add https audit log support

internal/auditlog/https_writer.go

@@ -0,0 +1,71 @@
+// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build !tinygo
+// +build !tinygo
+
+package auditlog
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
+)
+
+// httpsWriter is used to store logs in a single file
+type httpsWriter struct {
+	io.Closer
+	formatter plugintypes.AuditLogFormatter
+	url       string
+	client    *http.Client
+}
+
+func (h *httpsWriter) Init(c plugintypes.AuditLogConfig) error {
+	h.formatter = c.Formatter
+	h.url = c.Target
+	// now we validate h.url is a valid url
+	// Although the writer type is HTTPS, we allow HTTP as well
+	_, err := url.Parse(h.url)
+	if err != nil {
+		return err
+	}
+	h.client = &http.Client{
+		Timeout: time.Duration(1 * time.Second),
+	}
+	return nil
+}
+
+func (h *httpsWriter) Write(al plugintypes.AuditLog) error {
+	body, err := h.formatter(al)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, h.url, bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", "Coraza+v3")
+	// TODO: declare content type in the formatter
+	res, err := h.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode >= 300 || res.StatusCode < 200 {
+		return fmt.Errorf("unexpected status code %d", res.StatusCode)
+	}
+	if _, err := io.Copy(io.Discard, res.Body); err != nil {
+		// the stream failed, but the log was received, we don't return error
+		// we cannot generate a log using the current api
+		return nil
+	}
+	return nil
+}
+
+var _ plugintypes.AuditLogWriter = (*httpsWriter)(nil)

internal/auditlog/https_writer_test.go

@@ -0,0 +1,70 @@
+// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build !tinygo
+// +build !tinygo
+
+package auditlog
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
+	"github.com/corazawaf/coraza/v3/types"
+)
+
+func TestHTTPSAuditLog(t *testing.T) {
+	writer := &httpsWriter{}
+	formatter := nativeFormatter
+	pts, err := types.ParseAuditLogParts("ABCDEZ")
+	if err != nil {
+		t.Fatal(err)
+	}
+	al := &Log{
+		Parts_: pts,
+
+		Transaction_: Transaction{
+			ID_: "test123",
+		},
+		Messages_: []plugintypes.AuditLogMessage{
+			Message{
+				Data_: &MessageData{
+					ID_:  100,
+					Raw_: "SecAction \"id:100\"",
+				},
+			},
+		},
+	}
+	// we create a test http server
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		if r.ContentLength == 0 {
+			t.Fatal("ContentLength is 0")
+		}
+		// now we get the body
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(body) == 0 {
+			t.Fatal("Body is empty")
+		}
+		if !bytes.Contains(body, []byte("test123")) {
+			t.Fatal("Body does not match")
+		}
+	}))
+	defer server.Close()
+	if err := writer.Init(plugintypes.AuditLogConfig{
+		Target:    server.URL,
+		Formatter: formatter,
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Write(al); err != nil {
+		t.Fatal(err)
+	}
+}

internal/auditlog/init.go

@@ -15,6 +15,9 @@ func init() {
 	RegisterWriter("serial", func() plugintypes.AuditLogWriter {
 		return &serialWriter{}
 	})
+	RegisterWriter("https", func() plugintypes.AuditLogWriter {
+		return &httpsWriter{}
+	})
 
 	RegisterFormatter("json", jsonFormatter)
 	RegisterFormatter("jsonlegacy", legacyJSONFormatter)

internal/auditlog/init_tinygo.go

@@ -15,6 +15,9 @@ func init() {
 	RegisterWriter("serial", func() plugintypes.AuditLogWriter {
 		return noopWriter{}
 	})
+	RegisterWriter("https", func() plugintypes.AuditLogWriter {
+		return noopWriter{}
+	})
 
 	// TODO(jcchavezs): check if newest TinyGo supports json.Marshaler for audit log type.
 	RegisterFormatter("json", noopFormater)