github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'nginx_refactoring' of github.com:defanator/ModSecurity into nginx_refactoring

Browse Source
This commit is contained in:
Andrei Belov
2014-05-14 13:25:14 +04:00
parent 62ead2a12c 9be379fe26
commit c74a806ce7
10 changed files with 874 additions and 580 deletions
Download Patch File Download Diff File Expand all files Collapse all files

538
nginx/modsecurity/apr_bucket_nginx.c
View File

@@ -1,250 +1,288 @@
#include <apr_bucket_nginx.h> #include <apr_bucket_nginx.h>
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str, static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block); apr_size_t *len, apr_read_type_e block);
static void nginx_bucket_destroy(void *data); static void nginx_bucket_destroy(void *data);
static const apr_bucket_type_t apr_bucket_type_nginx = { static const apr_bucket_type_t apr_bucket_type_nginx = {
"NGINX", 5, APR_BUCKET_DATA, "NGINX", 5, APR_BUCKET_DATA,
nginx_bucket_destroy, nginx_bucket_destroy,
nginx_bucket_read, nginx_bucket_read,
apr_bucket_setaside_noop, apr_bucket_setaside_noop,
apr_bucket_shared_split, apr_bucket_shared_split,
apr_bucket_shared_copy apr_bucket_shared_copy
}; };
typedef struct apr_bucket_nginx { typedef struct apr_bucket_nginx {
apr_bucket_refcount refcount; apr_bucket_refcount refcount;
ngx_buf_t *buf; ngx_buf_t *buf;
} apr_bucket_nginx; } apr_bucket_nginx;
/* ngx_buf_t to apr_bucket */ /* ngx_buf_t to apr_bucket */
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf, apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
apr_pool_t *p, apr_pool_t *p,
apr_bucket_alloc_t *list) apr_bucket_alloc_t *list)
{ {
apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); apr_bucket *b = apr_bucket_alloc(sizeof(*b), list);
APR_BUCKET_INIT(b); /* link */ APR_BUCKET_INIT(b); /* link */
b->free = apr_bucket_free; b->free = apr_bucket_free;
b->list = list; b->list = list;
return apr_bucket_nginx_make(b, buf, p); return apr_bucket_nginx_make(b, buf, p);
} }
apr_bucket * apr_bucket_nginx_make(apr_bucket *b, ngx_buf_t *buf, apr_bucket * apr_bucket_nginx_make(apr_bucket *b, ngx_buf_t *buf,
apr_pool_t *pool) apr_pool_t *pool)
{ {
apr_bucket_nginx *n; apr_bucket_nginx *n;
n = apr_bucket_alloc(sizeof(*n), b->list); n = apr_bucket_alloc(sizeof(*n), b->list);
n->buf = buf; n->buf = buf;
b = apr_bucket_shared_make(b, n, 0, ngx_buf_size(buf)); b = apr_bucket_shared_make(b, n, 0, ngx_buf_size(buf));
b->type = &apr_bucket_type_nginx; b->type = &apr_bucket_type_nginx;
return b; return b;
} }
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str, static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block) apr_size_t *len, apr_read_type_e block)
{ {
apr_bucket_nginx *n = b->data; apr_bucket_nginx *n = b->data;
ngx_buf_t *buf = n->buf; ngx_buf_t *buf = n->buf;
u_char *data; u_char *data;
ssize_t size; ssize_t size;
if (buf->pos == NULL && ngx_buf_size(buf) != 0) { if (buf->pos == NULL && ngx_buf_size(buf) != 0) {
data = apr_bucket_alloc(ngx_buf_size(buf), b->list); data = apr_bucket_alloc(ngx_buf_size(buf), b->list);
if (data == NULL) { if (data == NULL) {
return APR_EGENERAL; return APR_EGENERAL;
} }
size = ngx_read_file(buf->file, data, ngx_buf_size(buf), buf->file_pos); size = ngx_read_file(buf->file, data, ngx_buf_size(buf),
