From 7537db3ddaa9df9b5fdfd61115f9eebc2f7cbb91 Mon Sep 17 00:00:00 2001
From: Stefan Schlesinger <sts@ono.at>
Date: Wed, 28 Dec 2022 21:26:43 +0100
Subject: [PATCH 1/4] ci: fix ci pipeline to test all envoy versions

---
 e2e/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/docker-compose.yml b/e2e/docker-compose.yml
index 4f56d62..d16ffd9 100644
--- a/e2e/docker-compose.yml
+++ b/e2e/docker-compose.yml
@@ -4,7 +4,7 @@ services:
   envoy:
     depends_on:
       - httpbin
-    image: envoyproxy/envoy:v1.23-latest
+    image: ${ENVOY_IMAGE:-envoyproxy/envoy:v1.23-latest}
     command:
       - -c
       - /conf/envoy-config.yaml

From b8c9582e00e575f95ea8b7f9ca03b4099e133a0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Mon, 2 Jan 2023 10:25:28 +0100
Subject: [PATCH 2/4] tests: improves debugability.

---
 e2e/e2e-example.sh         | 5 +++--
 example/docker-compose.yml | 6 +++++-
 magefiles/magefile.go      | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/e2e/e2e-example.sh b/e2e/e2e-example.sh
index 1eb5153..f9e33db 100755
--- a/e2e/e2e-example.sh
+++ b/e2e/e2e-example.sh
@@ -3,6 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ENVOY_HOST=${ENVOY_HOST:-"localhost:8080"}
 HTTPBIN_HOST=${HTTPBIN_HOST:-"localhost:8081"}
+TIMEOUT_SECS=${TIMEOUT_SECS:-5}
 
 [[ "${DEBUG}" == "true" ]] && set -x
 
@@ -47,7 +48,7 @@ function check_status() {
     local url=${1}
     local status=${2}
     local args=("${@:3}" --write-out '%{http_code}' --silent --output /dev/null)
-    status_code=$(curl "${args[@]}" "${url}")
+    status_code=$(curl --max-time ${TIMEOUT_SECS} "${args[@]}" "${url}")
     if [[ "${status_code}" -ne ${status} ]] ; then
       echo "[Fail] Unexpected response with code ${status_code} from ${url}"
       exit 1
@@ -64,7 +65,7 @@ function check_body() {
     local url=${1}
     local empty=${2}
     local args=("${@:3}" --silent)
-    response_body=$(curl "${args[@]}" "${url}")
+    response_body=$(curl --max-time $TIMEOUT_SECS "${args[@]}" "${url}")
     if [[ "${empty}" == "true" ]] && [[ -n "${response_body}" ]]; then
       echo -e "[Fail] Unexpected response with a body. Body dump:\n${response_body}"
       exit 1
diff --git a/example/docker-compose.yml b/example/docker-compose.yml
index 4ef052f..76a7906 100644
--- a/example/docker-compose.yml
+++ b/example/docker-compose.yml
@@ -3,6 +3,9 @@ services:
     image: mccutchen/go-httpbin:v2.5.0
     environment:
       - MAX_BODY_SIZE=15728640 # 15 MiB
+    ports:
+      - 8081:8080
+
   chown:
     image: alpine:3.16
     command:
@@ -11,11 +14,12 @@ services:
       - chown -R 101:101 /home/envoy/logs
     volumes:
       - logs:/home/envoy/logs:rw
+
   envoy:
     depends_on:
       - chown
       - httpbin
-    image: envoyproxy/envoy:v1.23-latest
+    image: ${ENVOY_IMAGE:-envoyproxy/envoy:v1.23-latest}
     command:
       - -c
       - /conf/envoy-config.yaml
diff --git a/magefiles/magefile.go b/magefiles/magefile.go
index 832e9a9..30eb245 100644
--- a/magefiles/magefile.go
+++ b/magefiles/magefile.go
@@ -250,7 +250,7 @@ func Ftw() error {
 
 // RunExample spins up the test environment, access at http://localhost:8080. Requires docker-compose.
 func RunExample() error {
-	return sh.RunV("docker-compose", "--file", "example/docker-compose.yml", "up", "-d", "envoy-logs")
+	return sh.RunWithV(map[string]string{"ENVOY_IMAGE": os.Getenv("ENVOY_IMAGE")}, "docker-compose", "--file", "example/docker-compose.yml", "up", "-d", "envoy-logs")
 }
 
 // TeardownExample tears down the test environment. Requires docker-compose.

