mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 13:56:01 +03:00
113 lines
5.4 KiB
YAML
113 lines
5.4 KiB
YAML
name: Quality Assurance
|
|
|
|
on:
|
|
push:
|
|
pull_request:
|
|
|
|
jobs:
|
|
build-linux:
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-22.04]
|
|
platform: [x32, x64]
|
|
compiler: [gcc, clang]
|
|
configure:
|
|
- {label: "with pcre2, no study, no jit", opt: "--enable-pcre-study=no" }
|
|
- {label: "with pcre2, with study, no jit", opt: "--enable-pcre-study=yes" }
|
|
- {label: "with pcre2, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" }
|
|
- {label: "with pcre2, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
|
|
- {label: "with pcre", opt: "--with-pcre --enable-pcre-study=no" }
|
|
- {label: "with pcre, with study, no jit", opt: "--with-pcre --enable-pcre-study=yes" }
|
|
- {label: "with pcre, no study, with jit", opt: "--with-pcre --enable-pcre-study=no --enable-pcre-jit" }
|
|
- {label: "with pcre, with study, with jit", opt: "--with-pcre --enable-pcre-study=yes --enable-pcre-jit" }
|
|
- {label: "with lua", opt: "--with-lua" }
|
|
- {label: "wo lua", opt: "--without-lua" }
|
|
steps:
|
|
- name: Setup Dependencies
|
|
run: |
|
|
sudo apt-get update -y -qq
|
|
sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data
|
|
- uses: actions/checkout@v2
|
|
- name: autogen.sh
|
|
run: ./autogen.sh
|
|
- name: configure ${{ matrix.configure.label }}
|
|
run: ./configure --enable-assertions ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security'
|
|
- uses: ammaraskar/gcc-problem-matcher@master
|
|
- name: make
|
|
run: make -j `nproc`
|
|
- name: install module
|
|
run: sudo make install
|
|
- name: prepare config
|
|
run: |
|
|
sudo cp .github/security2.conf /etc/apache2/mods-enabled/
|
|
sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf
|
|
sudo cp unicode.mapping /etc/apache2/
|
|
sudo mkdir -p /var/cache/modsecurity
|
|
sudo chown -R www-data:www-data /var/cache/modsecurity
|
|
- name: first check config (to get syntax errors)
|
|
run: sudo apachectl configtest
|
|
- name: start apache with module
|
|
run: sudo systemctl restart apache2.service
|
|
- name: Search for errors/warnings in error log
|
|
run: |
|
|
# '|| :' handles the case grep doesn't match, otherwise the script exits with 1 (error)
|
|
errors=$(grep -E ':(?error|warn)[]]' /var/log/apache2/error.log) || :
|
|
if [[ -z "${errors}" ]]; then exit 0; fi
|
|
echo "::error:: Found errors/warnings in error.log"
|
|
echo "${errors}"
|
|
exit 1
|
|
- name: Check error.log
|
|
run: |
|
|
# Send requests & check log format
|
|
# Valid request
|
|
curl -s http://127.0.01/ > /dev/null || echo $?
|
|
# Invalid request
|
|
curl -s http://127.0.01/%2e%2f > /dev/null || echo $?
|
|
# Check log format
|
|
grep -F ModSecurity < /var/log/apache2/error.log | grep -vP "^\[[^\]]+\] \[security2:[a-z]+\] \[pid [0-9]+:tid [0-9]+\] (?:\[client [0-9.:]+\] )?ModSecurity" || exit 0
|
|
# grep -v succeeded => found some lines with invalid format
|
|
exit 1
|
|
- name: Show httpd error log
|
|
if: always()
|
|
run: sudo cat /var/log/apache2/error.log
|
|
- name: Show mod_security2 audit log
|
|
if: always()
|
|
run: sudo cat /var/log/apache2/modsec_audit.log
|
|
|
|
test-linux:
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-22.04]
|
|
platform: [x32, x64]
|
|
compiler: [gcc, clang]
|
|
configure:
|
|
- {label: "with pcre2, no study, no jit", opt: "--enable-pcre-study=no" }
|
|
- {label: "with pcre2, with study, no jit", opt: "--enable-pcre-study=yes" }
|
|
- {label: "with pcre2, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" }
|
|
- {label: "with pcre2, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
|
|
- {label: "with pcre", opt: "--with-pcre --enable-pcre-study=no" }
|
|
- {label: "with pcre, with study, no jit", opt: "--with-pcre --enable-pcre-study=yes" }
|
|
- {label: "with pcre, no study, with jit", opt: "--with-pcre --enable-pcre-study=no --enable-pcre-jit" }
|
|
- {label: "with pcre, with study, with jit", opt: "--with-pcre --enable-pcre-study=yes --enable-pcre-jit" }
|
|
- {label: "with lua", opt: "--with-lua" }
|
|
- {label: "wo lua", opt: "--without-lua" }
|
|
steps:
|
|
- name: Setup Dependencies
|
|
run: |
|
|
sudo apt-get update -y -qq
|
|
sudo apt-get install -y --no-install-recommends apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data
|
|
- uses: actions/checkout@v2
|
|
- name: autogen.sh
|
|
run: ./autogen.sh
|
|
- name: configure ${{ matrix.configure.label }}
|
|
run: ./configure ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security'
|
|
- uses: ammaraskar/gcc-problem-matcher@master
|
|
- name: make
|
|
run: make -j `nproc`
|
|
- name: install module
|
|
run: sudo make install
|
|
- name: run tests
|
|
run: make test
|