corazawaf · jptosso · Nov 7, 2024 · Feb 18, 2024 · Feb 19, 2024 · Mar 5, 2024
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
diff --git a/.github/workflows/container-image.yaml b/.github/workflows/container-image.yaml
@@ -11,15 +11,6 @@ on:
   pull_request:
   workflow_dispatch:
 
-
-env:
-  HAPROXY_IMAGES: >
-    haproxy:2.2-alpine
-    haproxy:2.4-alpine
-    haproxy:2.5-alpine
-    haproxy:2.6-alpine
-    haproxy:2.7-alpine
-
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -30,14 +21,6 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v3
 
-      - name: Run e2e tests against the example
-        shell: bash
-        run: >
-          for image in $HAPROXY_IMAGES; do
-              echo "Running e2e with Haproxy image $image"
-              HAPROXY_IMAGE=$image docker compose -f docker-compose.e2e.yaml up --abort-on-container-exit tests
-          done
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
@@ -56,7 +39,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Docker metadata - Main
+      - name: Docker metadata
         id: meta-main
         uses: docker/metadata-action@v4
         with:
@@ -68,44 +51,14 @@ jobs:
             type=ref,event=branch
             type=ref,event=pr
 
-      - name: Image - Main
+      - name: Image
         uses: docker/build-push-action@v3
         with:
           context: .
           cache-from: type=gha
           cache-to: type=gha,mode=max
           platforms: linux/amd64
-          file: Dockerfile
+          file: example/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta-main.outputs.tags }}
-          labels: ${{ steps.meta-main.outputs.labels }}
-
-
-      - name: Docker metadata - CRS4
-        id: meta-crs4
-        uses: docker/metadata-action@v4
-        with:
-          images: ghcr.io/${{ github.repository }}
-          flavor: |
-            suffix=-crs4,onlatest=true
-          tags: |
-            type=raw,value=snapshot,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=ref,event=branch
-            type=ref,event=pr
-
-      - name: Image - CRS4
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          platforms: linux/amd64
-          file: Dockerfile
-          push: ${{ github.event_name != 'pull_request' }}
-          target: coreruleset
-          build-args: |
-            CORERULESET_VERSION=v4.0.0-rc1
-          tags: ${{ steps.meta-crs4.outputs.tags }}
-          labels: ${{ steps.meta-crs4.outputs.labels }}
+          labels: ${{ steps.meta-main.outputs.labels }}
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -1,4 +1,4 @@
-name: Lint (pre-commit)
+name: Lint
 
 on:
   pull_request:
@@ -8,9 +8,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v3
+      - name: Set up Go
+        uses: actions/setup-go@v4
         with:
-          go-version: v1.19.x
-          cache: true
+          go-version: '1.23'
       - run: go run mage.go lint
diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
@@ -44,11 +44,8 @@ jobs:
         run: |
           sudo apt update && sudo apt -y install make pkg-config rubygems && sudo gem install fpm
 
-          # Download corazawaf/coraza/coraza.conf for distribution
-          curl https://raw.githubusercontent.com/corazawaf/coraza/v3.0.0/coraza.conf-recommended > coraza.conf
-
       - name: Build binary
-        run: VERSION=${PACKAGE_VERSION} ARCH=${{ matrix.arch }} make
+        run: VERSION=${PACKAGE_VERSION} GOARCH=${{ matrix.arch }} go run mage.go build
 
       - name: Build package
         run: |
@@ -62,11 +59,9 @@ jobs:
            --deb-systemd ./contrib/coraza-spoa.service \
            --deb-systemd-enable \
            --config-files /etc/coraza-spoa/config.yaml \
-           ./coraza-spoa_${{matrix.arch}}=/usr/bin/coraza-spoa \
-           ./doc/config/=/usr/share/doc/coraza-spoa/haproxy-config \
+           ./coraza-spoa=/usr/bin/coraza-spoa \
            ./LICENSE=/usr/share/doc/coraza-spoa/ \
-           ./config.yaml.default=/etc/coraza-spoa/config.yaml \
-           ./coraza.conf=/etc/coraza-spoa/coraza.conf
+           ./example/coraza-spoa.yaml=/etc/coraza-spoa/config.yaml
 
