🔒 💚 Fix security issues & Update CI & Improve code quality (#26)

.dockerignore

@@ -0,0 +1,3 @@
+node_modules
+docs/.vuepress/dist
+.vscode

.github/workflows/docker.yml

@@ -0,0 +1,109 @@
+name: docker
+
+on:
+  push:
+    branches:
+      - master
+      - dev
+
+
+jobs:
+  debian:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with: 
+          ref: ${{ github.ref }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USER_NAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+      - name: Build and push (ngx_waf:stable)
+        if: ${{ github.ref == 'refs/heads/master' }}
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: docker/Dockerfile.debian
+          push: true
+          tags: ${{ secrets.DOCKER_USER_NAME }}/ngx_waf:stable
+          # Unable to build images for linux/arm/v5 platforms due to a bug in docker buildx.
+          platforms: |
+            linux/386
+            linux/amd64
+            linux/arm64/v8
+            linux/arm/v7
+            linux/mips64le
+            linux/ppc64le
+            linux/s390x
+      - name: Build and push (ngx_waf:latest & ngx_waf:dev)
+        if: ${{ github.ref == 'refs/heads/dev' }}
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: docker/Dockerfile.debian
+          push: true
+          tags: | 
+            ${{ secrets.DOCKER_USER_NAME }}/ngx_waf:latest
+            ${{ secrets.DOCKER_USER_NAME }}/ngx_waf:dev
+          # Unable to build images for linux/arm/v5 platforms due to a bug in docker buildx.
+          platforms: |
+            linux/386
+            linux/amd64
+            linux/arm64/v8
+            linux/arm/v7
+            linux/mips64le
+            linux/ppc64le
+            linux/s390x
+  alpine:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with: 
+          ref: ${{ github.ref }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USER_NAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+      - name: Build and push (ngx_waf:stable-alpine)
+        if: ${{ github.ref == 'refs/heads/master' }}
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: docker/Dockerfile.alpine
+          push: true
+          tags: ${{ secrets.DOCKER_USER_NAME }}/ngx_waf:stable-alpine
+          platforms: |
+            linux/amd64
+            linux/arm64/v8
+            linux/arm/v6
+            linux/arm/v7
+            linux/386
+            linux/ppc64le
+            linux/s390x
+      - name: Build and push (ngx_waf:dev-alpine)
+        if: ${{ github.ref == 'refs/heads/dev' }}
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: docker/Dockerfile.alpine
+          push: true
+          tags: ${{ secrets.DOCKER_USER_NAME }}/ngx_waf:dev-alpine
+          platforms: |
+            linux/amd64
+            linux/arm64/v8
+            linux/arm/v6
+            linux/arm/v7
+            linux/386
+            linux/ppc64le
+            linux/s390x
+

.github/workflows/docs.yml

@@ -9,27 +9,25 @@ on:
 
 
 jobs:
-  # deploy:
-  #   runs-on: ubuntu-latest
-  #   needs: build
-  #   if: ${{ github.event_name != 'pull_request' }}
-  #   steps:
-  #     - uses: actions/checkout@v2
-  #       with: 
-  #         ref: ${{ github.ref }}
-  #     - name: Install Nodejs
-  #       uses: actions/setup-node@v2
-  #       with:
-  #         node-version: '14.15.5'
-  #     - name: Build & Deploy
-  #       uses: jenkey2011/vuepress-deploy@master
-  #       env:
-  #         ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
-  #         TARGET_BRANCH: gh-pages
-  #         BUILD_SCRIPT: set -e && yarn && yarn docs:build
-  #         BUILD_DIR: docs/.vuepress/dist/
-
-
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ github.event_name != 'pull_request' }}
+    steps:
+      - uses: actions/checkout@v2
+        with: 
+          ref: ${{ github.ref }}
+      - name: Install Nodejs
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+      - name: Build & Deploy
+        uses: jenkey2011/vuepress-deploy@master
+        env:
+          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          TARGET_BRANCH: gh-pages
+          BUILD_SCRIPT: set -e && yarn && yarn docs:build
+          BUILD_DIR: docs/.vuepress/dist/
   build:
     runs-on: ubuntu-latest
     steps:

