patterns/owasp.py

import requests
import re
import json
import logging
from typing import List, Dict

# Logging setup
logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")

OWASP_CRS_BASE_URL = "https://api.github.com/repos/coreruleset/coreruleset/contents/rules"
GITHUB_REF = "v4.0"
GITHUB_REPO_URL = "https://api.github.com/repos/coreruleset/coreruleset"


def fetch_rule_files() -> List[str]:
    """
    Fetches a list of rule files from the OWASP Core Rule Set GitHub repository.
    It attempts to match a specific tag, and falls back to latest.

    Returns:
    List[str]: A list of rule file names (e.g., 'REQUEST-901-INITIALIZATION.conf').
    """
    logging.info("Fetching available rule files from GitHub...")
    # Step 1: Fetch all tags
    ref_url = f"{GITHUB_REPO_URL}/git/refs/tags"
    try:
        ref_response = requests.get(ref_url)
        ref_response.raise_for_status()
        ref_data = ref_response.json()
        available_refs = [ref['ref'] for ref in ref_data]
        logging.debug(f"Available refs: {available_refs}")
    except requests.RequestException as e:
        logging.error(f"Failed to fetch tags from {ref_url}. Reason: {e}")
        return []

    # Step 2: Find the closest matching tag
    matched_ref = next((ref for ref in available_refs if ref.endswith(f"{GITHUB_REF}.0")), None)

    if matched_ref:
        ref_sha = next(ref['object']['sha'] for ref in ref_data if ref['ref'] == matched_ref)
        logging.info(f"Found exact match for {GITHUB_REF}: {matched_ref}")
    else:
        # Fallback to latest tag
        latest_ref = ref_data[-1]
        ref_sha = latest_ref['object']['sha']
        logging.warning(f"{GITHUB_REF} not found. Using latest: {latest_ref['ref']}")

    logging.info(f"Using ref SHA: {ref_sha}")

    # Step 3: Fetch rule files using the selected SHA
    rules_url = f"{OWASP_CRS_BASE_URL}?ref={ref_sha}"
    try:
        rules_response = requests.get(rules_url)
        rules_response.raise_for_status()
        files = [item['name'] for item in rules_response.json() if item['name'].endswith('.conf')]
        logging.info(f"Found {len(files)} rule files.")
        return files
    except requests.RequestException as e:
        logging.error(f"Failed to fetch rule files from {rules_url}. Reason: {e}")
        return []


def fetch_owasp_rules(rule_files: List[str]) -> List[Dict[str, str]]:
    """
    Fetches SecRule patterns from OWASP CRS files, categorizes them, and returns a list of dictionaries.

    Parameters:
    rule_files (List[str]): A list of rule file names (e.g., ['REQUEST-901-INITIALIZATION.conf',...])

    Returns:
    List[Dict[str,str]]: A list of dictionaries, each containing a pattern and its category.
                          e.g. [{'category': 'INITIALIZATION', 'pattern':'...'},...]
    """
    logging.info("Fetching OWASP rules...")
    base_url = f"https://raw.githubusercontent.com/coreruleset/coreruleset/{GITHUB_REF}.0/rules/"
    rules = []

    for file in rule_files:
        logging.info(f"Fetching {file}...")
        try:
            response = requests.get(base_url + file)
            response.raise_for_status()
            raw_text = response.text
            sec_rules = re.findall(r'SecRule.*?"(.*?)"', raw_text, re.DOTALL)
            for rule in sec_rules:
                pattern = rule.strip().replace("\\", "")
                category = file.split('-')[-1].replace('.conf', '')
                if pattern:
                    rules.append({"category": category, "pattern": pattern})
        except requests.RequestException as e:
            logging.error(f"Failed to fetch or process {file}. Reason: {e}")
    logging.info(f"{len(rules)} rules fetched.")
    return rules


def save_as_json(rules: List[Dict[str, str]], output_file: str) -> None:
    """
    Saves the extracted rules as a JSON file.

    Parameters:
    rules (List[Dict[str, str]]): The list of extracted rules.
    output_file (str): The path of the output JSON file.
    """
    logging.info(f"Saving rules to {output_file}...")
    try:
        with open(output_file, 'w') as f:
            json.dump(rules, f, indent=4)
        logging.info(f"Rules saved successfully to {output_file}.")
    except IOError as e:
        logging.error(f"Failed to save rules to {output_file}. Reason: {e}")


if __name__ == "__main__":
    rule_files = fetch_rule_files()
    if rule_files:
        rules = fetch_owasp_rules(rule_files)
        if rules:
            save_as_json(rules, "owasp_rules.json")
    else:
        logging.error("Failed to fetch rule files. Exiting.")
Create owasp.py 2024-12-21 01:00:55 +01:00			`import requests`
			`import re`
			`import json`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`import logging`
Create owasp.py 2024-12-21 01:00:55 +01:00			`from typing import List, Dict`

Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`# Logging setup`
			`logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")`

Create owasp.py 2024-12-21 01:00:55 +01:00			`OWASP_CRS_BASE_URL = "https://api.github.com/repos/coreruleset/coreruleset/contents/rules"`
			`GITHUB_REF = "v4.0"`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`GITHUB_REPO_URL = "https://api.github.com/repos/coreruleset/coreruleset"`

Create owasp.py 2024-12-21 01:00:55 +01:00
			`def fetch_rule_files() -> List[str]:`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`"""`
			`Fetches a list of rule files from the OWASP Core Rule Set GitHub repository.`
			`It attempts to match a specific tag, and falls back to latest.`

			`Returns:`
			`List[str]: A list of rule file names (e.g., 'REQUEST-901-INITIALIZATION.conf').`
			`"""`
			`logging.info("Fetching available rule files from GitHub...")`
Create owasp.py 2024-12-21 01:00:55 +01:00			`# Step 1: Fetch all tags`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`ref_url = f"{GITHUB_REPO_URL}/git/refs/tags"`
			`try:`
			`ref_response = requests.get(ref_url)`
			`ref_response.raise_for_status()`
			`ref_data = ref_response.json()`
			`available_refs = [ref['ref'] for ref in ref_data]`
			`logging.debug(f"Available refs: {available_refs}")`
			`except requests.RequestException as e:`
			`logging.error(f"Failed to fetch tags from {ref_url}. Reason: {e}")`
			`return []`
Create owasp.py 2024-12-21 01:00:55 +01:00
			`# Step 2: Find the closest matching tag`
			`matched_ref = next((ref for ref in available_refs if ref.endswith(f"{GITHUB_REF}.0")), None)`

			`if matched_ref:`
			`ref_sha = next(ref['object']['sha'] for ref in ref_data if ref['ref'] == matched_ref)`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`logging.info(f"Found exact match for {GITHUB_REF}: {matched_ref}")`
Create owasp.py 2024-12-21 01:00:55 +01:00			`else:`
			`# Fallback to latest tag`
			`latest_ref = ref_data[-1]`
			`ref_sha = latest_ref['object']['sha']`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`logging.warning(f"{GITHUB_REF} not found. Using latest: {latest_ref['ref']}")`
Create owasp.py 2024-12-21 01:00:55 +01:00
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`logging.info(f"Using ref SHA: {ref_sha}")`
Create owasp.py 2024-12-21 01:00:55 +01:00
			`# Step 3: Fetch rule files using the selected SHA`
			`rules_url = f"{OWASP_CRS_BASE_URL}?ref={ref_sha}"`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`try:`
			`rules_response = requests.get(rules_url)`
			`rules_response.raise_for_status()`
			`files = [item['name'] for item in rules_response.json() if item['name'].endswith('.conf')]`
			`logging.info(f"Found {len(files)} rule files.")`
			`return files`
			`except requests.RequestException as e:`
			`logging.error(f"Failed to fetch rule files from {rules_url}. Reason: {e}")`
			`return []`
Create owasp.py 2024-12-21 01:00:55 +01:00

			`def fetch_owasp_rules(rule_files: List[str]) -> List[Dict[str, str]]:`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`"""`
			`Fetches SecRule patterns from OWASP CRS files, categorizes them, and returns a list of dictionaries.`

			`Parameters:`
			`rule_files (List[str]): A list of rule file names (e.g., ['REQUEST-901-INITIALIZATION.conf',...])`

			`Returns:`
			`List[Dict[str,str]]: A list of dictionaries, each containing a pattern and its category.`
			`e.g. [{'category': 'INITIALIZATION', 'pattern':'...'},...]`
			`"""`
			`logging.info("Fetching OWASP rules...")`
			`base_url = f"https://raw.githubusercontent.com/coreruleset/coreruleset/{GITHUB_REF}.0/rules/"`
Create owasp.py 2024-12-21 01:00:55 +01:00			`rules = []`

			`for file in rule_files:`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`logging.info(f"Fetching {file}...")`
			`try:`
			`response = requests.get(base_url + file)`
			`response.raise_for_status()`
			`raw_text = response.text`
			`sec_rules = re.findall(r'SecRule.?"(.?)"', raw_text, re.DOTALL)`
			`for rule in sec_rules:`
			`pattern = rule.strip().replace("\\", "")`
			`category = file.split('-')[-1].replace('.conf', '')`
			`if pattern:`
			`rules.append({"category": category, "pattern": pattern})`
			`except requests.RequestException as e:`
			`logging.error(f"Failed to fetch or process {file}. Reason: {e}")`
			`logging.info(f"{len(rules)} rules fetched.")`
Create owasp.py 2024-12-21 01:00:55 +01:00			`return rules`

Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00
Create owasp.py 2024-12-21 01:00:55 +01:00			`def save_as_json(rules: List[Dict[str, str]], output_file: str) -> None:`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`"""`
			`Saves the extracted rules as a JSON file.`

			`Parameters:`
			`rules (List[Dict[str, str]]): The list of extracted rules.`
			`output_file (str): The path of the output JSON file.`
			`"""`
			`logging.info(f"Saving rules to {output_file}...")`
			`try:`
			`with open(output_file, 'w') as f:`
			`json.dump(rules, f, indent=4)`
			`logging.info(f"Rules saved successfully to {output_file}.")`
			`except IOError as e:`
			`logging.error(f"Failed to save rules to {output_file}. Reason: {e}")`

Create owasp.py 2024-12-21 01:00:55 +01:00
			`if __name__ == "__main__":`
			`rule_files = fetch_rule_files()`
Update owasp.py Minor improvements. 2024-12-21 11:31:31 +01:00			`if rule_files:`
			`rules = fetch_owasp_rules(rule_files)`
			`if rules:`
			`save_as_json(rules, "owasp_rules.json")`
			`else:`
			`logging.error("Failed to fetch rule files. Exiting.")`