github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'nginx_refactoring' of github.com:defanator/ModSecurity into nginx_refactoring

Browse Source
This commit is contained in:
Andrei Belov
2014-05-14 13:25:14 +04:00
parent 62ead2a12c 9be379fe26
commit c74a806ce7
10 changed files with 874 additions and 580 deletions
Download Patch File Download Diff File Expand all files Collapse all files

538
nginx/modsecurity/apr_bucket_nginx.c
View File

@@ -1,250 +1,288 @@
#include <apr_bucket_nginx.h>
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block);
static void nginx_bucket_destroy(void *data);
static const apr_bucket_type_t apr_bucket_type_nginx = {
"NGINX", 5, APR_BUCKET_DATA,
nginx_bucket_destroy,
nginx_bucket_read,
apr_bucket_setaside_noop,
apr_bucket_shared_split,
apr_bucket_shared_copy
};
typedef struct apr_bucket_nginx {
apr_bucket_refcount refcount;
ngx_buf_t *buf;
} apr_bucket_nginx;
/* ngx_buf_t to apr_bucket */
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
apr_pool_t *p,
apr_bucket_alloc_t *list)
{
apr_bucket *b = apr_bucket_alloc(sizeof(*b), list);
APR_BUCKET_INIT(b); /* link */
b->free = apr_bucket_free;
b->list = list;
return apr_bucket_nginx_make(b, buf, p);
}
apr_bucket * apr_bucket_nginx_make(apr_bucket *b, ngx_buf_t *buf,
apr_pool_t *pool)
{
apr_bucket_nginx *n;
n = apr_bucket_alloc(sizeof(*n), b->list);
n->buf = buf;
b = apr_bucket_shared_make(b, n, 0, ngx_buf_size(buf));
b->type = &apr_bucket_type_nginx;
return b;
}
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block)
{
apr_bucket_nginx *n = b->data;
ngx_buf_t *buf = n->buf;
u_char *data;
ssize_t size;
if (buf->pos == NULL && ngx_buf_size(buf) != 0) {
data = apr_bucket_alloc(ngx_buf_size(buf), b->list);
if (data == NULL) {
return APR_EGENERAL;
}
size = ngx_read_file(buf->file, data, ngx_buf_size(buf), buf->file_pos);
if (size != ngx_buf_size(buf)) {
apr_bucket_free(data);
return APR_EGENERAL;
}
buf->pos = data;
}
*str = (char *)buf->pos + b->start;
*len = b->length;
return APR_SUCCESS;
}
static void nginx_bucket_destroy(void *data)
{
apr_bucket_nginx *n = data;
ngx_buf_t *buf = n->buf;
if (apr_bucket_shared_destroy(n)) {
if (!ngx_buf_in_memory(buf) && buf->pos != NULL) {
apr_bucket_free(buf->pos);
buf->pos = NULL;
}
apr_bucket_free(n);
}
}
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
ngx_buf_t *buf, *b;
apr_bucket_nginx *n;
ngx_uint_t len;
u_char *data;
if (e->type->is_metadata) {
return NULL;
}
if (e->type == &apr_bucket_type_nginx) {
n = e->data;
b = n->buf;
/* whole buf */
if (e->length == (apr_size_t)ngx_buf_size(b)) {
b->last_buf = 0;
return b;
}
buf = ngx_palloc(pool, sizeof(ngx_buf_t));
if (buf == NULL) {
return NULL;
}
ngx_memcpy(buf, b, sizeof(ngx_buf_t));
if (ngx_buf_in_memory(buf)) {
buf->start = buf->pos = buf->pos + e->start;
buf->end = buf->last = buf->pos + e->length;
} else {
buf->pos = NULL;
buf->file_pos += e->start;
buf->file_last = buf->file_pos + e->length;
}
buf->last_buf = 0;
return buf;
}
if (apr_bucket_read(e, (const char **)&data,
&len, APR_BLOCK_READ) != APR_SUCCESS) {
return NULL;
}
buf = ngx_calloc_buf(pool);
if (buf == NULL) {
return NULL;
}
if (e->type == &apr_bucket_type_pool) {
buf->start = data;
} else if (len != 0) {
buf->start = ngx_palloc(pool, len);
ngx_memcpy(buf->start, data, len);
}
buf->pos = buf->start;
buf->end = buf->last = buf->start + len;
buf->temporary = 1;
return buf;
}
ngx_int_t
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf) {
apr_bucket *e;
ngx_chain_t *cl;
while (chain) {
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) {
return NGX_ERROR;
}
APR_BRIGADE_INSERT_TAIL(bb, e);
if (chain->buf->last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
chain->buf->last_buf = 0;
return NGX_OK;
}
cl = chain;
chain = chain->next;
ngx_free_chain(pool, cl);
}
if (last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
return NGX_AGAIN;
}
ngx_int_t
move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool) {
apr_bucket *e;
ngx_buf_t *buf;
ngx_chain_t *cl;
cl = NULL;
if (APR_BRIGADE_EMPTY(bb)) {
*ll = NULL;
return NGX_OK;
}
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e)) {
if (APR_BUCKET_IS_EOS(e)) {
if (cl == NULL) {
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = ngx_calloc_buf(pool);
if (cl->buf == NULL) {
break;
}
cl->buf->last_buf = 1;
*ll = cl;
} else {
cl->buf->last_buf = 1;
}
apr_brigade_cleanup(bb);
return NGX_OK;
}
if (APR_BUCKET_IS_METADATA(e)) {
continue;
}
buf = apr_bucket_to_ngx_buf(e, pool);
if (buf == NULL) {
break;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = buf;
cl->next = NULL;
*ll = cl;
ll = &cl->next;
}
apr_brigade_cleanup(bb);
/* no eos or error */
return NGX_ERROR;
}
#include <apr_bucket_nginx.h>
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block);
static void nginx_bucket_destroy(void *data);
static const apr_bucket_type_t apr_bucket_type_nginx = {
"NGINX", 5, APR_BUCKET_DATA,
nginx_bucket_destroy,
nginx_bucket_read,
apr_bucket_setaside_noop,
apr_bucket_shared_split,
apr_bucket_shared_copy
};
typedef struct apr_bucket_nginx {
apr_bucket_refcount refcount;
ngx_buf_t *buf;
} apr_bucket_nginx;
/* ngx_buf_t to apr_bucket */
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
apr_pool_t *p,
apr_bucket_alloc_t *list)
{
apr_bucket *b = apr_bucket_alloc(sizeof(*b), list);
APR_BUCKET_INIT(b); /* link */
b->free = apr_bucket_free;
b->list = list;
return apr_bucket_nginx_make(b, buf, p);
}
apr_bucket * apr_bucket_nginx_make(apr_bucket *b, ngx_buf_t *buf,
apr_pool_t *pool)
{
apr_bucket_nginx *n;
n = apr_bucket_alloc(sizeof(*n), b->list);
n->buf = buf;
b = apr_bucket_shared_make(b, n, 0, ngx_buf_size(buf));
b->type = &apr_bucket_type_nginx;
return b;
}
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block)
{
apr_bucket_nginx *n = b->data;
ngx_buf_t *buf = n->buf;
u_char *data;
ssize_t size;
if (buf->pos == NULL && ngx_buf_size(buf) != 0) {
data = apr_bucket_alloc(ngx_buf_size(buf), b->list);
if (data == NULL) {
return APR_EGENERAL;
}
size = ngx_read_file(buf->file, data, ngx_buf_size(buf),
buf->file_pos);
if (size != ngx_buf_size(buf)) {
apr_bucket_free(data);
return APR_EGENERAL;
}
buf->pos = data;
}
*str = (char *)buf->pos + b->start;
*len = b->length;
return APR_SUCCESS;
}
static void nginx_bucket_destroy(void *data)
{
apr_bucket_nginx *n = data;
