Skip to content

Commit

Permalink
chore: updates coraza to latest, fixes nightly build (envoyproxy#169)
Browse files Browse the repository at this point in the history
  • Loading branch information
M4tteoP authored Mar 31, 2023
1 parent 48003e3 commit 155716d
Show file tree
Hide file tree
Showing 33 changed files with 1,207 additions and 781 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ configuration:

### Running go-ftw (CRS Regression tests)

The following command runs the [go-ftw](https://github.com/fzipi/go-ftw) test suite against the filter with the CRS fully loaded.
The following command runs the [go-ftw](https://github.com/coreruleset/go-ftw) test suite against the filter with the CRS fully loaded.

```bash
go run mage.go ftw
Expand Down
6 changes: 3 additions & 3 deletions ftw/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
# Copyright 2022 The OWASP Coraza contributors
# SPDX-License-Identifier: Apache-2.0

FROM ghcr.io/coreruleset/go-ftw:0.4.7
FROM ghcr.io/coreruleset/go-ftw:0.4.9

RUN apk update && apk add curl

WORKDIR /workspace

# TODO update when new CRS version is tagged: https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.0.0-rc1.tar.gz
ADD https://github.com/coreruleset/coreruleset/tarball/752a1b24e68ad4f4625509b67341c7c8590e6d0b /workspace/coreruleset/
RUN cd coreruleset && tar -xf 752a1b24e68ad4f4625509b67341c7c8590e6d0b --strip-components 1
ADD https://github.com/coreruleset/coreruleset/tarball/477d8c3431d042294af2651f08d63d10b6f3fd60 /workspace/coreruleset/
RUN cd coreruleset && tar -xf 477d8c3431d042294af2651f08d63d10b6f3fd60 --strip-components 1

COPY ftw.yml /workspace/ftw.yml
COPY tests.sh /workspace/tests.sh
Expand Down
31 changes: 13 additions & 18 deletions ftw/ftw.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,21 @@ testoverride:
'920274-2': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-3': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-5': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'

'932161-7': 'Referer header is sanitized by Envoy and removed from the request'
'932161-8': 'Referer header is sanitized by Envoy and removed from the request'
'932161-9': 'Referer header is sanitized by Envoy and removed from the request'
'932161-10': 'Referer header is sanitized by Envoy and removed from the request'
'932161-11': 'Referer header is sanitized by Envoy and removed from the request'
'932161-12': 'Referer header is sanitized by Envoy and removed from the request'
'932236-6': 'Referer header is sanitized by Envoy and removed from the request'
'932236-7': 'Referer header is sanitized by Envoy and removed from the request'
'932236-28': 'Referer header is sanitized by Envoy and removed from the request'
'932237-6': 'Referer header is sanitized by Envoy and removed from the request'
'932237-7': 'Referer header is sanitized by Envoy and removed from the request'
'932237-8': 'Referer header is sanitized by Envoy and removed from the request'

# Rules working, tests excluded for different expected output
'920270-4': 'Log contains 920270. Test has log_contains disabled.'
# '920340-2': 'Log contains 920340, but tests expects expect_error: true'

# Failing tests to be addressed
'920180-4': 'False positive. go-ftw sends POST / HTTP/2.0, but coraza-proxy-wasm reads HTTP/1.0. It does not happen with curl --http2-prior-knowledge'

# Coraza related issues
'920171-2': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
Expand All @@ -42,21 +50,8 @@ testoverride:
'920430-5': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-8': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-9': 'Rule 920430 not detected. Proto version. Coraza side'
'921180-2': 'False Positive. Parameters with the same name. Coraza Side'
'921180-4': 'False Positive. Parameters with the same name. Coraza Side'
'921180-5': 'False Positive. Parameters with the same name. Coraza Side'
'921180-6': 'False Positive. Parameters with the same name. Coraza Side'
'934120-23': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-24': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-25': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-26': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-39': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934130-8': 'Rule 934130 partially detected.'
'934130-9': 'Rule 934130 partially detected. Coraza side'
'934130-10': 'Rule 934130 partially detected. Coraza side'
'934130-11': 'Rule 934130 partially detected. Coraza side'
'934131-2': 'Rule 934131 not detected. Coraza side'
'941310-1': 'Rule 941310 partially detected. Coraza side'
'941310-3': 'Rule 941310 partially detected. Coraza side'
'942522-7': 'Rule 944200 partially detected. Coraza side'
'944200-1': 'Rule 944200 not detected. Coraza side'
