cloudlinux
diff --git a/‎collection/collection.go‎
Lines changed: 28 additions & 6 deletions b/‎collection/collection.go‎
Lines changed: 28 additions & 6 deletions
diff --git a/‎config.go‎
Lines changed: 19 additions & 11 deletions b/‎config.go‎
Lines changed: 19 additions & 11 deletions
diff --git a/‎experimental/persistence/persistence.go‎
Lines changed: 40 additions & 0 deletions b/‎experimental/persistence/persistence.go‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎experimental/persistence/ptypes/ptypes.go‎
Lines changed: 24 additions & 0 deletions b/‎experimental/persistence/ptypes/ptypes.go‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎experimental/plugins/plugintypes/transaction.go‎
Lines changed: 7 additions & 0 deletions b/‎experimental/plugins/plugintypes/transaction.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎experimental/rulefilter/rftypes/rftypes.go‎
Lines changed: 17 additions & 0 deletions b/‎experimental/rulefilter/rftypes/rftypes.go‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎experimental/rulefilter/rulefilter.go‎
Lines changed: 28 additions & 0 deletions b/‎experimental/rulefilter/rulefilter.go‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎experimental/rulefilter/rulefilter_test.go‎
Lines changed: 76 additions & 0 deletions b/‎experimental/rulefilter/rulefilter_test.go‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎internal/actions/expirevar.go‎
Lines changed: 62 additions & 3 deletions b/‎internal/actions/expirevar.go‎
Lines changed: 62 additions & 3 deletions
@@ -43,24 +43,46 @@ type Keyed interface {
 	FindString(key string) []types.MatchData
 }
 
+type Editable interface {
+	Keyed
+
+	// Remove deletes the key from the CollectionMap
+	Remove(key string)
+
+	// Set will replace the key's value with this slice
+	Set(key string, values []string)
+
+	// TODO: in v4 this should contain setters for Map and Persistence
+}
+
 // Map are used to store VARIABLE data
 // for transactions, this data structured is designed
 // to store slices of data for keys
 // Important: CollectionMaps ARE NOT concurrent safe
 type Map interface {
-	Keyed
+	Editable
 
 	// Add a value to some key
 	Add(key string, value string)
 
-	// Set will replace the key's value with this slice
-	Set(key string, values []string)
-
 	// SetIndex will place the value under the index
 	// If the index is higher than the current size of the CollectionMap
 	// it will be appended
 	SetIndex(key string, index int, value string)
+}
 
-	// Remove deletes the key from the CollectionMap
-	Remove(key string)
+type Persistent interface {
+	Editable
+
+	// Init the input as the collection key
+	Init(key string)
+
+	// Sum will add the value to the key
+	Sum(key string, sum int)
+
+	// SetOne will replace the key's value with this string
+	SetOne(key string, value string)
+
+	// SetTTL will set the TTL for the key
+	SetTTL(key string, ttl int)
 }
@@ -4,6 +4,7 @@
 package coraza
 
 import (
+	"github.com/corazawaf/coraza/v3/experimental/persistence/ptypes"
 	"io/fs"
 
 	"github.com/corazawaf/coraza/v3/debuglog"
@@ -94,17 +95,18 @@ type wafRule struct {
 // int is a signed integer type that is at least 32 bits in size (platform-dependent size).
 // We still basically assume 64-bit usage where int are big sizes.
 type wafConfig struct {
-	rules                    []wafRule
-	auditLog                 *auditLogConfig
-	requestBodyAccess        bool
-	requestBodyLimit         *int
-	requestBodyInMemoryLimit *int
-	responseBodyAccess       bool
-	responseBodyLimit        *int
-	responseBodyMimeTypes    []string
-	debugLogger              debuglog.Logger
-	errorCallback            func(rule types.MatchedRule)
-	fsRoot                   fs.FS
+	rules                     []wafRule
+	auditLog                  *auditLogConfig
+	requestBodyAccess         bool
+	requestBodyLimit          *int
+	requestBodyInMemoryLimit  *int
+	responseBodyAccess        bool
+	responseBodyLimit         *int
+	responseBodyMimeTypes     []string
+	debugLogger               debuglog.Logger
+	errorCallback             func(rule types.MatchedRule)
+	fsRoot                    fs.FS
+	persistenceEngineProvider ptypes.PersistenceEngineProvider
 }
 
