From 531a7343206012ed4943cf2ceb984b0d9ba7ccae Mon Sep 17 00:00:00 2001
From: potatso <bangzhiliang@gmail.com>
Date: Wed, 5 Jul 2023 10:44:57 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9api?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/apisix-coraza.lua             | 13 +++++++------
 lib/resty/coraza.lua              | 17 ++++++++++-------
 t/integration_block_req_header.t  |  7 ++++---
 t/integration_block_resp_header.t | 14 ++++++--------
 t/integration_passed.t            |  7 ++++---
 t/integration_with_coreruleset.t  |  7 ++++---
 6 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/lib/apisix-coraza.lua b/lib/apisix-coraza.lua
index 345a8ff..382743f 100644
--- a/lib/apisix-coraza.lua
+++ b/lib/apisix-coraza.lua
@@ -52,10 +52,9 @@ function _M.check_schema(conf)
     if conf.rules ~= nil then
         for i, rule in ipairs(conf.rules) do
             local ok, msg = coraza.rules_add(rule)
-	    ngx.log(ngx.ERR, ok)
-	    if not ok then
-		    return false, rule..msg
-	    end
+            if not ok then
+                return false, rule.."\t"..msg
+            end
         end
     end
     return true
@@ -64,12 +63,13 @@ end
 function _M.init()
     -- call this function when plugin is loaded
     core_log.info("coraza init")
-    coraza.do_init()
+    _M.waf = coraza.create_waf()
 end
 
 function _M.access(conf, ctx)
     core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
     -- each connection will be created a transaction
+    coraza.do_create_transaction(_M.waf)
     coraza.do_access_filter()
     return coraza.do_handle()
 end
@@ -83,12 +83,13 @@ end
 
 function _M.destroy()
     core.log.info("coraza destroy")
+    coraza.free_waf(_M.waf)
 end
 
 
 function _M.log(conf, ctx)
     coraza.do_log()
-    coraza.do_free()
+    coraza.do_free_transaction()
 end
 
 return _M
diff --git a/lib/resty/coraza.lua b/lib/resty/coraza.lua
index dccb847..51320f7 100644
--- a/lib/resty/coraza.lua
+++ b/lib/resty/coraza.lua
@@ -17,11 +17,11 @@ local _M = {
     _VERSION = '1.0.0'
 }
 
-function _M.do_init()
+function _M.create_waf()
     return coraza.new_waf()  
 end
 
-function _M.do_free_waf(waf)
+function _M.free_waf(waf)
     return coraza.free_waf(waf)
 end
 
@@ -33,10 +33,8 @@ function _M.rules_add(waf, directives)
     return coraza.rules_add(waf, directives)
 end
 
-function _M.do_access_filter(waf)
-    -- each connection will be created a transaction
-    local transaction = coraza.new_transaction(waf)
-    ngx_ctx.transaction = transaction
+function _M.do_access_filter()
+    local transaction = ngx_ctx.transaction
 
     coraza.process_connection(transaction, ngx_var.remote_addr,  ngx_var.remote_port,
             ngx_var.server_addr, ngx_var.server_port)
@@ -57,7 +55,12 @@ function _M.do_access_filter(waf)
 
 end
 
-function _M.do_free()
+function _M.do_create_transaction(waf)
+    -- each connection will be created a transaction
+    ngx_ctx.transaction = coraza.new_transaction(waf)
+end
+
+function _M.do_free_transaction()
     local transaction = ngx_ctx.transaction
     if transaction ~= nil then
         nlog(debug_fmt("transaction %s is freed by coraza_free_transaction", ngx_ctx.request_id))
diff --git a/t/integration_block_req_header.t b/t/integration_block_req_header.t
index 664e12a..2fa8d9e 100644
--- a/t/integration_block_req_header.t
+++ b/t/integration_block_req_header.t
@@ -7,7 +7,7 @@ our $HttpConfig = <<'_EOC_';
     lua_need_request_body on;
     init_worker_by_lua_block{
             coraza = require "resty.coraza"
-            waf = coraza.do_init()
+            waf = coraza.create_waf()
             coraza.rules_add(waf, [[SecRule REQUEST_HEADERS:User-Agent "Mozilla" "phase:1, id:3,drop,status:452,log,msg:'Blocked User-Agent'"]])
     }
 _EOC_
@@ -15,7 +15,8 @@ _EOC_
 our $LocationConfig = <<'_EOC_';
     location /t {
         access_by_lua_block {
-            coraza.do_access_filter(waf)
+            coraza.do_create_transaction(waf)
+            coraza.do_access_filter()
             coraza.do_interrupt()
         }
 
