Merge branch 'main' into renovate/github.com-caddyserver-caddy-v2-2.x

coraza.go

@@ -1,4 +1,4 @@
-// Copyright 2023 The OWASP Coraza contributors
+// Copyright 2025 The OWASP Coraza contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package coraza

coraza_test.go

@@ -1,37 +1,32 @@
-// Copyright 2023 The OWASP Coraza contributors
+// Copyright 2025 The OWASP Coraza contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package coraza
 
 import (
 	"bytes"
-	"fmt"
 	"io"
 	"mime/multipart"
 	"net/http"
 	"os"
 	"strings"
 	"testing"
-	"time"
 
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/caddyserver/caddy/v2/caddytest"
+	"github.com/stretchr/testify/require"
 )
 
 const baseURL = "http://127.0.0.1:8080"
 
 func TestPlugin(t *testing.T) {
-	tester, err := newTester("test.init.config", t)
-	if err != nil {
-		t.Fatal(err)
-	}
+	tester := newTester("test.init.config", t)
+
 	res, _ := tester.AssertGetResponse(baseURL+"/test", 200, "test123")
 	// Comes from https://github.com/corazawaf/coraza-caddy/blob/5e8337/test.init.config#L17
 	if len(res.Header.Get("x-request-id")) == 0 {
 		t.Fatal("X-Request-Id header is not set")
 	}
-
-	time.Sleep(1 * time.Second)
 }
 
 func TestPluginReload(t *testing.T) {
@@ -47,127 +42,92 @@ func TestPluginReload(t *testing.T) {
 
 	tester.InitServer(rawConfig, "caddyfile")
 	tester.AssertGetResponse(baseURL+"/test", 200, "test456")
-
-	time.Sleep(1 * time.Second)
 }
 
 func TestSimpleRule(t *testing.T) {
-	tester, err := newTester("test.init.config", t)
-	if err != nil {
-		t.Fatal(err)
-	}
+	tester := newTester("test.init.config", t)
+
 	req, _ := http.NewRequest("GET", baseURL+"/test5", nil)
 	tester.AssertResponseCode(req, 403)
 
-	time.Sleep(1 * time.Second)
-
 	req, _ = http.NewRequest("GET", baseURL+"/test_include1", nil)
 	tester.AssertResponseCode(req, 403)
 
-	time.Sleep(1 * time.Second)
-
 	req, _ = http.NewRequest("GET", baseURL+"/test_include2", nil)
 	tester.AssertResponseCode(req, 403)
-
-	time.Sleep(1 * time.Second)
 }
 
 func TestPhase3Disruption(t *testing.T) {
-	tester, err := newTester("test.init.config", t)
-	if err != nil {
-		t.Fatal(err)
-	}
+	tester := newTester("test.init.config", t)
+
 	req, _ := http.NewRequest("GET", baseURL+"/test6", nil)
 	tester.AssertResponseCode(req, 403)
-
-	time.Sleep(1 * time.Second)
 }
 
 func TestPostUrlEncoded(t *testing.T) {
-	tester, err := newTester("test.init.config", t)
-	if err != nil {
-		t.Fatal(err)
-	}
+	tester := newTester("test.init.config", t)
+
 	b := strings.NewReader("adsf=qwer" + strings.Repeat("a", 1000))
 	req, _ := http.NewRequest("POST", baseURL+"/test", b)
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
 	tester.AssertResponseCode(req, 200)
-
-	time.Sleep(1 * time.Second)
 }
 
 func TestPostMultipart(t *testing.T) {
-	tester, err := newTester("test.init.config", t)
-	if err != nil {
-		t.Fatal(err)
-	}
+	tester := newTester("test.init.config", t)
+
 	req, _ := http.NewRequest("POST", baseURL+"/", nil)
-	if err := multipartRequest(req); err != nil {
-		t.Fatal(err)
-	}
-	tester.AssertResponseCode(req, 200)
-	time.Sleep(1 * time.Second)
-}
 
-func TestClientIpRule(t *testing.T) {
-	tester, err := newTester("test.init.config", t)
-	if err != nil {
-		t.Fatal(err)
-	}
+	fillRequestWithMultipartContent(t, req)
 
-	// client_ip will be 127.0.0.1
-	req, _ := http.NewRequest("GET", baseURL+"/", nil)
 	tester.AssertResponseCode(req, 200)
-
-	time.Sleep(1 * time.Second)
-
-	// client_ip will be 127.0.0.2
-	req, _ = http.NewRequest("GET", baseURL+"/", nil)
-	req.Header.Add("X-Forwarded-For", "127.0.0.2")
-	tester.AssertResponseCode(req, 403)
-
-	time.Sleep(1 * time.Second)
-
 }
 
