github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-06-28 16:41:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20 from openappsec/May_27_2024-Dev

Browse Source 
May 27 update
This commit is contained in:
WrightNed 2024-06-02 10:16:08 +03:00 committed by GitHub
commit 16a4771305
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 23 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
attachments/nginx/ngx_module/ngx_cp_hook_threads.c
View File

@ -271,7 +271,7 @@ ngx_http_cp_req_body_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;
@ -308,7 +308,7 @@ ngx_http_cp_req_end_transaction_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;
@ -357,7 +357,7 @@ ngx_http_cp_res_header_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;
@ -379,7 +379,7 @@ ngx_http_cp_res_header_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;
@ -399,7 +399,7 @@ ngx_http_cp_res_header_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->response_data.new_compression_type = session_data_p->response_data.original_compression_type; session_data_p->response_data.new_compression_type = session_data_p->response_data.original_compression_type;
@ -421,7 +421,7 @@ ngx_http_cp_res_header_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;
@ -468,7 +468,7 @@ ngx_http_cp_res_body_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;
@ -485,7 +485,7 @@ ngx_http_cp_res_body_filter_thread(void *_ctx)
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply++; session_data_p->remaining_messages_to_reply++;
} }
@ -523,7 +523,7 @@ ngx_http_cp_hold_verdict_thread(void *_ctx)
if (fail_mode_hold_verdict == NGX_OK) { if (fail_mode_hold_verdict == NGX_OK) {
THREAD_CTX_RETURN_NEXT_FILTER(); THREAD_CTX_RETURN_NEXT_FILTER();
} }
THREAD_CTX_RETURN(NGX_ERROR); THREAD_CTX_RETURN(NGX_HTTP_FORBIDDEN);
} }
session_data_p->remaining_messages_to_reply += num_messages_sent; session_data_p->remaining_messages_to_reply += num_messages_sent;

20
attachments/nginx/ngx_module/ngx_cp_hooks.c
View File

@ -600,7 +600,7 @@ ngx_http_cp_req_body_filter(ngx_http_request_t *request, ngx_chain_t *request_bo
updateMetricField(MAX_REQ_BODY_SIZE_UPON_TIMEOUT, session_data_p->processed_req_body_size); updateMetricField(MAX_REQ_BODY_SIZE_UPON_TIMEOUT, session_data_p->processed_req_body_size);
updateMetricField(MIN_REQ_BODY_SIZE_UPON_TIMEOUT, session_data_p->processed_req_body_size); updateMetricField(MIN_REQ_BODY_SIZE_UPON_TIMEOUT, session_data_p->processed_req_body_size);
return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_ERROR; return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_HTTP_FORBIDDEN;
} }
write_dbg( write_dbg(
DBG_LEVEL_DEBUG, DBG_LEVEL_DEBUG,
@ -615,7 +615,7 @@ ngx_http_cp_req_body_filter(ngx_http_request_t *request, ngx_chain_t *request_bo
if (!res) { if (!res) {
session_data_p->verdict = fail_mode_hold_verdict == NGX_OK ? TRAFFIC_VERDICT_ACCEPT : TRAFFIC_VERDICT_DROP; session_data_p->verdict = fail_mode_hold_verdict == NGX_OK ? TRAFFIC_VERDICT_ACCEPT : TRAFFIC_VERDICT_DROP;
updateMetricField(HOLD_THREAD_TIMEOUT, 1); updateMetricField(HOLD_THREAD_TIMEOUT, 1);
return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_ERROR; return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_HTTP_FORBIDDEN;
} }
} }
@ -636,7 +636,7 @@ ngx_http_cp_req_body_filter(ngx_http_request_t *request, ngx_chain_t *request_bo
session_data_p->verdict == TRAFFIC_VERDICT_ACCEPT ? "accept" : "drop" session_data_p->verdict == TRAFFIC_VERDICT_ACCEPT ? "accept" : "drop"
); );
updateMetricField(REQ_BODY_THREAD_TIMEOUT, 1); updateMetricField(REQ_BODY_THREAD_TIMEOUT, 1);
return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_ERROR; return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_HTTP_FORBIDDEN;
} }
write_dbg( write_dbg(
@ -671,7 +671,7 @@ ngx_http_cp_req_body_filter(ngx_http_request_t *request, ngx_chain_t *request_bo
session_data_p->session_id, session_data_p->session_id,
session_data_p->verdict == TRAFFIC_VERDICT_ACCEPT ? "accept" : "drop" session_data_p->verdict == TRAFFIC_VERDICT_ACCEPT ? "accept" : "drop"
); );
return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_ERROR; return fail_mode_verdict == NGX_OK ? ngx_http_next_request_body_filter(request, request_body_chain) : NGX_HTTP_FORBIDDEN;
} }
final_res = ctx.res; final_res = ctx.res;
@ -978,7 +978,7 @@ ngx_http_cp_res_body_filter(ngx_http_request_t *request, ngx_chain_t *body_chain
if (was_transaction_timedout(session_data_p)) { if (was_transaction_timedout(session_data_p)) {
// Session was timed out. // Session was timed out.
if (session_data_p->verdict == TRAFFIC_VERDICT_DROP) { if (session_data_p->verdict == TRAFFIC_VERDICT_DROP) {
return NGX_ERROR; return NGX_HTTP_FORBIDDEN;
} }
session_data_p->verdict = fail_mode_verdict == NGX_OK ? TRAFFIC_VERDICT_ACCEPT : TRAFFIC_VERDICT_DROP; session_data_p->verdict = fail_mode_verdict == NGX_OK ? TRAFFIC_VERDICT_ACCEPT : TRAFFIC_VERDICT_DROP;
fini_cp_session_data(session_data_p); fini_cp_session_data(session_data_p);
@ -1041,7 +1041,7 @@ ngx_http_cp_res_body_filter(ngx_http_request_t *request, ngx_chain_t *body_chain
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
return ngx_http_next_response_body_filter(request, body_chain); return ngx_http_next_response_body_filter(request, body_chain);
} }
return NGX_ERROR; return NGX_HTTP_FORBIDDEN;
} }
write_dbg( write_dbg(
DBG_LEVEL_DEBUG, DBG_LEVEL_DEBUG,
@ -1080,7 +1080,7 @@ ngx_http_cp_res_body_filter(ngx_http_request_t *request, ngx_chain_t *body_chain
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
return ngx_http_next_response_body_filter(request, body_chain); return ngx_http_next_response_body_filter(request, body_chain);
} }
return NGX_ERROR; return NGX_HTTP_FORBIDDEN;
} }
final_res = ctx.res; final_res = ctx.res;
@ -1100,7 +1100,7 @@ ngx_http_cp_res_body_filter(ngx_http_request_t *request, ngx_chain_t *body_chain
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
return ngx_http_next_response_body_filter(request, body_chain); return ngx_http_next_response_body_filter(request, body_chain);
} }
return NGX_ERROR; return NGX_HTTP_FORBIDDEN;
} }
if (ctx.modifications) { if (ctx.modifications) {
@ -1112,7 +1112,7 @@ ngx_http_cp_res_body_filter(ngx_http_request_t *request, ngx_chain_t *body_chain
if (fail_mode_verdict == NGX_OK) { if (fail_mode_verdict == NGX_OK) {
return ngx_http_next_response_body_filter(request, body_chain); return ngx_http_next_response_body_filter(request, body_chain);
} }
return NGX_ERROR; return NGX_HTTP_FORBIDDEN;
} }
} }
@ -1148,7 +1148,7 @@ ngx_http_cp_res_body_filter(ngx_http_request_t *request, ngx_chain_t *body_chain
fini_cp_session_data(session_data_p); fini_cp_session_data(session_data_p);
return fail_mode_verdict == NGX_OK ? return fail_mode_verdict == NGX_OK ?
ngx_http_next_response_body_filter(request, body_chain) : ngx_http_next_response_body_filter(request, body_chain) :
NGX_ERROR; NGX_HTTP_FORBIDDEN;
} }
} }

