From 66316760dc34ebc0a2c3e484071f43d51497260b Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Wed, 9 Mar 2022 18:22:38 -0300 Subject: [PATCH] fix error Signed-off-by: Felipe Zipitria --- .github/workflows/build.yml | 38 ++++++--- .gitignore | 1 + Dockerfile | 80 +++++++++++++++++++ config | 80 +++++++++---------- coraza.conf | 5 ++ ngx-modsec.stp => ngx-coraza.stp | 4 +- src/ngx_http_coraza_common.h | 2 + src/ngx_http_coraza_module.c | 30 ++++--- src/ngx_http_coraza_pre_access.c | 6 +- src/ngx_http_coraza_rewrite.c | 54 +++++++------ src/ngx_http_coraza_utils.c | 32 ++++++++ ...ig-auditlog.t => coraza-config-auditlog.t} | 0 ...ge.t => coraza-config-custom-error-page.t} | 0 ...ig-debuglog.t => coraza-config-debuglog.t} | 0 ...y-config-merge.t => coraza-config-merge.t} | 0 .../{modsecurity-config.t => coraza-config.t} | 0 tests/{modsecurity-h2.t => coraza-h2.t} | 0 ...dsecurity-proxy-h2.t => coraza-proxy-h2.t} | 0 tests/{modsecurity-proxy.t => coraza-proxy.t} | 0 ...est-body-h2.t => coraza-request-body-h2.t} | 0 ...y-request-body.t => coraza-request-body.t} | 0 ...response-body.t => coraza-response-body.t} | 0 ...modsecurity-scoring.t => coraza-scoring.t} | 0 ...ansaction-id.t => coraza-transaction-id.t} | 0 tests/{modsecurity.t => coraza.t} | 0 25 files changed, 241 insertions(+), 91 deletions(-) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 coraza.conf rename ngx-modsec.stp => ngx-coraza.stp (77%) create mode 100644 src/ngx_http_coraza_utils.c rename tests/{modsecurity-config-auditlog.t => coraza-config-auditlog.t} (100%) rename tests/{modsecurity-config-custom-error-page.t => coraza-config-custom-error-page.t} (100%) rename tests/{modsecurity-config-debuglog.t => coraza-config-debuglog.t} (100%) rename tests/{modsecurity-config-merge.t => coraza-config-merge.t} (100%) rename tests/{modsecurity-config.t => coraza-config.t} (100%) rename tests/{modsecurity-h2.t => coraza-h2.t} (100%) rename tests/{modsecurity-proxy-h2.t => coraza-proxy-h2.t} (100%) rename tests/{modsecurity-proxy.t => coraza-proxy.t} (100%) rename tests/{modsecurity-request-body-h2.t => coraza-request-body-h2.t} (100%) rename tests/{modsecurity-request-body.t => coraza-request-body.t} (100%) rename tests/{modsecurity-response-body.t => coraza-response-body.t} (100%) rename tests/{modsecurity-scoring.t => coraza-scoring.t} (100%) rename tests/{modsecurity-transaction-id.t => coraza-transaction-id.t} (100%) rename tests/{modsecurity.t => coraza.t} (100%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index da6bd8e..3c6d739 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -57,9 +57,9 @@ jobs: - name: Install dependencies with apt run: | sudo add-apt-repository universe - sudo apt-get update - sudo apt-get -y \ - --fix-missing install \ + sudo apt-get -qq update + sudo apt-get -y -qq \ + --fix-missing --no-install-recommends install \ gcc make \ libxml2-dev \ libxslt-dev \ @@ -89,26 +89,29 @@ jobs: - name: Configure compilation of dynamic module run: | - ls -l cd ${{ github.workspace }}/nginx-${{ matrix.nginx_version }} ./configure \ --with-compat \ --add-dynamic-module=${{ github.workspace }}/ \ --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \ --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' \ - --prefix=/usr/share/nginx \ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log \ --lock-path=/var/lock/nginx.lock \ --pid-path=/run/nginx.pid \ --modules-path=/usr/lib/nginx/modules \ - --http-client-body-temp-path=/var/lib/nginx/body \ - --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ - --http-proxy-temp-path=/var/lib/nginx/proxy \ - --http-scgi-temp-path=/var/lib/nginx/scgi \ - --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ --with-debug \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_realip_module \ @@ -126,10 +129,21 @@ jobs: --with-http_xslt_module=dynamic \ --with-stream=dynamic - - name: Compile dynamic module - run: | + - name: Compile dynamic module and install nginx + run: | cd ${{ github.workspace }}/nginx-${{ matrix.nginx_version }} make modules + make + sudo make install + + - name: Run tests + run: | + wget http://hg.nginx.org/nginx-tests/archive/tip.tar.gz + tar xzf tip.tar.gz + cd nginx-tests-* + cp ../tests/* . + export TEST_NGINX_BINARY=/usr/sbin/nginx + prove . - name: Upload a Build Artifact uses: actions/upload-artifact@v2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1d74e21 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vscode/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c26cd44 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,80 @@ +FROM golang as go-builder + +ARG libcoraza_version=master + +# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile +RUN set -eux; \ + apt-get update -qq; \ + apt-get install -qq --no-install-recommends \ + autoconf \ + automake \ + libtool \ + gcc \ + bash \ + make + +COPY ./libcoraza /tmp/master + +RUN set -eux; \ + #wget https://github.com/corazawaf/libcoraza/tarball/master -O /tmp/master; \ + #tar -xvf /tmp/master; \ + #cd corazawaf-libcoraza-*; \ + cd /tmp/master; \ + ./build.sh; \ + ./configure; \ + make; \ + make V=1 install + +FROM nginx:stable as ngx-coraza + +COPY --from=go-builder /usr/local/include/coraza /usr/local/include/coraza +COPY --from=go-builder /usr/local/lib/libcorazacore.a /usr/local/lib +COPY --from=go-builder /usr/local/lib/libcorazautils.a /usr/local/lib +COPY --from=go-builder /usr/local/lib/libcorazacore.so /usr/local/lib +COPY --from=go-builder /usr/local/lib/libcorazautils.so /usr/local/lib + +# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile +RUN set -eux; \ + apt-get update -qq; \ + apt-get install -qq --no-install-recommends \ + gcc \ + gnupg1 \ + ca-certificates \ + libc-dev \ + make \ + openssl \ + curl \ + gnupg \ + wget \ + libpcre3 libpcre3-dev \ + zlib1g-dev + +COPY . /usr/src/coraza-nginx + +# Download sources +RUN set -eux; \ + curl "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o - | tar zxC /usr/src -f -; + # Reuse same cli arguments as the nginx:alpine image used to build + +RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p');\ + cd /usr/src/nginx-$NGINX_VERSION; \ + ./configure --with-compat "$CONFARGS" --add-dynamic-module=/usr/src/coraza-nginx; \ + make modules; \ + mkdir -p /usr/lib/nginx/modules; \ + find objs/*.so -print; \ + cp objs/ngx_*.so /usr/lib/nginx/modules + +FROM nginx:stable + +RUN sed -i -e "s|events {|load_module \"/usr/lib/nginx/modules/ngx_http_coraza_module.so\";\n\nevents {|" /etc/nginx/nginx.conf; + +COPY ./coraza.conf /etc/nginx/conf.d/coraza.conf +COPY --from=ngx-coraza /usr/lib/nginx/modules/ /usr/lib/nginx/modules/ +COPY --from=go-builder /usr/local/lib/libcorazacore.so /usr/local/lib +COPY --from=go-builder /usr/local/lib/libcorazautils.so /usr/local/lib + +RUN ldconfig -v + +EXPOSE 80 +STOPSIGNAL SIGTERM +CMD ["nginx", "-g", "daemon off;"] diff --git a/config b/config index eed082b..dceafe8 100644 --- a/config +++ b/config @@ -10,40 +10,41 @@ ngx_addon_name="ngx_http_coraza_module" coraza_dependency="ngx_http_postpone_filter_module \ - ngx_http_ssi_filter_module \ - ngx_http_charset_filter_module \ - ngx_http_xslt_filter_module \ - ngx_http_image_filter_module \ - ngx_http_sub_filter_module \ - ngx_http_addition_filter_module \ - ngx_http_gunzip_filter_module \ - ngx_http_userid_filter_module \ - ngx_http_headers_filter_module \ - ngx_http_copy_filter_module" + ngx_http_ssi_filter_module \ + ngx_http_charset_filter_module \ + ngx_http_xslt_filter_module \ + ngx_http_image_filter_module \ + ngx_http_sub_filter_module \ + ngx_http_addition_filter_module \ + ngx_http_gunzip_filter_module \ + ngx_http_userid_filter_module \ + ngx_http_headers_filter_module \ + ngx_http_copy_filter_module" if test -n "$ngx_module_link"; then ngx_module_type=HTTP_FILTER ngx_module_name="$ngx_addon_name" ngx_module_srcs="$ngx_addon_dir/src/ngx_http_coraza_module.c \ - $ngx_addon_dir/src/ngx_http_coraza_pre_access.c \ - $ngx_addon_dir/src/ngx_http_coraza_header_filter.c \ - $ngx_addon_dir/src/ngx_http_coraza_body_filter.c \ - $ngx_addon_dir/src/ngx_http_coraza_log.c \ - $ngx_addon_dir/src/ngx_http_coraza_rewrite.c \ - " + $ngx_addon_dir/src/ngx_http_coraza_pre_access.c \ + $ngx_addon_dir/src/ngx_http_coraza_header_filter.c \ + $ngx_addon_dir/src/ngx_http_coraza_body_filter.c \ + $ngx_addon_dir/src/ngx_http_coraza_log.c \ + $ngx_addon_dir/src/ngx_http_coraza_rewrite.c \ + $ngx_addon_dir/src/ngx_http_coraza_utils.c \ + " ngx_module_deps="$ngx_addon_dir/src/ddebug.h \ - $ngx_addon_dir/src/ngx_http_coraza_common.h \ - " - ngx_module_libs="-lcorazacore" - ngx_module_incs="-I /usr/local/coraza/include" + $ngx_addon_dir/src/ngx_http_coraza_common.h \ + " + ngx_module_libs="-lcorazacore" + ngx_module_incs="-I /usr/local/coraza/include" - ngx_module_order="ngx_http_chunked_filter_module \ - ngx_http_v2_filter_module \ - ngx_http_range_header_filter_module \ - ngx_http_gzip_filter_module \ - $ngx_module_name \ - $coraza_dependency"; + ngx_module_order="ngx_http_chunked_filter_module \ + ngx_http_v2_filter_module \ + ngx_http_range_header_filter_module \ + ngx_http_gzip_filter_module \ + $ngx_module_name \ + $coraza_dependency"; . auto/module else @@ -54,19 +55,18 @@ else CORE_LIBS="$CORE_LIBS $ngx_feature_libs" HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES ngx_http_coraza_module" - NGX_ADDON_SRCS="\ - $NGX_ADDON_SRCS \ - $ngx_addon_dir/src/ngx_http_coraza_module.c \ - $ngx_addon_dir/src/ngx_http_coraza_pre_access.c \ - $ngx_addon_dir/src/ngx_http_coraza_header_filter.c \ - $ngx_addon_dir/src/ngx_http_coraza_body_filter.c \ - $ngx_addon_dir/src/ngx_http_coraza_log.c \ - $ngx_addon_dir/src/ngx_http_coraza_rewrite.c \ - " + NGX_ADDON_SRCS="$NGX_ADDON_SRCS \ + $ngx_addon_dir/src/ngx_http_coraza_module.c \ + $ngx_addon_dir/src/ngx_http_coraza_pre_access.c \ + $ngx_addon_dir/src/ngx_http_coraza_header_filter.c \ + $ngx_addon_dir/src/ngx_http_coraza_body_filter.c \ + $ngx_addon_dir/src/ngx_http_coraza_log.c \ + $ngx_addon_dir/src/ngx_http_coraza_rewrite.c \ + $ngx_addon_dir/src/ngx_http_coraza_utils.c \ + " - NGX_ADDON_DEPS="\ - $NGX_ADDON_DEPS \ - $ngx_addon_dir/src/ddebug.h \ - $ngx_addon_dir/src/ngx_http_coraza_common.h \ - " + NGX_ADDON_DEPS="$NGX_ADDON_DEPS \ + $ngx_addon_dir/src/ddebug.h \ + $ngx_addon_dir/src/ngx_http_coraza_common.h \ + " fi diff --git a/coraza.conf b/coraza.conf new file mode 100644 index 0000000..9bf4971 --- /dev/null +++ b/coraza.conf @@ -0,0 +1,5 @@ +coraza on; +coraza_rules 'SecRuleEngine On + SecRule ARGS "@streq whee" "id:10,phase:2" + SecRule ARGS "@streq whee" "id:11,phase:2" + '; diff --git a/ngx-modsec.stp b/ngx-coraza.stp similarity index 77% rename from ngx-modsec.stp rename to ngx-coraza.stp index 8c5fa65..29b8a73 100755 --- a/ngx-modsec.stp +++ b/ngx-coraza.stp @@ -6,12 +6,12 @@ global rules_phase # Rules -probe