diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ba565f09..5940767da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-22.04] + os: [ubuntu-24.04] platform: [x32, x64] compiler: [gcc, clang] configure: @@ -27,7 +27,7 @@ jobs: - name: Setup Dependencies run: | sudo apt-get update -y -qq - sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data + sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev libpcre3-dev libpcre3 pkg-config libyajl-dev apache2 apache2-bin apache2-data - uses: actions/checkout@v2 - name: autogen.sh run: ./autogen.sh @@ -79,7 +79,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-22.04] + os: [ubuntu-24.04] platform: [x32, x64] compiler: [gcc, clang] configure: @@ -97,7 +97,7 @@ jobs: - name: Setup Dependencies run: | sudo apt-get update -y -qq - sudo apt-get install -y --no-install-recommends apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data + sudo apt-get install -y --no-install-recommends apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev libpcre3-dev libpcre3 pkg-config libyajl-dev apache2 apache2-bin apache2-data - uses: actions/checkout@v2 - name: autogen.sh run: ./autogen.sh @@ -110,3 +110,33 @@ jobs: run: sudo make install - name: run tests run: make test + + test-regression-linux: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-24.04] + #platform: [x32, x64] + platform: [x64] + #compiler: [gcc, clang] + compiler: [gcc] + configure: + - {label: "with pcre2, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" } + #- {label: "with pcre, with study, with jit", opt: "--with-pcre --enable-pcre-study=yes --enable-pcre-jit" } + steps: + - name: Setup Dependencies + run: | + sudo apt-get update -y -qq + sudo apt-get install -y --no-install-recommends apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev libpcre3-dev libpcre3 pkg-config libyajl-dev apache2 apache2-bin apache2-data perl libwww-perl ssdeep libfuzzy-dev libfuzzy2 + - uses: actions/checkout@v2 + - name: autogen.sh + run: ./autogen.sh + - name: configure ${{ matrix.configure.label }} + run: ./configure ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security' + - uses: ammaraskar/gcc-problem-matcher@master + - name: make + run: make -j `nproc` + - name: install module + run: sudo make install + - name: run regression tests + run: cd tests; time for f in `find regression/ -maxdepth 2 -mindepth 2 -name "*.t" | tr "\012" " "`; do time ./run-regression-tests.pl -S . -d ${f}; done diff --git a/tests/regression/config/10-request-directives.t b/tests/regression/config/10-request-directives.t index d5c6f143b..def9f63c6 100644 --- a/tests/regression/config/10-request-directives.t +++ b/tests/regression/config/10-request-directives.t @@ -501,7 +501,7 @@ SecRequestBodyLimit 20 ), match_log => { - debug => [ qr/Request body is larger than the configured limit \(20\).. Deny with code \(413\)/, 1 ], + debug => [ qr/Request body is larger than the configured limit \(20\)./, 1 ], }, match_response => { status => qr/^413$/, diff --git a/tests/regression/misc/10-tfn-cache.t b/tests/regression/misc/10-tfn-cache.t deleted file mode 100644 index f0a663e49..000000000 --- a/tests/regression/misc/10-tfn-cache.t +++ /dev/null @@ -1,187 +0,0 @@ -### Transformation Caching - -{ - type => "misc", - comment => "tfncache (simple fully cached)", - conf => qq( - SecRuleEngine On - SecDebugLog $ENV{DEBUG_LOG} - SecDebugLogLevel 9 - - # We need to make this work no matter what the defaults may change to - SecCacheTransformations On "minlen:1,maxlen:0" - - # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500037" - - # This should use the cached value - SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500038" - ), - match_log => { - debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ], - -debug => [ qr/partially cached/, 1 ], - }, - match_response => { - status => qr/^403$/, - }, - request => new HTTP::Request( - GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Foo+Bar", - ), -}, -{ - type => "misc", - comment => "tfncache (simple partially cached)", - conf => qq( - SecRuleEngine On - SecDebugLog $ENV{DEBUG_LOG} - SecDebugLogLevel 9 - - # We need to make this work no matter what the defaults may change to - SecCacheTransformations On "minlen:1,maxlen:0,incremental:off,maxitems:0" - - # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog,id:500039" - - # This should use the partially cached value - SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500040" - ), - match_log => { - debug => [ qr/removeWhiteSpace: "FooBar" .*partially cached/, 1 ], - }, - match_response => { - status => qr/^403$/, - }, - request => new HTTP::Request( - GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Foo+Bar", - ), -}, -{ - type => "misc", - comment => "tfncache (separate phases)", - conf => qq( - SecRuleEngine On - SecDebugLog $ENV{DEBUG_LOG} - SecDebugLogLevel 9 - - # We need to make this work no matter what the defaults may change to - SecCacheTransformations On "minlen:1,maxlen:0" - - # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500041" - - # This should use the cached value - SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500042" - ), - match_log => { - -debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ], - }, - match_response => { - status => qr/^403$/, - }, - request => new HTTP::Request( - GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Foo+Bar", - ), -}, -{ - type => "misc", - comment => "tfncache (non-modifying tfns cached)", - conf => qq( - SecRuleEngine On - SecDebugLog $ENV{DEBUG_LOG} - SecDebugLogLevel 9 - - # We need to make this work no matter what the defaults may change to - SecCacheTransformations On "minlen:1,maxlen:0" - - # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500043" - - # This should use the cached value - SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500044" - ), - match_log => { - debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ], - }, - match_response => { - status => qr/^403$/, - }, - request => new HTTP::Request( - GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=foo+bar", - ), -}, -{ - type => "misc", - comment => "tfncache (unique keys)", - conf => qq( - SecRuleEngine On - SecDebugLog $ENV{DEBUG_LOG} - SecDebugLogLevel 9 - SecRequestBodyAccess On - - # We need to make this work no matter what the defaults may change to - SecCacheTransformations On "minlen:1,maxlen:0" - - # This should cache it - SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,id:500045" - - # This should see cached versions of *both* ARGS_GET - SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain,id:500046" - SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain" - SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase" - ), - match_log => { - debug => [ qr/removeWhiteSpace,lowercase: "queryval" .*removeWhiteSpace,lowercase: "firstval" .*cached.*removeWhiteSpace,lowercase: "secondval" .*cached/s, 1 ], - }, - match_response => { - status => qr/^403$/, - }, - request => new HTTP::Request( - POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Query+Val", - [ - "Content-Type" => "application/x-www-form-urlencoded", - ], - # Args - "test=First+Val&test=Second+Val", - ), -}, -{ - type => "misc", - comment => "tfncache (large cache)", - conf => qq( - SecRuleEngine On - SecDebugLog $ENV{DEBUG_LOG} - SecDebugLogLevel 9 - SecRequestBodyAccess On - - SecRequestBodyNoFilesLimit 1048576 - SecRequestBodyInMemoryLimit 131072 - SecResponseBodyLimit 1048576 - - # We need to make this work no matter what the defaults may change to - SecCacheTransformations On "minlen:1,maxlen:0,maxitems:0" - - # This should cache it in all phases - SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500048" - SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500049" - SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500050" - SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500051" - - # This should use the cached value - SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500052" - ), - match_log => { - debug => [ qr/Adding request argument \(BODY\): name "test", value "Foo Bar"/, 60, "Waiting for httpd to process request: "], - -error => [ qr/segmentation fault/i, 60 ], - }, - match_response => { - status => qr/^403$/, - }, - request => new HTTP::Request( - POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html", - [ - "Content-Type" => "application/x-www-form-urlencoded", - ], - # 1000 Args - join("&", map { sprintf "arg%08d=0123456789abcdef+0123456789ABCDEF+0123456789abcdef", $_ } (1 .. 999))."&test=Foo+Bar", - ), -}, diff --git a/tests/run-regression-tests.pl.in b/tests/run-regression-tests.pl.in index d8db03304..a2979e08e 100755 --- a/tests/run-regression-tests.pl.in +++ b/tests/run-regression-tests.pl.in @@ -476,11 +476,15 @@ sub match_log { $rc = $&; last; } - # TODO: Use select()/poll() - sleep 0.1 unless ($nbytes == $BUFSIZ); + unless ($nbytes == $BUFSIZ) { + # wait until we can read from the file but max 0.1 secs + my $rin = ''; + vec($rin, fileno($fh), 1) = 1; + select($rin, undef, undef, 0.1); + } if ($graph and $opt{d}) { $i++; - if ($i == 10) { + if ($i == 1000) { $graphed++; $i=0; print STDERR $graph if ($graphed == 1); @@ -532,7 +536,8 @@ sub dbg { my $out = join "", map { (ref $_ ne "" ? Dumper($_) : $_) } @_; - $out =~ s/^/DBG: /mg; + my $t = gettimeofday; + $out =~ s/^/DBG\[$t\]: /mg; print STDOUT "$out\n"; }