if (size != ngx_buf_size(buf)) { buf->file_pos);
apr_bucket_free(data);
return APR_EGENERAL; if (size != ngx_buf_size(buf)) {
} apr_bucket_free(data);
buf->pos = data; return APR_EGENERAL;
} }
buf->pos = data;
*str = (char *)buf->pos + b->start; }
*len = b->length;
*str = (char *)buf->pos + b->start;
return APR_SUCCESS; *len = b->length;
}
return APR_SUCCESS;
}
static void nginx_bucket_destroy(void *data)
{
apr_bucket_nginx *n = data; static void nginx_bucket_destroy(void *data)
ngx_buf_t *buf = n->buf; {
apr_bucket_nginx *n = data;
if (apr_bucket_shared_destroy(n)) { ngx_buf_t *buf = n->buf;
if (!ngx_buf_in_memory(buf) && buf->pos != NULL) {
apr_bucket_free(buf->pos); if (apr_bucket_shared_destroy(n)) {
buf->pos = NULL; if (!ngx_buf_in_memory(buf) && buf->pos != NULL) {
} apr_bucket_free(buf->pos);
apr_bucket_free(n); buf->pos = NULL;
} }
} apr_bucket_free(n);
}
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) { }
ngx_buf_t *buf, *b;
apr_bucket_nginx *n; ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
ngx_uint_t len; ngx_buf_t *buf, *b;
u_char *data; apr_bucket_nginx *n;
ngx_uint_t len;
if (e->type->is_metadata) { u_char *data;
return NULL;
} if (e->type->is_metadata) {
return NULL;
if (e->type == &apr_bucket_type_nginx) { }
n = e->data;
b = n->buf; if (e->type == &apr_bucket_type_nginx) {
n = e->data;
/* whole buf */ b = n->buf;
if (e->length == (apr_size_t)ngx_buf_size(b)) {
b->last_buf = 0; /* whole buf */
return b; if (e->length == (apr_size_t)ngx_buf_size(b)) {
} b->last_buf = 0;
return b;
buf = ngx_palloc(pool, sizeof(ngx_buf_t)); }
if (buf == NULL) {
return NULL; buf = ngx_palloc(pool, sizeof(ngx_buf_t));
} if (buf == NULL) {
ngx_memcpy(buf, b, sizeof(ngx_buf_t)); return NULL;
}
if (ngx_buf_in_memory(buf)) { ngx_memcpy(buf, b, sizeof(ngx_buf_t));
buf->start = buf->pos = buf->pos + e->start;
buf->end = buf->last = buf->pos + e->length; if (ngx_buf_in_memory(buf)) {
} else { buf->start = buf->pos = buf->pos + e->start;
buf->pos = NULL; buf->end = buf->last = buf->pos + e->length;
buf->file_pos += e->start; } else {
buf->file_last = buf->file_pos + e->length; buf->pos = NULL;
} buf->file_pos += e->start;
buf->file_last = buf->file_pos + e->length;
buf->last_buf = 0; }
return buf;
} buf->last_buf = 0;
return buf;
if (apr_bucket_read(e, (const char **)&data, }
&len, APR_BLOCK_READ) != APR_SUCCESS) {
return NULL; if (apr_bucket_read(e, (const char **)&data,
} &len, APR_BLOCK_READ) != APR_SUCCESS) {
return NULL;
buf = ngx_calloc_buf(pool); }
if (buf == NULL) {
return NULL; buf = ngx_calloc_buf(pool);
} if (buf == NULL) {
return NULL;
if (e->type == &apr_bucket_type_pool) { }
buf->start = data;
} else if (len != 0) { if (e->type == &apr_bucket_type_pool) {
buf->start = ngx_palloc(pool, len); buf->start = data;
ngx_memcpy(buf->start, data, len); } else if (len != 0) {
} buf->start = ngx_palloc(pool, len);
ngx_memcpy(buf->start, data, len);
buf->pos = buf->start; }
buf->end = buf->last = buf->start + len;
buf->temporary = 1; buf->pos = buf->start;
return buf; buf->end = buf->last = buf->start + len;
} buf->temporary = 1;
return buf;
ngx_int_t }
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf) {
apr_bucket *e; ngx_int_t copy_chain_to_brigade(ngx_chain_t *chain_orig,
ngx_chain_t *cl; apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf)
