Code inside plugin.register function is not executed in openrasp

I was trying to get execute openrasp. I installed it both on PHP and java applications. I expected the application to log the malicious requests but its not working. I tried both on PHP and java applications. The code inside plugin.register function isn't being executed.

I was testing on the standard test-cases recommended by baidu-security team for testing.

// Inside plugins/888-block-all.js

plugin.register('readFile', function (params, context) {
    plugin.log('inside readFile module')
    return default_action
plugin.log ('all intercept plugin test: initial success')

The second log statement is being saved to an output file but the first log statement is not getting saved because that function isn't getting triggered.

And please include the following information: - Operating system type and architecture Ubuntu 18.04 - Application server type and version Machine1: PHP 7.2 Machine2: openjdk 1.8.0_222, apache tomcat 8.5.45 & tomcat 9.0.24 (tried with multiple versions)

  • OpenRASP version v1.2.0 (7c1eee5)

I added a custom plugin to $TOMCAT_PATH/rasp/plugins to block all requests, to confirm that openrasp is able to block the requests. But I don't see any output written to alarm.log file. logs the readFile vulnerability to alarm.log while logs the plugin initialization values to plugin.log

My application is able to log the plugin initilization information to plugin.log but its not able to trigger the alerts/block requests and alarm.log is empty always.

root@f017d0df9d00:/opt/tomcat/apache-tomcat-8.5.45/rasp/logs# tail plugin/plugin.log -n 4
2019-09-09 17:25:28,142 INFO  [INotify thread][] [official] OpenRASP official plugin: Initialized, version 2019-0828-1100
2019-09-09 17:25:28,143 INFO  [INotify thread][] [block-all-test] all intercept plugin test: initial success
2019-09-09 17:25:31,921 INFO  [main][] [official] OpenRASP official plugin: Initialized, version 2019-0828-1100
2019-09-09 17:25:31,924 INFO  [main][] [block-all-test] all intercept plugin test: initial success

I edited the conf/openrasp.yml to add custom headers like X-Download-Options, etc and everything is working good.

root@f017d0df9d00:/opt/tomcat/apache-tomcat-8.5.45/rasp/logs# curl -I -L
HTTP/1.1 200
X-Protected-By: OpenRASP
X-Request-ID: 59c2eef5e3b24cc299718eb01ae37a98
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
Set-Cookie: JSESSIONID=79BA23F296362A5CABCC0E84FAC7B14F; Path=/vulns; HttpOnly
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 09 Sep 2019 17:28:01 GMT

Any suggestions?