@@ -30,7 +31,7 @@ our $LocationConfig = <<'_EOC_';
 
         log_by_lua_block{
             coraza.do_log()
-            coraza.do_free()
+            coraza.do_free_transaction()
         }
     }
 _EOC_
diff --git a/t/integration_block_resp_header.t b/t/integration_block_resp_header.t
index 658852d..f74b2f3 100644
--- a/t/integration_block_resp_header.t
+++ b/t/integration_block_resp_header.t
@@ -6,17 +6,17 @@ our $HttpConfig = <<'_EOC_';
     lua_code_cache on;
     lua_need_request_body on;
     init_worker_by_lua_block{
-            local coraza = require "resty.coraza"
-            waf = coraza.do_init()
+            coraza = require "resty.coraza"
+            waf = coraza.create_waf()
             coraza.rules_add(waf, [[SecRule RESPONSE_HEADERS:Content-Type "text" "phase:3, id:4,drop,status:451,log,msg:'Blocked content-type'"]])
     }
 _EOC_
 
 our $LocationConfig = <<'_EOC_';
     location /t {
-            access_by_lua_block {
-            local coraza = require "resty.coraza"
-            coraza.do_access_filter(waf)
+        access_by_lua_block {
+            coraza.do_create_transaction(waf)
+            coraza.do_access_filter()
             coraza.do_interrupt()
         }
 
@@ -25,15 +25,13 @@ our $LocationConfig = <<'_EOC_';
         }
 
         header_filter_by_lua_block{
-            local coraza = require "resty.coraza"
             coraza.do_header_filter()
             coraza.do_interrupt()
         }
 
         log_by_lua_block{
-            local coraza = require "resty.coraza"
             coraza.do_log()
-            coraza.do_free()
+            coraza.do_free_transaction()
         }
     }
 _EOC_
diff --git a/t/integration_passed.t b/t/integration_passed.t
index 2a1445b..f8854bd 100644
--- a/t/integration_passed.t
+++ b/t/integration_passed.t
@@ -7,14 +7,15 @@ our $HttpConfig = <<'_EOC_';
     lua_need_request_body on;
     init_worker_by_lua_block{
             coraza = require "resty.coraza"
-            waf = coraza.do_init()
+            waf = coraza.create_waf()
    }
 _EOC_
 
 our $LocationConfig = <<'_EOC_';
     location /t {
         access_by_lua_block {
-            coraza.do_access_filter(waf)
+            coraza.do_create_transaction(waf)
+            coraza.do_access_filter()
             coraza.do_interrupt()
         }
 
@@ -29,7 +30,7 @@ our $LocationConfig = <<'_EOC_';
 
         log_by_lua_block{
             coraza.do_log()
-            coraza.do_free()
+            coraza.do_free_transaction()
         }
     }
 _EOC_
diff --git a/t/integration_with_coreruleset.t b/t/integration_with_coreruleset.t
index 7e2cd2b..0c6da94 100644
--- a/t/integration_with_coreruleset.t
+++ b/t/integration_with_coreruleset.t
@@ -7,7 +7,7 @@ our $HttpConfig = <<'_EOC_';
     lua_need_request_body on;
     init_worker_by_lua_block{
             coraza = require "resty.coraza"
-            waf = coraza.do_init()
+            waf = coraza.create_waf()
             coraza.rules_add_file(waf, "%s/t/coraza.conf")
             coraza.rules_add(waf, "Include %s/t/coreruleset/crs-setup.conf.example")
             coraza.rules_add(waf, "Include %s/t/coreruleset/rules/*.conf")
@@ -19,7 +19,8 @@ $HttpConfig = sprintf($HttpConfig, $ENV{PWD}, $ENV{PWD});
 our $LocationConfig = <<'_EOC_';
     location /t {
         access_by_lua_block {
-            coraza.do_access_filter(waf)
+            coraza.do_create_transaction(waf)
+            coraza.do_access_filter()
             coraza.do_interrupt()
         }
 
@@ -34,7 +35,7 @@ our $LocationConfig = <<'_EOC_';
 
         log_by_lua_block{
             coraza.do_log()
-            coraza.do_free()
+            coraza.do_free_transaction()
         }
     }
 _EOC_