{
while (chain) { apr_bucket *e;
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) { ngx_chain_t *chain = chain_orig;
return NGX_ERROR; while (chain) {
} e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) {
APR_BRIGADE_INSERT_TAIL(bb, e); return NGX_ERROR;
if (chain->buf->last_buf) { }
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e); APR_BRIGADE_INSERT_TAIL(bb, e);
chain->buf->last_buf = 0; if (chain->buf->last_buf) {
return NGX_OK; e = apr_bucket_eos_create(bb->bucket_alloc);
} APR_BRIGADE_INSERT_TAIL(bb, e);
cl = chain; return NGX_OK;
chain = chain->next; }
ngx_free_chain(pool, cl); chain = chain->next;
} }
if (last_buf) { if (last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc); e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e); APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK; return NGX_OK;
} }
return NGX_AGAIN; return NGX_AGAIN;
} }
ngx_int_t
move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool) { ngx_int_t move_chain_to_brigade(ngx_chain_t *chain_orig,
apr_bucket *e; apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf)
ngx_buf_t *buf; {
ngx_chain_t *cl; apr_bucket *e;
ngx_chain_t *cl;
cl = NULL;
ngx_chain_t *chain = chain_orig;
if (APR_BRIGADE_EMPTY(bb)) {
*ll = NULL; while (chain) {
return NGX_OK; e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
} if (e == NULL) {
return NGX_ERROR;
for (e = APR_BRIGADE_FIRST(bb); }
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e)) { APR_BRIGADE_INSERT_TAIL(bb, e);
if (chain->buf->last_buf) {
if (APR_BUCKET_IS_EOS(e)) { e = apr_bucket_eos_create(bb->bucket_alloc);
if (cl == NULL) { APR_BRIGADE_INSERT_TAIL(bb, e);
cl = ngx_alloc_chain_link(pool); return NGX_OK;
if (cl == NULL) { }
break; cl = chain;
} chain = chain->next;
ngx_free_chain(pool, cl);
cl->buf = ngx_calloc_buf(pool); }
if (cl->buf == NULL) {
break; if (last_buf) {
} e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
cl->buf->last_buf = 1; return NGX_OK;
*ll = cl; }
} else { return NGX_AGAIN;
cl->buf->last_buf = 1; }
}
apr_brigade_cleanup(bb); ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb,
return NGX_OK; ngx_chain_t **ll, ngx_pool_t *pool)
} {
apr_bucket *e;
if (APR_BUCKET_IS_METADATA(e)) { ngx_buf_t *buf;
continue; ngx_chain_t *cl;
}
cl = NULL;
buf = apr_bucket_to_ngx_buf(e, pool);
if (buf == NULL) { if (APR_BRIGADE_EMPTY(bb)) {
break; *ll = NULL;
} return NGX_OK;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) { for (e = APR_BRIGADE_FIRST(bb);
break; e != APR_BRIGADE_SENTINEL(bb);
} e = APR_BUCKET_NEXT(e)) {
cl->buf = buf; if (APR_BUCKET_IS_EOS(e)) {
cl->next = NULL; if (cl == NULL) {
*ll = cl; cl = ngx_alloc_chain_link(pool);
ll = &cl->next; if (cl == NULL) {
} break;
}
apr_brigade_cleanup(bb);
/* no eos or error */ cl->buf = ngx_calloc_buf(pool);
return NGX_ERROR; if (cl->buf == NULL) {
} break;
}
cl->buf->last_buf = 1;
cl->next = NULL;
*ll = cl;
} else {
cl->next = NULL;
cl->buf->last_buf = 1;
}
apr_brigade_cleanup(bb);
return NGX_OK;
}
if (APR_BUCKET_IS_METADATA(e)) {
continue;
}
buf = apr_bucket_to_ngx_buf(e, pool);
if (buf == NULL) {
break;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = buf;
cl->next = NULL;
*ll = cl;
ll = &cl->next;
}
apr_brigade_cleanup(bb);
/* no eos or error */
return NGX_ERROR;
}

