Skip to content

Commit

Permalink
chore: upgrades coraza to 9db5a595e205 (envoyproxy#64)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcchavezs
jcchavezs authored Nov 4, 2022
1 parent 563de51 commit 22f97c6
Show file tree
Hide file tree
Showing 10 changed files with 39 additions and 45 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/corazawaf/coraza-proxy-wasm
go 1.19

require (
github.com/corazawaf/coraza/v3 v3.0.0-20221028022635-635fad46ea34
github.com/corazawaf/coraza/v3 v3.0.0-20221102084932-9db5a595e205
github.com/magefile/mage v1.14.0
github.com/stretchr/testify v1.8.0
github.com/tetratelabs/proxy-wasm-go-sdk v0.20.1-0.20221031045735-89d180d022a5
Expand All @@ -20,7 +20,7 @@ require (
github.com/tetratelabs/wazero v1.0.0-pre.3 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
golang.org/x/net v0.0.0-20221019024206-cb67ada4b0ad // indirect
golang.org/x/net v0.1.0 // indirect
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
10 changes: 5 additions & 5 deletions go.sum
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
github.com/corazawaf/coraza/v3 v3.0.0-20221028022635-635fad46ea34 h1:kh70ZE9Df1xhebrqhwkCqV0bKkr/mjXwyDEYPBmgEJ4=
github.com/corazawaf/coraza/v3 v3.0.0-20221028022635-635fad46ea34/go.mod h1:+ypLPFkX5j1GwKi+rqRZ57W3lSHReBdeVLh0o8qirI4=
github.com/corazawaf/coraza/v3 v3.0.0-20221102084932-9db5a595e205 h1:5oYLLd58Pxm2WCEsEpub6+/ikEcvFNKPu6ZPpfGn6xY=
github.com/corazawaf/coraza/v3 v3.0.0-20221102084932-9db5a595e205/go.mod h1:SMJQI/wT4xkDyCPnt6LN3q8bnci/VXhq7IglfW5isOM=
github.com/corazawaf/libinjection-go v0.1.1 h1:N/SMuy9Q4wPL72pU/OsoYjIIjfvUbsVwHf8A3tWMLKg=
github.com/corazawaf/libinjection-go v0.1.1/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down Expand Up @@ -37,9 +37,9 @@ github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhso
github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
golang.org/x/net v0.0.0-20221019024206-cb67ada4b0ad h1:Zx6wVVDwwNJFWXNIvDi7o952w3/1ckSwYk/7eykRmjM=
golang.org/x/net v0.0.0-20221019024206-cb67ada4b0ad/go.mod h1:RpDiru2p0u2F0lLpEoqnP2+7xs0ifAuOcJ442g6GU2s=
golang.org/x/sys v0.0.0-20221010170243-090e33056c14 h1:k5II8e6QD8mITdi+okbbmR/cIyEbeXLBhy5Ha4nevyc=
golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
Expand Down
11 changes: 5 additions & 6 deletions internal/bodyprocessors/xml.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@ import (
"github.com/corazawaf/coraza/v3/rules"
)

type xmlBodyProcessor struct {
}
type xmlBodyProcessor struct{}

var (
_ bodyprocessors.BodyProcessor = &xmlBodyProcessor{}
)

func (*xmlBodyProcessor) ProcessRequest(reader io.Reader, vars rules.TransactionVariables, _ bodyprocessors.Options) error {
values, contents, err := readXML(reader)
Expand Down Expand Up @@ -61,10 +64,6 @@ func readXML(reader io.Reader) ([]string, []string, error) {
return attrs, content, nil
}

var (
_ bodyprocessors.BodyProcessor = &xmlBodyProcessor{}
)

func Register() {
bodyprocessors.Register("xml", func() bodyprocessors.BodyProcessor {
return &xmlBodyProcessor{}
Expand Down
12 changes: 6 additions & 6 deletions internal/operators/operators.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ package operators

import (
"github.com/corazawaf/coraza/v3/operators"
"github.com/corazawaf/coraza/v3/rules"
)

func Register() {
operators.Register("detectSQLi", func() rules.Operator { return &detectSQLi{} })
operators.Register("detectXSS", func() rules.Operator { return &detectXSS{} })
operators.Register("rx", func() rules.Operator { return &rx{} })
operators.Register("pm", func() rules.Operator { return &pm{} })
operators.Register("pmFromFile", func() rules.Operator { return &pmFromFile{} })

