From ba54e8e4a510b185b337bc8fd9ebdf05fee750e3 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 10:55:36 +0100 Subject: [PATCH 01/15] chore(regression): improve coverage with testing tag matrix --- .github/workflows/regression.yml | 24 ++++++++++++++++++- magefile.go | 41 ++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index e70625f5e..ac926a0d5 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -13,11 +13,28 @@ on: - "LICENSE" jobs: + # Generate matrix of tags for all permutations of the tests + generate-matrix: + runs-on: ubuntu-latest + outputs: + tags: ${{ steps.generate.outputs.tags }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Generate tag combinations + id: generate + run: | + go run mage.go tags-matrix > tags.json + echo "::set-output name=tags::$(cat tags.json)" + shell: bash test: + needs: generate-matrix strategy: matrix: go-version: [1.22.x, 1.23.x] os: [ubuntu-latest] + build-flag: ${{ fromJson(needs.generate-matrix.outputs.tags) }} runs-on: ${{ matrix.os }} steps: - name: Checkout code @@ -28,7 +45,12 @@ jobs: go-version: ${{ matrix.go-version }} cache: true - name: Tests and coverage - run: go run mage.go coverage + run: | + mkdir build + go test -race -coverprofile=build/${{ matrix.build-flag }}.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./... + go test -race -coverprofile=build/${{ matrix.build-flag }}-examples.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./examples/http-server + go test -coverprofile=build/${{ matrix.build-flag }}-ftw.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./testing/coreruleset + go tool cover -html=build/coverage.txt -o build/coverage.html" - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} diff --git a/magefile.go b/magefile.go index 2bc87e1af..7b1d1d192 100644 --- a/magefile.go +++ b/magefile.go @@ -7,12 +7,14 @@ package main import ( + "encoding/json" "errors" "fmt" "io" "os" "os/exec" "path/filepath" + "strings" "github.com/magefile/mage/mg" "github.com/magefile/mage/sh" @@ -228,3 +230,42 @@ func Precommit() error { func Check() { mg.SerialDeps(Lint, Test) } + +// combinations generates all possible combinations of build tags +func combinations(tags []string) []string { + var result []string + n := len(tags) + for i := 0; i < (1 << n); i++ { + var combo []string + for j := 0; j < n; j++ { + if i&(1< 0 { + result = append(result, "-tags="+strings.Join(combo, ",")) + } else { + result = append(result, "") + } + } + return result +} + +// Generates a JSON output to stdout which contains all permutations of build tags for the project. +func TagsMatrix() error { + tags := []string{ + "coraza.rule.case_sensitive_args_keys", + "memoize_builders", + "coraza.rule.multiphase_valuation", + } + combos := combinations(tags) + + jsonData, err := json.Marshal(combos) + if err != nil { + fmt.Println("Error generating JSON:", err) + return nil + } + + fmt.Println(string(jsonData)) + return nil +} From 4642621fcc23f627a7bb7497dce93e908e537557 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 11:02:25 +0100 Subject: [PATCH 02/15] fix naming --- .github/workflows/regression.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index ac926a0d5..1ba1f67dc 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -25,7 +25,7 @@ jobs: - name: Generate tag combinations id: generate run: | - go run mage.go tags-matrix > tags.json + go run mage.go tagsmatrix > tags.json echo "::set-output name=tags::$(cat tags.json)" shell: bash test: From 02c740056fd4017f520e42150915dd476ad24a35 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 11:05:55 +0100 Subject: [PATCH 03/15] fix bad cmd --- .github/workflows/regression.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 1ba1f67dc..1d2cdcfd5 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -50,7 +50,7 @@ jobs: go test -race -coverprofile=build/${{ matrix.build-flag }}.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./... go test -race -coverprofile=build/${{ matrix.build-flag }}-examples.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./examples/http-server go test -coverprofile=build/${{ matrix.build-flag }}-ftw.