C Wrapper and Apache Module tasks

[jptosso]

Coraza WAF can be exported to C using CGO exports. We are going to build an Apache module that makes uses of this features. The project will be considered ready once it is fully executing the OWASP CRS test suite using go-ftw and the Coraza Apache module.

• Export tx.Request|ResponseBodyBuffer.Write and a write from file function
• Export the 5 phase processing functions (ProcessRequestHeaders, ProcessRequestBody, ProcessResponseHeaders, ProcessResponseBody, ProcessLogging)
• Export a function to get the interruption from a transaction
• Create additional export functions to create waf instances, transactions, evaluate directives and import directives file
• Create a Interruption interface in C compatible with coraza, it shall hold the disruptive action, status and additional parameters like redirect url or proxy address
• The functions are compatible with libmodsecurity, so we must use the official libmodsecurity apache module
• Immitate the logging callback system from libmodsecurity and make it compatible with each logging level
• Create freeing functions for coraza transactions and waf instances, also check how to reconnect the garbage collector with the CGO pointers or manually delete everything
• Create tests for the CGO functions and C exported functions
• Create a whole test suite for the apache wrapper
• Create benchmarks for the wrapper and the apache module
• Compare the results with Modsecurity v2/v3 and Apache

I have created some tests under https://github.com/jptosso/coraza-cexport, apxs is required to compile the module