Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate audit log parts #779

Merged
merged 4 commits into from May 3, 2023
Merged

Validate audit log parts #779

merged 4 commits into from May 3, 2023

Conversation

Hayak3
Copy link
Contributor

@Hayak3 Hayak3 commented Apr 25, 2023

fix #678

@Hayak3 Hayak3 requested a review from a team as a code owner April 25, 2023 06:24
@codecov
Copy link

codecov bot commented Apr 25, 2023
edited

Codecov Report

Patch coverage: 57.89% and project coverage change: -0.07 ⚠️

Comparison is base (42d4ae8) 81.86% compared to head (d5a971f) 81.79%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           v3/dev     #779      +/-   ##
==========================================
- Coverage   81.86%   81.79%   -0.07%     
==========================================
  Files         153      153              
  Lines        8192     8207      +15     
==========================================
+ Hits         6706     6713       +7     
- Misses       1267     1274       +7     
- Partials      219      220       +1
Flag Coverage Δ
default 78.04% <57.89%> (-0.06%) ⬇️
examples 25.98% <0.00%> (-0.05%) ⬇️
ftw 49.07% <31.57%> (-0.05%) ⬇️
ftw-multiphase 49.19% <31.57%> (-0.05%) ⬇️
tinygo 77.18% <57.89%> (-0.07%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
internal/actions/ctl.go 92.87% <20.00%> (-2.26%) ⬇️
internal/seclang/directives.go 76.89% <100.00%> (+0.04%) ⬆️
types/waf.go 96.96% <100.00%> (+0.67%) ⬆️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

jcchavezs
jcchavezs reviewed Apr 25, 2023
View reviewed changes
Copy link
Member

@jcchavezs jcchavezs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good one! Please do add some tests.

types/waf.go Outdated Show resolved Hide resolved
@Hayak3 Hayak3 requested a review from jcchavezs April 26, 2023 08:49
jcchavezs
jcchavezs reviewed Apr 27, 2023
View reviewed changes
internal/actions/ctl.go Outdated
@@ -112,7 +112,16 @@ func (a *ctlFn) Evaluate(_ plugintypes.RuleMetadata, txS plugintypes.Transaction
tx.AuditEngine = ae
case ctlAuditLogParts:
// TODO lets switch it to a string
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// TODO lets switch it to a string

jcchavezs
jcchavezs reviewed Apr 27, 2023
View reviewed changes
types/waf.go Outdated
@@ -106,6 +106,30 @@ type AuditLogPart byte
// Z: Final boundary, signifies the end of the entry (mandatory).
type AuditLogParts []AuditLogPart

var validOpts = map[AuditLogPart]bool{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to save some bytes we could turn this into map[AuditLogPart]struct{} as struct{} allocates zero bytes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, I don't know this way before

jcchavezs
jcchavezs reviewed Apr 27, 2023
View reviewed changes
internal/corazawaf/transaction_test.go Outdated
}
func TestInvalidAuditLog(t *testing.T) {
AuditLogParts, err := types.ParseAuditLogParts("ABCDEFGHIJKLMN")
if err == nil || !reflect.DeepEqual(AuditLogParts, types.AuditLogParts("")) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd avoid using reflection and cast AuditLogParts to string instead.

jcchavezs
jcchavezs reviewed Apr 27, 2023
View reviewed changes
internal/corazawaf/transaction_test.go Outdated
@@ -429,6 +430,28 @@ func TestAuditLog(t *testing.T) {
}
}

func TestParseAuditLog(t *testing.T) {
tx := makeTransaction(t)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder why we need to create a transaction to test the log parts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry,I just cody the TestAuditLog()

@jcchavezs
Copy link
Member

Thanks for this! I left some comments.

@Hayak3 Hayak3 requested a review from jcchavezs April 28, 2023 06:10
@jcchavezs jcchavezs requested a review from anuraaga April 28, 2023 11:04
@Hayak3 Hayak3 requested a review from jcchavezs May 3, 2023 05:42
@jcchavezs jcchavezs merged commit 6969057 into corazawaf:v3/dev May 3, 2023
7 of 9 checks passed
@jcchavezs
Copy link
Member

jcchavezs commented May 3, 2023
edited

Great work @Hayak3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anuraaga anuraaga Awaiting requested review from anuraaga

@jcchavezs jcchavezs Awaiting requested review from jcchavezs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate audit log parts
2 participants
@Hayak3 @jcchavezs