1CORE_VERS := $(shell grep NAXSI_VERSION naxsi.h | cut -d '"' -f 2) 2MOD_PATH := $(shell pwd) 3TMP_DIR := /tmp/nginx/ 4 5# Keys for coverity 6CAN := 7CAK := 8 9#Mode: coverage, fuzz, or base 10COV ?= 0 11FUZZ ?= 0 12STOCK ?= 1 13 14#Allows to force for specific UT only 15#TEST := "" 16NGINX_VERS := "1.19.2" 17 18 19NGINX_OPTIONS="--with-select_module" 20NGINX_OPTIONS+="--conf-path=/tmp/naxsi_ut/nginx.conf" 21NGINX_OPTIONS+="--http-client-body-temp-path=/tmp/naxsi_ut/body/" 22NGINX_OPTIONS+="--http-fastcgi-temp-path=/tmp/naxsi_ut/fastcgi/" 23NGINX_OPTIONS+="--http-proxy-temp-path=/tmp/naxsi_ut/proxy/" 24NGINX_OPTIONS+="--lock-path=/tmpnginx.lock" 25NGINX_OPTIONS+="--pid-path=/tmp/naxsi_ut/nginx.pid" 26NGINX_OPTIONS+="--modules-path=/tmp/naxsi_ut/modules/" 27NGINX_OPTIONS+="--without-mail_pop3_module" 28NGINX_OPTIONS+="--without-mail_smtp_module" 29NGINX_OPTIONS+="--without-mail_imap_module" 30NGINX_OPTIONS+="--with-http_v2_module" 31NGINX_OPTIONS+="--without-http_uwsgi_module" 32NGINX_OPTIONS+="--without-http_scgi_module" 33NGINX_OPTIONS+="--prefix=/tmp" 34#for coverity NGINX_OPTIONS+="--with-cc=/usr/bin/gcc-6" 35#for coverity NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)" 36 37CFLAGS:="-Wextra -Wall -Werror" 38 39all: nginx_download configure build install deploy 40 41re: clean all test 42 43format_code: 44 clang-format --verbose -i $(MOD_PATH)/*.c 45 46FUZZ_PATH := "../fuzz" 47AFL_PATH := $(PWD)"/"$(FUZZ_PATH)"/afl/" 48 49install_afl: 50 mkdir -p $(FUZZ_PATH) 51 cd $(FUZZ_PATH) && (wget -nc --no-clobber "http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz" || exit 1) 52 cd $(FUZZ_PATH) && (test -d $(AFL_PATH) || (mkdir $(FUZZ_PATH)"/afl" && tar -C $(AFL_PATH)/ -xzf afl-latest.tgz --strip-components=1)) 53 cd $(FUZZ_PATH) && (make -C $(AFL_PATH) && make -C $(AFL_PATH)"/llvm_mode" clean all afl-clang-fast) 54 55install_preeny: 56 cd $(FUZZ_PATH) && (test -d preeny || git clone https://github.com/zardus/preeny.git) 57 cd $(FUZZ_PATH) && make -C preeny/src/ 58 59fuzz_build: install_afl install_preeny 60 mkdir -p $(FUZZ_PATH) 61 STOCK=0 FUZZ=1 make nginx_download 62 cd $(TMP_DIR) && patch -p1 "./src/core/ngx_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_cycle.patch" 63 cd $(TMP_DIR) && patch -p1 "./src/os/unix/ngx_process_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_process_cycle.patch" 64 STOCK=0 FUZZ=1 make configure build install deploy 65 66fuzz: 67 LD_PRELOAD=$(FUZZ_PATH)"/preeny/src/desock.so" $(AFL_PATH)"afl-fuzz" -t 10 -i "../t/fuzz/" -o $(FUZZ_PATH)/findings $(TMP_DIR)/objs/nginx 68 69clean: 70 rm -f "nginx-"$(NGINX_VERS)".tar.gz" 71 rm -f "nginx-"$(NGINX_VERS)".tar.gz.asc" 72 rm -rf /tmp/naxsi_ut/ 73 rm -rf $(TMP_DIR)/ 74 rm -rf $(FUZZ_PATH)/ 75 76nginx_download: 77 wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz" || exit 1 78 wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz.asc" || exit 