From cdd8b1be4087278e6c2b4cc0f0a80526c4df7ec8 Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Tue, 20 Jun 2023 11:34:37 +0200 Subject: [PATCH 1/7] wip mod files --- README.md | 2 +- examples/http-server/go.mod | 6 ++++- examples/http-server/go.sum | 17 +++++++++++++-- go.work | 2 ++ go.work.sum | 8 ++++++- http/e2e/go.mod | 3 +++ http/e2e/go.sum | 0 http/e2e/main.go | 2 +- http/e2e/{pkg => runner}/runner.go | 0 testing/coreruleset/go.mod | 4 ++-- testing/coreruleset/go.sum | 7 +++--- testing/e2e/e2e_test.go | 35 +++++++++++++++--------------- testing/e2e/go.mod | 19 ++++++++++++++++ testing/e2e/go.sum | 25 +++++++++++++++++++++ 14 files changed, 101 insertions(+), 29 deletions(-) create mode 100644 http/e2e/go.mod create mode 100644 http/e2e/go.sum rename http/e2e/{pkg => runner}/runner.go (100%) create mode 100644 testing/e2e/go.mod create mode 100644 testing/e2e/go.sum diff --git a/README.md b/README.md index 42047a289..6a5b17d04 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ go run github.com/corazawaf/coraza/http/e2e@main --proxy-hostport localhost:8080 ``` or as a library by importing: ```go -"github.com/corazawaf/coraza/v3/http/e2e/pkg" +"github.com/corazawaf/coraza/v3/http/e2e/runner" ``` As a reference for library usage, see [`testing/e2e/e2e_test.go`](.testing/e2e/e2e_test.go). Expected directives that have to be loaded and available flags can be found in [`http/e2e/main.go`](./examples/http/e2e/main.go). diff --git a/examples/http-server/go.mod b/examples/http-server/go.mod index 4e4f3ed7d..432e94650 100644 --- a/examples/http-server/go.mod +++ b/examples/http-server/go.mod @@ -2,11 +2,15 @@ module github.com/corazawaf/coraza/v3/examples/http-server go 1.18 -require github.com/corazawaf/coraza/v3 v3.0.0-20220914101451-05d352c89b24 +require github.com/corazawaf/coraza/v3 v3.0.0 require ( + github.com/corazawaf/libinjection-go v0.1.2 // indirect github.com/magefile/mage v1.15.0 // indirect + github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect github.com/tidwall/gjson v1.14.4 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect + golang.org/x/net v0.11.0 // indirect + rsc.io/binaryregexp v0.2.0 // indirect ) diff --git a/examples/http-server/go.sum b/examples/http-server/go.sum index ddece5032..b12c585a2 100644 --- a/examples/http-server/go.sum +++ b/examples/http-server/go.sum @@ -1,7 +1,13 @@ -github.com/corazawaf/coraza/v3 v3.0.0-20220914101451-05d352c89b24 h1:dy3992o5ue40g1QWKupjsBwZTRWagsuiGcOsbV0b4xs= -github.com/corazawaf/coraza/v3 v3.0.0-20220914101451-05d352c89b24/go.mod h1:xhc7feR6FUfYgmBmRw3UObvLiyzT3XPQtlJD+huy+Mc= +github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= +github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= +github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= +github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= +github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= +github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8= +github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw= github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -9,3 +15,10 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.work b/go.work index 1c8f51c51..1be9312cc 100644 --- a/go.work +++ b/go.work @@ -3,5 +3,7 @@ go 1.18 use ( . ./examples/http-server + ./http/e2e ./testing/coreruleset + ./testing/e2e ) diff --git a/go.work.sum b/go.work.sum index 9cd2990de..4c4f30ad6 100644 --- a/go.work.sum +++ b/go.work.sum @@ -87,6 +87,8 