Skip to content
This repository was archived by the owner on Nov 2, 2023. It is now read-only.

Commit b2671d0

Browse files
author
Julio Guerra
committed
v0.9.3
Fixes: - In-App WAF: update the library to latest v0.6.1 which fixes issues of WAF rules with multiple parameters: when one of them was missing, the rule didn't execute as expected (logical or instead of the logical and).
2 parents 0c6082e + 842708c commit b2671d0

File tree

7 files changed

+44
-44
lines changed

7 files changed

+44
-44
lines changed

azure-pipelines.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
go:
2222
container: julio/azure-pipelines-golang
2323
junit: true
24-
versions: [ 1.13-alpine, 1.12-alpine ]
24+
versions: [ 1.14-alpine, 1.13-alpine, 1.12-alpine ]
2525
targets:
2626
GOARCH: [ amd64 ]
2727

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ require (
2727
github.com/spf13/cast v1.3.1 // indirect
2828
github.com/spf13/pflag v1.0.5 // indirect
2929
github.com/spf13/viper v1.3.2
30-
github.com/sqreen/go-libsqreen v0.4.2
30+
github.com/sqreen/go-libsqreen v0.6.1
3131
github.com/stretchr/testify v1.4.0
3232
golang.org/x/net v0.0.0-20190620200207-3b0461eec859
3333
golang.org/x/text v0.3.2 // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -95,8 +95,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
9595
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
9696
github.com/spf13/viper v1.3.2 h1:VUFqw5KcqRf7i70GOzW7N+Q7+gxVBkSSqiXB12+JQ4M=
9797
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
98-
github.com/sqreen/go-libsqreen v0.4.2 h1:fhycVK9Y7y2g5UOSngpsl7K4jIRb5CCuf5QrqzObeng=
99-
github.com/sqreen/go-libsqreen v0.4.2/go.mod h1:D324eoKlZGfW+TF3WGg+2fUtpdrI+cEK5UYwpxfaeUc=
98+
github.com/sqreen/go-libsqreen v0.6.1 h1:+SHH3h8qHhINEzgRVqTZ40YxqwDjSVxU5r4isUeg+C8=
99+
github.com/sqreen/go-libsqreen v0.6.1/go.mod h1:D324eoKlZGfW+TF3WGg+2fUtpdrI+cEK5UYwpxfaeUc=
100100
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
101101
github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
102102
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=

internal/binding-accessor/binding-accessor.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,10 +45,10 @@ type transformationFunc func(ctx Context, valueIn interface{}, maxDepth, maxElem
4545

4646
// Maximum binding accessor execution depth. The binding accessor execution
4747
// traverses Go values. It cannot go deeper than this value.
48-
const maxExecutionDepth = 10
48+
const MaxExecutionDepth = 10
4949

5050
// ErrMaxExecutionDepth is returned by the BindingAccessorFunc when the
51-
// binding accessor execution reached the maximum depth `maxExecutionDepth`.
51+
// binding accessor execution reached the maximum depth `MaxExecutionDepth`.
5252
var ErrMaxExecutionDepth = errors.New("maximum binding accessor execution depth reached")
5353

5454
// Compile returns the compiled binding accessor expression function.
@@ -70,7 +70,7 @@ func Compile(expr string) (program BindingAccessorFunc, err error) {
7070
// We need to catch any panic and return it as an error.
7171
err = sqsafe.Call(func() error {
7272
var err error
73-
value, err = exprFn(ctx, maxExecutionDepth)
73+
value, err = exprFn(ctx, MaxExecutionDepth)
7474
return err
7575
})
7676
if err != nil {
@@ -116,7 +116,7 @@ func compileExpr(expr string) (valueFunc, error) {
116116

117117
const (
118118
newValueMaxDepth = 10
119-
newValueMaxElements = 150
119+
NewValueMaxElements = 150
120120
)
121121

122122
func compileTransformations(valueFn valueFunc, buf string) (valueFunc, error) {
@@ -132,7 +132,7 @@ func compileTransformations(valueFn valueFunc, buf string) (valueFunc, error) {
132132
if err != nil {
133133
return nil, err
134134
}
135-
return trFn(ctx, v, newValueMaxDepth, newValueMaxElements), nil
135+
return trFn(ctx, v, newValueMaxDepth, NewValueMaxElements), nil
136136
}
137137
}
138138
return valueFn, nil

internal/binding-accessor/exec_test.go

Lines changed: 32 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -35,18 +35,18 @@ func TestFlatKeys(t *testing.T) {
3535

3636
t.Run("empty slice", func(t *testing.T) {
3737
v := []mytype{}
38-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
38+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
3939
require.Nil(t, out)
4040
})
4141

4242
t.Run("empty map", func(t *testing.T) {
4343
v := map[string]mytype{}
44-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
44+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
4545
require.Nil(t, out)
4646
})
4747

4848
t.Run("nil value", func(t *testing.T) {
49-
out := execFlatKeys(context.Background(), nil, newValueMaxDepth, newValueMaxElements)
49+
out := execFlatKeys(context.Background(), nil, newValueMaxDepth, NewValueMaxElements)
5050
require.Nil(t, out)
5151
})
5252

@@ -56,13 +56,13 @@ func TestFlatKeys(t *testing.T) {
5656
{},
5757
{},
5858
}
59-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
59+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
6060
UnorderedEqual(t, expectedKeys(3), out)
6161
})
6262

6363
t.Run("array", func(t *testing.T) {
6464
v := [4]mytype{}
65-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
65+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
6666
UnorderedEqual(t, expectedKeys(4), out)
6767
})
6868

@@ -71,7 +71,7 @@ func TestFlatKeys(t *testing.T) {
7171
"k1": {},
7272
"k2": {},
7373
}
74-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
74+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
7575
expected := append(expectedKeys(2), "k1", "k2")
7676
UnorderedEqual(t, expected, out)
7777
})
@@ -108,7 +108,7 @@ func TestFlatKeys(t *testing.T) {
108108
"F4": {},
109109
},
110110
}
111-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
111+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
112112
UnorderedEqual(t, expectedKeys(11), out)
113113
})
114114

@@ -119,7 +119,7 @@ func TestFlatKeys(t *testing.T) {
119119
f3 bool
120120
f4 int
121121
}{}
122-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
122+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
123123
require.Nil(t, out)
124124
})
125125

@@ -137,7 +137,7 @@ func TestFlatKeys(t *testing.T) {
137137
F4: 33,
138138
}
139139
v := struct{ f1, F2, f3, F4 mytype }{w, w, w, w}
140-
out := execFlatKeys(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
140+
out := execFlatKeys(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
141141
UnorderedEqual(t, []interface{}{"F2", "F2", "F2", "F4", "F4", "F4"}, out)
142142
})
143143

@@ -146,7 +146,7 @@ func TestFlatKeys(t *testing.T) {
146146
allKeys := []interface{}{"", "both", "empty", "orphan", "prio", "z"}
147147

148148
t.Run("less than max elements and max depth", func(t *testing.T) {
149-
out := execFlatKeys(context.Background(), in, newValueMaxDepth, newValueMaxElements).([]interface{})
149+
out := execFlatKeys(context.Background(), in, newValueMaxDepth, NewValueMaxElements).([]interface{})
150150
UnorderedEqual(t, out, allKeys)
151151
})
152152

@@ -175,7 +175,7 @@ func TestFlatKeys(t *testing.T) {
175175
"k12": nil,
176176
"k13": nil,
177177
}
178-
out := execFlatKeys(context.Background(), in, 1, newValueMaxElements).([]interface{})
178+
out := execFlatKeys(context.Background(), in, 1, NewValueMaxElements).([]interface{})
179179
UnorderedEqual(t, out, []interface{}{"k11", "k12", "k13"})
180180
})
181181

@@ -226,13 +226,13 @@ func TestFlatKeys(t *testing.T) {
226226
t.Run("more than max depth", func(t *testing.T) {
227227
in := url.Values{"": []string{"nokey"}, "both": []string{"y"}, "empty": []string{""}, "orphan": []string{""}, "prio": []string{"2"}, "z": []string{"post"}}
228228
maxDepth := 2
229-
out := execFlatKeys(context.Background(), in, maxDepth, newValueMaxElements).([]interface{})
229+
out := execFlatKeys(context.Background(), in, maxDepth, NewValueMaxElements).([]interface{})
230230
UnorderedEqual(t, allKeys, out)
231231
})
232232

233233
t.Run("more than max depth", func(t *testing.T) {
234234
var in [1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1]struct{ F1 string }
235-
out := execFlatKeys(context.Background(), in, newValueMaxDepth, newValueMaxElements).([]interface{})
235+
out := execFlatKeys(context.Background(), in, newValueMaxDepth, NewValueMaxElements).([]interface{})
236236
require.Nil(t, out)
237237
})
238238

@@ -268,7 +268,7 @@ func TestFlatKeys(t *testing.T) {
268268
for maxDepth := 1; maxDepth <= 3; maxDepth++ {
269269
maxDepth := maxDepth
270270
t.Run(fmt.Sprintf("%d", maxDepth), func(t *testing.T) {
271-
out := execFlatKeys(context.Background(), in, maxDepth, newValueMaxElements).([]interface{})
271+
out := execFlatKeys(context.Background(), in, maxDepth, NewValueMaxElements).([]interface{})
272272
UnorderedEqual(t, expectedKeys(maxDepth), out)
273273
})
274274
}
@@ -341,36 +341,36 @@ func TestFlatValues(t *testing.T) {
341341
t.Run("basic values", func(t *testing.T) {
342342
t.Run("empty slice", func(t *testing.T) {
343343
v := []mytype{}
344-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
344+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
345345
require.Nil(t, out)
346346
})
347347

348348
t.Run("empty map", func(t *testing.T) {
349349
v := map[string]mytype{}
350-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
350+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
351351
require.Nil(t, out)
352352
})
353353

354354
t.Run("nil value", func(t *testing.T) {
355-
out := execFlatValues(context.Background(), nil, newValueMaxDepth, newValueMaxElements)
355+
out := execFlatValues(context.Background(), nil, newValueMaxDepth, NewValueMaxElements)
356356
require.Nil(t, out)
357357
})
358358

359359
t.Run("zero value", func(t *testing.T) {
360360
v := mytype{}
361-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
361+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
362362
UnorderedEqual(t, expectedZeroValues(1), out)
363363
})
364364

365365
t.Run("pointer", func(t *testing.T) {
366366
v := &myValue
367-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
367+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
368368
UnorderedEqual(t, expectedValues(1), out)
369369
})
370370

371371
t.Run("nil pointer", func(t *testing.T) {
372372
var v *mytype
373-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
373+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
374374
require.Equal(t, []interface{}{(*mytype)(nil)}, out)
375375
})
376376

@@ -380,7 +380,7 @@ func TestFlatValues(t *testing.T) {
380380
myValue,
381381
myValue,
382382
}
383-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
383+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
384384
UnorderedEqual(t, expectedValues(3), out)
385385
})
386386

@@ -391,7 +391,7 @@ func TestFlatValues(t *testing.T) {
391391
myValue,
392392
myValue,
393393
}
394-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
394+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
395395
UnorderedEqual(t, expectedValues(4), out)
396396
})
397397

@@ -402,7 +402,7 @@ func TestFlatValues(t *testing.T) {
402402
testlib.RandPrintableUSASCIIString(): myValue,
403403
testlib.RandPrintableUSASCIIString(): myValue,
404404
}
405-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
405+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
406406
UnorderedEqual(t, expectedValues(4), out)
407407
})
408408
})
@@ -439,7 +439,7 @@ func TestFlatValues(t *testing.T) {
439439
testlib.RandPrintableUSASCIIString(): myValue,
440440
},
441441
}
442-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
442+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
443443
UnorderedEqual(t, append(expectedValues(9), expectedZeroValues(2)...), out)
444444
})
445445

@@ -450,7 +450,7 @@ func TestFlatValues(t *testing.T) {
450450
f3 bool
451451
f4 int
452452
}{}
453-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
453+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
454454
require.Nil(t, out)
455455
})
456456

