Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: builds wasm proxy filter. #1

Merged
merged 8 commits into from
May 13, 2022
Merged

chore: builds wasm proxy filter. #1

merged 8 commits into from
May 13, 2022

Conversation

jcchavezs
Copy link
Member

@jcchavezs jcchavezs commented May 12, 2022
edited
Loading

This PR attempts to create a proxy wasm filter using coraza. Right now we are using my fork with the attempt to make it work for tiny_go: corazawaf/coraza#221

Ping @jptosso

jcchavezs
jcchavezs commented May 12, 2022
View reviewed changes
main_test.go Outdated Show resolved Hide resolved
@jcchavezs jcchavezs force-pushed the adds_code branch 2 times, most recently from c1180c2 to 711840e Compare May 13, 2022 07:57
@jcchavezs jcchavezs merged commit fa82b56 into main May 13, 2022
jcchavezs pushed a commit that referenced this pull request Sep 1, 2022
@anuraaga
Implement all phases (#1)
4d7dbf0 
* Implement all phases
jcchavezs added a commit that referenced this pull request Sep 13, 2022
@anuraaga @jcchavezs
Rework to use upstream coraza (#5)
df817f7 
* Update to latest coraza

* Refactor CI workflow

* Remove debug logging from coraza conf

* Use docker-compose for e2e test

* Implement all phases (#1)

* Implement all phases

* Run unit tests with wasm binary (#3)

* Update SDK and remove proxytest build tag (#4)

* Add unit tests for non-error cases. (#5)

* Migrate from make to mage (#6)

* Test behavior when body is chunked (#7)

* Add tests for bad config (#8)

* Add tests for bad HTTP and empty HTTP (#9)

* Wire up error logs (#10)

* Implement debuglogger (#11)

* Embed CRS rules (#12)

* Allow running ftw (#13)

* Read request protocol (#15)

* Process body phases even without actual bodies and populate Host header (#16)

* Fix ftw timeouts causing termination (#17)

* chore: adds build tools check in magefile. (#21)

This PR makes sure you have the right build tools before attempting to
build.

Co-authored-by: Anuraag Agrawal <anuraaga@gmail.com>

* feat: adds support for config. (#14)

This PR shapes the config to support both inline and embedded rules in
the filter.

```json
{
    "rules": [
        {"inline": "SecRuleEngine On\nSecRule REQUEST_URI \"@Streq /admin\" \"id:101,phase:1,t:lowercase,deny\""},
        {"include": "OWASP_CRS_REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES"}
    ]
}
```

In yaml it would be much nicer:

```yaml
rules:
  - inline: |
        SecRuleEngine On
        SecRule REQUEST_URI "@Streq /admin" "id:101,phase:1,t:lowercase,deny"
  - include: "OWASP_CRS_REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES"
```

Co-authored-by: Anuraag Agrawal <anuraaga@gmail.com>

* Embed upstream CRS (except for a few regex compile failures) (#18)

* Update to latest coraza (#24)

Co-authored-by: José Carlos Chávez <jcchavezs@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jcchavezs