42
nginx/modsecurity/apr_bucket_nginx.h
View File

@@ -1,18 +1,24 @@
#pragma once #pragma once
#include <ngx_core.h> #include <ngx_core.h>
#include "apr_buckets.h" #include "apr_buckets.h"
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf, apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
apr_pool_t *p, apr_pool_t *p,
apr_bucket_alloc_t *list); apr_bucket_alloc_t *list);
apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf, apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
apr_pool_t *pool); apr_pool_t *pool);
#define ngx_buf_to_apr_bucket apr_bucket_nginx_create #define ngx_buf_to_apr_bucket apr_bucket_nginx_create
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool); ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf); ngx_int_t copy_chain_to_brigade(ngx_chain_t *chain_orig,
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool); apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb,
ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain,
ngx_pool_t *pool);

782
nginx/modsecurity/ngx_http_modsecurity.c
View File

File diff suppressed because it is too large Load Diff

11
nginx/modsecurity/ngx_pool_context.c
View File

@@ -70,7 +70,7 @@ ngx_module_t ngx_pool_context_module = {
} \ } \
\ \
node->prev = NULL; \ node->prev = NULL; \
#define ngx_pool_context_link(queue, node) \ #define ngx_pool_context_link(queue, node) \
\ \
@@ -99,7 +99,8 @@ ngx_pool_get_ctx(ngx_pool_t *pool, ngx_uint_t index)
ngx_pool_context_node_t *node; ngx_pool_context_node_t *node;
hash = (ngx_uint_t) pool + index; hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size; key = ngx_murmur_hash2((u_char *)&hash,
sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key]; node = ngx_pool_context_hash[key];
@@ -126,7 +127,8 @@ ngx_pool_set_ctx(ngx_pool_t *pool, ngx_uint_t index, void *data)
ngx_pool_cleanup_t *cln; ngx_pool_cleanup_t *cln;
hash = (ngx_uint_t) pool + index; hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size; key = ngx_murmur_hash2((u_char *)&hash,
sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key]; node = ngx_pool_context_hash[key];
@@ -200,7 +202,8 @@ ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_pool_context_hash_size = pcf->size; ngx_pool_context_hash_size = pcf->size;
ngx_pool_context_hash = ngx_pcalloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size); ngx_pool_context_hash = ngx_pcalloc(cycle->pool,
sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size);
if (ngx_pool_context_hash == NULL) { if (ngx_pool_context_hash == NULL) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;

6
nginx/modsecurity/ngx_pool_context.h
View File

@@ -6,7 +6,9 @@
void* ngx_pool_get_ctx(ngx_pool_t * pool, ngx_uint_t index); void* ngx_pool_get_ctx(ngx_pool_t * pool, ngx_uint_t index);
ngx_int_t ngx_pool_set_ctx(ngx_pool_t * pool, ngx_uint_t index,void * data); ngx_int_t ngx_pool_set_ctx(ngx_pool_t * pool, ngx_uint_t index,void * data);
#define ngx_http_get_module_pool_ctx(r, module) ngx_pool_get_ctx(r->pool, module.index) #define ngx_http_get_module_pool_ctx(r, module) \
#define ngx_http_set_pool_ctx(r, c, module) ngx_pool_set_ctx(r->pool, module.index, c) ngx_pool_get_ctx(r->pool, module.index)
#define ngx_http_set_pool_ctx(r, c, module) \
ngx_pool_set_ctx(r->pool, module.index, c)
#endif /* _NGX_POOL_CONTEXT_H_INCLUDE_ */ #endif /* _NGX_POOL_CONTEXT_H_INCLUDE_ */

