Merge pull request #321 from eduar-hte/windows-port

Add support to build ModSecurity-nginx on Windows
owasp-modsecurity · May 23, 2024 · ef64996 · ef64996
2 parents 0d8ee3b + 43b0531
commit ef64996
Show file tree

Hide file tree

Showing 14 changed files with 611 additions and 14 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -26,12 +26,17 @@ jobs:
           sudo dpkg --add-architecture i386
           sudo apt-get update -y -qq
           sudo apt-get install -y make autoconf automake make libyajl-dev libxml2-dev libmaxminddb-dev libcurl4-gnutls-dev $COMPDEPS
-      - name: Install ModSecurity library
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Get libModSecurity source
+        uses: actions/checkout@v4
+        with:
+          repository: owasp-modsecurity/ModSecurity
+          path: ModSecurity
+          submodules: true
+          fetch-depth: 1
+      - name: Build libModSecurity
+        working-directory: ModSecurity
         run: |
-          gh release download -p "*.tar.gz" -R owasp-modsecurity/ModSecurity -O - | tar -xzf -
-          cd modsecurity-*
+          ./build.sh
           ./configure --without-lmdb --prefix=/usr
           make -j $(nproc)
           sudo make install
@@ -45,13 +50,26 @@ jobs:
           repository: nginx/nginx
           path: nginx
           fetch-depth: 1
+      - name: Get Nginx tests
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx-tests
+          path: nginx/test
+          fetch-depth: 1
+      - name: Copy ModSecurity-nginx tests to nginx/test
+        run: |
+          cp ModSecurity-nginx/tests/* nginx/test
       - name: Build nginx with ModSecurity-nginx module
         working-directory: nginx
         run: |
-          ./auto/configure --with-ld-opt="-Wl,-rpath,/usr/local/lib" --without-pcre2 --add-module=../ModSecurity-nginx
+          ./auto/configure --with-ld-opt="-Wl,-rpath,/usr/local/lib" --without-pcre2 --with-http_v2_module --with-http_auth_request_module --add-module=../ModSecurity-nginx
           make
           make modules
           sudo make install
+      - name: Run ModSecurity-nginx tests
+        working-directory: nginx/test
+        run: |
+          TEST_NGINX_BINARY=../objs/nginx prove modsecurity*.t
       - name: Start Nginx
         run: |
           sudo /usr/local/nginx/sbin/nginx -c /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/nginx.conf
@@ -91,3 +109,111 @@ jobs:
             echo "FAIL"
             exit 1
           fi
+
+  build-windows:
+    runs-on: windows-2022
+    defaults:
+      run:
+        shell: msys2 {0}
+    steps:
+      - name: Set up MSVC
+        uses: ilammy/msvc-dev-cmd@v1
+      - name: Set up msys
+        uses: msys2/setup-msys2@v2
+        with:
+          msystem: UCRT64
+          path-type: inherit
+      - name: Get Nginx source
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx
+          path: nginx
+          fetch-depth: 1
+      - name: Get Nginx tests
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx-tests
+          path: nginx/test
+          fetch-depth: 1
+      - name: Set up third-party libraries
+        working-directory: nginx
+        run: |
+          mkdir objs
+          mkdir objs/lib
+          cd objs/lib
+          wget -q -O - https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.39/pcre2-10.39.tar.gz | tar -xzf -
+          wget -q -O - https://www.zlib.net/fossils/zlib-1.3.tar.gz | tar -xzf -
+          wget -q -O - https://www.openssl.org/source/openssl-3.0.13.tar.gz | tar -xzf -
+      - name: Get libModSecurity source
+        uses: actions/checkout@v4
+        with:
+          repository: owasp-modsecurity/ModSecurity
+          submodules: true
+          path: nginx/objs/lib/ModSecurity
+          fetch-depth: 1
+      - name: Setup Conan
+        shell: cmd
+        run: |
+          pip3 install conan --upgrade
+          conan profile detect
+      - name: Build libModSecurity
+        working-directory: nginx/objs/lib/ModSecurity
+        shell: cmd
+        run: |
+          vcbuild.bat
+      - name: Get ModSecurity-nginx source code
+        uses: actions/checkout@v4
+        with:
+          path: nginx/objs/lib/ModSecurity-nginx
+      - name: Copy ModSecurity-nginx tests to nginx/test
+        working-directory: nginx/test
+        run: |
+          cp ../objs/lib/ModSecurity-nginx/tests/* .
+      - name: Remove /usr/bin/link conflicting with MSVC link.exe
+        run: |
+          set -ex
+          which link
+          rm /usr/bin/link
+      - name: Build nginx w/ModSecurity-nginx module
+        working-directory: nginx
+        run: |
+          : # Windows native version of Perl is required by nginx build
+          export PATH=/c/Strawberry/perl/bin:$PATH
+          : # Set env variables to point to libModSecurity v3 include & lib directories
+          export MODSECURITY_INC=objs/lib/ModSecurity/headers
+          export MODSECURITY_LIB=objs/lib/ModSecurity/build/win32/build/Release
+          : # Copy libModSecurity.dll to objs dir (to be able to run nginx later)
+          cp $MODSECURITY_LIB/libModSecurity.dll objs
+          : # Configure nginx build w/ModSecurity-nginx module
+          auto/configure \
+              --with-cc=cl \
+              --with-debug \
+              --prefix= \
+              --conf-path=conf/nginx.conf \
+              --pid-path=logs/nginx.pid \
+              --http-log-path=logs/access.log \
+              --error-log-path=logs/error.log \
+              --sbin-path=nginx.exe \
+              --http-client-body-temp-path=temp/client_body_temp \
+              --http-proxy-temp-path=temp/proxy_temp \
+              --http-fastcgi-temp-path=temp/fastcgi_temp \
+              --http-scgi-temp-path=temp/scgi_temp \
+              --http-uwsgi-temp-path=temp/uwsgi_temp \
+              --with-cc-opt=-DFD_SETSIZE=1024 \
+              --with-pcre=objs/lib/pcre2-10.39 \
+              --with-zlib=objs/lib/zlib-1.3 \
+              --with-openssl=objs/lib/openssl-3.0.13 \
+              --with-openssl-opt=no-asm \
+              --with-http_ssl_module \
+              --with-http_v2_module \
+              --with-http_auth_request_module \
+              --add-module=objs/lib/ModSecurity-nginx
+          nmake
+      - name: Run ModSecurity-nginx tests
+        working-directory: nginx/test
+        shell: cmd  # tests need to run on a "windows" shell
+        run: |
+          md temp
+          set TEMP=temp
+          set TEST_NGINX_BINARY=..\objs\nginx.exe
+          prove modsecurity*.t
diff --git a/config b/config
@@ -32,12 +32,18 @@ if [ -n "$MODSECURITY_INC" -o -n "$MODSECURITY_LIB" ]; then
     ngx_modsecurity_opt_I="-I$MODSECURITY_INC"
     ngx_modsecurity_opt_L="-L$MODSECURITY_LIB $YAJL_EXTRA"
 
