fixed: coraza 必须调用processbody，否则即使告警也会无法阻断。而且该处代码有问题，详见todo

2025-06-28 17:41:00 +03:00 · 2023-07-11 18:09:22 +08:00 · 2023-07-11 18:09:22 +08:00 · d7e4fe34ce
commit d7e4fe34ce
parent c7055d1e99
2 changed files with 11 additions and 9 deletions
--- a/lib/resty/coraza/request.lua
+++ b/lib/resty/coraza/request.lua
@ -25,15 +25,10 @@ end

 function _M.build_and_process_body(transaction)
    local req_body = ngx_req.get_body_data()
-    if not req_body then
-        -- TODO: fix code
-        local path = ngx_req.get_body_file()
-        if not path then
-            -- end process
-            return
-        end
-        coraza.request_body_from_file(path)
-    else
+    if req_body then
+        -- TODO: fix code to process multipart/formdata
+        -- local path = ngx_req.get_body_file()
+        -- coraza.request_body_from_file(path)
        local req_body_size = #req_body
        -- TODO req_body_size > req_body_size_opt
        coraza.append_request_body(transaction, req_body)
--- a/t/integration_with_coreruleset.t
+++ b/t/integration_with_coreruleset.t
@ -63,3 +63,10 @@ aaaaaaaaa=aaaaaa
 POST /t/shell.php?injection=/etc/passwd
 aaaaaaaaa=aaaaaa
 --- error_code: 403
+
+=== TEST 3: integration test blocked with no post data
+--- http_config eval: $::HttpConfig
+--- config eval: $::LocationConfig
+--- request
+GET /t/shell.php?injection=/etc/passwd
+--- error_code: 403