diff --git a/go.mod b/go.mod index 6874460493317..6a0298cafda16 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/corazawaf/coraza-proxy-wasm go 1.19 require ( - github.com/corazawaf/coraza/v3 v3.0.0-20221028022635-635fad46ea34 + github.com/corazawaf/coraza/v3 v3.0.0-20221102084932-9db5a595e205 github.com/magefile/mage v1.14.0 github.com/stretchr/testify v1.8.0 github.com/tetratelabs/proxy-wasm-go-sdk v0.20.1-0.20221031045735-89d180d022a5 @@ -20,7 +20,7 @@ require ( github.com/tetratelabs/wazero v1.0.0-pre.3 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect - golang.org/x/net v0.0.0-20221019024206-cb67ada4b0ad // indirect + golang.org/x/net v0.1.0 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 760d7d2be66ed..a9acc040bd682 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/corazawaf/coraza/v3 v3.0.0-20221028022635-635fad46ea34 h1:kh70ZE9Df1xhebrqhwkCqV0bKkr/mjXwyDEYPBmgEJ4= -github.com/corazawaf/coraza/v3 v3.0.0-20221028022635-635fad46ea34/go.mod h1:+ypLPFkX5j1GwKi+rqRZ57W3lSHReBdeVLh0o8qirI4= +github.com/corazawaf/coraza/v3 v3.0.0-20221102084932-9db5a595e205 h1:5oYLLd58Pxm2WCEsEpub6+/ikEcvFNKPu6ZPpfGn6xY= +github.com/corazawaf/coraza/v3 v3.0.0-20221102084932-9db5a595e205/go.mod h1:SMJQI/wT4xkDyCPnt6LN3q8bnci/VXhq7IglfW5isOM= github.com/corazawaf/libinjection-go v0.1.1 h1:N/SMuy9Q4wPL72pU/OsoYjIIjfvUbsVwHf8A3tWMLKg= github.com/corazawaf/libinjection-go v0.1.1/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -37,9 +37,9 @@ github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhso github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= -golang.org/x/net v0.0.0-20221019024206-cb67ada4b0ad h1:Zx6wVVDwwNJFWXNIvDi7o952w3/1ckSwYk/7eykRmjM= -golang.org/x/net v0.0.0-20221019024206-cb67ada4b0ad/go.mod h1:RpDiru2p0u2F0lLpEoqnP2+7xs0ifAuOcJ442g6GU2s= -golang.org/x/sys v0.0.0-20221010170243-090e33056c14 h1:k5II8e6QD8mITdi+okbbmR/cIyEbeXLBhy5Ha4nevyc= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= diff --git a/internal/bodyprocessors/xml.go b/internal/bodyprocessors/xml.go index 71a47f1e337cc..75a636b4d051f 100644 --- a/internal/bodyprocessors/xml.go +++ b/internal/bodyprocessors/xml.go @@ -17,8 +17,11 @@ import ( "github.com/corazawaf/coraza/v3/rules" ) -type xmlBodyProcessor struct { -} +type xmlBodyProcessor struct{} + +var ( + _ bodyprocessors.BodyProcessor = &xmlBodyProcessor{} +) func (*xmlBodyProcessor) ProcessRequest(reader io.Reader, vars rules.TransactionVariables, _ bodyprocessors.Options) error { values, contents, err := readXML(reader) @@ -61,10 +64,6 @@ func readXML(reader io.Reader) ([]string, []string, error) { return attrs, content, nil } -var ( - _ bodyprocessors.BodyProcessor = &xmlBodyProcessor{} -) - func Register() { bodyprocessors.Register("xml", func() bodyprocessors.BodyProcessor { return &xmlBodyProcessor{} diff --git a/internal/operators/operators.go b/internal/operators/operators.go index 3ee747f628633..9249e4758c5cd 100644 --- a/internal/operators/operators.go +++ b/internal/operators/operators.go @@ -7,13 +7,13 @@ package operators import ( "github.com/corazawaf/coraza/v3/operators" - "github.com/corazawaf/coraza/v3/rules" ) func Register() { - operators.Register("detectSQLi", func() rules.Operator { return &detectSQLi{} }) - operators.Register("detectXSS", func() rules.Operator { return &detectXSS{} }) - operators.Register("rx", func() rules.Operator { return &rx{} }) - operators.Register("pm", func() rules.Operator { return &pm{} }) - operators.Register("pmFromFile", func() rules.Operator { return &pmFromFile{} }) + + operators.Register("detectSQLi", newDetectSQLi) + operators.Register("detectXSS", newDetectXSS) + operators.Register("rx", newRX) + operators.Register("pm", newPM) + operators.Register("pmFromFile", newPMFromFile) } diff --git a/internal/operators/pm.go b/internal/operators/pm.go index bb827c75c693a..6236750c6de42 100644 --- a/internal/operators/pm.go +++ b/internal/operators/pm.go @@ -19,9 +19,8 @@ type pm struct { var _ rules.Operator = (*pm)(nil) -func (o *pm) Init(options rules.OperatorOptions) error { - o.m = ahocorasick.NewMatcher(strings.Split(options.Arguments, " ")) - return nil +func newPM(options rules.OperatorOptions) (rules.Operator, error) { + return &pm{m: ahocorasick.NewMatcher(strings.Split(options.Arguments, " "))}, nil } func (o *pm) Evaluate(tx rules.TransactionState, value string) bool { diff --git a/internal/operators/pm_from_file.go b/internal/operators/pm_from_file.go index 849b63b23e549..2b6af3ec6b460 100644 --- a/internal/operators/pm_from_file.go +++ b/internal/operators/pm_from_file.go @@ -15,18 +15,12 @@ import ( "github.com/corazawaf/coraza-proxy-wasm/internal/ahocorasick" ) -type pmFromFile struct { - m ahocorasick.Matcher -} - -var _ rules.Operator = (*pmFromFile)(nil) - -func (o *pmFromFile) Init(options rules.OperatorOptions) error { +func newPMFromFile(options rules.OperatorOptions) (rules.Operator, error) { path := options.Arguments data, err := loadFromFile(path, options.Path, options.Root) if err != nil { - return err + return nil, err } var lines []string @@ -43,10 +37,5 @@ func (o *pmFromFile) Init(options rules.OperatorOptions) error { lines = append(lines, strings.ToLower(l)) } - o.m = ahocorasick.NewMatcher(lines) - return nil -} - -func (o *pmFromFile) Evaluate(tx rules.TransactionState, value string) bool { - return pmEvaluate(o.m, tx, value) + return &pm{m: ahocorasick.NewMatcher(lines)}, nil } diff --git a/internal/operators/rx.go b/internal/operators/rx.go index 9bb86ed30c38c..f40b72934e78a 100644 --- a/internal/operators/rx.go +++ b/internal/operators/rx.go @@ -20,7 +20,8 @@ type rx struct { var _ rules.Operator = (*rx)(nil) -func (o *rx) Init(options rules.OperatorOptions) error { +func newRX(options rules.OperatorOptions) (rules.Operator, error) { + o := &rx{} data := options.Arguments if data == `(?:\$(?:\((?:\(.*\)|.*)\)|\{.*})|\/\w*\[!?.+\]|[<>]\(.*\))` { @@ -29,8 +30,12 @@ func (o *rx) Init(options rules.OperatorOptions) error { } re, err := re2.Compile(data) + if err != nil { + return nil, err + } + o.re = re - return err + return o, err } func (o *rx) Evaluate(tx rules.TransactionState, value string) bool { diff --git a/internal/operators/sqli.go b/internal/operators/sqli.go index 900dd4d8403cb..6e6072cbdc5df 100644 --- a/internal/operators/sqli.go +++ b/internal/operators/sqli.go @@ -11,12 +11,13 @@ import ( "github.com/corazawaf/coraza-proxy-wasm/internal/injection" ) -type detectSQLi struct { -} +type detectSQLi struct{} var _ rules.Operator = (*detectSQLi)(nil) -func (o *detectSQLi) Init(options rules.OperatorOptions) error { return nil } +func newDetectSQLi(rules.OperatorOptions) (rules.Operator, error) { + return &detectSQLi{}, nil +} func (o *detectSQLi) Evaluate(tx rules.TransactionState, value string) bool { res, fp := injection.IsSQLi(value) diff --git a/internal/operators/xss.go b/internal/operators/xss.go index dbac8d189c750..8476d23faacac 100644 --- a/internal/operators/xss.go +++ b/internal/operators/xss.go @@ -11,12 +11,13 @@ import ( "github.com/corazawaf/coraza-proxy-wasm/internal/injection" ) -type detectXSS struct { -} +type detectXSS struct{} var _ rules.Operator = (*detectXSS)(nil) -func (o *detectXSS) Init(options rules.OperatorOptions) error { return nil } +func newDetectXSS(rules.OperatorOptions) (rules.Operator, error) { + return &detectXSS{}, nil +} func (o *detectXSS) Evaluate(tx rules.TransactionState, value string) bool { return injection.IsXSS(value) diff --git a/main.go b/main.go index 46ddfb9dbd1dc..9d2a57121303f 100644 --- a/main.go +++ b/main.go @@ -329,7 +329,7 @@ func (ctx *httpContext) handleInterruption(phase string, interruption *ctypes.In func logError(error ctypes.MatchedRule) { msg := error.ErrorLog(0) - switch error.Rule.Severity { + switch error.Rule().Severity() { case ctypes.RuleSeverityEmergency: proxywasm.LogCritical(msg) case ctypes.RuleSeverityAlert: