[Traefik Pilot] Traefik Plugin Analyzer has detected a problem.

[traefiker]

The plugin was not imported into Traefik Pilot.

Cause:

failed to run the plugin with Yaegi: the load of the plugin takes too much time, or an error, inside the plugin, occurs during the load: 1:21: import "github.com/jptosso/coraza-traefik" error: /tmp/pilot-gop138161949/src/github.com/jptosso/coraza-traefik/coraza.go:9:2: import "github.com/jptosso/coraza-waf" error: unable to find source related to: "github.com/jptosso/coraza-waf"

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

[jcesclapez]

Hi, some news about this plugins?

[jptosso]

Hey @jcesclapez , a lot has happened in coraza and v2 beta could be compatible with yaegi. I will update the code to coraza v2 and see if we can finally get it working

[jptosso]

So I have updated the code to v2 and I still get errors:

traefik/yaegi#1172

jptosso@tossino:~/go/src/github.com/jptosso/coraza-traefik$ yaegi test -unrestricted -unsafe
/home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:264:8: panic
/home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:183:11: panic
/home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/waf.go:336:10: panic
coraza.go:33:3: panic
coraza_test.go:11:9: panic
--- FAIL: TestCoraza (0.00s)
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
        panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
        panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
        panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
        panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
        panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
        panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled

goroutine 50 [running]:
testing.tRunner.func1.2({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/testing/testing.go:1209 +0x24e
testing.tRunner.func1()
        /usr/local/go/src/testing/testing.go:1212 +0x218
panic({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.getMethodByName.func1(0xc00128bd90)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:1971 +0x634
github.com/traefik/yaegi/interp.runCfg(0xc0017c57a0, 0xc00128bd90, 0x0, 0xce7860)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc00128bc30)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0017aed80, 0xc00128bc30, 0x0, 0xce7860)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc000163e40)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc001dfed80, 0xc000163e40, 0x3, 0x3)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc000163d90)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0004c06c0, 0xc000163d90, 0x464fe5, 0xce7860)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc000163b80)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0010219e0, 0xc000163b80, 0x0, 0xde7f80)
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.genFunctionWrapper.func2.1({0xc000c66ea0, 0x1, 0x1})
        /home/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.2-0.20211220144605-2819b4167bea/interp/run.go:1023 +0x4a5
testing.tRunner(0xc00021f1e0, 0xc000a93dd0)
        /usr/local/go/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /usr/local/go/src/testing/testing.go:1306 +0x35a

We must wait until the guys from yaegi fix their bug :(

[bay1ts]

Any progress?

[jptosso]

There is someone trying to create a bouncer: https://github.com/fbonalair/traefik-coraza-bouncer/tree/feat/init

The zap bug has been fixed but now I'm getting a Coraza error. It is not a Coraza error itself but a yaegi bug but I can still try to rewrite that code in order to avoid this error, I will create an issue on the coraza repo for this. corazawaf/coraza#146

Tested using yaegi 14acf61

➜  coraza-traefik git:(master) ✗ yaegi test -unrestricted -unsafe                          
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/loggers/serial_writer.go:33:14: panic
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/waf.go:271:10: panic
coraza.go:33:3: panic
coraza_test.go:11:9: panic
--- FAIL: TestCoraza (0.00s)
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string

goroutine 40 [running]:
testing.tRunner.func1.2({0x18d8660, 0xc000891240})
	/usr/local/go/src/testing/testing.go:1209 +0x24e
testing.tRunner.func1()
	/usr/local/go/src/testing/testing.go:1212 +0x218
panic({0x18d8660, 0xc000891240})
	/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
	/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
	/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
	/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
	/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.typeAssert.func3(0xc0011ec4d0)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:441 +0x5c6
github.com/traefik/yaegi/interp.runCfg(0xc001ab50e0, 0xc0011ec4d0, 0xb7d6314400000001, 0x19176e0)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc0001dfce0)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc001bf0000, 0xc0001dfce0, 0xc00053d8f0, 0x0)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc0001dfc30)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0004b2d80, 0xc0001dfc30, 0x10656a5, 0x18d8660)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc0001dfa20)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc001300b40, 0xc0001dfa20, 0x0, 0x19d96a0)
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.genFunctionWrapper.func2.1({0xc0016d0090, 0x1, 0x1})
	/Users/jptosso/go/pkg/mod/github.com/traefik/yaegi@v0.11.3-0.20220104095008-14acf618af23/interp/run.go:1023 +0x4a5
testing.tRunner(0xc0005829c0, 0xc000c1b950)
	/usr/local/go/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
	/usr/local/go/src/testing/testing.go:1306 +0x35a

[alebeta90]

this issue got solved by corazawaf/coraza#158 ?