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY= github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= +github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/mitchellh/cli v1.1.0 h1:tEElEatulEHDeedTxwckzyYMA5c86fbmNIUL1hBIiTg= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0= @@ -126,9 +128,10 @@ go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4 h1:c2HOrn5iMezYjSlGPncknSEr/8x5LELb/ilJbXi9DEA= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= @@ -136,6 +139,7 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -161,6 +165,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= +golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0= diff --git a/http/e2e/go.mod b/http/e2e/go.mod new file mode 100644 index 000000000..4ea8ebf0c --- /dev/null +++ b/http/e2e/go.mod @@ -0,0 +1,3 @@ +module github.com/corazawaf/coraza/v3/http/e2e + +go 1.18 diff --git a/http/e2e/go.sum b/http/e2e/go.sum new file mode 100644 index 000000000..e69de29bb diff --git a/http/e2e/main.go b/http/e2e/main.go index c3f84c069..39dee3ac0 100644 --- a/http/e2e/main.go +++ b/http/e2e/main.go @@ -8,7 +8,7 @@ import ( "fmt" "os" - e2e "github.com/corazawaf/coraza/v3/http/e2e/pkg" + e2e "github.com/corazawaf/coraza/v3/http/e2e/runner" ) // Flags: diff --git a/http/e2e/pkg/runner.go b/http/e2e/runner/runner.go similarity index 100% rename from http/e2e/pkg/runner.go rename to http/e2e/runner/runner.go diff --git a/testing/coreruleset/go.mod b/testing/coreruleset/go.mod index cba5ef262..c588c84c6 100644 --- a/testing/coreruleset/go.mod +++ b/testing/coreruleset/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/bmatcuk/doublestar/v4 v4.3.0 github.com/corazawaf/coraza-coreruleset v0.0.0-20230330101229-43b851256042 - github.com/corazawaf/coraza/v3 v3.0.0-20221004054810-060cedcb166d + github.com/corazawaf/coraza/v3 v3.0.0 github.com/coreruleset/go-ftw v0.4.9 github.com/rs/zerolog v1.28.0 ) @@ -38,7 +38,7 @@ require ( golang.org/x/crypto v0.10.0 // indirect golang.org/x/net v0.11.0 // indirect golang.org/x/sys v0.9.0 // indirect - golang.org/x/tools v0.6.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + rsc.io/binaryregexp v0.2.0 // indirect ) diff --git a/testing/coreruleset/go.sum b/testing/coreruleset/go.sum index 28a3ef144..3085ede67 100644 --- a/testing/coreruleset/go.sum +++ b/testing/coreruleset/go.sum @@ -40,8 +40,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/corazawaf/coraza-coreruleset v0.0.0-20230330101229-43b851256042 h1:WMAVBbS+u1zopf0gT1UBTtmmxVRCj9gY1dmnT14PsZM= github.com/corazawaf/coraza-coreruleset v0.0.0-20230330101229-43b851256042/go.mod h1:h7fBXlh00atH/uVC9Lpjawg/RlJCsHjvyVk+bP3ylq8= -github.com/corazawaf/coraza/v3 v3.0.0-20221004054810-060cedcb166d h1:e7nLsrnie6309FYWPZg2kY2yQWhHslmfkzZTPVnpeqg= -github.com/corazawaf/coraza/v3 v3.0.0-20221004054810-060cedcb166d/go.mod h1:+ypLPFkX5j1GwKi+rqRZ57W3lSHReBdeVLh0o8qirI4= +github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= +github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -413,7 +413,6 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -468,4 +467,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/testing/e2e/e2e_test.go b/testing/e2e/e2e_test.go index 08fbd0999..200406906 100644 --- a/testing/e2e/e2e_test.go +++ b/testing/e2e/e2e_test.go @@ -15,7 +15,7 @@ import ( "github.com/corazawaf/coraza/v3" txhttp "github.com/corazawaf/coraza/v3/http" - e2e "github.com/corazawaf/coraza/v3/http/e2e/pkg" + e2e "github.com/corazawaf/coraza/v3/http/e2e/runner" "github.com/mccutchen/go-httpbin/v2/httpbin" ) @@ -23,22 +23,22 @@ func TestE2e(t *testing.T) { conf := coraza.NewWAFConfig() customE2eDirectives := ` - SecRuleEngine On - SecRequestBodyAccess On - SecResponseBodyAccess On - SecResponseBodyMimeType application/json - # Custom rule for Coraza config check (ensuring that these configs are used) - SecRule &REQUEST_HEADERS:coraza-e2e "@eq 0" "id:100,phase:1,deny,status:424,log,msg:'Coraza E2E - Missing header'" - # Custom rules for e2e testing - SecRule REQUEST_URI "@streq /admin" "id:101,phase:1,t:lowercase,log,deny" - SecRule REQUEST_BODY "@rx maliciouspayload" "id:102,phase:2,t:lowercase,log,deny" - SecRule RESPONSE_HEADERS:pass "@rx leak" "id:103,phase:3,t:lowercase,log,deny" - SecRule RESPONSE_BODY "@contains responsebodycode" "id:104,phase:4,t:lowercase,log,deny" - # Custom rules mimicking the following CRS rules: 941100, 942100, 913100 - SecRule ARGS_NAMES|ARGS "@detectXSS" "id:9411,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,log,deny" - SecRule ARGS_NAMES|ARGS "@detectSQLi" "id:9421,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,multiMatch,log,deny" - SecRule REQUEST_HEADERS:User-Agent "@pm grabber masscan" "id:9131,phase:1,t:none,log,deny" -` + SecRuleEngine On + SecRequestBodyAccess On + SecResponseBodyAccess On + SecResponseBodyMimeType application/json + # Custom rule for Coraza config check (ensuring that these configs are used) + SecRule &REQUEST_HEADERS:coraza-e2e "@eq 0" "id:100,phase:1,deny,status:424,log,msg:'Coraza E2E - Missing header'" + # Custom rules for e2e testing + SecRule REQUEST_URI "@streq /admin" "id:101,phase:1,t:lowercase,log,deny" + SecRule REQUEST_BODY "@rx maliciouspayload" "id:102,phase:2,t:lowercase,log,deny" + SecRule RESPONSE_HEADERS:pass "@rx leak" "id:103,phase:3,t:lowercase,log,deny" + SecRule RESPONSE_BODY "@contains responsebodycode" "id:104,phase:4,t:lowercase,log,deny" + # Custom rules mimicking the following CRS rules: 941100, 942100, 913100 + SecRule ARGS_NAMES|ARGS "@detectXSS" "id:9411,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,log,deny" + SecRule ARGS_NAMES|ARGS "@detectSQLi" "id:9421,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,multiMatch,log,deny" + SecRule REQUEST_HEADERS:User-Agent "@pm grabber masscan" "id:9131,phase:1,t:none,log,deny" + ` conf = conf. WithDirectives(customE2eDirectives) @@ -56,7 +56,6 @@ func TestE2e(t *testing.T) { // Create the server with the WAF and the reverse proxy. s := httptest.NewServer(mux) defer s.Close() - err = e2e.Run(e2e.Config{ NulledBody: false, ProxiedEntrypoint: s.URL, diff --git a/testing/e2e/go.mod b/testing/e2e/go.mod new file mode 100644 index 000000000..d65d95a77 --- /dev/null +++ b/testing/e2e/go.mod @@ -0,0 +1,19 @@ +module github.com/corazawaf/coraza/v3/testing/e2e + +go 1.18 + +require ( + github.com/corazawaf/coraza/v3 v3.0.0 + github.com/mccutchen/go-httpbin/v2 v2.9.0 +) + +require ( + github.com/corazawaf/libinjection-go v0.1.2 // indirect + github.com/magefile/mage v1.15.0 // indirect + github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect + github.com/tidwall/gjson v1.14.4 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.1 // indirect + golang.org/x/net v0.11.0 // indirect + rsc.io/binaryregexp v0.2.0 // indirect +) diff --git a/testing/e2e/go.sum b/testing/e2e/go.sum new file mode 100644 index 000000000..ae4612f83 --- /dev/null +++ b/testing/e2e/go.sum @@ -0,0 +1,25 @@ +github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= +github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= +github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= +github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= +github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= +github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= +github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/mccutchen/go-httpbin/v2 v2.9.0 h1:0c8loz/kMEdBmcHJZh0MUgKX84U19AlLk7h6nf2Wkx4= +github.com/mccutchen/go-httpbin/v2 v2.9.0/go.mod h1:+DBHcmg6EOeoizuiOI8iL12VIHXx+9YQNlz+gjB9uxk= +github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= +github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8= +github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw= +github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= +github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From 154ac494e0a8e1fa3eb2422b5d928e260da36cbb Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Tue, 20 Jun 2023 18:51:55 +0200 Subject: [PATCH 2/7] fixes setHTTPSchemeIfMissing --- http/e2e/runner/runner.go | 7 ++++++- testing/e2e/go.mod | 2 +- testing/e2e/go.sum | 5 +++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/http/e2e/runner/runner.go b/http/e2e/runner/runner.go index 9532b7efb..092d96b41 100644 --- a/http/e2e/runner/runner.go +++ b/http/e2e/runner/runner.go @@ -303,9 +303,14 @@ func Run(cfg Config) error { } func setHTTPSchemeIfMissing(rawURL string) string { + // Addressing url without scheme (E.g: localhost:8080) + // https://stackoverflow.com/questions/62083272/parsing-url-with-port-and-without-scheme parsedURL, _ := url.Parse(rawURL) - if parsedURL.Scheme == "" { + if parsedURL.Host == "" { + // the URL is missing the scheme, setting it to http by default parsedURL.Scheme = "http" + parsedURL.Host = rawURL + parsedURL.Opaque = "" } return parsedURL.String() } diff --git a/testing/e2e/go.mod b/testing/e2e/go.mod index d65d95a77..fd01f23e4 100644 --- a/testing/e2e/go.mod +++ b/testing/e2e/go.mod @@ -3,7 +3,7 @@ module github.com/corazawaf/coraza/v3/testing/e2e go 1.18 require ( - github.com/corazawaf/coraza/v3 v3.0.0 + github.com/corazawaf/coraza/v3 v3.0.1-0.20230620093802-ce5e52dd2b74 github.com/mccutchen/go-httpbin/v2 v2.9.0 ) diff --git a/testing/e2e/go.sum b/testing/e2e/go.sum index ae4612f83..d59cb85ea 100644 --- a/testing/e2e/go.sum +++ b/testing/e2e/go.sum @@ -1,5 +1,5 @@ -github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= -github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= +github.com/corazawaf/coraza/v3 v3.0.1-0.20230620093802-ce5e52dd2b74 h1:w7od1UqnNxaL+y7z1ZMww1QkdTaKF8hHAGp3sjK1yvA= +github.com/corazawaf/coraza/v3 v3.0.1-0.20230620093802-ce5e52dd2b74/go.mod h1:dqd1DvHnA2Q6lExFQeDpKplpI5bYHKNzDkkamaf8GE0= github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= @@ -19,6 +19,7 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= From ae6413d25edf6897420cde2c63b9e4b3f0092fba Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Wed, 21 Jun 2023 09:55:04 +0200 Subject: [PATCH 3/7] setHTTPSchemeIfMissing defaults to rawURL on error --- http/e2e/runner/runner.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/http/e2e/runner/runner.go b/http/e2e/runner/runner.go index 092d96b41..585d89b31 100644 --- a/http/e2e/runner/runner.go +++ b/http/e2e/runner/runner.go @@ -305,7 +305,10 @@ func Run(cfg Config) error { func setHTTPSchemeIfMissing(rawURL string) string { // Addressing url without scheme (E.g: localhost:8080) // https://stackoverflow.com/questions/62083272/parsing-url-with-port-and-without-scheme - parsedURL, _ := url.Parse(rawURL) + parsedURL, err := url.Parse(rawURL) + if err != nil { + return rawURL + } if parsedURL.Host == "" { // the URL is missing the scheme, setting it to http by default parsedURL.Scheme = "http" From 45315044876e601df4068212114ea6b6edae84be Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Wed, 5 Jul 2023 13:24:05 +0200 Subject: [PATCH 4/7] adds replace for inner package logic, adds more verbosity on go mod tidy error --- go.mod | 1 - go.sum | 2 -- magefile.go | 1 + testing/e2e/go.mod | 3 +++ 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c779790a6..68b504f6f 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,6 @@ require ( github.com/corazawaf/libinjection-go v0.1.2 github.com/foxcpp/go-mockdns v1.0.0 github.com/magefile/mage v1.15.0 - github.com/mccutchen/go-httpbin/v2 v2.9.0 github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 github.com/tidwall/gjson v1.14.4 golang.org/x/net v0.11.0 diff --git a/go.sum b/go.sum index bf2237977..029d1bb8f 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,6 @@ github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6 github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= -github.com/mccutchen/go-httpbin/v2 v2.9.0 h1:0c8loz/kMEdBmcHJZh0MUgKX84U19AlLk7h6nf2Wkx4= -github.com/mccutchen/go-httpbin/v2 v2.9.0/go.mod h1:+DBHcmg6EOeoizuiOI8iL12VIHXx+9YQNlz+gjB9uxk= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= diff --git a/magefile.go b/magefile.go index 11c2c84e7..88c1104f4 100644 --- a/magefile.go +++ b/magefile.go @@ -89,6 +89,7 @@ func Lint() error { out, err := cmd.Output() fmt.Printf(string(out)) if err != nil { + err = fmt.Errorf("running go mod tidy in '%s', %w", path, err) return err } } diff --git a/testing/e2e/go.mod b/testing/e2e/go.mod index fd01f23e4..8eec4d723 100644 --- a/testing/e2e/go.mod +++ b/testing/e2e/go.mod @@ -4,6 +4,7 @@ go 1.18 require ( github.com/corazawaf/coraza/v3 v3.0.1-0.20230620093802-ce5e52dd2b74 + github.com/corazawaf/coraza/v3/http/e2e v0.0.0-00010101000000-000000000000 github.com/mccutchen/go-httpbin/v2 v2.9.0 ) @@ -17,3 +18,5 @@ require ( golang.org/x/net v0.11.0 // indirect rsc.io/binaryregexp v0.2.0 // indirect ) + +replace github.com/corazawaf/coraza/v3/http/e2e => ../../http/e2e/ From 0189de5fb7caac5326fc9c7d7cef5a0a40f47d35 Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Wed, 5 Jul 2023 13:36:25 +0200 Subject: [PATCH 5/7] aads more verbosity on go mod tidy errors --- magefile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/magefile.go b/magefile.go index 88c1104f4..3284edd29 100644 --- a/magefile.go +++ b/magefile.go @@ -86,7 +86,7 @@ func Lint() error { if _, err := os.Stat(filepath.Join(path, "go.mod")); err == nil { cmd := exec.Command("go", "mod", "tidy") cmd.Dir = path - out, err := cmd.Output() + out, err := cmd.CombinedOutput() fmt.Printf(string(out)) if err != nil { err = fmt.Errorf("running go mod tidy in '%s', %w", path, err) From f8ad53873a124c123300b78299b8fb04ab380a70 Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Wed, 5 Jul 2023 13:43:55 +0200 Subject: [PATCH 6/7] internal coraza 3.0.2 updates --- examples/http-server/go.mod | 2 +- examples/http-server/go.sum | 4 ++-- go.work.sum | 8 +------- testing/coreruleset/go.mod | 2 +- testing/coreruleset/go.sum | 4 ++-- 5 files changed, 7 insertions(+), 13 deletions(-) diff --git a/examples/http-server/go.mod b/examples/http-server/go.mod index 432e94650..a48f1cf8f 100644 --- a/examples/http-server/go.mod +++ b/examples/http-server/go.mod @@ -2,7 +2,7 @@ module github.com/corazawaf/coraza/v3/examples/http-server go 1.18 -require github.com/corazawaf/coraza/v3 v3.0.0 +require github.com/corazawaf/coraza/v3 v3.0.2 require ( github.com/corazawaf/libinjection-go v0.1.2 // indirect diff --git a/examples/http-server/go.sum b/examples/http-server/go.sum index b12c585a2..46bcb69af 100644 --- a/examples/http-server/go.sum +++ b/examples/http-server/go.sum @@ -1,5 +1,5 @@ -github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= -github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= +github.com/corazawaf/coraza/v3 v3.0.2 h1:UHu2WiZnI7iHcv7KOPyKHYfR66cvjAwRm1EC3HGkuC0= +github.com/corazawaf/coraza/v3 v3.0.2/go.mod h1:zvldIncYMuW8xmRcOs37OWRhY3CPWBKbTngIGzR5v4Y= github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= diff --git a/go.work.sum b/go.work.sum index 4c4f30ad6..0bad61c7c 100644 --- a/go.work.sum +++ b/go.work.sum @@ -87,8 +87,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY= github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= -github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/mccutchen/go-httpbin/v2 v2.9.0 h1:0c8loz/kMEdBmcHJZh0MUgKX84U19AlLk7h6nf2Wkx4= github.com/mitchellh/cli v1.1.0 h1:tEElEatulEHDeedTxwckzyYMA5c86fbmNIUL1hBIiTg= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0= @@ -130,8 +129,6 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5U golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4 h1:c2HOrn5iMezYjSlGPncknSEr/8x5LELb/ilJbXi9DEA= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= @@ -139,7 +136,6 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -165,8 +161,6 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= -golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0= diff --git a/testing/coreruleset/go.mod b/testing/coreruleset/go.mod index c588c84c6..c1577151a 100644 --- a/testing/coreruleset/go.mod +++ b/testing/coreruleset/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/bmatcuk/doublestar/v4 v4.3.0 github.com/corazawaf/coraza-coreruleset v0.0.0-20230330101229-43b851256042 - github.com/corazawaf/coraza/v3 v3.0.0 + github.com/corazawaf/coraza/v3 v3.0.2 github.com/coreruleset/go-ftw v0.4.9 github.com/rs/zerolog v1.28.0 ) diff --git a/testing/coreruleset/go.sum b/testing/coreruleset/go.sum index 3085ede67..e089260c4 100644 --- a/testing/coreruleset/go.sum +++ b/testing/coreruleset/go.sum @@ -40,8 +40,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/corazawaf/coraza-coreruleset v0.0.0-20230330101229-43b851256042 h1:WMAVBbS+u1zopf0gT1UBTtmmxVRCj9gY1dmnT14PsZM= github.com/corazawaf/coraza-coreruleset v0.0.0-20230330101229-43b851256042/go.mod h1:h7fBXlh00atH/uVC9Lpjawg/RlJCsHjvyVk+bP3ylq8= -github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= -github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= +github.com/corazawaf/coraza/v3 v3.0.2 h1:UHu2WiZnI7iHcv7KOPyKHYfR66cvjAwRm1EC3HGkuC0= +github.com/corazawaf/coraza/v3 v3.0.2/go.mod h1:zvldIncYMuW8xmRcOs37OWRhY3CPWBKbTngIGzR5v4Y= github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= From 0c769c3ad33366fe3f2db499b5cf824de1dfdd10 Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Thu, 6 Jul 2023 00:15:29 +0200 Subject: [PATCH 7/7] chore: reverts path print being already in the combinedoutput --- magefile.go | 1 - 1 file changed, 1 deletion(-) diff --git a/magefile.go b/magefile.go index 3284edd29..840fdb16b 100644 --- a/magefile.go +++ b/magefile.go @@ -89,7 +89,6 @@ func Lint() error { out, err := cmd.CombinedOutput() fmt.Printf(string(out)) if err != nil { - err = fmt.Errorf("running go mod tidy in '%s', %w", path, err) return err } }