-func multipartRequest(req *http.Request) error {
+func fillRequestWithMultipartContent(t *testing.T, req *http.Request) {
 	var b bytes.Buffer
 	w := multipart.NewWriter(&b)
-	tempfile, err := os.CreateTemp("/tmp", "tmpfile*")
-	if err != nil {
-		return err
-	}
-	defer os.Remove(tempfile.Name())
+	tempfile, err := os.CreateTemp(t.TempDir(), "tmpfile*")
+	require.NoError(t, err)
+
 	for i := 0; i < 1024*5; i++ {
 		// this should create a 5mb file
-		if _, err := tempfile.Write([]byte(strings.Repeat("A", 1024))); err != nil {
-			return err
-		}
+		_, err := tempfile.Write([]byte(strings.Repeat("A", 1024)))
+		require.NoError(t, err)
 	}
 	var fw io.Writer
-	if fw, err = w.CreateFormFile("fupload", tempfile.Name()); err != nil {
-		return err
-	}
-	if _, err := tempfile.Seek(0, 0); err != nil {
-		return err
-	}
-	if _, err = io.Copy(fw, tempfile); err != nil {
-		return err
-	}
+	fw, err = w.CreateFormFile("fupload", tempfile.Name())
+	require.NoError(t, err)
+
+	_, err = tempfile.Seek(0, 0)
+	require.NoError(t, err)
+
+	_, err = io.Copy(fw, tempfile)
+	require.NoError(t, err)
+
 	req.Body = io.NopCloser(&b)
 	req.Header.Set("Content-Type", w.FormDataContentType())
 	req.Method = "POST"
-	return nil
 }
 
-func newTester(caddyfile string, t *testing.T) (*caddytest.Tester, error) {
+func TestClientIpRule(t *testing.T) {
+	tester := newTester("test.init.config", t)
+
+	// client_ip will be 127.0.0.1
+	req, _ := http.NewRequest("GET", baseURL+"/", nil)
+	tester.AssertResponseCode(req, 200)
+
+	// client_ip will be 127.0.0.2
+	req, _ = http.NewRequest("GET", baseURL+"/", nil)
+	req.Header.Add("X-Forwarded-For", "127.0.0.2")
+	tester.AssertResponseCode(req, 403)
+}
+
+func newTester(caddyfile string, t *testing.T) *caddytest.Tester {
 	tester := caddytest.NewTester(t)
 	configContent, err := os.ReadFile(caddyfile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load configuration file %q: %s", caddyfile, err)
-	}
+	require.NoError(t, err)
 	tester.InitServer(string(configContent), "caddyfile")
-	return tester, nil
+	return tester
 }
 
 func TestUnmarshalCaddyfile(t *testing.T) {
@@ -216,12 +176,10 @@ func TestUnmarshalCaddyfile(t *testing.T) {
 			dispenser := caddyfile.NewTestDispenser(test.config)
 			m := &corazaModule{}
 			err := m.UnmarshalCaddyfile(dispenser)
-			if test.shouldErr && err == nil {
-				t.Fatal("Expected error but got nil")
-			}
-
-			if !test.shouldErr && err != nil {
-				t.Fatalf("Expected no error but got: %v", err)
+			if test.shouldErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
 			}
 		})
 	}

go.mod

@@ -7,7 +7,7 @@ toolchain go1.22.10
 require (
 	github.com/caddyserver/caddy/v2 v2.9.1
 	github.com/corazawaf/coraza-coreruleset/v4 v4.7.0
-	github.com/corazawaf/coraza/v3 v3.3.1
+	github.com/corazawaf/coraza/v3 v3.3.2
 	github.com/jcchavezs/mergefs v0.1.0
 	github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516
 	github.com/stretchr/testify v1.10.0

go.sum

@@ -133,8 +133,8 @@ github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc h1:Ol
 github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc/go.mod h1:7rsocqNDkTCira5T0M7buoKR2ehh7YZiPkzxRuAgvVU=
 github.com/corazawaf/coraza-coreruleset/v4 v4.7.0 h1:j02CDxQYHVFZfBxbKLWYg66jSLbPmZp1GebyMwzN9Z0=
 github.com/corazawaf/coraza-coreruleset/v4 v4.7.0/go.mod h1:1FQt1p+JSQ6tYrafMqZrEEdDmhq6aVuIJdnk+bM9hMY=
-github.com/corazawaf/coraza/v3 v3.3.1 h1:oi7OLnXn4h9jeta2OtvF4JcgFYxXaxfQ3oidPuobe14=
-github.com/corazawaf/coraza/v3 v3.3.1/go.mod h1:4EqMZkRoil11FnResCT/2JIg61dH+6D7F48VG8SVzuA=
+github.com/corazawaf/coraza/v3 v3.3.2 h1:eG1HPLySTR9lND6y6fPOajubwbuHRF6aXCsCtxyqKTY=
+github.com/corazawaf/coraza/v3 v3.3.2/go.mod h1:4EqMZkRoil11FnResCT/2JIg61dH+6D7F48VG8SVzuA=
 github.com/corazawaf/libinjection-go v0.2.2 h1:Chzodvb6+NXh6wew5/yhD0Ggioif9ACrQGR4qjTCs1g=
 github.com/corazawaf/libinjection-go v0.2.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=