Skip to content
This repository has been archived by the owner on Nov 2, 2023. It is now read-only.

PII: fix In-App WAF attack sanitization #158

Merged
merged 2 commits into from
Sep 29, 2020
Merged

Conversation

Julio-Guerra
Copy link
Collaborator

@Julio-Guerra Julio-Guerra commented Sep 29, 2020

Replace the use of strings.ReplaceAll() with a case-insensitive regular
expression of the request parameter so that it also matches attack information
that got transformed by the In-App WAF (eg. lower-cased).

…former

Replace the use of `strings.ReplaceAll()` with a case-insensitive regular
expression of the request parameter so that it also matches attack information
that got transformed (eg. lower-cased).
@Julio-Guerra Julio-Guerra added the bug Something isn't working label Sep 29, 2020
@Julio-Guerra Julio-Guerra added this to the v0.16.1 milestone Sep 29, 2020
@Julio-Guerra Julio-Guerra self-assigned this Sep 29, 2020
@Julio-Guerra Julio-Guerra merged commit 05870b2 into dev Sep 29, 2020
@Julio-Guerra Julio-Guerra deleted the fix/waf-attack-pii-leak branch September 29, 2020 20:52
@Julio-Guerra Julio-Guerra mentioned this pull request Sep 30, 2020
Julio-Guerra pushed a commit that referenced this pull request Sep 30, 2020
Fixes:

- (#158) PII: make the PII scrubbing of In-App WAF attack events
  case-insensitive in order to correctly scrub transformed request parameters.

- (#159) Monitoring: fix the content type and length monitoring of HTTP
  responses.

- (#157) Gin middleware: use the request Go context instead of Gin's so that the
  agent can properly manage the request execution context, but also to correctly
  propagate values stored in the Go context before the middleware function.
Julio-Guerra pushed a commit that referenced this pull request Sep 30, 2020
Fixes

- (#158) PII: make the PII scrubbing of In-App WAF attack events
  case-insensitive in order to correctly scrub transformed request parameters.

- (#159) Monitoring: fix the content type and length monitoring of HTTP
  responses.

- (#157) Gin middleware: use the request Go context instead of Gin's so that the
  agent can properly manage the request execution context, but also to correctly
  propagate values stored in the Go context before the middleware function.
Julio-Guerra pushed a commit that referenced this pull request Oct 1, 2020
Fixes:

- (#158) PII: make the PII scrubbing of In-App WAF attack events
  case-insensitive in order to correctly scrub transformed request parameters.

- (#159) Monitoring: fix the content type and length monitoring of HTTP
  responses.

- (#157) Gin middleware: use the request Go context instead of Gin's so that the
  agent can properly manage the request execution context, but also to correctly
  propagate values stored in the Go context before the middleware function.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant