chore: update docs

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

.github/workflows/build.yml

@@ -16,7 +16,7 @@ jobs:
       libcoraza_version: master
     strategy:
       matrix:
-        nginx_version: ['1.22.0']
+        nginx_version: ['1.24.0']
         # The type of runner that the job will run on
         os: [ubuntu-20.04]
 
@@ -67,9 +67,9 @@ jobs:
           libgeoip-dev
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17.7
+          go-version: ^1.19.x
 
       - name: Configure environment
         run: |

Dockerfile

@@ -13,13 +13,10 @@ RUN set -eux; \
     bash \
     make
 
-COPY ./libcoraza /tmp/master
-
 RUN set -eux; \
-    #wget https://github.com/corazawaf/libcoraza/tarball/master -O /tmp/master; \
-    #tar -xvf /tmp/master; \
-    #cd corazawaf-libcoraza-*; \
-    cd /tmp/master; \
+    wget https://github.com/corazawaf/libcoraza/tarball/master -O /tmp/master; \
+    tar -xvf /tmp/master; \
+    cd corazawaf-libcoraza-*; \
     ./build.sh; \
     ./configure; \
     make; \
@@ -28,10 +25,8 @@ RUN set -eux; \
 FROM nginx:stable as ngx-coraza
 
 COPY --from=go-builder /usr/local/include/coraza /usr/local/include/coraza
-COPY --from=go-builder /usr/local/lib/libcorazacore.a /usr/local/lib
-COPY --from=go-builder /usr/local/lib/libcorazautils.a /usr/local/lib
-COPY --from=go-builder /usr/local/lib/libcorazacore.so /usr/local/lib
-COPY --from=go-builder /usr/local/lib/libcorazautils.so /usr/local/lib
+COPY --from=go-builder /usr/local/lib/libcoraza.a /usr/local/lib
+COPY --from=go-builder /usr/local/lib/libcoraza.so /usr/local/lib
 
 # For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
 RUN set -eux; \
@@ -70,8 +65,7 @@ RUN sed -i -e "s|events {|load_module \"/usr/lib/nginx/modules/ngx_http_coraza_m
 
 COPY ./coraza.conf /etc/nginx/conf.d/coraza.conf
 COPY --from=ngx-coraza /usr/lib/nginx/modules/ /usr/lib/nginx/modules/
-COPY --from=go-builder /usr/local/lib/libcorazacore.so /usr/local/lib
-COPY --from=go-builder /usr/local/lib/libcorazautils.so /usr/local/lib
+COPY --from=go-builder /usr/local/lib/libcoraza.so /usr/local/lib
 
 RUN ldconfig -v
 

README.md

@@ -108,7 +108,7 @@ server {
         root /var/www/html/opts;
         coraza_rules '
           SecRuleEngine On
-          SecDebugLog /tmp/modsec_debug.log
+          SecDebugLog /tmp/coraza_debug.log
           SecDebugLogLevel 9
           SecRuleRemoveById 10
         ';

build.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+NGINX_VERSION=1.18.0
+
+mkdir ~/src
+
+set -eux; \
+    curl "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o - | tar zxC ~/src -f -;
+
+# Pre-reqs:
+# diffstat libpcre2-16-0 libpcre2-32-0 libpcre2-dev libpcre2-posix2 quilt
+#  geoip-bin libbsd-dev libedit-dev libfontconfig1-dev libfreetype-dev libfreetype6-dev libgd-dev libgeoip-dev libgeoip1
+#  libice-dev libice6 libjbig-dev libjpeg-dev libjpeg-turbo8-dev libjpeg8-dev liblzma-dev libncurses-dev libnetaddr-ip-perl
+#  libpng-dev libpthread-stubs0-dev libsm-dev libsm6 libtiff-dev libtiffxx5 libvpx-dev libvpx6 libx11-dev libxau-dev libxcb1-dev
+#  libxdmcp-dev libxpm-dev libxslt1-dev libxt-dev libxt6 x11-common x11proto-core-dev x11proto-dev xorg-sgml-doctools xtrans-dev
+
+TEST_NGINX_BINARY=/usr/sbin/nginx
+TEST_NGINX_GLOBALS="load_module \"/usr/lib/nginx/modules/ngx_http_coraza_module.so\";"
+TEST_NGINX_MODULES=/usr/lib/nginx/modules
+
+export TEST_NGINX_BINARY TEST_NGINX_GLOBALS TEST_NGINX_MODULES
+
+CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p');\
+    cd ~/src/nginx-$NGINX_VERSION; \
+    ./configure --with-compat "${CONFARGS}" --add-dynamic-module=/vagrant/; \
+    make modules; \
+    sudo mkdir -p /usr/lib/nginx/modules; \
+    find objs/*.so -print; \
+    sudo cp objs/ngx_*.so /usr/lib/nginx/modules

t/coraza-config-merge.t

@@ -53,7 +53,7 @@ http {
             proxy_pass http://127.0.0.1:%%PORT_8081%%;
         }
 
-        location /modsec-disabled {
+        location /coraza-disabled {
             coraza_rules '
                 SecRuleEngine Off
             ';
@@ -84,7 +84,7 @@ http {
         location /server {
             coraza off;
 
-            location /server/modsec-disabled {
+            location /server/coraza-disabled {
                 proxy_pass http://127.0.0.1:%%PORT_8082%%;
             }
 
@@ -162,12 +162,12 @@ $t->plan(10);
 like(http_get_body('/', 'GOOD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "http level defaults, pass");
 like(http_get_body('/', 'VERY BAD BODY'), qr/^HTTP.*403/, "http level defaults, block");
 
-like(http_get_body('/modsec-disabled', 'VERY BAD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "location override for SecRuleEngine, pass");
+like(http_get_body('/coraza-disabled', 'VERY BAD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "location override for SecRuleEngine, pass");
 like(http_get_body('/nobodyaccess', 'VERY BAD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "location override for SecRequestBodyAccess, pass");
 like(http_get_body('/bodylimitprocesspartial', 'BODY' x 33), qr/TEST-OK-IF-YOU-SEE-THIS/, "location override for SecRequestBodyLimitAction, pass");
 like(http_get_body('/bodylimitincreased', 'BODY' x 64), qr/TEST-OK-IF-YOU-SEE-THIS/, "location override for SecRequestBodyLimit, pass");
 
-like(http_get_body('/server/modsec-disabled', 'VERY BAD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "server override for SecRuleEngine, pass");
+like(http_get_body('/server/coraza-disabled', 'VERY BAD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "server override for SecRuleEngine, pass");
 like(http_get_body('/server/nobodyaccess', 'VERY BAD BODY'), qr/TEST-OK-IF-YOU-SEE-THIS/, "server override for SecRequestBodyAccess, pass");
 like(http_get_body('/server/bodylimitprocesspartial', 'BODY' x 33), qr/TEST-OK-IF-YOU-SEE-THIS/, "server override for SecRequestBodyLimitAction, pass");
 like(http_get_body('/server/bodylimitincreased', 'BODY' x 64), qr/TEST-OK-IF-YOU-SEE-THIS/, "server override for SecRequestBodyLimit, pass");