diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 0be54499eccc..000000000000 Binary files a/.DS_Store and /dev/null differ diff --git a/.gitignore b/.gitignore index b91878044938..70f6595a5c11 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ .vscode build .idea +.DS_Store +.vimrc diff --git a/README.md b/README.md index 720902d7affc..19fe5e591d8b 100644 --- a/README.md +++ b/README.md @@ -7,20 +7,16 @@ Web Application Firewall WASM filter built on top of [Coraza](https://github.com ``` ▶ go run mage.go -l Targets: - build* builds the Coraza Wasm plugin. - check runs lint and tests. - checkBuildTools - coverage runs tests with coverage and race detector enabled. - doc runs godoc, access at http://localhost:6060 - e2e runs e2e tests with a built plugin. - format formats code in this repository. - ftw runs ftw tests with a built plugin and Envoy. - lint verifies code quality. - precommit installs a git hook to run check when committing - setup spins up the test environment. - teardown tears down the test environment. - test runs all tests. - updateLibs + build* builds the Coraza wasm plugin. + check runs lint and tests. + coverage runs tests with coverage and race detector enabled. + doc runs godoc, access at http://localhost:6060 + e2e runs e2e tests with a built plugin. + format formats code in this repository. + ftw runs ftw tests with a built plugin and Envoy. + lint verifies code quality. + test runs all tests. + updateLibs updates the C++ filter dependencies. * default target ``` @@ -35,7 +31,7 @@ For performance purposes, some libs are built from they C++ implementation. The ### Running the filter in an Envoy process -In order to run the coraza-wasm-filter we need to spin up an envoy configuration including this as the filter config: +In order to run the coraza-proxy-wasm we need to spin up an envoy configuration including this as the filter config: ```yaml ... @@ -104,7 +100,7 @@ go run mage.go build ``` Take a look at its config file [ftw.yml](./ftw/ftw.yml) for details about tests currently excluded. -### Spinning up the coraza-wasm-filter for manual tests +### Spinning up the coraza-proxy-wasm for manual tests Via the commands `setup` and `teardown` you can spin up and tear down the test environment. Envoy with the coraza-wasm filter will be reachable at `localhost:8080`. In order to monitor envoy logs while performing requests run: ``` diff --git a/go.mod b/go.mod index 76cf3caa51ca..8e757fd3b824 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ -module github.com/jcchavezs/coraza-wasm-filter +module github.com/corazawaf/coraza-proxy-wasm -go 1.17 +go 1.18 require ( github.com/corazawaf/coraza/v3 v3.0.0-20220928011626-fce26f25ab3e diff --git a/go.sum b/go.sum index 3e571d7a46a3..d91921dacfe3 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,3 @@ -github.com/anuraaga/go-modsecurity v0.0.0-20220824035035-b9a4099778df/go.mod h1:7jguE759ADzy2EkxGRXigiC0ER1Yq2IFk2qNtwgzc7U= github.com/corazawaf/coraza/v3 v3.0.0-20220928011626-fce26f25ab3e h1:5EnuiKFLRHct8ZHuzEgPjoAYy21ufDgXt01tqQVFzcg= github.com/corazawaf/coraza/v3 v3.0.0-20220928011626-fce26f25ab3e/go.mod h1:D89v4pivoxiY7Ij65EryL3ERX7/I/AyRnZEKxkNI4QA= github.com/corazawaf/libinjection-go v0.1.1 h1:N/SMuy9Q4wPL72pU/OsoYjIIjfvUbsVwHf8A3tWMLKg= @@ -7,7 +6,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= -github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -15,9 +13,7 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/magefile/mage v1.13.0 h1:XtLJl8bcCM7EFoO8FyH8XK3t7G5hQAeK+i4tq+veT9M= github.com/magefile/mage v1.13.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= -github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= -github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8= github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -37,58 +33,11 @@ github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220909164309-bea034e7d591 h1:D0B/7al0LLrVC8aWF4+oxpv/m8bc7ViFfVS8/gXGdqI= golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220913175220-63ea55921009 h1:PuvuRMeLWqsf/ZdT1UUZz0syhioyv1mzuFZsXs4fvhw= -golang.org/x/sys v0.0.0-20220913175220-63ea55921009/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/operators/pm.go b/internal/operators/pm.go index 6576293cb7f1..bb827c75c693 100644 --- a/internal/operators/pm.go +++ b/internal/operators/pm.go @@ -10,7 +10,7 @@ import ( "github.com/corazawaf/coraza/v3/rules" - "github.com/jcchavezs/coraza-wasm-filter/internal/ahocorasick" + "github.com/corazawaf/coraza-proxy-wasm/internal/ahocorasick" ) type pm struct { diff --git a/internal/operators/pm_from_file.go b/internal/operators/pm_from_file.go index baa77886af20..849b63b23e54 100644 --- a/internal/operators/pm_from_file.go +++ b/internal/operators/pm_from_file.go @@ -12,7 +12,7 @@ import ( "github.com/corazawaf/coraza/v3/rules" - "github.com/jcchavezs/coraza-wasm-filter/internal/ahocorasick" + "github.com/corazawaf/coraza-proxy-wasm/internal/ahocorasick" ) type pmFromFile struct { diff --git a/internal/operators/rx.go b/internal/operators/rx.go index df0e58c1b137..3920bd8ba039 100644 --- a/internal/operators/rx.go +++ b/internal/operators/rx.go @@ -10,7 +10,7 @@ import ( "github.com/corazawaf/coraza/v3/rules" - "github.com/jcchavezs/coraza-wasm-filter/internal/re2" + "github.com/corazawaf/coraza-proxy-wasm/internal/re2" ) type rx struct { diff --git a/internal/operators/sqli.go b/internal/operators/sqli.go index 63f701f96464..900dd4d8403c 100644 --- a/internal/operators/sqli.go +++ b/internal/operators/sqli.go @@ -8,7 +8,7 @@ package operators import ( "github.com/corazawaf/coraza/v3/rules" - "github.com/jcchavezs/coraza-wasm-filter/internal/injection" + "github.com/corazawaf/coraza-proxy-wasm/internal/injection" ) type detectSQLi struct { diff --git a/internal/operators/xss.go b/internal/operators/xss.go index 66dde362ee85..dbac8d189c75 100644 --- a/internal/operators/xss.go +++ b/internal/operators/xss.go @@ -8,7 +8,7 @@ package operators import ( "github.com/corazawaf/coraza/v3/rules" - "github.com/jcchavezs/coraza-wasm-filter/internal/injection" + "github.com/corazawaf/coraza-proxy-wasm/internal/injection" ) type detectXSS struct { diff --git a/magefile.go b/magefile.go index 777df99cbbe3..795fcfac4394 100644 --- a/magefile.go +++ b/magefile.go @@ -44,7 +44,7 @@ func Format() error { return sh.RunV("go", "run", fmt.Sprintf("github.com/rinchsan/gosimports/cmd/gosimports@%s", gosImportsVer), "-w", "-local", - "github.com/jcchavezs/coraza-wasm-filter", + "github.com/corazawaf/coraza-proxy-wasm", ".") } @@ -85,20 +85,6 @@ func Doc() error { return sh.RunV("go", "run", "golang.org/x/tools/cmd/godoc@latest", "-http=:6060") } -// Precommit installs a git hook to run check when committing -func Precommit() error { - if _, err := os.Stat(filepath.Join(".git", "hooks")); os.IsNotExist(err) { - return errNoGitDir - } - - f, err := os.ReadFile(".pre-commit.hook") - if err != nil { - return err - } - - return os.WriteFile(filepath.Join(".git", "hooks", "pre-commit"), f, 0755) -} - // Check runs lint and tests. func Check() { mg.SerialDeps(Lint, Test) @@ -146,6 +132,7 @@ wasm2wat --enable-all build/mainopt.wasm -o build/mainopt.wat "wat2wasm --enable-all /build/main.wat -o /build/main.wasm") } +// UpdateLibs updates the C++ filter dependencies. func UpdateLibs() error { libs := []string{"aho-corasick", "libinjection", "re2"} for _, lib := range libs { diff --git a/main.go b/main.go index 6ac99b544cb7..b02ca854ae33 100644 --- a/main.go +++ b/main.go @@ -14,8 +14,8 @@ import ( "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm" "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types" - _ "github.com/jcchavezs/coraza-wasm-filter/internal/calloc" - "github.com/jcchavezs/coraza-wasm-filter/internal/operators" + _ "github.com/corazawaf/coraza-proxy-wasm/internal/calloc" + "github.com/corazawaf/coraza-proxy-wasm/internal/operators" ) //go:embed rules