svrjs/modsecurity-integration
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: svrjs:stable
Branches Tags
svrjs:main
svrjs:stable
...
pull from: svrjs:main
Branches Tags
svrjs:main
svrjs:stable

4 commits
stable ... main

Author SHA1 Message Date
Dorian Niemiec
770ae5fbd0 build: modify SVR.JS configuration in installation script 2025-01-26 18:11:02 +01:00
Dorian Niemiec
95cb12a9f3 fix: fix request headers added as response headers 2025-01-22 09:56:39 +01:00
Dorian Niemiec
325781566c test: match req.headers with req.rawHeaders 2025-01-22 09:51:19 +01:00
Dorian Niemiec
ceea98db38 fix: fix bug with Host header not sent to ModSecurity for HTTP/2 requests 2025-01-22 09:49:58 +01:00
5 changed files with 62 additions and 11 deletions
Show stats Expand all files Collapse all files

19
package-lock.json generated
View file

@ -31,6 +31,7 @@
"prettier": "^3.3.3", "prettier": "^3.3.3",
"rimraf": "^5.0.10", "rimraf": "^5.0.10",
"wait-on": "^8.0.1", "wait-on": "^8.0.1",
"yaml": "^2.7.0",
"zip": "^1.2.0" "zip": "^1.2.0"
} }
}, },
@ -5897,6 +5898,18 @@
"url": "https://github.com/sponsors/sindresorhus" "url": "https://github.com/sponsors/sindresorhus"
} }
}, },
"node_modules/lint-staged/node_modules/yaml": {
"version": "2.6.1",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.6.1.tgz",
"integrity": "sha512-7r0XPzioN/Q9kXBro/XPnA6kznR73DHq+GXh5ON7ZozRO6aMjbmiBuKste2wslTFkC5d1dw0GooOCepZXJ2SAg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
"node": ">= 14"
}
},
"node_modules/listr2": { "node_modules/listr2": {
"version": "8.2.5", "version": "8.2.5",
"resolved": "https://registry.npmjs.org/listr2/-/listr2-8.2.5.tgz", "resolved": "https://registry.npmjs.org/listr2/-/listr2-8.2.5.tgz",
@ -8021,9 +8034,9 @@
"dev": true "dev": true
}, },
"node_modules/yaml": { "node_modules/yaml": {
"version": "2.6.1", "version": "2.7.0",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.6.1.tgz", "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.7.0.tgz",
"integrity": "sha512-7r0XPzioN/Q9kXBro/XPnA6kznR73DHq+GXh5ON7ZozRO6aMjbmiBuKste2wslTFkC5d1dw0GooOCepZXJ2SAg==", "integrity": "sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==",
"dev": true, "dev": true,
"bin": { "bin": {
"yaml": "bin.mjs" "yaml": "bin.mjs"

1
package.json
View file

@ -33,6 +33,7 @@
"prettier": "^3.3.3", "prettier": "^3.3.3",
"rimraf": "^5.0.10", "rimraf": "^5.0.10",
"wait-on": "^8.0.1", "wait-on": "^8.0.1",
"yaml": "^2.7.0",
"zip": "^1.2.0" "zip": "^1.2.0"
}, },
"dependencies": { "dependencies": {

30
src/index.js
View file

@ -421,15 +421,31 @@ module.exports = (req, res, logFacilities, config, next) => {
return processIntervention(); return processIntervention();
} }
let key = null; let headerIntervene = false;
req.rawHeaders.forEach((v) => { Object.keys(req.headers).every((key) => {
if (key === null) { if (typeof req.headers[key] == "string") {
key = v; securityResponse = transaction.addRequestHeader(key, req.headers[key]);
} else { if (typeof securityResponse === "object") {
transaction.addRequestHeader(key, v); headerIntervene = true;
key = null; return false;
} }
} else if (Array.isArray(req.headers[key])) {
req.headers[key].every((value) => {
securityResponse = transaction.addRequestHeader(key, value);
if (typeof securityResponse === "object") {
headerIntervene = true;
return false;
}
return true;
}); });
if (headerIntervene) return false;
}
return true;
});
if (headerIntervene) {
return processIntervention();
}
securityResponse = transaction.processRequestHeaders(); securityResponse = transaction.processRequestHeaders();
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {

21
svrjs.install.js
View file

@ -4,6 +4,7 @@ const fs = require("fs");
const https = require("https"); const https = require("https");
const zip = require("zip"); const zip = require("zip");
const zlib = require("zlib"); const zlib = require("zlib");
const YAML = require("yaml");
function downloadSVRJS(version) { function downloadSVRJS(version) {
const normalizedVersion = version.toLowerCase().replace(/[^0-9a-z]+/g, "."); const normalizedVersion = version.toLowerCase().replace(/[^0-9a-z]+/g, ".");
@ -68,6 +69,26 @@ function downloadSVRJS(version) {
fs.unlinkSync(__dirname + "/svrjs/svr.compressed"); fs.unlinkSync(__dirname + "/svrjs/svr.compressed");
fs.writeFileSync(__dirname + "/svrjs/svr.js", script); fs.writeFileSync(__dirname + "/svrjs/svr.js", script);
} }
if (fs.existsSync(__dirname + "/svrjs/svrjs.yaml")) {
console.log("Modifying SVR.JS configuration...");
let svrjsConfig = YAML.parse(fs.readFileSync(__dirname + "/svrjs/svrjs.yaml"));
if (!svrjsConfig) svrjsConfig = {};
if (!svrjsConfig.global) svrjsConfig.global = {};
svrjsConfig.global.enableDirectoryListing = true;
svrjsConfig.global.stackHidden = false;
svrjsConfig.global.exposeServerVersion = true;
svrjsConfig.global.exposeModsInErrorPages = true;
fs.writeFileSync(__dirname + "/svrjs/svrjs.yaml", YAML.stringify(svrjsConfig));
} else if (fs.existsSync(__dirname + "/svrjs/config.json")) {
console.log("Modifying SVR.JS configuration...");
let svrjsConfig = JSON.parse(fs.readFileSync(__dirname + "/svrjs/config.json"));
if (!svrjsConfig) svrjsConfig = {};
svrjsConfig.enableDirectoryListing = true;
svrjsConfig.stackHidden = false;
svrjsConfig.exposeServerVersion = true;
svrjsConfig.exposeModsInErrorPages = true;
fs.writeFileSync(__dirname + "/svrjs/svrjs.yaml", JSON.stringify(svrjsConfig, null, 2));
}
console.log("SVR.JS is installed successfully."); console.log("SVR.JS is installed successfully.");
}); });
} }

2
tests/index.test.js
View file

@ -26,7 +26,7 @@ describe("ModSecurity Integration", () => {
localAddress: "127.0.0.1", localAddress: "127.0.0.1",
localPort: 8080 localPort: 8080
}; };
req.headers = {}; req.headers = { Host: "example.com" };
req._readableState = { req._readableState = {
length: 0, length: 0,
ended: true ended: true