changeset 0:5dcad7ad8eda

Initial import.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 19 Jan 2015 15:37:04 +0300
parents
children 17c333645ebb
files LICENSE README config ngx_http_catch_body_filter_module.c t/catch_body.t
diffstat 5 files changed, 312 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/LICENSE	Mon Jan 19 15:37:04 2015 +0300
@@ -0,0 +1,26 @@
+/* 
+ * Copyright (C) 2014 Maxim Dounin
+ * Copyright (C) 2014 Nginx, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/README	Mon Jan 19 15:37:04 2015 +0300
@@ -0,0 +1,15 @@
+Catch body filter module for nginx.
+
+This is a test module, to check request body filters experimental
+machinery to be introduced.
+
+Example:
+
+    location / {
+        catch_body on;
+    }
+
+The module will return 403 if there is an "X" char in the request body.
+
+To compile nginx with catch body module, use "--add-module <path>" option
+to nginx configure.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/config	Mon Jan 19 15:37:04 2015 +0300
@@ -0,0 +1,10 @@
+# (C) Maxim Dounin
+# Configuration for ngx_http_catch_body_filter_module.
+
+ngx_addon_name="ngx_http_catch_body_filter_module"
+
+HTTP_MODULES="$HTTP_MODULES \
+		ngx_http_catch_body_filter_module"
+
+NGX_ADDON_SRCS="$NGX_ADDON_SRCS \
+		$ngx_addon_dir/ngx_http_catch_body_filter_module.c"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ngx_http_catch_body_filter_module.c	Mon Jan 19 15:37:04 2015 +0300
@@ -0,0 +1,141 @@
+
+/*
+ * Copyright (C) Maxim Dounin
+ */
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+    ngx_flag_t         enable;
+} ngx_http_catch_body_conf_t;
+
+
+static void *ngx_http_catch_body_create_conf(ngx_conf_t *cf);
+static char *ngx_http_catch_body_merge_conf(ngx_conf_t *cf, void *parent,
+    void *child);
+static ngx_int_t ngx_http_catch_body_init(ngx_conf_t *cf);
+
+
+static ngx_command_t  ngx_http_catch_body_commands[] = {
+
+    { ngx_string("catch_body"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_catch_body_conf_t, enable),
+      NULL },
+
+      ngx_null_command
+};
+
+
+static ngx_http_module_t  ngx_http_catch_body_module_ctx = {
+    NULL,                          /* preconfiguration */
+    ngx_http_catch_body_init,      /* postconfiguration */
+
+    NULL,                          /* create main configuration */
+    NULL,                          /* init main configuration */
+
+    NULL,                          /* create server configuration */
+    NULL,                          /* merge server configuration */
+
+    ngx_http_catch_body_create_conf, /* create location configuration */
+    ngx_http_catch_body_merge_conf   /* merge location configuration */
+};
+
+
+ngx_module_t  ngx_http_catch_body_filter_module = {
+    NGX_MODULE_V1,
+    &ngx_http_catch_body_module_ctx, /* module context */
+    ngx_http_catch_body_commands,  /* module directives */
+    NGX_HTTP_MODULE,               /* module type */
+    NULL,                          /* init master */
+    NULL,                          /* init module */
+    NULL,                          /* init process */
+    NULL,                          /* init thread */
+    NULL,                          /* exit thread */
+    NULL,                          /* exit process */
+    NULL,                          /* exit master */
+    NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_http_request_body_filter_pt   ngx_http_next_request_body_filter;
+
+
+static ngx_int_t
+ngx_http_catch_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
+{
+    u_char                      *p;
+    ngx_chain_t                 *cl;
+    ngx_http_catch_body_conf_t  *conf;
+
+    conf = ngx_http_get_module_loc_conf(r, ngx_http_catch_body_filter_module);
+
+    if (!conf->enable) {
+        return ngx_http_next_request_body_filter(r, in);
+    }
+
+    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "catch request body filter");
+
+    for (cl = in; cl; cl = cl->next) {
+
+        p = cl->buf->pos;
+
+        for (p = cl->buf->pos; p < cl->buf->last; p++) {
+
+            ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                           "catch body in:%02Xd:%c", *p, *p);
+
+            if (*p == 'X') {
+                ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                               "catch body: found");
+                return NGX_HTTP_FORBIDDEN;
+            }
+        }
+    }
+
+    return ngx_http_next_request_body_filter(r, in);
+}
+
+
+static void *
+ngx_http_catch_body_create_conf(ngx_conf_t *cf)
+{
+    ngx_http_catch_body_conf_t  *conf;
+
+    conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_catch_body_conf_t));
+    if (conf == NULL) {
+        return NULL;
+    }
+
+    conf->enable = NGX_CONF_UNSET;
+
+    return conf;
+}
+
+
+static char *
+ngx_http_catch_body_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+    ngx_http_catch_body_conf_t *prev = parent;
+    ngx_http_catch_body_conf_t *conf = child;
+
+    ngx_conf_merge_value(conf->enable, prev->enable, 0);
+
+    return NGX_CONF_OK;
+}
+
+
+static ngx_int_t
+ngx_http_catch_body_init(ngx_conf_t *cf)
+{
+    ngx_http_next_request_body_filter = ngx_http_top_request_body_filter;
+    ngx_http_top_request_body_filter = ngx_http_catch_body_filter;
+
+    return NGX_OK;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/t/catch_body.t	Mon Jan 19 15:37:04 2015 +0300
@@ -0,0 +1,120 @@
+#!/usr/bin/perl
+
+# (C) Maxim Dounin
+
+# Tests for bytes filter module.
+
+###############################################################################
+
+use warnings;
+use strict;
+
+use Test::More;
+use Test::Nginx;
+
+use Socket qw/ CRLF /;
+
+###############################################################################
+
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+
+my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(6)
+	->write_file_expand('nginx.conf', <<'EOF');
+
+%%TEST_GLOBALS%%
+
+daemon off;
+
+events {
+}
+
+http {
+    %%TEST_GLOBALS_HTTP%%
+
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+        location / {
+            catch_body on;
+            proxy_pass http://127.0.0.1:8080/empty;
+        }
+        location /empty {
+            return 200 "test response body\n";
+        }
+    }
+}
+
+EOF
+
+$t->write_file('index.html', 'SEE-THIS');
+$t->run();
+
+###############################################################################
+
+like(get_body('/', '123456'), qr/200 OK/, 'normal');
+like(get_body('/', '12345X'), qr/403 Forbidden/, 'rejected');
+
+# pipelining
+
+like(get_body('/', '123456', '12345X'),
+	qr/200 OK.*403 Forbidden/ms,
+	'second rejected');
+
+like(get_body('/', '123456' x 1024, '12345X6789' x 1024, '123456' x 1024),
+	qr/200 OK.*403 Forbidden.*200 OK/ms,
+	'accepted rejected accepted');
+
+# pipelining with chunked
+
+like(get_chunked('/', '123456', '12345X'),
+	qr/200 OK.*403 Forbidden/ms,
+	'second rejected');
+
+like(get_chunked('/', '123456', '12345X6789', '123456'),
+	qr/200 OK.*403 Forbidden.*200 OK/ms,
+	'accepted rejected accepted');
+
+###############################################################################
+
+sub get_body {
+	my $uri = shift;
+	my $last = pop;
+	return http( join '', (map {
+		my $body = $_;
+		"GET $uri HTTP/1.1" . CRLF
+		. "Host: localhost" . CRLF
+		. "Content-Length: " . (length $body) . CRLF . CRLF
+		. $body
+	} @_),
+		"GET $uri HTTP/1.1" . CRLF
+		. "Host: localhost" . CRLF
+		. "Connection: close" . CRLF
+		. "Content-Length: " . (length $last) . CRLF . CRLF
+		. $last
+	);
+}
+
+sub get_chunked {
+	my $uri = shift;
+	my $last = pop;
+	return http( join '', (map {
+		my $body = $_;
+		"GET $uri HTTP/1.1" . CRLF
+		. "Host: localhost" . CRLF
+		. "Transfer-Encoding: chunked" . CRLF . CRLF
+		. sprintf("%x", length $body) . CRLF
+		. $body . CRLF
+		. "0" . CRLF . CRLF
+	} @_),
+		"GET $uri HTTP/1.1" . CRLF
+		. "Host: localhost" . CRLF
+		. "Connection: close" . CRLF
+		. "Transfer-Encoding: chunked" . CRLF . CRLF
+		. sprintf("%x", length $last) . CRLF
+		. $last . CRLF
+		. "0" . CRLF . CRLF
+	);
+}
+
+###############################################################################