forked from owasp-modsecurity/ModSecurity
-
Notifications
You must be signed in to change notification settings - Fork 1
139 lines (135 loc) · 6.53 KB
/
Copy pathci.yml
File metadata and controls
139 lines (135 loc) · 6.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Quality Assurance
on:
push:
pull_request:
jobs:
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04]
platform: [x32, x64]
compiler: [gcc, clang]
configure:
- {label: "with pcre2, no study, no jit", opt: "--enable-pcre-study=no" }
- {label: "with pcre2, with study, no jit", opt: "--enable-pcre-study=yes" }
- {label: "with pcre2, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre2, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with pcre", opt: "--with-pcre --enable-pcre-study=no" }
- {label: "with pcre, with study, no jit", opt: "--with-pcre --enable-pcre-study=yes" }
- {label: "with pcre, no study, with jit", opt: "--with-pcre --enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre, with study, with jit", opt: "--with-pcre --enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with lua", opt: "--with-lua" }
- {label: "wo lua", opt: "--without-lua" }
steps:
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev libpcre3-dev libpcre3 pkg-config libyajl-dev apache2 apache2-bin apache2-data
- uses: actions/checkout@v2
- name: autogen.sh
run: ./autogen.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure --enable-assertions ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security'
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `nproc`
- name: install module
run: sudo make install
- name: prepare config
run: |
sudo cp .github/security2.conf /etc/apache2/mods-enabled/
sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf
sudo cp unicode.mapping /etc/apache2/
sudo mkdir -p /var/cache/modsecurity
sudo chown -R www-data:www-data /var/cache/modsecurity
- name: first check config (to get syntax errors)
run: sudo apachectl configtest
- name: start apache with module
run: sudo systemctl restart apache2.service
- name: Search for errors/warnings in error log
run: |
# '|| :' handles the case grep doesn't match, otherwise the script exits with 1 (error)
errors=$(grep -E ':(?error|warn)[]]' /var/log/apache2/error.log) || :
if [[ -z "${errors}" ]]; then exit 0; fi
echo "::error:: Found errors/warnings in error.log"
echo "${errors}"
exit 1
- name: Check error.log
run: |
# Send requests & check log format
# Valid request
curl -s http://127.0.01/ > /dev/null || echo $?
# Invalid request
curl -s http://127.0.01/%2e%2f > /dev/null || echo $?
# Check log format
grep -F ModSecurity < /var/log/apache2/error.log | grep -vP "^\[[^\]]+\] \[security2:[a-z]+\] \[pid [0-9]+:tid [0-9]+\] (?:\[client [0-9.:]+\] )?ModSecurity" || exit 0
# grep -v succeeded => found some lines with invalid format
exit 1
- name: Show httpd error log
if: always()
run: sudo cat /var/log/apache2/error.log
- name: Show mod_security2 audit log
if: always()
run: sudo cat /var/log/apache2/modsec_audit.log
test-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04]
platform: [x32, x64]
compiler: [gcc, clang]
configure:
- {label: "with pcre2, no study, no jit", opt: "--enable-pcre-study=no" }
- {label: "with pcre2, with study, no jit", opt: "--enable-pcre-study=yes" }
- {label: "with pcre2, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre2, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with pcre", opt: "--with-pcre --enable-pcre-study=no" }
- {label: "with pcre, with study, no jit", opt: "--with-pcre --enable-pcre-study=yes" }
- {label: "with pcre, no study, with jit", opt: "--with-pcre --enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre, with study, with jit", opt: "--with-pcre --enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with lua", opt: "--with-lua" }
- {label: "wo lua", opt: "--without-lua" }
steps:
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install -y --no-install-recommends apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev libpcre3-dev libpcre3 pkg-config libyajl-dev apache2 apache2-bin apache2-data
- uses: actions/checkout@v2
- name: autogen.sh
run: ./autogen.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security'
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `nproc`
- name: install module
run: sudo make install
- name: run tests
run: make test
test-regression-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04]
platform: [x64]
compiler: [gcc]
configure:
- {label: "with pcre2, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
steps:
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install -y --no-install-recommends apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev libpcre3-dev libpcre3 pkg-config libyajl-dev apache2 apache2-bin apache2-data perl libwww-perl ssdeep libfuzzy-dev libfuzzy2
- uses: actions/checkout@v2
- name: autogen.sh
run: ./autogen.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security'
- uses: ammaraskar/gcc-problem-matcher@0f9c86f9e693db67dacf53986e1674de5f2e5f28 #v0.3.0
- name: make
run: make -j `nproc`
- name: install module
run: sudo make install
- name: run regression tests
run: make test-regression