From cacdcd75b6e57c89016d42661ee1915b0cba58ac Mon Sep 17 00:00:00 2001 From: bui Date: Thu, 4 May 2023 11:05:41 +0200 Subject: [PATCH] use fork --- go.mod | 2 ++ go.sum | 4 ++-- pkg/acquisition/modules/waf/waf.go | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a9689aa29..8a1e0a570 100644 --- a/go.mod +++ b/go.mod @@ -202,3 +202,5 @@ require ( ) replace golang.org/x/time/rate => github.com/crowdsecurity/crowdsec/pkg/time/rate v0.0.0 + +replace github.com/corazawaf/coraza/v3 => github.com/buixor/coraza/v3 v3.0.1-0.20230504085753-fc713bf319a7 diff --git a/go.sum b/go.sum index 080319a76..19531d920 100644 --- a/go.sum +++ b/go.sum @@ -127,6 +127,8 @@ github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw= github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/buixor/coraza/v3 v3.0.1-0.20230504085753-fc713bf319a7 h1:PFVMacp5znNLuSeTXuSeRVEUXvqAuVDfab1NdwAb3+s= +github.com/buixor/coraza/v3 v3.0.1-0.20230504085753-fc713bf319a7/go.mod h1:TKREBLh55w3SiBbLsQpH9EFzjBAmEUH4KRaZ/kFYz20= github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU= github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -151,8 +153,6 @@ github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMe github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/corazawaf/coraza/v3 v3.0.0-rc.2 h1:nV80E4+d5qQhH8NY6SyYP7YMQpfbZ2TnZHQT29/zU6M= -github.com/corazawaf/coraza/v3 v3.0.0-rc.2/go.mod h1:TKREBLh55w3SiBbLsQpH9EFzjBAmEUH4KRaZ/kFYz20= github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= diff --git a/pkg/acquisition/modules/waf/waf.go b/pkg/acquisition/modules/waf/waf.go index e6a0f2f1f..f3fe77dfc 100644 --- a/pkg/acquisition/modules/waf/waf.go +++ b/pkg/acquisition/modules/waf/waf.go @@ -206,6 +206,10 @@ func processReqWithEngine(waf coraza.WAF, r *http.Request) (*corazatypes.Interru tx.Close() }() + //this method is not exported by coraza, so we have to do it ourselves. + //ideally, this would be dealt with by expr code, and we provide helpers to manipulate the transaction object? + tx.RemoveRuleByID(1) + tx.ProcessConnection(r.RemoteAddr, 0, "", 0) tx.ProcessURI(r.URL.String(), r.Method, r.Proto) //FIXME: get it from the headers