coraza-traefik
coraza-traefik copied to clipboard
jptosso
[Traefik Pilot] Traefik Plugin Analyzer has detected a problem.
The plugin was not imported into Traefik Pilot.
Cause:
failed to run the plugin with Yaegi: the load of the plugin takes too much time, or an error, inside the plugin, occurs during the load: 1:21: import "github.com/jptosso/coraza-traefik" error: /tmp/pilot-gop138161949/src/github.com/jptosso/coraza-traefik/coraza.go:9:2: import "github.com/jptosso/coraza-waf" error: unable to find source related to: "github.com/jptosso/coraza-waf"
Traefik Plugin Analyzer will restart when you will close this issue.
If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.
Hey @jcesclapez , a lot has happened in coraza and v2 beta could be compatible with yaegi. I will update the code to coraza v2 and see if we can finally get it working
So I have updated the code to v2 and I still get errors:
https://github.com/traefik/yaegi/issues/1172
jptosso@tossino:~/go/src/github.com/jptosso/coraza-traefik$ yaegi test -unrestricted -unsafe
/home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:264:8: panic
/home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:183:11: panic
/home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/waf.go:336:10: panic
coraza.go:33:3: panic
coraza_test.go:11:9: panic
--- FAIL: TestCoraza (0.00s)
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled [recovered]
panic: /home/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/go.uber.org/zap/logger.go:268:35: method not found: Enabled
goroutine 50 [running]:
testing.tRunner.func1.2({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/testing/testing.go:1209 +0x24e
testing.tRunner.func1()
/usr/local/go/src/testing/testing.go:1212 +0x218
panic({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0xdcf900, 0xc000c67ba8})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.getMethodByName.func1(0xc00128bd90)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1971 +0x634
github.com/traefik/yaegi/interp.runCfg(0xc0017c57a0, 0xc00128bd90, 0x0, 0xce7860)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc00128bc30)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0017aed80, 0xc00128bc30, 0x0, 0xce7860)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc000163e40)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc001dfed80, 0xc000163e40, 0x3, 0x3)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc000163d90)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0004c06c0, 0xc000163d90, 0x464fe5, 0xce7860)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc000163b80)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0010219e0, 0xc000163b80, 0x0, 0xde7f80)
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.genFunctionWrapper.func2.1({0xc000c66ea0, 0x1, 0x1})
/home/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1023 +0x4a5
testing.tRunner(0xc00021f1e0, 0xc000a93dd0)
/usr/local/go/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
/usr/local/go/src/testing/testing.go:1306 +0x35a
We must wait until the guys from yaegi fix their bug :(
There is someone trying to create a bouncer: https://github.com/fbonalair/traefik-coraza-bouncer/tree/feat/init
The zap bug has been fixed but now I'm getting a Coraza error. It is not a Coraza error itself but a yaegi bug but I can still try to rewrite that code in order to avoid this error, I will create an issue on the coraza repo for this. https://github.com/jptosso/coraza-waf/issues/146
Tested using yaegi 14acf61
➜ coraza-traefik git:(master) ✗ yaegi test -unrestricted -unsafe
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/loggers/serial_writer.go:33:14: panic
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/waf.go:271:10: panic
coraza.go:33:3: panic
coraza_test.go:11:9: panic
--- FAIL: TestCoraza (0.00s)
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string
goroutine 40 [running]:
testing.tRunner.func1.2({0x18d8660, 0xc000891240})
/usr/local/go/src/testing/testing.go:1209 +0x24e
testing.tRunner.func1()
/usr/local/go/src/testing/testing.go:1212 +0x218
panic({0x18d8660, 0xc000891240})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.runCfg.func1()
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:193 +0x145
panic({0x18d8660, 0xc000891240})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/traefik/yaegi/interp.typeAssert.func3(0xc0011ec4d0)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:441 +0x5c6
github.com/traefik/yaegi/interp.runCfg(0xc001ab50e0, 0xc0011ec4d0, 0xb7d6314400000001, 0x19176e0)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc0001dfce0)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc001bf0000, 0xc0001dfce0, 0xc00053d8f0, 0x0)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc0001dfc30)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc0004b2d80, 0xc0001dfc30, 0x10656a5, 0x18d8660)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.call.func9(0xc0001dfa20)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1422 +0x94e
github.com/traefik/yaegi/interp.runCfg(0xc001300b40, 0xc0001dfa20, 0x0, 0x19d96a0)
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:201 +0x2ac
github.com/traefik/yaegi/interp.genFunctionWrapper.func2.1({0xc0016d0090, 0x1, 0x1})
/Users/jptosso/go/pkg/mod/github.com/traefik/[email protected]/interp/run.go:1023 +0x4a5
testing.tRunner(0xc0005829c0, 0xc000c1b950)
/usr/local/go/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
/usr/local/go/src/testing/testing.go:1306 +0x35a
Hey, we are still having issues:
➜ coraza-traefik git:(master) ✗ yaegi test -unrestricted -unsafe
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/loggers/serial_writer.go:33:14: panic
/Users/jptosso/go/src/github.com/jptosso/coraza-traefik/vendor/github.com/jptosso/coraza-waf/v2/waf.go:271:10: panic
coraza.go:33:3: panic
coraza_test.go:11:9: panic
--- FAIL: TestCoraza (0.00s)
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string [recovered]
panic: interface conversion: interface {} is interp.valueInterface, not string
Hi,
the error is still on yaegi side? is there an open issue in their repo? I can invest some time to work on it
thanks
That is a yaegi error, for coraza v2 we cast settings from an interface like this:
fileName := c.Get("auditlog_file", "/dev/null").(string)
Yaegi doesn't support it, I think they documented it's not supported in yaegi, that's why I think we should work on another approach
oh ok, yes I had a look at it before
https://github.com/corazawaf/coraza/blob/v2/master/loggers/serial_writer.go
yes then a different approach should be use. I will create a PR if I find a different approach to it
regards
A different approach on compatibility with yaegi, like using GRPC or WASM, in the main coraza branch we are working on a tinygo compatible version of coraza, we could try WASM+yaegi. Or coraza-server of GRPC.
We cannot remove the interfaces casting, as it would mean a major release and we are not planning it yet.
Any updates on this re V2?
Is this fixed in upcoming V3?
When can we expected a working plugin for traefik v2 ( and traefik v3 which is due out soon)?
Hi, any updates on this issue?
I have tried similar in my repo (hatsat32/coraza-traefik) but traefik does not support unsafe package for plugins. (see: https://github.com/traefik/traefik/issues/7459) This makes developing traefik plugin very hard.
And some issues I did not understand (probably related with yaegi).
$ yaegi test -unrestricted -unsafe
test: coroza.go:11:2: import "github.com/corazawaf/coraza/v3" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/corazawaf/coraza/v3/config.go:11:2: import "github.com/corazawaf/coraza/v3/internal/corazawaf" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/corazawaf/coraza/v3/internal/corazawaf/transaction.go:23:2: import "github.com/corazawaf/coraza/v3/internal/bodyprocessors" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/corazawaf/coraza/v3/internal/bodyprocessors/json.go:11:2: import "github.com/tidwall/gjson" error: /home/ausec/go/src/github.com/hatsat32/coraza-traefik/vendor/github.com/tidwall/gjson/gjson.go:1790:3: undefined: loop
Any ideas on how to implement traefik plugin?
Hey, right now, there is no way we can implement Coraza under Traefik because of Yaegi. Coraza uses a lot of memory optimizations from low-level packages that are not available on Yaegi.
Although, you can use coraza as a sidecar proxy using envoy: https://github.com/corazawaf/coraza-proxy-wasm/
Hi @jptosso,
Traefik now supports WASM plugins.
Here is an official demo : https://github.com/traefik/plugindemowasm
Do you think you could provide an official Traefik WASM plugin ? As it works with Envoy, I guess it solves Yaegi issues ?
Hey! This is something under discussion, we will keep you posted In the meantime you can test our coraza-proxy-wasm plugin and tell us your results
Hey! This is something under discussion, we will keep you posted In the meantime you can test our coraza-proxy-wasm plugin and tell us your results
Thanks :)
Traefik does not implement "Envoy" Proxy WASM ABI but a more adopted ABI IMO http-wasm. It means I can't use WASM plugin as it. Someone did try to implement Coraza with this ABI : https://github.com/jcchavezs/coraza-http-wasm I will try to enable it in Traefik