 func (c *wafConfig) WithRules(rules ...*corazawaf.Rule) WAFConfig {
@@ -193,6 +195,12 @@ func (c *wafConfig) WithResponseBodyMimeTypes(mimeTypes []string) WAFConfig {
 	return ret
 }
 
+func (c *wafConfig) WithPersistenceEngineProvider(provider ptypes.PersistenceEngineProvider) WAFConfig {
+	ret := c.clone()
+	ret.persistenceEngineProvider = provider
+	return ret
+}
+
 type auditLogConfig struct {
 	relevantOnly bool
 	parts        types.AuditLogParts
 
@@ -0,0 +1,40 @@
+package persistence
+
+import (
+	"fmt"
+	"github.com/corazawaf/coraza/v3"
+	"github.com/corazawaf/coraza/v3/experimental/persistence/ptypes"
+)
+
+// SetEngine returns a **new** WAFConfig instance with the specified persistence engine configured.
+// The provided engine will be initialized using its Init method.
+// If the provided engine is nil, the resulting config will effectively disable persistence
+// NOTE: This function and the persistence feature are experimental and subject to change.
+func SetEngine(config coraza.WAFConfig, engineProvider ptypes.PersistenceEngineProvider) (coraza.WAFConfig, error) {
+	cfgImpl, ok := config.(interface {
+		WithPersistenceEngineProvider(provider ptypes.PersistenceEngineProvider) coraza.WAFConfig
+	})
+	if !ok {
+		return nil, fmt.Errorf("unsupported WAFConfig type %T, cannot clone or set engine", config)
+	}
+	return cfgImpl.WithPersistenceEngineProvider(engineProvider), nil
+}
+
+// ClosePersistentEngine provides a way to gracefully shut down the persistence engine
+// associated with a WAF instance. Since the WAF instance manages the engine's lifecycle,
+// this helper should be called when the WAF instance is no longer needed, for example,
+// during an application shutdown or a configuration reload.
+//
+// This allows the engine to release resources, such as database connections or
+// background garbage collection goroutines.
+//
+// NOTE: This function and the persistence feature are experimental and subject to change.
+func ClosePersistentEngine(waf coraza.WAF) error {
+	wafImpl, ok := waf.(interface {
+		ClosePersistentEngine() error
+	})
+	if !ok {
+		return fmt.Errorf("unsupported WAF type %T, cannot close engine", waf)
+	}
+	return wafImpl.ClosePersistentEngine()
+}
@@ -0,0 +1,24 @@
+package ptypes
+
+// PersistenceEngineProvider provider for creation of PersistentEngine.
+// This way we don't have to worry about cloning when using
+// WithPersistenceEngineProvider in config.go
+type PersistenceEngineProvider func() (PersistentEngine, error)
+
+// PersistentEngine defines the interface for storing and retrieving persistent collection data (e.g., SESSION, IP, GLOBAL).
+type PersistentEngine interface {
+	// Close releases engine resources.
+	Close() error
+	// Sum increments or decrements a numeric value.
+	Sum(collectionName string, collectionKey string, key string, delta int) error
+	// Get retrieves a specific value.
+	Get(collectionName string, collectionKey string, key string) (string, error)
+	// All retrieves all key-value pairs for a collection key.
+	All(collectionName string, collectionKey string) (map[string]string, error)
+	// Set stores a value, overwriting any existing one.
+	Set(collection string, collectionKey string, key string, value string) error
+	// SetTTL sets the Time-To-Live (in seconds) for a specific key within a collection instance.
+	SetTTL(collection string, collectionKey string, key string, ttl int) error
+	// Remove deletes a specific key.
+	Remove(collection string, collectionKey string, key string) error
+}
@@ -116,4 +116,11 @@ type TransactionVariables interface {
 	ArgsGetNames() collection.Collection
 	ArgsPostNames() collection.Collection
 	MultipartStrictError() collection.Single
+	ScriptFilename() collection.Single
+	ScriptUsername() collection.Single
+	Session() collection.Persistent
+	User() collection.Persistent
+	IP() collection.Persistent
