Juan Pablo Tosso
Juan Pablo Tosso
## Extended macro support Currently, macro expansion only expands a single variable from the transaction. The idea is to expand it with a simple scripting language. ### Predefined macro helpers...
We need more benchmarks for v3: - Rule Matching - URL parsing - Per operator, using test data - Per transformation, using test data - Body processors - Coraza/Modsec+CRS: -...
We haven't found a real-world use case for transaction context. Could we discuss some ideas? Otherwise, we might have to remove it.
This issue is meant to keep track of V3 alpha release issues CC @fzipi @piyushroshan @anuraaga @bxlxx @jcchavezs ## Tasks - [x] Variable engine rework (90%) - pending key case...
Expose the Directive type and RegisterDirective function to allow developers to create custom directives A directive can be implemented as ```go import( "github.com/corazawaf/coraza/v2/seclang" ) func secRemoteDirective(options *seclang.DirectiveOptions) error { username...
Many connectors could inherit the ID from another ID provider, for example, nginx mod_unique_id. Right now, to overwrite the ID, we have to load the ID collection and write to...
Currently, all errors are hardcoded, we need better reporting for debugging.
- Check that we are properly matching the file line - Make directive errors easier to read using the following syntax: ``` Failed to parse directive "DIRECTIVE_NAME" in "FILE_NAME.conf:LINE": Invalid...
Rule.Eval is a huge function with a lot of complexity, maybe we could create an internal struct to split the code into multiple functions. Function phases are: - Check the...
We currently generate the audit logs (errors with matched data) and error logs (errors without matched data) using the status code as a parameter. modsecurity-nginx uses `msc_update_status_code` to set the...