ngx_buf_t *buf = n->buf;
if (apr_bucket_shared_destroy(n)) {
if (!ngx_buf_in_memory(buf) && buf->pos != NULL) {
apr_bucket_free(buf->pos);
buf->pos = NULL;
}
apr_bucket_free(n);
}
}
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
ngx_buf_t *buf, *b;
apr_bucket_nginx *n;
ngx_uint_t len;
u_char *data;
if (e->type->is_metadata) {
return NULL;
}
if (e->type == &apr_bucket_type_nginx) {
n = e->data;
b = n->buf;
/* whole buf */
if (e->length == (apr_size_t)ngx_buf_size(b)) {
b->last_buf = 0;
return b;
}
buf = ngx_palloc(pool, sizeof(ngx_buf_t));
if (buf == NULL) {
return NULL;
}
ngx_memcpy(buf, b, sizeof(ngx_buf_t));
if (ngx_buf_in_memory(buf)) {
buf->start = buf->pos = buf->pos + e->start;
buf->end = buf->last = buf->pos + e->length;
} else {
buf->pos = NULL;
buf->file_pos += e->start;
buf->file_last = buf->file_pos + e->length;
}
buf->last_buf = 0;
return buf;
}
if (apr_bucket_read(e, (const char **)&data,
&len, APR_BLOCK_READ) != APR_SUCCESS) {
return NULL;
}
buf = ngx_calloc_buf(pool);
if (buf == NULL) {
return NULL;
}
if (e->type == &apr_bucket_type_pool) {
buf->start = data;
} else if (len != 0) {
buf->start = ngx_palloc(pool, len);
ngx_memcpy(buf->start, data, len);
}
buf->pos = buf->start;
buf->end = buf->last = buf->start + len;
buf->temporary = 1;
return buf;
}
ngx_int_t copy_chain_to_brigade(ngx_chain_t *chain_orig,
apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf)
{
apr_bucket *e;
ngx_chain_t *chain = chain_orig;
while (chain) {
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) {
return NGX_ERROR;
}
APR_BRIGADE_INSERT_TAIL(bb, e);
if (chain->buf->last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
chain = chain->next;
}
if (last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
return NGX_AGAIN;
}
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain_orig,
apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf)
{
apr_bucket *e;
ngx_chain_t *cl;
ngx_chain_t *chain = chain_orig;
while (chain) {
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) {
return NGX_ERROR;
}
APR_BRIGADE_INSERT_TAIL(bb, e);
if (chain->buf->last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
cl = chain;
chain = chain->next;
ngx_free_chain(pool, cl);
}
if (last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
return NGX_AGAIN;
}
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb,
ngx_chain_t **ll, ngx_pool_t *pool)
{
apr_bucket *e;
ngx_buf_t *buf;
ngx_chain_t *cl;
cl = NULL;
if (APR_BRIGADE_EMPTY(bb)) {
*ll = NULL;
return NGX_OK;
}
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e)) {
if (APR_BUCKET_IS_EOS(e)) {
if (cl == NULL) {
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = ngx_calloc_buf(pool);
if (cl->buf == NULL) {
break;
}
cl->buf->last_buf = 1;
cl->next = NULL;
*ll = cl;
} else {
cl->next = NULL;
cl->buf->last_buf = 1;
}
apr_brigade_cleanup(bb);
return NGX_OK;
}
if (APR_BUCKET_IS_METADATA(e)) {
continue;
}
buf = apr_bucket_to_ngx_buf(e, pool);
if (buf == NULL) {
break;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = buf;
cl->next = NULL;
*ll = cl;
ll = &cl->next;
}
apr_brigade_cleanup(bb);
/* no eos or error */
return NGX_ERROR;
}

