Skip to content

Commit

Permalink
Merge branch 'corazawaf:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@satwiksps
satwiksps authored Jan 25, 2025
2 parents 9ef8c99 + 7c6d464 commit 4993375
Show file tree
Hide file tree
Showing 10 changed files with 163 additions and 66 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: Initialize CodeQL
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3
uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3
with:
languages: go

- name: Autobuild
uses: github/codeql-action/autobuild@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3
uses: github/codeql-action/autobuild@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3
uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3
9 changes: 5 additions & 4 deletions .github/workflows/regression.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,28 +48,28 @@ jobs:
export BUILD_TAGS=${{ matrix.build-flag }}
go run mage.go coverage
- name: "Codecov: General"
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5
uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5
if: ${{ matrix.go-version == '1.22.x' }}
with:
files: build/coverage.txt
flags: default,${{ matrix.build-flag }}
token: ${{ secrets.CODECOV_TOKEN }}
- name: "Codecov: Examples"
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5
uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5
if: ${{ matrix.go-version == '1.22.x' }}
with:
files: build/coverage-examples.txt
flags: examples+${{ matrix.build-flag }}
token: ${{ secrets.CODECOV_TOKEN }}
- name: "Codecov: FTW"
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5
uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5
if: ${{ matrix.go-version == '1.22.x' }}
with:
files: build/coverage-ftw.txt
flags: ftw,${{ matrix.build-flag }}
token: ${{ secrets.CODECOV_TOKEN }}
- name: "Codecov: Tinygo"
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5
uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5
# only if coverage-tinygo.txt exists
if: ${{ matrix.go-version == '1.22.x' && hashFiles('build/coverage-tinygo.txt') != '' }}
with:
Expand All @@ -86,4 +86,5 @@ jobs:
uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
ignore: "codecov/patch,codecov/project"

2 changes: 1 addition & 1 deletion examples/http-server/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/tidwall/gjson v1.18.0 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
golang.org/x/net v0.33.0 // indirect
golang.org/x/net v0.34.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/tools v0.22.0 // indirect
rsc.io/binaryregexp v0.2.0 // indirect
Expand Down
8 changes: 4 additions & 4 deletions examples/http-server/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
Expand Down
4 changes: 0 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,6 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand All @@ -75,8 +73,6 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
Expand Down
16 changes: 16 additions & 0 deletions internal/transformations/hex_decode.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package transformations

import (
"encoding/hex"

"github.com/corazawaf/coraza/v3/internal/strings"
)

func hexDecode(data string) (string, bool, error) {
dst, err := hex.DecodeString(data)
if err != nil {
return "", false, err
}

return strings.WrapUnsafe(dst), true, nil
}
98 changes: 98 additions & 0 deletions internal/transformations/hex_decode_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
package transformations

import (
"testing"
)

func TestHexDecode(t *testing.T) {
tests := []struct {
name string
input string
expectedOutput string
expectedValid bool
expectError bool
}{
{
name: "valid hexadecimal string",
input: "48656c6c6f",
expectedOutput: "Hello",
expectedValid: true,
expectError: false,
},
{
name: "odd length",
input: "48656c6c6f7",
expectedOutput: "",
expectedValid: false,
expectError: true,
},
{
name: "invalid with non hex characters",
input: "YyYy",
expectedOutput: "",
expectedValid: false,
expectError: true,
},
{
name: "invalid with extra characters",
input: "123G",
expectedOutput: "",
expectedValid: false,
expectError: true,
},
{
name: "empty input",
input: "",
expectedOutput: "",
expectedValid: true,
expectError: false,
},
{
name: "uppercase hex string",
input: "48454C4C4F",
expectedOutput: "HELLO",
expectedValid: true,
expectError: false,
},
{
name: "mixed case",
input: "48454c4C4f",
expectedOutput: "HELLO",
expectedValid: true,
expectError: false,
},
{
name: "special characters",
input: "21402324255E262A28",
expectedOutput: "!@#$%^&*(",
expectedValid: true,
expectError: false,
},
{
name: "odd length with invalid character",
input: "48656c6c6fZ",
expectedOutput: "",
expectedValid: false,
expectError: true,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
output, valid, err := hexDecode(tt.input)

