You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Coraza v1 has achieved 90%+ compatibility but a complete redesign on Coraza v2 broke most of the compatibility. In order to get 100% compatibility we must find the issues that are breaking CRS.
go get github.com/jptosso/coraza-waf/v2@LAST_REVISION
Run the test suite
#Compile or run:
go run *.go run -d ../coreruleset/tests/regression -r ../coreruleset/rules/rules.conf
The current results are posted in the first comment.
Currently detected issues (with status):
MATCHED_VARS weren't working as expected
collection.AddUnique was not working, failing to create variables like REQUEST_COOKIES_NAMES, REQUEST_HEADERS_NAMES, RESPONSE_HEADERS_NAMES, ARGS_NAMES, etc
The testing library doesn't support the no_magic flag which stops forcing the content-length based on the body size
ForceRequestBodyVariable is working on tests but is not working on CRS for text/plain. Fix: Create a default empty variable for variables.ReqBodyProcessor
ArgsNames was not being set for POST requests
XML:/* and XML://@* were expected to return xml content and attribute values, both XPATH expressions were hardcoded
ARGS_NAMES was being overwritten by request body processors, now it is concated
Coraza v1 has achieved 90%+ compatibility but a complete redesign on Coraza v2 broke most of the compatibility. In order to get 100% compatibility we must find the issues that are breaking CRS.
Note: the coraza testsuite includes plugins for PCRE and libinjection, so please have them installed.
Create a CRS bundle:
Clone the test suite
Update the coraza version
Run the test suite
The current results are posted in the first comment.
Currently detected issues (with status):
collection.AddUnique
was not working, failing to create variables like REQUEST_COOKIES_NAMES, REQUEST_HEADERS_NAMES, RESPONSE_HEADERS_NAMES, ARGS_NAMES, etcThe following rules are being ignored because of URL encoding issues
The text was updated successfully, but these errors were encountered: