github_mirrors/lua-resty-coraza
3
0
Fork 1
mirror of https://github.com/potats0/lua-resty-coraza.git synced 2025-06-28 17:41:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

修改api

Browse Source
This commit is contained in:
potatso 2023-07-05 10:44:57 +08:00
parent d3fe250653
commit 531a734320
6 changed files with 35 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/apisix-coraza.lua
View File

@ -52,10 +52,9 @@ function _M.check_schema(conf)
if conf.rules ~= nil then if conf.rules ~= nil then
for i, rule in ipairs(conf.rules) do for i, rule in ipairs(conf.rules) do
local ok, msg = coraza.rules_add(rule) local ok, msg = coraza.rules_add(rule)
ngx.log(ngx.ERR, ok) if not ok then
if not ok then return false, rule.."\t"..msg
return false, rule..msg end
end
end end
end end
return true return true
@ -64,12 +63,13 @@ end
function _M.init() function _M.init()
-- call this function when plugin is loaded -- call this function when plugin is loaded
core_log.info("coraza init") core_log.info("coraza init")
coraza.do_init() _M.waf = coraza.create_waf()
end end
function _M.access(conf, ctx) function _M.access(conf, ctx)
core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf)) core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
-- each connection will be created a transaction -- each connection will be created a transaction
coraza.do_create_transaction(_M.waf)
coraza.do_access_filter() coraza.do_access_filter()
return coraza.do_handle() return coraza.do_handle()
end end
@ -83,12 +83,13 @@ end
function _M.destroy() function _M.destroy()
core.log.info("coraza destroy") core.log.info("coraza destroy")
coraza.free_waf(_M.waf)
end end
function _M.log(conf, ctx) function _M.log(conf, ctx)
coraza.do_log() coraza.do_log()
coraza.do_free() coraza.do_free_transaction()
end end
return _M return _M

17
lib/resty/coraza.lua
View File

@ -17,11 +17,11 @@ local _M = {
_VERSION = '1.0.0' _VERSION = '1.0.0'
} }
function _M.do_init() function _M.create_waf()
return coraza.new_waf() return coraza.new_waf()
end end
function _M.do_free_waf(waf) function _M.free_waf(waf)
return coraza.free_waf(waf) return coraza.free_waf(waf)
end end
@ -33,10 +33,8 @@ function _M.rules_add(waf, directives)
return coraza.rules_add(waf, directives) return coraza.rules_add(waf, directives)
end end
function _M.do_access_filter(waf) function _M.do_access_filter()
-- each connection will be created a transaction local transaction = ngx_ctx.transaction
local transaction = coraza.new_transaction(waf)
ngx_ctx.transaction = transaction
coraza.process_connection(transaction, ngx_var.remote_addr, ngx_var.remote_port, coraza.process_connection(transaction, ngx_var.remote_addr, ngx_var.remote_port,
ngx_var.server_addr, ngx_var.server_port) ngx_var.server_addr, ngx_var.server_port)
@ -57,7 +55,12 @@ function _M.do_access_filter(waf)
end end
function _M.do_free() function _M.do_create_transaction(waf)
-- each connection will be created a transaction
ngx_ctx.transaction = coraza.new_transaction(waf)
end
function _M.do_free_transaction()
local transaction = ngx_ctx.transaction local transaction = ngx_ctx.transaction
if transaction ~= nil then if transaction ~= nil then
nlog(debug_fmt("transaction %s is freed by coraza_free_transaction", ngx_ctx.request_id)) nlog(debug_fmt("transaction %s is freed by coraza_free_transaction", ngx_ctx.request_id))

7
t/integration_block_req_header.t
View File

@ -7,7 +7,7 @@ our $HttpConfig = <<'_EOC_';
lua_need_request_body on; lua_need_request_body on;
init_worker_by_lua_block{ init_worker_by_lua_block{
coraza = require "resty.coraza" coraza = require "resty.coraza"
waf = coraza.do_init() waf = coraza.create_waf()
coraza.rules_add(waf, [[SecRule REQUEST_HEADERS:User-Agent "Mozilla" "phase:1, id:3,drop,status:452,log,msg:'Blocked User-Agent'"]]) coraza.rules_add(waf, [[SecRule REQUEST_HEADERS:User-Agent "Mozilla" "phase:1, id:3,drop,status:452,log,msg:'Blocked User-Agent'"]])
} }
_EOC_ _EOC_
@ -15,7 +15,8 @@ _EOC_
our $LocationConfig = <<'_EOC_'; our $LocationConfig = <<'_EOC_';
location /t { location /t {
access_by_lua_block { access_by_lua_block {
coraza.do_access_filter(waf) coraza.do_create_transaction(waf)
coraza.do_access_filter()
coraza.do_interrupt() coraza.do_interrupt()
} }
@ -30,7 +31,7 @@ our $LocationConfig = <<'_EOC_';
log_by_lua_block{ log_by_lua_block{
coraza.do_log() coraza.do_log()
coraza.do_free() coraza.do_free_transaction()
} }
} }
_EOC_ _EOC_

14
t/integration_block_resp_header.t
View File

@ -6,17 +6,17 @@ our $HttpConfig = <<'_EOC_';
lua_code_cache on; lua_code_cache on;
lua_need_request_body on; lua_need_request_body on;
init_worker_by_lua_block{ init_worker_by_lua_block{
local coraza = require "resty.coraza" coraza = require "resty.coraza"
waf = coraza.do_init() waf = coraza.create_waf()
coraza.rules_add(waf, [[SecRule RESPONSE_HEADERS:Content-Type "text" "phase:3, id:4,drop,status:451,log,msg:'Blocked content-type'"]]) coraza.rules_add(waf, [[SecRule RESPONSE_HEADERS:Content-Type "text" "phase:3, id:4,drop,status:451,log,msg:'Blocked content-type'"]])
} }
_EOC_ _EOC_
our $LocationConfig = <<'_EOC_'; our $LocationConfig = <<'_EOC_';
location /t { location /t {
access_by_lua_block { access_by_lua_block {
local coraza = require "resty.coraza" coraza.do_create_transaction(waf)
coraza.do_access_filter(waf) coraza.do_access_filter()
coraza.do_interrupt() coraza.do_interrupt()
} }
@ -25,15 +25,13 @@ our $LocationConfig = <<'_EOC_';
} }
header_filter_by_lua_block{ header_filter_by_lua_block{
local coraza = require "resty.coraza"
coraza.do_header_filter() coraza.do_header_filter()
coraza.do_interrupt() coraza.do_interrupt()
} }
log_by_lua_block{ log_by_lua_block{
local coraza = require "resty.coraza"
coraza.do_log() coraza.do_log()
coraza.do_free() coraza.do_free_transaction()
} }
} }
_EOC_ _EOC_

7
t/integration_passed.t
View File

@ -7,14 +7,15 @@ our $HttpConfig = <<'_EOC_';
lua_need_request_body on; lua_need_request_body on;
init_worker_by_lua_block{ init_worker_by_lua_block{
coraza = require "resty.coraza" coraza = require "resty.coraza"
waf = coraza.do_init() waf = coraza.create_waf()
} }
_EOC_ _EOC_
our $LocationConfig = <<'_EOC_'; our $LocationConfig = <<'_EOC_';
location /t { location /t {
access_by_lua_block { access_by_lua_block {
coraza.do_access_filter(waf) coraza.do_create_transaction(waf)
coraza.do_access_filter()
coraza.do_interrupt() coraza.do_interrupt()
} }
@ -29,7 +30,7 @@ our $LocationConfig = <<'_EOC_';
log_by_lua_block{ log_by_lua_block{
coraza.do_log() coraza.do_log()
coraza.do_free() coraza.do_free_transaction()
} }
} }
_EOC_ _EOC_

7
t/integration_with_coreruleset.t
View File

@ -7,7 +7,7 @@ our $HttpConfig = <<'_EOC_';
lua_need_request_body on; lua_need_request_body on;
init_worker_by_lua_block{ init_worker_by_lua_block{
coraza = require "resty.coraza" coraza = require "resty.coraza"
waf = coraza.do_init() waf = coraza.create_waf()
coraza.rules_add_file(waf, "%s/t/coraza.conf") coraza.rules_add_file(waf, "%s/t/coraza.conf")
coraza.rules_add(waf, "Include %s/t/coreruleset/crs-setup.conf.example") coraza.rules_add(waf, "Include %s/t/coreruleset/crs-setup.conf.example")
coraza.rules_add(waf, "Include %s/t/coreruleset/rules/*.conf") coraza.rules_add(waf, "Include %s/t/coreruleset/rules/*.conf")
@ -19,7 +19,8 @@ $HttpConfig = sprintf($HttpConfig, $ENV{PWD}, $ENV{PWD});
our $LocationConfig = <<'_EOC_'; our $LocationConfig = <<'_EOC_';
location /t { location /t {
access_by_lua_block { access_by_lua_block {
coraza.do_access_filter(waf) coraza.do_create_transaction(waf)
coraza.do_access_filter()
coraza.do_interrupt() coraza.do_interrupt()
} }
@ -34,7 +35,7 @@ our $LocationConfig = <<'_EOC_';
log_by_lua_block{ log_by_lua_block{
coraza.do_log() coraza.do_log()
coraza.do_free() coraza.do_free_transaction()
} }
} }
_EOC_ _EOC_