       ## Publish to the "testing" repo
       - name: Cloudsmith Push:debian/coraza-spoa-snapshots

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -0,0 +1,27 @@
+name: Test
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.23'
+
+      - name: setup environment
+        run: |
+          sudo apt-get install -y software-properties-common
+          sudo add-apt-repository -y ppa:vbernat/haproxy-2.8
+          sudo apt-get update
+          sudo apt-get install -y haproxy
+          haproxy -vv
+
+      - name: Test
+        run: go run mage.go test
diff --git a/.gitignore b/.gitignore
@@ -13,7 +13,5 @@
 *.out
 vendor/
 
-# local files
-config.yaml
-logs/
-rules/
+# Build output
+build/
diff --git a/Dockerfile b/Dockerfile
diff --git a/Makefile b/Makefile
diff --git a/README.md b/README.md
@@ -14,27 +14,23 @@ HAProxy includes a [Stream Processing Offload Engine](https://www.haproxy.com/bl
 
 ### Build
 
-The command `make` will compile the source code and produce the executable file `coraza-spoa`.
-
-### Clean
-
-When you need to re-compile the source code, you can use the command `make clean` to clean the executable file.
+The command `go run mage.go build` will compile the source code and produce the executable file `coraza-spoa`.
 
 ## Configuration
 
 ## Coraza SPOA
 
-The example configuration file is [config.yaml.default](https://github.com/corazawaf/coraza-spoa/blob/main/config.yaml.default), you can copy it and modify the related configuration information. You can start the service by running the command:
+The example configuration file is [examples/coraza-spoa.yaml](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza-spoa.yaml), you can copy it and modify the related configuration information. You can start the service by running the command:
 
 ```
-coraza-spoa -config /etc/coraza-spoa/coraza.yaml
+coraza-spoa -f /etc/coraza-spoa/coraza-spoa.yaml
 ```
 
 You will also want to download & extract the [OWASP Core Ruleset]( https://github.com/coreruleset/coreruleset/releases) (version 4+ supported) to the `/etc/coraza-spoa` directory.
 
 ## HAProxy SPOE
 
-Configure HAProxy to exchange messages with the SPOA. The example SPOE configuration file is [coraza.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/doc/config/coraza.cfg), you can copy it and modify the related configuration information. Default directory to place the config is `/etc/haproxy/coraza.cfg`.
+Configure HAProxy to exchange messages with the SPOA. The example SPOE configuration file is [coraza.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg), you can copy it and modify the related configuration information. Default directory to place the config is `/etc/haproxy/coraza.cfg`.
 
 ```ini
 # /etc/haproxy/coraza.cfg
@@ -47,7 +43,7 @@ spoe-message coraza-req
     event on-frontend-http-request
 ```
 
-The application name from `config.yaml` must match the `app=` name, or the `default_application` will be used.
+The application name from `config.yaml` must match the `app=` name.
 
 The backend defined in `use-backend` must match a `haproxy.cfg` backend which directs requests to the SPOA daemon reachable via `127.0.0.1:9000`.
 
@@ -70,12 +66,12 @@ backend coraza-spoa
     server s1 127.0.0.1:9000
 ```
 
-A comprehensive HAProxy configuration example can be found in [docs/config/haproxy.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/doc/config/coraza.cfg).
+A comprehensive HAProxy configuration example can be found in [examples/haproxy.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg).
 
-Because, in the SPOE configuration file (coraza.cfg), we declare to use the backend [coraza-spoa](https://github.com/corazawaf/coraza-spoa/blob/88b4e54ab3ddcb58d946ed1d6389eff73745575b/doc/config/coraza.cfg#L14) to communicate with the service, so we need also to define it in the [HAProxy file](https://github.com/corazawaf/coraza-spoa/blob/dd5eb86d1e9abbdd5fe568249f36a6d85257eba7/doc/config/haproxy.cfg#L37):
+Because, in the SPOE configuration file (coraza.cfg), we declare to use the backend [coraza-spoa](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg#L14) to communicate with the service, so we need also to define it in the [HAProxy file](https://github.com/corazawaf/coraza-spoa/blob/main/examples/haproxy.cfg#L37):
 
 ## Docker
 
-- Build the coraza-spoa image `docker-compose build`
-- Run haproxy, coraza-spoa and a mock server `docker-compose up`
+- Build the coraza-spoa image `docker compose build`
+- Run haproxy, coraza-spoa and a mock server `docker compose up`
 - Perform a request which gets blocked by the WAF: `curl http://localhost:4000/\?x\=/etc/passwd`