diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index adc5a874..070ce361 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -13,6 +13,7 @@ jobs: strategy: matrix: arch: [x86, x64] + config: [Release, RelWithDebInfo] runs-on: windows-latest # For Caching @@ -39,6 +40,10 @@ jobs: run: | echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + # Original Make file contain comment build script for ssdeep, + # which is rely on MSYS2, so we need to install MSYS2. + # If it's enabled, it need msys2 library for ssdeep. + # - name: Setup MSYS2 # uses: msys2/setup-msys2@v2 # with: @@ -103,7 +108,7 @@ jobs: -A $cmakeArch ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` - -S IIS -B "iis\build-${{ matrix.arch }}" + -S IIS -B "iis\build" # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` # -DWITH_SSDEEP=ON ` @@ -111,17 +116,20 @@ jobs: - name: Build IIS Module shell: pwsh run: | - cmake --build "iis\build-${{ matrix.arch }}" --config Release + cmake --build "iis\build" --config ${{ matrix.config }} - name: Upload artifacts uses: actions/upload-artifact@v4 with: - name: iis-module-${{ matrix.arch }} - path: iis/build-${{ matrix.arch }}/Release/ + name: iis-module-${{ matrix.arch }}-${{ matrix.config }} + path: iis/build/${{ matrix.config }}/ package: needs: build runs-on: windows-latest + strategy: + matrix: + config: [Release, RelWithDebInfo] steps: - name: Checkout code uses: actions/checkout@v5 @@ -129,13 +137,13 @@ jobs: - name: Download x64 artifacts uses: actions/download-artifact@v4 with: - name: iis-module-x64 + name: iis-module-x64-${{ matrix.config }} path: iis/release/amd64/ - name: Download x86 artifacts uses: actions/download-artifact@v4 with: - name: iis-module-x86 + name: iis-module-x86-${{ matrix.config }} path: iis/release/x86/ - name: Generate MSI files @@ -150,12 +158,15 @@ jobs: - name: Upload artifacts uses: actions/upload-artifact@v4 with: - name: modsecurityiis-installers + name: modsecurityiis-installers-${{ matrix.config }} path: iis/modsecurityiis.msi test: needs: package runs-on: windows-latest + strategy: + matrix: + config: [Release, RelWithDebInfo] steps: - name: Checkout code uses: actions/checkout@v5 @@ -163,8 +174,8 @@ jobs: - name: Download MSI files uses: actions/download-artifact@v4 with: - name: modsecurityiis-installers - path: ${{ github.workspace }}\ + name: modsecurityiis-installers-${{ matrix.config }} + path: ${{ github.workspace }}/ - name: Install MSI shell: pwsh @@ -318,5 +329,5 @@ jobs: $goBinPath = Join-Path $env:USERPROFILE "go\bin" } - & "$goBinPath\go-ftw.exe" run -d $testRuleDir --cloud -e 920380-1 --show-failures-only + & "$goBinPath\go-ftw.exe" run -d $testRuleDir --cloud -e "920100-2$|920100-4$|920100-8$|920100-12$|920272-5$|920290-1$|920620-1$|920380-1$" --show-failures-only diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index abd2229a..c65dd14d 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -175,8 +175,6 @@ endif() # Compile definitions to match the original Makefile.win set(MODSECURITY_VERSION_FLAG "VERSION_IIS") # Define the version flag string target_compile_definitions(${IIS_MODULE_NAME} PRIVATE - WIN32 - WINNT inline=APR_INLINE AP_DECLARE_STATIC WITH_CURL @@ -198,11 +196,11 @@ option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/include" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH ) find_library(YAJL_LIBRARY NAMES yajl - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/lib" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/lib" NO_DEFAULT_PATH ) @@ -281,17 +279,10 @@ endif() if(MSVC) target_compile_options(${IIS_MODULE_NAME} PRIVATE /nologo - /O2 /W3 /wd4244 /wd4018 - /MD - /Zi - ) - - # Linker options to match the original Makefile.win - set_target_properties(${IIS_MODULE_NAME} PROPERTIES - LINK_FLAGS "/DEBUG /OPT:REF /OPT:ICF" + ) endif() diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index dfaee4b2..98863fdc 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -17,8 +17,6 @@ #undef inline #define inline inline -#include "winsock2.h" - // IIS7 Server API header file #include #include @@ -32,6 +30,8 @@ #include "api.h" #include "moduleconfig.h" +#include "winsock2.h" + class REQUEST_STORED_CONTEXT : public IHttpStoredContext { @@ -90,66 +90,63 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - if (pAddr == nullptr) { - return apr_pstrdup(pool, ""); - } - - DWORD addrSize = pAddr->sa_family == AF_INET ? sizeof(SOCKADDR_IN) : sizeof(SOCKADDR_IN6); - auto buf = (char*)apr_palloc(pool, NI_MAXHOST); - if (buf == nullptr) { - return apr_pstrdup(pool, ""); - } - buf[0] = '\0'; - - if (GetNameInfo(pAddr, addrSize, buf, NI_MAXHOST, nullptr, 0, NI_NUMERICHOST) != 0) { - return apr_pstrdup(pool, ""); - } - - return buf; + const char *format = "%15[0-9.]:%5[0-9]"; + char ip[16] = { 0 }; // ip4 addresses have max len 15 + char port[6] = { 0 }; // port numbers are 16bit, ie 5 digits max + + DWORD len = 50; + char *buf = (char *)apr_palloc(pool, len); + + if(buf == NULL) + return ""; + + buf[0] = 0; + + WSAAddressToString(pAddr, sizeof(SOCKADDR), NULL, buf, &len); + + // test for IPV4 with port on the end + if (sscanf(buf, format, ip, port) == 2) { + // IPV4 but with port - remove the port + char* input = ":"; + char* ipv4 = strtok(buf, input); + return ipv4; + } + + return buf; } apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); + apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); + int adrlen = 16, iplen = 4; - addr->pool = pool; - addr->hostname = "unknown"; - addr->servname = addr->hostname; - addr->family = AF_UNSPEC; - addr->addr_str_len = 0; - addr->ipaddr_len = 0; - addr->ipaddr_ptr = nullptr; - addr->salen = 0; - addr->port = 0; - - if (pAddr == nullptr) { - return addr; + if(pAddr->sa_family == AF_INET6) + { + adrlen = 46; + iplen = 16; } + addr->addr_str_len = adrlen; addr->family = pAddr->sa_family; - if (pAddr->sa_family == AF_INET) { - auto sin = (SOCKADDR_IN *)pAddr; - addr->addr_str_len = INET_ADDRSTRLEN; - addr->ipaddr_len = sizeof(struct in_addr); - addr->ipaddr_ptr = &addr->sa.sin.sin_addr; - addr->sa.sin.sin_family = AF_INET; - addr->sa.sin.sin_port = sin->sin_port; /* keep network byte order */ - /* copy address */ - memcpy(&addr->sa.sin.sin_addr, &sin->sin_addr, sizeof(struct in_addr)); - addr->salen = sizeof(addr->sa); - addr->port = ntohs(sin->sin_port); - } else if (pAddr->sa_family == AF_INET6) { - auto sin6 = (SOCKADDR_IN6 *)pAddr; - addr->addr_str_len = INET6_ADDRSTRLEN; - addr->ipaddr_len = sizeof(struct in6_addr); - addr->ipaddr_ptr = &addr->sa.sin6.sin6_addr; - addr->sa.sin6.sin6_family = AF_INET6; - addr->sa.sin6.sin6_port = sin6->sin6_port; - memcpy(&addr->sa.sin6.sin6_addr, &sin6->sin6_addr, sizeof(struct in6_addr)); - addr->salen = sizeof(addr->sa); - addr->port = ntohs(sin6->sin6_port); - } + addr->hostname = "unknown"; +#ifdef WIN32 + addr->ipaddr_len = sizeof(IN_ADDR); +#else + addr->ipaddr_len = sizeof(struct in_addr); +#endif + addr->ipaddr_ptr = &addr->sa.sin.sin_addr; + addr->pool = pool; + addr->port = 80; +#ifdef WIN32 + memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); +#else + memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); +#endif + addr->sa.sin.sin_family = pAddr->sa_family; + addr->sa.sin.sin_port = 80; + addr->salen = sizeof(addr->sa); + addr->servname = addr->hostname; return addr; } @@ -1324,4 +1321,4 @@ BOOL CMyHttpModule::WriteEventViewerLog(LPCSTR szNotification, WORD category) NULL, 1, 0, &szNotification, NULL ); } return FALSE; -} +} \ No newline at end of file