if (err != nil) != tt.expectError {
t.Errorf("hexDecode(%q): expected error=%v, got error=%v", tt.input, tt.expectError, err)
}

if output != tt.expectedOutput {
t.Errorf("hexDecode(%q): expected output=%q, got output=%q", tt.input, tt.expectedOutput, output)
}

if valid != tt.expectedValid {
t.Errorf("hexDecode(%q): expected valid=%v, got valid=%v", tt.input, tt.expectedValid, valid)
}
})
}
}
77 changes: 35 additions & 42 deletions internal/transformations/testdata/hexDecode.json
View file
Original file line number Diff line number Diff line change
@@ -1,44 +1,37 @@
[
{
"ret" : 1,
"input" : "",
"type" : "tfn",
"name" : "hexDecode",
"output" : ""
},
{
"output" : "TestCase",
"ret" : 1,
"name" : "hexDecode",
"input" : "5465737443617365",
"type" : "tfn"
},
{
"type" : "tfn",
"input" : "546573740043617365",
"name" : "hexDecode",
"ret" : 1,
"output" : "Test\\u0000Case"
},
{
"output" : "\\x01#Eg\\x89\\x0a#\\x01#Eg\\x89\\x0a",
"type" : "tfn",
"input" : "01234567890a0z01234567890a",
"name" : "hexDecode",
"ret" : 1
},
{
"type" : "tfn",
"name" : "hexDecode",
"input" : "01234567890az",
"output" : "\\x01#Eg\\x89\\x0a",
"ret" : 1
},
{
"type" : "tfn",
"name" : "hexDecode",
"input" : "01234567890a0",
"output" : "\\x01#Eg\\x89\\x0a",
"ret" : 1
}
{
"ret": 1,
"input": "",
"type": "tfn",
"name": "hexDecode",
"output": ""
},
{
"output": "TestCase",
"ret": 1,
"name": "hexDecode",
"input": "5465737443617365",
"type": "tfn"
},
{
"type": "tfn",
"input": "546573740043617365",
"name": "hexDecode",
"ret": 1,
"output": "Test\\u0000Case"
},
{
"type": "tfn",
"name": "invalidCharacter",
"input": "01234567890z",
"output": "",
"ret": 0
},
{
"type": "tfn",
"name": "invalidLen",
"input": "54657374004",
"output": "",
"ret": 0
}
]
1 change: 1 addition & 0 deletions internal/transformations/transformations.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ func init() {
Register("compressWhitespace", compressWhitespace)
Register("cssDecode", cssDecode)
Register("escapeSeqDecode", escapeSeqDecode)
Register("hexDecode", hexDecode)
Register("hexEncode", hexEncode)
Register("htmlEntityDecode", htmlEntityDecode)
Register("jsDecode", jsDecode)
Expand Down
8 changes: 0 additions & 8 deletions testing/coreruleset/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@ github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3Q
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q=
github.com/bmatcuk/doublestar/v4 v4.7.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
github.com/bmatcuk/doublestar/v4 v4.8.0 h1:DSXtrypQddoug1459viM9X9D3dp1Z7993fw36I2kNcQ=
github.com/bmatcuk/doublestar/v4 v4.8.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc h1:OlJhrgI3I+FLUCTI3JJW8MoqyM78WbqJjecqMnqG+wc=
Expand Down Expand Up @@ -99,23 +97,17 @@ github.com/valllabh/ocsf-schema-golang v1.0.3 h1:eR8k/3jP/OOqB8LRCtdJ4U+vlgd/gk5
github.com/valllabh/ocsf-schema-golang v1.0.3/go.mod h1:sZ3as9xqm1SSK5feFWIR2CuGeGRhsM7TR1MbpBctzPk=
github.com/yargevad/filepathx v1.0.0 h1:SYcT+N3tYGi+NvazubCNlvgIPbzAk7i7y2dwg3I5FYc=
github.com/yargevad/filepathx v1.0.0/go.mod h1:BprfX/gpYNJHJfc35GjRRpVcwWXS89gGulUIU5tK3tA=
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
Expand Down

0 comments on commit 4993375

Please sign in to comment.