1
attachments/nginx/ngx_module/ngx_cp_initializer.c
View File

@ -736,7 +736,6 @@ disconnect_communication()
} }
set_need_registration(NOT_REGISTERED); set_need_registration(NOT_REGISTERED);
init_attachment_registration_thread();
} }
ngx_int_t ngx_int_t

8
attachments/nginx/ngx_module/ngx_cp_utils.c
View File

@ -208,7 +208,7 @@ free_list_from_pool(ngx_pool_t *memory_pool, ngx_list_t *list)
/// @param[in, out] key_list List of keys to add to the initialized hash table. /// @param[in, out] key_list List of keys to add to the initialized hash table.
/// @param[in] initial_data_value_ptr Initial data value pointer. /// @param[in] initial_data_value_ptr Initial data value pointer.
/// @param[in] initial_data_size Initial data size that will be increased if necessary. /// @param[in] initial_data_size Initial data size that will be increased if necessary.
/// @returns ngx_int_t /// @returns ngx_int_t
/// - #NGX_OK. /// - #NGX_OK.
/// - #NGX_ERROR. /// - #NGX_ERROR.
/// ///
@ -407,7 +407,7 @@ split_chain_elem(ngx_chain_t *elem, uint16_t split_index, ngx_pool_t *pool)
/// @param[in] data_size Size of the data to be put in NGINX chain. /// @param[in] data_size Size of the data to be put in NGINX chain.
/// @param[in, out] data Data to put into the newly allocates NGINX chain. /// @param[in, out] data Data to put into the newly allocates NGINX chain.
/// @param[in, out] pool NGINX pool to allocate buffers from. /// @param[in, out] pool NGINX pool to allocate buffers from.
/// @returns /// @returns
/// ///
ngx_chain_t * ngx_chain_t *
create_chain_elem(uint32_t data_size, char *data, ngx_pool_t *pool) create_chain_elem(uint32_t data_size, char *data, ngx_pool_t *pool)
@ -929,11 +929,11 @@ init_general_config(const char *conf_path)
} }
// Setting fail open/close. // Setting fail open/close.
fail_mode_verdict = isFailOpenMode() == 1 ? NGX_OK : NGX_ERROR; fail_mode_verdict = isFailOpenMode() == 1 ? NGX_OK : NGX_HTTP_FORBIDDEN;
fail_open_timeout = getFailOpenTimeout(); fail_open_timeout = getFailOpenTimeout();
// Setting fail wait open/close // Setting fail wait open/close
fail_mode_hold_verdict = isFailOpenHoldMode() == 1 ? NGX_OK : NGX_ERROR; fail_mode_hold_verdict = isFailOpenHoldMode() == 1 ? NGX_OK : NGX_HTTP_FORBIDDEN;
fail_open_hold_timeout = getFailOpenHoldTimeout(); fail_open_hold_timeout = getFailOpenHoldTimeout();
// Setting attachment's variables. // Setting attachment's variables.