static void * yy_sec_waf_parse_regex(ngx_conf_t *cf, ngx_str_t *tmp, ngx_http_yy_sec_waf_rule_t *rule) { ngx_regex_compile_t *rgc; ngx_str_t pattern; pattern.data = tmp->data + ngx_strlen(REGEX); pattern.len = tmp->len - ngx_strlen(REGEX); rgc = ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t)); if (!rgc) return NGX_CONF_ERROR; rgc->options = PCRE_CASELESS|PCRE_MULTILINE; rgc->pattern = pattern; rgc->pool = cf->pool; rgc->err.len = 0; rgc->err.data = NULL; rule->regex = ngx_http_regex_compile(cf, rgc); if (rule->regex == NULL) return NGX_CONF_ERROR; return NGX_CONF_OK; }
static char * rdns_conf_rule(ngx_conf_t * cf, ngx_command_t * cmd, void * conf, int access_type) { ngx_http_rdns_loc_conf_t * loc_conf = conf; ngx_str_t * value; ngx_http_rdns_rule_t * rule; ngx_regex_compile_t rc; u_char errstr[NGX_MAX_CONF_ERRSTR]; if (loc_conf == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "internal error"); ngx_conf_log_error(NGX_LOG_DEBUG, cf, 0, "location config NULL pointer"); return NGX_CONF_ERROR; } value = cf->args->elts; if (loc_conf->rules == NULL) { loc_conf->rules = ngx_array_create(cf->pool, 1, sizeof(ngx_http_rdns_rule_t)); if (loc_conf->rules == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "internal error"); ngx_conf_log_error(NGX_LOG_DEBUG, cf, 0, "unable to allocate memory for rules array"); return NGX_CONF_ERROR; } } rule = ngx_array_push(loc_conf->rules); if (rule == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "internal error"); ngx_conf_log_error(NGX_LOG_DEBUG, cf, 0, "unable to allocate memory for rule"); return NGX_CONF_ERROR; } rule->access_type = access_type; rule->domain = value[1]; ngx_memzero(&rc, sizeof(ngx_regex_compile_t)); rc.pattern = rule->domain; rc.err.len = NGX_MAX_CONF_ERRSTR; rc.err.data = errstr; rc.options = NGX_REGEX_CASELESS; rule->domain_regex = ngx_http_regex_compile(cf, &rc); if (rule->domain_regex == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "unable to compile regex rule"); return NGX_CONF_ERROR; } ngx_conf_log_error(NGX_LOG_DEBUG, cf, 0, "using rule '%V'", &rule->domain); return NGX_CONF_OK; }
static char * ngx_http_rewrite_if_condition(ngx_conf_t *cf, ngx_http_rewrite_loc_conf_t *lcf) { u_char *p; size_t len; ngx_str_t *value; ngx_uint_t cur, last; ngx_regex_compile_t rc; ngx_http_script_code_pt *code; ngx_http_script_file_code_t *fop; ngx_http_script_regex_code_t *regex; u_char errstr[NGX_MAX_CONF_ERRSTR]; value = cf->args->elts; last = cf->args->nelts - 1; if (value[1].len < 1 || value[1].data[0] != '(') { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid condition \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (value[1].len == 1) { cur = 2; } else { cur = 1; value[1].len--; value[1].data++; } if (value[last].len < 1 || value[last].data[value[last].len - 1] != ')') { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid condition \"%V\"", &value[last]); return NGX_CONF_ERROR; } if (value[last].len == 1) { last--; } else { value[last].len--; value[last].data[value[last].len] = '\0'; } len = value[cur].len; p = value[cur].data; if (len > 1 && p[0] == '$') { if (cur != last && cur + 2 != last) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid condition \"%V\"", &value[cur]); return NGX_CONF_ERROR; } if (ngx_http_rewrite_variable(cf, lcf, &value[cur]) != NGX_CONF_OK) { return NGX_CONF_ERROR; } if (cur == last) { return NGX_CONF_OK; } cur++; len = value[cur].len; p = value[cur].data; if (len == 1 && p[0] == '=') { if (ngx_http_rewrite_value(cf, lcf, &value[last]) != NGX_CONF_OK) { return NGX_CONF_ERROR; } code = ngx_http_script_start_code(cf->pool, &lcf->codes, sizeof(uintptr_t)); if (code == NULL) { return NGX_CONF_ERROR; } *code = ngx_http_script_equal_code; return NGX_CONF_OK; } if (len == 2 && p[0] == '!' && p[1] == '=') { if (ngx_http_rewrite_value(cf, lcf, &value[last]) != NGX_CONF_OK) { return NGX_CONF_ERROR; } code = ngx_http_script_start_code(cf->pool, &lcf->codes, sizeof(uintptr_t)); if (code == NULL) { return NGX_CONF_ERROR; } *code = ngx_http_script_not_equal_code; return NGX_CONF_OK; } if ((len == 1 && p[0] == '~') || (len == 2 && p[0] == '~' && p[1] == '*') || (len == 2 && p[0] == '!' && p[1] == '~') || (len == 3 && p[0] == '!' && p[1] == '~' && p[2] == '*')) { regex = ngx_http_script_start_code(cf->pool, &lcf->codes, sizeof(ngx_http_script_regex_code_t)); if (regex == NULL) { return NGX_CONF_ERROR; } ngx_memzero(regex, sizeof(ngx_http_script_regex_code_t)); ngx_memzero(&rc, sizeof(ngx_regex_compile_t)); rc.pattern = value[last]; rc.options = (p[len - 1] == '*') ? NGX_REGEX_CASELESS : 0; rc.err.len = NGX_MAX_CONF_ERRSTR; rc.err.data = errstr; regex->regex = ngx_http_regex_compile(cf, &rc); if (regex->regex == NULL) { return NGX_CONF_ERROR; } regex->code = ngx_http_script_regex_start_code; regex->next = sizeof(ngx_http_script_regex_code_t); regex->test = 1; if (p[0] == '!') { regex->negative_test = 1; } regex->name = value[last]; return NGX_CONF_OK; } ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "unexpected \"%V\" in condition", &value[cur]); return NGX_CONF_ERROR; } else if ((len == 2 && p[0] == '-') || (len == 3 && p[0] == '!' && p[1] == '-')) { if (cur + 1 != last) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid condition \"%V\"", &value[cur]); return NGX_CONF_ERROR; } value[last].data[value[last].len] = '\0'; value[last].len++; if (ngx_http_rewrite_value(cf, lcf, &value[last]) != NGX_CONF_OK) { return NGX_CONF_ERROR; } fop = ngx_http_script_start_code(cf->pool, &lcf->codes, sizeof(ngx_http_script_file_code_t)); if (fop == NULL) { return NGX_CONF_ERROR; } fop->code = ngx_http_script_file_code; if (p[1] == 'f') { fop->op = ngx_http_script_file_plain; return NGX_CONF_OK; } if (p[1] == 'd') { fop->op = ngx_http_script_file_dir; return NGX_CONF_OK; } if (p[1] == 'e') { fop->op = ngx_http_script_file_exists; return NGX_CONF_OK; } if (p[1] == 'x') { fop->op = ngx_http_script_file_exec; return NGX_CONF_OK; } if (p[0] == '!') { if (p[2] == 'f') { fop->op = ngx_http_script_file_not_plain; return NGX_CONF_OK; } if (p[2] == 'd') { fop->op = ngx_http_script_file_not_dir; return NGX_CONF_OK; } if (p[2] == 'e') { fop->op = ngx_http_script_file_not_exists; return NGX_CONF_OK; } if (p[2] == 'x') { fop->op = ngx_http_script_file_not_exec; return NGX_CONF_OK; } } ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid condition \"%V\"", &value[cur]); return NGX_CONF_ERROR; } ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid condition \"%V\"", &value[cur]); return NGX_CONF_ERROR; }