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./testing/coreruleset - go tool cover -html=build/coverage.txt -o build/coverage.html" + go tool cover -html=build/coverage.txt -o build/coverage.html - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} From 9100f1c22854d2b7c6a38759af77c6c8b742c4c1 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 11:15:15 +0100 Subject: [PATCH 04/15] small fixes --- .github/workflows/regression.yml | 22 +++++++++------------- magefile.go | 2 +- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 1d2cdcfd5..5d170fede 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -43,41 +43,37 @@ jobs: uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ matrix.go-version }} - cache: true + cache: true - name: Tests and coverage run: | mkdir build - go test -race -coverprofile=build/${{ matrix.build-flag }}.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./... + echo + go test -race -coverprofile=build/${{ matrix.build-flag }}.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./... go test -race -coverprofile=build/${{ matrix.build-flag }}-examples.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./examples/http-server go test -coverprofile=build/${{ matrix.build-flag }}-ftw.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./testing/coreruleset - go tool cover -html=build/coverage.txt -o build/coverage.html + go test -race -tags=tinygo -coverprofile=build/${{ matrix.build-flag }}-tinygo.txt -covermode=atomic -coverpkg=./... ./... + go tool cover -html=build/${{ matrix.build-flag }}.txt -o build/${{ matrix.build-flag }}.html - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/coverage.txt + files: build/${{ matrix.build-flag }}.txt flags: default - name: "Codecov: Examples" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/coverage-examples.txt + files: build/${{ matrix.build-flag }}-examples.txt flags: examples - name: "Codecov: FTW" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/coverage-ftw.txt + files: build/${{ matrix.build-flag }}-ftw.txt flags: ftw - - name: "Codecov: FTW Multiphase tag" - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 - if: ${{ matrix.go-version == '1.22.x' }} - with: - files: build/coverage-ftw-multiphase.txt - flags: ftw-multiphase - name: "Codecov: Tinygo" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/coverage-tinygo.txt + files: build/${{ matrix.build-flag }}-tinygo.txt flags: tinygo diff --git a/magefile.go b/magefile.go index 7b1d1d192..7ed6fef12 100644 --- a/magefile.go +++ b/magefile.go @@ -243,7 +243,7 @@ func combinations(tags []string) []string { } } if len(combo) > 0 { - result = append(result, "-tags="+strings.Join(combo, ",")) + result = append(result, strings.Join(combo, ",")) } else { result = append(result, "") } From d12fe8a43d524532cf0501a57a79f877a2386d6e Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 11:19:09 +0100 Subject: [PATCH 05/15] fix tinygo flag --- .github/workflows/regression.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 5d170fede..600f094ae 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -49,9 +49,9 @@ jobs: mkdir build echo go test -race -coverprofile=build/${{ matrix.build-flag }}.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./... - go test -race -coverprofile=build/${{ matrix.build-flag }}-examples.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./examples/http-server - go test -coverprofile=build/${{ matrix.build-flag }}-ftw.txt -covermode=atomic -coverpkg=./... ${{ matrix.build-flag }} ./testing/coreruleset - go test -race -tags=tinygo -coverprofile=build/${{ matrix.build-flag }}-tinygo.txt -covermode=atomic -coverpkg=./... ./... + go test -race -coverprofile=build/${{ matrix.build-flag }}-examples.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./examples/http-server + go test -coverprofile=build/${{ matrix.build-flag }}-ftw.