Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: setvar minor fix, tests, added warning when missing variable, deprecates usage of tx.LogData #892

Merged
merged 5 commits into from
Nov 3, 2023
Merged

chore: setvar minor fix, tests, added warning when missing variable, deprecates usage of tx.LogData #892

merged 5 commits into from
Nov 3, 2023

Conversation

M4tteoP
Copy link
Member

@M4tteoP M4tteoP commented Oct 22, 2023
edited
Loading

This PR:

  • simplifies setvar evaluation code, reusing the same variable expansion for both + and - operations.
  • Fixes a bug that was not allowing to initialize a variable with a negative number.
    • setvar:TX.score=+5: even if TX.score does not exist, it defaults to 0 and the variable is initialized to 5.
    • setvar:TX.score=-5: was failing. Now, the behavior is aligned. Even if TX.score does not exist, it defaults to 0 and the variable is initialized to -5.
  • Adds a warning when a macro is expanded but the variable is not found in the collection. It notably happens in CRS strconv.Atoi: parsing tx.blocking_outbound_anomaly_score: invalid syntax #888. When variables are used before being initialized (E.g. becuase of a misconfiguration), the macro expansion returns the name of the variable itself. It might lead to subsequent errors (E.g. trying to perform arithmetical operations). This warning should help to understand more clearly the problem.
  • Notably, running ftw with the just added warning I found out that that code was reached for a total of 1265 times. It happens because LogData action Evaluate performs the macro expansion ahead of time (when iterating over all the not disruptive actions) and stores the result in the (to my eyes) unused tx.LogData variable. This PR proposes to:
    • make the LogData action Evaluate a no op. The expansion is already performed after all the other actions (and therefore after the expected variable has been populated).
    • deprecate the usage of tx.LogData. As far as I can see it was populated only there, and never used. LogData expanded values are indeed stored inside the MatchData struct and saved inside the transaction in tx.matchVariable. If the reasoning is correct, it should also lead to tiny performance improvements, avoiding useless macro expansion attempts. A double-check about it would be very welcome.

Closes #888

@M4tteoP M4tteoP requested a review from a team as a code owner October 22, 2023 14:58
@codecov
Copy link

codecov bot commented Oct 22, 2023
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Files Coverage Δ
experimental/plugins/macro/macro.go 94.05% <100.00%> (+0.05%) ⬆️
internal/actions/logdata.go 100.00% <100.00%> (ø)
internal/corazawaf/rule.go 93.43% <ø> (ø)
internal/corazawaf/transaction.go 78.61% <ø> (ø)
internal/corazawaf/waf.go 88.23% <100.00%> (ø)
internal/actions/setvar.go 65.38% <92.30%> (+5.19%) ⬆️

📢 Thoughts on this report? Let us know!.

@M4tteoP M4tteoP mentioned this pull request Oct 22, 2023
Closed
anuraaga
anuraaga reviewed Oct 30, 2023
View reviewed changes
internal/actions/setvar_test.go Outdated
var invalidSyntaxAtoiError = "invalid syntax"
var warningKeyNotFoundInCollection = "key not found in collection"

func TestSetvarEvaluateErrors(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC, there is a fix related to - should there be a new test for it?

Copy link
Member Author

@M4tteoP M4tteoP Oct 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, Numerical operation - with existing negative variable and Numerical operation - with existing variable are the two test cases added to this new test to ensure that the fix related to - is working as expected.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I think I got confused by the test function name, it looks like not all of these are errors

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, sorry about that. The test evolved over time and is not anymore just about errors. Renamed it to TestSetvarEvaluate

@jcchavezs jcchavezs merged commit 99da3ed into corazawaf:main Nov 3, 2023
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcchavezs jcchavezs jcchavezs approved these changes

@anuraaga anuraaga anuraaga approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CRS strconv.Atoi: parsing tx.blocking_outbound_anomaly_score: invalid syntax
3 participants
@M4tteoP @anuraaga @jcchavezs