litao09h
commented
9 months ago Encountering similar problems, It seems like there are many problems, not very mature。
Open zetaab opened 1 year ago
litao09h
commented
9 months ago Encountering similar problems, It seems like there are many problems, not very mature。
alarbada
commented
6 months ago Such a shame, I also got a similar error.
blacky-i
commented
1 month ago Hello everyone! I tried to set up coraza in traefik. Here are my thougths, maybe somebody could find them useful.
I wanted to use coraza WAF and started looking in available solutions. Here what I have tried.
Beta stage option. It is embedded in traefik as middleware and works during processing, but there is a memory leak. A small investigation showed (by commenting on pieces of code and searching for leaks) that the garbage collector is not working well. And it is archived with the following message:
nottinygc was an interesting experiment to bring OK performance to Wasm binaries compiled with Go. But there are fundamental issues with using GC languages in a sandboxed environment like Wasm - this still applies even after the Wasm GC proposal, and is even worse before it. The wasilibs recommendation is to use a non-GC language such as C++, Rust, or similar, when compiling to Wasm and to not use Go.
I realized that I should leave it as it is. Rewriting coraza into another language to transfer to wasm seems a big task.
Traefik has a second option for the plugin - using its own interpreter Yaegi.
Not working out of the box Issue 1 due to unsafe keyword. I tried to build a patched traefik with the addition of i.Use(unsafe.Symbols) into the project. But then the issues of the interpreter went further.
The first mistake was:
import \"github.com/corazawaf/coraza/v3/internal/memoize\" error: plugins-local/src/github.com/blackyi/coraza/vendor/github.com/corazawaf/coraza/v3/internal/memoize/nosync.go:10:12: not enough arguments in call to makeDoerMemoization is good, of course, but optional. It could be dealt with later, but now I was trying to figure out how much work I needed to do. Commented it out. Next, the following error popped up - The use of goto statements does not work:
import \"github.com/tidwall/gjson\" error: plugins-local/src/github.com/blackyi/coraza/vendor/github.com/tidwall/gjson/gjson.go:1857:3: undefined: loop"github.com/corazawaf/coraza/v3/internal/bodyprocessors/json.go:11:2: import \"github.com/tidwall/gjson\" error: plugins-local/src/github.com/blackyi/coraza/vendor/github.com/tidwall/gjson/gjson.go:2415:3: undefined: key"it showed me that the interpreter has problems with code in the project dependencies. I also commented to understand the depth of the rabbit hole. And on the next mistake, I gave up. I realized that there was too much work to do.
error: plugins-local/src/github.com/blackyi/coraza/vendor/golang.org/x/net/html/parse.go:688:46: cannot use type func(*html.parser) bool as type func(*unsafe2.dummy) boolI decided that this information might be useful. But for now, the most working option is to use coraza-spoa. Or, by the same analogy, write a plugin for traefik, redirect processing to another service.
The following program
sample.gotriggers an unexpected resultExpected result
Got
Yaegi Version
0.15.1
Additional Notes
with unsafe being blocked by default in traefik. We cannot develop coraza waf plugin which will be the next generation for modsecurity.