fix: reporting missing rate limit where there is one with a plugin or…

… at the service level

audit_example_test.go

@@ -35,16 +35,15 @@ func ExampleAudit() {
 	// 04: 2.2.2 HIGH  	Enable CORS.
 	// 05: 2.2.3 HIGH  	Avoid passing all input headers to the backend.
 	// 06: 2.2.4 HIGH  	Avoid passing all input query strings to the backend.
-	// 07: 3.1.2 HIGH  	Implement a rate-limiting strategy and avoid having an All-You-Can-Eat API.
-	// 08: 3.1.3 HIGH  	Protect your backends with a circuit breaker.
-	// 09: 3.3.2 MEDIUM  	Set timeouts to below 5 seconds for improved performance.
-	// 10: 3.3.3 HIGH  	Set timeouts to below 30 seconds for improved performance.
-	// 11: 3.3.4 CRITICAL  	Set timeouts to below 1 minute for improved performance.
-	// 12: 4.1.1 MEDIUM  	Implement a telemetry system for collecting metrics for monitoring and troubleshooting.
-	// 13: 4.2.1 MEDIUM  	Implement a telemetry system for tracing for monitoring and troubleshooting.
-	// 14: 4.3.1 MEDIUM  	Use the improved logging component for better log parsing.
-	// 15: 5.1.5 MEDIUM  	Declare explicit endpoints instead of using /__catchall.
-	// 16: 5.1.6 MEDIUM  	Avoid using multiple write methods in endpoint definitions.
-	// 17: 5.1.7 MEDIUM  	Avoid using sequential proxy.
+	// 07: 3.1.3 HIGH  	Protect your backends with a circuit breaker.
+	// 08: 3.3.2 MEDIUM  	Set timeouts to below 5 seconds for improved performance.
+	// 09: 3.3.3 HIGH  	Set timeouts to below 30 seconds for improved performance.
+	// 10: 3.3.4 CRITICAL  	Set timeouts to below 1 minute for improved performance.
+	// 11: 4.1.1 MEDIUM  	Implement a telemetry system for collecting metrics for monitoring and troubleshooting.
+	// 12: 4.2.1 MEDIUM  	Implement a telemetry system for tracing for monitoring and troubleshooting.
+	// 13: 4.3.1 MEDIUM  	Use the improved logging component for better log parsing.
+	// 14: 5.1.5 MEDIUM  	Declare explicit endpoints instead of using /__catchall.
+	// 15: 5.1.6 MEDIUM  	Avoid using multiple write methods in endpoint definitions.
+	// 16: 5.1.7 MEDIUM  	Avoid using sequential proxy.
 
 }

audit_test.go

@@ -20,7 +20,7 @@ func TestAudit_all(t *testing.T) {
 			"2.2.3",
 			"2.2.4",
 			"3.1.1",
-			"3.1.2",
+			// "3.1.2", -- we added service level rate limit
 			"3.1.3",
 			"3.3.1",
 			"3.3.2",
@@ -55,7 +55,7 @@ func TestAudit_exclude(t *testing.T) {
 			"2.2.3",
 			"2.2.4",
 			"3.1.1",
-			"3.1.2",
+			// "3.1.2", -- add added service level rate limit
 			"3.1.3",
 			"3.3.1",
 			"3.3.2",

parser_example_test.go

@@ -24,5 +24,5 @@ func ExampleParse() {
 	// details: [3124]
 	// agents: []
 	// endpoints: [{[2 0 0 140000 0 0] [{[64] map[]}] map[github.com/devopsfaith/krakend-jose/validator:[]]} {[2 1 1 10000 7 0] [{[64] map[backend/http/client:[3]]}] map[]} {[2 0 0 10000 8 2] [{[64] map[]} {[64] map[]} {[64] map[]}] map[github.com/devopsfaith/krakend/proxy:[1]]}]
-	// components: map[auth/api-keys:[] github_com/devopsfaith/krakend/transport/http/server/handler:[4] github_com/luraproject/lura/router/gin:[262144] grpc:[1] telemetry/opentelemetry:[50 100 1 2 1]]
+	// components: map[auth/api-keys:[] github_com/devopsfaith/krakend/transport/http/server/handler:[4] github_com/luraproject/lura/router/gin:[262144] grpc:[1] qos/ratelimit/service:[] telemetry/opentelemetry:[50 100 1 2 1]]
 }

rules.go

@@ -194,6 +194,21 @@ func hasNoRatelimit(s *Service) bool {
 			}
 		}
 	}
+
+	_, ok = s.Components["qos/ratelimit/service"]
+	if ok {
+		return false
+	}
+
+	serverPlugins, ok := s.Components[server.Namespace]
+	if ok && len(serverPlugins) > 0 {
+		pluginsBitset := serverPlugins[0]
+		redisRateLimitBit := parseServerPlugin("redis-ratelimit")
+		if hasBit(pluginsBitset, redisRateLimitBit) {
+			return false
+		}
+	}
+
 	return true
 }
 

tests/example1.json

@@ -5,6 +5,11 @@
 	"echo_endpoint": true,
     "use_h2c": true,
 	"extra_config": {
+        "qos/ratelimit/service": {
+            "max_rate": 50,
+            "client_mac_rate": 5,
+            "startegy": "ip"
+        },
 		"github_com/devopsfaith/krakend/transport/http/server/handler": {
 			"name": ["basic-auth"]
 		},