-
-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[persistent collections] based on PR-866 #1261
base: main
Are you sure you want to change the base?
Conversation
return fmt.Errorf("initcol: collection %s is not valid", col) | ||
} | ||
// we validate if this is a persistent collection | ||
persistent := []string{"USER", "SESSION", "IP", "RESOURCE", "GLOBAL"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need to restrict arbitrary collection creation?
@@ -76,8 +78,10 @@ func (a *setvarFn) Init(_ plugintypes.RuleMetadata, data string) error { | |||
colKey, colVal, colOk := strings.Cut(key, ".") | |||
// Right not it only makes sense to allow setting TX | |||
// key is also required | |||
if strings.ToUpper(colKey) != "TX" { | |||
return errors.New("invalid arguments, expected collection TX") | |||
available := []string{"TX", "USER", "GLOBAL", "RESOURCE", "SESSION", "IP"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jptosso Clould you help me here? It's your changes, I believe you have more context here.
I personally see the reason of making constraints, just to minimize unpredictable behavior.
And in the future, if we really need we can extend it without breaking compatibility.
On the other hand if we make it possible to pass anything now and bring constrains after, there is a chance to break code for someone.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey! setvar can only be used for this set of variables. Others are not mutuable, but IMOwe can use type assertion for this
) | ||
|
||
// defaultEngine | ||
// defaultEngine is just a sample and it shouldn't be used in production. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we use the third-party library then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use own custom engine if we need.
Take a look here.
switch v := res.(type) { | ||
case string: | ||
return v, nil | ||
case int: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we even store it as int
if we only set a value of type string
?
@@ -0,0 +1,50 @@ | |||
// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors | |
// Copyright 2024 Juan Pablo Tosso and the OWASP Coraza contributors |
Maybe even 2025.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure. These changes made in 2023 by Juan.
I'd keep it as it is.
Great job here. There is a PR for the close implementation #1200 |
JFYI: the PR is ready from my side. There are unit-tests and I checked it on my local machine with some rules. |
// // SetOne will replace the key's value with this string | ||
// SetOne(key string, value string) | ||
|
||
// SetTTL will set the TTL for the key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is TTL in seconds, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. According to the doc https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-%28v2.x%29#user-content-expirevar
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the exported methods should have documentation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not necessary here.
It's not a part of the library but an example for users that they can implement their own pesistence engine and the proof that it works.
Look at the path
This PR is based on the PR-866 of the original repository.
It is related to the issue-1227.
Persistence collections
Thanks for your contribution ❤️