1 79# gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8 80# gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" || exit 1 81 mkdir -p $(TMP_DIR)/ 82 tar -C $(TMP_DIR)/ -xzf nginx-$(NGINX_VERS).tar.gz --strip-components=1 83 84configure: 85#build non dynamic module (faster) for fuzz/afl 86ifeq ($(FUZZ),1) 87 cd $(TMP_DIR)/ && AFL_PATH=$(AFL_PATH) ./configure --with-cc=$(AFL_PATH)"/llvm_mode/afl-clang-fast" --with-cc-opt="-O3" $(NGINX_OPTIONS) --add-module=$(MOD_PATH) --error-log-path=/dev/null --http-log-path=/dev/null 88endif 89 90ifeq ($(COV),1) 91 cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf 92endif 93 94ifeq ($(STOCK),1) 95 cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf 96endif 97 98 99build: 100 AFL_PATH=$(AFL_PATH) make -C $(TMP_DIR) 101 if [ -d "/tmp/naxsi_ut" ] && [ -f $(TMP_DIR)/objs/ngx_http_naxsi_module.so ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi 102 103install: 104 make -C $(TMP_DIR) install 105 106deploy: 107ifeq ($(FUZZ),1) 108 @cp ../t/confs/nginx_fuzz.conf.example /tmp/naxsi_ut/nginx.conf 109else 110 @cp ../t/confs/nginx.conf.example /tmp/naxsi_ut/nginx.conf 111endif 112 @cp ../naxsi_config/naxsi_core.rules /tmp/naxsi_ut/naxsi_core.rules 113 @openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt 114 115 116# RUN UNIT TESTS 117test: 118ifeq ($(COV),1) 119 lcov --directory $(TMP_DIR) --zerocounters 120endif 121 if [ ! $(TEST) ] ; then TEST="*.t" ; fi 122 export PATH="$(TMP_DIR)/objs/:"$(PATH) ; \ 123 export PERL5LIB="~/perl5/lib/perl5/" ;\ 124 cd .. ; prove -r "t/$(TEST)" 125ifeq ($(COV),1) 126 lcov --directory $(TMP_DIR)/objs/addon/naxsi_src/ --capture --output-file naxsi.info --base-directory $(TMP_DIR) 127 genhtml -s -o /tmp/naxsicov.html naxsi.info 128endif 129 130#Build for coverity and submit build ! 131#Remember to enforce gcc-6 when doing so, coverity doesn't support gcc-7 or gcc-8 132coverity: nginx_download 133 @CAK=$(shell cat ../../coverity.key | cut -d ':' -f2) ; \ 134 CAN=$(shell cat ../../coverity.key | cut -d ':' -f1) ; \ 135 echo "Coverity token/login : $$CAK and $$CAN"; \ 136 wget -nc https://scan.coverity.com/download/cxx/linux64 --post-data "token=$$CAK&project=nbs-system%2Fnaxsi" -O /tmp/coverity.tgz ; \ 137 if ! [ -d /tmp/cov ] ; then \ 138 mkdir -p /tmp/cov && \ 139 cd /tmp/cov && \ 140 cat ../coverity.tgz | tar --strip-components=2 -xvzf - && \ 141 /tmp/cov/bin/cov-configure --comptype gcc --compiler gcc-6 --template ; \ 142 fi ; \ 143 cd $(TMP_DIR) ; \ 144 ./configure $(NGINX_OPTIONS) && \ 145 /tmp/cov/bin/cov-build --dir cov-int make -j4 && \ 146 tar cvzf coverity-res-naxsi.tgz cov-int/ ; \ 147 curl --form token="$$CAK" \ 148 --form email="$$CAN" \ 149 --form file=@$(TMP_DIR)/coverity-res-naxsi.tgz \ 150 --form version="$(CORE_VERS)" \ 151 --form description="Automatically submitted" \ 152 https://scan.coverity.com/builds?project=nbs-system%2Fnaxsi 153