Skip to content

Commit

Permalink
Fix: $naxsi_request_id inherits NGINX $request_id and is only filled …
Browse files Browse the repository at this point in the history 
…in when necessary
  • Loading branch information
@lubomudr
lubomudr committed Jun 22, 2024
1 parent 80e3242 commit 2ff7f12
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 60 deletions.
5 changes: 2 additions & 3 deletions naxsi_src/naxsi.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,6 @@ typedef struct
/* did libinjection sql/xss matched ? */
ngx_flag_t libinjection_sql : 1;
ngx_flag_t libinjection_xss : 1;
u_char request_id[NAXSI_REQUEST_ID_SIZE];
} ngx_http_request_ctx_t;

/*
Expand Down Expand Up @@ -620,8 +619,8 @@ ngx_http_apply_rulematch_v_n(ngx_http_rule_t* r,
int
naxsi_is_illegal_host_name(const ngx_str_t* server_name);

void
naxsi_generate_request_id(u_char* bytes);
char*
naxsi_request_id(ngx_http_request_t* req);

/*libinjection_xss wrapper not exported by libinject_xss.h.*/
int
Expand Down
3 changes: 0 additions & 3 deletions naxsi_src/naxsi_const.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@

#define NAXSI_VERSION "1.7"

#define NAXSI_REQUEST_ID_SIZE 16
#define NAXSI_REQUEST_ID_STRLEN ((NAXSI_REQUEST_ID_SIZE << 1) + 1)

#define NAXSI_LOG_JSON_STRLEN (NGX_MAX_ERROR_STR - 100)

/**
Expand Down
5 changes: 3 additions & 2 deletions naxsi_src/naxsi_runtime.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1133,9 +1133,10 @@ naxsi_create_log_array(ngx_http_request_ctx_t* ctx,
sz_left -= sub;
offset += sub;

sub = NAXSI_REQUEST_ID_SIZE << 1;
char* req_id = naxsi_request_id(r);
sub = 32;
if (sz_left > (100 + sub)) {
ngx_hex_dump(fragment->data + offset, ctx->request_id, NAXSI_REQUEST_ID_SIZE);
memcpy(fragment->data + offset, req_id, sub);
if (sub >= sz_left) {
sub = sz_left - 1;
}
Expand Down
67 changes: 44 additions & 23 deletions naxsi_src/naxsi_skeleton.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,9 @@ ngx_http_naxsi_attack_action_variable(ngx_http_request_t* r,
uintptr_t data);

static ngx_int_t
ngx_http_naxsi_request_id(ngx_http_request_t* r, ngx_http_variable_value_t* v, uintptr_t data);
ngx_http_naxsi_request_id_variable(ngx_http_request_t* r,
ngx_http_variable_value_t* v,
uintptr_t data);

/* command handled by the module */
static ngx_command_t ngx_http_naxsi_commands[] = {
Expand Down Expand Up @@ -351,21 +353,21 @@ static ngx_http_variable_t ngx_http_naxsi_variables[] = {
NULL, /* Set handler */
ngx_http_naxsi_server_variable, /* Get handler */
0, /* Data */
NGX_HTTP_VAR_NOCACHEABLE, /* Flags */
0, /* Flags */
0 }, /* Index */

{ ngx_string("naxsi_uri"), /* Name */
NULL, /* Set handler */
ngx_http_naxsi_uri_variable, /* Get handler */
0, /* Data */
NGX_HTTP_VAR_NOCACHEABLE, /* Flags */
0, /* Flags */
0 }, /* Index */

{ ngx_string("naxsi_learning"), /* Name */
NULL, /* Set handler */
ngx_http_naxsi_learning_variable, /* Get handler */
0, /* Data */
NGX_HTTP_VAR_NOCACHEABLE, /* Flags */
0, /* Flags */
0 }, /* Index */

{ ngx_string("naxsi_block"), /* Name */
Expand Down Expand Up @@ -417,12 +419,12 @@ static ngx_http_variable_t ngx_http_naxsi_variables[] = {
NGX_HTTP_VAR_NOCACHEABLE, /* Flags */
0 }, /* Index */

{ ngx_string("naxsi_request_id"), /* Name */
NULL, /* Set handler */
ngx_http_naxsi_request_id, /* Get handler */
0, /* Data */
NGX_HTTP_VAR_NOCACHEABLE, /* Flags */
0 }, /* Index */
{ ngx_string("naxsi_request_id"), /* Name */
NULL, /* Set handler */
ngx_http_naxsi_request_id_variable, /* Get handler */
0, /* Data */
0, /* Flags */
0 }, /* Index */

{ ngx_null_string, NULL, NULL, 0, 0, 0 } /* Sentinel */
};
Expand Down Expand Up @@ -1376,7 +1378,6 @@ ngx_http_naxsi_access_handler(ngx_http_request_t* r)
cln->handler = ngx_http_module_cleanup_handler;
cln->data = ctx;

naxsi_generate_request_id(ctx->request_id);
ngx_http_set_ctx(r, ctx, ngx_http_naxsi_module);
NX_DEBUG(_debug_modifier,
NGX_LOG_DEBUG_HTTP,
Expand Down Expand Up @@ -2090,28 +2091,48 @@ ngx_http_naxsi_attack_action_variable(ngx_http_request_t* r,
}

static ngx_int_t
ngx_http_naxsi_request_id(ngx_http_request_t* r, ngx_http_variable_value_t* v, uintptr_t data)
ngx_http_naxsi_request_id_variable(ngx_http_request_t* r,
ngx_http_variable_value_t* v,
uintptr_t data)
{
ngx_http_request_ctx_t* ctx = recover_request_ctx(r);
if (!ctx) {
v->not_found = 1;
return NGX_OK;
}
char* req_id = naxsi_request_id(r);
u_char* id = NULL;

u_char* id = NULL;
const size_t len = NAXSI_REQUEST_ID_SIZE << 1;
if (req_id == NULL) {
return NGX_ERROR;
}

id = ngx_pnalloc(r->pool, len);
id = ngx_pnalloc(r->pool, 32);
if (id == NULL) {
return NGX_ERROR;
}

memcpy(id, req_id, 32);

v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
v->len = len;
v->len = 32;
v->data = id;

ngx_hex_dump(id, ctx->request_id, NAXSI_REQUEST_ID_SIZE);
return NGX_OK;
}

char*
naxsi_request_id(ngx_http_request_t* req)
{
ngx_http_variable_value_t* lookup;

static ngx_str_t request_id_varname = ngx_string("request_id");
static ngx_uint_t request_id_h = 0;
static char request_id_dump[33] = { 0 };

if (request_id_h == 0)
request_id_h = ngx_hash_key_lc(request_id_varname.data, request_id_varname.len);

lookup = ngx_http_get_variable(req, &request_id_varname, request_id_h);
if (lookup && !lookup->not_found && lookup->len > 0) {
memcpy(request_id_dump, lookup->data, 32);
return request_id_dump;
}
return NULL;
}
36 changes: 7 additions & 29 deletions naxsi_src/naxsi_utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -947,11 +947,9 @@ naxsi_log_offending_as_json(ngx_http_request_ctx_t* ctx,
ngx_str_t* str = NULL;
ngx_http_naxsi_loc_conf_t* cf = NULL;

char json[NAXSI_LOG_JSON_STRLEN];
char * out = json + 1, *end = (json + sizeof(json)) - 2;
u_char req_id[NAXSI_REQUEST_ID_STRLEN];

ngx_hex_dump(req_id, ctx->request_id, NAXSI_REQUEST_ID_SIZE);
char json[NAXSI_LOG_JSON_STRLEN];
char * out = json + 1, *end = (json + sizeof(json)) - 2;
u_char* req_id = (u_char*)naxsi_request_id(req);

// json object begin
json[0] = '{';
Expand All @@ -973,7 +971,7 @@ naxsi_log_offending_as_json(ngx_http_request_ctx_t* ctx,
}

// request id
out = naxsi_log_as_json_string(out, end, "rid", req_id, NAXSI_REQUEST_ID_STRLEN - 1);
out = naxsi_log_as_json_string(out, end, "rid", req_id, 32);
*out++ = ',';
if (out >= end) {
goto log_json;
Expand Down Expand Up @@ -1066,10 +1064,8 @@ naxsi_log_offending(ngx_http_request_ctx_t* ctx,

ngx_http_naxsi_loc_conf_t* cf;
ngx_str_t tmp_uri = { 0 }, tmp_val = { 0 }, tmp_name = { 0 };
ngx_str_t empty = ngx_string("");
u_char req_id[NAXSI_REQUEST_ID_STRLEN + 1] = { 0 };

ngx_hex_dump(req_id, ctx->request_id, NAXSI_REQUEST_ID_SIZE);
ngx_str_t empty = ngx_string("");
char* req_id = naxsi_request_id(req);

cf = ngx_http_get_module_loc_conf(req, ngx_http_naxsi_module);

Expand All @@ -1086,7 +1082,7 @@ naxsi_log_offending(ngx_http_request_ctx_t* ctx,
"ip=%V&server=%V&rid=%s&uri=%V&id=%d&zone=%s%s&var_name=%V&content=%V",
&(req->connection->addr_text),
&(req->headers_in.server),
(char*)req_id,
req_id,
&(tmp_uri),
rule->rule_id,
naxsi_match_zones[zone],
Expand Down Expand Up @@ -1202,21 +1198,3 @@ naxsi_is_illegal_host_name(const ngx_str_t* host_name)

return (0);
}

/*
** Creates a random request id and writes it into bytes
*/
void
naxsi_generate_request_id(u_char* bytes)
{
#if (NGX_OPENSSL)
if (RAND_bytes(bytes, NAXSI_REQUEST_ID_SIZE) == 1) {
return;
}
#endif
uint32_t* bytes32 = (uint32_t*)bytes;
const size_t len = (NAXSI_REQUEST_ID_SIZE / sizeof(uint32_t));
for (size_t i = 0; i < len; i++) {
bytes32[i] = (uint32_t)ngx_random();
}
}

0 comments on commit 2ff7f12

Please sign in to comment.