mirror of
https://github.com/openappsec/attachment.git
synced 2025-06-28 16:41:03 +03:00
Jul 5th update
This commit is contained in:
Ned Wright
parent
a9a9b4ca29
commit
3da1f451e7
@ -29,10 +29,11 @@ Before compiling, ensure the latest development versions of the following librar
|
||||
* zlib
|
||||
* OpenSSL
|
||||
* Geoip
|
||||
* Python3
|
||||
|
||||
```bash
|
||||
$ apk update
|
||||
$ apk add pcre-dev libxml2-dev zlib-dev openssl-dev geoip-dev
|
||||
$ apk add pcre-dev libxml2-dev zlib-dev openssl-dev geoip-dev linux-headers python3
|
||||
```
|
||||
|
||||
### Compiling the attachment code for an existing nginx server
|
||||
|
||||
@ -54,7 +54,7 @@ if test ! -f configured.ok; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
make && echo "${EXTRA_CC_OPT}" > cc_flags.mk
|
||||
make -j 60 && echo "${EXTRA_CC_OPT}" > cc_flags.mk
|
||||
if [[ $? != 0 ]]; then
|
||||
echo "Failed to build NGINX source code"
|
||||
exit 1
|
||||
|
||||
@ -665,7 +665,11 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
|
||||
uint16_t chunck_type;
|
||||
uint16_t listening_port;
|
||||
ngx_int_t res;
|
||||
ngx_str_t ngx_parsed_host_str = ngx_string("host");
|
||||
ngx_str_t maybe_host = { 0, (u_char *)"" };
|
||||
ngx_str_t ngx_parsed_host = { 0, (u_char *)"" };
|
||||
ngx_str_t parsed_uri = { 0, (u_char *)"" };
|
||||
ngx_http_variable_value_t *ngx_var;
|
||||
char *fragments[META_DATA_COUNT + 2];
|
||||
uint16_t fragments_sizes[META_DATA_COUNT + 2];
|
||||
static int failure_count = 0;
|
||||
@ -712,6 +716,23 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
|
||||
maybe_host.data = request->headers_in.host->value.data;
|
||||
}
|
||||
|
||||
ngx_var = ngx_http_get_variable(request, &ngx_parsed_host_str, ngx_hash_key(ngx_parsed_host_str.data, ngx_parsed_host_str.len));
|
||||
if (ngx_var != NULL && !ngx_var->not_found && ngx_var->len != 0) {
|
||||
ngx_parsed_host.len = ngx_var->len;
|
||||
ngx_parsed_host.data = ngx_var->data;
|
||||
} else {
|
||||
ngx_parsed_host.len = maybe_host.len;
|
||||
ngx_parsed_host.data = maybe_host.data;
|
||||
}
|
||||
|
||||
if (request->uri.len != 0) {
|
||||
parsed_uri.data = request->uri.data;
|
||||
parsed_uri.len = request->uri.len;
|
||||
} else {
|
||||
parsed_uri.data = request->unparsed_uri.data;
|
||||
parsed_uri.len = request->unparsed_uri.len;
|
||||
}
|
||||
|
||||
// Add host data length to the fragments.
|
||||
set_fragment_elem(
|
||||
fragments,
|
||||
@ -739,7 +760,7 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
|
||||
listening_port = htons(((struct sockaddr_in *)request->connection->local_sockaddr)->sin_port);
|
||||
set_fragment_elem(fragments, fragments_sizes, &listening_port, sizeof(listening_port), LISTENING_PORT + 2);
|
||||
|
||||
// Add listening port data.
|
||||
// Add URI data.
|
||||
set_fragment_elem(fragments, fragments_sizes, &request->unparsed_uri.len, sizeof(uint16_t), URI_SIZE + 2);
|
||||
set_fragment_elem(fragments, fragments_sizes, request->unparsed_uri.data, request->unparsed_uri.len, URI_DATA + 2);
|
||||
|
||||
@ -752,6 +773,14 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
|
||||
client_port = htons(((struct sockaddr_in *)request->connection->sockaddr)->sin_port);
|
||||
set_fragment_elem(fragments, fragments_sizes, &client_port, sizeof(client_port), CLIENT_PORT + 2);
|
||||
|
||||
// Add NGX parsed host data.
|
||||
set_fragment_elem(fragments, fragments_sizes, &ngx_parsed_host.len, sizeof(uint16_t), PARSED_HOST_SIZE + 2);
|
||||
set_fragment_elem(fragments, fragments_sizes, ngx_parsed_host.data, ngx_parsed_host.len, PARSED_HOST_DATA + 2);
|
||||
|
||||
// Add parsed URI data.
|
||||
set_fragment_elem(fragments, fragments_sizes, &parsed_uri.len, sizeof(uint16_t), PARSED_URI_SIZE + 2);
|
||||
set_fragment_elem(fragments, fragments_sizes, parsed_uri.data, parsed_uri.len, PARSED_URI_DATA + 2);
|
||||
|
||||
// Sends all the data to the nano service.
|
||||
res = ngx_http_cp_send_data_to_service(fragments, fragments_sizes, META_DATA_COUNT + 2, cur_request_id, NULL, fail_open_timeout);
|
||||
if (res != NGX_OK) {
|
||||
|
||||
@ -227,7 +227,7 @@ is_static_resource_request(ngx_str_t *static_resource_name)
|
||||
|
||||
if (!is_static_resources_table_initialized()) {
|
||||
write_dbg(
|
||||
DBG_LEVEL_WARNING,
|
||||
DBG_LEVEL_DEBUG,
|
||||
"Cannot determine whether request is for a static resource: static resources' table is not initialized"
|
||||
);
|
||||
return 0;
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <sys/types.h>
|
||||
#include <assert.h>
|
||||
|
||||
#define MAX_NGINX_UID_LEN 32
|
||||
#define NUM_OF_NGINX_IPC_ELEMENTS 200
|
||||
@ -183,6 +184,10 @@ typedef enum ngx_http_meta_data
|
||||
CLIENT_ADDR_SIZE,
|
||||
CLIENT_ADDR_DATA,
|
||||
CLIENT_PORT,
|
||||
PARSED_HOST_SIZE,
|
||||
PARSED_HOST_DATA,
|
||||
PARSED_URI_SIZE,
|
||||
PARSED_URI_DATA,
|
||||
|
||||
META_DATA_COUNT
|
||||
} ngx_http_meta_data_e;
|
||||
@ -242,6 +247,7 @@ typedef struct __attribute__((__packed__)) ngx_http_cp_web_response_data {
|
||||
} custom_response_data;
|
||||
|
||||
struct __attribute__((__packed__)) ngx_http_cp_redirect_data {
|
||||
uint8_t unused_dummy;
|
||||
uint8_t add_event_id;
|
||||
uint16_t redirect_location_size;
|
||||
char redirect_location[0];
|
||||
@ -249,6 +255,12 @@ typedef struct __attribute__((__packed__)) ngx_http_cp_web_response_data {
|
||||
} response_data;
|
||||
} ngx_http_cp_web_response_data_t;
|
||||
|
||||
static_assert(
|
||||
sizeof(((ngx_http_cp_web_response_data_t*)0)->response_data.custom_response_data) ==
|
||||
sizeof(((ngx_http_cp_web_response_data_t*)0)->response_data.redirect_data),
|
||||
"custom_response_data must be equal to redirect_data in size"
|
||||
);
|
||||
|
||||
typedef union __attribute__((__packed__)) ngx_http_cp_modify_data {
|
||||
ngx_http_cp_inject_data_t inject_data[0];
|
||||
ngx_http_cp_web_response_data_t web_response_data[0];
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user