,
-		IgnoredRuleSets:    ignoredRuleSets,
-		ExtraRulesetString: extraRulesetString,
+		Mode:                 mode,
+		Debug:                debug,
+		IgnoredRuleSets:      ignoredRuleSets,
+		ExtraRulesetString:   extraRulesetString,
+		Score:                score,
+		AllowUnknownContent:  allowUnknownContent,
+		DisableMultipartBody: disableMultipartBody,
 	}, nil
 }