Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Waf truly immutable #371

Closed
anuraaga opened this issue Aug 31, 2022 · 3 comments
Closed

Make Waf truly immutable #371

anuraaga opened this issue Aug 31, 2022 · 3 comments
Labels
v3
Milestone
v3 alpha

Comments

@anuraaga
Copy link
Contributor

Currently Waf is implied to be immutable with a doc

https://github.com/corazawaf/coraza/blob/v3/dev/waf.go#L43

Docs can be easily missed, especially in code that is not creating the Waf itself. I think it would be a good idea to make the code itself immutable. It will be a significant refactoring, but it could be worth doing to make the experience more safe for users, and to make it easier for coraza developers to reason about the code being safe.

type Waf interface {
} // interface, not struct, for immutability

config := coraza.NewWafConfig().
  WithRulesFromFile(path).
  WithRule().
  WithResponseBodyLimit().
  WithTmpDir()

waf := coraza.NewWafWithConfig(config)

tx := waf.NewTransaction(ctx)

...
@anuraaga anuraaga mentioned this issue Aug 31, 2022
Merged
@jptosso jptosso mentioned this issue Aug 31, 2022
Closed
@anuraaga anuraaga mentioned this issue Aug 31, 2022
Closed
14 tasks
@jptosso
Copy link
Member

jptosso commented Aug 31, 2022

The problem with this change is that we would be required to rename the seclang project into config, and use the config package to create the coraza.NewWafWithConfig()

Other problem we might face is that connectors can actually replace the *Waf pointer to "reload" rules

@anuraaga
Copy link
Contributor Author

anuraaga commented Sep 2, 2022

I am going to dedicate next week to prototyping on this. For context, my expectation is to use seclang, while likely moving it to internal as an implementation detail of configuration. But will look at this more.

Other problem we might face is that connectors can actually replace the *Waf pointer to "reload" rules

Generally I have seen dynamic reload to have access to all configuration so should be able to create a new immutable WAF. If finding cases of small tweaks, we can at that point support recreating a still immutable WAF I think

@jptosso
Copy link
Member

jptosso commented Sep 2, 2022

The other problem we might face is how to handle seclang as an independent package. coraza package cannot consume seclang as it would create circular dependencies issues.

Maybe we should use the seclang package to send config.WithRule(*coraza.Rule) to the waf instance. That way waf would still be abstracted from seclang.

@anuraaga anuraaga mentioned this issue Sep 5, 2022
Merged
@fzipi fzipi added the v4 Work for v4 label Sep 7, 2022
@jptosso jptosso added v3 and removed v4 Work for v4 labels Sep 9, 2022
@jptosso jptosso added this to the v3 alpha milestone Sep 9, 2022
@jptosso jptosso closed this as completed Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v3
Projects
None yet
Milestone
v3 alpha
Development

No branches or pull requests
3 participants
@anuraaga @jptosso @fzipi