search

corazawaf / coraza-spoa

EXPERIMENTAL: A wrapper around the OWASP Coraza WAF for HAProxy's SPOE filters
Apache License 2.0
85 stars 18 forks source link

Request without a query parameter results in an error #5

Closed sts closed 2 years ago

sts commented 2 years ago

When sending a request without query arguments, coraza-spoa will by default log it as an error, when using the default configuration:

# coraza.cfg
spoe-message coraza-req
    args id=unique-id src-ip=src method=method path=path query=query version=req.ver headers=req.hdrs body=req.body
    event on-frontend-http-request
# error.log
{"level":"error","ts":"2022-05-22T08:42:08.165Z","caller":"logger/logger.go:75","msg":"invalid argument for http request query, string expected, got <nil>"}

Also the message could be enhanced, giving the user a hint where the error is happening, something like: spoe received invalid argument in spoe-message for: query. string expected, got <nil> would make it more clear that the error is happening between haproxy > spoe.

jptosso commented 2 years ago

Hey @sts, could you try the fix-issue-5 branch? I have added validation for nil queries. Still, this is just a debug error, it won't make the transaction fail.

sts commented 2 years ago

@jptosso patch verified, the message "invalid argument for http request query" is not coming up anymore.

jptosso commented 2 years ago

Great, merged into master.