Skip to content

Feature/schema improvements #1384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 48 commits into
base: main
Choose a base branch
from
Open

Feature/schema improvements #1384

wants to merge 48 commits into from
+960 −29

Conversation

jcchavezs
Copy link
Member

@jcchavezs jcchavezs commented Jul 7, 2025
edited
Loading

I added some rework on top of the great work done in #1343. One thing I believe we should discuss is if we need https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#user-content-SecXmlExternalEntity to make explicit the collection of those json variables we record additionally now (I would like to hear from @M4tteoP and @airween). Otherwise @cognitivegears do you mind trying this branch?

cognitivegears and others added 30 commits January 3, 2025 22:53
@cognitivegears
Created failing test for issue
d9f23ee
@cognitivegears
Update regex to prevent greedy matching in REST path and add correspo…
497cac1 
…nding test
@cognitivegears
Remove redundant test for query parameters in REST path
37b3372
@jcchavezs
Merge branch 'main' into main
028af6c
@cognitivegears
Added additional tests and fixed additional found edge case with endi…
5173d94 
…ng parameter
@cognitivegears
Added additional test for empty elements
fe24483
@cognitivegears @fzipi
Update internal/operators/restpath.go from suggestion
04e51fe 
Co-authored-by: Felipe Zipitría <[email protected]>
@jptosso
Merge branch 'main' into main
940de82
@M4tteoP
Merge branch 'main' into main
7f29504
@cognitivegears
Merge branch 'corazawaf:main' into main
e50d39d
@cognitivegears
Merge branch 'corazawaf:main' into main
05f2810
@cognitivegears
Merge branch 'corazawaf:main' into main
8a5e4ee
@cognitivegears
Merge branch 'corazawaf:main' into main
28629cc
@cognitivegears
Merge branch 'corazawaf:main' into main
257f434
@cognitivegears
Enhanced validateSchema operator with full JSON Schema and XML schema…
e6b8ee2 
… validation

- Added full JSON Schema validation using kaptinlin/jsonschema
- Added XML Schema validation using terminalstatic/go-xsd-validate
- Implemented lazy initialization to improve performance
- Added test cases
@cognitivegears
Merge branch 'main' into feature/schema
45777b5
@cognitivegears
Increased test coverage
7a7b194
@cognitivegears
Additional unit test coverage for body processors
da536ed
@cognitivegears
Added specific XXE validation tests
5bc63a2
@cognitivegears
Merge branch 'main' into feature/schema
7dd5248
@cognitivegears
Added additional tinygo versions and updated compilation
dad23dc
@cognitivegears
Additional test coverage
98d41c4
@cognitivegears
Merge branch 'corazawaf:main' into main
516413b
@renovate @cognitivegears
fix(deps): update module github.com/corazawaf/coraza-coreruleset/v4 t…
5518358 
…o v4.10.0 in testing/coreruleset/go.mod (#1341)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@cognitivegears
Merge branch 'main' into feature/schema
745164f
@cognitivegears
Updated to fix build failures
e335750
@cognitivegears
Updated dependencies
94f9e9b
@cognitivegears
Removed XML support
8562bae
@cognitivegears
Additional changes so all tests run
7e37be5
@cognitivegears
Simplified and improved code coverage of tinygo version
84a1cae
cognitivegears and others added 17 commits April 17, 2025 19:47
@cognitivegears
Restore old versions of xml.go and xml_test.go since they are no long…
03f5031 
…er needed.
@cognitivegears
Code review changes
c2ac714
@cognitivegears
Changed tinygo implementation to be a stub
55949a8
@cognitivegears
Removed unused code
a883e77
@cognitivegears
Merge branch 'corazawaf:main' into main
b190119
@cognitivegears
Merged latest updates
a88bd5d
@cognitivegears
Fixed test failure from repo changes
025d0ea
@cognitivegears
fix: update dependencies and ran format
88d5043
@cognitivegears
Code review changes for invalid nil checks
204c0bc
@cognitivegears
Changed to validate based on phase per review suggestions
cfaf787
@cognitivegears
Merge branch 'corazawaf:main' into main
952a42d
@cognitivegears
Merge remote-tracking branch 'origin/main' into feature/schema
a0c2116
@cognitivegears
Merge branch 'corazawaf:main' into main
f8238e0
@cognitivegears
Merged and tidied
96b09df
@jcchavezs
Merge branch 'main' into feature/schema
f3b586f
@jcchavezs
chore: some rework to optimize the code.
996b26e
@jcchavezs
fix: tests
9a56c51
@jcchavezs jcchavezs requested a review from a team as a code owner July 7, 2025 08:53
@jcchavezs jcchavezs mentioned this pull request Jul 7, 2025
Open
@codecov Codecov
Copy link

codecov bot commented Jul 7, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 92.37288% with 9 lines in your changes missing coverage. Please review.

Project coverage is 84.47%. Comparing base (13718df) to head (d5f5c89).

Files with missing lines Patch % Lines
internal/bodyprocessors/json.go 78.57% 4 Missing and 2 partials ⚠️
internal/operators/validate_schema.go 96.51% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1384      +/-   ##
==========================================
+ Coverage   84.34%   84.47%   +0.13%     
==========================================
  Files         170      172       +2     
  Lines        9933    10042     +109     
==========================================
+ Hits         8378     8483     +105     
- Misses       1310     1312       +2     
- Partials      245      247       +2
Flag Coverage Δ
coraza.rule.case_sensitive_args_keys 84.43% <92.37%> (+0.13%) ⬆️
coraza.rule.multiphase_evaluation 84.13% <92.37%> (+0.13%) ⬆️
coraza.rule.no_regex_multiline 84.41% <92.37%> (+0.13%) ⬆️
default 84.47% <92.37%> (+0.13%) ⬆️
examples+ 16.16% <1.75%> (-0.17%) ⬇️
examples+coraza.rule.case_sensitive_args_keys 84.43% <92.37%> (+0.13%) ⬆️
examples+coraza.rule.multiphase_evaluation 83.98% <92.37%> (+0.13%) ⬆️
examples+coraza.rule.no_regex_multiline 84.33% <92.37%> (+0.13%) ⬆️
examples+memoize_builders 84.44% <92.10%> (+0.12%) ⬆️
examples+no_fs_access 81.84% <92.37%> (+0.15%) ⬆️
ftw 84.47% <92.37%> (+0.13%) ⬆️
memoize_builders 84.57% <92.10%> (+0.12%) ⬆️
no_fs_access 83.98% <92.37%> (+0.13%) ⬆️
tinygo 84.44% <92.37%> (+0.13%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jcchavezs @cognitivegears @jptosso @M4tteoP