experimental: UseRequest/ResponseBody methods

[M4tteoP]

Exposing as experimental two new methods to provide the bodies to Coraza. They are meant to be used when the entire request body is available, as it avoids the need for an extra copy into the body buffers.

Benchmark:

goos: darwin
goarch: arm64
pkg: github.com/corazawaf/coraza/v3/internal/corazawaf
BenchmarkUseRequestBody/WriteRequestBody-10         	    1383	    912582 ns/op	10544513 B/op	     214 allocs/op
BenchmarkUseRequestBody/UseRequestBody-10           	   63420	     17178 ns/op	   50075 B/op	     212 allocs/op
PASS
ok  	github.com/corazawaf/coraza/v3/internal/corazawaf	3.559s

Usage:

tx := waf.NewTransaction().(corazaexperimental.Transaction)
body := []byte("body") // Retrieved from the connector or somewhere
tx.UseResponseBody(body)

Usage:

• Go-ftw within its new quantitative testing phase: coreruleset/go-ftw@main...use_body
• Experimenting with new connectors (no code available, yet)

[jptosso]

My only concern is maintaining a pointer that can be flushed at any point.
I'm not sure if telling the user to avoid using b slice is enough

[M4tteoP]

My only concern is maintaining a pointer that can be flushed at any point.
I'm not sure if telling the user to avoid using b slice is enough

Hey, I elaborated on the description a bit more. However, this feature fundamentally relies on this approach, so I would assume that anyone using it is intentionally willing to let Coraza the ownership of that pointer

[jcchavezs]

I am missing the use cases where this can be used. In regular go code I think it is risky as mutations can happen, in other environments I think is more acceptable. I would not merge this until we show solid code using it.

[codecov]

Codecov Report

Attention: Patch coverage is 85.36585% with 12 lines in your changes missing coverage. Please review.

Project coverage is 81.69%. Comparing base (70f1746) to head (4bcf23c).

Files with missing lines	Patch %	Lines
internal/corazawaf/body_buffer.go	45.45%	4 Missing and 2 partials ⚠️
internal/corazawaf/transaction.go	91.54%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1212      +/-   ##
==========================================
+ Coverage   81.66%   81.69%   +0.03%     
==========================================
  Files         168      168              
  Lines        9655     9737      +82     
==========================================
+ Hits         7885     7955      +70     
- Misses       1519     1527       +8     
- Partials      251      255       +4     

Flag	Coverage Δ
coraza.rule.case_sensitive_args_keys	81.65% <85.36%> (+0.03%)	⬆️
coraza.rule.multiphase_valuation	81.69% <85.36%> (+0.03%)	⬆️
coraza.rule.no_regex_multiline	81.63% <85.36%> (+0.03%)	⬆️
default	81.69% <85.36%> (+0.03%)	⬆️
examples+	16.30% <0.00%> (-0.16%)	⬇️
examples+coraza.rule.case_sensitive_args_keys	81.65% <85.36%> (+0.03%)	⬆️
examples+coraza.rule.multiphase_valuation	81.53% <85.36%> (+0.03%)	⬆️
examples+coraza.rule.no_regex_multiline	81.55% <85.36%> (+0.03%)	⬆️
examples+memoize_builders	81.65% <85.36%> (+0.03%)	⬆️
examples+no_fs_access	80.97% <85.36%> (+0.03%)	⬆️
ftw	81.69% <85.36%> (+0.03%)	⬆️
memoize_builders	81.79% <85.36%> (+0.03%)	⬆️
no_fs_access	81.14% <85.36%> (+0.03%)	⬆️
tinygo	81.66% <85.36%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.