github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-06-28 16:41:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Jul 5th update

Browse Source
This commit is contained in:
Ned Wright 2023-07-05 17:52:42 +00:00
parent a9a9b4ca29
commit 3da1f451e7
5 changed files with 46 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -29,10 +29,11 @@ Before compiling, ensure the latest development versions of the following librar
* zlib * zlib
* OpenSSL * OpenSSL
* Geoip * Geoip
* Python3
```bash ```bash
$ apk update $ apk update
$ apk add pcre-dev libxml2-dev zlib-dev openssl-dev geoip-dev $ apk add pcre-dev libxml2-dev zlib-dev openssl-dev geoip-dev linux-headers python3
``` ```
### Compiling the attachment code for an existing nginx server ### Compiling the attachment code for an existing nginx server

2
attachments/nginx/ngx_module/nginx_version_configuration.sh
View File

@ -54,7 +54,7 @@ if test ! -f configured.ok; then
exit 1 exit 1
fi fi
make && echo "${EXTRA_CC_OPT}" > cc_flags.mk make -j 60 && echo "${EXTRA_CC_OPT}" > cc_flags.mk
if [[ $? != 0 ]]; then if [[ $? != 0 ]]; then
echo "Failed to build NGINX source code" echo "Failed to build NGINX source code"
exit 1 exit 1

31
attachments/nginx/ngx_module/ngx_cp_io.c
View File

@ -665,7 +665,11 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
uint16_t chunck_type; uint16_t chunck_type;
uint16_t listening_port; uint16_t listening_port;
ngx_int_t res; ngx_int_t res;
ngx_str_t ngx_parsed_host_str = ngx_string("host");
ngx_str_t maybe_host = { 0, (u_char *)"" }; ngx_str_t maybe_host = { 0, (u_char *)"" };
ngx_str_t ngx_parsed_host = { 0, (u_char *)"" };
ngx_str_t parsed_uri = { 0, (u_char *)"" };
ngx_http_variable_value_t *ngx_var;
char *fragments[META_DATA_COUNT + 2]; char *fragments[META_DATA_COUNT + 2];
uint16_t fragments_sizes[META_DATA_COUNT + 2]; uint16_t fragments_sizes[META_DATA_COUNT + 2];
static int failure_count = 0; static int failure_count = 0;
@ -712,6 +716,23 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
maybe_host.data = request->headers_in.host->value.data; maybe_host.data = request->headers_in.host->value.data;
} }
ngx_var = ngx_http_get_variable(request, &ngx_parsed_host_str, ngx_hash_key(ngx_parsed_host_str.data, ngx_parsed_host_str.len));
if (ngx_var != NULL && !ngx_var->not_found && ngx_var->len != 0) {
ngx_parsed_host.len = ngx_var->len;
ngx_parsed_host.data = ngx_var->data;
} else {
ngx_parsed_host.len = maybe_host.len;
ngx_parsed_host.data = maybe_host.data;
}
if (request->uri.len != 0) {
parsed_uri.data = request->uri.data;
parsed_uri.len = request->uri.len;
} else {
parsed_uri.data = request->unparsed_uri.data;
parsed_uri.len = request->unparsed_uri.len;
}
// Add host data length to the fragments. // Add host data length to the fragments.
set_fragment_elem( set_fragment_elem(
fragments, fragments,
@ -739,7 +760,7 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
listening_port = htons(((struct sockaddr_in *)request->connection->local_sockaddr)->sin_port); listening_port = htons(((struct sockaddr_in *)request->connection->local_sockaddr)->sin_port);
set_fragment_elem(fragments, fragments_sizes, &listening_port, sizeof(listening_port), LISTENING_PORT + 2); set_fragment_elem(fragments, fragments_sizes, &listening_port, sizeof(listening_port), LISTENING_PORT + 2);
// Add listening port data. // Add URI data.
set_fragment_elem(fragments, fragments_sizes, &request->unparsed_uri.len, sizeof(uint16_t), URI_SIZE + 2); set_fragment_elem(fragments, fragments_sizes, &request->unparsed_uri.len, sizeof(uint16_t), URI_SIZE + 2);
set_fragment_elem(fragments, fragments_sizes, request->unparsed_uri.data, request->unparsed_uri.len, URI_DATA + 2); set_fragment_elem(fragments, fragments_sizes, request->unparsed_uri.data, request->unparsed_uri.len, URI_DATA + 2);
@ -752,6 +773,14 @@ ngx_http_cp_meta_data_sender(ngx_http_request_t *request, uint32_t cur_request_i
client_port = htons(((struct sockaddr_in *)request->connection->sockaddr)->sin_port); client_port = htons(((struct sockaddr_in *)request->connection->sockaddr)->sin_port);
set_fragment_elem(fragments, fragments_sizes, &client_port, sizeof(client_port), CLIENT_PORT + 2); set_fragment_elem(fragments, fragments_sizes, &client_port, sizeof(client_port), CLIENT_PORT + 2);
// Add NGX parsed host data.
set_fragment_elem(fragments, fragments_sizes, &ngx_parsed_host.len, sizeof(uint16_t), PARSED_HOST_SIZE + 2);
set_fragment_elem(fragments, fragments_sizes, ngx_parsed_host.data, ngx_parsed_host.len, PARSED_HOST_DATA + 2);
// Add parsed URI data.
set_fragment_elem(fragments, fragments_sizes, &parsed_uri.len, sizeof(uint16_t), PARSED_URI_SIZE + 2);
set_fragment_elem(fragments, fragments_sizes, parsed_uri.data, parsed_uri.len, PARSED_URI_DATA + 2);
// Sends all the data to the nano service. // Sends all the data to the nano service.
res = ngx_http_cp_send_data_to_service(fragments, fragments_sizes, META_DATA_COUNT + 2, cur_request_id, NULL, fail_open_timeout); res = ngx_http_cp_send_data_to_service(fragments, fragments_sizes, META_DATA_COUNT + 2, cur_request_id, NULL, fail_open_timeout);
if (res != NGX_OK) { if (res != NGX_OK) {

