Update libinjection and bump version to 1.6 (#104)

* Version 1.6 * Updated libinjection to 4aa3894 * Fix formatting.
wargio · Oct 11, 2023 · f746116 · f746116
1 parent 1b71252
commit f746116
Show file tree

Hide file tree

Showing 18 changed files with 84 additions and 84 deletions.
diff --git a/.github/workflows/distros.yaml b/.github/workflows/distros.yaml
@@ -39,6 +39,7 @@ jobs:
         echo RELEASE_NAME="naxsi-${RELEASE_ID}-src-with-deps-tgz" >> $GITHUB_ENV
         export TARNAME="naxsi-${RELEASE_ID}-src-with-deps.tar.gz"
         touch "$TARNAME"
+        rm -rf .git
         tar --exclude="$TARNAME" -czvf "$TARNAME" .
     - name: Upload tarball
       uses: actions/upload-artifact@v3
@@ -66,6 +67,7 @@ jobs:
         fi
         RELEASE_ID=${RELEASE_ID##refs/tags/}
         echo RELEASE_NAME="naxsi-${RELEASE_ID}-src-with-deps-zip" >> $GITHUB_ENV
+        rm -rf .git
     - name: Upload zip
       uses: actions/upload-artifact@v3
       with:
@@ -137,7 +139,7 @@ jobs:
       run: |
         rm -rf naxsi_src/libinjection
         git clone https://github.com/libinjection/libinjection.git naxsi_src/libinjection
-        git -C naxsi_src/libinjection checkout 51f3a96e9fcc90a6112f52ac96fd4661e7ab0a44
+        git -C naxsi_src/libinjection checkout 4aa3894b21d03d9d8fc364505c0617d2aca73fc1
         chmod 777 .
     - name: ${{ matrix.name }} package
       if: matrix.package == 'apk'
@@ -191,7 +193,7 @@ jobs:
       run: |
         rm -rf naxsi_src/libinjection
         git clone https://github.com/libinjection/libinjection.git naxsi_src/libinjection
-        git -C naxsi_src/libinjection checkout 51f3a96e9fcc90a6112f52ac96fd4661e7ab0a44
+        git -C naxsi_src/libinjection checkout 4aa3894b21d03d9d8fc364505c0617d2aca73fc1
         git clone --depth=1 https://github.com/wargio/deb-creator.git
         chmod 777 .
         apt-get source nginx

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -49,12 +49,12 @@ jobs:
       uses: actions/checkout@v3
     - name: Install wget, software-properties-common, lsb-release (dependencies of LLVM install script)
       run: sudo apt --assume-yes install wget software-properties-common lsb-release
-    - name: Install automatic LLVM 13
-      run: wget https://apt.llvm.org/llvm.sh -O /tmp/llvm-install.sh; chmod +x /tmp/llvm-install.sh; sudo /tmp/llvm-install.sh 13
-    - name: Install clang-format-13
-      run: sudo apt --assume-yes install clang-format-13
+    - name: Install automatic LLVM 16
+      run: wget https://apt.llvm.org/llvm.sh -O /tmp/llvm-install.sh; chmod +x /tmp/llvm-install.sh; sudo /tmp/llvm-install.sh 16
+    - name: Install clang-format-16
+      run: sudo apt --assume-yes install clang-format-16
     - name: Format check
-      run: find naxsi_src/ -type f -name "*.c" -o -name "*.h" | grep -v "libinjection" | xargs -I % clang-format --verbose --dry-run %
+      run: find naxsi_src/ -type f -name "*.c" -o -name "*.h" | grep -v "libinjection" | xargs -I % clang-format --verbose --Werror --dry-run %
 
   rules:
     runs-on: ubuntu-latest

diff --git a/distros/alpine/1.18.0-r13/APKBUILD b/distros/alpine/1.18.0-r13/APKBUILD
@@ -61,7 +61,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.18.0-r15/APKBUILD b/distros/alpine/1.18.0-r15/APKBUILD
@@ -62,7 +62,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.20.1-r3/APKBUILD b/distros/alpine/1.20.1-r3/APKBUILD
@@ -62,7 +62,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.20.2-r0/APKBUILD b/distros/alpine/1.20.2-r0/APKBUILD
@@ -62,7 +62,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.20.2-r1/APKBUILD b/distros/alpine/1.20.2-r1/APKBUILD
@@ -63,7 +63,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.22.0-r1/APKBUILD b/distros/alpine/1.22.0-r1/APKBUILD
@@ -62,7 +62,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.22.1-r0/APKBUILD b/distros/alpine/1.22.1-r0/APKBUILD
@@ -62,7 +62,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.24.0-r3/APKBUILD b/distros/alpine/1.24.0-r3/APKBUILD
@@ -64,7 +64,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/alpine/1.24.0-r6/APKBUILD b/distros/alpine/1.24.0-r6/APKBUILD
@@ -64,7 +64,7 @@ _add_module() {
 	subpackages="$subpackages $pkgname-mod-$name:_module"
 }
 
-_add_module "http-naxsi" "1.5" "https://github.com/wargio/naxsi" "naxsi_src"
+_add_module "http-naxsi" "1.6" "https://github.com/wargio/naxsi" "naxsi_src"
 _naxsi_provides="$pkgname-naxsi"  # for backward compatibility
 
 prepare() {

diff --git a/distros/arch/PKGBUILD b/distros/arch/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Giovanni Dante (deroad) Grazioli <[email protected]>
 
 pkgname=nginx-mod-naxsi-git
-pkgver=1.5
+pkgver=1.6
 pkgrel=1
 epoch=1
 _modname=naxsi

diff --git a/naxsi_src/libinjection b/naxsi_src/libinjection
diff --git a/naxsi_src/naxsi_const.h b/naxsi_src/naxsi_const.h
@@ -4,7 +4,7 @@
 #ifndef NAXSI_CONST_H
 #define NAXSI_CONST_H
 
-#define NAXSI_VERSION "1.5"
+#define NAXSI_VERSION "1.6"
 
 #define NAXSI_REQUEST_ID_SIZE   16
 #define NAXSI_REQUEST_ID_STRLEN ((NAXSI_REQUEST_ID_SIZE << 1) + 1)

diff --git a/naxsi_src/naxsi_json.c b/naxsi_src/naxsi_json.c
@@ -10,8 +10,6 @@ extern ngx_http_rule_t nx_int__invalid_json;
 
 #define json_char(x) ((x)->src + (x)->off)
 
-//#define _debug_json 1
-
 ngx_int_t
 ngx_http_nx_json_forward(ngx_json_t* js)
 {
@@ -146,9 +144,9 @@ ngx_http_nx_json_val(ngx_json_t* js)
   if ((js->c >= '0' && js->c <= '9') || js->c == '-') {
     val.data = js->src + js->off;
     while (((*(js->src + js->off) >= '0' && *(js->src + js->off) <= '9') ||
-            *(js->src + js->off) == '.' ||
-            *(js->src + js->off) == '+' || *(js->src + js->off) == '-' ||
-            *(js->src + js->off) == 'e' || *(js->src + js->off) == 'E') &&
+            *(js->src + js->off) == '.' || *(js->src + js->off) == '+' ||
+            *(js->src + js->off) == '-' || *(js->src + js->off) == 'e' ||
+            *(js->src + js->off) == 'E') &&
            js->off < js->len) {
       val.len++;
       js->off++;

diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
@@ -16,6 +16,7 @@
 ** rules at any time ;)
 */
 
+// clang-format off
 #define InternalRule(var_name, rule_id, block, drop)             \
   ngx_http_rule_t var_name = {                                   \
     /*type*/ 0,            /*whitelist flag*/ 0,                 \
@@ -41,6 +42,7 @@ InternalRule(nx_int__libinject_xss,          18, 1, 0);
 InternalRule(nx_int__no_rules,               19, 0, 1);
 InternalRule(nx_int__bad_utf8,               20, 0, 1);
 InternalRule(nx_int__illegal_host_header,    21, 0, 1);
+// clang-format on
 
 #define naxsi_error_fatal(ctx, r, ...)                                                             \
   do {                                                                                             \
@@ -2912,14 +2914,14 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t*    ctx,
   NX_DEBUG(_debug_custom_score, NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "XX-custom check rules");
 
   if (!ctx->ignore && (cf->ignore_ips || cf->ignore_cidrs)) {
-      ngx_str_t* ip = &r->connection->addr_text;
-      NX_DEBUG(_debug_whitelist_ignore,
-               NGX_LOG_DEBUG_HTTP,
-               r->connection->log,
-               0,
-               "XX- lookup ignore client ip: %V",
-               ip);
-      ctx->ignore = naxsi_can_ignore_ip(ip, cf) || naxsi_can_ignore_cidr(ip, cf);
+    ngx_str_t* ip = &r->connection->addr_text;
+    NX_DEBUG(_debug_whitelist_ignore,
+             NGX_LOG_DEBUG_HTTP,
+             r->connection->log,
+             0,
+             "XX- lookup ignore client ip: %V",
+             ip);
+    ctx->ignore = naxsi_can_ignore_ip(ip, cf) || naxsi_can_ignore_cidr(ip, cf);
   }
 
   if (cf->check_rules && ctx->special_scores) {