Permalink
Browse files

checked in the first draft.

  • Loading branch information...
1 parent 1e5c404 commit beb9390a6ec6ac3b7ef3ae8a5f4428a05cd840b3 @agentzh agentzh committed Jan 21, 2010
View
@@ -0,0 +1,60 @@
+*.mobi
+genmobi.sh
+.libs
+*.swp
+*.slo
+*.la
+*.swo
+*.lo
+*~
+*.o
+print.txt
+.rsync
+*.tar.gz
+dist
+build[78]
+build
+tags
+update-readme
+*.tmp
+test/Makefile
+test/blib
+test.sh
+t.sh
+t/t.sh
+test/t/servroot/
+releng
+reset
+*.t_
+src/handler.h
+src/util.c
+src/module.h
+src/module.c
+src/drizzle.c
+src/processor.h
+src/handler.c
+src/util.h
+src/drizzle.h
+src/processor.c
+src/output.c
+src/output.h
+libdrizzle
+ctags
+src/stream.h
+nginx
+keepalive
+reindex
+src/keepalive.c
+src/keepalive.h
+src/checker.h
+src/checker.c
+src/quoting.h
+src/quoting.c
+src/module.h
+src/module.c
+src/util.h
+src/util.c
+src/processor.h
+src/processor.c
+src/rds.h
+src/utils.h
View
5 config
@@ -0,0 +1,5 @@
+ngx_addon_name=ngx_http_xss_filter_module
+HTTP_AUX_FILTER_MODULES="$HTTP_AUX_FILTER_MODULES ngx_http_xss_filter_module"
+NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/src/ngx_http_xss_filter_module.c $ngx_addon_dir/src/ngx_http_xss_util.c"
+NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/src/ddebug.h $ngx_addon_dir/src/ngx_http_xss_filter_module.h $ngx_addon_dir/src/ngx_http_xss_util.h"
+
View
@@ -0,0 +1,71 @@
+#ifndef DDEBUG_H
+#define DDEBUG_H
+
+#include <ngx_core.h>
+
+#if defined(DDEBUG) && (DDEBUG)
+
+# if (NGX_HAVE_VARIADIC_MACROS)
+
+# define dd(...) fprintf(stderr, "xss *** "); \
+ fprintf(stderr, __VA_ARGS__); \
+ fprintf(stderr, " at %s line %d.\n", __FILE__, __LINE__)
+
+# else
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <stdarg.h>
+
+static void dd(const char * fmt, ...) {
+}
+
+# endif
+
+#else
+
+# if (NGX_HAVE_VARIADIC_MACROS)
+
+# define dd(...)
+
+# else
+
+#include <stdarg.h>
+
+static void dd(const char * fmt, ...) {
+}
+
+# endif
+
+#endif
+
+#if defined(DDEBUG) && (DDEBUG)
+
+#define dd_check_read_event_handler(r) \
+ dd("r->read_event_handler = %s", \
+ r->read_event_handler == ngx_http_block_reading ? \
+ "ngx_http_block_reading" : \
+ r->read_event_handler == ngx_http_test_reading ? \
+ "ngx_http_test_reading" : \
+ r->read_event_handler == ngx_http_request_empty_handler ? \
+ "ngx_http_request_empty_handler" : "UNKNOWN")
+
+#define dd_check_write_event_handler(r) \
+ dd("r->write_event_handler = %s", \
+ r->write_event_handler == ngx_http_handler ? \
+ "ngx_http_handler" : \
+ r->write_event_handler == ngx_http_core_run_phases ? \
+ "ngx_http_core_run_phases" : \
+ r->write_event_handler == ngx_http_request_empty_handler ? \
+ "ngx_http_request_empty_handler" : "UNKNOWN")
+
+#else
+
+#define dd_check_read_event_handler(r)
+#define dd_check_write_event_handler(r)
+
+#endif
+
+#endif /* DDEBUG_H */
+
@@ -0,0 +1,232 @@
+/*
+ * Copyright (C) agentzh
+ */
+
+#include "ngx_http_xss_filter_module.h"
+#include <ngx_config.h>
+
+
+static void *ngx_http_xss_create_conf(ngx_conf_t *cf);
+static char *ngx_http_xss_merge_conf(ngx_conf_t *cf, void *parent,
+ void *child);
+static ngx_int_t ngx_http_xss_filter_init(ngx_conf_t *cf);
+
+
+static ngx_command_t ngx_http_xss_commands[] = {
+
+ { ngx_string("add_before_body"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_xss_conf_t, before_body),
+ NULL },
+
+ { ngx_string("add_after_body"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_xss_conf_t, after_body),
+ NULL },
+
+ { ngx_string("xss_types"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
+ ngx_http_types_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_xss_conf_t, types_keys),
+ &ngx_http_html_default_types[0] },
+
+ ngx_null_command
+};
+
+
+static ngx_http_module_t ngx_http_xss_filter_module_ctx = {
+ NULL, /* preconfiguration */
+ ngx_http_xss_filter_init, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ NULL, /* create server configuration */
+ NULL, /* merge server configuration */
+
+ ngx_http_xss_create_conf, /* create location configuration */
+ ngx_http_xss_merge_conf /* merge location configuration */
+};
+
+
+ngx_module_t ngx_http_xss_filter_module = {
+ NGX_MODULE_V1,
+ &ngx_http_xss_filter_module_ctx, /* module context */
+ ngx_http_xss_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_http_output_header_filter_pt ngx_http_next_header_filter;
+static ngx_http_output_body_filter_pt ngx_http_next_body_filter;
+
+
+static ngx_int_t
+ngx_http_xss_header_filter(ngx_http_request_t *r)
+{
+ ngx_http_xss_ctx_t *ctx;
+ ngx_http_xss_conf_t *conf;
+
+ if (r->headers_out.status != NGX_HTTP_OK || r != r->main) {
+ return ngx_http_next_header_filter(r);
+ }
+
+ conf = ngx_http_get_module_loc_conf(r, ngx_http_xss_filter_module);
+
+ if (conf->before_body.len == 0 && conf->after_body.len == 0) {
+ return ngx_http_next_header_filter(r);
+ }
+
+ if (ngx_http_test_content_type(r, &conf->types) == NULL) {
+ return ngx_http_next_header_filter(r);
+ }
+
+ ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_xss_ctx_t));
+ if (ctx == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_http_set_ctx(r, ctx, ngx_http_xss_filter_module);
+
+ ngx_http_clear_content_length(r);
+ ngx_http_clear_accept_ranges(r);
+
+ return ngx_http_next_header_filter(r);
+}
+
+
+static ngx_int_t
+ngx_http_xss_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
+{
+ ngx_int_t rc;
+ ngx_uint_t last;
+ ngx_chain_t *cl;
+ ngx_http_request_t *sr;
+ ngx_http_xss_ctx_t *ctx;
+ ngx_http_xss_conf_t *conf;
+
+ if (in == NULL || r->header_only) {
+ return ngx_http_next_body_filter(r, in);
+ }
+
+ ctx = ngx_http_get_module_ctx(r, ngx_http_xss_filter_module);
+
+ if (ctx == NULL) {
+ return ngx_http_next_body_filter(r, in);
+ }
+
+ conf = ngx_http_get_module_loc_conf(r, ngx_http_xss_filter_module);
+
+ if (!ctx->before_body_sent) {
+ ctx->before_body_sent = 1;
+
+ if (conf->before_body.len) {
+ if (ngx_http_subrequest(r, &conf->before_body, NULL, &sr, NULL, 0)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+ }
+ }
+
+ if (conf->after_body.len == 0) {
+ ngx_http_set_ctx(r, NULL, ngx_http_xss_filter_module);
+ return ngx_http_next_body_filter(r, in);
+ }
+
+ last = 0;
+
+ for (cl = in; cl; cl = cl->next) {
+ if (cl->buf->last_buf) {
+ cl->buf->last_buf = 0;
+ cl->buf->sync = 1;
+ last = 1;
+ }
+ }
+
+ rc = ngx_http_next_body_filter(r, in);
+
+ if (rc == NGX_ERROR || !last || conf->after_body.len == 0) {
+ return rc;
+ }
+
+ if (ngx_http_subrequest(r, &conf->after_body, NULL, &sr, NULL, 0)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+
+ ngx_http_set_ctx(r, NULL, ngx_http_xss_filter_module);
+
+ return ngx_http_send_special(r, NGX_HTTP_LAST);
+}
+
+
+static ngx_int_t
+ngx_http_xss_filter_init(ngx_conf_t *cf)
+{
+ ngx_http_next_header_filter = ngx_http_top_header_filter;
+ ngx_http_top_header_filter = ngx_http_xss_header_filter;
+
+ ngx_http_next_body_filter = ngx_http_top_body_filter;
+ ngx_http_top_body_filter = ngx_http_xss_body_filter;
+
+ return NGX_OK;
+}
+
+
+static void *
+ngx_http_xss_create_conf(ngx_conf_t *cf)
+{
+ ngx_http_xss_conf_t *conf;
+
+ conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_xss_conf_t));
+ if (conf == NULL) {
+ return NULL;
+ }
+
+ /*
+ * set by ngx_pcalloc():
+ *
+ * conf->before_body = { 0, NULL };
+ * conf->after_body = { 0, NULL };
+ * conf->types = { NULL };
+ * conf->types_keys = NULL;
+ */
+
+ return conf;
+}
+
+
+static char *
+ngx_http_xss_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+ ngx_http_xss_conf_t *prev = parent;
+ ngx_http_xss_conf_t *conf = child;
+
+ ngx_conf_merge_str_value(conf->before_body, prev->before_body, "");
+ ngx_conf_merge_str_value(conf->after_body, prev->after_body, "");
+
+ if (ngx_http_merge_types(cf, &conf->types_keys, &conf->types,
+ &prev->types_keys, &prev->types,
+ ngx_http_html_default_types)
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
@@ -0,0 +1,24 @@
+#ifndef NGX_HTTP_XSS_FILTER_MODULE_H
+#define NGX_HTTP_XSS_FILTER_MODULE_H
+
+
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+ ngx_str_t before_body;
+ ngx_str_t after_body;
+
+ ngx_hash_t types;
+ ngx_array_t *types_keys;
+} ngx_http_xss_conf_t;
+
+
+typedef struct {
+ ngx_uint_t before_body_sent;
+} ngx_http_xss_ctx_t;
+
+
+#endif /* NGX_HTTP_XSS_FILTER_MODULE_H */
+
Oops, something went wrong.

0 comments on commit beb9390

Please sign in to comment.