.github/workflows/test.yml

@@ -4,11 +4,93 @@ on:
   - push
   - pull_request
 
-
 jobs:
+  native:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        nginx-version: ['stable nginx', 'mainline nginx']
+        install-type:  ['static module', 'dynamic module']
+    steps:
+      - uses: actions/checkout@v2
+        with: 
+          ref: ${{ github.ref }}
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+          architecture: 'x64'
+      - name: Install dependencies
+        run: |
+          sudo apt-get --yes update
+          sudo apt-get install --yes build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev
+          sudo pip install lastversion
+      - name: Download ${{ matrix.nginx-version }}
+        run: |
+          chmod 777 -R ${{ github.workspace }}
+          if [ ${{ matrix.nginx-version }} = 'stable nginx' ] ; then  \
+            version='stable' ;\
+          else  \
+            version='mainline' ;\
+          fi
+          lastversion download nginx:${version}
+          mkdir nginx-src
+          tar zxf nginx-*.tar.gz --directory nginx-src --strip-components=1
+      - name: Configure ${{ matrix.install-type }}
+        run: |
+          cd nginx-src
+          if [ ${{ matrix.install-type }} = 'static module' ] ; then \
+            opt='--add-module' ;\
+          else \
+            opt='--add-dynamic-module' ;\
+          fi
+          ./configure ${opt}=..
+      - name: Install ${{ matrix.nginx-version }}
+        run: |
+          cd nginx-src
+          make
+          sudo make install
+          sudo useradd nginx -s /sbin/nologin -M
+          sudo chmod 777 -R /usr/local/nginx
+          sudo ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
+      - name: Initialize nginx.conf
+        run: |
+          sudo chmod 777 -R test
+          sudo ./test/init-conf.sh /usr/local/nginx
+      - name: Test urls
+        run: |
+          sudo nginx
+          sudo ./test/test-url.sh
+          sudo nginx -s stop
+      - name: Test args
+        run: |
+          sudo nginx
+          sudo ./test/test-args.sh
+          sudo nginx -s stop
+      - name: Test cookies
+        run: |
+          sudo nginx
+          sudo ./test/test-cookie.sh
+          sudo nginx -s stop
+      - name: Test user-agents
+        run: |
+          sudo nginx
+          sudo ./test/test-ua.sh
+          sudo nginx -s stop
+      - name: Test cc attack
+        run: |
+          sudo nginx
+          sudo ./test/test-cc.sh
+          sudo nginx -s stop
+      - name: Test segmentation fault
+        run: |
+          if [ -e /usr/local/nginx/logs/core ] ; then \
+            exit 1 ; \
+          fi
   docker:
     runs-on: ubuntu-latest
-    # needs: native
+    strategy:
+      matrix:
+        os: ['debian', 'alpine']
     steps:
       - uses: actions/checkout@v2
         with: 
@@ -17,104 +99,10 @@ jobs:
         uses: docker/setup-qemu-action@v1
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USER_NAME }}
-          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: addsp/ngx_waf:dev
-          platforms: |
-            linux/amd64
-            linux/arm/v6
-            linux/arm/v7
-            linux/arm64/v8
-            linux/386
-            linux/ppc64le
-            linux/s390x
-  # native:
-  #   runs-on: ubuntu-latest
-  #   strategy:
-  #     matrix:
-  #       nginx-version: ['stable nginx', 'mainline nginx']
-  #       install-type:  ['static module', 'dynamic module']
-  #   steps:
-  #     - uses: actions/checkout@v2
-  #       with: 
-  #         ref: ${{ github.ref }}
-  #     - uses: actions/setup-python@v2
-  #       with:
-  #         python-version: '3.x'
-  #         architecture: 'x64'
-  #     - name: Install dependencies
-  #       run: |
-  #         sudo apt-get update
-  #         sudo apt-get install build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev
-  #         sudo pip install lastversion
-  #     - name: Download ${{ matrix.nginx-version }}
-  #       run: |
-  #         chmod 777 -R ${{ github.workspace }}
-  #         if [ ${{ matrix.nginx-version }} = 'stable nginx' ] ; then  \
-  #           version='stable' ;\
-  #         else  \
-  #           version='mainline' ;\
-  #         fi
-  #         lastversion download nginx:${version}
-  #         mkdir nginx-src
-  #         tar zxf nginx-*.tar.gz --directory nginx-src --strip-components=1
-  #     - name: Configure ${{ matrix.install-type }}
-  #       run: |
-  #         cd nginx-src
-  #         if [ ${{ matrix.install-type }} = 'static module' ] ; then \
-  #           opt='--add-module' ;\
-  #         else \
-  #           opt='--add-dynamic-module' ;\
-  #         fi
-  #         ./configure ${opt}=..
-  #     - name: Install ${{ matrix.nginx-version }}
-  #       run: |
-  #         cd nginx-src
-  #         make
-  #         sudo make install
-  #         sudo useradd nginx -s /sbin/nologin -M
-  #         sudo chmod 777 -R /usr/local/nginx
-  #         sudo ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
-  #     - name: Initial nginx.conf
-  #       run: |
-  #         sudo chmod 777 -R test
-  #         sudo ./test/init-conf.sh /usr/local/nginx
-  #     - name: Test urls
-  #       run: |
-  #         sudo nginx
-  #         sudo ./test/test-url.sh
-  #         sudo nginx -s stop
-  #     - name: Test args
-  #       run: |
-  #         sudo nginx
-  #         sudo ./test/test-args.sh
-  #         sudo nginx -s stop
-  #     - name: Test cookies
-  #       run: |
-  #         sudo nginx
-  #         sudo ./test/test-cookie.sh
-  #         sudo nginx -s stop
-  #     - name: Test user-agents
-  #       run: |
-  #         sudo nginx
-  #         sudo ./test/test-ua.sh
-  #         sudo nginx -s stop
-  #     - name: Test cc attack
-  #       run: |
-  #         sudo nginx
-  #         sudo ./test/test-cc.sh
-  #         sudo nginx -s stop
-  #     - name: Test segmentation fault
-  #       run: |
-  #         if [ -e /usr/local/nginx/logs/core ] ; then \
-  #           exit 1 ; \
-  #         fi
+      - name: Build (debian)
+        if: ${{ matrix.os == 'debian' }}
+        run: docker build --file docker/Dockerfile.debian .
+      - name: Build (alpine)
+        if: ${{ matrix.os == 'alpine' }}
+        run: docker build --file docker/Dockerfile.alpine .
 

.gitignore

@@ -1,4 +1,5 @@
 inc/uthash
 .vscode
 node_modules
-docs/.vuepress/dist
+docs/.vuepress/dist
+yarn.lock