6
tests/regression/misc/00-phases.t
View File

@@ -71,7 +71,7 @@
SecResponseBodyMimeType text/plain null SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog,id:500177" SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog,id:500177"
SecRule ARGS "val1" "phase:3,pass,log,auditlog,id:500178" SecRule ARGS "val1" "phase:3,pass,log,auditlog,id:500178"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog,id:500179" SecRule RESPONSE_HEADERS:Content-type "." "phase:3,pass,log,auditlog,id:500179"
SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog,id:500180" SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog,id:500180"
), ),
match_log => { match_log => {
@@ -103,7 +103,7 @@
SecDebugLogLevel 9 SecDebugLogLevel 9
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog,id:500181" SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog,id:500181"
SecRule ARGS "val1" "phase:4,pass,log,auditlog,id:500182" SecRule ARGS "val1" "phase:4,pass,log,auditlog,id:500182"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog,id:500183" SecRule RESPONSE_HEADERS:Content-Type "." "phase:4,pass,log,auditlog,id:500183"
SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog,id:500184" SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog,id:500184"
), ),
match_log => { match_log => {
@@ -132,7 +132,7 @@
SecResponseBodyMimeType text/plain null SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog,id:500185" SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog,id:500185"
SecRule ARGS "val1" "phase:5,pass,log,auditlog,id:500186" SecRule ARGS "val1" "phase:5,pass,log,auditlog,id:500186"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog,id:500187" SecRule RESPONSE_HEADERS:Content-type "." "phase:5,pass,log,auditlog,id:500187"
SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog,id:500188" SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog,id:500188"
), ),
match_log => { match_log => {

8
tests/regression/misc/25-libinjection.t
View File

@@ -19,7 +19,7 @@
status => qr/^403$/, status => qr/^403$/,
}, },
request => new HTTP::Request( request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html", POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[ [
"Content-Type" => "application/x-www-form-urlencoded", "Content-Type" => "application/x-www-form-urlencoded",
], ],
@@ -46,7 +46,7 @@
status => qr/^200$/, status => qr/^200$/,
}, },
request => new HTTP::Request( request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html", POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[ [
"Content-Type" => "application/x-www-form-urlencoded", "Content-Type" => "application/x-www-form-urlencoded",
], ],
@@ -73,7 +73,7 @@
status => qr/^403$/, status => qr/^403$/,
}, },
request => new HTTP::Request( request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html", POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[ [
"Content-Type" => "application/x-www-form-urlencoded", "Content-Type" => "application/x-www-form-urlencoded",
], ],
@@ -100,7 +100,7 @@
status => qr/^200$/, status => qr/^200$/,
}, },
request => new HTTP::Request( request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html", POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[ [
"Content-Type" => "application/x-www-form-urlencoded", "Content-Type" => "application/x-www-form-urlencoded",
], ],

45
tests/regression/nginx/conf/nginx.conf.template
View File

@@ -1,8 +1,10 @@
user root; worker_processes 1;
worker_processes 1;
daemon on; daemon on;
error_log logs/error.log debug; worker_rlimit_core 500M;
working_directory /tmp/;
error_log logs/error.log debug;
events { events {
worker_connections 1024; worker_connections 1024;
} }
@@ -10,13 +12,44 @@ events {
http { http {
ModSecurityEnabled [% enable %]; ModSecurityEnabled [% enable %];
ModSecurityConfig [% config %]; ModSecurityConfig [% config %];
server { client_body_buffer_size 1024M;
server {
client_max_body_size 30M;
listen [% listen %]; listen [% listen %];
server_name localhost; server_name localhost;
location / { client_body_in_single_buffer on;
error_page 405 = $uri; client_body_in_file_only on;
proxy_buffering off;
location /no-proxy/test.txt {
echo "TEST";
} }
location /no-proxy/test2.txt {
echo "TEST 2";
}
location /proxy/test.txt {
proxy_pass http://localhost:[% listen %]/more/test.txt;
}
location /proxy/test2.txt {
proxy_pass http://localhost:[% listen %]/more/test2.txt;
}
location /test.txt {
echo "TEST";
}
location /test2.txt {
echo "TEST 2";
}
location / {
}
} }
} }

