Skip to content

Commit

Permalink
Adds DownloadCorazaConfig, CI changes check (#16)
Browse files Browse the repository at this point in the history 
* adds DownloadCorazaConfig, CI changes check

* downloadDeps as unified command

* check changes

* moves to tag instead of sha for crs 4.0.0

* test Ci fail

* moves to a manual action

* revert change test
  • Loading branch information
@M4tteoP
M4tteoP authored Mar 11, 2024
1 parent 6aa4fc9 commit eeb2558
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 22 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/ci.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,9 @@ func main() {
}
```

## How to update to a newer CRS version
## How to update to a newer CRS and Coraza config version

1. Update the `crsVersion` constant in [`version.go`](/version.go) with the wished [CRS](https://github.com/coreruleset/coreruleset) commit SHA.
2. Run `mage downloadCRS`.
1. Update the `crsVersion` and `corazaVersion` constants in [`version.go`](/version.go) with the wished [CRS](https://github.com/coreruleset/coreruleset) and [Coraza](https://github.com/corazawaf/coraza) commit SHA or tags.
2. Run `go run mage.go downloadDeps`.
3. Double check the changes made under the `/rules` and `/tests` directories.
3. Commit your changes.
87 changes: 69 additions & 18 deletions magefile.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,49 @@ import (
"github.com/magefile/mage/sh"
)

func DownloadCRS() error {
rulesDir := "rules"
const (
rulesDir = "rules"
testsDir = "tests"
)

// DownloadDeps downloads the OWASP CRS and the recommended OWASP Coraza configuration file
func DownloadDeps() error {
if err := downloadCRS(); err != nil {
return err
}

if err := downloadCorazaConfig(); err != nil {
return err
}

return nil
}

// downloadCorazaConfig downloads the recommended Coraza configuration file from the OWASP Coraza repository
func downloadCorazaConfig() error {
uri := fmt.Sprintf("https://raw.githubusercontent.com/corazawaf/coraza/%s/coraza.conf-recommended", corazaVersion)
corazaConfig, err := getDataFromURL(uri)
if err != nil {
return err
}

out, err := os.Create(filepath.Join(rulesDir, "@coraza.conf-recommended"))
if err != nil {
return err
}
defer out.Close()

_, err = out.Write(corazaConfig)
if err != nil {
return err
}

return nil
}

// downloadCRS downloads the OWASP CRS from the CRS repository
func downloadCRS() error {
rulesDstDir := rulesDir + "/@owasp_crs"
testsDir := "tests"

// Before downloading, we need to remove:
// - old rules under rules/@owasp_crs
Expand All @@ -38,17 +77,7 @@ func DownloadCRS() error {

uri := fmt.Sprintf("https://github.com/coreruleset/coreruleset/archive/%s.zip", crsVersion)

res, err := http.Get(uri)
if err != nil {
return err
}
defer res.Body.Close()

if res.StatusCode != http.StatusOK {
return fmt.Errorf("unexpected status code: %d", res.StatusCode)
}

crsZip, err := io.ReadAll(res.Body)
crsZip, err := getDataFromURL(uri)
if err != nil {
return err
}
Expand All @@ -58,17 +87,19 @@ func DownloadCRS() error {
return err
}

crsVersionStripped := strings.TrimPrefix(crsVersion, "v")

const licenseNumberOfLines = 9

for _, f := range r.File {
if f.Name == fmt.Sprintf("coreruleset-%s/LICENSE", crsVersion) {
if f.Name == fmt.Sprintf("coreruleset-%s/LICENSE", crsVersionStripped) {
if err := copyFile(f, filepath.Join(rulesDir, "LICENSE")); err != nil {
return err
}
continue
}

if f.Name == fmt.Sprintf("coreruleset-%s/crs-setup.conf.example", crsVersion) {
if f.Name == fmt.Sprintf("coreruleset-%s/crs-setup.conf.example", crsVersionStripped) {
if err := copyFile(f, filepath.Join(rulesDir, "@crs-setup.conf.example")); err != nil {
return err
}
Expand All @@ -79,7 +110,7 @@ func DownloadCRS() error {
continue
}

testPrefix := fmt.Sprintf("coreruleset-%s/tests/regression/tests", crsVersion)
testPrefix := fmt.Sprintf("coreruleset-%s/tests/regression/tests", crsVersionStripped)
if strings.HasPrefix(f.Name, testPrefix) {
if !strings.HasSuffix(f.Name, ".yaml") {
continue
Expand All @@ -95,7 +126,7 @@ func DownloadCRS() error {
copyFile(f, filepath.Join(dir, filepath.Base(f.Name)))
}

prefix := fmt.Sprintf("coreruleset-%s/rules/", crsVersion)
prefix := fmt.Sprintf("coreruleset-%s/rules/", crsVersionStripped)
if !strings.HasPrefix(f.Name, prefix) {
continue
}
Expand Down Expand Up @@ -147,6 +178,25 @@ func DownloadCRS() error {
return nil
}

func getDataFromURL(uri string) ([]byte, error) {
resp, err := http.Get(uri)
if err != nil {
return nil, err
}
defer resp.Body.Close()

if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("unexpected status code: %d", resp.StatusCode)
}

bodyBytes, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}

return bodyBytes, nil
}

func copyFile(f *zip.File, dstPath string) error {
source, err := f.Open()
if err != nil {
Expand Down Expand Up @@ -188,6 +238,7 @@ func cleanupOldCRS(rulesDstDir, testsDir string) error {
return nil
}

// Test runs the tests
func Test() error {
return sh.RunV("go", "test", "./...")
}
3 changes: 2 additions & 1 deletion version.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@
package main

const (
crsVersion = "1d95422bb31983a5290720b7fb662ce3dd51f753"
crsVersion = "v4.0.0"
corazaVersion = "v3.1.0"
)

0 comments on commit eeb2558

Please sign in to comment.