Syncing anuraaga's main before donation (envoyproxy#8)

* Allow building filter in mode that prints timing of each lifecycle me… (envoyproxy#33)

…thod

* Add variables for running FTW in cloud mode with envoy wasm disabled (envoyproxy#34)

* Switch FTW backend to faster server (envoyproxy#35)

* Try adding -crt-static to rust build (envoyproxy#36)

* Build wasi-libc for TinyGo instead of using wasi SDK (envoyproxy#37)

* Fix aho-corasick wasm lib and use it for pm (envoyproxy#38)

* Update to latest coraza (envoyproxy#39)

* Move cgo declaration to tinygo build tag to prevent warning when runn… (envoyproxy#40)

…ing tests

* Remove year from copyright header

Co-authored-by: Anuraag Agrawal <anuraaga@gmail.com>

Author: jcchavezs

buildtools/aho-corasick/Dockerfile

@@ -9,6 +9,7 @@ RUN mkdir -p /aho-corasick && curl -L https://github.com/BurntSushi/aho-corasick
 WORKDIR /aho-corasick
 ADD aho-corasick.patch aho-corasick.patch
 RUN patch -p1 < aho-corasick.patch
+ENV RUSTFLAGS "-C target-feature=-crt-static"
 RUN cargo build --release --target wasm32-wasi
 
 CMD ["cp", "target/wasm32-wasi/release/libaho_corasick.a", "/out/libaho_corasick.a"]

buildtools/aho-corasick/aho-corasick.patch

@@ -1,3 +1,12 @@
+diff --git a/.gitignore b/.gitignore
+index f1a4d65..d6ff1a3 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -1,3 +1,4 @@
++.idea
+ .*.swp
+ doc
+ tags
 diff --git a/Cargo.toml b/Cargo.toml
 index 610bd4d..55e2f37 100644
 --- a/Cargo.toml
@@ -12,22 +21,35 @@ index 610bd4d..55e2f37 100644
  [features]
 diff --git a/src/exports.rs b/src/exports.rs
 new file mode 100644
-index 0000000..f97de6d
+index 0000000..29c203d
 --- /dev/null
 +++ b/src/exports.rs
-@@ -0,0 +1,93 @@
+@@ -0,0 +1,107 @@
 +use std::mem::MaybeUninit;
 +use std::slice;
++use std::str;
 +use crate::{AhoCorasick, AhoCorasickBuilder, MatchKind};
 +
 +static mut MATCHERS: Vec<AhoCorasick> = Vec::new();
 +
 +#[no_mangle]
-+pub extern "C" fn new_matcher(patterns_ptr: usize, patterns_len: usize) -> usize {
-+    let patterns_str = ptr_to_string(patterns_ptr, patterns_len);
-+    std::mem::forget(&patterns_str);
++pub extern "C" fn new_matcher(patterns_ptr: *mut u8, patterns_len: usize) -> usize {
++    let all_patterns = unsafe {
++        slice::from_raw_parts(patterns_ptr, patterns_len)
++    };
 +
-+    let patterns = patterns_str.split(' ');
++    let mut patterns = Vec::new();
++
++    let mut off = 0;
++    while off < patterns_len {
++        let pattern_len = u32::from_le_bytes([all_patterns[off], all_patterns[off+1], all_patterns[off+2], all_patterns[off+3]]) as usize;
++        off += 4;
++        let pattern = unsafe {
++            str::from_utf8_unchecked(&all_patterns[off..off+pattern_len])
++        };
++        patterns.push(pattern);
++        off += pattern_len;
++    }
 +
 +    let ac = AhoCorasickBuilder::new()
 +        .ascii_case_insensitive(true)
@@ -39,6 +61,7 @@ index 0000000..f97de6d
 +        MATCHERS.push(ac);
 +        MATCHERS.len() - 1
 +    }
++
 +}
 +
 +#[no_mangle]

buildtools/tinygo/Dockerfile

@@ -10,10 +10,11 @@ RUN curl -L https://go.dev/dl/go1.19.1.linux-${TARGETARCH:-amd64}.tar.gz | tar -
 ENV PATH /go/bin:/root/go/bin:$PATH
 ENV GOROOT /go
 
-RUN apt-get install -y libclang-14-dev wabt binaryen
+RUN apt-get install -y libclang-14-dev wabt binaryen git
 
