fix: warn instead of returning error on empty glob result (#1280)

José Carlos Chávez · José Carlos Chávez · commit 883ba102fd93 · 2025-01-09T11:06:02.000+01:00
diff --git a/internal/seclang/parser.go b/internal/seclang/parser.go
@@ -46,12 +46,14 @@ func (p *Parser) FromFile(profilePath string) error {
 		if err != nil {
 			return fmt.Errorf("failed to glob: %s", err.Error())
 		}
+
 		if len(files) == 0 {
-			return fmt.Errorf("empty glob: %s does not match any file", profilePath)
+			p.options.WAF.Logger.Warn().Int("line", p.currentLine).Msg("empty glob result")
 		}
 	} else {
 		files = append(files, profilePath)
 	}
+
 	for _, profilePath := range files {
 		profilePath = strings.TrimSpace(profilePath)
 		if !strings.HasPrefix(profilePath, "/") {
@@ -157,20 +159,22 @@ func (p *Parser) evaluateLine(l string) error {
 	if len(opts) >= 3 && opts[0] == '"' && opts[len(opts)-1] == '"' {
 		opts = strings.Trim(opts, `"`)
 	}
+
 	if directive == "include" {
 		// this is a special hardcoded case
 		// we cannot add it as a directive type because there are recursion issues
 		// note a user might still include another file that includes the original file
 		// generating a DDOS attack
 		if p.includeCount >= maxIncludeRecursion {
-			return p.log(fmt.Sprintf("cannot include more than %d files", maxIncludeRecursion))
+			return p.logAndReturnErr(fmt.Sprintf("cannot include more than %d files", maxIncludeRecursion))
 		}
 		p.includeCount++
 		return p.FromFile(opts)
 	}
+
 	d, ok := directivesMap[directive]
 	if !ok || d == nil {
-		return p.log(fmt.Sprintf("unknown directive %q", directive))
+		return p.logAndReturnErr(fmt.Sprintf("unknown directive %q", directive))
 	}
 
 	p.options.Raw = l
@@ -194,7 +198,7 @@ func (p *Parser) evaluateLine(l string) error {
 	return nil
 }
 
-func (p *Parser) log(msg string) error {
+func (p *Parser) logAndReturnErr(msg string) error {
 	p.options.WAF.Logger.Error().Int("line", p.currentLine).Msg(msg)
 	return errors.New(msg)
 }
diff --git a/internal/seclang/parser_test.go b/internal/seclang/parser_test.go
@@ -89,25 +89,34 @@ func TestErrorWithBackticks(t *testing.T) {
 func TestLoadConfigurationFile(t *testing.T) {
 	waf := coraza.NewWAF()
 	p := NewParser(waf)
-	err := p.FromFile("../../coraza.conf-recommended")
-	if err != nil {
-		t.Errorf("unexpected error: %s", err.Error())
-	}
 
-	err = p.FromFile("../doesnotexist.conf")
-	if err == nil {
-		t.Error("expected not found error")
-	}
+	t.Run("existing file", func(t *testing.T) {
+		err := p.FromFile("../../coraza.conf-recommended")
+		if err != nil {
+			t.Errorf("unexpected error: %s", err.Error())
+		}
+	})
 
-	err = p.FromFile("./testdata/glob/*.conf")
-	if err != nil {
-		t.Errorf("unexpected error: %s", err.Error())
-	}
+	t.Run("unexisting file", func(t *testing.T) {
+		err := p.FromFile("../doesnotexist.conf")
+		if err == nil {
+			t.Error("expected not found error")
+		}
+	})
 
-	err = p.FromFile("./testdata/glob/*.comf")
-	if err == nil {
-		t.Errorf("expected an error as glob does not match any file")
-	}
+	t.Run("successful glob", func(t *testing.T) {
+		err := p.FromFile("./testdata/glob/*.conf")
+		if err != nil {
+			t.Errorf("unexpected error: %s", err.Error())
+		}
+	})
+
+	t.Run("empty glob result", func(t *testing.T) {
+		err := p.FromFile("./testdata/glob/*.comf")
+		if err != nil {
+			t.Errorf("unexpected error despite glob not matching any file")
+		}
+	})
 }
 
 // Connectors are supporting embedding github.com/corazawaf/coraza-coreruleset to ease CRS integration

Original file line number	Diff line number	Diff line change
`@@ -46,12 +46,14 @@ func (p *Parser) FromFile(profilePath string) error {`
`46`	`46`	`if err != nil {`
`47`	`47`	`return fmt.Errorf("failed to glob: %s", err.Error())`
`48`	`48`	`}`
	`49`	`+`
`49`	`50`	`if len(files) == 0 {`
`50`		`- return fmt.Errorf("empty glob: %s does not match any file", profilePath)`
	`51`	`+ p.options.WAF.Logger.Warn().Int("line", p.currentLine).Msg("empty glob result")`
`51`	`52`	`}`
`52`	`53`	`} else {`
`53`	`54`	`files = append(files, profilePath)`
`54`	`55`	`}`
	`56`	`+`
`55`	`57`	`for _, profilePath := range files {`
`56`	`58`	`profilePath = strings.TrimSpace(profilePath)`
`57`	`59`	`if !strings.HasPrefix(profilePath, "/") {`
`@@ -157,20 +159,22 @@ func (p *Parser) evaluateLine(l string) error {`
`157`	`159`	`if len(opts) >= 3 && opts[0] == '"' && opts[len(opts)-1] == '"' {`
`158`	`160`	opts = strings.Trim(opts, `"`)
`159`	`161`	`}`
	`162`	`+`
`160`	`163`	`if directive == "include" {`
`161`	`164`	`// this is a special hardcoded case`
`162`	`165`	`// we cannot add it as a directive type because there are recursion issues`
`163`	`166`	`// note a user might still include another file that includes the original file`
`164`	`167`	`// generating a DDOS attack`
`165`	`168`	`if p.includeCount >= maxIncludeRecursion {`
`166`		`- return p.log(fmt.Sprintf("cannot include more than %d files", maxIncludeRecursion))`
	`169`	`+ return p.logAndReturnErr(fmt.Sprintf("cannot include more than %d files", maxIncludeRecursion))`
`167`	`170`	`}`
`168`	`171`	`p.includeCount++`
`169`	`172`	`return p.FromFile(opts)`
`170`	`173`	`}`
	`174`	`+`
`171`	`175`	`d, ok := directivesMap[directive]`
`172`	`176`	`if !ok \|\| d == nil {`
`173`		`- return p.log(fmt.Sprintf("unknown directive %q", directive))`
	`177`	`+ return p.logAndReturnErr(fmt.Sprintf("unknown directive %q", directive))`
`174`	`178`	`}`
`175`	`179`
`176`	`180`	`p.options.Raw = l`
`@@ -194,7 +198,7 @@ func (p *Parser) evaluateLine(l string) error {`
`194`	`198`	`return nil`
`195`	`199`	`}`
`196`	`200`
`197`		`-func (p *Parser) log(msg string) error {`
	`201`	`+func (p *Parser) logAndReturnErr(msg string) error {`
`198`	`202`	`p.options.WAF.Logger.Error().Int("line", p.currentLine).Msg(msg)`
`199`	`203`	`return errors.New(msg)`
`200`	`204`	`}`