api: return 1 on disruption, add bulk headers, add coraza_free_string

ppomes · ppomes · commit e9bd45303dd4 · 2026-04-22T16:09:32.000-04:00
- Phase functions now return 1 when interrupted, -1 on error, 0 on success - Add coraza_add_request_headers/coraza_add_response_headers for bulk packed headers - Add coraza_free_string for safe deallocation of strings returned by libcoraza Ref corazawaf#93
diff --git a/libcoraza/coraza.go b/libcoraza/coraza.go
@@ -239,7 +239,11 @@ func coraza_process_connection(t C.coraza_transaction_t, sourceAddress *C.char,
 //export coraza_process_request_body
 func coraza_process_request_body(t C.coraza_transaction_t) C.int {
 	tx := fromRaw[types.Transaction](t)
-	if _, err := tx.ProcessRequestBody(); err != nil {
+	it, err := tx.ProcessRequestBody()
+	if err != nil {
+		return -1
+	}
+	if it != nil {
 		return 1
 	}
 	return 0
@@ -277,10 +281,46 @@ func coraza_add_request_header(t C.coraza_transaction_t, name *C.char, name_len
 	return 0
 }
 
+// coraza_add_request_headers adds multiple request headers from a packed buffer.
+// Encoding: [name_len u16][name_bytes][value_len u32][value_bytes] × count
+//
+//export coraza_add_request_headers
+func coraza_add_request_headers(t C.coraza_transaction_t, packed *C.char, packed_len C.int, count C.int) C.int {
+	tx := fromRaw[types.Transaction](t)
+	buf := C.GoBytes(unsafe.Pointer(packed), packed_len)
+	off := 0
+	for i := 0; i < int(count); i++ {
+		if off+2 > len(buf) {
+			return -1
+		}
+		nameLen := int(buf[off])<<8 | int(buf[off+1])
+		off += 2
+		if off+nameLen > len(buf) {
+			return -1
+		}
+		name := string(buf[off : off+nameLen])
+		off += nameLen
+		if off+4 > len(buf) {
+			return -1
+		}
+		valueLen := int(buf[off])<<24 | int(buf[off+1])<<16 | int(buf[off+2])<<8 | int(buf[off+3])
+		off += 4
+		if off+valueLen > len(buf) {
+			return -1
+		}
+		value := string(buf[off : off+valueLen])
+		off += valueLen
+		tx.AddRequestHeader(name, value)
+	}
+	return 0
+}
+
 //export coraza_process_request_headers
 func coraza_process_request_headers(t C.coraza_transaction_t) C.int {
 	tx := fromRaw[types.Transaction](t)
-	tx.ProcessRequestHeaders()
+	if it := tx.ProcessRequestHeaders(); it != nil {
+		return 1
+	}
 	return 0
 }
 
@@ -314,6 +354,40 @@ func coraza_add_response_header(t C.coraza_transaction_t, name *C.char, name_len
 	return 0
 }
 
+// coraza_add_response_headers adds multiple response headers from a packed buffer.
+// Same encoding as coraza_add_request_headers.
+//
+//export coraza_add_response_headers
+func coraza_add_response_headers(t C.coraza_transaction_t, packed *C.char, packed_len C.int, count C.int) C.int {
+	tx := fromRaw[types.Transaction](t)
+	buf := C.GoBytes(unsafe.Pointer(packed), packed_len)
+	off := 0
+	for i := 0; i < int(count); i++ {
+		if off+2 > len(buf) {
+			return -1
+		}
+		nameLen := int(buf[off])<<8 | int(buf[off+1])
+		off += 2
+		if off+nameLen > len(buf) {
+			return -1
+		}
+		name := string(buf[off : off+nameLen])
+		off += nameLen
+		if off+4 > len(buf) {
+			return -1
+		}
+		valueLen := int(buf[off])<<24 | int(buf[off+1])<<16 | int(buf[off+2])<<8 | int(buf[off+3])
+		off += 4
+		if off+valueLen > len(buf) {
+			return -1
+		}
+		value := string(buf[off : off+valueLen])
+		off += valueLen
+		tx.AddResponseHeader(name, value)
+	}
+	return 0
+}
+
 //export coraza_append_response_body
 func coraza_append_response_body(t C.coraza_transaction_t, data *C.uchar, length C.int) C.int {
 	tx := fromRaw[types.Transaction](t)
@@ -326,7 +400,11 @@ func coraza_append_response_body(t C.coraza_transaction_t, data *C.uchar, length
 //export coraza_process_response_body
 func coraza_process_response_body(t C.coraza_transaction_t) C.int {
 	tx := fromRaw[types.Transaction](t)
-	if _, err := tx.ProcessResponseBody(); err != nil {
+	it, err := tx.ProcessResponseBody()
+	if err != nil {
+		return -1
+	}
+	if it != nil {
 		return 1
 	}
 	return 0
@@ -335,7 +413,9 @@ func coraza_process_response_body(t C.coraza_transaction_t) C.int {
 //export coraza_process_response_headers
 func coraza_process_response_headers(t C.coraza_transaction_t, status C.int, proto *C.char) C.int {
 	tx := fromRaw[types.Transaction](t)
-	tx.ProcessResponseHeaders(int(status), C.GoString(proto))
+	if it := tx.ProcessResponseHeaders(int(status), C.GoString(proto)); it != nil {
+		return 1
+	}
 	return 0
 }
 
@@ -417,6 +497,15 @@ func coraza_free_waf(t C.coraza_waf_t) C.int {
 	return 0
 }
 
+// coraza_free_string frees a string returned by libcoraza (e.g. from
+// coraza_matched_rule_get_error_log). Callers must use this instead of
+// libc free() to avoid allocator mismatches on Windows.
+//
+//export coraza_free_string
+func coraza_free_string(s *C.char) {
+	C.free(unsafe.Pointer(s))
+}
+
 /**
  * Returns the severity of a matched rule.
  * @param[in] pointer to matched rule
