Updates envoy configs, uses nottinygc

envoy/e2e/e2e-config.yaml

@@ -22,14 +22,11 @@ static_resources:
                           route:
                             cluster: local_server
                 http_filters:
-                  - name: buffer
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
-                      max_request_bytes: 5242880
                   - name: envoy.filters.http.httpwasm
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.http_wasm.v3.GuestConfig
                       name: "httpwasm-coraza-waf"
+                      max_request_bytes: 5242880
                       configuration:
                         "@type": "type.googleapis.com/google.protobuf.StringValue"
                         value: |

envoy/example/envoy-config.yaml

@@ -22,14 +22,11 @@ static_resources:
                           route:
                             cluster: local_server
                 http_filters:
-                  - name: buffer
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
-                      max_request_bytes: 5242880
                   - name: envoy.filters.http.httpwasm
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.http_wasm.v3.GuestConfig
                       name: "httpwasm-coraza-waf"
+                      max_request_bytes: 5242880
                       configuration:
                         "@type": "type.googleapis.com/google.protobuf.StringValue"
                         value: |

envoy/ftw/envoy-config.yaml

@@ -25,13 +25,10 @@ static_resources:
                           route:
                             cluster: local_server
                 http_filters:
-                  - name: buffer
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
-                      max_request_bytes: 5242880
                   - name: envoy.filters.http.httpwasm
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.http_wasm.v3.GuestConfig
+                      max_request_bytes: 5242880
                       name: "httpwasm-coraza-waf"
                       configuration:
                         "@type": "type.googleapis.com/google.protobuf.StringValue"

go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/mccutchen/go-httpbin/v2 v2.9.0
 	github.com/stretchr/testify v1.8.4
 	github.com/tetratelabs/wazero v1.5.0
+	github.com/wasilibs/nottinygc v0.7.0
 )
 
 require (

go.sum

@@ -1,5 +1,3 @@
-github.com/corazawaf/coraza-wasilibs v0.0.0-20230620081031-05a5097dbea3 h1:c6INlbuM6RdeUU0ySzQsk6lzlqdGdm4GSQhN3qpcvkg=
-github.com/corazawaf/coraza-wasilibs v0.0.0-20230620081031-05a5097dbea3/go.mod h1:Ks3GxgMzwgVeo2nbVEPvmw94sOvJ+VjikPGLD5sNXUU=
 github.com/corazawaf/coraza-wasilibs v0.0.0-20231002095218-9dd6e48f7443 h1:36dTwNjieaDJB/AxPRUHGKCiCn8Bqpu25fb8OdrPemQ=
 github.com/corazawaf/coraza-wasilibs v0.0.0-20231002095218-9dd6e48f7443/go.mod h1:aMVO6E4TFAxXnPmyrrEoXVYeMDovq3IsKwuetAR38JE=
 github.com/corazawaf/coraza/v3 v3.0.4 h1:Llemgoh0hp2NggCwcWN8lNiV4Pfe+AWzf1oEcasT234=
@@ -44,7 +42,8 @@ github.com/wasilibs/go-libinjection v0.4.0 h1:dr1Y/kM/gmoA7eSfdf+CvCcmzwsz2jVYjN
 github.com/wasilibs/go-libinjection v0.4.0/go.mod h1:zD7fNXKSaTKoSTmrfuP9Gc16alNEgwkZaHIeDDk3WWM=
 github.com/wasilibs/go-re2 v1.4.0 h1:Jp6BM8G/zajgY1BCQUm3i7oGMdR1gA5EBv87wGd2ysc=
 github.com/wasilibs/go-re2 v1.4.0/go.mod h1:hLzlKjEgON+17hWjikLx8hJBkikyjQH/lsqCy9t6tIY=
-github.com/wasilibs/nottinygc v0.4.0 h1:h1TJMihMC4neN6Zq+WKpLxgd9xCFMw7O9ETLwY2exJQ=
+github.com/wasilibs/nottinygc v0.7.0 h1:x8PiLXMHiSx8v4MgyL8T4LEp0FqrPtqZDsveI9xiY3M=
+github.com/wasilibs/nottinygc v0.7.0/go.mod h1:oDcIotskuYNMpqMF23l7Z8uzD4TC0WXHK8jetlB3HIo=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
 golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=

init_tinygo.go

@@ -0,0 +1,29 @@
+//go:build tinygo
+
+package main
+
+import (
+	"unsafe"
+
+	_ "github.com/wasilibs/nottinygc"
+)
+
+// Some host functions that are not implemented by Envoy end up getting imported anyways
+// by code that gets compiled but not executed at runtime. Because we know they are not
+// executed, we can stub them out to allow functioning on Envoy. Note, these match the
+// names and signatures of wasi-libc, used by TinyGo, not WASI ABI. Review these exports when either
+// the minimum supported version of Envoy changes or the maximum version of TinyGo.
+
+// fdopendir is re-exported to avoid TinyGo 0.28's import of wasi_snapshot_preview1.fd_readdir.
+//
+//export fdopendir
+func fdopendir(fd int32) unsafe.Pointer {
+	return nil
+}
+
+// readdir is re-exported to avoid TinyGo 0.28's import of wasi_snapshot_preview1.fd_readdir.
+//
+//export readdir
+func readdir(unsafe.Pointer) unsafe.Pointer {
+	return nil
+}

magefile.go

@@ -19,7 +19,8 @@ func Build() error {
 	if err := os.MkdirAll("build", 0755); err != nil {
 		return err
 	}
-	return sh.RunV("tinygo", "build", "-o", filepath.Join("build", "coraza-http-wasm.wasm"), "-scheduler=none", "--no-debug", "-target=wasi")
+	// https://github.com/wasilibs/nottinygc#using-with-envoy being http-wasm, an not proxy-wasm, we should not have to use also -tags=nottinygc_envoy
+	return sh.RunV("tinygo", "build", "-gc=custom", "-tags=custommalloc", "-opt=2", "-o", filepath.Join("build", "coraza-http-wasm.wasm"), "-scheduler=none", "--no-debug", "-target=wasi")
 }
 
 // Test runs all unit tests.