42
nginx/modsecurity/apr_bucket_nginx.h
View File

@@ -1,18 +1,24 @@
#pragma once
#include <ngx_core.h>
#include "apr_buckets.h"
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
apr_pool_t *p,
apr_bucket_alloc_t *list);
apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
apr_pool_t *pool);
#define ngx_buf_to_apr_bucket apr_bucket_nginx_create
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);
#pragma once
#include <ngx_core.h>
#include "apr_buckets.h"
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
apr_pool_t *p,
apr_bucket_alloc_t *list);
apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
apr_pool_t *pool);
#define ngx_buf_to_apr_bucket apr_bucket_nginx_create
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
ngx_int_t copy_chain_to_brigade(ngx_chain_t *chain_orig,
apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb,
ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain,
ngx_pool_t *pool);

782
nginx/modsecurity/ngx_http_modsecurity.c
View File

File diff suppressed because it is too large Load Diff

11
nginx/modsecurity/ngx_pool_context.c
View File

@@ -70,7 +70,7 @@ ngx_module_t ngx_pool_context_module = {
} \
\
node->prev = NULL; \
#define ngx_pool_context_link(queue, node) \
\
@@ -99,7 +99,8 @@ ngx_pool_get_ctx(ngx_pool_t *pool, ngx_uint_t index)
ngx_pool_context_node_t *node;
hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
key = ngx_murmur_hash2((u_char *)&hash,
sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key];
@@ -126,7 +127,8 @@ ngx_pool_set_ctx(ngx_pool_t *pool, ngx_uint_t index, void *data)
ngx_pool_cleanup_t *cln;
hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
key = ngx_murmur_hash2((u_char *)&hash,
sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key];
@@ -200,7 +202,8 @@ ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_pool_context_hash_size = pcf->size;
ngx_pool_context_hash = ngx_pcalloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size);
ngx_pool_context_hash = ngx_pcalloc(cycle->pool,
sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size);
if (ngx_pool_context_hash == NULL) {
return NGX_CONF_ERROR;

6
nginx/modsecurity/ngx_pool_context.h
View File

@@ -6,7 +6,9 @@
void* ngx_pool_get_ctx(ngx_pool_t * pool, ngx_uint_t index);
ngx_int_t ngx_pool_set_ctx(ngx_pool_t * pool, ngx_uint_t index,void * data);
#define ngx_http_get_module_pool_ctx(r, module) ngx_pool_get_ctx(r->pool, module.index)
#define ngx_http_set_pool_ctx(r, c, module) ngx_pool_set_ctx(r->pool, module.index, c)
#define ngx_http_get_module_pool_ctx(r, module) \
ngx_pool_get_ctx(r->pool, module.index)
#define ngx_http_set_pool_ctx(r, c, module) \
ngx_pool_set_ctx(r->pool, module.index, c)
#endif /* _NGX_POOL_CONTEXT_H_INCLUDE_ */

6
tests/regression/misc/00-phases.t
View File

@@ -71,7 +71,7 @@
SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog,id:500177"
SecRule ARGS "val1" "phase:3,pass,log,auditlog,id:500178"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog,id:500179"
SecRule RESPONSE_HEADERS:Content-type "." "phase:3,pass,log,auditlog,id:500179"
SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog,id:500180"
),
match_log => {
@@ -103,7 +103,7 @@
SecDebugLogLevel 9
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog,id:500181"
SecRule ARGS "val1" "phase:4,pass,log,auditlog,id:500182"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog,id:500183"
SecRule RESPONSE_HEADERS:Content-Type "." "phase:4,pass,log,auditlog,id:500183"
SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog,id:500184"
),
match_log => {
@@ -132,7 +132,7 @@
SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog,id:500185"
SecRule ARGS "val1" "phase:5,pass,log,auditlog,id:500186"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog,id:500187"
SecRule RESPONSE_HEADERS:Content-type "." "phase:5,pass,log,auditlog,id:500187"
SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog,id:500188"
),
match_log => {

8
tests/regression/misc/25-libinjection.t
View File

@@ -19,7 +19,7 @@
status => qr/^403$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
"Content-Type" => "application/x-www-form-urlencoded",
],
@@ -46,7 +46,7 @@
status => qr/^200$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
"Content-Type" => "application/x-www-form-urlencoded",
],
@@ -73,7 +73,7 @@
status => qr/^403$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
"Content-Type" => "application/x-www-form-urlencoded",
],
@@ -100,7 +100,7 @@
status => qr/^200$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
"Content-Type" => "application/x-www-form-urlencoded",
],

45
tests/regression/nginx/conf/nginx.conf.template
View File

@@ -1,8 +1,10 @@
user root;
worker_processes 1;
worker_processes 1;
daemon on;
error_log logs/error.log debug;
worker_rlimit_core 500M;
working_directory /tmp/;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
@@ -10,13 +12,44 @@ events {
http {
ModSecurityEnabled [% enable %];
ModSecurityConfig [% config %];
server {
client_body_buffer_size 1024M;
server {
client_max_body_size 30M;
listen [% listen %];
server_name localhost;
location / {
error_page 405 = $uri;
client_body_in_single_buffer on;
client_body_in_file_only on;
proxy_buffering off;
location /no-proxy/test.txt {
echo "TEST";
}
location /no-proxy/test2.txt {
echo "TEST 2";
}
location /proxy/test.txt {
proxy_pass http://localhost:[% listen %]/more/test.txt;
}
location /proxy/test2.txt {
proxy_pass http://localhost:[% listen %]/more/test2.txt;
}
location /test.txt {
echo "TEST";
}
location /test2.txt {
echo "TEST 2";
}
location / {
}
}
}

4
tests/regression/target/00-targets.t
View File

@@ -388,7 +388,7 @@
),
match_log => {
error => [ qr/Pattern match "arg1" at FULL_REQUEST.*Pattern match "arg2" at FULL_REQUEST/s, 1 ],
debug => [ qr/against FULL_REQUEST.*Target value: "GET \/test.txt\?arg1=val1\&arg2=val2 HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:8088\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\n\\n\\x00"/s, 1],
debug => [ qr/against FULL_REQUEST.*Target value: "GET \/test.txt\?arg1=val1\&arg2=val2 HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:[0-9]+\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\n\\n\\x00"/s, 1],
},
match_response => {
status => qr/^200$/,
@@ -411,7 +411,7 @@
),
match_log => {
error => [ qr/Pattern match "arg1" at FULL_REQUEST.*Pattern match "arg2" at FULL_REQUEST/s, 1 ],
debug => [ qr/against FULL_REQUEST.*Target value: "POST \/test.txt HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:8088\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\nContent-Type: application\/x-www-form-urlencoded\\nContent-Length: 19\\n\\narg1=val1&arg2=val2\\x00"/s, 1 ],
debug => [ qr/against FULL_REQUEST.*Target value: "POST \/test.txt HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:[0-9]+\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\nContent-Type: application\/x-www-form-urlencoded\\nContent-Length: 19\\n\\narg1=val1&arg2=val2\\x00"/s, 1 ],
},
match_response => {
status => qr/^200$/,

12
tests/run-regression-tests-nginx.pl
View File

@@ -204,6 +204,16 @@ sub runfile {
my $rc = 0;
my $conf_fn;
# watch for segfaults
if ($t and !$t->{match_log}) {
$t->{match_log} = {};
}
if ($t and $t->{match_log} and !$t->{match_log}{-error}) {
$t->{match_log}{-error} = [];
}
push $t->{match_log}{-error}, qr/(core dump)/;
push $t->{match_log}{-error}, 1;
# Startup nginx with optionally included conf.
if (exists $t{conf} and defined $t{conf}) {
$conf_fn = sprintf "%s/%s_%s_%06d.conf",
@@ -498,7 +508,6 @@ READ: {
#dbg("Match \"$re\" in $name \"$$rbuf\" ($n)");
if ($$rbuf =~ m/$re/m) {
$rc = $&;
# print "bonga\n";
last;
}
# TODO: Use select()/poll()
@@ -695,6 +704,7 @@ sub nginx_reset_fd {
return undef;
}
# Any extras listed in "match_log"
if ($t and exists $t->{match_log}) {
for my $k (keys %{ $t->{match_log} || {} }) {