add https audit log support #826

jptosso · 2023-06-26T07:18:47Z

Following discussion #813, implements HTTPS audit log writer

MLOGC compatibility was dropped
We are not adding new headers
We send different mime for each formatter

Coraza v4 should consider improvements on this, like additional settings

internal/auditlog/https_writer.go

internal/auditlog/https_writer_test.go

internal/auditlog/https_writer.go

jcchavezs · 2023-06-26T10:41:10Z

Unfortunatelly we can't do bathing as we can't close the exporter (WAF does not support close method and hence when terminating the APP the batched requests will be lost). I think it is a good idea to add a Close method now but not to force people to use it and maybe the exporter can listen to termination signal cc @anuraaga ?

jcchavezs · 2023-06-29T06:24:44Z

Decisions we made during meeting https://owasp.slack.com/archives/C02BXH135AT/p1687955362171029

jcchavezs · 2023-07-04T04:19:20Z

Any movement @jptosso?

codecov · 2023-07-10T08:27:28Z

Codecov Report

Patch coverage: 43.90% and project coverage change: -0.01 ⚠️

Comparison is base (cc4ec80) 81.57% compared to head (42017a4) 81.56%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #826      +/-   ##
==========================================
- Coverage   81.57%   81.56%   -0.01%     
==========================================
  Files         158      159       +1     
  Lines        8959     9000      +41     
==========================================
+ Hits         7308     7341      +33     
- Misses       1406     1412       +6     
- Partials      245      247       +2

Flag	Coverage Δ
default	`76.58% <43.90%> (+0.01%)`	⬆️
examples	`25.54% <0.00%> (-0.13%)`	⬇️
ftw	`46.89% <0.00%> (-0.23%)`	⬇️
ftw-multiphase	`49.01% <0.00%> (-0.24%)`	⬇️
tinygo	`72.74% <47.36%> (+0.09%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
internal/auditlog/init.go	`76.92% <0.00%> (-23.08%)`	⬇️
internal/auditlog/https_writer.go	`47.36% <47.36%> (ø)`

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

anuraaga · 2023-07-11T01:16:51Z

internal/auditlog/https_writer.go

+	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
+)
+
+// httpsWriter is used to store logs in a single file


Suggested change

// httpsWriter is used to store logs in a single file

// httpsWriter sends logs to an HTTP endpoint

Also include this please

jcchavezs · 2023-07-11T02:46:36Z

One thing missing here is the content type support. We could add it to formatters (yet not to the interface) and do interface assertion ok init and record the value to be added to the requests.

jptosso · 2023-07-11T02:48:47Z

One thing missing here is the content type support. We could add it to formatters (yet not to the interface) and do interface assertion ok init and record the value to be added to the requests.

I will take care before v3.0.3 release

add https audit log support

b06eefe

jptosso requested a review from a team as a code owner June 26, 2023 07:18

jptosso marked this pull request as draft June 26, 2023 07:18

replace json test

586ddf4