enhance: Attempt to reduce body reads on appsec

[LaurenceJJones]

What changed

• pkg/appsec/request.go: Stop eagerly reading HTTP bodies. NewParsedRequestFromRequest no longer copies the body into ParsedRequest.Body; it keeps HTTPRequest.Body for later streaming.

• pkg/appsec/tx.go: Expose streaming/body-access helpers on ExtendedTransaction:

  • ReadRequestBodyFrom(io.Reader)
  • IsRequestBodyAccessible()

• pkg/acquisition/modules/appsec/appsec_runner.go:

  • Pre-buffer the request body once only if out-of-band rules exist and OOB body inspection is enabled (optionally capped by OutOfBandOptions.RequestBodyInMemoryLimit).
  • For inband: stream body directly from HTTPRequest.Body when not pre-buffered; otherwise write from the single pre-buffer.
  • For out-of-band: reuse the same pre-buffer to avoid a second copy.

• How it works

  • Inband:
    • If no OOB body inspection needed: body is streamed to Coraza via ReadRequestBodyFrom, avoiding allocations.
    • If OOB needs the body: reuses the single pre-buffered slice for inband too.
  • Out-of-band:
    • Only reads body if there are OOB rules and body inspection is enabled; uses the same pre-buffered slice.
  • This removes the per-request default body copy and avoids retaining the body in multiple places.

• Why

  • Reduce allocations and memory retention from:
    • Avoiding default []byte body copies in ParsedRequest.
    • Buffering at most once when OOB needs the body.
    • Streaming directly to Coraza when possible.

• Behavioral impact

  • ParsedRequest.Body is often nil now; consumers should use ParsedRequest.HTTPRequest.Body or Coraza tx streaming paths.
  • Body pre-buffering occurs only when required by OOB settings.
  • May impact hooks but further testing is needed.

[github-actions]

@LaurenceJJones: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

• /kind feature
• /kind enhancement
• /kind refactoring
• /kind fix
• /kind chore
• /kind dependencies

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[github-actions]

@LaurenceJJones: There are no area labels on this PR. You can add as many areas as you see fit.

• /area agent
• /area local-api
• /area cscli
• /area appsec
• /area security
• /area configuration

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[codecov]

Codecov Report

❌ Patch coverage is 46.66667% with 32 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.56%. Comparing base (be436d8) to head (0e31f9a).

Files with missing lines	Patch %	Lines
pkg/acquisition/modules/appsec/appsec_runner.go	44.44%	13 Missing and 7 partials ⚠️
pkg/appsec/request.go	40.00%	12 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3805      +/-   ##
==========================================
- Coverage   61.61%   61.56%   -0.06%     
==========================================
  Files         405      405              
  Lines       41569    41609      +40     
==========================================
+ Hits        25614    25616       +2     
- Misses      13847    13877      +30     
- Partials     2108     2116       +8     

Flag	Coverage Δ
bats	45.47% <36.66%> (-0.04%)	⬇️
unit-linux	34.46% <20.00%> (-0.03%)	⬇️
unit-windows	24.32% <16.66%> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.