diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..b1f0e5d --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.git +*.md +LICENSE \ No newline at end of file diff --git a/.dockerignore.Dockerfile.server-test b/.dockerignore.Dockerfile.server-test new file mode 100644 index 0000000..0739e29 --- /dev/null +++ b/.dockerignore.Dockerfile.server-test @@ -0,0 +1,3 @@ +build +LICENSE +**/.git \ No newline at end of file diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..c6f65ec --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,159 @@ +name: CI +on: + push: + branches: + - main + paths-ignore: + - "**/*.md" + - "LICENSE" + pull_request: + +env: + GO_VERSION: 1.18 + TINYGO_VERSION: 0.23.0 + +jobs: + test: + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + fetch-depth: 0 + submodules: true + + - name: Install Go + uses: actions/setup-go@v1 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Run tests + shell: bash + run: make test + + build: + runs-on: ubuntu-20.04 + needs: test + steps: + # submodule needs .git folder, which is missing without installing a newer git command + # https://github.com/actions/checkout/issues/335 + - name: "Install latest `git`" + run: | + sudo apt purge git -y + sudo apt-get update && sudo apt-get install -y software-properties-common make + sudo add-apt-repository ppa:git-core/ppa -y + # apt update fails to fetch some repo due to cert failure. Skip them. + sudo apt update || true; sudo apt install -y --no-install-recommends git + + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + fetch-depth: 0 + submodules: true + + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Install TinyGo + run: | + wget https://github.com/tinygo-org/tinygo/releases/download/v${TINYGO_VERSION}/tinygo_${TINYGO_VERSION}_amd64.deb + sudo dpkg -i tinygo_${TINYGO_VERSION}_amd64.deb + export PATH=$PATH:/usr/local/bin + + - name: "Cache generated .wasm file" + uses: actions/cache@v2 + with: + path: | + build/main.wasm + key: ${{ runner.os }}-cache-build-${{ github.sha }} + + - name: Build WASM filter + shell: bash + run: make build + + - name: Install WASM + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + + - name: Install Cargo + uses: actions-rs/cargo@v1 + with: + command: install + args: wasm-tools + + - name: Validate WASM output + shell: bash + run: wasm-tools validate build/main.wasm + + e2e-test: + runs-on: ubuntu-20.04 + needs: build + steps: + - name: "Checkout" + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: "Install func-e" + shell: bash + run: curl https://func-e.io/install.sh | bash -s -- -b /usr/local/bin + + - name: "Restore the wasm files cache" + uses: actions/cache@v2 + with: + path: | + build/main.wasm + key: ${{ runner.os }}-cache-build-${{ github.sha }} + + - name: "Verify build" + shell: bash + run: test -f build/main.wasm + + - name: "Spin up server and envoy" + shell: bash + run: | + func-e run -c e2e/envoy-config.yaml --log-level info --component-log-level wasm:debug & + + - name: "Run tests" + shell: bash + run: | + ./e2e/tests.sh + + package: + runs-on: ubuntu-20.04 + needs: e2e-test + steps: + - name: "Checkout" + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: "Restore the wasm files cache" + uses: actions/cache@v2 + with: + path: | + build/main.wasm + key: ${{ runner.os }}-cache-build-${{ github.sha }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: . + push: ${{ github.event_name == 'push' }} + tags: jcchavezs/coraza-wasm-filter:latest diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index 8f055df..0000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,63 +0,0 @@ -name: CI check -on: - push: - branches: - - main - paths-ignore: - - "**/*.md" - - "LICENSE" - pull_request: - -jobs: - test: - runs-on: ubuntu-20.04 - steps: - # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation - - name: Check out code - uses: actions/checkout@v2.3.4 - with: - fetch-depth: 0 - submodules: true - - - name: Install Go - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - - name: Run tests - shell: bash - run: make test - - build: - needs: [test] - runs-on: ubuntu-20.04 - container: - image: tinygo/tinygo:0.23.0 - steps: - # submodule needs .git folder, which is missing without installing a newer git command - # https://github.com/actions/checkout/issues/335 - - name: "Install latest `git`" - run: | - apt purge git -y - apt-get update && apt-get install -y software-properties-common make - add-apt-repository ppa:git-core/ppa -y - # apt update fails to fetch some repo due to cert failure. Skip them. - apt update || true; apt install -y --no-install-recommends \ - git \ - && apt clean \ - && rm -rf /var/lib/apt/lists/* - - - name: Check out code - uses: actions/checkout@v2.3.4 - with: - fetch-depth: 0 - submodules: true - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: "1.18.1" - - - name: Build WASM filter - shell: bash - run: make build diff --git a/.gitignore b/.gitignore index c795b05..af96791 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -build \ No newline at end of file +.vscode +build diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3cc53c5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM scratch + +LABEL org.opencontainers.image.source=https://github.com/jcchavezs/coraza-wasm-filter + +COPY build/main.wasm /plugin.wasm \ No newline at end of file diff --git a/Dockerfile.server-test b/Dockerfile.server-test new file mode 100644 index 0000000..9118318 --- /dev/null +++ b/Dockerfile.server-test @@ -0,0 +1,38 @@ +FROM ubuntu as func-e-downloader + +RUN apt update && apt -y install curl + +RUN curl https://func-e.io/install.sh | bash -s -- -b /usr/local/bin + +FROM tinygo/tinygo as build-stage + +RUN apt-get install -y build-essential curl + +RUN curl https://sh.rustup.rs -sSf | sh -s -- -y + +RUN ~/.cargo/bin/cargo install wasm-tools + +WORKDIR /usr/src/wasm-filter + +COPY coraza coraza +COPY go.mod go.mod +COPY go.sum go.sum + +RUN go mod download + +COPY main.go main.go +COPY Makefile Makefile + +RUN make build + +RUN ~/.cargo/bin/wasm-tools validate build/main.wasm +RUN ~/.cargo/bin/wasm-tools dump build/main.wasm > build/main.wasm.dump + +FROM func-e-downloader as run-stage + +WORKDIR /usr/bin/wasm-filter + +COPY --from=build-stage /usr/src/wasm-filter/build ./build +COPY e2e/envoy-config.yaml envoy-config.yaml + +ENTRYPOINT ["/usr/local/bin/func-e", "run", "-c envoy-config.yaml", "--log-level info", "--component-log-level wasm:debug"] diff --git a/Makefile b/Makefile index f61cd87..d14e2cc 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,23 @@ +ARTIFACT_NAME="coraza-wasm-filter" +IMAGE_NAME=$(ARTIFACT_NAME):latest +CONTAINER_NAME=$(ARTIFACT_NAME)-build + .PHONY: build build: mkdir -p ./build - tinygo build -o build/main.wasm -scheduler=asyncify -target=wasi ./main.go + tinygo build -o build/main.wasm -scheduler=none -target=wasi ./main.go test: - go test -tags=proxytest ./... \ No newline at end of file + go test -tags="proxytest tinygo" ./... + +server-test-build: + docker build --progress=plain -t $(IMAGE_NAME) -f Dockerfile.server-test . + +server-test-wasm-dump: server-test-build + @docker rm -f $(CONTAINER_NAME) || true + @docker create -ti --name $(CONTAINER_NAME) $(IMAGE_NAME) bash + docker cp $(CONTAINER_NAME):/usr/bin/wasm-filter/build ./ + @docker rm -f $(CONTAINER_NAME) + +server-test-run: server-test-build + docker run -p 8001:8001 $(IMAGE_NAME) \ No newline at end of file diff --git a/coraza b/coraza index ca4b50d..fb53987 160000 --- a/coraza +++ b/coraza @@ -1 +1 @@ -Subproject commit ca4b50d4af61beb04b618b368cc2850de31aa9f8 +Subproject commit fb53987eee71d5bd94604ba6e846b8aa7a57340d diff --git a/e2e/envoy-config.yaml b/e2e/envoy-config.yaml new file mode 100644 index 0000000..53faa31 --- /dev/null +++ b/e2e/envoy-config.yaml @@ -0,0 +1,44 @@ +static_resources: + listeners: + - address: + socket_address: + address: 0.0.0.0 + port_value: 8001 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + codec_type: auto + route_config: + virtual_hosts: + - name: local_route + domains: + - "*" + routes: + - match: { prefix: "/" } + direct_response: + status: 200 + http_filters: + - name: envoy.filters.http.wasm + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm + config: + name: "coraza-filter" + root_id: "" + configuration: + "@type": "type.googleapis.com/google.protobuf.StringValue" + value: | + { + "rules":"SecDebugLogLevel 5 \nSecDebugLog modsec.log \nSecRuleEngine On \nSecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\"" + } + vm_config: + runtime: "envoy.wasm.runtime.v8" + vm_id: "my_vm_id" + code: + local: + filename: "build/main.wasm" + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router diff --git a/e2e/tests.sh b/e2e/tests.sh new file mode 100755 index 0000000..d5a3f4b --- /dev/null +++ b/e2e/tests.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Copied from https://github.com/jcchavezs/modsecurity-wasm-filter-e2e/blob/master/tests.sh + +step=1 +total_steps=3 +max_retries=10 #seconds for the server reachability timeout +health_url="http://localhost:8001" +unfiltered_url="http://localhost:8001/home" +filtered_url="http://localhost:8001/admin" + +# Testing if the server is up +echo "[$step/$total_steps] Testing application reachability" +status_code="000" +while [[ "$status_code" -eq "000" ]]; do + status_code=$(curl --write-out "%{http_code}" --silent --output /dev/null $health_url) + sleep 1 + echo -ne "[Wait] Waiting for response from $health_url. Timeout: ${max_retries}s \r" + ((max_retries-=1)) + if [[ "$max_retries" -eq 0 ]] ; then + echo "[Fail] Timeout waiting for response from $health_url, make sure the server is running." + exit 1 + fi +done +echo -e "\n[Ok] Got status code $status_code, expected 200. Ready to start." + +# Testing envoy container reachability with an unfiltered request +((step+=1)) +echo "[$step/$total_steps] Testing true negative request" +status_code=$(curl --write-out "%{http_code}" --silent --output /dev/null $unfiltered_url) +if [[ "$status_code" -ne 200 ]] ; then + echo "[Fail] Unexpected response with code $status_code from $unfiltered_url" + exit 1 +fi +echo "[Ok] Got status code $status_code, expected 200" + +# Testing filtered request +((step+=1)) +echo "[$step/$total_steps] Testing true positive request" +status_code=$(curl --write-out "%{http_code}" --silent --output /dev/null $filtered_url) +if [[ "$status_code" -ne 403 ]] ; then + echo "[Fail] Unexpected response with code $status_code from $filtered_url" + exit 1 +fi +echo "[Ok] Got status code $status_code, expected 403" + +echo "[Done] All tests passed" \ No newline at end of file diff --git a/envoy-config.yaml b/envoy-config.yaml deleted file mode 100644 index d8d4435..0000000 --- a/envoy-config.yaml +++ /dev/null @@ -1,92 +0,0 @@ -static_resources: - listeners: - - name: main - address: - socket_address: - address: 0.0.0.0 - port_value: 18000 - filter_chains: - - filters: - - name: envoy.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: auto - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: - - "*" - routes: - - match: - prefix: "/" - route: - cluster: web_service - http_filters: - - name: envoy.filters.http.wasm - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - vm_config: - runtime: "envoy.wasm.runtime.v8" - code: - local: - filename: "./build/main.wasm" - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - - name: staticreply - address: - socket_address: - address: 127.0.0.1 - port_value: 8099 - filter_chains: - - filters: - - name: envoy.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: auto - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: - - "*" - routes: - - match: - prefix: "/" - direct_response: - status: 200 - body: - inline_string: "example body\n" - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - clusters: - - name: web_service - connect_timeout: 0.25s - type: STATIC - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: mock_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8099 - -admin: - access_log_path: "/dev/null" - address: - socket_address: - address: 0.0.0.0 - port_value: 8001 diff --git a/go.mod b/go.mod index ca81530..b37affc 100644 --- a/go.mod +++ b/go.mod @@ -13,14 +13,12 @@ require ( github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184 // indirect github.com/corazawaf/libinjection-go v0.0.0-20220207031228-44e9c4250eb5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/kr/text v0.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.8.0 // indirect - go.uber.org/zap v1.21.0 // indirect golang.org/x/net v0.0.0-20220325170049-de3da57026de // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) -replace github.com/corazawaf/coraza/v2 => ./coraza +replace github.com/corazawaf/coraza/v2 v2.0.0 => ./coraza diff --git a/go.sum b/go.sum index 6cf9da3..b971049 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,3 @@ -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184 h1:8yL+85JpbwrIc6m+7N1iYrjn/22z68jwrTIBOJHNe4k= github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184/go.mod h1:tGWUZLZp9ajsxUOnHmFFLnqnlKXsCn6GReG4jAD59H0= github.com/corazawaf/libinjection-go v0.0.0-20220207031228-44e9c4250eb5 h1:SukhxLQRRBM3nJFEUF+ePG7l0JTWAvaxaG/o6X/FQVY= @@ -7,20 +5,14 @@ github.com/corazawaf/libinjection-go v0.0.0-20220207031228-44e9c4250eb5/go.mod h github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/tetratelabs/proxy-wasm-go-sdk v0.18.1-0.20220510133519-6240ca761207 h1:2QpMF4ADtHe8QDgvDJVa04Bu3diiQ04iezw7AaSH9PU= @@ -31,53 +23,16 @@ github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= -go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= -go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220325170049-de3da57026de h1:pZB1TWnKi+o4bENlbzAgLrEbY4RMYmUIRobMcSmfeYc= golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= diff --git a/main.go b/main.go index e492278..29f70c0 100644 --- a/main.go +++ b/main.go @@ -110,7 +110,7 @@ func (ctx *httpHeaders) OnHttpRequestHeaders(numHeaders int, endOfStream bool) t return types.ActionContinue } - tx.ProcessURI(path, method, "1.1") // TODO use the right version + tx.ProcessURI(path, method, "1.1") // TODO use the right HTTP version hs, err := proxywasm.GetHttpRequestHeaders() if err != nil { @@ -124,8 +124,16 @@ func (ctx *httpHeaders) OnHttpRequestHeaders(numHeaders int, endOfStream bool) t interruption := tx.ProcessRequestHeaders() if interruption != nil { - proxywasm.LogInfof("%d interrupted: %v", ctx.contextID, interruption) - return types.ActionPause + proxywasm.LogInfof("%d interrupted, action %q", ctx.contextID, interruption.Action) + statusCode := interruption.Status + if statusCode == 0 { + statusCode = 403 + } + + if err := proxywasm.SendHttpResponse(uint32(statusCode), nil, nil, -1); err != nil { + panic(err) + } + return types.ActionContinue } return types.ActionContinue diff --git a/main_test.go b/main_test.go index 13e985f..ee0685d 100644 --- a/main_test.go +++ b/main_test.go @@ -29,7 +29,7 @@ func TestHttpHeaders_OnHttpRequestHeaders(t *testing.T) { }, "matching URL": { path: "/admin", - expectedAction: types.ActionPause, + expectedAction: types.ActionContinue, }, } { t.Run(name, func(t *testing.T) {