[jptosso]

Hey, we are still having issues:

➜  coraza-traefik git:(master) ✗ yaegi test -unrestricted -unsafe                     
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/loggers/serial_writer.go:33:14: panic
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/waf.go:271:10: panic
coraza.go:33:3: panic
coraza_test.go:11:9: panic
--- FAIL: TestCoraza (0.00s)
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
	panic: interface conversion: interface {} is interp.valueInterface, not string

[alebeta90]

Hi,

the error is still on yaegi side? is there an open issue in their repo? I can invest some time to work on it

thanks

[jptosso]

That is a yaegi error, for coraza v2 we cast settings from an interface like this:

fileName := c.Get("auditlog_file", "/dev/null").(string)

Yaegi doesn't support it, I think they documented it's not supported in yaegi, that's why I think we should work on another approach

[alebeta90]

oh ok, yes I had a look at it before

https://github.com/corazawaf/coraza/blob/v2/master/loggers/serial_writer.go

yes then a different approach should be use. I will create a PR if I find a different approach to it

regards

[jptosso]

A different approach on compatibility with yaegi, like using GRPC or WASM, in the main coraza branch we are working on a tinygo compatible version of coraza, we could try WASM+yaegi. Or coraza-server of GRPC.

We cannot remove the interfaces casting, as it would mean a major release and we are not planning it yet.

[alebeta90]

Let me have a look at it and evaluate if I could be helpful with it

[mnsmithuk]

Any updates on this re V2?

Is this fixed in upcoming V3?

When can we expected a working plugin for traefik v2 ( and traefik v3 which is due out soon)?

[hatsat32]

Hi, any updates on this issue?

I have tried similar in my repo (hatsat32/coraza-traefik) but traefik does not support unsafe package for plugins. (see: traefik/traefik#7459) This makes developing traefik plugin very hard.

And some issues I did not understand (probably related with yaegi).

$ yaegi test -unrestricted -unsafe   
test: coroza.go:11:2: import "github.com/corazawaf/coraza/v3" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/corazawaf/coraza/v3/config.go:11:2: import "github.com/corazawaf/coraza/v3/internal/corazawaf" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/corazawaf/coraza/v3/internal/corazawaf/transaction.go:23:2: import "github.com/corazawaf/coraza/v3/internal/bodyprocessors" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/corazawaf/coraza/v3/internal/bodyprocessors/json.go:11:2: import "github.com/tidwall/gjson" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/tidwall/gjson/gjson.go:1790:3: undefined: loop

Any ideas on how to implement traefik plugin?

[jptosso]

Hey, right now, there is no way we can implement Coraza under Traefik because of Yaegi. Coraza uses a lot of memory optimizations from low-level packages that are not available on Yaegi.

Although, you can use coraza as a sidecar proxy using envoy: https://github.com/corazawaf/coraza-proxy-wasm/

[guyguy333]

Hi @jptosso,

Traefik now supports WASM plugins.

Here is an official demo : https://github.com/traefik/plugindemowasm

Do you think you could provide an official Traefik WASM plugin ? As it works with Envoy, I guess it solves Yaegi issues ?

[jptosso]

Hey! This is something under discussion, we will keep you posted
In the meantime you can test our coraza-proxy-wasm plugin and tell us your results

[guyguy333]

Hey! This is something under discussion, we will keep you posted In the meantime you can test our coraza-proxy-wasm plugin and tell us your results

Thanks :)

Traefik does not implement "Envoy" Proxy WASM ABI but a more adopted ABI IMO http-wasm. It means I can't use WASM plugin as it. Someone did try to implement Coraza with this ABI : https://github.com/jcchavezs/coraza-http-wasm
I will try to enable it in Traefik