Skip to content

Use the context to decide whether ModSecurity is enabled or not #1

Use the context to decide whether ModSecurity is enabled or not

Use the context to decide whether ModSecurity is enabled or not #1

Workflow file for this run

name: Quality Assurance
on:
push:
pull_request:
# Default: none
permissions: {}
jobs:
build-linux:
permissions:
contents: read
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
compiler: [gcc, clang]
env:
CC: "/usr/bin/${{ matrix.compiler }}"
CXX: "/usr/bin/${{ matrix.compiler == 'gcc' && 'g' || 'clang' }}++"
COMPDEPS: "${{ matrix.compiler == 'gcc' && 'gcc g++' || 'clang' }}"
steps:
- name: Setup Dependencies
run: |
sudo dpkg --add-architecture i386
sudo apt-get update -y -qq
sudo apt-get install -y make autoconf automake make libyajl-dev libxml2-dev libmaxminddb-dev libcurl4-gnutls-dev $COMPDEPS
- name: Install ModSecurity library
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release download -p "*.tar.gz" -R owasp-modsecurity/ModSecurity -O - | tar -xzf -
cd modsecurity-*
./configure --without-lmdb --prefix=/usr
make -j $(nproc)
sudo make install
- uses: actions/checkout@v4
with:
path: ModSecurity-nginx
fetch-depth: 1
- name: Get Nginx source
uses: actions/checkout@v4
with:
repository: nginx/nginx
path: nginx
fetch-depth: 1
- name: Build nginx with ModSecurity-nginx module
working-directory: nginx
run: |
./auto/configure --with-ld-opt="-Wl,-rpath,/usr/local/lib" --without-pcre2 --add-module=../ModSecurity-nginx
make
make modules
sudo make install
- name: Start Nginx
run: |
sudo /usr/local/nginx/sbin/nginx -c /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/nginx.conf
- name: Run attack test vhost 1
run: |
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest1" "http://localhost/?q=attack")
if [ "${status}" == "403" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi
- name: Run non-attack test vhost 1
run: |
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest1" "http://localhost/?q=1")
if [ "${status}" == "200" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi
- name: Run attack test vhost 2
run: |
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest2" "http://localhost/?q=attack")
if [ "${status}" == "403" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi
- name: Run non-attack test vhost 2
run: |
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest2" "http://localhost/?q=1")
if [ "${status}" == "200" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi