Code inside plugin.register function is not executed in openrasp

I was trying to get execute openrasp. I installed it both on PHP and java applications. I expected the application to log the malicious requests but its not working. I tried both on PHP and java applications. The code inside plugin.register function isn't being executed.

I was testing on the standard test-cases recommended by baidu-security team for testing. https://github.com/baidu-security/openrasp-testcases/blob/master/java/vulns/src/main/webapp/002-file-read.jsp

// Inside plugins/888-block-all.js

plugin.register('readFile', function (params, context) {
    plugin.log('inside readFile module')
    return default_action
})
...
plugin.log ('all intercept plugin test: initial success')

The second log statement is being saved to an output file but the first log statement is not getting saved because that function isn't getting triggered.

And please include the following information: - Operating system type and architecture Ubuntu 18.04 - Application server type and version Machine1: PHP 7.2 Machine2: openjdk 1.8.0_222, apache tomcat 8.5.45 & tomcat 9.0.24 (tried with multiple versions)

  • OpenRASP version v1.2.0 (7c1eee5)

I added a custom plugin to $TOMCAT_PATH/rasp/plugins https://github.com/baidu/openrasp/blob/master/plugins/addons/888-block-all.js to block all requests, to confirm that openrasp is able to block the requests. But I don't see any output written to alarm.log file.

https://github.com/baidu/openrasp/blob/master/plugins/addons/888-block-all.js#L37 logs the readFile vulnerability to alarm.log while https://github.com/baidu/openrasp/blob/master/plugins/addons/888-block-all.js#L76 logs the plugin initialization values to plugin.log

My application is able to log the plugin initilization information to plugin.log but its not able to trigger the alerts/block requests and alarm.log is empty always.

root@f017d0df9d00:/opt/tomcat/apache-tomcat-8.5.45/rasp/logs# tail plugin/plugin.log -n 4
2019-09-09 17:25:28,142 INFO  [INotify thread][com.baidu.openrasp.plugin.js.log] [official] OpenRASP official plugin: Initialized, version 2019-0828-1100
2019-09-09 17:25:28,143 INFO  [INotify thread][com.baidu.openrasp.plugin.js.log] [block-all-test] all intercept plugin test: initial success
2019-09-09 17:25:31,921 INFO  [main][com.baidu.openrasp.plugin.js.log] [official] OpenRASP official plugin: Initialized, version 2019-0828-1100
2019-09-09 17:25:31,924 INFO  [main][com.baidu.openrasp.plugin.js.log] [block-all-test] all intercept plugin test: initial success

I edited the conf/openrasp.yml to add custom headers like X-Download-Options, etc and everything is working good.

root@f017d0df9d00:/opt/tomcat/apache-tomcat-8.5.45/rasp/logs# curl 127.0.0.1:8082/vulns/002-file-read.jsp -I -L
HTTP/1.1 200
X-Protected-By: OpenRASP
X-Request-ID: 59c2eef5e3b24cc299718eb01ae37a98
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
Set-Cookie: JSESSIONID=79BA23F296362A5CABCC0E84FAC7B14F; Path=/vulns; HttpOnly
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 09 Sep 2019 17:28:01 GMT

Any suggestions?