+	Global() collection.Persistent
+	Resource() collection.Persistent
 }
@@ -0,0 +1,17 @@
+// Copyright 2024 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+// This package defines shared types for the rulefilter package.
+
+package rftypes
+
+import "github.com/corazawaf/coraza/v3/types"
+
+// RuleFilter provides an interface for filtering rules during transaction processing.
+// Implementations can define custom logic to determine if a specific rule
+// should be ignored for a given transaction based on its metadata.
+type RuleFilter interface {
+	// ShouldIgnore evaluates the provided RuleMetadata and returns true if the rule
+	// should be skipped for the current transaction, false otherwise.
+	ShouldIgnore(types.RuleMetadata) bool
+}
@@ -0,0 +1,28 @@
+// Copyright 2024 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+// This package provides experimental way to filter rule evaluation
+// during transaction processing.
+
+package rulefilter
+
+import (
+	"fmt"
+
+	"github.com/corazawaf/coraza/v3/experimental/rulefilter/rftypes"
+	"github.com/corazawaf/coraza/v3/internal/corazawaf"
+	"github.com/corazawaf/coraza/v3/types"
+)
+
+// SetRuleFilter applies a RuleFilter to the transaction.
+// This filter will be consulted during rule evaluation in each phase
+// to determine if specific rules should be skipped for this transaction.
+// It returns an error if the provided transaction is not of the expected internal type.
+func SetRuleFilter(tx types.Transaction, filter rftypes.RuleFilter) error {
+	internalTx, ok := tx.(*corazawaf.Transaction)
+	if !ok {
+		return fmt.Errorf("transaction type assertion failed, expected *corazawaf.Transaction but got %T", tx)
+	}
+	internalTx.SetRuleFilter(filter)
+	return nil
+}
@@ -0,0 +1,76 @@
+// Copyright 2024 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+package rulefilter
+
+import (
+	"testing"
+
+	"github.com/corazawaf/coraza/v3"
+	"github.com/corazawaf/coraza/v3/types"
+)
+
+// Simple implementation for testing.
+type mockRuleFilter struct{}
+
+func (m *mockRuleFilter) ShouldIgnore(types.RuleMetadata) bool {
+	return true
+}
+
+// Embed the interface to avoid implementing all methods initially.
+// We only need this struct to *not* be a *corazawaf.Transaction.
+type mockTransaction struct {
+	types.Transaction
+}
+
+func TestSetRuleFilter(t *testing.T) {
+	// Note: Verification that the filter *works* is covered by internal tests.
+	// This test specifically checks whether SetRuleFilter returns the expected error.
+
+	t.Run("set success", func(t *testing.T) {
+		conf := coraza.NewWAFConfig()
+		waf, err := coraza.NewWAF(conf)
+		if err != nil {
+			t.Fatalf("Failed to create WAF: %v", err)
+		}
+		tx := waf.NewTransaction()
+		if tx == nil {
+			t.Fatal("Expected non-nil transaction, but got nil")
+		}
+
+		filter := &mockRuleFilter{}
+
+		err = SetRuleFilter(tx, filter)
+		if err != nil {
+			t.Fatalf("Setting filter should succeed, but got error: %v", err)
+		}
+	})
+
+	t.Run("set success for nil", func(t *testing.T) {
+		conf := coraza.NewWAFConfig()
+		waf, err := coraza.NewWAF(conf)
+		if err != nil {
+			t.Fatalf("Failed to create WAF: %v", err)
+		}
+		tx := waf.NewTransaction()
+		if tx == nil {
+			t.Fatal("Expected non-nil transaction, but got nil")
+		}
+
+		// resetting the filter should not fail
+		err = SetRuleFilter(tx, nil)
+		if err != nil {
+			t.Fatalf("Setting nil filter should succeed, but got error: %v", err)
+		}
+	})
+
+	t.Run("fail wrong transaction type", func(t *testing.T) {
+		// Use our mockTransaction which fulfills the interface but isn't the internal type
+		mockTx := &mockTransaction{}
+		filter := &mockRuleFilter{}
+
+		err := SetRuleFilter(mockTx, filter)
+		if err == nil {
+			t.Fatal("Setting filter on incorrect tx type should fail")
+		}
+	})
+}
@@ -4,7 +4,15 @@
 package actions
 