static char * ngx_http_rewrite(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_rewrite_loc_conf_t *lcf = conf; ngx_str_t *value; ngx_uint_t last; ngx_regex_compile_t rc; ngx_http_script_code_pt *code; ngx_http_script_compile_t sc; ngx_http_script_regex_code_t *regex; ngx_http_script_regex_end_code_t *regex_end; u_char errstr[NGX_MAX_CONF_ERRSTR]; regex = ngx_http_script_start_code(cf->pool, &lcf->codes, sizeof(ngx_http_script_regex_code_t)); if (regex == NULL) { return NGX_CONF_ERROR; } ngx_memzero(regex, sizeof(ngx_http_script_regex_code_t)); value = cf->args->elts; ngx_memzero(&rc, sizeof(ngx_regex_compile_t)); rc.pattern = value[1]; rc.err.len = NGX_MAX_CONF_ERRSTR; rc.err.data = errstr; /* TODO: NGX_REGEX_CASELESS */ regex->regex = ngx_http_regex_compile(cf, &rc); if (regex->regex == NULL) { return NGX_CONF_ERROR; } regex->code = ngx_http_script_regex_start_code; regex->uri = 1; regex->name = value[1]; if (value[2].data[value[2].len - 1] == '?') { /* the last "?" drops the original arguments */ value[2].len--; } else { regex->add_args = 1; } last = 0; if (ngx_strncmp(value[2].data, "http://", sizeof("http://") - 1) == 0 || ngx_strncmp(value[2].data, "https://", sizeof("https://") - 1) == 0 || ngx_strncmp(value[2].data, "$scheme", sizeof("$scheme") - 1) == 0) { regex->status = NGX_HTTP_MOVED_TEMPORARILY; regex->redirect = 1; last = 1; } if (cf->args->nelts == 4) { if (ngx_strcmp(value[3].data, "last") == 0) { last = 1; } else if (ngx_strcmp(value[3].data, "break") == 0) { regex->break_cycle = 1; last = 1; } else if (ngx_strcmp(value[3].data, "redirect") == 0) { regex->status = NGX_HTTP_MOVED_TEMPORARILY; regex->redirect = 1; last = 1; } else if (ngx_strcmp(value[3].data, "permanent") == 0) { regex->status = NGX_HTTP_MOVED_PERMANENTLY; regex->redirect = 1; last = 1; } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[3]); return NGX_CONF_ERROR; } } ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); sc.cf = cf; sc.source = &value[2]; sc.lengths = ®ex->lengths; sc.values = &lcf->codes; sc.variables = ngx_http_script_variables_count(&value[2]); sc.main = regex; sc.complete_lengths = 1; sc.compile_args = !regex->redirect; if (ngx_http_script_compile(&sc) != NGX_OK) { return NGX_CONF_ERROR; } regex = sc.main; regex->size = sc.size; regex->args = sc.args; if (sc.variables == 0 && !sc.dup_capture) { regex->lengths = NULL; } regex_end = ngx_http_script_add_code(lcf->codes, sizeof(ngx_http_script_regex_end_code_t), ®ex); if (regex_end == NULL) { return NGX_CONF_ERROR; } regex_end->code = ngx_http_script_regex_end_code; regex_end->uri = regex->uri; regex_end->args = regex->args; regex_end->add_args = regex->add_args; regex_end->redirect = regex->redirect; if (last) { code = ngx_http_script_add_code(lcf->codes, sizeof(uintptr_t), ®ex); if (code == NULL) { return NGX_CONF_ERROR; } *code = NULL; } regex->next = (u_char *) lcf->codes->elts + lcf->codes->nelts - (u_char *) regex; return NGX_CONF_OK; }
static char * ngx_http_map(ngx_conf_t *cf, ngx_command_t *dummy, void *conf) { ngx_int_t rc, index; ngx_str_t *value, file, name; ngx_uint_t i, key; ngx_http_map_conf_ctx_t *ctx; ngx_http_variable_value_t *var, **vp; ctx = cf->ctx; value = cf->args->elts; if (cf->args->nelts == 1 && ngx_strcmp(value[0].data, "hostnames") == 0) { ctx->hostnames = 1; return NGX_CONF_OK; } else if (cf->args->nelts != 2) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid number of the map parameters"); return NGX_CONF_ERROR; } if (ngx_strcmp(value[0].data, "include") == 0) { file = value[1]; if (ngx_conf_full_name(cf->cycle, &file, 1) != NGX_OK) { return NGX_CONF_ERROR; } ngx_log_debug1(NGX_LOG_DEBUG_CORE, cf->log, 0, "include %s", file.data); return ngx_conf_parse(cf, &file); } if (value[1].data[0] == '$') { name = value[1]; name.len--; name.data++; index = ngx_http_get_variable_index(ctx->cf, &name); if (index == NGX_ERROR) { return NGX_CONF_ERROR; } var = ctx->var_values.elts; for (i = 0; i < ctx->var_values.nelts; i++) { if (index == (ngx_int_t) var[i].data) { goto found; } } var = ngx_palloc(ctx->keys.pool, sizeof(ngx_http_variable_value_t)); if (var == NULL) { return NGX_CONF_ERROR; } var->valid = 0; var->no_cacheable = 0; var->not_found = 0; var->len = 0; var->data = (u_char *) index; vp = ngx_array_push(&ctx->var_values); if (vp == NULL) { return NGX_CONF_ERROR; } *vp = var; goto found; } key = 0; for (i = 0; i < value[1].len; i++) { key = ngx_hash(key, value[1].data[i]); } key %= ctx->keys.hsize; vp = ctx->values_hash[key].elts; if (vp) { for (i = 0; i < ctx->values_hash[key].nelts; i++) { if (value[1].len != (size_t) vp[i]->len) { continue; } if (ngx_strncmp(value[1].data, vp[i]->data, value[1].len) == 0) { var = vp[i]; goto found; } } } else { if (ngx_array_init(&ctx->values_hash[key], cf->pool, 4, sizeof(ngx_http_variable_value_t *)) != NGX_OK) { return NGX_CONF_ERROR; } } var = ngx_palloc(ctx->keys.pool, sizeof(ngx_http_variable_value_t)); if (var == NULL) { return NGX_CONF_ERROR; } var->len = value[1].len; var->data = ngx_pstrdup(ctx->keys.pool, &value[1]); if (var->data == NULL) { return NGX_CONF_ERROR; } var->valid = 1; var->no_cacheable = 0; var->not_found = 0; vp = ngx_array_push(&ctx->values_hash[key]); if (vp == NULL) { return NGX_CONF_ERROR; } *vp = var; found: if (ngx_strcmp(value[0].data, "default") == 0) { if (ctx->default_value) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "duplicate default map parameter"); return NGX_CONF_ERROR; } ctx->default_value = var; return NGX_CONF_OK; } #if (NGX_PCRE) if (value[0].len && value[0].data[0] == '~') { ngx_regex_compile_t rc; ngx_http_map_regex_t *regex; u_char errstr[NGX_MAX_CONF_ERRSTR]; regex = ngx_array_push(&ctx->regexes); if (regex == NULL) { return NGX_CONF_ERROR; } value[0].len--; value[0].data++; ngx_memzero(&rc, sizeof(ngx_regex_compile_t)); rc.pattern = value[0]; rc.err.len = NGX_MAX_CONF_ERRSTR; rc.err.data = errstr; regex->regex = ngx_http_regex_compile(ctx->cf, &rc); if (regex->regex == NULL) { return NGX_CONF_ERROR; } regex->value = var; return NGX_CONF_OK; } #endif if (value[0].len && value[0].data[0] == '\\') { value[0].len--; value[0].data++; } rc = ngx_hash_add_key(&ctx->keys, &value[0], var, (ctx->hostnames) ? NGX_HASH_WILDCARD_KEY : 0); if (rc == NGX_OK) { return NGX_CONF_OK; } if (rc == NGX_DECLINED) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid hostname or wildcard \"%V\"", &value[0]); } if (rc == NGX_BUSY) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "conflicting parameter \"%V\"", &value[0]); } return NGX_CONF_ERROR; }
static char * ngx_http_map(ngx_conf_t *cf, ngx_command_t *dummy, void *conf) { u_char *data; size_t len; ngx_int_t rv; ngx_str_t *value, v; ngx_uint_t i, key; ngx_http_map_conf_ctx_t *ctx; ngx_http_complex_value_t cv, *cvp; ngx_http_variable_value_t *var, **vp; ngx_http_compile_complex_value_t ccv; ctx = cf->ctx; value = cf->args->elts; if (cf->args->nelts == 1 && ngx_strcmp(value[0].data, "hostnames") == 0) { ctx->hostnames = 1; return NGX_CONF_OK; } if (cf->args->nelts == 1 && ngx_strcmp(value[0].data, "volatile") == 0) { ctx->no_cacheable = 1; return NGX_CONF_OK; } if (cf->args->nelts != 2) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid number of the map parameters"); return NGX_CONF_ERROR; } if (ngx_strcmp(value[0].data, "include") == 0) { return ngx_conf_include(cf, dummy, conf); } key = 0; for (i = 0; i < value[1].len; i++) { key = ngx_hash(key, value[1].data[i]); } key %= ctx->keys.hsize; vp = ctx->values_hash[key].elts; if (vp) { for (i = 0; i < ctx->values_hash[key].nelts; i++) { if (vp[i]->valid) { data = vp[i]->data; len = vp[i]->len; } else { cvp = (ngx_http_complex_value_t *) vp[i]->data; data = cvp->value.data; len = cvp->value.len; } if (value[1].len != len) { continue; } if (ngx_strncmp(value[1].data, data, len) == 0) { var = vp[i]; goto found; } } } else { if (ngx_array_init(&ctx->values_hash[key], cf->pool, 4, sizeof(ngx_http_variable_value_t *)) != NGX_OK) { return NGX_CONF_ERROR; } } var = ngx_palloc(ctx->keys.pool, sizeof(ngx_http_variable_value_t)); if (var == NULL) { return NGX_CONF_ERROR; } v.len = value[1].len; v.data = ngx_pstrdup(ctx->keys.pool, &value[1]); if (v.data == NULL) { return NGX_CONF_ERROR; } ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); ccv.cf = ctx->cf; ccv.value = &v; ccv.complex_value = &cv; if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { return NGX_CONF_ERROR; } if (cv.lengths != NULL) { cvp = ngx_palloc(ctx->keys.pool, sizeof(ngx_http_complex_value_t)); if (cvp == NULL) { return NGX_CONF_ERROR; } *cvp = cv; var->len = 0; var->data = (u_char *) cvp; var->valid = 0; } else { var->len = v.len; var->data = v.data; var->valid = 1; } var->no_cacheable = 0; var->not_found = 0; vp = ngx_array_push(&ctx->values_hash[key]); if (vp == NULL) { return NGX_CONF_ERROR; } *vp = var; found: if (ngx_strcmp(value[0].data, "default") == 0) { if (ctx->default_value) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "duplicate default map parameter"); return NGX_CONF_ERROR; } ctx->default_value = var; return NGX_CONF_OK; } #if (NGX_PCRE) if (value[0].len && value[0].data[0] == '~') { ngx_regex_compile_t rc; ngx_http_map_regex_t *regex; u_char errstr[NGX_MAX_CONF_ERRSTR]; regex = ngx_array_push(&ctx->regexes); if (regex == NULL) { return NGX_CONF_ERROR; } value[0].len--; value[0].data++; ngx_memzero(&rc, sizeof(ngx_regex_compile_t)); if (value[0].data[0] == '*') { value[0].len--; value[0].data++; rc.options = NGX_REGEX_CASELESS; } rc.pattern = value[0]; rc.err.len = NGX_MAX_CONF_ERRSTR; rc.err.data = errstr; regex->regex = ngx_http_regex_compile(ctx->cf, &rc); if (regex->regex == NULL) { return NGX_CONF_ERROR; } regex->value = var; return NGX_CONF_OK; } #endif if (value[0].len && value[0].data[0] == '\\') { value[0].len--; value[0].data++; } rv = ngx_hash_add_key(&ctx->keys, &value[0], var, (ctx->hostnames) ? NGX_HASH_WILDCARD_KEY : 0); if (rv == NGX_OK) { return NGX_CONF_OK; } if (rv == NGX_DECLINED) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid hostname or wildcard \"%V\"", &value[0]); } if (rv == NGX_BUSY) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "conflicting parameter \"%V\"", &value[0]); } return NGX_CONF_ERROR; }