Upgrades coraza 249700b5 (#47)

* chore: upgrades coraza to 249700b5 * chore: adds mage file to align with other repos. * chore: fixes license. * chore(ci): avoids duplicated run on PR. * chore(ci): splits lint and test in different workflows. * chore(ci): fixes coverage target. * chore(ci): only runs lint on master. * chore(ci): fixes golang CI timeout. * chore: minor nit. * chore: removes unused error.
corazawaf · Feb 24, 2023 · e5bec90 · e5bec90
1 parent fb28193
commit e5bec90
Show file tree

Hide file tree

Showing 14 changed files with 213 additions and 132 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,18 @@
+name: Lint (pre-commit)
+
+on:
+  pull_request:
+  push:
+    branches:
+      - "master"
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: v1.18.x
+          cache: true
+      - run: go run mage.go lint
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -2,16 +2,15 @@ name: Tests
 
 on:
   push:
-    branches: 
-      - '*'
+    branches:
+      - "master"
     paths-ignore:
       - "**/*.md"
-      - "LICENSE"      
+      - "LICENSE"
   pull_request:
-    branches: [ master ]
     paths-ignore:
       - "**/*.md"
-      - "LICENSE"    
+      - "LICENSE"
 
 jobs:
   test:
@@ -21,21 +20,14 @@ jobs:
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Install Go
-      uses: actions/setup-go@v2
-      with:
-        go-version: ${{ matrix.go-version }}
-    - name: Checkout code
-      uses: actions/checkout@v2
-      with:
-        lfs: true
-        fetch-depth: 0 #for better blame info
-    - name: Download vendored dependencies
-      run: go mod vendor
-    - name: Tests and coverage
-      run: go test -v -coverpkg=./... -coverprofile=coverage-coraza-caddy.out ./...   
-#    - name: SonarCloud Scan
-#      uses: sonarsource/sonarcloud-github-action@master
-#      env:
-#        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-#        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}      
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          lfs: true
+          fetch-depth: 0 #for better blame info
+      - name: Tests and coverage
+        run: go run mage.go coverage
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,24 @@
+run:
+  deadline: 5m
+
+linters:
+  disable-all: true
+  enable:
+    # Enabled by default, see https://golangci-lint.run/usage/linters#enabled-by-default
+    - deadcode
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unused
+    - varcheck
+    - goimports
+    - gofmt
+    - gocritic
+issues:
+  exclude-rules:
+    - path: magefile\.go
+      linters:
+        - deadcode
diff --git a/caddy/main.go b/caddy/main.go
@@ -1,23 +1,12 @@
-// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright 2023 The OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
 
 package main
 
 import (
 	caddycmd "github.com/caddyserver/caddy/v2/cmd"
-
 	_ "github.com/caddyserver/caddy/v2/modules/standard"
+
 	_ "github.com/corazawaf/coraza-caddy"
 )
 

diff --git a/coraza.go b/coraza.go
@@ -1,21 +1,9 @@
-// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright 2023 The OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
 
 package coraza
 
 import (
-	"fmt"
 	"io"
 	"net/http"
 	"path/filepath"
@@ -119,7 +107,7 @@ func (m corazaModule) ServeHTTP(w http.ResponseWriter, r *http.Request, next cad
 		return interrupt(nil, tx, id)
 	}
 	if !rec.Buffered() {
-		//Nothing to do, response was already sent to the client
+		// Nothing to do, response was already sent to the client
 		return nil
 	}
 
@@ -154,7 +142,7 @@ func (m *corazaModule) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 		case "directives":
 			m.Directives = value
 		default:
-			return d.Err(fmt.Sprintf("invalid key for filter directive: %s", key))
+			return d.Errf("invalid key for filter directive: %s", key)
 		}
 	}
 	return nil

diff --git a/coraza_test.go b/coraza_test.go
@@ -1,24 +1,12 @@
-// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright 2023 The OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
 
 package coraza
 
 import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"mime/multipart"
 	"net/http"
 	"os"
@@ -47,7 +35,7 @@ func TestPlugin(t *testing.T) {
 func TestPluginReload(t *testing.T) {
 	tester := caddytest.NewTester(t)
 	configFile := "test.init.config"
-	configContent, err := ioutil.ReadFile(configFile)
+	configContent, err := os.ReadFile(configFile)
 	if err != nil {
 		t.Fatalf("Failed to load configuration file %s: %s", configFile, err)
 	}
@@ -130,7 +118,9 @@ func multipartRequest(req *http.Request) error {
 	defer os.Remove(tempfile.Name())
 	for i := 0; i < 1024*5; i++ {
 		// this should create a 5mb file
-		tempfile.Write([]byte(strings.Repeat("A", 1024)))
+		if _, err := tempfile.Write([]byte(strings.Repeat("A", 1024))); err != nil {
+			return err
+		}
 	}
 	var fw io.Writer
 	if fw, err = w.CreateFormFile("fupload", tempfile.Name()); err != nil {
@@ -142,15 +132,15 @@ func multipartRequest(req *http.Request) error {
 	if _, err = io.Copy(fw, tempfile); err != nil {
 		return err
 	}
-	req.Body = ioutil.NopCloser(&b)
+	req.Body = io.NopCloser(&b)
 	req.Header.Set("Content-Type", w.FormDataContentType())
 	req.Method = "POST"
 	return nil
 }
 
 func newTester(caddyfile string, t *testing.T) (*caddytest.Tester, error) {
 	tester := caddytest.NewTester(t)
-	configContent, err := ioutil.ReadFile(caddyfile)
+	configContent, err := os.ReadFile(caddyfile)
 	if err != nil {
 		return nil, fmt.Errorf("failed to load configuration file %s: %s", caddyfile, err)
 	}

diff --git a/go.mod b/go.mod
@@ -4,7 +4,8 @@ go 1.18
 
 require (
 	github.com/caddyserver/caddy/v2 v2.6.2
-	github.com/corazawaf/coraza/v3 v3.0.0-20230213125646-20a1ae3546bf
+	github.com/corazawaf/coraza/v3 v3.0.0-20230222164726-1ac270a3257d
+	github.com/magefile/mage v1.14.0
 	go.uber.org/zap v1.24.0
 )
 
@@ -62,7 +63,6 @@ require (
 	github.com/klauspost/cpuid/v2 v2.1.1 // indirect
 	github.com/libdns/libdns v0.2.1 // indirect
 	github.com/lucas-clemente/quic-go v0.29.2 // indirect
-	github.com/magefile/mage v1.14.0 // indirect
 	github.com/manifoldco/promptui v0.9.0 // indirect
 	github.com/marten-seemann/qpack v0.2.1 // indirect
 	github.com/marten-seemann/qtls-go1-18 v0.1.3 // indirect
@@ -125,7 +125,7 @@ require (
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
 	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.6.0 // indirect
+	golang.org/x/net v0.7.0 // indirect
 	golang.org/x/sys v0.5.0 // indirect
 	golang.org/x/term v0.5.0 // indirect
 	golang.org/x/text v0.7.0 // indirect

diff --git a/go.sum b/go.sum
@@ -123,8 +123,8 @@ github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/corazawaf/coraza/v3 v3.0.0-20230213125646-20a1ae3546bf h1:bgVBSoTjBR2Hf8zJ0NiiRhkcWBi8+6INS2kAPbWOCuk=
-github.com/corazawaf/coraza/v3 v3.0.0-20230213125646-20a1ae3546bf/go.mod h1:dXFswKzaDVm4SsHAyvi12A4yLfg2bVx/myCBkyGALGU=
+github.com/corazawaf/coraza/v3 v3.0.0-20230222164726-1ac270a3257d h1:YvEtALG4vAMYp7onNtiw4VnEGSdV946bOHfGTlUE+cg=
+github.com/corazawaf/coraza/v3 v3.0.0-20230222164726-1ac270a3257d/go.mod h1:Eyif7jcOWEWJxyIj1JrStVR7vTjCBB5mbd+0FE9uYaQ=
 github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM=
 github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -842,8 +842,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

diff --git a/http.go b/http.go
@@ -1,21 +1,9 @@
-// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright 2023 The OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
 
 package coraza
 
 import (
-	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -99,7 +87,7 @@ func parseServerName(host string) (string, error) {
 	serverName, _, err := net.SplitHostPort(host)
 	if err != nil {
 		// missing port or bad format
-		err = errors.New(fmt.Sprintf("failed to parse server name from authority %q, %v", host, err))
+		err = fmt.Errorf("failed to parse server name from authority %q, %v", host, err)
 		serverName = host
 	}
 	// anyways serverName is returned

diff --git a/http_test.go b/http_test.go
@@ -1,16 +1,5 @@
-// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright 2023 The OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
 
 package coraza
 

diff --git a/mage.go b/mage.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build ignore
+// +build ignore
+
+// Entrypoint to mage for running without needing to install the command.
+// https://magefile.org/zeroinstall/
+package main
+
+import (
+	"os"
+
+	"github.com/magefile/mage/mage"
+)
+
+func main() {
+	os.Exit(mage.Main())
+}