diff --git a/.devcontainer/centos/Dockerfile b/.devcontainer/centos/Dockerfile new file mode 100644 index 00000000..4026326f --- /dev/null +++ b/.devcontainer/centos/Dockerfile @@ -0,0 +1,36 @@ +# Docker container used for building Zen for PHP from source on Centos + +FROM --platform=linux/amd64 centos:latest + +ARG PHP_VERSION=8.1 + +WORKDIR /etc/yum.repos.d/ +RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* +RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* +RUN yum update -y +RUN yum install -y yum-utils +RUN yum install -y https://rpms.remirepo.net/enterprise/remi-release-8.4.rpm +RUN yum install -y httpd +RUN dnf --assumeyes module reset php +RUN dnf --assumeyes --nogpgcheck module install php:remi-${PHP_VERSION} +RUN dnf --assumeyes install php-pdo +RUN dnf --assumeyes install php-devel +RUN yum install -y mod_php +RUN yum install -y cpio +RUN yum install -y unzip +RUN yum install -y nano +RUN yum install -y lsof +RUN yum install -y jq +RUN yum install -y libcurl-devel +RUN curl -O https://dl.google.com/go/go1.23.3.linux-amd64.tar.gz +RUN tar -C /usr/local -xzf go1.23.3.linux-amd64.tar.gz +ENV PATH="/usr/local/go/bin:${PATH}" +RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@latest +RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest +ENV PROTOC_ZIP=protoc-28.3-linux-x86_64.zip +RUN curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v28.3/$PROTOC_ZIP +RUN unzip -o $PROTOC_ZIP -d /usr/local bin/protoc +RUN unzip -o $PROTOC_ZIP -d /usr/local include/* +RUN rm -f $PROTOC_ZIP +ENV PATH="$HOME/go/bin:${PATH}" +RUN yum install -y rpmdevtools diff --git a/.devcontainer/centos/devcontainer.json b/.devcontainer/centos/devcontainer.json new file mode 100644 index 00000000..a268a4cd --- /dev/null +++ b/.devcontainer/centos/devcontainer.json @@ -0,0 +1,10 @@ +{ + "name": "Centos Dev Container", + "runArgs": ["--platform=linux/amd64"], + "build": { + "dockerfile": "Dockerfile", + "args": { + "PHP_VERSION": "8.1" + } + } +} \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ac58d115..b35a51f4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,13 +34,6 @@ jobs: echo $AIKIDO_VERSION echo "AIKIDO_VERSION=$AIKIDO_VERSION" >> $GITHUB_ENV echo "AIKIDO_INTERNALS_REPO=https://api.github.com/repos/AikidoSec/zen-internals" >> $GITHUB_ENV - echo "AIKIDO_INTERNALS_LIB=libzen_internals_x86_64-unknown-linux-gnu.so" >> $GITHUB_ENV - - - name: Download Aikido Zen Internals Lib for Tests - run: | - mkdir -p /opt/aikido-$AIKIDO_VERSION - cd /opt/aikido-$AIKIDO_VERSION - curl -L -o $AIKIDO_INTERNALS_LIB $(curl -s $AIKIDO_INTERNALS_REPO/releases/latest | jq -r ".assets[] | select(.name == \"$AIKIDO_INTERNALS_LIB\") | .browser_download_url") - name: Build Aikido Agent run: | diff --git a/lib/agent/go.mod b/lib/agent/go.mod index c907f9e9..7419e801 100644 --- a/lib/agent/go.mod +++ b/lib/agent/go.mod @@ -1,21 +1,21 @@ module main -go 1.21 +go 1.22.7 -toolchain go1.22.4 +toolchain go1.23.3 require ( github.com/stretchr/testify v1.9.0 - google.golang.org/grpc v1.67.1 + google.golang.org/grpc v1.68.0 google.golang.org/protobuf v1.34.2 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/net v0.28.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/text v0.17.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/text v0.18.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/lib/agent/go.sum b/lib/agent/go.sum index 8c1ff481..bd39fcd5 100644 --- a/lib/agent/go.sum +++ b/lib/agent/go.sum @@ -8,14 +8,24 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= diff --git a/lib/request-processor/go.mod b/lib/request-processor/go.mod index c907f9e9..7419e801 100644 --- a/lib/request-processor/go.mod +++ b/lib/request-processor/go.mod @@ -1,21 +1,21 @@ module main -go 1.21 +go 1.22.7 -toolchain go1.22.4 +toolchain go1.23.3 require ( github.com/stretchr/testify v1.9.0 - google.golang.org/grpc v1.67.1 + google.golang.org/grpc v1.68.0 google.golang.org/protobuf v1.34.2 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/net v0.28.