diff --git a/go.mod b/go.mod index 77f779cd7bf64..ee61bcad53351 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/corazawaf/coraza/v3 v3.0.0-20220818013656-f749c07295aa github.com/magefile/mage v1.13.0 github.com/stretchr/testify v1.7.1 - github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220825081430-0fa40edeb849 + github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220829035735-38b446650d06 github.com/tidwall/gjson v1.14.2 ) diff --git a/go.sum b/go.sum index 335c1d5d78186..d68c25ce871d8 100644 --- a/go.sum +++ b/go.sum @@ -25,8 +25,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220825081430-0fa40edeb849 h1:DzsvWwG6QyWMUtWpMx4syg5bHypq8hhAUdxQAF04G68= -github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220825081430-0fa40edeb849/go.mod h1:5t/pWFNJ9eMyu/K/Z+OeGhDJ9sN9eCo8fc2pyM/Qjg4= +github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220829035735-38b446650d06 h1:3R/erLLx9N1RTGNdHxGAEDQWduxO5SgwRRjCBK0f1/A= +github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220829035735-38b446650d06/go.mod h1:5t/pWFNJ9eMyu/K/Z+OeGhDJ9sN9eCo8fc2pyM/Qjg4= github.com/tetratelabs/wazero v0.0.0-20220819021810-7f8e629c653f h1:+InPNMTyR4bufxW+MzqigSOXpe9Ph++NOIz/N9wtEYs= github.com/tetratelabs/wazero v0.0.0-20220819021810-7f8e629c653f/go.mod h1:CD5smBN5rGZo7UNe8aUiWyYE3bDWED/CQSonog9NSEg= github.com/tidwall/gjson v1.14.2 h1:6BBkirS0rAHjumnjHF6qgy5d2YAJ1TLIaFE2lzfOLqo= diff --git a/main_test.go b/main_test.go index a7556d58053dd..f90792ddbd70a 100644 --- a/main_test.go +++ b/main_test.go @@ -107,9 +107,16 @@ SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_BODY \"name=yogi\" \" responded403: false, }, { - name: "request body denied", + name: "request body denied, end of body", rules: ` SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_BODY \"name=pooh\" \"id:101,phase:2,t:lowercase,deny\" +`, + responded403: true, + }, + { + name: "request body denied, start of body", + rules: ` +SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_BODY \"animal=bear\" \"id:101,phase:2,t:lowercase,deny\" `, responded403: true, }, @@ -163,9 +170,16 @@ SecRuleEngine On\nSecResponseBodyAccess On\nSecRule RESPONSE_BODY \"@contains po responded403: false, }, { - name: "response body denied", + name: "response body denied, end of body", rules: ` SecRuleEngine On\nSecResponseBodyAccess On\nSecRule RESPONSE_BODY \"@contains yogi\" \"id:101,phase:4,t:lowercase,deny\" +`, + responded403: true, + }, + { + name: "response body denied, start of body", + rules: ` +SecRuleEngine On\nSecResponseBodyAccess On\nSecRule RESPONSE_BODY \"@contains hello\" \"id:101,phase:4,t:lowercase,deny\" `, responded403: true, }, @@ -195,14 +209,34 @@ SecRuleEngine On\nSecResponseBodyAccess On\nSecRule RESPONSE_BODY \"@contains yo action := host.CallOnRequestHeaders(id, reqHdrs, false) require.Equal(t, types.ActionContinue, action) - action = host.CallOnRequestBody(id, reqBody, true) - require.Equal(t, types.ActionContinue, action) + // Stream bodies in chunks of 5 + + for i := 0; i < len(reqBody); i += 5 { + eos := i+5 >= len(reqBody) + var body []byte + if eos { + body = reqBody[i:] + } else { + body = reqBody[i : i+5] + } + action = host.CallOnRequestBody(id, body, eos) + require.Equal(t, types.ActionContinue, action) + } action = host.CallOnResponseHeaders(id, respHdrs, false) require.Equal(t, types.ActionContinue, action) - action = host.CallOnResponseBody(id, respBody, true) - require.Equal(t, types.ActionContinue, action) + for i := 0; i < len(respBody); i += 5 { + eos := i+5 >= len(respBody) + var body []byte + if eos { + body = respBody[i:] + } else { + body = respBody[i : i+5] + } + action = host.CallOnResponseBody(id, body, eos) + require.Equal(t, types.ActionContinue, action) + } // Call OnHttpStreamDone. host.CompleteHttpContext(id)