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./testing/coreruleset + go test -race -tags=tinygo,${{ matrix.build-flag }} -coverprofile=build/${{ matrix.build-flag }}-tinygo.txt -covermode=atomic -coverpkg=./... ./... go tool cover -html=build/${{ matrix.build-flag }}.txt -o build/${{ matrix.build-flag }}.html - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 From 2d7129e50c05675863bd103b9123cd513c11a681 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 11:40:07 +0100 Subject: [PATCH 06/15] move logic to magefile --- .github/workflows/regression.yml | 8 +----- magefile.go | 42 ++++++++++++++++---------------- 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 600f094ae..d19811995 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -46,13 +46,7 @@ jobs: cache: true - name: Tests and coverage run: | - mkdir build - echo - go test -race -coverprofile=build/${{ matrix.build-flag }}.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./... - go test -race -coverprofile=build/${{ matrix.build-flag }}-examples.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./examples/http-server - go test -coverprofile=build/${{ matrix.build-flag }}-ftw.txt -covermode=atomic -coverpkg=./... -tags=${{ matrix.build-flag }} ./testing/coreruleset - go test -race -tags=tinygo,${{ matrix.build-flag }} -coverprofile=build/${{ matrix.build-flag }}-tinygo.txt -covermode=atomic -coverpkg=./... ./... - go tool cover -html=build/${{ matrix.build-flag }}.txt -o build/${{ matrix.build-flag }}.html + go run mage.go coverage ${{ matrix.build-flag }} - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} diff --git a/magefile.go b/magefile.go index 7ed6fef12..105c7023b 100644 --- a/magefile.go +++ b/magefile.go @@ -136,39 +136,38 @@ func Test() error { return nil } +func buildTagsFlags(tags string) string { + if tags == "" { + return "" + } + return fmt.Sprintf("%q", tags) +} + // Coverage runs tests with coverage and race detector enabled. -func Coverage() error { +func Coverage(tags string) error { + tags = buildTagsFlags(tags) if err := os.MkdirAll("build", 0755); err != nil { return err } - if err := sh.RunV("go", "test", "-race", "-coverprofile=build/coverage.txt", "-covermode=atomic", "-coverpkg=./...", "./..."); err != nil { - return err - } - if err := sh.RunV("go", "test", "-race", "-coverprofile=build/coverage-examples.txt", "-covermode=atomic", "-coverpkg=./...", "./examples/http-server"); err != nil { - return err + fmt.Println("Running tests with coverage") + fmt.Println("Tags:", tags) + tagsCmd := "" + if tags != "" { + tagsCmd = "-tags=" + tags } - if err := sh.RunV("go", "test", "-coverprofile=build/coverage-ftw.txt", "-covermode=atomic", "-coverpkg=./...", "./testing/coreruleset"); err != nil { + if err := sh.RunV("go", "test", "-race", tagsCmd, fmt.Sprintf("-coverprofile=build/%s-coverage.txt", tags), "-covermode=atomic", "-coverpkg=./...", "./..."); err != nil { return err } - // Execute coverage tests with multiphase evaluation enabled - if err := sh.RunV("go", "test", "-race", "-coverprofile=build/coverage-multiphase.txt", "-covermode=atomic", "-coverpkg=./...", "-tags=coraza.rule.multiphase_evaluation", "./..."); err != nil { - return err - } - // Executes http-server tests with multiphase evaluation enabled - if err := sh.RunV("go", "test", "-race", "-coverprofile=build/coverage-examples.txt", "-covermode=atomic", "-tags=coraza.rule.multiphase_evaluation", "-coverpkg=./...", "./examples/http-server"); err != nil { - return err - } - // Execute FTW tests with multiphase evaluation enabled as well - if err := sh.RunV("go", "test", "-coverprofile=build/coverage-ftw-multiphase.txt", "-covermode=atomic", "-coverpkg=./...", "-tags=coraza.rule.multiphase_evaluation", "./testing/coreruleset"); err != nil { + // Execute http-server tests with coverage + if err := sh.RunV("go", "test", "-race", tagsCmd, fmt.Sprintf("-coverprofile=build/%s-coverage-examples.txt", tags), "-covermode=atomic", "-coverpkg=./...", "./examples/http-server"); err != nil { return err } - // This is not actually running tests with tinygo, but with the tag that includes its code so we can calculate coverage - // for it. - if err := sh.RunV("go", "test", "-race", "-tags=tinygo", "-coverprofile=build/coverage-tinygo.txt", "-covermode=atomic", "-coverpkg=./...", "./..."); err != nil { + // Execute FTW tests with coverage