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/text v0.17.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/text v0.18.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/lib/request-processor/go.sum b/lib/request-processor/go.sum index 8c1ff481..bd39fcd5 100644 --- a/lib/request-processor/go.sum +++ b/lib/request-processor/go.sum @@ -8,14 +8,24 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= diff --git a/lib/request-processor/vulnerabilities/sql-injection/checkContextForSqlInjection_test.go b/lib/request-processor/vulnerabilities/sql-injection/checkContextForSqlInjection_test.go deleted file mode 100644 index f4195f6a..00000000 --- a/lib/request-processor/vulnerabilities/sql-injection/checkContextForSqlInjection_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package sql_injection - -import ( - "main/context" - "main/utils" - zen_internals "main/vulnerabilities/zen-internals" - "testing" -) - -func TestCheckContextForSqlInjection(t *testing.T) { - zen_internals.Init() - - sql := "SELECT * FROM users WHERE id = '1' OR 1=1; -- '" - operation := "mysql.query" - context.LoadForUnitTests(map[string]string{ - "remoteAddress": "ip", - "method": "POST", - "url": "url", - "body": context.GetJsonString(map[string]interface{}{"id": "1' OR 1=1; --"}), - "source": "express", - "route": "/", - }) - - result := CheckContextForSqlInjection(sql, operation, "mysql") - - if result == nil { - t.Errorf("Expected result, got nil") - return - } - if result.Operation != operation { - t.Errorf("Expected operation %s, got %s", operation, result.Operation) - } - - if result.Kind != utils.Kind("sql_injection") { - t.Errorf("Expected kind %s, got %s", utils.Kind("sql_injection"), result.Kind) - } - if result.Source != "body" { - t.Errorf("Expected source body, got %s", result.Source) - } - if result.PathToPayload != ".id" { - t.Errorf("Expected pathToPayload .id, got %s", result.PathToPayload) - } - if result.Payload != "1' OR 1=1; --" { - t.Errorf("Expected payload 1' OR 1=1; --, got %s", result.Payload) - } - - zen_internals.Uninit() -} diff --git a/tools/rpm_build.sh b/tools/rpm_build.sh index 061309ef..58b10d98 100755 --- a/tools/rpm_build.sh +++ b/tools/rpm_build.sh @@ -4,7 +4,7 @@ rpmdev-setuptree PHP_VERSION=$(php -v | grep -oP 'PHP \K\d+\.\d+' | head -n 1) VERSION=$(grep '#define PHP_AIKIDO_VERSION' lib/php-extension/include/php_aikido.h | awk -F'"' '{print $2}') AIKIDO_INTERNALS_REPO=https://api.github.com/repos/AikidoSec/zen-internals -AIKIDO_INTERNALS_LIB=libzen_internals_aarch64-unknown-linux-gnu.so +AIKIDO_INTERNALS_LIB=libzen_internals_x86_64-unknown-linux-gnu.so mkdir -p ~/rpmbuild/SOURCES/aikido-php-firewall-$VERSION diff --git a/tools/rpm_full_build.sh b/tools/rpm_full_build.sh index f30c6917..2b38d6bc 100755 --- a/tools/rpm_full_build.sh +++ b/tools/rpm_full_build.sh @@ -1,2 +1,2 @@ -sudo rpm -e aikido-php-firewall +rpm -e aikido-php-firewall ./tools/build.sh && ./tools/rpm_build.sh && ./tools/rpm_install.sh diff --git a/tools/rpm_install.sh b/tools/rpm_install.sh index 08ac705e..d56a12b3 100755 --- a/tools/rpm_install.sh +++ b/tools/rpm_install.sh @@ -1,3 +1,3 @@ VERSION=$(grep '#define PHP_AIKIDO_VERSION' lib/php-extension/include/php_aikido.h | awk -F'"' '{print $2}') -sudo rpm -Uvh --oldpackage ~/rpmbuild/RPMS/aarch64/aikido-php-firewall-$VERSION-1.aarch64.rpm +rpm -Uvh --oldpackage ~/rpmbuild/RPMS/x86_64/aikido-php-firewall-$VERSION-1.x86_64.rpm diff --git a/tools/rpm_uninstall.sh b/tools/rpm_uninstall.sh index e9dd444d..793894e9 100755 --- a/tools/rpm_uninstall.sh +++ b/tools/rpm_uninstall.sh @@ -1 +1 @@ -sudo rpm -e aikido-php-firewall \ No newline at end of file +rpm -e aikido-php-firewall \ No newline at end of file