Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Race condition in RuleMetadata.StrID() #1083

Closed
MarcWort opened this issue Jun 21, 2024 · 1 comment · Fixed by #1084
Closed

Race condition in RuleMetadata.StrID() #1083

MarcWort opened this issue Jun 21, 2024 · 1 comment · Fixed by #1084

Comments

@MarcWort
Copy link

Description

The Go Race Detector pointed out a data race on the new RuleMetadata.StrID() introduced in #1039

Steps to reproduce

Running tests which contain t.Parallel() to simulate multiple requests with the race detection enabled: go test -race

  WARNING: DATA RACE
 Read at 0x00c0021d1af0 by goroutine 31:
   github.com/corazawaf/coraza/v3/internal/corazarules.(*RuleMetadata).StrID()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazarules/rule.go:89 +0x44
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).doEvaluate()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/rule.go:197 +0x1eb
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).Evaluate()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/rule.go:179 +0x42d
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*RuleGroup).Eval()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/rulegroup.go:219 +0x9a4
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*Transaction).ProcessRequestBody()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/transaction.go:1047 +0x990
   mypackage.example.com/work/scrubbing/coraza-spoa.(*handler).requestAllowed()
       /src/coraza-spoa/waf.go:224 +0x585

 Previous write at 0x00c0021d1af0 by goroutine 41:
   github.com/corazawaf/coraza/v3/internal/corazarules.(*RuleMetadata).StrID()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazarules/rule.go:94 +0xa8
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).doEvaluate()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/rule.go:197 +0x1eb
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).Evaluate()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/rule.go:179 +0x42d
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*RuleGroup).Eval()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/rulegroup.go:219 +0x9a4
   github.com/corazawaf/coraza/v3/internal/corazawaf.(*Transaction).ProcessRequestBody()
       /go/pkg/mod/github.com/corazawaf/coraza/v3@v3.2.0/internal/corazawaf/transaction.go:1047 +0x990
   mypackage.example.com/work/scrubbing/coraza-spoa.(*handler).requestAllowed()
       /src/coraza-spoa/waf.go:224 +0x585
@jcchavezs jcchavezs mentioned this issue Jun 21, 2024
Merged
@jcchavezs
Copy link
Member

Thanks for the report, this was introduced in https://github.com/corazawaf/coraza/pull/1039/files#diff-397d8f5c981e6e197286890a559690b982dd806cd5873b8c8b9223cbe439717cR88-R97 I think.

We need to cut a path release fixing this and probably attempt to run tests in parallel cc @M4tteoP

@M4tteoP M4tteoP mentioned this issue Jun 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: race condition on StrID M4tteoP/coraza
2 participants
@jcchavezs @MarcWort