as well + if err := sh.RunV("go", "test", tagsCmd, fmt.Sprintf("-coverprofile=build/%s-coverage-ftw.txt", tags), "-covermode=atomic", "-coverpkg=./...", "./testing/coreruleset"); err != nil { return err } - return sh.RunV("go", "tool", "cover", "-html=build/coverage.txt", "-o", "build/coverage.html") + return sh.RunV("go", "tool", "cover", fmt.Sprintf("-html=build/%s-coverage.txt", tags), "-o", fmt.Sprintf("build/%s-coverage.html", tags)) } // Fuzz runs fuzz tests @@ -257,6 +256,7 @@ func TagsMatrix() error { "coraza.rule.case_sensitive_args_keys", "memoize_builders", "coraza.rule.multiphase_valuation", + "tinygo", } combos := combinations(tags) From 5a51e8ccc622d6f2cf466fcee1d9f7d33208225e Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:02:08 +0100 Subject: [PATCH 07/15] move options to env --- .github/workflows/regression.yml | 3 ++- magefile.go | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index d19811995..a114cb201 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -46,7 +46,8 @@ jobs: cache: true - name: Tests and coverage run: | - go run mage.go coverage ${{ matrix.build-flag }} + export BUILD_TAGS="${{ matrix.build-flag }}" + go run mage.go coverage - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} diff --git a/magefile.go b/magefile.go index 105c7023b..17d803daf 100644 --- a/magefile.go +++ b/magefile.go @@ -144,8 +144,10 @@ func buildTagsFlags(tags string) string { } // Coverage runs tests with coverage and race detector enabled. -func Coverage(tags string) error { - tags = buildTagsFlags(tags) +// Usage: mage coverage [buildTags] +func Coverage() error { + buildTags := os.Getenv("BUILD_TAGS") + tags := buildTagsFlags(buildTags) if err := os.MkdirAll("build", 0755); err != nil { return err } From 6c35d74c03c40bd1e0add029c38b5cb15f2abdf1 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:11:20 +0100 Subject: [PATCH 08/15] use default coverage filenames --- .github/workflows/regression.yml | 18 ++++++------------ magefile.go | 16 +++++++++++----- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index a114cb201..a8304ce2f 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -52,23 +52,17 @@ jobs: uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/${{ matrix.build-flag }}.txt - flags: default + files: build/coverage.txt + flags: default+${{ matrix.build-flag }} - name: "Codecov: Examples" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/${{ matrix.build-flag }}-examples.txt - flags: examples + files: build/coverage-examples.txt + flags: examples+${{ matrix.build-flag }} - name: "Codecov: FTW" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 if: ${{ matrix.go-version == '1.22.x' }} with: - files: build/${{ matrix.build-flag }}-ftw.txt - flags: ftw - - name: "Codecov: Tinygo" - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 - if: ${{ matrix.go-version == '1.22.x' }} - with: - files: build/${{ matrix.build-flag }}-tinygo.txt - flags: tinygo + files: build/coverage-ftw.txt + flags: ftw+${{ matrix.build-flag }} \ No newline at end of file diff --git a/magefile.go b/magefile.go index 17d803daf..6737d908e 100644 --- a/magefile.go +++ b/magefile.go @@ -14,6 +14,7 @@ import ( "os" "os/exec" "path/filepath" + "regexp" "strings" "github.com/magefile/mage/mg" @@ -140,7 +141,12 @@ func buildTagsFlags(tags string) string { if tags == "" { return "" } - return fmt.Sprintf("%q", tags) + // we remove all non alphanumeric _,- + rx := regexp.MustCompile("^[\\w_,]+$") + if !rx.MatchString(tags) { + panic("Invalid build tags") + } + return tags } // Coverage runs tests with coverage and race detector enabled. @@ -157,19 +163,19 @@ func Coverage() error { if tags != "" { tagsCmd = "-tags=" + tags } - if err := sh.RunV("go", "test", "-race", tagsCmd, fmt.Sprintf("-coverprofile=build/%s-coverage.txt", tags), "-covermode=atomic", "-coverpkg=./...", "./..."); err != nil { + if err := sh.RunV("go", "test", "-race", tagsCmd, "-coverprofile=build/coverage.txt", "-covermode=atomic", "-coverpkg=./...", "./..."); err != nil { return err } // Execute http-server tests with coverage - if err := sh.RunV("go", "test", "-race", tagsCmd, fmt.Sprintf("-coverprofile=build/%s-coverage-examples.txt", tags), "-covermode=atomic", "-coverpkg=./...", "./examples/http-server"); err != nil { + if err := sh.RunV("go", "test", "-race", tagsCmd, "-coverprofile=build/coverage-examples.txt", "-covermode=atomic", "-coverpkg=./...", "./examples/http-server"); err != nil { return err } // Execute FTW tests with coverage as well - if err := sh.RunV("go", "test", tagsCmd, fmt.Sprintf("-coverprofile=build/%s-coverage-ftw.txt", tags), "-covermode=atomic", "-coverpkg=./...", "./testing/coreruleset"); err != nil { + if err := sh.RunV("go", "test", tagsCmd, "-coverprofile=build/coverage-ftw.txt", "-covermode=atomic", "-coverpkg=./...", "./testing/coreruleset"); err != nil { return err } - return sh.RunV("go", "tool", "cover", fmt.Sprintf("-html=build/%s-coverage.txt", tags), "-o", fmt.Sprintf("build/%s-coverage.html", tags)) + return sh.RunV("go", "tool", "cover", "-html=build/coverage.txt", "-o", "build/coverage.html") } // Fuzz runs fuzz tests From 441d0fcefd5b59df75bc0c771aa69bb134f582cb Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:14:00 +0100 Subject: [PATCH 09/15] make it daily --- .github/workflows/regression.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index a8304ce2f..e5429d812 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -11,7 +11,8 @@ on: paths-ignore: - "**/*.md" - "LICENSE" - + schedule: + - cron: "0 0 * * *" jobs: # Generate matrix of tags for all permutations of the tests generate-matrix: @@ -46,7 +47,7 @@ jobs: cache: true - name: Tests and coverage run: | - export BUILD_TAGS="${{ matrix.build-flag }}" + export BUILD_TAGS=${{ matrix.build-flag }} go run mage.go coverage - name: "Codecov: General" uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 From bec4b630570eca3abb1600cf13d3225dee140dfe Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:15:40 +0100 Subject: [PATCH 10/15] fix regex for tags --- magefile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/magefile.go b/magefile.go index 6737d908e..676169e61 100644 --- a/magefile.go +++ b/magefile.go @@ -142,7 +142,7 @@ func buildTagsFlags(tags string) string { return "" } // we remove all non alphanumeric _,- - rx := regexp.MustCompile("^[\\w_,]+$") + rx := regexp.MustCompile("^[\\w_,\\.]+$") if !rx.MatchString(tags) { panic("Invalid build tags") } From 388b0056fe3ba5fe5ed17bacf50482f8d194cdb8 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:32:47 +0100 Subject: [PATCH 11/15] add support for no filesystem --- magefile.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/magefile.go b/magefile.go index 676169e61..dd30415d2 100644 --- a/magefile.go +++ b/magefile.go @@ -174,6 +174,15 @@ func Coverage() error { if err := sh.RunV("go", "test", tagsCmd, "-coverprofile=build/coverage-ftw.txt", "-covermode=atomic", "-coverpkg=./...", "./testing/coreruleset"); err != nil { return err } + // we run tinygo tag only if memoize_builders is is not enabled + if !strings.Contains(tags, "memoize_builders") { + if tagsCmd != "" { + tagsCmd += ",tinygo" + } + if err := sh.RunV("go", "test", "-race", tagsCmd, "-coverprofile=build/coverage-tinygo.txt", "-covermode=atomic", "-coverpkg=./...", "./..."); err != nil { + return err + } + } return sh.RunV("go", "tool", "cover", "-html=build/coverage.txt", "-o", "build/coverage.html") } @@ -264,7 +273,6 @@ func TagsMatrix() error { "coraza.rule.case_sensitive_args_keys", "memoize_builders", "coraza.rule.multiphase_valuation", - "tinygo", } combos := combinations(tags) From 79665c1c9cb1e0aba2c7523faf55b9b19cef3234 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:35:41 +0100 Subject: [PATCH 12/15] add no_fs_access --- .github/workflows/regression.yml | 9 ++++++++- magefile.go | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index e5429d812..77552a35c 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -66,4 +66,11 @@ jobs: if: ${{ matrix.go-version == '1.22.x' }} with: files: build/coverage-ftw.txt - flags: ftw+${{ matrix.build-flag }} \ No newline at end of file + flags: ftw+${{ matrix.build-flag }} + - name: "Codecov: Tinygo" + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 + # only if coverage-tinygo.txt exists + if: ${{ matrix.go-version == '1.22.x' && hashFiles('build/coverage-tinygo.txt') != '' }} + with: + files: build/coverage-tinygo.txt + flags: tinygo+${{ matrix.build-flag }} diff --git a/magefile.go b/magefile.go index dd30415d2..c7950a0ae 100644 --- a/magefile.go +++ b/magefile.go @@ -273,6 +273,7 @@ func TagsMatrix() error { "coraza.rule.case_sensitive_args_keys", "memoize_builders", "coraza.rule.multiphase_valuation", + "no_fs_access" } combos := combinations(tags) From d16a3e42baca447ded7e6a370950dd89437566fe Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:36:44 +0100 Subject: [PATCH 13/15] add no_fs_access --- magefile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/magefile.go b/magefile.go index c7950a0ae..c399e4825 100644 --- a/magefile.go +++ b/magefile.go @@ -273,7 +273,7 @@ func TagsMatrix() error { "coraza.rule.case_sensitive_args_keys", "memoize_builders", "coraza.rule.multiphase_valuation", - "no_fs_access" + "no_fs_access", } combos := combinations(tags) From 6e05b5ad08dcfa73cb29fc12e7817899d50bcb53 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:42:10 +0100 Subject: [PATCH 14/15] update tests --- internal/corazawaf/transaction_test.go | 4 ++++ internal/seclang/directives_test.go | 13 ++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/internal/corazawaf/transaction_test.go b/internal/corazawaf/transaction_test.go index 64d548546..07881c092 100644 --- a/internal/corazawaf/transaction_test.go +++ b/internal/corazawaf/transaction_test.go @@ -19,6 +19,7 @@ import ( "github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes" "github.com/corazawaf/coraza/v3/internal/collections" "github.com/corazawaf/coraza/v3/internal/corazarules" + "github.com/corazawaf/coraza/v3/internal/environment" utils "github.com/corazawaf/coraza/v3/internal/strings" "github.com/corazawaf/coraza/v3/types" "github.com/corazawaf/coraza/v3/types/variables" @@ -1731,6 +1732,9 @@ func TestForceRequestBodyOverride(t *testing.T) { } func TestCloseFails(t *testing.T) { + if !environment.HasAccessToFS { + t.Skip("skipping test as it requires access to filesystem") + } waf := NewWAF() tx := waf.NewTransaction() col := tx.Variables().FilesTmpNames().(*collections.Map) diff --git a/internal/seclang/directives_test.go b/internal/seclang/directives_test.go index b5b47b777..373f100be 100644 --- a/internal/seclang/directives_test.go +++ b/internal/seclang/directives_test.go @@ -10,6 +10,7 @@ import ( "testing" "github.com/corazawaf/coraza/v3/internal/corazawaf" + "github.com/corazawaf/coraza/v3/internal/environment" "github.com/corazawaf/coraza/v3/types" ) @@ -165,11 +166,6 @@ func TestDirectives(t *testing.T) { {"", expectErrorOnDirective}, {"1000", func(w *corazawaf.WAF) bool { return w.UploadFileLimit == 1000 }}, }, - "SecUploadDir": { - {"", expectErrorOnDirective}, - {"/tmp-non-existing", expectErrorOnDirective}, - {os.TempDir(), func(w *corazawaf.WAF) bool { return w.UploadDir == os.TempDir() }}, - }, "SecSensorId": { {"", expectErrorOnDirective}, {"test", func(w *corazawaf.WAF) bool { return w.SensorID == "test" }}, @@ -315,6 +311,13 @@ func TestDirectives(t *testing.T) { {"1000", func(waf *corazawaf.WAF) bool { return waf.ArgumentLimit == 1000 }}, }, } + if environment.HasAccessToFS { + directiveCases["SecUploadDir"] = []directiveCase{ + {"", expectErrorOnDirective}, + {"/tmp-non-existing", expectErrorOnDirective}, + {os.TempDir(), func(w *corazawaf.WAF) bool { return w.UploadDir == os.TempDir() }}, + } + } for name, dCases := range directiveCases { t.Run(name, func(t *testing.T) { From 35b179f0b1121494f6048c8509547ee394921d98 Mon Sep 17 00:00:00 2001 From: "J. Pablo Tosso" Date: Wed, 13 Nov 2024 12:55:57 +0100 Subject: [PATCH 15/15] remove nightly --- .github/workflows/regression.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 77552a35c..7588613b8 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -11,8 +11,6 @@ on: paths-ignore: - "**/*.md" - "LICENSE" - schedule: - - cron: "0 0 * * *" jobs: # Generate matrix of tags for all permutations of the tests generate-matrix: