diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h index 2726009..8bf656c 100644 --- a/naxsi_src/naxsi.h +++ b/naxsi_src/naxsi.h @@ -411,7 +411,6 @@ typedef struct /* did libinjection sql/xss matched ? */ ngx_flag_t libinjection_sql : 1; ngx_flag_t libinjection_xss : 1; - u_char request_id[NAXSI_REQUEST_ID_SIZE]; } ngx_http_request_ctx_t; /* @@ -620,8 +619,8 @@ ngx_http_apply_rulematch_v_n(ngx_http_rule_t* r, int naxsi_is_illegal_host_name(const ngx_str_t* server_name); -void -naxsi_generate_request_id(u_char* bytes); +char* +naxsi_request_id(ngx_http_request_t* req); /*libinjection_xss wrapper not exported by libinject_xss.h.*/ int diff --git a/naxsi_src/naxsi_const.h b/naxsi_src/naxsi_const.h index 9f0ecea..c6540b2 100644 --- a/naxsi_src/naxsi_const.h +++ b/naxsi_src/naxsi_const.h @@ -6,9 +6,6 @@ #define NAXSI_VERSION "1.7" -#define NAXSI_REQUEST_ID_SIZE 16 -#define NAXSI_REQUEST_ID_STRLEN ((NAXSI_REQUEST_ID_SIZE << 1) + 1) - #define NAXSI_LOG_JSON_STRLEN (NGX_MAX_ERROR_STR - 100) /** diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c index b307a25..9e7bec0 100644 --- a/naxsi_src/naxsi_runtime.c +++ b/naxsi_src/naxsi_runtime.c @@ -1133,9 +1133,10 @@ naxsi_create_log_array(ngx_http_request_ctx_t* ctx, sz_left -= sub; offset += sub; - sub = NAXSI_REQUEST_ID_SIZE << 1; + char* req_id = naxsi_request_id(r); + sub = 32; if (sz_left > (100 + sub)) { - ngx_hex_dump(fragment->data + offset, ctx->request_id, NAXSI_REQUEST_ID_SIZE); + memcpy(fragment->data + offset, req_id, sub); if (sub >= sz_left) { sub = sz_left - 1; } diff --git a/naxsi_src/naxsi_skeleton.c b/naxsi_src/naxsi_skeleton.c index b1b39fc..69de7a9 100644 --- a/naxsi_src/naxsi_skeleton.c +++ b/naxsi_src/naxsi_skeleton.c @@ -134,7 +134,9 @@ ngx_http_naxsi_attack_action_variable(ngx_http_request_t* r, uintptr_t data); static ngx_int_t -ngx_http_naxsi_request_id(ngx_http_request_t* r, ngx_http_variable_value_t* v, uintptr_t data); +ngx_http_naxsi_request_id_variable(ngx_http_request_t* r, + ngx_http_variable_value_t* v, + uintptr_t data); /* command handled by the module */ static ngx_command_t ngx_http_naxsi_commands[] = { @@ -351,21 +353,21 @@ static ngx_http_variable_t ngx_http_naxsi_variables[] = { NULL, /* Set handler */ ngx_http_naxsi_server_variable, /* Get handler */ 0, /* Data */ - NGX_HTTP_VAR_NOCACHEABLE, /* Flags */ + 0, /* Flags */ 0 }, /* Index */ { ngx_string("naxsi_uri"), /* Name */ NULL, /* Set handler */ ngx_http_naxsi_uri_variable, /* Get handler */ 0, /* Data */ - NGX_HTTP_VAR_NOCACHEABLE, /* Flags */ + 0, /* Flags */ 0 }, /* Index */ { ngx_string("naxsi_learning"), /* Name */ NULL, /* Set handler */ ngx_http_naxsi_learning_variable, /* Get handler */ 0, /* Data */ - NGX_HTTP_VAR_NOCACHEABLE, /* Flags */ + 0, /* Flags */ 0 }, /* Index */ { ngx_string("naxsi_block"), /* Name */ @@ -417,12 +419,12 @@ static ngx_http_variable_t ngx_http_naxsi_variables[] = { NGX_HTTP_VAR_NOCACHEABLE, /* Flags */ 0 }, /* Index */ - { ngx_string("naxsi_request_id"), /* Name */ - NULL, /* Set handler */ - ngx_http_naxsi_request_id, /* Get handler */ - 0, /* Data */ - NGX_HTTP_VAR_NOCACHEABLE, /* Flags */ - 0 }, /* Index */ + { ngx_string("naxsi_request_id"), /* Name */ + NULL, /* Set handler */ + ngx_http_naxsi_request_id_variable, /* Get handler */ + 0, /* Data */ + 0, /* Flags */ + 0 }, /* Index */ { ngx_null_string, NULL, NULL, 0, 0, 0 } /* Sentinel */ }; @@ -1376,7 +1378,6 @@ ngx_http_naxsi_access_handler(ngx_http_request_t* r) cln->handler = ngx_http_module_cleanup_handler; cln->data = ctx; - naxsi_generate_request_id(ctx->request_id); ngx_http_set_ctx(r, ctx, ngx_http_naxsi_module); NX_DEBUG(_debug_modifier, NGX_LOG_DEBUG_HTTP, @@ -2090,28 +2091,48 @@ ngx_http_naxsi_attack_action_variable(ngx_http_request_t* r, } static ngx_int_t -ngx_http_naxsi_request_id(ngx_http_request_t* r, ngx_http_variable_value_t* v, uintptr_t data) +ngx_http_naxsi_request_id_variable(ngx_http_request_t* r, + ngx_http_variable_value_t* v, + uintptr_t data) { - ngx_http_request_ctx_t* ctx = recover_request_ctx(r); - if (!ctx) { - v->not_found = 1; - return NGX_OK; - } + char* req_id = naxsi_request_id(r); + u_char* id = NULL; - u_char* id = NULL; - const size_t len = NAXSI_REQUEST_ID_SIZE << 1; + if (req_id == NULL) { + return NGX_ERROR; + } - id = ngx_pnalloc(r->pool, len); + id = ngx_pnalloc(r->pool, 32); if (id == NULL) { return NGX_ERROR; } + memcpy(id, req_id, 32); + v->valid = 1; v->no_cacheable = 0; v->not_found = 0; - v->len = len; + v->len = 32; v->data = id; - - ngx_hex_dump(id, ctx->request_id, NAXSI_REQUEST_ID_SIZE); return NGX_OK; } + +char* +naxsi_request_id(ngx_http_request_t* req) +{ + ngx_http_variable_value_t* lookup; + + static ngx_str_t request_id_varname = ngx_string("request_id"); + static ngx_uint_t request_id_h = 0; + static char request_id_dump[33] = { 0 }; + + if (request_id_h == 0) + request_id_h = ngx_hash_key_lc(request_id_varname.data, request_id_varname.len); + + lookup = ngx_http_get_variable(req, &request_id_varname, request_id_h); + if (lookup && !lookup->not_found && lookup->len > 0) { + memcpy(request_id_dump, lookup->data, 32); + return request_id_dump; + } + return NULL; +} diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c index 33ab11d..a6d71f7 100644 --- a/naxsi_src/naxsi_utils.c +++ b/naxsi_src/naxsi_utils.c @@ -947,11 +947,9 @@ naxsi_log_offending_as_json(ngx_http_request_ctx_t* ctx, ngx_str_t* str = NULL; ngx_http_naxsi_loc_conf_t* cf = NULL; - char json[NAXSI_LOG_JSON_STRLEN]; - char * out = json + 1, *end = (json + sizeof(json)) - 2; - u_char req_id[NAXSI_REQUEST_ID_STRLEN]; - - ngx_hex_dump(req_id, ctx->request_id, NAXSI_REQUEST_ID_SIZE); + char json[NAXSI_LOG_JSON_STRLEN]; + char * out = json + 1, *end = (json + sizeof(json)) - 2; + u_char* req_id = (u_char*)naxsi_request_id(req); // json object begin json[0] = '{'; @@ -973,7 +971,7 @@ naxsi_log_offending_as_json(ngx_http_request_ctx_t* ctx, } // request id - out = naxsi_log_as_json_string(out, end, "rid", req_id, NAXSI_REQUEST_ID_STRLEN - 1); + out = naxsi_log_as_json_string(out, end, "rid", req_id, 32); *out++ = ','; if (out >= end) { goto log_json; @@ -1066,10 +1064,8 @@ naxsi_log_offending(ngx_http_request_ctx_t* ctx, ngx_http_naxsi_loc_conf_t* cf; ngx_str_t tmp_uri = { 0 }, tmp_val = { 0 }, tmp_name = { 0 }; - ngx_str_t empty = ngx_string(""); - u_char req_id[NAXSI_REQUEST_ID_STRLEN + 1] = { 0 }; - - ngx_hex_dump(req_id, ctx->request_id, NAXSI_REQUEST_ID_SIZE); + ngx_str_t empty = ngx_string(""); + char* req_id = naxsi_request_id(req); cf = ngx_http_get_module_loc_conf(req, ngx_http_naxsi_module); @@ -1086,7 +1082,7 @@ naxsi_log_offending(ngx_http_request_ctx_t* ctx, "ip=%V&server=%V&rid=%s&uri=%V&id=%d&zone=%s%s&var_name=%V&content=%V", &(req->connection->addr_text), &(req->headers_in.server), - (char*)req_id, + req_id, &(tmp_uri), rule->rule_id, naxsi_match_zones[zone], @@ -1202,21 +1198,3 @@ naxsi_is_illegal_host_name(const ngx_str_t* host_name) return (0); } - -/* -** Creates a random request id and writes it into bytes -*/ -void -naxsi_generate_request_id(u_char* bytes) -{ -#if (NGX_OPENSSL) - if (RAND_bytes(bytes, NAXSI_REQUEST_ID_SIZE) == 1) { - return; - } -#endif - uint32_t* bytes32 = (uint32_t*)bytes; - const size_t len = (NAXSI_REQUEST_ID_SIZE / sizeof(uint32_t)); - for (size_t i = 0; i < len; i++) { - bytes32[i] = (uint32_t)ngx_random(); - } -}