13 changes: 7 additions & 6 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ module github.com/corazawaf/coraza-proxy-wasm
go 1.19

require (
github.com/corazawaf/coraza-wasilibs v0.0.0-20230203072127-1efe825d0089
github.com/corazawaf/coraza/v3 v3.0.0-20230316212719-785cdce7062c
github.com/corazawaf/coraza-wasilibs v0.0.0-20230330075532-813619a9f702
github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230331094959-1207ffe628c0
github.com/stretchr/testify v1.8.0
github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0
github.com/tidwall/gjson v1.14.4
Expand All @@ -18,13 +18,14 @@ require (
github.com/magefile/mage v1.14.0 // indirect
github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/tetratelabs/wazero v1.0.0-rc.1 // indirect
github.com/tetratelabs/wazero v1.0.1 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
github.com/wasilibs/go-aho-corasick v0.2.0 // indirect
github.com/wasilibs/go-libinjection v0.1.0 // indirect
github.com/wasilibs/go-re2 v0.1.0 // indirect
github.com/wasilibs/go-aho-corasick v0.3.0 // indirect
github.com/wasilibs/go-libinjection v0.2.1 // indirect
github.com/wasilibs/go-re2 v1.0.0 // indirect
golang.org/x/net v0.8.0 // indirect
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
rsc.io/binaryregexp v0.2.0 // indirect
)
26 changes: 14 additions & 12 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
github.com/corazawaf/coraza-wasilibs v0.0.0-20230203072127-1efe825d0089 h1:g2hQT6RtJqt2pgs6W1Fc3EFq4pGBAAkyT0VPLwJsKvg=
github.com/corazawaf/coraza-wasilibs v0.0.0-20230203072127-1efe825d0089/go.mod h1:J6mAYvwpBb16W9l2e/H6NFwK0OICzn3pWW56B4Lbz64=
github.com/corazawaf/coraza/v3 v3.0.0-20230316212719-785cdce7062c h1:eQ9zs6FAUScxDbBFZ8e7Kpm9R3emPK04OIZhC5ALGiU=
github.com/corazawaf/coraza/v3 v3.0.0-20230316212719-785cdce7062c/go.mod h1:GhpyYpKaOG/wHZtdyUpu74wo9StS3fzmtKvgSzms/XQ=
github.com/corazawaf/coraza-wasilibs v0.0.0-20230330075532-813619a9f702 h1:AERcQzqpM2f487riXo7j+GTXbKb209xKbC7hebtkhPI=
github.com/corazawaf/coraza-wasilibs v0.0.0-20230330075532-813619a9f702/go.mod h1:649+6RWhv7A3FhTnzlbkbRSonLwhY7drUkYmAQZj5hk=
github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230331094959-1207ffe628c0 h1:jZUD3AlDJyH0XrhjoSAqimUhAGyARLBwzMogEMzc4UE=
github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230331094959-1207ffe628c0/go.mod h1:BKoHfX9ElA9uw7GBtKisLYM1snL2TRnA55GTA+Z/4ow=
github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM=
github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand All @@ -27,21 +27,21 @@ github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PK
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0 h1:kS7BvMKN+FiptV4pfwiNX8e3q14evxAWkhYbxt8EI1M=
github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0/go.mod h1:qkW5MBz2jch2u8bS59wws65WC+Gtx3x0aPUX5JL7CXI=
github.com/tetratelabs/wazero v1.0.0-rc.1 h1:ytecMV5Ue0BwezjKh/cM5yv1Mo49ep2R2snSsQUyToc=
github.com/tetratelabs/wazero v1.0.0-rc.1/go.mod h1:wYx2gNRg8/WihJfSDxA1TIL8H+GkfLYm+bIfbblu9VQ=
github.com/tetratelabs/wazero v1.0.1 h1:xyWBoGyMjYekG3mEQ/W7xm9E05S89kJ/at696d/9yuc=
github.com/tetratelabs/wazero v1.0.1/go.mod h1:wYx2gNRg8/WihJfSDxA1TIL8H+GkfLYm+bIfbblu9VQ=
github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=
github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/wasilibs/go-aho-corasick v0.2.0 h1:32cgC99Id42dzoUupwn0nMPMxz3QD6DlxdjYpOVfZOA=
github.com/wasilibs/go-aho-corasick v0.2.0/go.mod h1:70K0dlZi6vyp5xyczyd73SCZMYcxswRXLVnUwQSKpM4=
github.com/wasilibs/go-libinjection v0.1.0 h1:WivsHc8c0cNWETEVhG0NpCezxvCn9zlVli/YkekFgXk=
github.com/wasilibs/go-libinjection v0.1.0/go.mod h1:yRoVK5Ks0kH65fJB1uzppuEn77pJmP8hagoAdPcgbtI=
github.com/wasilibs/go-re2 v0.1.0 h1:+pcjlvge6E9WWU4eaMlULRikEUkhPDXSFfCF5p7htMI=
github.com/wasilibs/go-re2 v0.1.0/go.mod h1:F91Yac+zPNDFrrd8fl4mSd7+TTu2tYiX56BEIEPQl2M=
github.com/wasilibs/go-aho-corasick v0.3.0 h1:ScfPQhAwop/ELIkwY0dfMTFb/bwOdYI/MB3mkX2WOZI=
github.com/wasilibs/go-aho-corasick v0.3.0/go.mod h1:LKW6EW9NWuWYE8PII+sFpRbbY3UcrMUgfUTkGaoWyMY=
github.com/wasilibs/go-libinjection v0.2.1 h1:1aSwyE4oNpPGpFw3i3hoM15sF3qn1s4P0jC2jgFM2Qk=
github.com/wasilibs/go-libinjection v0.2.1/go.mod h1:ZUoVe+HLQYq+QPBNTSgg3fxGvZsvXiDbi0UomBlsGzo=
github.com/wasilibs/go-re2 v1.0.0 h1:pvrqtMzZgTMHVPfXJrk4YZwiqIXOKdfo5aed6CzUAW4=
github.com/wasilibs/go-re2 v1.0.0/go.mod h1:8g69JapfgjSCx49dKOQij1dqA3sOvoH5NteaUy1X0SA=
github.com/wasilibs/nottinygc v0.2.0 h1:cXz2Ac9bVMLkpuOlUlPQMWowjw0K2cOErXZOFdAj7yE=
github.com/wasilibs/nottinygc v0.2.0/go.mod h1:oDcIotskuYNMpqMF23l7Z8uzD4TC0WXHK8jetlB3HIo=
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
Expand All @@ -55,3 +55,5 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
Loading

0 comments on commit 155716d

Please sign in to comment.