 # https://github.com/tinygo-org/tinygo/commit/9e4e182615cd80303c564f95020e0c3bd10af64a
-RUN go install github.com/tinygo-org/tinygo@9e4e182615cd80303c564f95020e0c3bd10af64a
-
-RUN mkdir -p $(tinygo env TINYGOROOT)/lib/wasi-libc/ && \
-    ln -s /wasi-sysroot $(tinygo env TINYGOROOT)/lib/wasi-libc/sysroot
+RUN git clone --shallow-submodules --recursive https://github.com/tinygo-org/tinygo --branch dev
+WORKDIR /tinygo
+RUN git reset --hard 9e4e182615cd80303c564f95020e0c3bd10af64a
+RUN go install
+RUN make wasi-libc

config.go

@@ -1,4 +1,4 @@
-// Copyright 2022 The OWASP Coraza contributors
+// Copyright The OWASP Coraza contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package main

config_test.go

@@ -1,4 +1,4 @@
-// Copyright 2022 The OWASP Coraza contributors
+// Copyright The OWASP Coraza contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package main

ftw/Dockerfile

@@ -7,7 +7,7 @@ WORKDIR /workspace
 
 RUN apk update && apk add curl
 
-RUN go install github.com/anuraaga/go-ftw@dev
+RUN go install github.com/fzipi/go-ftw@fd953f4f9ddd0f21595be4f48f0b468dda32e801
 
 ADD https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.0.0-rc1.tar.gz /workspace/coreruleset/
 RUN cd coreruleset && tar -xf v4.0.0-rc1.tar.gz --strip-components 1

ftw/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   httpbin:
-    image: kennethreitz/httpbin:latest
+    image: ealen/echo-server:latest
   chown:
     image: alpine:3.16
     command:
@@ -16,7 +16,7 @@ services:
     image: envoyproxy/envoy:v1.23-latest
     command:
       - -c
-      - /conf/envoy-config.yaml
+      - ${ENVOY_CONFIG:-/conf/envoy-config.yaml}
       - --log-level
       - info
       - --component-log-level
@@ -54,6 +54,8 @@ services:
     depends_on:
       - wasm-logs
     build: .
+    environment:
+      - FTW_CLOUDMODE
     volumes:
       - logs:/home/envoy/logs:ro
 volumes:

ftw/envoy-config-nowasm.yaml

@@ -0,0 +1,44 @@
+static_resources:
+  listeners:
+    - address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 80
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                codec_type: auto
+                http_protocol_options:
+                  accept_http_10: true
+                route_config:
+                  virtual_hosts:
+                    - name: local_route
+                      domains:
+                        - "*"
+                      routes:
+                        - match:
+                            prefix: "/"
+                          route:
+                            cluster: local_server
+                http_filters:
+                  - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+  clusters:
+    - name: local_server
+      connect_timeout: 6000s
+      type: strict_dns
+      lb_policy: round_robin
+      load_assignment:
+        cluster_name: local_server
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: httpbin
+                      port_value: 80

ftw/tests.sh

@@ -29,4 +29,6 @@ while [[ "$status_code" -eq "000" ]]; do
 done
 echo -e "\n[Ok] Got status code $status_code, expected 200. Ready to start."
 
-go-ftw run -d coreruleset/tests/regression/tests --config ftw.yml --read-timeout=10s || (echo "Envoy Logs:" && cat /home/envoy/logs/envoy.log)
+FTW_CLOUDMODE=${FTW_CLOUDMODE:-false}
+
+go-ftw run -d coreruleset/tests/regression/tests --config ftw.yml --read-timeout=10s --cloud=$FTW_CLOUDMODE || (echo "Envoy Logs:" && cat /home/envoy/logs/envoy.log)

go.mod

@@ -3,23 +3,23 @@ module github.com/jcchavezs/coraza-wasm-filter
 go 1.17
 
 require (
-	github.com/corazawaf/coraza/v3 v3.0.0-20220913021343-a3bd8c85ebf5
+	github.com/corazawaf/coraza/v3 v3.0.0-20220928011626-fce26f25ab3e
 	github.com/magefile/mage v1.13.0
 	github.com/stretchr/testify v1.8.0
-	github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220831045923-bd6f69563ef4
+	github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220922045757-132ee0a06ac2
 	github.com/tidwall/gjson v1.14.3
 )
 
 require (
-	github.com/corazawaf/libinjection-go v0.0.0-20220909190158-227e7e772cef // indirect
+	github.com/corazawaf/libinjection-go v0.1.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/tetratelabs/wazero v1.0.0-beta.2 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
-	golang.org/x/net v0.0.0-20220809184613-07c6da5e1ced // indirect
+	golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )