Allow setting a root fs.FS in a parser.

[anuraaga]

fs.FS is a great abstraction that allows operating on files with the same code anywhere from the filesystem (except I had to implement io.OSFS, not sure why standard library doesn't provide that... found out why and added note), embed.FS, zip.Reader, and anything a user may implement, maybe even a remote cloud storage.

By allowing setting a fs.FS, we can support loading config from any of these locations. Notably, we are currently embedding rules into the Envoy filter due to current lack of support to access the filesystem, and while currently we take CRS and preprocess them to remove Include and FromFile statements, with this we should be able to remove most if not all such processing when embedding.

[codecov-commenter]

Codecov Report

Base: 76.78% // Head: 76.75% // Decreases project coverage by -0.03% ⚠️

Coverage data is based on head (3170f92) compared to base (4c9dc4d).
Patch coverage: 66.66% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##           v3/dev     #393      +/-   ##
==========================================
- Coverage   76.78%   76.75%   -0.04%     
==========================================
  Files         136      136              
  Lines        5957     5966       +9     
==========================================
+ Hits         4574     4579       +5     
- Misses       1113     1118       +5     
+ Partials      270      269       -1     

Flag	Coverage Δ
no-tinygo	76.87% <66.66%> (-0.04%)	⬇️
overall	76.75% <66.66%> (-0.04%)	⬇️
tinygo	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
rule.go	94.28% <ø> (ø)
internal/io/file.go	8.69% <25.00%> (+8.69%)	⬆️
seclang/parser.go	92.30% <85.71%> (+0.13%)	⬆️
operators/from_file.go	86.95% <100.00%> (+6.95%)	⬆️
operators/ip_match_from_file.go	88.00% <100.00%> (ø)
operators/pm_from_file.go	72.97% <100.00%> (ø)
seclang/rule_parser.go	82.40% <100.00%> (+0.04%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[jcchavezs]

LGTM

[jptosso]

I've read about this issue, caddyserver does the same for s3 mounts or similar in 2.6. I will take a look of the code but looks nice

[anuraaga]

BTW I could confirm it works well here

https://github.com/anuraaga/coraza-wasm-filter/pull/18

Include ftw-config.conf\nInclude coraza.conf-recommended\nInclude crs-setup.conf.example\nInclude crs/*.conf

Glob works fine too (added a commit :) ).

[jcchavezs]

This should replace the working_dir declared in https://github.com/corazawaf/coraza/pull/393/files#diff-f73e6b849d0fa747f9e706cbdb5ec76083f712530e21d64ea917cc37eb6347c5R153

[anuraaga]

Sorry don't quite follow the link, do you mean remove p.options.Config.Set/Get("working_dir") and have p.root default to working dir if user doesn't call SetRoot?

In that case, this won't work even if the user doesn't call SetRoot

coraza/waf.exe
config/rules.conf

Since .. wouldn't work. While we are discussing being OK with ../ not working with an explicit call to SetRoot, I'm not sure about when it hasn't been called at all, I guess it should be allowed though.

[anuraaga]

I have gone ahead and removed SetCurrentDir in this PR.

Note that this PR is very important for the proxy-wasm plugin so I'm finding myself merging this branch locally to any other bugfixes like #399 while debugging ftw tests. Still no rush, but a sooner than later merge would be highly appreciated :D

[anuraaga]

@jptosso Can you take a look at this? It's blocking a lot of work on the wasm filter. Thanks!