fix: replaces filesystem library.

README.md

@@ -61,14 +61,20 @@ go run mage.go test
 
 ## Using OWASP Core Ruleset
 
-Clone the [coreruleset repository](https://github.com/coreruleset/coreruleset) and download the default coraza configurations from [Coraza repository](https://raw.githubusercontent.com/corazawaf/coraza/v2/master/coraza.conf-recommended), then add the following to you coraza_waf directive:
+You can load OWASP CRS by passing the field `load_owasp_crs` and then load the CRS files in the directives as described in the [coraza-coreruleset](https://github.com/corazawaf/coraza-coreruleset) documentation.
 
-```seclang
-include caddypath/coraza.conf-recommended
-include caddypath/coreruleset/crs-setup.conf.example
-include caddypath/coreruleset/rules/*.conf
-```
-
-## Known Issues
+```caddy
+:8080 {
+ coraza_waf {
+  load_owasp_crs
+  directives `
+   Include @coraza.conf-recommended
+   Include @crs-setup.conf.example
+   Include @owasp_crs/*.conf
+   SecRuleEngine On
+  `
+ }
 
-## FAQ
+ reverse_proxy httpbin:8081
+}
+```

coraza.go

@@ -13,10 +13,10 @@ import (
 	"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	coreruleset "github.com/corazawaf/coraza-coreruleset"
-	"github.com/corazawaf/coraza-coreruleset/io"
 	"github.com/corazawaf/coraza/v3"
 	"github.com/corazawaf/coraza/v3/types"
-	"github.com/yalue/merged_fs"
+	"github.com/jcchavezs/mergefs"
+	"github.com/jcchavezs/mergefs/io"
 	"go.uber.org/zap"
 )
 
@@ -28,8 +28,9 @@ func init() {
 // corazaModule is a Web Application Firewall implementation for Caddy.
 type corazaModule struct {
 	// deprecated
-	Include    []string `json:"include"`
-	Directives string   `json:"directives"`
+	Include      []string `json:"include"`
+	Directives   string   `json:"directives"`
+	LoadOWASPCRS bool     `json:"load_owasp_crs"`
 
 	logger *zap.Logger
 	waf    coraza.WAF
@@ -49,15 +50,18 @@ func (m *corazaModule) Provision(ctx caddy.Context) error {
 
 	config := coraza.NewWAFConfig().
 		WithErrorCallback(newErrorCb(m.logger)).
-		WithDebugLogger(newLogger(m.logger)).
-		WithRootFS(merged_fs.NewMergedFS(coreruleset.FS, io.OSFS))
+		WithDebugLogger(newLogger(m.logger))
+
+	if m.LoadOWASPCRS {
+		config = config.WithRootFS(mergefs.Merge(coreruleset.FS, io.OSFS))
+	}
 
 	if m.Directives != "" {
 		config = config.WithDirectives(m.Directives)
 	}
 
 	if len(m.Include) > 0 {
-		m.logger.Warn("include field is deprecated, please use the Include directive inside 'directives' field instead")
+		m.logger.Warn("'include' field is deprecated, please use the Include directive inside 'directives' field instead")
 		for _, file := range m.Include {
 			if strings.Contains(file, "*") {
 				m.logger.Debug("Preparing to expand glob", zap.String("pattern", file))
@@ -150,24 +154,32 @@ func (m *corazaModule) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 	m.Include = []string{}
 	for d.NextBlock(0) {
 		key := d.Val()
-		var value string
-		if !d.Args(&value) {
-			// not enough args
-			return d.ArgErr()
-		}
+		switch key {
+		case "load_owasp_crs":
+			if d.NextArg() {
+				return d.ArgErr()
+			}
+			m.LoadOWASPCRS = true
+		case "directives", "include":
+			var value string
+			if !d.Args(&value) {
+				// not enough args
+				return d.ArgErr()
+			}
 
-		if d.NextArg() {
-			// too many args
-			return d.ArgErr()
-		}
+			if d.NextArg() {
+				// too many args
+				return d.ArgErr()
+			}
 
-		switch key {
-		case "include":
-			m.Include = append(m.Include, value)
-		case "directives":
-			m.Directives = value
+			switch key {
+			case "include":
+				m.Include = append(m.Include, value)
+			case "directives":
+				m.Directives = value
+			}
 		default:
-			return d.Errf("invalid key for filter directive: %s", key)
+			return d.Errf("invalid key %q", key)
 		}
 	}
 

coraza_test.go

@@ -169,15 +169,23 @@ func TestUnmarshalCaddyfile(t *testing.T) {
 			}`,
 			shouldErr: true,
 		},
+
 		"invalid config for unexpected key": {
 			config: `coraza_waf {
 				unknown_key first_arg
 			}`,
 			shouldErr: true,
 		},
+		"invalid config for load_owasp_crs with value": {
+			config: `coraza_waf {
+				load_owasp_crs next_arg
+			}`,
+			shouldErr: true,
+		},
 		"valid config": {
 			config: `coraza_waf {
-				directives ` + "``" + `
+				load_owasp_crs
+				directives ` + "`Include my-rules.conf`" + `
 			}`,
 		},
 	}

e2e/Caddyfile

@@ -6,6 +6,7 @@
 
 :8080 {
 	coraza_waf {
+		load_owasp_crs
 		directives `
 			Include @coraza.conf-recommended
 			Include @crs-setup.conf.example

go.mod

@@ -4,10 +4,10 @@ go 1.18
 
 require (
 	github.com/caddyserver/caddy/v2 v2.6.2
-	github.com/corazawaf/coraza-coreruleset v0.0.0-20230313182618-4e081de217cb
+	github.com/corazawaf/coraza-coreruleset v0.0.0-20230405190458-b4d2a6f6bdfc
 	github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230329004849-daf3747c8c45
+	github.com/jcchavezs/mergefs v0.0.0-20230405222254-20429875efdd
 	github.com/magefile/mage v1.14.0
-	github.com/yalue/merged_fs v1.2.3
 	go.uber.org/zap v1.24.0
 )
 

go.sum

@@ -123,8 +123,8 @@ github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/corazawaf/coraza-coreruleset v0.0.0-20230313182618-4e081de217cb h1:oTPsaA/dCsrRHm8p6zhHH6ixEPJC3WDmpitNpPMb/KY=
-github.com/corazawaf/coraza-coreruleset v0.0.0-20230313182618-4e081de217cb/go.mod h1:h7fBXlh00atH/uVC9Lpjawg/RlJCsHjvyVk+bP3ylq8=
+github.com/corazawaf/coraza-coreruleset v0.0.0-20230405190458-b4d2a6f6bdfc h1:EU5PEFuQ4PTzkz2YFoCQwI73gu8GW95txz3dMNGsseA=
+github.com/corazawaf/coraza-coreruleset v0.0.0-20230405190458-b4d2a6f6bdfc/go.mod h1:7rsocqNDkTCira5T0M7buoKR2ehh7YZiPkzxRuAgvVU=
 github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230329004849-daf3747c8c45 h1:ROPaiSu+KA0Z4/dgUbvLVi6VCSKa/98PB78fh5WZpxI=
 github.com/corazawaf/coraza/v3 v3.0.0-rc.1.0.20230329004849-daf3747c8c45/go.mod h1:BKoHfX9ElA9uw7GBtKisLYM1snL2TRnA55GTA+Z/4ow=
 github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM=
@@ -389,6 +389,8 @@ github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0f
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jcchavezs/mergefs v0.0.0-20230405222254-20429875efdd h1:wj0PapN9ZM27EnZqqtvVHUpRUWDHEK3/H7gkBFj1qyw=
+github.com/jcchavezs/mergefs v0.0.0-20230405222254-20429875efdd/go.mod h1:BGD4X4tm4ZCbtShoISaG4Ama2L3NOq7y6cvuOxbYgzs=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -646,13 +648,17 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ=
 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0=
 github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=
@@ -671,8 +677,6 @@ github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yalue/merged_fs v1.2.3 h1:lJ32O+ZiVF4h+4SD8e7IfG8+V2Em4LPcT3Z7h2n2TrY=
-github.com/yalue/merged_fs v1.2.3/go.mod h1:WqqchfVYQyclV2tnR7wtRhBddzBvLVR83Cjw9BKQw0M=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

magefile.go

@@ -72,7 +72,12 @@ func Test() error {
 
 // E2e runs e2e tests with a built plugin against the example deployment. Requires docker-compose.
 func E2e() error {
-	return sh.RunV("docker-compose", "-f", "e2e/docker-compose.yml", "up", "--abort-on-container-exit", "tests")
+	var err error
+	if err = sh.RunV("docker-compose", "-f", "e2e/docker-compose.yml", "up", "--abort-on-container-exit", "tests"); err != nil {
+		sh.RunV("docker-compose", "-f", "e2e/docker-compose.yml", "logs", "caddy")
+	}
+
+	return err
 }
 
 func Coverage() error {