Commit ae30826

committed

Picked up code from PR #273

1 parent 62639fa commit ae30826Copy full SHA for ae30826

File tree

7 files changed

+47

-18

lines changed

7 files changed

+47

-18

lines changed

`‎src/ngx_http_modsecurity_body_filter.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t r, ngx_chain_t in)`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`/* get context for request */`
`58`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`58`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`59`	`59`	`dd("body filter, recovering ctx: %p", ctx);`
`60`	`60`
`61`	`61`	`if (ctx == NULL \|\| r->filter_finalize \|\| ctx->response_body_filtered) {`

`‎src/ngx_http_modsecurity_common.h‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,7 @@ typedef struct {`
`102`	`102`	`unsigned response_body_filtered:1;`
`103`	`103`	`unsigned logged:1;`
`104`	`104`	`unsigned intervention_triggered:1;`
	`105`	`+ unsigned request_body_processed:1;`
`105`	`106`	`} ngx_http_modsecurity_ctx_t;`
`106`	`107`
`107`	`108`
`@@ -142,6 +143,7 @@ extern ngx_module_t ngx_http_modsecurity_module;`
`142`	`143`	`/* ngx_http_modsecurity_module.c */`
`143`	`144`	`int ngx_http_modsecurity_process_intervention (Transaction transaction, ngx_http_request_t r, ngx_int_t early_log);`
`144`	`145`	`ngx_http_modsecurity_ctx_t ngx_http_modsecurity_create_ctx(ngx_http_request_t r);`
	`146`	`+ngx_http_modsecurity_ctx_t ngx_http_modsecurity_get_module_ctx(ngx_http_request_t r);`
`145`	`147`	`char ngx_str_to_char(ngx_str_t a, ngx_pool_t p);`
`146`	`148`	`#if (NGX_PCRE2)`
`147`	`149`	`#define ngx_http_modsecurity_pcre_malloc_init(x) NULL`

`‎src/ngx_http_modsecurity_header_filter.c‎`

Lines changed: 10 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ ngx_http_modsecurity_store_ctx_header(ngx_http_request_t r, ngx_str_t name, ng`
`109`	`109`	`ngx_http_modsecurity_conf_t *mcf;`
`110`	`110`	`ngx_http_modsecurity_header_t *hdr;`
`111`	`111`
`112`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`112`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`113`	`113`	`if (ctx == NULL \|\| ctx->sanity_headers_out == NULL) {`
`114`	`114`	`return NGX_ERROR;`
`115`	`115`	`}`
`@@ -152,7 +152,7 @@ ngx_http_modsecurity_resolv_header_server(ngx_http_request_t *r, ngx_str_t name,`
`152`	`152`	`ngx_str_t value;`
`153`	`153`
`154`	`154`	`clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);`
`155`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`155`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`156`	`156`
`157`	`157`	`if (r->headers_out.server == NULL) {`
`158`	`158`	`if (clcf->server_tokens) {`
`@@ -186,7 +186,7 @@ ngx_http_modsecurity_resolv_header_date(ngx_http_request_t *r, ngx_str_t name, o`
`186`	`186`	`ngx_http_modsecurity_ctx_t *ctx = NULL;`
`187`	`187`	`ngx_str_t date;`
`188`	`188`
`189`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`189`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`190`	`190`
`191`	`191`	`if (r->headers_out.date == NULL) {`
`192`	`192`	`date.data = ngx_cached_http_time.data;`
`@@ -216,7 +216,7 @@ ngx_http_modsecurity_resolv_header_content_length(ngx_http_request_t *r, ngx_str`
`216`	`216`	`ngx_str_t value;`
`217`	`217`	`char buf[NGX_INT64_LEN+2];`
`218`	`218`
`219`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`219`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`220`	`220`
`221`	`221`	`if (r->headers_out.content_length_n > 0)`
`222`	`222`	`{`
`@@ -243,7 +243,7 @@ ngx_http_modsecurity_resolv_header_content_type(ngx_http_request_t *r, ngx_str_t`
`243`	`243`	`{`
`244`	`244`	`ngx_http_modsecurity_ctx_t *ctx = NULL;`
`245`	`245`
`246`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`246`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`247`	`247`
`248`	`248`	`if (r->headers_out.content_type.len > 0)`
`249`	`249`	`{`
`@@ -270,7 +270,7 @@ ngx_http_modsecurity_resolv_header_last_modified(ngx_http_request_t *r, ngx_str_`
`270`	`270`	`u_char buf[1024], *p;`
`271`	`271`	`ngx_str_t value;`
`272`	`272`
`273`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`273`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`274`	`274`
`275`	`275`	`if (r->headers_out.last_modified_time == -1) {`
`276`	`276`	`return 1;`
`@@ -302,7 +302,7 @@ ngx_http_modsecurity_resolv_header_connection(ngx_http_request_t *r, ngx_str_t n`
`302`	`302`	`ngx_str_t value;`
`303`	`303`
`304`	`304`	`clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);`
`305`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`305`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`306`	`306`
`307`	`307`	`if (r->headers_out.status == NGX_HTTP_SWITCHING_PROTOCOLS) {`
`308`	`308`	`connection = "upgrade";`
`@@ -353,7 +353,7 @@ ngx_http_modsecurity_resolv_header_transfer_encoding(ngx_http_request_t *r, ngx_`
`353`	`353`	`if (r->chunked) {`
`354`	`354`	`ngx_str_t value = ngx_string("chunked");`
`355`	`355`
`356`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`356`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`357`	`357`
`358`	`358`	`#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)`
`359`	`359`	`ngx_http_modsecurity_store_ctx_header(r, &name, &value);`
`@@ -380,7 +380,7 @@ ngx_http_modsecurity_resolv_header_vary(ngx_http_request_t *r, ngx_str_t name, o`
`380`	`380`	`if (r->gzip_vary && clcf->gzip_vary) {`
`381`	`381`	`ngx_str_t value = ngx_string("Accept-Encoding");`
`382`	`382`
`383`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`383`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`384`	`384`
`385`	`385`	`#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)`
`386`	`386`	`ngx_http_modsecurity_store_ctx_header(r, &name, &value);`
`@@ -422,7 +422,7 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)`
`422`	`422`
`423`	`423`	`/* XXX: if NOT_MODIFIED, do we need to process it at all? see xslt_header_filter() */`
`424`	`424`
`425`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`425`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`426`	`426`
`427`	`427`	`dd("header filter, recovering ctx: %p", ctx);`
`428`	`428`

`‎src/ngx_http_modsecurity_log.c‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -60,13 +60,13 @@ ngx_http_modsecurity_log_handler(ngx_http_request_t *r)`
`60`	`60`	`return NGX_OK;`
`61`	`61`	`}`
`62`	`62`	`*/`
`63`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`63`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`64`	`64`
`65`	`65`	`dd("recovering ctx: %p", ctx);`
`66`	`66`
`67`	`67`	`if (ctx == NULL) {`
`68`		`- dd("something really bad happened here. returning NGX_ERROR");`
`69`		`- return NGX_ERROR;`
	`68`	`+ dd("ModSecurity not enabled or error occurred");`
	`69`	`+ return NGX_OK;`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`if (ctx->logged) {`

`‎src/ngx_http_modsecurity_module.c‎`

Lines changed: 22 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_re`
`149`	`149`
`150`	`150`	`dd("processing intervention");`
`151`	`151`
`152`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`152`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`153`	`153`	`if (ctx == NULL)`
`154`	`154`	`{`
`155`	`155`	`return NGX_HTTP_INTERNAL_SERVER_ERROR;`
`@@ -314,6 +314,27 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)`
`314`	`314`	`return ctx;`
`315`	`315`	`}`
`316`	`316`
	`317`	`+ngx_inline ngx_http_modsecurity_ctx_t *`
	`318`	`+ngx_http_modsecurity_get_module_ctx(ngx_http_request_t *r)`
	`319`	`+{`
	`320`	`+ ngx_http_modsecurity_ctx_t *ctx;`
	`321`	`+ ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`322`	`+ if (ctx == NULL) {`
	`323`	`+ /*`
	`324`	`+ * refer <nginx>/src/http/modules/ngx_http_realip_module.c`
	`325`	`+ * if module context was reset, the original address`
	`326`	`+ * can still be found in the cleanup handler`
	`327`	`+ */`
	`328`	`+ ngx_pool_cleanup_t *cln;`
	`329`	`+ for (cln = r->pool->cleanup; cln; cln = cln->next) {`
	`330`	`+ if (cln->handler == ngx_http_modsecurity_cleanup) {`
	`331`	`+ ctx = cln->data;`
	`332`	`+ break;`
	`333`	`+ }`
	`334`	`+ }`
	`335`	`+ }`
	`336`	`+ return ctx;`
	`337`	`+}`
`317`	`338`
`318`	`339`	`char *`
`319`	`340`	`ngx_conf_set_rules(ngx_conf_t cf, ngx_command_t cmd, void *conf)`

`‎src/ngx_http_modsecurity_pre_access.c‎`

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ ngx_http_modsecurity_request_read(ngx_http_request_t *r)`
`27`	`27`	`{`
`28`	`28`	`ngx_http_modsecurity_ctx_t *ctx;`
`29`	`29`
`30`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`30`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`31`	`31`
`32`	`32`	`#if defined(nginx_version) && nginx_version >= 8011`
`33`	`33`	`r->main->count--;`
`@@ -70,7 +70,7 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)`
`70`	`70`	`}`
`71`	`71`	`*/`
`72`	`72`
`73`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`73`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`74`	`74`
`75`	`75`	`dd("recovering ctx: %p", ctx);`
`76`	`76`
`@@ -80,6 +80,11 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)`
`80`	`80`	`return NGX_HTTP_INTERNAL_SERVER_ERROR;`
`81`	`81`	`}`
`82`	`82`
	`83`	`+ if (ctx->request_body_processed) {`
	`84`	`+ // should we use r->internal or r->filter_finalize?`
	`85`	`+ return NGX_DECLINED;`
	`86`	`+ }`
	`87`	`+`
`83`	`88`	`if (ctx->intervention_triggered) {`
`84`	`89`	`return NGX_DECLINED;`
`85`	`90`	`}`
`@@ -212,6 +217,7 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)`
`212`	`217`
`213`	`218`	`old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);`
`214`	`219`	`msc_process_request_body(ctx->modsec_transaction);`
	`220`	`+ ctx->request_body_processed = 1;`
`215`	`221`	`ngx_http_modsecurity_pcre_malloc_done(old_pool);`
`216`	`222`
`217`	`223`	`ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);`

`‎src/ngx_http_modsecurity_rewrite.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)`
`46`	`46`
`47`	`47`	`dd("catching a new _rewrite_ phase handler");`
`48`	`48`
`49`		`- ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);`
	`49`	`+ ctx = ngx_http_modsecurity_get_module_ctx(r);`
`50`	`50`
`51`	`51`	`dd("recovering ctx: %p", ctx);`
`52`	`52`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ae30826

File tree

7 files changed

7 files changed

`‎src/ngx_http_modsecurity_body_filter.c‎`

`‎src/ngx_http_modsecurity_common.h‎`

`‎src/ngx_http_modsecurity_header_filter.c‎`

`‎src/ngx_http_modsecurity_log.c‎`

`‎src/ngx_http_modsecurity_module.c‎`

`‎src/ngx_http_modsecurity_pre_access.c‎`

`‎src/ngx_http_modsecurity_rewrite.c‎`

0 commit comments