-
Notifications
You must be signed in to change notification settings - Fork 1.6k
76 lines (74 loc) · 3.53 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Quality Assurance
on:
push:
pull_request:
jobs:
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
platform: [x32, x64]
compiler: [gcc, clang]
configure:
- {label: "with pcre, no study, no jit", opt: "--enable-pcre-study=no" }
- {label: "with pcre, with study, no jit", opt: "--enable-pcre-study=yes" }
- {label: "with pcre, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with pcre2", opt: "--with-pcre2 --enable-pcre-study=no" }
- {label: "with pcre2, with study, no jit", opt: "--with-pcre2 --enable-pcre-study=yes" }
- {label: "with pcre2, no study, with jit", opt: "--with-pcre2 --enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre2, with study, with jit", opt: "--with-pcre2 --enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with lua", opt: "--with-lua" }
- {label: "wo lua", opt: "--without-lua" }
steps:
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data
- uses: actions/checkout@v2
- name: autogen.sh
run: ./autogen.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure --enable-assertions ${{ matrix.configure.opt }} 'CFLAGS=-Werror=format-security'
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `nproc`
- name: install module
run: sudo make install
- name: prepare config
run: |
sudo cp .github/security2.conf /etc/apache2/mods-enabled/
sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf
sudo cp unicode.mapping /etc/apache2/
sudo mkdir -p /var/cache/modsecurity
sudo chown -R www-data:www-data /var/cache/modsecurity
- name: first check config (to get syntax errors)
run: sudo apachectl configtest
- name: start apache with module
run: sudo systemctl restart apache2.service
- name: Search for errors/warnings in error log
run: |
# '|| :' handles the case grep doesn't match, otherwise the script exits with 1 (error)
errors=$(grep -E ':(?error|warn)[]]' /var/log/apache2/error.log) || :
if [[ -z "${errors}" ]]; then exit 0; fi
echo "::error:: Found errors/warnings in error.log"
echo "${errors}"
exit 1
- name: Check error.log
run: |
# Send requests & check log format
# Valid request
curl -s http://127.0.01/ > /dev/null || echo $?
# Invalid request
curl -s http://127.0.01/%2e%2f > /dev/null || echo $?
# Check log format
grep -F ModSecurity < /var/log/apache2/error.log | grep -vP "^\[[^\]]+\] \[security2:[a-z]+\] \[pid [0-9]+:tid [0-9]+\] (?:\[client [0-9.:]+\] )?ModSecurity" || exit 0
# grep -v succeeded => found some lines with invalid format
exit 1
- name: Show httpd error log
if: always()
run: sudo cat /var/log/apache2/error.log
- name: Show mod_security2 audit log
if: always()
run: sudo cat /var/log/apache2/modsec_audit.log