4
tests/regression/target/00-targets.t
View File

@@ -388,7 +388,7 @@
), ),
match_log => { match_log => {
error => [ qr/Pattern match "arg1" at FULL_REQUEST.*Pattern match "arg2" at FULL_REQUEST/s, 1 ], error => [ qr/Pattern match "arg1" at FULL_REQUEST.*Pattern match "arg2" at FULL_REQUEST/s, 1 ],
debug => [ qr/against FULL_REQUEST.*Target value: "GET \/test.txt\?arg1=val1\&arg2=val2 HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:8088\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\n\\n\\x00"/s, 1], debug => [ qr/against FULL_REQUEST.*Target value: "GET \/test.txt\?arg1=val1\&arg2=val2 HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:[0-9]+\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\n\\n\\x00"/s, 1],
}, },
match_response => { match_response => {
status => qr/^200$/, status => qr/^200$/,
@@ -411,7 +411,7 @@
), ),
match_log => { match_log => {
error => [ qr/Pattern match "arg1" at FULL_REQUEST.*Pattern match "arg2" at FULL_REQUEST/s, 1 ], error => [ qr/Pattern match "arg1" at FULL_REQUEST.*Pattern match "arg2" at FULL_REQUEST/s, 1 ],
debug => [ qr/against FULL_REQUEST.*Target value: "POST \/test.txt HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:8088\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\nContent-Type: application\/x-www-form-urlencoded\\nContent-Length: 19\\n\\narg1=val1&arg2=val2\\x00"/s, 1 ], debug => [ qr/against FULL_REQUEST.*Target value: "POST \/test.txt HTTP\/1.1\\n\\nTE: deflate,gzip;q=0.3\\nConnection: TE, close\\nHost: localhost:[0-9]+\\nUser-Agent: ModSecurity Regression Tests\/1.2.3\\nContent-Type: application\/x-www-form-urlencoded\\nContent-Length: 19\\n\\narg1=val1&arg2=val2\\x00"/s, 1 ],
}, },
match_response => { match_response => {
status => qr/^200$/, status => qr/^200$/,

12
tests/run-regression-tests-nginx.pl
View File

@@ -204,6 +204,16 @@ sub runfile {
my $rc = 0; my $rc = 0;
my $conf_fn; my $conf_fn;
# watch for segfaults
if ($t and !$t->{match_log}) {
$t->{match_log} = {};
}
if ($t and $t->{match_log} and !$t->{match_log}{-error}) {
$t->{match_log}{-error} = [];
}
push $t->{match_log}{-error}, qr/(core dump)/;
push $t->{match_log}{-error}, 1;
# Startup nginx with optionally included conf. # Startup nginx with optionally included conf.
if (exists $t{conf} and defined $t{conf}) { if (exists $t{conf} and defined $t{conf}) {
$conf_fn = sprintf "%s/%s_%s_%06d.conf", $conf_fn = sprintf "%s/%s_%s_%06d.conf",
@@ -498,7 +508,6 @@ READ: {
#dbg("Match \"$re\" in $name \"$$rbuf\" ($n)"); #dbg("Match \"$re\" in $name \"$$rbuf\" ($n)");
if ($$rbuf =~ m/$re/m) { if ($$rbuf =~ m/$re/m) {
$rc = $&; $rc = $&;
# print "bonga\n";
last; last;
} }
# TODO: Use select()/poll() # TODO: Use select()/poll()
@@ -695,6 +704,7 @@ sub nginx_reset_fd {
return undef; return undef;
} }
# Any extras listed in "match_log" # Any extras listed in "match_log"
if ($t and exists $t->{match_log}) { if ($t and exists $t->{match_log}) {
for my $k (keys %{ $t->{match_log} || {} }) { for my $k (keys %{ $t->{match_log} || {} }) {