operators.Register("detectSQLi", newDetectSQLi)
operators.Register("detectXSS", newDetectXSS)
operators.Register("rx", newRX)
operators.Register("pm", newPM)
operators.Register("pmFromFile", newPMFromFile)
}
5 changes: 2 additions & 3 deletions internal/operators/pm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,8 @@ type pm struct {

var _ rules.Operator = (*pm)(nil)

func (o *pm) Init(options rules.OperatorOptions) error {
o.m = ahocorasick.NewMatcher(strings.Split(options.Arguments, " "))
return nil
func newPM(options rules.OperatorOptions) (rules.Operator, error) {
return &pm{m: ahocorasick.NewMatcher(strings.Split(options.Arguments, " "))}, nil
}

func (o *pm) Evaluate(tx rules.TransactionState, value string) bool {
Expand Down
17 changes: 3 additions & 14 deletions internal/operators/pm_from_file.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,12 @@ import (
"github.com/corazawaf/coraza-proxy-wasm/internal/ahocorasick"
)

type pmFromFile struct {
m ahocorasick.Matcher
}

var _ rules.Operator = (*pmFromFile)(nil)

func (o *pmFromFile) Init(options rules.OperatorOptions) error {
func newPMFromFile(options rules.OperatorOptions) (rules.Operator, error) {
path := options.Arguments

data, err := loadFromFile(path, options.Path, options.Root)
if err != nil {
return err
return nil, err
}

var lines []string
Expand All @@ -43,10 +37,5 @@ func (o *pmFromFile) Init(options rules.OperatorOptions) error {
lines = append(lines, strings.ToLower(l))
}

o.m = ahocorasick.NewMatcher(lines)
return nil
}

func (o *pmFromFile) Evaluate(tx rules.TransactionState, value string) bool {
return pmEvaluate(o.m, tx, value)
return &pm{m: ahocorasick.NewMatcher(lines)}, nil
}
9 changes: 7 additions & 2 deletions internal/operators/rx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ type rx struct {

var _ rules.Operator = (*rx)(nil)

func (o *rx) Init(options rules.OperatorOptions) error {
func newRX(options rules.OperatorOptions) (rules.Operator, error) {
o := &rx{}
data := options.Arguments

if data == `(?:\$(?:\((?:\(.*\)|.*)\)|\{.*})|\/\w*\[!?.+\]|[<>]\(.*\))` {
Expand All @@ -29,8 +30,12 @@ func (o *rx) Init(options rules.OperatorOptions) error {
}

re, err := re2.Compile(data)
if err != nil {
return nil, err
}

o.re = re
return err
return o, err
}

func (o *rx) Evaluate(tx rules.TransactionState, value string) bool {
Expand Down
7 changes: 4 additions & 3 deletions internal/operators/sqli.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,13 @@ import (
"github.com/corazawaf/coraza-proxy-wasm/internal/injection"
)

type detectSQLi struct {
}
type detectSQLi struct{}

var _ rules.Operator = (*detectSQLi)(nil)

func (o *detectSQLi) Init(options rules.OperatorOptions) error { return nil }
func newDetectSQLi(rules.OperatorOptions) (rules.Operator, error) {
return &detectSQLi{}, nil
}

func (o *detectSQLi) Evaluate(tx rules.TransactionState, value string) bool {
res, fp := injection.IsSQLi(value)
Expand Down
7 changes: 4 additions & 3 deletions internal/operators/xss.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,13 @@ import (
"github.com/corazawaf/coraza-proxy-wasm/internal/injection"
)

type detectXSS struct {
}
type detectXSS struct{}

var _ rules.Operator = (*detectXSS)(nil)

func (o *detectXSS) Init(options rules.OperatorOptions) error { return nil }
func newDetectXSS(rules.OperatorOptions) (rules.Operator, error) {
return &detectXSS{}, nil
}

func (o *detectXSS) Evaluate(tx rules.TransactionState, value string) bool {
return injection.IsXSS(value)
Expand Down
2 changes: 1 addition & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,7 @@ func (ctx *httpContext) handleInterruption(phase string, interruption *ctypes.In

func logError(error ctypes.MatchedRule) {
msg := error.ErrorLog(0)
switch error.Rule.Severity {
switch error.Rule().Severity() {
case ctypes.RuleSeverityEmergency:
proxywasm.LogCritical(msg)
case ctypes.RuleSeverityAlert:
Expand Down

0 comments on commit 22f97c6

Please sign in to comment.