process("/usr/local/lib/libcoraza.so.3").function("evaluate@rule.cc*") +probe process("/usr/local/lib/libcoraza.so").function("evaluate@rule.cc*") { begin_rule = gettimeofday_us(); } -probe process("/usr/local/lib/libcoraza.so.3").function("evaluate@rule.cc*").return +probe process("/usr/local/lib/libcoraza.so").function("evaluate@rule.cc*").return { elapsed_rule = gettimeofday_us() - begin_rule rules[$this->m_ruleId] <<< elapsed_rule diff --git a/src/ngx_http_coraza_common.h b/src/ngx_http_coraza_common.h index b7c4dc2..d585a27 100644 --- a/src/ngx_http_coraza_common.h +++ b/src/ngx_http_coraza_common.h @@ -126,5 +126,7 @@ ngx_int_t ngx_http_coraza_pre_access_handler(ngx_http_request_t *r); /* ngx_http_coraza_rewrite.c */ ngx_int_t ngx_http_coraza_rewrite_handler(ngx_http_request_t *r); +/* ngx_http_coraza_utils.c */ +ngx_int_t ngx_str_to_char(ngx_str_t a, char *str, ngx_pool_t *p); #endif /* _ngx_http_coraza_COMMON_H_INCLUDED_ */ diff --git a/src/ngx_http_coraza_module.c b/src/ngx_http_coraza_module.c index 9e70151..2f34d8e 100644 --- a/src/ngx_http_coraza_module.c +++ b/src/ngx_http_coraza_module.c @@ -142,7 +142,9 @@ void ngx_http_coraza_cleanup(void *data) ctx = (ngx_http_coraza_ctx_t *)data; - coraza_transaction_free(ctx->coraza_transaction); + if (coraza_free_transaction(ctx->coraza_transaction) != NGX_OK) { + dd("cleanup -- transaction free failed: %d", res); + }; } ngx_inline ngx_http_coraza_ctx_t * @@ -199,15 +201,20 @@ char * ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { int res; - char *rules; + char *rules = NULL; ngx_str_t *value; - char *error; + char *error = NULL; ngx_http_coraza_conf_t *mcf = conf; ngx_http_coraza_main_conf_t *mmcf; value = cf->args->elts; - res = coraza_rules_add(mcf->waf, (char *)value[1].data, &error); + if (ngx_str_to_char(value[1], rules, cf->pool) != NGX_OK) { + dd("Failed to get the rules"); + return NGX_CONF_ERROR; + } + + res = coraza_rules_add(mcf->waf, rules, &error); if (res < 0) { @@ -225,15 +232,20 @@ char * ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { int res; - char *rules_set; + char *rules_set = NULL; ngx_str_t *value; - char **error; + char **error = NULL; ngx_http_coraza_conf_t *mcf = conf; ngx_http_coraza_main_conf_t *mmcf; value = cf->args->elts; - res = coraza_rules_add(mcf->waf, (char *)value[1].data, &error); + if (ngx_str_to_char(value[1], rules_set, cf->pool) != NGX_OK) { + dd("Failed to get the rules_file"); + return NGX_CONF_ERROR; + } + + res = coraza_rules_add(mcf->waf, rules_set, error); if (res < 0) { @@ -555,11 +567,11 @@ ngx_http_coraza_merge_conf(ngx_conf_t *cf, void *parent, void *child) dd("CHILD RULES"); coraza_rules_dump(c->rules_set); #endif - rules = coraza_rules_merge(c->waf, p->waf, &error); + rules = coraza_rules_merge(c->waf, p->waf, error); if (rules < 0) { - return error; + return *error; } #if defined(CORAZA_DDEBUG) && (CORAZA_DDEBUG) diff --git a/src/ngx_http_coraza_pre_access.c b/src/ngx_http_coraza_pre_access.c index 8ef6abf..e533ff2 100644 --- a/src/ngx_http_coraza_pre_access.c +++ b/src/ngx_http_coraza_pre_access.c @@ -138,6 +138,7 @@ ngx_http_coraza_pre_access_handler(ngx_http_request_t *r) { int ret = 0; int already_inspected = 0; + char *file_name = NULL; dd("request body is ready to be processed"); @@ -156,8 +157,7 @@ ngx_http_coraza_pre_access_handler(ngx_http_request_t *r) if (r->request_body->temp_file != NULL) { ngx_str_t file_path = r->request_body->temp_file->file.name; - const char *file_name = ngx_str_to_char(file_path, r->pool); - if (file_name == (char*)-1) { + if (ngx_str_to_char(file_path, file_name, r->pool) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } /* @@ -166,7 +166,7 @@ ngx_http_coraza_pre_access_handler(ngx_http_request_t *r) */ dd("request body inspection: file -- %s", file_name); - coraza_request_body_from_file(ctx->coraza_transaction, (char*)file_name); + coraza_request_body_from_file(ctx->coraza_transaction, file_name); already_inspected = 1; } else { diff --git a/src/ngx_http_coraza_rewrite.c b/src/ngx_http_coraza_rewrite.c index 3526fc9..87179db 100644 --- a/src/ngx_http_coraza_rewrite.c +++ b/src/ngx_http_coraza_rewrite.c @@ -25,6 +25,12 @@ ngx_http_coraza_rewrite_handler(ngx_http_request_t *r) { ngx_http_coraza_ctx_t *ctx; ngx_http_coraza_conf_t *mcf; + ngx_str_t ngx_server_addr; + char *client_addr = NULL; + char *server_addr = NULL; + char *uri = NULL; + char *method = NULL; + char *http_version = NULL; mcf = ngx_http_get_module_loc_conf(r, ngx_http_coraza_module); if (mcf == NULL || mcf->enable != 1) { @@ -43,12 +49,9 @@ ngx_http_coraza_rewrite_handler(ngx_http_request_t *r) int ret = 0; ngx_connection_t *connection = r->connection; - /** - * FIXME: We may want to use struct sockaddr instead of addr_text. - * - */ - ngx_str_t addr_text = connection->addr_text; + ngx_str_t addr_text = connection->addr_text; + ctx = ngx_http_coraza_create_ctx(r); dd("ctx was NULL, creating new context: %p", ctx); @@ -68,28 +71,31 @@ ngx_http_coraza_rewrite_handler(ngx_http_request_t *r) */ int client_port = ngx_inet_get_port(connection->sockaddr); int server_port = ngx_inet_get_port(connection->local_sockaddr); - - const char *client_addr = ngx_str_to_char(addr_text, r->pool); - if (client_addr == (char*)-1) { + + u_char addr[NGX_SOCKADDR_STRLEN]; + ngx_server_addr.len = NGX_SOCKADDR_STRLEN; + ngx_server_addr.data = addr; + if (ngx_connection_local_sockaddr(r->connection, &ngx_server_addr, 0) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - ngx_str_t s; - u_char addr[NGX_SOCKADDR_STRLEN]; - s.len = NGX_SOCKADDR_STRLEN; - s.data = addr; - if (ngx_connection_local_sockaddr(r->connection, &s, 0) != NGX_OK) { + if (ngx_str_to_char(addr_text, client_addr, r->pool) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - const char *server_addr = ngx_str_to_char(s, r->pool); - if (server_addr == (char*)-1) { + if (ngx_str_to_char(ngx_server_addr, server_addr, r->pool) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + } + /* FIXME: addr_text here is an nginx str that might be a path if + * this is a unix socket. Because of this, using the socket + * structure might be better + */ ret = coraza_process_connection(ctx->coraza_transaction, - (char *)client_addr, client_port, - (char *)server_addr, server_port); + client_addr, + client_port, + server_addr, + server_port); if (ret != 1){ dd("Was not able to extract connection information."); } @@ -109,7 +115,6 @@ ngx_http_coraza_rewrite_handler(ngx_http_request_t *r) return ret; } - const char *http_version; switch (r->http_version) { case NGX_HTTP_VERSION_9 : http_version = "0.9"; @@ -130,16 +135,15 @@ ngx_http_coraza_rewrite_handler(ngx_http_request_t *r) break; } - const char *n_uri = ngx_str_to_char(r->unparsed_uri, r->pool); - const char *n_method = ngx_str_to_char(r->method_name, r->pool); - if (n_uri == (char*)-1 || n_method == (char*)-1) { + if (ngx_str_to_char(r->unparsed_uri, uri, r->pool) != NGX_OK) { + dd("uri is of length zero"); return NGX_HTTP_INTERNAL_SERVER_ERROR; } - if (n_uri == NULL) { - dd("uri is of length zero"); + if (ngx_str_to_char(r->method_name, method, r->pool) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - coraza_process_uri(ctx->coraza_transaction, (char *)n_uri, (char *)n_method, (char *)http_version); + + coraza_process_uri(ctx->coraza_transaction, uri, method, http_version); dd("Processing intervention with the transaction information filled in (uri, method and version)"); ret = ngx_http_coraza_process_intervention(ctx->coraza_transaction, r, 1); diff --git a/src/ngx_http_coraza_utils.c b/src/ngx_http_coraza_utils.c new file mode 100644 index 0000000..e9be865 --- /dev/null +++ b/src/ngx_http_coraza_utils.c @@ -0,0 +1,32 @@ +#include "ddebug.h" +#include "ngx_http_coraza_common.h" + +/* + * ngx_string's are not null-terminated in common case, so we need to convert + * them into null-terminated ones before passing to CORAZA + */ +ngx_int_t +ngx_str_to_char(ngx_str_t a, char *str, ngx_pool_t *p) +{ + if (str) { + free(str); + str = NULL; + } + + if (a.len == 0) + { + return NGX_OK; + } + + str = ngx_pnalloc(p, a.len + 1); + if (str == NULL) + { + dd("failed to allocate memory to convert space ngx_string to C string"); + /* We already returned NULL for an empty string, so return -1 here to indicate allocation error */ + return NGX_ERROR; + } + ngx_memcpy(str, a.data, a.len); + str[a.len] = '\0'; + + return NGX_OK; +} diff --git a/tests/modsecurity-config-auditlog.t b/tests/coraza-config-auditlog.t similarity index 100% rename from tests/modsecurity-config-auditlog.t rename to tests/coraza-config-auditlog.t diff --git a/tests/modsecurity-config-custom-error-page.t b/tests/coraza-config-custom-error-page.t similarity index 100% rename from tests/modsecurity-config-custom-error-page.t rename to tests/coraza-config-custom-error-page.t diff --git a/tests/modsecurity-config-debuglog.t b/tests/coraza-config-debuglog.t similarity index 100% rename from tests/modsecurity-config-debuglog.t rename to tests/coraza-config-debuglog.t diff --git a/tests/modsecurity-config-merge.t b/tests/coraza-config-merge.t similarity index 100% rename from tests/modsecurity-config-merge.t rename to tests/coraza-config-merge.t diff --git a/tests/modsecurity-config.t b/tests/coraza-config.t similarity index 100% rename from tests/modsecurity-config.t rename to tests/coraza-config.t diff --git a/tests/modsecurity-h2.t b/tests/coraza-h2.t similarity index 100% rename from tests/modsecurity-h2.t rename to tests/coraza-h2.t diff --git a/tests/modsecurity-proxy-h2.t b/tests/coraza-proxy-h2.t similarity index 100% rename from tests/modsecurity-proxy-h2.t rename to tests/coraza-proxy-h2.t diff --git a/tests/modsecurity-proxy.t b/tests/coraza-proxy.t similarity index 100% rename from tests/modsecurity-proxy.t rename to tests/coraza-proxy.t diff --git a/tests/modsecurity-request-body-h2.t b/tests/coraza-request-body-h2.t similarity index 100% rename from tests/modsecurity-request-body-h2.t rename to tests/coraza-request-body-h2.t diff --git a/tests/modsecurity-request-body.t b/tests/coraza-request-body.t similarity index 100% rename from tests/modsecurity-request-body.t rename to tests/coraza-request-body.t diff --git a/tests/modsecurity-response-body.t b/tests/coraza-response-body.t similarity index 100% rename from tests/modsecurity-response-body.t rename to tests/coraza-response-body.t diff --git a/tests/modsecurity-scoring.t b/tests/coraza-scoring.t similarity index 100% rename from tests/modsecurity-scoring.t rename to tests/coraza-scoring.t diff --git a/tests/modsecurity-transaction-id.t b/tests/coraza-transaction-id.t similarity index 100% rename from tests/modsecurity-transaction-id.t rename to tests/coraza-transaction-id.t diff --git a/tests/modsecurity.t b/tests/coraza.t similarity index 100% rename from tests/modsecurity.t rename to tests/coraza.t