From b81b8066ad1638df1f95d2bfde99d9777a42113a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Mon, 2 Jan 2023 12:54:58 +0100
Subject: [PATCH 3/4] chore: consistency on env var

---
 e2e/e2e-example.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/e2e-example.sh b/e2e/e2e-example.sh
index f9e33db..eb1002d 100755
--- a/e2e/e2e-example.sh
+++ b/e2e/e2e-example.sh
@@ -65,7 +65,7 @@ function check_body() {
     local url=${1}
     local empty=${2}
     local args=("${@:3}" --silent)
-    response_body=$(curl --max-time $TIMEOUT_SECS "${args[@]}" "${url}")
+    response_body=$(curl --max-time ${TIMEOUT_SECS} "${args[@]}" "${url}")
     if [[ "${empty}" == "true" ]] && [[ -n "${response_body}" ]]; then
       echo -e "[Fail] Unexpected response with a body. Body dump:\n${response_body}"
       exit 1

From 52ea494ceb72d05e26b38f89d346588a478fde1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Tue, 3 Jan 2023 12:04:34 +0100
Subject: [PATCH 4/4] chore: adds a check wheter interruption has been handled.

---
 wasmplugin/plugin.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/wasmplugin/plugin.go b/wasmplugin/plugin.go
index 824f723..e254c99 100644
--- a/wasmplugin/plugin.go
+++ b/wasmplugin/plugin.go
@@ -101,11 +101,17 @@ type httpContext struct {
 	processedResponseBody bool
 	requestBodySize       int
 	responseBodySize      int
+	interruptionHandled   bool
 	metrics               *wafMetrics
 }
 
 // Override types.DefaultHttpContext.
 func (ctx *httpContext) OnHttpRequestHeaders(numHeaders int, endOfStream bool) types.Action {
+	if ctx.interruptionHandled {
+		proxywasm.LogErrorf("interruption already handled")
+		return types.ActionPause
+	}
+
 	defer logTime("OnHttpRequestHeaders", currentTime())
 	ctx.metrics.CountTX()
 	tx := ctx.tx
@@ -173,6 +179,11 @@ func (ctx *httpContext) OnHttpRequestHeaders(numHeaders int, endOfStream bool) t
 }
 
 func (ctx *httpContext) OnHttpRequestBody(bodySize int, endOfStream bool) types.Action {
+	if ctx.interruptionHandled {
+		proxywasm.LogErrorf("interruption already handled")
+		return types.ActionPause
+	}
+
 	defer logTime("OnHttpRequestBody", currentTime())
 	tx := ctx.tx
 
@@ -221,6 +232,11 @@ func (ctx *httpContext) OnHttpRequestBody(bodySize int, endOfStream bool) types.
 }
 
 func (ctx *httpContext) OnHttpResponseHeaders(numHeaders int, endOfStream bool) types.Action {
+	if ctx.interruptionHandled {
+		proxywasm.LogErrorf("interruption already handled")
+		return types.ActionPause
+	}
+
 	defer logTime("OnHttpResponseHeaders", currentTime())
 	tx := ctx.tx
 
@@ -271,6 +287,11 @@ func (ctx *httpContext) OnHttpResponseHeaders(numHeaders int, endOfStream bool)
 }
 
 func (ctx *httpContext) OnHttpResponseBody(bodySize int, endOfStream bool) types.Action {
+	if ctx.interruptionHandled {
+		proxywasm.LogErrorf("interruption already handled")
+		return types.ActionPause
+	}
+
 	defer logTime("OnHttpResponseBody", currentTime())
 	tx := ctx.tx
 
@@ -358,6 +379,11 @@ func (ctx *httpContext) OnHttpStreamDone() {
 }
 
 func (ctx *httpContext) handleInterruption(phase string, interruption *ctypes.Interruption) types.Action {
+	if ctx.interruptionHandled {
+		// This should never happen
+		panic("interruption already handled")
+	}
+
 	ctx.metrics.CountTXInterruption(phase, interruption.RuleID)
 
 	proxywasm.LogInfof("%d interrupted, action %q", ctx.contextID, interruption.Action)
@@ -370,6 +396,8 @@ func (ctx *httpContext) handleInterruption(phase string, interruption *ctypes.In
 		panic(err)
 	}
 
+	ctx.interruptionHandled = true
+
 	return types.ActionPause
 }