-
Notifications
You must be signed in to change notification settings - Fork 282
65 lines (62 loc) · 2.59 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: Quality Assurance
on:
push:
pull_request:
jobs:
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
platform: [x32, x64]
compiler: [gcc, clang]
steps:
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install -y gcc g++ make autoconf automake make libyajl-dev libxml2-dev libmaxminddb-dev libpcre2-dev libpcre2-8-0 libpcre2-16-0 libpcre2-32-0 libcurl4-gnutls-dev jq wget
- name: Install ModSecurity library
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
modsecver=`gh release view -R owasp-modsecurity/ModSecurity -q .tagName --json tagName`
gh release download -p "*.tar.gz" -R owasp-modsecurity/ModSecurity $modsecver -O - | tar -xzf -
cd modsecurity-$modsecver
./configure --disable-lmdb --prefix=/usr
make -j `nproc`
sudo make install
cd
- uses: actions/checkout@v2
with:
path: ModSecurity-nginx
- name: Get Nginx source
uses: actions/checkout@v3
with:
repository: nginx/nginx
path: nginx
- name: Build nginx
working-directory: nginx
run: |
./auto/configure --with-ld-opt="-Wl,-rpath,/usr/local/lib" --without-pcre2 --add-module=/home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx
make
make modules
sudo make install
- name: Start Nginx
run: |
sudo /usr/local/nginx/sbin/nginx -c /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/nginx.conf
- name: Run attack test vhost 1
run: |
resp=`curl -I -X GET -H "Host: modsectest1" http://localhost/?q=attack | head -1 | cut -d$' ' -f2`
if [ $resp == "403" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
- name: Run non-attack test vhost 1
run: |
resp=`curl -I -X GET -H "Host: modsectest1" http://localhost/?q=1 | head -1 | cut -d$' ' -f2`
if [ $resp == "200" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
- name: Run attack test vhost 2
run: |
resp=`curl -I -X GET -H "Host: modsectest2" http://localhost/?q=attack | head -1 | cut -d$' ' -f2`
if [ $resp == "403" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
- name: Run non-attack test vhost 2
run: |
resp=`curl -I -X GET -H "Host: modsectest2" http://localhost/?q=1 | head -1 | cut -d$' ' -f2`
if [ $resp == "200" ]; then echo "OK"; else echo "FAIL"; exit 1; fi