webhook - add detected signatures into webhook data details

astibal · Apr 11, 2024 · 8dca753 · 8dca753
1 parent 1b8c274
commit 8dca753
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/src/proxy/mitmhost.cpp b/src/proxy/mitmhost.cpp
@@ -262,6 +262,10 @@ void MitmHostCX::on_detect(std::shared_ptr<duplexFlowMatch> x_sig, flowMatchStat
         reported = true;
     }
 
+    matched_signatures_.emplace_back(string_format("%s/%s",
+                                                   sig_sig->sig_category.c_str(),
+                                                   sig_sig->name().c_str()));
+
     if(! reported) {
         // diagnose on "inspect" topic
         _dia("matching signature: cat='%s', name='%s' at %s",

diff --git a/src/proxy/mitmhost.hpp b/src/proxy/mitmhost.hpp
@@ -69,6 +69,8 @@ class MitmHostCX : public AppHostCX, public socle::sobject {
     int matched_policy() const { return matched_policy_; }
     void matched_policy(int p) { matched_policy_ = p; }
 
+    std::vector<std::string> const& matched_signatures() const { return matched_signatures_; }
+
     using replacetype_t = enum { REPLACETYPE_NONE=0, REPLACETYPE_HTTP=1 };
     replacetype_t replacement_type() const { return replacement_type_; }
     void replacement_type(replacetype_t r) { replacement_type_ = r; }
@@ -107,6 +109,8 @@ class MitmHostCX : public AppHostCX, public socle::sobject {
     int inspect_verdict = Inspector::OK;
     std::shared_ptr<buffer> inspect_verdict_response;
 
+    std::vector<std::string> matched_signatures_;
+
 public:
     TYPENAME_OVERRIDE("MitmHostCX")
     DECLARE_LOGGING(to_string)

diff --git a/src/proxy/mitmproxy.cpp b/src/proxy/mitmproxy.cpp
@@ -283,7 +283,10 @@ void MitmProxy::webhook_session_stop() const {
         dB = l->meter_write_bytes;
 
         if(auto app = l->engine_ctx.application_data; app) {
-            l7 =  { { "app", app->protocol() }, { "details", app->requests_all() } };
+            l7 =  { { "app", app->protocol() },
+                    { "details", app->requests_all() },
+                    { "signatures", l->matched_signatures() }
+            };
         }
     }
     auto const* r = first_right();