@@ -468,7 +468,7 @@ func TestFlatValues(t *testing.T) {
468468
F4: 33,
469469
}
470470
v := struct{ f1, F2, f3, F4 mytype }{w, w, w, w}
471-
out := execFlatValues(context.Background(), v, newValueMaxDepth, newValueMaxElements).([]interface{})
471+
out := execFlatValues(context.Background(), v, newValueMaxDepth, NewValueMaxElements).([]interface{})
472472
UnorderedEqual(t, []interface{}{"sqreen", 33, "sqreen", 33}, out)
473473
})
474474

@@ -507,7 +507,7 @@ func TestFlatValues(t *testing.T) {
507507
allExpectedValues := append(expectedValues(9), expectedZeroValues(2)...)
508508

509509
t.Run("less than max elements and max depth", func(t *testing.T) {
510-
out := execFlatValues(context.Background(), in, newValueMaxDepth, newValueMaxElements).([]interface{})
510+
out := execFlatValues(context.Background(), in, newValueMaxDepth, NewValueMaxElements).([]interface{})
511511
UnorderedEqual(t, allExpectedValues, out)
512512
})
513513

@@ -545,7 +545,7 @@ func TestFlatValues(t *testing.T) {
545545

546546
t.Run("more than max elements", func(t *testing.T) {
547547
maxDepth := 1
548-
out := execFlatValues(context.Background(), in, maxDepth, newValueMaxElements).([]interface{})
548+
out := execFlatValues(context.Background(), in, maxDepth, NewValueMaxElements).([]interface{})
549549
require.Nil(t, out)
550550
})
551551
})
@@ -573,15 +573,15 @@ func TestFlatValues(t *testing.T) {
573573

574574
t.Run("more than max depth", func(t *testing.T) {
575575
maxDepth := 2
576-
out := execFlatValues(context.Background(), in, maxDepth, newValueMaxElements).([]interface{})
576+
out := execFlatValues(context.Background(), in, maxDepth, NewValueMaxElements).([]interface{})
577577
require.Less(t, len(out), len(allExpectedValues))
578-
require.Less(t, len(out), newValueMaxElements)
578+
require.Less(t, len(out), NewValueMaxElements)
579579
SliceContains(t, allExpectedValues, out)
580580
})
581581

582582
t.Run("more than max depth", func(t *testing.T) {
583583
var in [1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1][1]struct{ F1 string }
584-
out := execFlatValues(context.Background(), in, newValueMaxDepth, newValueMaxElements).([]interface{})
584+
out := execFlatValues(context.Background(), in, newValueMaxDepth, NewValueMaxElements).([]interface{})
585585
require.Nil(t, out)
586586
})
587587

@@ -615,7 +615,7 @@ func TestFlatValues(t *testing.T) {
615615
for maxDepth := 1; maxDepth <= 3; maxDepth++ {
616616
maxDepth := maxDepth
617617
t.Run(fmt.Sprintf("%d", maxDepth), func(t *testing.T) {
618-
out := execFlatValues(context.Background(), in, maxDepth, newValueMaxElements).([]interface{})
618+
out := execFlatValues(context.Background(), in, maxDepth, NewValueMaxElements).([]interface{})
619619
UnorderedEqual(t, expectedValues(maxDepth), out)
620620
})
621621
}

internal/rule/callback/waf.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ func NewWAFCallback(rule RuleFace) (sqhook.PrologCallback, error) {
3434
return nil, sqerrors.New("could not generate a uuid")
3535
}
3636

37-
wafRule, err := waf.NewRule(id.String(), cfg.WAFRules)
37+
wafRule, err := waf.NewRule(id.String(), cfg.WAFRules, bindingaccessor.NewValueMaxElements, bindingaccessor.MaxExecutionDepth)
3838
if err != nil {
3939
return nil, sqerrors.Wrap(err, "could not instantiate the in-app waf rule")
4040
}

internal/version/version.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@
44

55
package version
66

7-
const version = "0.9.1"
7+
const version = "0.9.3"
88

99
func Version() string {
1010
return version
11-
}
11+
}

0 commit comments

Comments
 (0)