 import (
+	"errors"
+	"strconv"
+	"strings"
+
+	"github.com/corazawaf/coraza/v3/collection"
+	"github.com/corazawaf/coraza/v3/experimental/plugins/macro"
 	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
+	utils "github.com/corazawaf/coraza/v3/internal/strings"
+	"github.com/corazawaf/coraza/v3/types/variables"
 )
 
 // Action Group: Non-disruptive
@@ -23,15 +31,66 @@ import (
 //		setvar:session.suspicious=1,expirevar:session.suspicious=3600,phase:1"
 //
 // ```
-type expirevarFn struct{}
+
+type expirevarFn struct {
+	key        macro.Macro
+	ttl        int
+	collection variables.RuleVariable
+}
 
 func (a *expirevarFn) Init(_ plugintypes.RuleMetadata, data string) error {
+	if len(data) == 0 {
+		return ErrMissingArguments
+	}
+
+	// Split the input "variable=ttl" (e.g., "ip.request_count=60")
+	key, ttlStr, ttlOk := strings.Cut(data, "=")
+	colKey, colVal, colOk := strings.Cut(key, ".")
+
+	// Ensure the collection is one of the editable ones
+	if !utils.InSlice(strings.ToUpper(colKey), supportedColKeys) {
+		return errors.New("invalid collection, supported collections are: " + strings.Join(supportedColKeys, ", "))
+	}
+	if strings.TrimSpace(colVal) == "" {
+		return ErrInvalidKVArguments
+	}
+
+	// Parse the collection and the variable name
+	var err error
+	a.collection, err = variables.Parse(colKey)
+	if err != nil {
+		return err
+	}
+	if colOk {
+		a.key, err = macro.NewMacro(colVal)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Parse the TTL value
+	if !ttlOk {
+		return errors.New("missing TTL value")
+	}
+	ttlSeconds, err := strconv.Atoi(strings.TrimSpace(ttlStr))
+	if err != nil || ttlSeconds <= 0 {
+		return errors.New("invalid TTL, must be a positive integer")
+	}
+	a.ttl = ttlSeconds
 	return nil
 }
 
 func (a *expirevarFn) Evaluate(r plugintypes.RuleMetadata, tx plugintypes.TransactionState) {
-	// Not supported
-	tx.DebugLogger().Warn().Int("rule_id", r.ID()).Msg("Expirevar was used but it's not supported")
+	// TODO: TX support
+	// It has collection.Map interface and will not be converted to collection.Persistent
+	col, ok := tx.Collection(a.collection).(collection.Persistent)
+	if !ok {
+		tx.DebugLogger().Error().Msg("collection in expirevar is not editable")
+		return
+	}
+	// update the TTL
+	key := a.key.Expand(tx)
+	col.SetTTL(key, a.ttl)
 }
 
 func (a *expirevarFn) Type() plugintypes.ActionType {