wallarm · afr1ka · Mar 27, 2025 · Mar 27, 2025 · Mar 27, 2025 · Mar 27, 2025
diff --git a/.github/workflows/binaries.yml b/.github/workflows/binaries.yml
@@ -51,7 +51,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.23.6.linux-amd64.tar.gz"
+      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.23.7.linux-amd64.tar.gz"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -162,7 +162,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_VERSION: "1.23.6"
+      X_GO_VERSION: "1.23.7"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -272,19 +272,19 @@ jobs:
         include:
           - arch: armv6
             distro: bullseye
-            go_distribution: https://go.dev/dl/go1.23.6.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.23.7.linux-armv6l.tar.gz
             artifact: armv6-libc
           - arch: aarch64
             distro: bullseye
-            go_distribution: https://go.dev/dl/go1.23.6.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.23.7.linux-arm64.tar.gz
             artifact: arm64-libc
           - arch: armv6
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.23.6.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.23.7.linux-armv6l.tar.gz
             artifact: armv6-musl
           - arch: aarch64
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.23.6.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.23.7.linux-arm64.tar.gz
             artifact: arm64-musl
     steps:
       - uses: actions/checkout@v2.1.0

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -23,22 +23,20 @@ jobs:
     runs-on: "ubuntu-20.04"
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Build an image from Dockerfile
         run: |
           docker build -t wallarm/api-firewall:${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           image-ref: 'wallarm/api-firewall:${{ github.sha }}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
+          format: 'sarif'
           output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION := 0.8.8
+VERSION := 0.8.9
 NAMESPACE := github.com/wallarm/api-firewall
 
 .DEFAULT_GOAL := build
@@ -39,10 +39,10 @@ vulncheck:
 	govulncheck ./...
 
 stop_k6_tests:
-	@docker-compose -f resources/test/docker-compose-api-mode.yml down
+	@docker compose -f resources/test/docker-compose-api-mode.yml down
 
 run_k6_tests: stop_k6_tests
-	@docker-compose -f resources/test/docker-compose-api-mode.yml up --build --detach --force-recreate
+	@docker compose -f resources/test/docker-compose-api-mode.yml up --build --detach --force-recreate
 	docker run --rm -i --network host grafana/k6 run -v - <resources/test/specification/script.js || true
 	$(MAKE) stop_k6_tests
 

diff --git a/cmd/api-firewall/internal/handlers/proxy/routes.go b/cmd/api-firewall/internal/handlers/proxy/routes.go
@@ -9,7 +9,7 @@ import (
 	"sync"
 
 	"github.com/corazawaf/coraza/v3"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 	"github.com/karlseguin/ccache/v2"
 	"github.com/sirupsen/logrus"

diff --git a/cmd/api-firewall/tests/main_api_mode_bench_test.go b/cmd/api-firewall/tests/main_api_mode_bench_test.go
@@ -37,7 +37,7 @@ func BenchmarkAPIModeBasic(b *testing.B) {
 
 	handler := handlersAPI.Handlers(&lock, &cfg, shutdown, logger, specStorage, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",

diff --git a/cmd/api-firewall/tests/main_api_mode_test.go b/cmd/api-firewall/tests/main_api_mode_test.go
@@ -745,7 +745,7 @@ func (s *APIModeServiceTests) testAPIModeSuccess(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -777,7 +777,7 @@ func (s *APIModeServiceTests) testAPIModeSuccess(t *testing.T) {
 	checkResponseOkStatusCode(t, &reqCtx, DefaultSchemaID)
 
 	// Repeat request with invalid email
-	reqInvalidEmail, err := json.Marshal(map[string]interface{}{
+	reqInvalidEmail, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -808,7 +808,7 @@ func (s *APIModeServiceTests) testAPIModeMissedMultipleReqParams(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -840,7 +840,7 @@ func (s *APIModeServiceTests) testAPIModeMissedMultipleReqParams(t *testing.T) {
 	checkResponseOkStatusCode(t, &reqCtx, DefaultSchemaID)
 
 	// Repeat request with invalid email
-	reqInvalidEmail, err := json.Marshal(map[string]interface{}{
+	reqInvalidEmail, err := json.Marshal(map[string]any{
 		"email": "test@wallarm.com",
 	})
 
@@ -850,7 +850,7 @@ func (s *APIModeServiceTests) testAPIModeMissedMultipleReqParams(t *testing.T) {
 
 	req.SetBodyStream(bytes.NewReader(reqInvalidEmail), -1)
 
