Matteo Pace
Matteo Pace
Hello, currently, ftw is looking for the IDs of the triggered rules after sending a request. What we are facing running Coraza on Envoy is that the phase when the...
Address https://github.com/corazawaf/coraza-proxy-wasm/issues/255. As an initial solution to address the lack of audit logs, this PR proposes, as suggested in https://github.com/corazawaf/coraza-proxy-wasm/issues/255#issuecomment-1955993849, to write audit logs the normal envoy logs. This PR...
Currently, for both request and response bodies, we are relying on two different buffers: - Envoy buffer: Calling [`return types.ActionPause`](https://github.com/corazawaf/coraza-proxy-wasm/blob/main/main.go#L202), we are buffering the body and stop sending it upstream....
This issue recaps how we currently handle the response body and both short-term and long-term proposals. Previous discussion: https://github.com/corazawaf/coraza-proxy-wasm/pull/19. #### Current Behaviour: - The interruption status returned by `ProcessResponseBody` is...
Follows https://github.com/corazawaf/coraza/pull/1032#issuecomment-2100529001. Running tests against CRS 4.2 looks pretty okay
Fixes https://github.com/reactive-tech/kubegres/issues/181
Hi there, The following CVEs have been reported by scanning kubegres: Severity | CVE | Package | Fix -- | -- | -- | -- HIGH | PRISMA-2022-0227 | github.com/emicklei/go-restful/v3...
This PR: - Adds a Benchmark test for XSS detection - Reduces functions called inside interactions (still no performance improvements, I think mainly because of the small amount of data...
[`930110-7` test](https://github.com/coreruleset/coreruleset/blob/67a4d5e5b93d9b4067970d2dc712b6eac83214af/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml#L107-L122) is performed with `uri: "/get/.."` and the expected outcome is to do not match `930110` rule. According to `930110` [description](https://github.com/coreruleset/coreruleset/blob/626522276e72dedf6015414171b772c9699d0355/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf#L60) this is actually a pattern that we are...