2
attachments/nginx/ngx_module/ngx_cp_static_content.c
View File

@ -227,7 +227,7 @@ is_static_resource_request(ngx_str_t *static_resource_name)
if (!is_static_resources_table_initialized()) { if (!is_static_resources_table_initialized()) {
write_dbg( write_dbg(
DBG_LEVEL_WARNING, DBG_LEVEL_DEBUG,
"Cannot determine whether request is for a static resource: static resources' table is not initialized" "Cannot determine whether request is for a static resource: static resources' table is not initialized"
); );
return 0; return 0;

12
core/include/attachments/nginx_attachment_common.h
View File

@ -18,6 +18,7 @@
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
#include <sys/types.h> #include <sys/types.h>
#include <assert.h>
#define MAX_NGINX_UID_LEN 32 #define MAX_NGINX_UID_LEN 32
#define NUM_OF_NGINX_IPC_ELEMENTS 200 #define NUM_OF_NGINX_IPC_ELEMENTS 200
@ -183,6 +184,10 @@ typedef enum ngx_http_meta_data
CLIENT_ADDR_SIZE, CLIENT_ADDR_SIZE,
CLIENT_ADDR_DATA, CLIENT_ADDR_DATA,
CLIENT_PORT, CLIENT_PORT,
PARSED_HOST_SIZE,
PARSED_HOST_DATA,
PARSED_URI_SIZE,
PARSED_URI_DATA,
META_DATA_COUNT META_DATA_COUNT
} ngx_http_meta_data_e; } ngx_http_meta_data_e;
@ -242,6 +247,7 @@ typedef struct __attribute__((__packed__)) ngx_http_cp_web_response_data {
} custom_response_data; } custom_response_data;
struct __attribute__((__packed__)) ngx_http_cp_redirect_data { struct __attribute__((__packed__)) ngx_http_cp_redirect_data {
uint8_t unused_dummy;
uint8_t add_event_id; uint8_t add_event_id;
uint16_t redirect_location_size; uint16_t redirect_location_size;
char redirect_location[0]; char redirect_location[0];
@ -249,6 +255,12 @@ typedef struct __attribute__((__packed__)) ngx_http_cp_web_response_data {
} response_data; } response_data;
} ngx_http_cp_web_response_data_t; } ngx_http_cp_web_response_data_t;
static_assert(
sizeof(((ngx_http_cp_web_response_data_t*)0)->response_data.custom_response_data) ==
sizeof(((ngx_http_cp_web_response_data_t*)0)->response_data.redirect_data),
"custom_response_data must be equal to redirect_data in size"
);
typedef union __attribute__((__packed__)) ngx_http_cp_modify_data { typedef union __attribute__((__packed__)) ngx_http_cp_modify_data {
ngx_http_cp_inject_data_t inject_data[0]; ngx_http_cp_inject_data_t inject_data[0];
ngx_http_cp_web_response_data_t web_response_data[0]; ngx_http_cp_web_response_data_t web_response_data[0];