-	missedParams := map[string]interface{}{
+	missedParams := map[string]any{
 		"firstname": struct{}{},
 		"lastname":  struct{}{},
 	}
@@ -1008,7 +1008,7 @@ func (s *APIModeServiceTests) testAPIModeOneSchemeMultipleIDs(t *testing.T) {
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
 	// one schema
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1092,7 +1092,7 @@ func (s *APIModeServiceTests) testAPIModeTwoDifferentSchemesMultipleIDs(t *testi
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
 	// one schema
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1122,7 +1122,7 @@ func (s *APIModeServiceTests) testAPIModeTwoDifferentSchemesMultipleIDs(t *testi
 
 	req.Header.Set(web.XWallarmSchemaIDHeader, fmt.Sprintf("%d", SecondSchemaID))
 
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"email": "test@wallarm.com",
 	})
 
@@ -1198,7 +1198,7 @@ func (s *APIModeServiceTests) testAPIModeTwoSchemesMultipleIDs(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1247,7 +1247,7 @@ func (s *APIModeServiceTests) testAPIModeTwoSchemesMultipleIDs(t *testing.T) {
 	}
 
 	// Repeat request with invalid email
-	reqInvalidEmail, err := json.Marshal(map[string]interface{}{
+	reqInvalidEmail, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1330,7 +1330,7 @@ func (s *APIModeServiceTests) testAPIModeInvalidCTParseError(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1366,7 +1366,7 @@ func (s *APIModeServiceTests) testAPIModeCTNotInSpec(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1426,7 +1426,7 @@ func (s *APIModeServiceTests) testAPIModeNoXWallarmSchemaIDHeader(t *testing.T)
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1528,7 +1528,7 @@ func (s *APIModeServiceTests) testAPIModeMethodAndPathNotFound(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -1731,7 +1731,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyMissed(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"status":  uuid.New().String(),
 		"testInt": 50,
 		"error":   "test",
@@ -1782,7 +1782,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterMissed(t *testing.
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"status":  uuid.New().String(),
 		"testInt": 50,
 		"error":   "test",
@@ -1812,7 +1812,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterMissed(t *testing.
 	checkResponseOkStatusCode(t, &reqCtx, DefaultSchemaID)
 
 	// body without required parameter
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"error": "test",
 	})
 
@@ -2003,7 +2003,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterInvalidValue(t *te
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"status":  uuid.New().String(),
 		"testInt": 50,
 		"error":   "test",
@@ -2033,7 +2033,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterInvalidValue(t *te
 	checkResponseOkStatusCode(t, &reqCtx, DefaultSchemaID)
 
 	// body without required parameter
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"status":  "invalid_test_value",
 		"testInt": 50,
 		"error":   "test",
@@ -2063,7 +2063,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterInvalidValue(t *te
 	checkResponseForbiddenStatusCode(t, &reqCtx, DefaultSchemaID, []string{validator.ErrCodeRequiredBodyParameterInvalidValue})
 
 	// body with parameter which has invalid type
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"status":  uuid.New().String(),
 		"testInt": "invalid_type_str",
 		"error":   "test",
@@ -2093,7 +2093,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterInvalidValue(t *te
 	checkResponseForbiddenStatusCode(t, &reqCtx, DefaultSchemaID, []string{validator.ErrCodeRequiredBodyParameterInvalidValue})
 
 	// body with required parameter that has value less than minimum threshold
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"status":  uuid.New().String(),
 		"testInt": 1,
 		"error":   "test",
@@ -2123,7 +2123,7 @@ func (s *APIModeServiceTests) testAPIModeRequiredBodyParameterInvalidValue(t *te
 	checkResponseForbiddenStatusCode(t, &reqCtx, DefaultSchemaID, []string{validator.ErrCodeRequiredBodyParameterInvalidValue})
 
 	// body with required parameter that has value more than maximum threshold
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"status":  uuid.New().String(),
 		"testInt": 1000,
 		"error":   "test",
@@ -2365,7 +2365,7 @@ func (s *APIModeServiceTests) testAPIModeUnknownParameterBodyJSON(t *testing.T)
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname":     "test",
 		"lastname":      "test",
 		"job":           "test",
@@ -2399,7 +2399,7 @@ func (s *APIModeServiceTests) testAPIModeUnknownParameterBodyJSON(t *testing.T)
 	// check response status code and response body
 	checkResponseForbiddenStatusCode(t, &reqCtx, DefaultSchemaID, []string{validator.ErrCodeUnknownParameterFound})
 
-	p, err = json.Marshal(map[string]interface{}{
+	p, err = json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -2690,7 +2690,7 @@ func (s *APIModeServiceTests) testAPIModeInvalidRouteInRequest(t *testing.T) {
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",
@@ -2746,7 +2746,7 @@ func (s *APIModeServiceTests) testAPIModeInvalidRouteInRequestInMultipleSchemas(
 
 	handler := handlersAPI.Handlers(s.lock, &cfg, s.shutdown, s.logger, s.dbSpec, nil, nil)
 
-	p, err := json.Marshal(map[string]interface{}{
+	p, err := json.Marshal(map[string]any{
 		"firstname": "test",
 		"lastname":  "test",
 		"job":       "test",