-    if [ $NGX_RPATH = YES ]; then
-        ngx_feature_libs="-R$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
-    elif [ "$NGX_IGNORE_RPATH" != "YES" -a $NGX_SYSTEM = "Linux" ]; then
-        ngx_feature_libs="-Wl,-rpath,$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
+    if [ "$NGX_CC_NAME" != msvc ]; then
+        if [ $NGX_RPATH = YES ]; then
+            ngx_feature_libs="-R$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
+        elif [ "$NGX_IGNORE_RPATH" != "YES" -a $NGX_SYSTEM = "Linux" ]; then
+            ngx_feature_libs="-Wl,-rpath,$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
+        else
+            ngx_feature_libs="-L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
+        fi
     else
-        ngx_feature_libs="-L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
+        # Adjust link library arguments to work with MSVC C++ compiler and
+        # output of the Windows port of libModSecurity v3
+        ngx_feature_libs="$MODSECURITY_LIB/libModSecurity.lib $YAJL_EXTRA"
     fi
 
     . auto/feature

diff --git a/src/ngx_http_modsecurity_body_filter.c b/src/ngx_http_modsecurity_body_filter.c
@@ -13,6 +13,8 @@
  *
  */
 
+#include <ngx_config.h>
+
 #ifndef MODSECURITY_DDEBUG
 #define MODSECURITY_DDEBUG 0
 #endif

diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c
@@ -13,6 +13,8 @@
  *
  */
 
+#include <ngx_config.h>
+
 #ifndef MODSECURITY_DDEBUG
 #define MODSECURITY_DDEBUG 0
 #endif

diff --git a/src/ngx_http_modsecurity_log.c b/src/ngx_http_modsecurity_log.c
@@ -13,6 +13,8 @@
  *
  */
 
+#include <ngx_config.h>
+
 #ifndef MODSECURITY_DDEBUG
 #define MODSECURITY_DDEBUG 0
 #endif

diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c
@@ -13,17 +13,22 @@
  *
  */
 
+#include <ngx_config.h>
+
 #ifndef MODSECURITY_DDEBUG
 #define MODSECURITY_DDEBUG 0
 #endif
 #include "ddebug.h"
 
 #include "ngx_http_modsecurity_common.h"
 #include "stdio.h"
-#include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_http.h>
 
+#ifdef _MSC_VER
+#define strdup _strdup
+#endif
+
 static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
 static void *ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf);
 static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf);
@@ -131,7 +136,7 @@ ngx_inline char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p)
 }
 
 
-ngx_inline int
+int
 ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log)
 {
     char *log = NULL;
@@ -254,7 +259,7 @@ ngx_http_modsecurity_cleanup(void *data)
 }
 
 
-ngx_inline ngx_http_modsecurity_ctx_t *
+ngx_http_modsecurity_ctx_t *
 ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
 {
     ngx_str_t                          s;

diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c
@@ -13,6 +13,8 @@
  *
  */
 
+#include <ngx_config.h>
+
 #ifndef MODSECURITY_DDEBUG
 #define MODSECURITY_DDEBUG 0
 #endif

diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c
@@ -13,6 +13,8 @@
  *
  */
 
+#include <ngx_config.h>
+
 #ifndef MODSECURITY_DDEBUG
 #define MODSECURITY_DDEBUG 0
 #endif