This pull request makes it so that Data that are encrypted via Credentials lead to bypassing the PayloadInspection defence on the ConnectionRules they could be traversing.
The assumption is that the ConnectionRule needs to allow for encrypted traffic and therefore the attacker could also just encrypt their sessions to elude payload inspection.
The current implementation only works for ConnectionRules that have an association to a receiving/sending Application. Determining whether a ConnectionRule that bridges only Networks is used by a specific Data asset is not impossible, but very cumbersome, so for the time being this was not implemented.
A workaround can be used in the meantime where a dummy Application that matches the directionality of the traffic can be added to the ConnectionRules that is used to just to determine if the payloadInspection should be bypassed or not.
This pull request makes it so that
Datathat are encrypted viaCredentialslead to bypassing thePayloadInspectiondefence on theConnectionRulesthey could be traversing.The assumption is that the
ConnectionRuleneeds to allow for encrypted traffic and therefore the attacker could also just encrypt their sessions to elude payload inspection.The current implementation only works for
ConnectionRulesthat have an association to a receiving/sendingApplication. Determining whether aConnectionRulethat bridges onlyNetworksis used by a specificDataasset is not impossible, but very cumbersome, so for the time being this was not implemented.A workaround can be used in the meantime where a dummy
Applicationthat matches the directionality of the traffic can be added to theConnectionRulesthat is used to just to determine if thepayloadInspectionshould be bypassed or not.