From 336ef3990887e50a4351e123d97ef5e07d063506 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 01:23:08 +0800 Subject: [PATCH 01/52] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20CI/CD=20=E5=B7=A5?= =?UTF-8?q?=E4=BD=9C=E6=B5=81=E5=92=8C=20CMake=20=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E4=BB=A5=E6=94=AF=E6=8C=81=20IIS=20=E6=A8=A1=E5=9D=97=E6=9E=84?= =?UTF-8?q?=E5=BB=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/test-ci-windows.yml | 69 ++++++ iis/CMakeLists.txt | 330 ++++++++++++++++++++++++++ iis/vcpkg.json | 9 + 3 files changed, 408 insertions(+) create mode 100644 .github/workflows/test-ci-windows.yml create mode 100644 iis/CMakeLists.txt create mode 100644 iis/vcpkg.json diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml new file mode 100644 index 000000000..7abe75eeb --- /dev/null +++ b/.github/workflows/test-ci-windows.yml @@ -0,0 +1,69 @@ +name: CI/CD for IIS Module + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + build: + runs-on: windows-latest + + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Setup MSYS2 + uses: msys2/setup-msys2@v2 + with: + msystem: UCRT64 + update: true + install: > + git + make + autoconf + automake + libtool + mingw-w64-ucrt-x86_64-gcc + mingw-w64-ucrt-x86_64-pkg-config + + - name: Clone and build ssdeep + shell: msys2 {0} + run: | + git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 + cd ssdeep + autoreconf -i + ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" + make dll + mkdir -p ${{ github.workspace }}/ssdeep-install/bin + mkdir -p ${{ github.workspace }}/ssdeep-install/include + cp fuzzy.dll ${{ github.workspace }}/ssdeep-install/bin/ + cp fuzzy.h ${{ github.workspace }}/ssdeep-install/include/ + cp fuzzy.def ${{ github.workspace }}/ssdeep-install/ + + - name: Configure CMake for IIS Module + run: | + cmake \ + -DAPACHE_ROOT="C:/tools/Apache24" \ + -DSSDEEP_ROOT="${{ github.workspace }}/ssdeep-install" \ + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}/install" \ + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" \ + -DWITH_SSDEEP=ON \ + -DWITH_LUA=ON \ + -DWITH_YAJL=ON \ + -S IIS -B iis/build + + - name: Build IIS Module + shell: pwsh + run: | + cmake --build iis/build --config Release + + # - name: Package IIS Module with WiX + # shell: pwsh + # run: | + # $CURRENT_DIR = "${{ github.workspace }}/iis/wix" + # candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x64 + # light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer-64.msi" \ No newline at end of file diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt new file mode 100644 index 000000000..11ebd1f92 --- /dev/null +++ b/iis/CMakeLists.txt @@ -0,0 +1,330 @@ +cmake_minimum_required(VERSION 3.15) +project(ModSecurityIIS C CXX) + +find_package(LibXml2 CONFIG REQUIRED) +find_package(PCRE2 CONFIG REQUIRED) +find_package(CURL CONFIG REQUIRED) + +# iis/CMakeLists.txt +set(IIS_MODULE_NAME "modsecurityiis") # Name should match the original output + +# Source files for IIS module (reusing Apache sources) +set(IIS_APACHE_SOURCES + ../apache2/mod_security2.c + ../apache2/apache2_config.c + ../apache2/apache2_io.c + ../apache2/apache2_util.c + ../apache2/re.c + ../apache2/re_operators.c + ../apache2/re_actions.c + ../apache2/re_tfns.c + ../apache2/re_variables.c + ../apache2/msc_logging.c + ../apache2/msc_xml.c + ../apache2/msc_multipart.c + ../apache2/modsecurity.c + ../apache2/msc_parsers.c + ../apache2/msc_util.c + ../apache2/msc_pcre.c + ../apache2/persist_dbm.c + ../apache2/msc_reqbody.c + ../apache2/msc_geo.c + ../apache2/msc_gsb.c + ../apache2/msc_crypt.c + ../apache2/msc_tree.c + ../apache2/msc_unicode.c + ../apache2/acmp.c + ../apache2/msc_lua.c + ../apache2/msc_release.c + ../apache2/msc_status_engine.c + ../apache2/msc_remote_rules.c + ../apache2/msc_json.c + ../apache2/libinjection/libinjection_html5.c + ../apache2/libinjection/libinjection_sqli.c + ../apache2/libinjection/libinjection_xss.c +) + +# Source files for standalone components (if they exist in the project) +set(IIS_STANDALONE_SOURCES + ../standalone/api.c + ../standalone/buckets.c + ../standalone/config.c + ../standalone/filters.c + ../standalone/hooks.c + ../standalone/regex.c + ../standalone/server.c +) + +# Source files for IIS-specific components +set(IIS_MODULE_SOURCES + main.cpp + moduleconfig.cpp + mymodule.cpp +) + + +# Determine architecture +if(CMAKE_SIZEOF_VOID_P EQUAL 8) + set(ARCHITECTURE "x64") +else() + set(ARCHITECTURE "x86") +endif() + +# Check if standalone directory exists, if not, exclude those sources +if(NOT EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/../standalone) + set(IIS_STANDALONE_SOURCES "") +endif() + +set(IIS_RESOURCE_MC "${CMAKE_CURRENT_SOURCE_DIR}/ModSecurityIISMessage.mc") + +set(MC_GENERATED_RC "${CMAKE_CURRENT_BINARY_DIR}/ModSecurityIISMessage.rc") +set(MC_GENERATED_H "${CMAKE_CURRENT_BINARY_DIR}/ModSecurityIISMessage.h") +add_custom_command( + OUTPUT ${MC_GENERATED_RC} ${MC_GENERATED_H} + COMMAND mc.exe + ARGS -U -h "${CMAKE_CURRENT_BINARY_DIR}/" -r "${CMAKE_CURRENT_BINARY_DIR}/" "${IIS_RESOURCE_MC}" + DEPENDS "${IIS_RESOURCE_MC}" + COMMENT "Generating resource files from ${IIS_RESOURCE_MC}" + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} +) + +set(MC_GENERATED_RES "${CMAKE_CURRENT_BINARY_DIR}/ModSecurityIISMessage.res") +add_custom_command( + OUTPUT ${MC_GENERATED_RES} + COMMAND rc.exe + ARGS /fo "${MC_GENERATED_RES}" "${MC_GENERATED_RC}" + DEPENDS ${MC_GENERATED_RC} + COMMENT "Building resource file: ${MC_GENERATED_RES}" +) + +set_source_files_properties( + ${MC_GENERATED_RC} + ${MC_GENERATED_H} + ${MC_GENERATED_RES} + PROPERTIES GENERATED TRUE +) + +add_library(${IIS_MODULE_NAME} SHARED + ${IIS_APACHE_SOURCES} + ${IIS_STANDALONE_SOURCES} + ${IIS_MODULE_SOURCES} + ${MC_GENERATED_RES} +) + +# Set the output name and extension +set_target_properties(${IIS_MODULE_NAME} PROPERTIES + OUTPUT_NAME ${IIS_MODULE_NAME} + PREFIX "" + SUFFIX ".dll" +) + +# Include directories +target_include_directories(${IIS_MODULE_NAME} PRIVATE + ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/.. + ${CMAKE_CURRENT_SOURCE_DIR}/../apache2 + ${CMAKE_CURRENT_SOURCE_DIR}/../apache2/libinjection + ${LIBXML2_INCLUDE_DIR}/libxml + ${PCRE_INCLUDE_DIRS} + ${CURL_INCLUDE_DIRS} + ${CMAKE_CURRENT_BINARY_DIR} # 添加构建目录以访问生成的头文件 +) + +# Include standalone directory if it exists +if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/../standalone) + target_include_directories(${IIS_MODULE_NAME} PRIVATE + ${CMAKE_CURRENT_SOURCE_DIR}/../standalone + ) +endif() + +# Apache-specific includes +if(APACHE_ROOT) + target_include_directories(${IIS_MODULE_NAME} PRIVATE + ${APACHE_ROOT}/include + ) +endif() + +# Compile definitions to match the original Makefile.win +set(MODSECURITY_VERSION_FLAG "VERSION_IIS") # Define the version flag string +target_compile_definitions(${IIS_MODULE_NAME} PRIVATE + WIN32 + WINNT + inline=APR_INLINE + AP_DECLARE_STATIC + WITH_CURL + WITH_REMOTE_RULES + MSC_LARGE_STREAM_INPUT + WITH_YAJL + ${MODSECURITY_VERSION_FLAG} # Use the defined version flag +) + +option(WITH_LUA "Enable Lua support" OFF) +# Optional compile definitions +if(WITH_LUA) + find_package(Lua CONFIG REQUIRED) + target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_LUA) + target_include_directories(${IIS_MODULE_NAME} PRIVATE ${LUA_INCLUDE_DIR}) +endif() + +# Default Apache root based on architecture +if(NOT APACHE_ROOT) + if(ARCHITECTURE STREQUAL "x64") + set(APACHE_ROOT "C:/Apache24_x64" CACHE PATH "Path to Apache x64 installation") + else() + set(APACHE_ROOT "C:/Apache24_x86" CACHE PATH "Path to Apache x86 installation") + endif() +endif() + +option(WITH_YAJL "Enable YAJL support" OFF) +if(WITH_YAJL) + # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) + find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/vcpkg_installed/${ARCHITECTURE}-windows/include" + NO_DEFAULT_PATH + ) + find_library(YAJL_LIBRARY NAMES yajl + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/vcpkg_installed/${ARCHITECTURE}-windows/lib" + NO_DEFAULT_PATH + ) + + if(YAJL_INCLUDE_DIR AND YAJL_LIBRARY) + set(YAJL_INCLUDE_DIRS ${YAJL_INCLUDE_DIR}) + set(YAJL_LIBRARIES ${YAJL_LIBRARY}) + target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_YAJL) + target_include_directories(${IIS_MODULE_NAME} PRIVATE ${YAJL_INCLUDE_DIRS}) + else() + message(WARNING "YAJL not found. Please ensure yajl is installed via vcpkg in the iis/vcpkg_installed directory. Disabling YAJL support.") + option(WITH_YAJL "Enable YAJL support" OFF) # Disable if not found + endif() +endif() + +option(WITH_SSDEEP "Enable SSDEEP support" OFF) +if(WITH_SSDEEP) + + set(SSDEEP_ROOT "" CACHE PATH "Path to manually built ssdeep") + if(NOT SSDEEP_ROOT OR NOT EXISTS "${SSDEEP_ROOT}") + message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Please set SSDEEP_ROOT to the ssdeep installation directory. Disabling SSDEEP support.") + set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) + else() + message(STATUS "SSDEEP_ROOT: ${SSDEEP_ROOT}") + + # 查找头文件 + find_path(SSDEEP_INCLUDE_DIR fuzzy.h + PATHS "${SSDEEP_ROOT}/include" + NO_DEFAULT_PATH + ) + + if(SSDEEP_INCLUDE_DIR) + message(STATUS "Found manually built ssdeep include: ${SSDEEP_INCLUDE_DIR}") + target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_SSDEEP) + target_include_directories(${IIS_MODULE_NAME} PRIVATE ${SSDEEP_INCLUDE_DIR}) + + # 检查 fuzzy.def 文件是否存在 + set(SSDEEP_DEF_FILE "${SSDEEP_ROOT}/fuzzy.def") + if(NOT EXISTS "${SSDEEP_DEF_FILE}") + message(WARNING "fuzzy.def not found at ${SSDEEP_DEF_FILE}. Disabling SSDEEP support.") + set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) + else() + set(SSDEEP_GENERATED_LIB "${CMAKE_CURRENT_BINARY_DIR}/fuzzy.lib") + + # 添加自定义命令生成 fuzzy.lib + add_custom_command( + OUTPUT ${SSDEEP_GENERATED_LIB} + COMMAND lib.exe /machine:${ARCHITECTURE} /def:${SSDEEP_DEF_FILE} /out:${SSDEEP_GENERATED_LIB} + DEPENDS "${SSDEEP_DEF_FILE}" + COMMENT "Generating SSDEEP .lib from .def for MSVC" + VERBATIM + ) + + # 确保自定义命令的输出被标记为生成文件 + set_source_files_properties(${SSDEEP_GENERATED_LIB} PROPERTIES GENERATED TRUE) + + # 添加自定义目标确保生成 fuzzy.lib + add_custom_target(generate_ssdeep_lib ALL + DEPENDS ${SSDEEP_GENERATED_LIB} + COMMENT "Ensuring ssdeep lib is generated" + ) + + # 使主目标依赖于 fuzzy.lib 的生成 + add_dependencies(${IIS_MODULE_NAME} generate_ssdeep_lib) + + endif() + else() + message(WARNING "SSDEEP include (fuzzy.h) not found at ${SSDEEP_ROOT}/include. Disabling SSDEEP support.") + set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) + endif() + endif() +endif() + +# Compiler-specific options for MSVC to match the original Makefile.win +if(MSVC) + target_compile_options(${IIS_MODULE_NAME} PRIVATE + /nologo + /O2 + /W3 + /wd4244 + /wd4018 + /MD + /Zi + ) + + # Linker options to match the original Makefile.win + set_target_properties(${IIS_MODULE_NAME} PROPERTIES + LINK_FLAGS "/DEBUG /OPT:REF /OPT:ICF" + ) +endif() + +# Link libraries to match the original Makefile.win +target_link_libraries(${IIS_MODULE_NAME} PRIVATE + LibXml2::LibXml2 + PCRE2::8BIT + CURL::libcurl + kernel32 + user32 + gdi32 + winspool + comdlg32 + advapi32 + shell32 + ole32 + oleaut32 + uuid + odbc32 + odbccp32 + ws2_32 + iphlpapi +) + +# Apache-specific libraries +if(APACHE_ROOT) + target_link_libraries(${IIS_MODULE_NAME} PRIVATE + ${APACHE_ROOT}/lib/libhttpd.lib + ${APACHE_ROOT}/lib/libapr-1.lib + ${APACHE_ROOT}/lib/libaprutil-1.lib + ) +endif() + +# Optional link libraries +if(WITH_LUA) + target_link_libraries(${IIS_MODULE_NAME} PRIVATE ${LUA_LIBRARIES}) +endif() + +if(WITH_YAJL) + target_link_libraries(${IIS_MODULE_NAME} PRIVATE ${YAJL_LIBRARIES}) +endif() + +if(WITH_SSDEEP AND SSDEEP_INCLUDE_DIR AND SSDEEP_GENERATED_LIB) + target_link_libraries(${IIS_MODULE_NAME} PRIVATE ${SSDEEP_GENERATED_LIB}) +else() + message(WARNING "SSDEEP library not found or generated. Disabling SSDEEP support.") + option(WITH_SSDEEP "Enable SSDEEP support" OFF) # Disable if library not found +endif() + +# Install target - copy to release files directory +install(TARGETS ${IIS_MODULE_NAME} + RUNTIME DESTINATION . + LIBRARY DESTINATION . +) + +# Also install the PDB file if it's generated +install(FILES $ DESTINATION . OPTIONAL) \ No newline at end of file diff --git a/iis/vcpkg.json b/iis/vcpkg.json new file mode 100644 index 000000000..55f76ebe8 --- /dev/null +++ b/iis/vcpkg.json @@ -0,0 +1,9 @@ +{ + "dependencies": [ + "curl", + "libxml2", + "lua", + "pcre2", + "yajl" + ] +} \ No newline at end of file From 68483e1a7da3eabcc5d505c998fe57eec724ab54 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 01:33:32 +0800 Subject: [PATCH 02/52] Test CI Windows --- .github/workflows/test-ci-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 7abe75eeb..d31d424b6 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -3,10 +3,10 @@ name: CI/CD for IIS Module on: push: branches: - - main + - v2/test-ci-windows pull_request: branches: - - main + - v2/test-ci-windows jobs: build: From 8769f16380ed284f9478a2b37a62878a01340d10 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 01:39:39 +0800 Subject: [PATCH 03/52] fix powershell --- .github/workflows/test-ci-windows.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index d31d424b6..c61d446de 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -46,14 +46,14 @@ jobs: - name: Configure CMake for IIS Module run: | - cmake \ - -DAPACHE_ROOT="C:/tools/Apache24" \ - -DSSDEEP_ROOT="${{ github.workspace }}/ssdeep-install" \ - -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}/install" \ - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" \ - -DWITH_SSDEEP=ON \ - -DWITH_LUA=ON \ - -DWITH_YAJL=ON \ + cmake ` + -DAPACHE_ROOT="C:/tools/Apache24" ` + -DSSDEEP_ROOT="${{ github.workspace }}/ssdeep-install" ` + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}/install" ` + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" ` + -DWITH_SSDEEP=ON ` + -DWITH_LUA=ON ` + -DWITH_YAJL=ON ` -S IIS -B iis/build - name: Build IIS Module From 18095c0e0b2910cc3e031f87b8faa689d3241cb3 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 02:58:12 +0800 Subject: [PATCH 04/52] test --- .github/workflows/test-ci-windows.yml | 88 ++++++++++----------------- 1 file changed, 33 insertions(+), 55 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index c61d446de..40ee6d194 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,61 +9,39 @@ on: - v2/test-ci-windows jobs: - build: + check-apache-structure: runs-on: windows-latest - + steps: - - name: Checkout code - uses: actions/checkout@v5 - - - name: Setup MSYS2 - uses: msys2/setup-msys2@v2 - with: - msystem: UCRT64 - update: true - install: > - git - make - autoconf - automake - libtool - mingw-w64-ucrt-x86_64-gcc - mingw-w64-ucrt-x86_64-pkg-config - - - name: Clone and build ssdeep - shell: msys2 {0} - run: | - git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 - cd ssdeep - autoreconf -i - ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" - make dll - mkdir -p ${{ github.workspace }}/ssdeep-install/bin - mkdir -p ${{ github.workspace }}/ssdeep-install/include - cp fuzzy.dll ${{ github.workspace }}/ssdeep-install/bin/ - cp fuzzy.h ${{ github.workspace }}/ssdeep-install/include/ - cp fuzzy.def ${{ github.workspace }}/ssdeep-install/ - - - name: Configure CMake for IIS Module - run: | - cmake ` - -DAPACHE_ROOT="C:/tools/Apache24" ` - -DSSDEEP_ROOT="${{ github.workspace }}/ssdeep-install" ` - -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}/install" ` - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" ` - -DWITH_SSDEEP=ON ` - -DWITH_LUA=ON ` - -DWITH_YAJL=ON ` - -S IIS -B iis/build - - - name: Build IIS Module - shell: pwsh + - name: Check Apache24 directory structure run: | - cmake --build iis/build --config Release - - # - name: Package IIS Module with WiX - # shell: pwsh - # run: | - # $CURRENT_DIR = "${{ github.workspace }}/iis/wix" - # candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x64 - # light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer-64.msi" \ No newline at end of file + $apachePath = "C:\tools\Apache24" + + if (Test-Path $apachePath) { + Write-Host "Apache24 directory exists at: $apachePath" + Write-Host "Subdirectories:" + Get-ChildItem -Path $apachePath -Directory | ForEach-Object { + Write-Host " - $($_.Name)" + } + + Write-Host "`nChecking for APR headers in include directory:" + $includePath = Join-Path $apachePath "include" + if (Test-Path $includePath) { + Get-ChildItem -Path $includePath -Filter "apr*.h" | Select-Object -First 10 | ForEach-Object { + Write-Host " - $($_.Name)" + } + + # 特别检查 apr_perms_set.h + $permsSetPath = Join-Path $includePath "apr_perms_set.h" + if (Test-Path $permsSetPath) { + Write-Host "`nFOUND: apr_perms_set.h exists at $permsSetPath" + } else { + Write-Host "`nMISSING: apr_perms_set.h not found in $includePath" + } + } else { + Write-Host " Include directory not found at $includePath" + } + } else { + Write-Host "Apache24 directory does not exist at: $apachePath" + } + shell: pwsh \ No newline at end of file From 5802c016a0e7c81f50498eb9c0e6245c9558025c Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 03:02:34 +0800 Subject: [PATCH 05/52] test again --- .github/workflows/test-ci-windows.yml | 76 +++++++++++++++++++-------- 1 file changed, 55 insertions(+), 21 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 40ee6d194..1ad2a3f34 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,38 +9,72 @@ on: - v2/test-ci-windows jobs: - check-apache-structure: + inspect-apache: runs-on: windows-latest steps: + - name: Check Apache24 bin directory + run: | + $binPath = "C:\tools\Apache24\bin" + Write-Host "=== Apache24 bin Directory Contents ===" + if (Test-Path $binPath) { + Write-Host "Directory exists at: $binPath" + Write-Host "Files and subdirectories:" + Get-ChildItem -Path $binPath -Recurse | ForEach-Object { + if ($_.PSIsContainer) { + Write-Host " [DIR] $($_.FullName)" + } else { + Write-Host " [FILE] $($_.FullName) ($($_.Length) bytes)" + } + } + } else { + Write-Host "Bin directory does not exist at: $binPath" + } + shell: pwsh + + - name: Check Apache24 include directory + run: | + $includePath = "C:\tools\Apache24\include" + Write-Host "=== Apache24 include Directory Contents ===" + if (Test-Path $includePath) { + Write-Host "Directory exists at: $includePath" + Write-Host "Files and subdirectories:" + Get-ChildItem -Path $includePath -Recurse | ForEach-Object { + if ($_.PSIsContainer) { + Write-Host " [DIR] $($_.FullName)" + } else { + Write-Host " [FILE] $($_.FullName) ($($_.Length) bytes)" + } + } + + # 特别检查 APR 头文件 + Write-Host "`n=== APR Header Files ===" + Get-ChildItem -Path $includePath -Filter "apr*.h" -Recurse | ForEach-Object { + Write-Host " $($_.FullName)" + } + + # 检查是否存在 apr_perms_set.h + $permsSetPath = Join-Path $includePath "apr_perms_set.h" + if (Test-Path $permsSetPath) { + Write-Host "`nFOUND: apr_perms_set.h exists at $permsSetPath" + } else { + Write-Host "`nMISSING: apr_perms_set.h not found in $includePath" + } + } else { + Write-Host "Include directory does not exist at: $includePath" + } + shell: pwsh + - name: Check Apache24 directory structure run: | $apachePath = "C:\tools\Apache24" - + Write-Host "=== Apache24 Overall Structure ===" if (Test-Path $apachePath) { Write-Host "Apache24 directory exists at: $apachePath" - Write-Host "Subdirectories:" + Write-Host "Top-level directories:" Get-ChildItem -Path $apachePath -Directory | ForEach-Object { Write-Host " - $($_.Name)" } - - Write-Host "`nChecking for APR headers in include directory:" - $includePath = Join-Path $apachePath "include" - if (Test-Path $includePath) { - Get-ChildItem -Path $includePath -Filter "apr*.h" | Select-Object -First 10 | ForEach-Object { - Write-Host " - $($_.Name)" - } - - # 特别检查 apr_perms_set.h - $permsSetPath = Join-Path $includePath "apr_perms_set.h" - if (Test-Path $permsSetPath) { - Write-Host "`nFOUND: apr_perms_set.h exists at $permsSetPath" - } else { - Write-Host "`nMISSING: apr_perms_set.h not found in $includePath" - } - } else { - Write-Host " Include directory not found at $includePath" - } } else { Write-Host "Apache24 directory does not exist at: $apachePath" } From 84425206e8536890fd0829b7cb48877e84d55ec5 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 03:58:12 +0800 Subject: [PATCH 06/52] test 3 --- .github/workflows/test-ci-windows.yml | 107 +++++++++++--------------- iis/CMakeLists.txt | 29 ++++--- 2 files changed, 58 insertions(+), 78 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 1ad2a3f34..3f792e086 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,73 +9,54 @@ on: - v2/test-ci-windows jobs: - inspect-apache: + build: runs-on: windows-latest - + steps: - - name: Check Apache24 bin directory + - name: Create test files (MSYS2) + uses: msys2/setup-msys2@v2 + shell: msys2 {0} run: | - $binPath = "C:\tools\Apache24\bin" - Write-Host "=== Apache24 bin Directory Contents ===" - if (Test-Path $binPath) { - Write-Host "Directory exists at: $binPath" - Write-Host "Files and subdirectories:" - Get-ChildItem -Path $binPath -Recurse | ForEach-Object { - if ($_.PSIsContainer) { - Write-Host " [DIR] $($_.FullName)" - } else { - Write-Host " [FILE] $($_.FullName) ($($_.Length) bytes)" - } - } - } else { - Write-Host "Bin directory does not exist at: $binPath" - } - shell: pwsh - - - name: Check Apache24 include directory + # 创建测试目录和文件 + mkdir -p test-files + echo "This is a test file" > test-files/test.txt + echo "fuzzy definition file" > test-files/fuzzy.def + + # 复制到工作区目录 + mkdir -p ${{ github.workspace }}/artifacts + cp -r test-files/* ${{ github.workspace }}/artifacts/ + + # 验证文件已复制 + echo "Files in artifacts directory:" + ls -la ${{ github.workspace }}/artifacts/ + + - name: Verify file transfer (PowerShell) + shell: powershell run: | - $includePath = "C:\tools\Apache24\include" - Write-Host "=== Apache24 include Directory Contents ===" - if (Test-Path $includePath) { - Write-Host "Directory exists at: $includePath" - Write-Host "Files and subdirectories:" - Get-ChildItem -Path $includePath -Recurse | ForEach-Object { - if ($_.PSIsContainer) { - Write-Host " [DIR] $($_.FullName)" - } else { - Write-Host " [FILE] $($_.FullName) ($($_.Length) bytes)" - } - } - - # 特别检查 APR 头文件 - Write-Host "`n=== APR Header Files ===" - Get-ChildItem -Path $includePath -Filter "apr*.h" -Recurse | ForEach-Object { - Write-Host " $($_.FullName)" - } - - # 检查是否存在 apr_perms_set.h - $permsSetPath = Join-Path $includePath "apr_perms_set.h" - if (Test-Path $permsSetPath) { - Write-Host "`nFOUND: apr_perms_set.h exists at $permsSetPath" - } else { - Write-Host "`nMISSING: apr_perms_set.h not found in $includePath" - } + Write-Host "Checking transferred files in PowerShell:" + Get-ChildItem -Path "${{ github.workspace }}\artifacts" -Recurse + + # 验证文件内容 + Write-Host "Content of test.txt:" + Get-Content "${{ github.workspace }}\artifacts\test.txt" + + Write-Host "Content of fuzzy.def:" + Get-Content "${{ github.workspace }}\artifacts\fuzzy.def" + + # 检查文件是否存在 + $testFile = "${{ github.workspace }}\artifacts\test.txt" + $fuzzyFile = "${{ github.workspace }}\artifacts\fuzzy.def" + + if (Test-Path $testFile -PathType Leaf) { + Write-Host "✓ test.txt successfully transferred" } else { - Write-Host "Include directory does not exist at: $includePath" + Write-Host "✗ test.txt not found" + exit 1 } - shell: pwsh - - - name: Check Apache24 directory structure - run: | - $apachePath = "C:\tools\Apache24" - Write-Host "=== Apache24 Overall Structure ===" - if (Test-Path $apachePath) { - Write-Host "Apache24 directory exists at: $apachePath" - Write-Host "Top-level directories:" - Get-ChildItem -Path $apachePath -Directory | ForEach-Object { - Write-Host " - $($_.Name)" - } + + if (Test-Path $fuzzyFile -PathType Leaf) { + Write-Host "✓ fuzzy.def successfully transferred" } else { - Write-Host "Apache24 directory does not exist at: $apachePath" - } - shell: pwsh \ No newline at end of file + Write-Host "✗ fuzzy.def not found" + exit 1 + } \ No newline at end of file diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index 11ebd1f92..a5c6d82bd 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -4,6 +4,7 @@ project(ModSecurityIIS C CXX) find_package(LibXml2 CONFIG REQUIRED) find_package(PCRE2 CONFIG REQUIRED) find_package(CURL CONFIG REQUIRED) +find_package(APR CONFIG REQUIRED) # iis/CMakeLists.txt set(IIS_MODULE_NAME "modsecurityiis") # Name should match the original output @@ -125,9 +126,10 @@ target_include_directories(${IIS_MODULE_NAME} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../apache2 ${CMAKE_CURRENT_SOURCE_DIR}/../apache2/libinjection ${LIBXML2_INCLUDE_DIR}/libxml - ${PCRE_INCLUDE_DIRS} + ${PCRE2_INCLUDE_DIRS} ${CURL_INCLUDE_DIRS} - ${CMAKE_CURRENT_BINARY_DIR} # 添加构建目录以访问生成的头文件 + ${APR_INCLUDE_DIRS} + ${CMAKE_CURRENT_BINARY_DIR} ) # Include standalone directory if it exists @@ -139,6 +141,12 @@ endif() # Apache-specific includes if(APACHE_ROOT) + if(NOT EXISTS "${APACHE_ROOT}") + message(FATAL_ERROR "APACHE_ROOT is defined but the directory '${APACHE_ROOT}' does not exist. Please set APACHE_ROOT to a valid Apache installation directory.") + endif() + if(NOT EXISTS "${APACHE_ROOT}/lib") + message(FATAL_ERROR "APACHE_ROOT/lib directory does not exist. Expected: '${APACHE_ROOT}/lib'. Please ensure Apache libraries are available.") + endif() target_include_directories(${IIS_MODULE_NAME} PRIVATE ${APACHE_ROOT}/include ) @@ -166,24 +174,15 @@ if(WITH_LUA) target_include_directories(${IIS_MODULE_NAME} PRIVATE ${LUA_INCLUDE_DIR}) endif() -# Default Apache root based on architecture -if(NOT APACHE_ROOT) - if(ARCHITECTURE STREQUAL "x64") - set(APACHE_ROOT "C:/Apache24_x64" CACHE PATH "Path to Apache x64 installation") - else() - set(APACHE_ROOT "C:/Apache24_x86" CACHE PATH "Path to Apache x86 installation") - endif() -endif() - option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/vcpkg_installed/${ARCHITECTURE}-windows/include" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH ) find_library(YAJL_LIBRARY NAMES yajl - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/vcpkg_installed/${ARCHITECTURE}-windows/lib" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/lib" NO_DEFAULT_PATH ) @@ -193,7 +192,7 @@ if(WITH_YAJL) target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_YAJL) target_include_directories(${IIS_MODULE_NAME} PRIVATE ${YAJL_INCLUDE_DIRS}) else() - message(WARNING "YAJL not found. Please ensure yajl is installed via vcpkg in the iis/vcpkg_installed directory. Disabling YAJL support.") + message(WARNING "YAJL not found. YAJL_INCLUDE_DIR: '${YAJL_INCLUDE_DIR}', YAJL_LIBRARY: '${YAJL_LIBRARY}'. Please ensure yajl is installed via vcpkg in the vcpkg_installed directory. Disabling YAJL support.") option(WITH_YAJL "Enable YAJL support" OFF) # Disable if not found endif() endif() @@ -203,7 +202,7 @@ if(WITH_SSDEEP) set(SSDEEP_ROOT "" CACHE PATH "Path to manually built ssdeep") if(NOT SSDEEP_ROOT OR NOT EXISTS "${SSDEEP_ROOT}") - message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Please set SSDEEP_ROOT to the ssdeep installation directory. Disabling SSDEEP support.") + message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Current SSDEEP_ROOT: '${SSDEEP_ROOT}'. Please set SSDEEP_ROOT to the ssdeep installation directory. Disabling SSDEEP support.") set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) else() message(STATUS "SSDEEP_ROOT: ${SSDEEP_ROOT}") From 0e2b4b92547e78d653625a9787c9b94c81d38fdc Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 04:01:10 +0800 Subject: [PATCH 07/52] test workflow_dispatch --- .github/workflows/test-ci-windows.yml | 96 ++++++++++++++------------- 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 3f792e086..40d7819d3 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -1,62 +1,68 @@ -name: CI/CD for IIS Module +name: File Generation and Reading Test on: - push: - branches: - - v2/test-ci-windows - pull_request: - branches: - - v2/test-ci-windows + workflow_dispatch: # 允许手动触发 jobs: - build: - runs-on: windows-latest - - steps: - - name: Create test files (MSYS2) - uses: msys2/setup-msys2@v2 - shell: msys2 {0} - run: | - # 创建测试目录和文件 - mkdir -p test-files - echo "This is a test file" > test-files/test.txt - echo "fuzzy definition file" > test-files/fuzzy.def - - # 复制到工作区目录 - mkdir -p ${{ github.workspace }}/artifacts - cp -r test-files/* ${{ github.workspace }}/artifacts/ - - # 验证文件已复制 - echo "Files in artifacts directory:" - ls -la ${{ github.workspace }}/artifacts/ + file-test: + runs-on: windows-latest # 使用 Windows 运行器 - - name: Verify file transfer (PowerShell) + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Generate test files (Step 1) shell: powershell run: | - Write-Host "Checking transferred files in PowerShell:" - Get-ChildItem -Path "${{ github.workspace }}\artifacts" -Recurse + # 创建工作目录 + $testDir = "${{ github.workspace }}\test-files" + New-Item -ItemType Directory -Path $testDir -Force - # 验证文件内容 - Write-Host "Content of test.txt:" - Get-Content "${{ github.workspace }}\artifacts\test.txt" + # 创建几个测试文件 + "This is a test content for file1.txt" | Out-File -FilePath "$testDir\file1.txt" + "fuzzy.def test content" | Out-File -FilePath "$testDir\fuzzy.def" - Write-Host "Content of fuzzy.def:" - Get-Content "${{ github.workspace }}\artifacts\fuzzy.def" + # 创建一个包含文件列表的 JSON 文件 + $files = Get-ChildItem -Path $testDir + $fileInfo = @() + foreach ($file in $files) { + $fileInfo += @{ + Name = $file.Name + Path = $file.FullName + Size = $file.Length + LastWriteTime = $file.LastWriteTime.ToString("yyyy-MM-dd HH:mm:ss") + } + } + $fileInfo | ConvertTo-Json | Out-File -FilePath "$testDir\files.json" - # 检查文件是否存在 - $testFile = "${{ github.workspace }}\artifacts\test.txt" - $fuzzyFile = "${{ github.workspace }}\artifacts\fuzzy.def" + # 输出生成的文件信息 + Write-Host "Generated files:" + Get-ChildItem -Path $testDir | Format-Table Name, Length - if (Test-Path $testFile -PathType Leaf) { - Write-Host "✓ test.txt successfully transferred" - } else { - Write-Host "✗ test.txt not found" + - name: Read test files (Step 2) + shell: powershell + run: | + $testDir = "${{ github.workspace }}\test-files" + + # 检查目录是否存在 + if (-not (Test-Path -Path $testDir)) { + Write-Error "Test directory does not exist!" exit 1 } - if (Test-Path $fuzzyFile -PathType Leaf) { - Write-Host "✓ fuzzy.def successfully transferred" + # 读取文件列表 + $filesJson = Get-Content -Path "$testDir\files.json" -Raw | ConvertFrom-Json + Write-Host "Files found:" + $filesJson | Format-Table Name, Size + + # 读取特定文件内容 + Write-Host "Content of fuzzy.def:" + Get-Content -Path "$testDir\fuzzy.def" + + # 验证文件存在 + if (Test-Path -Path "$testDir\fuzzy.def") { + Write-Host "SUCCESS: fuzzy.def file exists and is accessible!" } else { - Write-Host "✗ fuzzy.def not found" + Write-Error "ERROR: fuzzy.def file not found!" exit 1 } \ No newline at end of file From 45c151482b32dbcd630fa4fb67dc9e7b117a4752 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 04:04:24 +0800 Subject: [PATCH 08/52] ........ --- .github/workflows/test-ci-windows.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 40d7819d3..31bc08f51 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -1,7 +1,13 @@ name: File Generation and Reading Test on: - workflow_dispatch: # 允许手动触发 + push: + branches: + - v2/test-ci-windows + pull_request: + branches: + - v2/test-ci-windows + jobs: file-test: From 85f60f40433f540d7577d7f7af5d2ca025e04cc9 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 04:11:29 +0800 Subject: [PATCH 09/52] here we go again --- .github/workflows/test-ci-windows.yml | 117 ++++++++++++-------------- 1 file changed, 56 insertions(+), 61 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 31bc08f51..d5c41050f 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -1,4 +1,4 @@ -name: File Generation and Reading Test +name: CI/CD for IIS Module on: push: @@ -8,67 +8,62 @@ on: branches: - v2/test-ci-windows - jobs: - file-test: - runs-on: windows-latest # 使用 Windows 运行器 - + build: + runs-on: windows-latest + steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Generate test files (Step 1) - shell: powershell + - name: Checkout code + uses: actions/checkout@v5 + + - name: Setup MSYS2 + uses: msys2/setup-msys2@v2 + with: + msystem: UCRT64 + update: true + install: > + git + make + autoconf + automake + libtool + mingw-w64-ucrt-x86_64-gcc + mingw-w64-ucrt-x86_64-pkg-config + + - name: Clone and build ssdeep + shell: msys2 {0} run: | - # 创建工作目录 - $testDir = "${{ github.workspace }}\test-files" - New-Item -ItemType Directory -Path $testDir -Force - - # 创建几个测试文件 - "This is a test content for file1.txt" | Out-File -FilePath "$testDir\file1.txt" - "fuzzy.def test content" | Out-File -FilePath "$testDir\fuzzy.def" - - # 创建一个包含文件列表的 JSON 文件 - $files = Get-ChildItem -Path $testDir - $fileInfo = @() - foreach ($file in $files) { - $fileInfo += @{ - Name = $file.Name - Path = $file.FullName - Size = $file.Length - LastWriteTime = $file.LastWriteTime.ToString("yyyy-MM-dd HH:mm:ss") - } - } - $fileInfo | ConvertTo-Json | Out-File -FilePath "$testDir\files.json" - - # 输出生成的文件信息 - Write-Host "Generated files:" - Get-ChildItem -Path $testDir | Format-Table Name, Length - - - name: Read test files (Step 2) - shell: powershell + git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 + cd ssdeep + autoreconf -i + ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" + make dll + mkdir -p ${{ github.workspace }}/ssdeep-install/bin + mkdir -p ${{ github.workspace }}/ssdeep-install/include + cp fuzzy.dll ${{ github.workspace }}/ssdeep-install/bin/ + cp fuzzy.h ${{ github.workspace }}/ssdeep-install/include/ + cp fuzzy.def ${{ github.workspace }}/ssdeep-install/ + + - name: Configure CMake for IIS Module + run: | + cmake ` + -DAPACHE_ROOT="C:\tools\Apache24" ` + -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` + -DCMAKE_TOOLCHAIN_FILE="${{ github.workspace }}\vcpkg\scripts\buildsystems\vcpkg.cmake" ` + -DWITH_SSDEEP=ON ` + -DWITH_LUA=ON ` + -DWITH_YAJL=ON ` + -S IIS -B iis\build + + - name: Build IIS Module + shell: pwsh run: | - $testDir = "${{ github.workspace }}\test-files" - - # 检查目录是否存在 - if (-not (Test-Path -Path $testDir)) { - Write-Error "Test directory does not exist!" - exit 1 - } - - # 读取文件列表 - $filesJson = Get-Content -Path "$testDir\files.json" -Raw | ConvertFrom-Json - Write-Host "Files found:" - $filesJson | Format-Table Name, Size - - # 读取特定文件内容 - Write-Host "Content of fuzzy.def:" - Get-Content -Path "$testDir\fuzzy.def" - - # 验证文件存在 - if (Test-Path -Path "$testDir\fuzzy.def") { - Write-Host "SUCCESS: fuzzy.def file exists and is accessible!" - } else { - Write-Error "ERROR: fuzzy.def file not found!" - exit 1 - } \ No newline at end of file + cmake --build iis\build --config Release + + # - name: Package IIS Module with WiX + # shell: pwsh + # run: | + # $CURRENT_DIR = "${{ github.workspace }}/iis/wix" + # candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x64 + # light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer-64.msi" \ No newline at end of file From 952ac5f2553611aefafbdc218ca09f18367a8142 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 04:25:15 +0800 Subject: [PATCH 10/52] da.n --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index d5c41050f..3f091aaa5 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -50,7 +50,7 @@ jobs: -DAPACHE_ROOT="C:\tools\Apache24" ` -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` - -DCMAKE_TOOLCHAIN_FILE="${{ github.workspace }}\vcpkg\scripts\buildsystems\vcpkg.cmake" ` + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\vcpkg\scripts\buildsystems\vcpkg.cmake" ` -DWITH_SSDEEP=ON ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` From 53bcd8328155dd440d7017351d66bc570f470d27 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 04:28:37 +0800 Subject: [PATCH 11/52] my bad --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 3f091aaa5..eb6d534e0 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -50,7 +50,7 @@ jobs: -DAPACHE_ROOT="C:\tools\Apache24" ` -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\vcpkg\scripts\buildsystems\vcpkg.cmake" ` + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` -DWITH_SSDEEP=ON ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` From dc7fcdcf70bedfb578758707318076be5e42bba7 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 04:54:08 +0800 Subject: [PATCH 12/52] forget json --- iis/vcpkg.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iis/vcpkg.json b/iis/vcpkg.json index 55f76ebe8..3abb499b3 100644 --- a/iis/vcpkg.json +++ b/iis/vcpkg.json @@ -4,6 +4,7 @@ "libxml2", "lua", "pcre2", - "yajl" + "yajl", + "apr" ] } \ No newline at end of file From 3eafb4e9df5f92f28274c32ed47cc4b4058e3735 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 15:37:07 +0800 Subject: [PATCH 13/52] tt --- .github/workflows/test-ci-windows.yml | 37 ++++++++++++++------------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index eb6d534e0..6f83140a7 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -40,26 +40,27 @@ jobs: make dll mkdir -p ${{ github.workspace }}/ssdeep-install/bin mkdir -p ${{ github.workspace }}/ssdeep-install/include - cp fuzzy.dll ${{ github.workspace }}/ssdeep-install/bin/ - cp fuzzy.h ${{ github.workspace }}/ssdeep-install/include/ - cp fuzzy.def ${{ github.workspace }}/ssdeep-install/ + cp -v fuzzy.dll ${{ github.workspace }}/ssdeep-install/bin/ + cp -v fuzzy.h ${{ github.workspace }}/ssdeep-install/include/ + cp -v fuzzy.def ${{ github.workspace }}/ssdeep-install/ - - name: Configure CMake for IIS Module - run: | - cmake ` - -DAPACHE_ROOT="C:\tools\Apache24" ` - -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` - -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` - -DWITH_SSDEEP=ON ` - -DWITH_LUA=ON ` - -DWITH_YAJL=ON ` - -S IIS -B iis\build + # - name: Configure CMake for IIS Module + # run: | + # Test-Path "${{ github.workspace }}\ssdeep-install\bin\fuzzy.dll" + # cmake ` + # -DAPACHE_ROOT="C:\tools\Apache24" ` + # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` + # -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` + # -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` + # -DWITH_SSDEEP=ON ` + # -DWITH_LUA=ON ` + # -DWITH_YAJL=ON ` + # -S IIS -B iis\build - - name: Build IIS Module - shell: pwsh - run: | - cmake --build iis\build --config Release + # - name: Build IIS Module + # shell: pwsh + # run: | + # cmake --build iis\build --config Release # - name: Package IIS Module with WiX # shell: pwsh From 87ae85f8cae0551ae298e6da45f9d8232ad19acf Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 15:45:22 +0800 Subject: [PATCH 14/52] again! --- .github/workflows/test-ci-windows.yml | 45 ++++++++++++++------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 6f83140a7..3f7564d9c 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -33,34 +33,37 @@ jobs: - name: Clone and build ssdeep shell: msys2 {0} run: | + MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') + echo "Converted workspace path: $MSYS2_WORKSPACE" + git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 cd ssdeep autoreconf -i ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" make dll - mkdir -p ${{ github.workspace }}/ssdeep-install/bin - mkdir -p ${{ github.workspace }}/ssdeep-install/include - cp -v fuzzy.dll ${{ github.workspace }}/ssdeep-install/bin/ - cp -v fuzzy.h ${{ github.workspace }}/ssdeep-install/include/ - cp -v fuzzy.def ${{ github.workspace }}/ssdeep-install/ - # - name: Configure CMake for IIS Module - # run: | - # Test-Path "${{ github.workspace }}\ssdeep-install\bin\fuzzy.dll" - # cmake ` - # -DAPACHE_ROOT="C:\tools\Apache24" ` - # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` - # -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` - # -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` - # -DWITH_SSDEEP=ON ` - # -DWITH_LUA=ON ` - # -DWITH_YAJL=ON ` - # -S IIS -B iis\build + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/bin + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/include + cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/bin/ + cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/ + cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/ - # - name: Build IIS Module - # shell: pwsh - # run: | - # cmake --build iis\build --config Release + - name: Configure CMake for IIS Module + run: | + cmake ` + -DAPACHE_ROOT="C:\tools\Apache24" ` + -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` + -DWITH_SSDEEP=ON ` + -DWITH_LUA=ON ` + -DWITH_YAJL=ON ` + -S IIS -B iis\build + + - name: Build IIS Module + shell: pwsh + run: | + cmake --build iis\build --config Release # - name: Package IIS Module with WiX # shell: pwsh From 5977c8c8d2f67304ebd320562e54b80e161d8445 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 15:49:10 +0800 Subject: [PATCH 15/52] fffff --- .github/workflows/test-ci-windows.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 3f7564d9c..d86ecf861 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -42,11 +42,11 @@ jobs: ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" make dll - mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/bin - mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/include - cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/bin/ - cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/ - cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/ + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/bin" + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/include" + cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/bin/" + cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/" + cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/" - name: Configure CMake for IIS Module run: | From c432a6a8956f46fbeb77d69a8d25c8cef2dd99ea Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Fri, 19 Sep 2025 16:54:55 +0800 Subject: [PATCH 16/52] vcpkg Caching --- .github/workflows/test-ci-windows.yml | 15 +++++++++++++++ iis/CMakeLists.txt | 3 +++ 2 files changed, 18 insertions(+) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index d86ecf861..f13f60f90 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -11,6 +11,11 @@ on: jobs: build: runs-on: windows-latest + + # For Caching + permissions: + actions: read + contents: read steps: - name: Checkout code @@ -48,7 +53,17 @@ jobs: cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/" cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/" + - name: Restore vcpkg cache + id: vcpkg-cache + uses: TAServers/vcpkg-cache@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + prefix: vcpkg-iis-module/ + - name: Configure CMake for IIS Module + env: + VCPKG_FEATURE_FLAGS: "binarycaching" + VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" run: | cmake ` -DAPACHE_ROOT="C:\tools\Apache24" ` diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index a5c6d82bd..428cc80c7 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -1,4 +1,7 @@ cmake_minimum_required(VERSION 3.15) + +set(VCPKG_BUILD_TYPE release) + project(ModSecurityIIS C CXX) find_package(LibXml2 CONFIG REQUIRED) From 4662e7581d5dbe6e5eea4c645bb413c476b06efa Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 00:39:35 +0800 Subject: [PATCH 17/52] change target --- iis/CMakeLists.txt | 84 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index 428cc80c7..0de10bd93 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -1,7 +1,5 @@ cmake_minimum_required(VERSION 3.15) -set(VCPKG_BUILD_TYPE release) - project(ModSecurityIIS C CXX) find_package(LibXml2 CONFIG REQUIRED) @@ -150,6 +148,27 @@ if(APACHE_ROOT) if(NOT EXISTS "${APACHE_ROOT}/lib") message(FATAL_ERROR "APACHE_ROOT/lib directory does not exist. Expected: '${APACHE_ROOT}/lib'. Please ensure Apache libraries are available.") endif() + + # Create imported targets for Apache libraries + add_library(Apache::httpd SHARED IMPORTED) + set_target_properties(Apache::httpd PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${APACHE_ROOT}/include" + IMPORTED_IMPLIB "${APACHE_ROOT}/lib/libhttpd.lib" + IMPORTED_LOCATION "${APACHE_ROOT}/bin/libhttpd.dll" + ) + + add_library(Apache::apr SHARED IMPORTED) + set_target_properties(Apache::apr PROPERTIES + IMPORTED_IMPLIB "${APACHE_ROOT}/lib/libapr-1.lib" + IMPORTED_LOCATION "${APACHE_ROOT}/bin/libapr-1.dll" + ) + + add_library(Apache::aprutil SHARED IMPORTED) + set_target_properties(Apache::aprutil PROPERTIES + IMPORTED_IMPLIB "${APACHE_ROOT}/lib/libaprutil-1.lib" + IMPORTED_LOCATION "${APACHE_ROOT}/bin/libaprutil-1.dll" + ) + target_include_directories(${IIS_MODULE_NAME} PRIVATE ${APACHE_ROOT}/include ) @@ -228,6 +247,7 @@ if(WITH_SSDEEP) set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) else() set(SSDEEP_GENERATED_LIB "${CMAKE_CURRENT_BINARY_DIR}/fuzzy.lib") + set(SSDEEP_GENERATED_dll "${CMAKE_CURRENT_BINARY_DIR}/bin/fuzzy.dll") # 添加自定义命令生成 fuzzy.lib add_custom_command( @@ -250,7 +270,14 @@ if(WITH_SSDEEP) # 使主目标依赖于 fuzzy.lib 的生成 add_dependencies(${IIS_MODULE_NAME} generate_ssdeep_lib) - endif() + add_library(SSDEEP::fuzzy SHARED IMPORTED) + set_target_properties(SSDEEP::fuzzy PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${SSDEEP_INCLUDE_DIR}" + IMPORTED_LOCATION "${SSDEEP_GENERATED_dll}" + IMPORTED_IMPLIB "${SSDEEP_GENERATED_LIB}" + ) + + endif() else() message(WARNING "SSDEEP include (fuzzy.h) not found at ${SSDEEP_ROOT}/include. Disabling SSDEEP support.") set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) @@ -300,10 +327,12 @@ target_link_libraries(${IIS_MODULE_NAME} PRIVATE # Apache-specific libraries if(APACHE_ROOT) target_link_libraries(${IIS_MODULE_NAME} PRIVATE - ${APACHE_ROOT}/lib/libhttpd.lib - ${APACHE_ROOT}/lib/libapr-1.lib - ${APACHE_ROOT}/lib/libaprutil-1.lib + Apache::httpd + Apache::apr + Apache::aprutil ) +else() + message(WARNING "APACHE_ROOT is not defined or path does not exist. Current APACHE_ROOT: '${APACHE_ROOT}'. Please set APACHE_ROOT to the Apache installation directory.") endif() # Optional link libraries @@ -316,17 +345,58 @@ if(WITH_YAJL) endif() if(WITH_SSDEEP AND SSDEEP_INCLUDE_DIR AND SSDEEP_GENERATED_LIB) - target_link_libraries(${IIS_MODULE_NAME} PRIVATE ${SSDEEP_GENERATED_LIB}) + target_link_libraries(${IIS_MODULE_NAME} PRIVATE SSDEEP::fuzzy) else() message(WARNING "SSDEEP library not found or generated. Disabling SSDEEP support.") option(WITH_SSDEEP "Enable SSDEEP support" OFF) # Disable if library not found endif() +if(APACHE_ROOT AND EXISTS "${APACHE_ROOT}/bin") + add_custom_command(TARGET ${IIS_MODULE_NAME} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + "${APACHE_ROOT}/bin/libhttpd.dll" + $ + COMMAND ${CMAKE_COMMAND} -E copy_if_different + "${APACHE_ROOT}/bin/libaprutil-1.dll" + $ + COMMENT "Copying Apache DLLs to output directory" + ) +else() + message(WARNING "APACHE_ROOT is not defined or path does not exist. Current APACHE_ROOT: '${APACHE_ROOT}'. Please set APACHE_ROOT to the Apache installation directory.") +endif() + +if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/bin/fuzzy.dll") + add_custom_command(TARGET ${IIS_MODULE_NAME} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + "${SSDEEP_ROOT}/bin/fuzzy.dll" + $ + COMMENT "Copying SSDEEP DLL to output directory" + ) +else() + message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Current SSDEEP_ROOT: '${SSDEEP_ROOT}'. Please set SSDEEP_ROOT to the SSDEEP installation directory.") +endif() + + # Install target - copy to release files directory install(TARGETS ${IIS_MODULE_NAME} RUNTIME DESTINATION . LIBRARY DESTINATION . ) +if(APACHE_ROOT AND EXISTS "${APACHE_ROOT}/bin") + install(FILES + "${APACHE_ROOT}/bin/libhttpd.dll" + "${APACHE_ROOT}/bin/libaprutil-1.dll" + DESTINATION . + ) +endif() + +if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/bin/fuzzy.dll") + install(FILES + "${SSDEEP_ROOT}/bin/fuzzy.dll" + DESTINATION . + ) +endif() + # Also install the PDB file if it's generated install(FILES $ DESTINATION . OPTIONAL) \ No newline at end of file From 9165787ae616a27638ef7806b7db83c348266bbc Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 19:27:22 +0800 Subject: [PATCH 18/52] Test winget availability --- .github/workflows/test-ci-windows.yml | 148 +++++++++++++++----------- 1 file changed, 87 insertions(+), 61 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index f13f60f90..fbbd6368a 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,76 +9,102 @@ on: - v2/test-ci-windows jobs: - build: - runs-on: windows-latest + test-winget: + name: Test winget availability + runs-on: windows-latest # 使用最新的 Windows Server 运行器 - # For Caching - permissions: - actions: read - contents: read - steps: - - name: Checkout code - uses: actions/checkout@v5 + - name: Check if winget is installed + run: | + # 检查 winget 是否可用 + winget --version + if ($LASTEXITCODE -eq 0) { + Write-Host "✅ winget is installed and working correctly" + } else { + Write-Error "❌ winget is not available or not functioning properly" + exit 1 + } + shell: pwsh # 使用 PowerShell 作为 shell + + - name: Optional - List installed packages (if winget is available) + if: success() + run: | + # 列出已安装的包以验证 winget 功能 + winget list --name "Microsoft Visual C++" + Write-Host "winget functionality verified successfully" + shell: pwsh + +# jobs: +# build: +# runs-on: windows-latest + +# # For Caching +# permissions: +# actions: read +# contents: read - - name: Setup MSYS2 - uses: msys2/setup-msys2@v2 - with: - msystem: UCRT64 - update: true - install: > - git - make - autoconf - automake - libtool - mingw-w64-ucrt-x86_64-gcc - mingw-w64-ucrt-x86_64-pkg-config +# steps: +# - name: Checkout code +# uses: actions/checkout@v5 - - name: Clone and build ssdeep - shell: msys2 {0} - run: | - MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') - echo "Converted workspace path: $MSYS2_WORKSPACE" +# - name: Setup MSYS2 +# uses: msys2/setup-msys2@v2 +# with: +# msystem: UCRT64 +# update: true +# install: > +# git +# make +# autoconf +# automake +# libtool +# mingw-w64-ucrt-x86_64-gcc +# mingw-w64-ucrt-x86_64-pkg-config - git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 - cd ssdeep - autoreconf -i - ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" - make dll +# - name: Clone and build ssdeep +# shell: msys2 {0} +# run: | +# MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') +# echo "Converted workspace path: $MSYS2_WORKSPACE" - mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/bin" - mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/include" - cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/bin/" - cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/" - cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/" +# git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 +# cd ssdeep +# autoreconf -i +# ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" +# make dll - - name: Restore vcpkg cache - id: vcpkg-cache - uses: TAServers/vcpkg-cache@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - prefix: vcpkg-iis-module/ +# mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/bin" +# mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/include" +# cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/bin/" +# cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/" +# cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/" - - name: Configure CMake for IIS Module - env: - VCPKG_FEATURE_FLAGS: "binarycaching" - VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" - run: | - cmake ` - -DAPACHE_ROOT="C:\tools\Apache24" ` - -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` - -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` - -DWITH_SSDEEP=ON ` - -DWITH_LUA=ON ` - -DWITH_YAJL=ON ` - -S IIS -B iis\build +# - name: Restore vcpkg cache +# id: vcpkg-cache +# uses: TAServers/vcpkg-cache@v3 +# with: +# token: ${{ secrets.GITHUB_TOKEN }} +# prefix: vcpkg-iis-module/ - - name: Build IIS Module - shell: pwsh - run: | - cmake --build iis\build --config Release +# - name: Configure CMake for IIS Module +# env: +# VCPKG_FEATURE_FLAGS: "binarycaching" +# VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" +# run: | +# cmake ` +# -DAPACHE_ROOT="C:\tools\Apache24" ` +# -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` +# -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` +# -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` +# -DWITH_SSDEEP=ON ` +# -DWITH_LUA=ON ` +# -DWITH_YAJL=ON ` +# -S IIS -B iis\build + +# - name: Build IIS Module +# shell: pwsh +# run: | +# cmake --build iis\build --config Release # - name: Package IIS Module with WiX # shell: pwsh From 44813cb4296444f1b6522ac3f2f8b46fe76eb5df Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 21:35:26 +0800 Subject: [PATCH 19/52] test x86 --- .github/workflows/test-ci-windows.yml | 181 +++++++++++++------------- 1 file changed, 94 insertions(+), 87 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index fbbd6368a..7cfa05903 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,106 +9,113 @@ on: - v2/test-ci-windows jobs: - test-winget: - name: Test winget availability - runs-on: windows-latest # 使用最新的 Windows Server 运行器 + build: + strategy: + matrix: + arch: [x86, x64] + runs-on: windows-latest + # For Caching + permissions: + actions: read + contents: read + steps: - - name: Check if winget is installed - run: | - # 检查 winget 是否可用 - winget --version - if ($LASTEXITCODE -eq 0) { - Write-Host "✅ winget is installed and working correctly" - } else { - Write-Error "❌ winget is not available or not functioning properly" - exit 1 - } - shell: pwsh # 使用 PowerShell 作为 shell - - - name: Optional - List installed packages (if winget is available) - if: success() - run: | - # 列出已安装的包以验证 winget 功能 - winget list --name "Microsoft Visual C++" - Write-Host "winget functionality verified successfully" + - name: Checkout code + uses: actions/checkout@v5 + + - name: Install Apache for x86 + if: matrix.arch == 'x86' shell: pwsh - -# jobs: -# build: -# runs-on: windows-latest - -# # For Caching -# permissions: -# actions: read -# contents: read + run: | + $apachePath = "${{ github.workspace }}\apache-x86" + New-Item -ItemType Directory -Path $apachePath -Force + choco install apache-httpd -y --force --forcex86 --params="`"/installLocation:$apachePath /noService`"" + # 设置环境变量供后续步骤使用 + echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append -# steps: -# - name: Checkout code -# uses: actions/checkout@v5 + - name: Set Apache path for x64 + if: matrix.arch == 'x64' + shell: pwsh + run: | + # 对于 x64,使用预装的 Apache + echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append -# - name: Setup MSYS2 -# uses: msys2/setup-msys2@v2 -# with: -# msystem: UCRT64 -# update: true -# install: > -# git -# make -# autoconf -# automake -# libtool -# mingw-w64-ucrt-x86_64-gcc -# mingw-w64-ucrt-x86_64-pkg-config + - name: Setup MSYS2 + uses: msys2/setup-msys2@v2 + with: + msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} + update: true + install: > + git + make + autoconf + automake + libtool + ${{ matrix.arch == 'x86' && 'mingw-w64-ucrt-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} + ${{ matrix.arch == 'x86' && 'mingw-w64-ucrt-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} -# - name: Clone and build ssdeep -# shell: msys2 {0} -# run: | -# MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') -# echo "Converted workspace path: $MSYS2_WORKSPACE" + - name: Clone and build ssdeep + shell: msys2 {0} + run: | + MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') + echo "Converted workspace path: $MSYS2_WORKSPACE" -# git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 -# cd ssdeep -# autoreconf -i -# ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" -# make dll + git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 + cd ssdeep + autoreconf -i + + if [ "${{ matrix.arch }}" = "x86" ]; then + ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 + else + ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" + fi + + make dll -# mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/bin" -# mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/include" -# cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/bin/" -# cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/include/" -# cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/" + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin" + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include" + cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin/" + cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include/" + cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/" -# - name: Restore vcpkg cache -# id: vcpkg-cache -# uses: TAServers/vcpkg-cache@v3 -# with: -# token: ${{ secrets.GITHUB_TOKEN }} -# prefix: vcpkg-iis-module/ + - name: Restore vcpkg cache + id: vcpkg-cache + uses: TAServers/vcpkg-cache@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + prefix: vcpkg-iis-module-${{ matrix.arch }}/ -# - name: Configure CMake for IIS Module -# env: -# VCPKG_FEATURE_FLAGS: "binarycaching" -# VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" -# run: | -# cmake ` -# -DAPACHE_ROOT="C:\tools\Apache24" ` -# -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` -# -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install" ` -# -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` -# -DWITH_SSDEEP=ON ` -# -DWITH_LUA=ON ` -# -DWITH_YAJL=ON ` -# -S IIS -B iis\build + - name: Configure CMake for IIS Module + env: + VCPKG_FEATURE_FLAGS: "binarycaching" + VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" + VCPKG_DEFAULT_TRIPLET: ${{ matrix.arch }}-windows + run: | + $archFlag = "${{ matrix.arch }}" + $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } + + cmake ` + -DAPACHE_ROOT="$env:APACHE_ROOT" ` + -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install-${{ matrix.arch }}" ` + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` + -A $cmakeArch ` + -DWITH_SSDEEP=ON ` + -DWITH_LUA=ON ` + -DWITH_YAJL=ON ` + -S IIS -B "iis\build-${{ matrix.arch }}" -# - name: Build IIS Module -# shell: pwsh -# run: | -# cmake --build iis\build --config Release + - name: Build IIS Module + shell: pwsh + run: | + cmake --build "iis\build-${{ matrix.arch }}" --config Release # - name: Package IIS Module with WiX # shell: pwsh # run: | # $CURRENT_DIR = "${{ github.workspace }}/iis/wix" - # candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x64 - # light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer-64.msi" \ No newline at end of file + # $arch = "${{ matrix.arch }}" + # $wixArch = if ($arch -eq "x86") { "x86" } else { "x64" } + # candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch $wixArch + # light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer-$arch.msi" \ No newline at end of file From a05038ed5f055803d2cbb1d2e1aaafe81640a4b7 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 21:42:36 +0800 Subject: [PATCH 20/52] no ucrt64 --- .github/workflows/test-ci-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 7cfa05903..91ed86093 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -52,8 +52,8 @@ jobs: autoconf automake libtool - ${{ matrix.arch == 'x86' && 'mingw-w64-ucrt-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} - ${{ matrix.arch == 'x86' && 'mingw-w64-ucrt-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} + ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} + ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} - name: Clone and build ssdeep shell: msys2 {0} From 388148872746191879bc891b0fa7411da5a03126 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 22:11:24 +0800 Subject: [PATCH 21/52] path error? --- .github/workflows/test-ci-windows.yml | 11 +++++++++-- iis/CMakeLists.txt | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 91ed86093..4872bd338 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -31,14 +31,12 @@ jobs: $apachePath = "${{ github.workspace }}\apache-x86" New-Item -ItemType Directory -Path $apachePath -Force choco install apache-httpd -y --force --forcex86 --params="`"/installLocation:$apachePath /noService`"" - # 设置环境变量供后续步骤使用 echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Set Apache path for x64 if: matrix.arch == 'x64' shell: pwsh run: | - # 对于 x64,使用预装的 Apache echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Setup MSYS2 @@ -95,6 +93,15 @@ jobs: $archFlag = "${{ matrix.arch }}" $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } + $vcpkgIncludePath = "${{ github.workspace }}\build\vcpkg_installed\${{ matrix.arch }}-windows\include" + Write-Host "Checking vcpkg include path: $vcpkgIncludePath" + if (Test-Path -Path $vcpkgIncludePath) { + Write-Host "vcpkg include path exists. Contents:" + Get-ChildItem -Path $vcpkgIncludePath + } else { + Write-Host "vcpkg include path does not exist." + } + cmake ` -DAPACHE_ROOT="$env:APACHE_ROOT" ` -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index 0de10bd93..b92acf82e 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -199,6 +199,7 @@ endif() option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) + message(Finding YAJL in ${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH From bd6d6381bbe5e9bb6c8c01f55749e114ebea836b Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 22:25:18 +0800 Subject: [PATCH 22/52] find path --- .github/workflows/test-ci-windows.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 4872bd338..fd1cc2fad 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -93,7 +93,7 @@ jobs: $archFlag = "${{ matrix.arch }}" $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } - $vcpkgIncludePath = "${{ github.workspace }}\build\vcpkg_installed\${{ matrix.arch }}-windows\include" + $vcpkgIncludePath = "${{ github.workspace }}\iis\build-${{ matrix.arch }}\vcpkg_installed\${{ matrix.arch }}-windows\include" Write-Host "Checking vcpkg include path: $vcpkgIncludePath" if (Test-Path -Path $vcpkgIncludePath) { Write-Host "vcpkg include path exists. Contents:" @@ -113,10 +113,10 @@ jobs: -DWITH_YAJL=ON ` -S IIS -B "iis\build-${{ matrix.arch }}" - - name: Build IIS Module - shell: pwsh - run: | - cmake --build "iis\build-${{ matrix.arch }}" --config Release + # - name: Build IIS Module + # shell: pwsh + # run: | + # cmake --build "iis\build-${{ matrix.arch }}" --config Release # - name: Package IIS Module with WiX # shell: pwsh From 3dabde3ac6b987a0485c74bbbc4e5b6042658a78 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 22:31:42 +0800 Subject: [PATCH 23/52] where are you? --- .github/workflows/test-ci-windows.yml | 55 ++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index fd1cc2fad..4020d2b5a 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -30,7 +30,7 @@ jobs: run: | $apachePath = "${{ github.workspace }}\apache-x86" New-Item -ItemType Directory -Path $apachePath -Force - choco install apache-httpd -y --force --forcex86 --params="`"/installLocation:$apachePath /noService`"" + choco install apache-httpd -y --force --forcex86 --no-progress -r --params="`"/installLocation:$apachePath /noService`"" echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Set Apache path for x64 @@ -92,15 +92,6 @@ jobs: run: | $archFlag = "${{ matrix.arch }}" $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } - - $vcpkgIncludePath = "${{ github.workspace }}\iis\build-${{ matrix.arch }}\vcpkg_installed\${{ matrix.arch }}-windows\include" - Write-Host "Checking vcpkg include path: $vcpkgIncludePath" - if (Test-Path -Path $vcpkgIncludePath) { - Write-Host "vcpkg include path exists. Contents:" - Get-ChildItem -Path $vcpkgIncludePath - } else { - Write-Host "vcpkg include path does not exist." - } cmake ` -DAPACHE_ROOT="$env:APACHE_ROOT" ` @@ -113,6 +104,50 @@ jobs: -DWITH_YAJL=ON ` -S IIS -B "iis\build-${{ matrix.arch }}" + $vcpkgIncludePath = "${{ github.workspace }}\iis\build-${{ matrix.arch }}\vcpkg_installed\${{ matrix.arch }}-windows\include" + Write-Host "Checking vcpkg include path: $vcpkgIncludePath" + if (Test-Path -Path $vcpkgIncludePath) { + Write-Host "vcpkg include path exists. Contents:" + Get-ChildItem -Path $vcpkgIncludePath + } else { + Write-Host "vcpkg include path does not exist." + } + + $vcpkgIncludePath = "${{ github.workspace }}\iis\build\vcpkg_installed\${{ matrix.arch }}-windows\include" + Write-Host "Checking vcpkg include path: $vcpkgIncludePath" + if (Test-Path -Path $vcpkgIncludePath) { + Write-Host "vcpkg include path exists. Contents:" + Get-ChildItem -Path $vcpkgIncludePath + } else { + Write-Host "vcpkg include path does not exist." + } + + $vcpkgIncludePath = "${{ github.workspace }}\build-${{ matrix.arch }}\vcpkg_installed\${{ matrix.arch }}-windows\include" + Write-Host "Checking vcpkg include path: $vcpkgIncludePath" + if (Test-Path -Path $vcpkgIncludePath) { + Write-Host "vcpkg include path exists. Contents:" + Get-ChildItem -Path $vcpkgIncludePath + } else { + Write-Host "vcpkg include path does not exist." + } + + $vcpkgIncludePath = "${{ github.workspace }}\build\vcpkg_installed\${{ matrix.arch }}-windows\include" + Write-Host "Checking vcpkg include path: $vcpkgIncludePath" + if (Test-Path -Path $vcpkgIncludePath) { + Write-Host "vcpkg include path exists. Contents:" + Get-ChildItem -Path $vcpkgIncludePath + } else { + Write-Host "vcpkg include path does not exist." + } + + $vcpkgIncludePath = "${{ github.workspace }}\iis\vcpkg_installed\${{ matrix.arch }}-windows\include" + Write-Host "Checking vcpkg include path: $vcpkgIncludePath" + if (Test-Path -Path $vcpkgIncludePath) { + Write-Host "vcpkg include path exists. Contents:" + Get-ChildItem -Path $vcpkgIncludePath + } else { + Write-Host "vcpkg include path does not exist." + } # - name: Build IIS Module # shell: pwsh # run: | From 73531e9dfbe5d4c665d80dca59050fc929a02752 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 22:38:41 +0800 Subject: [PATCH 24/52] should fine --- .github/workflows/test-ci-windows.yml | 52 +++------------------------ iis/CMakeLists.txt | 5 ++- 2 files changed, 6 insertions(+), 51 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 4020d2b5a..d7d966f04 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -104,54 +104,10 @@ jobs: -DWITH_YAJL=ON ` -S IIS -B "iis\build-${{ matrix.arch }}" - $vcpkgIncludePath = "${{ github.workspace }}\iis\build-${{ matrix.arch }}\vcpkg_installed\${{ matrix.arch }}-windows\include" - Write-Host "Checking vcpkg include path: $vcpkgIncludePath" - if (Test-Path -Path $vcpkgIncludePath) { - Write-Host "vcpkg include path exists. Contents:" - Get-ChildItem -Path $vcpkgIncludePath - } else { - Write-Host "vcpkg include path does not exist." - } - - $vcpkgIncludePath = "${{ github.workspace }}\iis\build\vcpkg_installed\${{ matrix.arch }}-windows\include" - Write-Host "Checking vcpkg include path: $vcpkgIncludePath" - if (Test-Path -Path $vcpkgIncludePath) { - Write-Host "vcpkg include path exists. Contents:" - Get-ChildItem -Path $vcpkgIncludePath - } else { - Write-Host "vcpkg include path does not exist." - } - - $vcpkgIncludePath = "${{ github.workspace }}\build-${{ matrix.arch }}\vcpkg_installed\${{ matrix.arch }}-windows\include" - Write-Host "Checking vcpkg include path: $vcpkgIncludePath" - if (Test-Path -Path $vcpkgIncludePath) { - Write-Host "vcpkg include path exists. Contents:" - Get-ChildItem -Path $vcpkgIncludePath - } else { - Write-Host "vcpkg include path does not exist." - } - - $vcpkgIncludePath = "${{ github.workspace }}\build\vcpkg_installed\${{ matrix.arch }}-windows\include" - Write-Host "Checking vcpkg include path: $vcpkgIncludePath" - if (Test-Path -Path $vcpkgIncludePath) { - Write-Host "vcpkg include path exists. Contents:" - Get-ChildItem -Path $vcpkgIncludePath - } else { - Write-Host "vcpkg include path does not exist." - } - - $vcpkgIncludePath = "${{ github.workspace }}\iis\vcpkg_installed\${{ matrix.arch }}-windows\include" - Write-Host "Checking vcpkg include path: $vcpkgIncludePath" - if (Test-Path -Path $vcpkgIncludePath) { - Write-Host "vcpkg include path exists. Contents:" - Get-ChildItem -Path $vcpkgIncludePath - } else { - Write-Host "vcpkg include path does not exist." - } - # - name: Build IIS Module - # shell: pwsh - # run: | - # cmake --build "iis\build-${{ matrix.arch }}" --config Release + - name: Build IIS Module + shell: pwsh + run: | + cmake --build "iis\build-${{ matrix.arch }}" --config Release # - name: Package IIS Module with WiX # shell: pwsh diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index b92acf82e..9366dc7d6 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -199,13 +199,12 @@ endif() option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) - message(Finding YAJL in ${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH ) find_library(YAJL_LIBRARY NAMES yajl - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/lib" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/lib" NO_DEFAULT_PATH ) From d4a91295adb188b5d3739a261720631cc9547964 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 20 Sep 2025 23:57:58 +0800 Subject: [PATCH 25/52] test package --- .github/workflows/test-ci-windows.yml | 51 ++++++++++++++++++++++----- iis/CMakeLists.txt | 5 +++ 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index d7d966f04..7d4f9bf52 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -92,11 +92,12 @@ jobs: run: | $archFlag = "${{ matrix.arch }}" $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } + $installDir = if ($archFlag -eq "x86") { "x86" } else { "amd64" } cmake ` -DAPACHE_ROOT="$env:APACHE_ROOT" ` -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` - -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\install-${{ matrix.arch }}" ` + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` -A $cmakeArch ` -DWITH_SSDEEP=ON ` @@ -109,11 +110,43 @@ jobs: run: | cmake --build "iis\build-${{ matrix.arch }}" --config Release - # - name: Package IIS Module with WiX - # shell: pwsh - # run: | - # $CURRENT_DIR = "${{ github.workspace }}/iis/wix" - # $arch = "${{ matrix.arch }}" - # $wixArch = if ($arch -eq "x86") { "x86" } else { "x64" } - # candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch $wixArch - # light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer-$arch.msi" \ No newline at end of file + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: iis-module-${{ matrix.arch }} + path: iis/build-${{ matrix.arch }}/Release/ + + package: + needs: build + runs-on: windows-latest + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Download x86 artifacts + uses: actions/download-artifact@v4 + with: + name: iis-module-x86 + path: iis/release/x86/ + + + - name: Download x64 artifacts + uses: actions/download-artifact@v4 + with: + name: iis-module-x64 + path: iis/release/amd64/ + + - name: Package IIS Module with WiX + shell: pwsh + run: | + $CURRENT_DIR = "${{ github.workspace }}\iis\" + candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x64 + light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer\modsecurityiis-x64.msi" + candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x86 + light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer\modsecurityiis-x86.msi" + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: modsecurityiis-installers + path: iis/installer/*.msi diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index 9366dc7d6..4f061d250 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -149,6 +149,8 @@ if(APACHE_ROOT) message(FATAL_ERROR "APACHE_ROOT/lib directory does not exist. Expected: '${APACHE_ROOT}/lib'. Please ensure Apache libraries are available.") endif() + file(TO_CMAKE_PATH "${APACHE_ROOT}" APACHE_ROOT) + # Create imported targets for Apache libraries add_library(Apache::httpd SHARED IMPORTED) set_target_properties(Apache::httpd PROPERTIES @@ -227,6 +229,9 @@ if(WITH_SSDEEP) message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Current SSDEEP_ROOT: '${SSDEEP_ROOT}'. Please set SSDEEP_ROOT to the ssdeep installation directory. Disabling SSDEEP support.") set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) else() + + file(TO_CMAKE_PATH "${SSDEEP_ROOT}" SSDEEP_ROOT) + message(STATUS "SSDEEP_ROOT: ${SSDEEP_ROOT}") # 查找头文件 From d75eea074d81c366db27575c678452726192764b Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 02:33:02 +0800 Subject: [PATCH 26/52] untest --- .github/workflows/test-ci-windows.yml | 39 +- iis/installer.wxs | 519 +++++--------------------- 2 files changed, 126 insertions(+), 432 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 7d4f9bf52..7fec6392c 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -123,30 +123,43 @@ jobs: - name: Checkout code uses: actions/checkout@v5 + - name: Download x64 artifacts + uses: actions/download-artifact@v4 + with: + name: iis-module-x64 + path: iis/release/amd64/ + - name: Download x86 artifacts uses: actions/download-artifact@v4 with: name: iis-module-x86 path: iis/release/x86/ + - name: Generate wxs files + shell: pwsh + run: | + heat dir "iis\release\amd64" -cg ModSec64Components -dr inetsrv64 -gg -sreg -srd -var var.ModSecurityIISRelease64 -out "iis\ModSec64.wxs" + heat dir "iis\release\x86" -cg ModSec32Components -dr inetsrv32 -gg -sreg -srd -var var.ModSecurityIISRelease32 -out "iis\ModSec32.wxs" - - name: Download x64 artifacts - uses: actions/download-artifact@v4 - with: - name: iis-module-x64 - path: iis/release/amd64/ - - - name: Package IIS Module with WiX + - name: Compile wxs files + shell: pwsh + run: | + candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" + candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" + + - name: Link wixobj files into MSI shell: pwsh run: | - $CURRENT_DIR = "${{ github.workspace }}\iis\" - candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x64 - light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer\modsecurityiis-x64.msi" - candle.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wxs" -out "$CURRENT_DIR\installer.wixobj" -arch x86 - light.exe -ext WixUtilExtension -ext WixUIExtension "$CURRENT_DIR\installer.wixobj" -out "$CURRENT_DIR\installer\modsecurityiis-x86.msi" + light.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wixobj" "iis\ModSec32.wixobj" "iis\ModSec64.wixobj" -out "iis\modsecurityiis.msi" + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: modsecurityiis-installers + path: iis/installer/modsecurityiis.msi - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: modsecurityiis-installers - path: iis/installer/*.msi + path: iis/installer/modsecurityiis.msi diff --git a/iis/installer.wxs b/iis/installer.wxs index 9197a733b..7f134bea3 100644 --- a/iis/installer.wxs +++ b/iis/installer.wxs @@ -17,17 +17,19 @@ - + - + + + @@ -87,24 +89,28 @@ + + + - - VersionNT64 - - NOT VersionNT64 - - - - - + + + VersionNT64 + + NOT VersionNT64 + + + + + @@ -121,7 +127,7 @@ - + @@ -129,437 +135,112 @@ - + - - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + + + - + + - + (NOT &ModSec64=3) AND (NOT &ModSec32=3) &ModSec64=3 OR &ModSec32=3 - + (NOT &ModSec32=3) &ModSec32=3 - + 1 @@ -649,9 +330,9 @@ &ModSec64=3 OR &ModSec32=3 (NOT &ModSec64=3) AND (NOT &ModSec32=3) - + &ModSec32=3 - + NOT Installed OR WixUI_InstallMode = "Change" NOT Installed OR WixUI_InstallMode = "Change" Installed AND PATCH @@ -686,12 +367,12 @@ - + - + @@ -701,45 +382,45 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + \ No newline at end of file From 3b67ddeabe322190c30a9024efb1407878674a30 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 02:41:15 +0800 Subject: [PATCH 27/52] but untest --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 7fec6392c..d9dfd1f0a 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -145,7 +145,7 @@ jobs: shell: pwsh run: | candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" - candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" + candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ - name: Link wixobj files into MSI shell: pwsh From df8e7e44001740cb55b7d184cc6b4b82d99dbb6f Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 02:48:01 +0800 Subject: [PATCH 28/52] sorry --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index d9dfd1f0a..10c4ec565 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -144,7 +144,7 @@ jobs: - name: Compile wxs files shell: pwsh run: | - candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" + candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" -out iis\ candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ - name: Link wixobj files into MSI From 66b20eaa0819fbe092055fee3a85da392ae4bc68 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 03:20:48 +0800 Subject: [PATCH 29/52] find iis --- .github/workflows/test-ci-windows.yml | 313 ++++++++++++++------------ 1 file changed, 167 insertions(+), 146 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 10c4ec565..1ee54f4b3 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,157 +9,178 @@ on: - v2/test-ci-windows jobs: - build: - strategy: - matrix: - arch: [x86, x64] - runs-on: windows-latest + # build: + # strategy: + # matrix: + # arch: [x86, x64] + # runs-on: windows-latest - # For Caching - permissions: - actions: read - contents: read - - steps: - - name: Checkout code - uses: actions/checkout@v5 - - - name: Install Apache for x86 - if: matrix.arch == 'x86' - shell: pwsh - run: | - $apachePath = "${{ github.workspace }}\apache-x86" - New-Item -ItemType Directory -Path $apachePath -Force - choco install apache-httpd -y --force --forcex86 --no-progress -r --params="`"/installLocation:$apachePath /noService`"" - echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - - - name: Set Apache path for x64 - if: matrix.arch == 'x64' - shell: pwsh - run: | - echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - - - name: Setup MSYS2 - uses: msys2/setup-msys2@v2 - with: - msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} - update: true - install: > - git - make - autoconf - automake - libtool - ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} - ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} - - - name: Clone and build ssdeep - shell: msys2 {0} - run: | - MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') - echo "Converted workspace path: $MSYS2_WORKSPACE" - - git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 - cd ssdeep - autoreconf -i + # # For Caching + # permissions: + # actions: read + # contents: read + + # steps: + # - name: Checkout code + # uses: actions/checkout@v5 + + # - name: Install Apache for x86 + # if: matrix.arch == 'x86' + # shell: pwsh + # run: | + # $apachePath = "${{ github.workspace }}\apache-x86" + # New-Item -ItemType Directory -Path $apachePath -Force + # choco install apache-httpd -y --force --forcex86 --no-progress -r --params="`"/installLocation:$apachePath /noService`"" + # echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + + # - name: Set Apache path for x64 + # if: matrix.arch == 'x64' + # shell: pwsh + # run: | + # echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + + # - name: Setup MSYS2 + # uses: msys2/setup-msys2@v2 + # with: + # msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} + # update: true + # install: > + # git + # make + # autoconf + # automake + # libtool + # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} + # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} + + # - name: Clone and build ssdeep + # shell: msys2 {0} + # run: | + # MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') + # echo "Converted workspace path: $MSYS2_WORKSPACE" + + # git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 + # cd ssdeep + # autoreconf -i - if [ "${{ matrix.arch }}" = "x86" ]; then - ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 - else - ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" - fi + # if [ "${{ matrix.arch }}" = "x86" ]; then + # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 + # else + # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" + # fi - make dll - - mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin" - mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include" - cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin/" - cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include/" - cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/" - - - name: Restore vcpkg cache - id: vcpkg-cache - uses: TAServers/vcpkg-cache@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - prefix: vcpkg-iis-module-${{ matrix.arch }}/ - - - name: Configure CMake for IIS Module - env: - VCPKG_FEATURE_FLAGS: "binarycaching" - VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" - VCPKG_DEFAULT_TRIPLET: ${{ matrix.arch }}-windows - run: | - $archFlag = "${{ matrix.arch }}" - $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } - $installDir = if ($archFlag -eq "x86") { "x86" } else { "amd64" } - - cmake ` - -DAPACHE_ROOT="$env:APACHE_ROOT" ` - -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` - -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` - -A $cmakeArch ` - -DWITH_SSDEEP=ON ` - -DWITH_LUA=ON ` - -DWITH_YAJL=ON ` - -S IIS -B "iis\build-${{ matrix.arch }}" - - - name: Build IIS Module - shell: pwsh - run: | - cmake --build "iis\build-${{ matrix.arch }}" --config Release - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: iis-module-${{ matrix.arch }} - path: iis/build-${{ matrix.arch }}/Release/ + # make dll + + # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin" + # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include" + # cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin/" + # cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include/" + # cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/" + + # - name: Restore vcpkg cache + # id: vcpkg-cache + # uses: TAServers/vcpkg-cache@v3 + # with: + # token: ${{ secrets.GITHUB_TOKEN }} + # prefix: vcpkg-iis-module-${{ matrix.arch }}/ + + # - name: Configure CMake for IIS Module + # env: + # VCPKG_FEATURE_FLAGS: "binarycaching" + # VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" + # VCPKG_DEFAULT_TRIPLET: ${{ matrix.arch }}-windows + # run: | + # $archFlag = "${{ matrix.arch }}" + # $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } + # $installDir = if ($archFlag -eq "x86") { "x86" } else { "amd64" } + + # cmake ` + # -DAPACHE_ROOT="$env:APACHE_ROOT" ` + # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` + # -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` + # -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` + # -A $cmakeArch ` + # -DWITH_SSDEEP=ON ` + # -DWITH_LUA=ON ` + # -DWITH_YAJL=ON ` + # -S IIS -B "iis\build-${{ matrix.arch }}" + + # - name: Build IIS Module + # shell: pwsh + # run: | + # cmake --build "iis\build-${{ matrix.arch }}" --config Release + + # - name: Upload artifacts + # uses: actions/upload-artifact@v4 + # with: + # name: iis-module-${{ matrix.arch }} + # path: iis/build-${{ matrix.arch }}/Release/ - package: - needs: build + # package: + # needs: build + # runs-on: windows-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v5 + + # - name: Download x64 artifacts + # uses: actions/download-artifact@v4 + # with: + # name: iis-module-x64 + # path: iis/release/amd64/ + + # - name: Download x86 artifacts + # uses: actions/download-artifact@v4 + # with: + # name: iis-module-x86 + # path: iis/release/x86/ + + # - name: Generate wxs files + # shell: pwsh + # run: | + # heat dir "iis\release\amd64" -cg ModSec64Components -dr inetsrv64 -gg -sreg -srd -var var.ModSecurityIISRelease64 -out "iis\ModSec64.wxs" + # heat dir "iis\release\x86" -cg ModSec32Components -dr inetsrv32 -gg -sreg -srd -var var.ModSecurityIISRelease32 -out "iis\ModSec32.wxs" + + # - name: Compile wxs files + # shell: pwsh + # run: | + # candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" -out iis\ + # candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ + + # - name: Link wixobj files into MSI + # shell: pwsh + # run: | + # light.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wixobj" "iis\ModSec32.wixobj" "iis\ModSec64.wixobj" -out "iis\modsecurityiis.msi" + + # - name: Upload artifacts + # uses: actions/upload-artifact@v4 + # with: + # name: modsecurityiis-installers + # path: iis/modsecurityiis.msi + + test: + needs: package runs-on: windows-latest steps: - - name: Checkout code - uses: actions/checkout@v5 - - - name: Download x64 artifacts - uses: actions/download-artifact@v4 - with: - name: iis-module-x64 - path: iis/release/amd64/ - - - name: Download x86 artifacts - uses: actions/download-artifact@v4 - with: - name: iis-module-x86 - path: iis/release/x86/ - - - name: Generate wxs files - shell: pwsh - run: | - heat dir "iis\release\amd64" -cg ModSec64Components -dr inetsrv64 -gg -sreg -srd -var var.ModSecurityIISRelease64 -out "iis\ModSec64.wxs" - heat dir "iis\release\x86" -cg ModSec32Components -dr inetsrv32 -gg -sreg -srd -var var.ModSecurityIISRelease32 -out "iis\ModSec32.wxs" - - - name: Compile wxs files - shell: pwsh - run: | - candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" -out iis\ - candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ - - - name: Link wixobj files into MSI + - name: Enable IIS Feature shell: pwsh run: | - light.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wixobj" "iis\ModSec32.wixobj" "iis\ModSec64.wixobj" -out "iis\modsecurityiis.msi" - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: modsecurityiis-installers - path: iis/installer/modsecurityiis.msi - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: modsecurityiis-installers - path: iis/installer/modsecurityiis.msi + $iisStatus = Get-WindowsFeature -Name Web-Server + if ($iisStatus.Installed -eq $false) { + Write-Host "IIS is not installed. Installing now..." + Install-WindowsFeature -Name Web-Server -IncludeManagementTools + } else { + Write-Host "IIS is already installed." + } + Install-WindowsFeature -name Web-Server -IncludeManagementTools + Install-WindowsFeature -name Web-Server, Web-ASP, Web-Mgmt-Tools, Web-WebSockets + + # - name: Download MSI + # uses: actions/download-artifact@v4 + # with: + # name: modsecurityiis-installers + # path: iis/ + + # - name: Install MSI + # shell: pwsh + # run: | \ No newline at end of file From 955e99d9408039b597e7ae7ce1eded2d59368873 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 03:22:05 +0800 Subject: [PATCH 30/52] oh --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 1ee54f4b3..faf1a7a61 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -159,7 +159,7 @@ jobs: # path: iis/modsecurityiis.msi test: - needs: package +# needs: package runs-on: windows-latest steps: - name: Enable IIS Feature From 7024ef914ab8d03b05d0ad0e8ae6042dd92bf750 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 05:01:46 +0800 Subject: [PATCH 31/52] fix --- .github/workflows/test-ci-windows.yml | 327 +++++++++++++------------- iis/CMakeLists.txt | 19 +- 2 files changed, 174 insertions(+), 172 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index faf1a7a61..6efa1da3d 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -9,178 +9,177 @@ on: - v2/test-ci-windows jobs: - # build: - # strategy: - # matrix: - # arch: [x86, x64] - # runs-on: windows-latest + build: + strategy: + matrix: + arch: [x86, x64] + runs-on: windows-latest - # # For Caching - # permissions: - # actions: read - # contents: read - - # steps: - # - name: Checkout code - # uses: actions/checkout@v5 - - # - name: Install Apache for x86 - # if: matrix.arch == 'x86' - # shell: pwsh - # run: | - # $apachePath = "${{ github.workspace }}\apache-x86" - # New-Item -ItemType Directory -Path $apachePath -Force - # choco install apache-httpd -y --force --forcex86 --no-progress -r --params="`"/installLocation:$apachePath /noService`"" - # echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - - # - name: Set Apache path for x64 - # if: matrix.arch == 'x64' - # shell: pwsh - # run: | - # echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - - # - name: Setup MSYS2 - # uses: msys2/setup-msys2@v2 - # with: - # msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} - # update: true - # install: > - # git - # make - # autoconf - # automake - # libtool - # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} - # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} - - # - name: Clone and build ssdeep - # shell: msys2 {0} - # run: | - # MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') - # echo "Converted workspace path: $MSYS2_WORKSPACE" - - # git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 - # cd ssdeep - # autoreconf -i + # For Caching + permissions: + actions: read + contents: read + + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Install Apache for x86 + if: matrix.arch == 'x86' + shell: pwsh + run: | + $apachePath = "${{ github.workspace }}\apache-x86" + New-Item -ItemType Directory -Path $apachePath -Force + choco install apache-httpd -y --force --forcex86 --no-progress -r --params="'/installLocation:$apachePath /noService'" + echo "APACHE_ROOT=$apachePath\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + + - name: Set Apache path for x64 + if: matrix.arch == 'x64' + shell: pwsh + run: | + echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + + # - name: Setup MSYS2 + # uses: msys2/setup-msys2@v2 + # with: + # msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} + # update: true + # install: > + # git + # make + # autoconf + # automake + # libtool + # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} + # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} + + # - name: Clone and build ssdeep + # shell: msys2 {0} + # run: | + # MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') + # echo "Converted workspace path: $MSYS2_WORKSPACE" + + # git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 + # cd ssdeep + # autoreconf -i - # if [ "${{ matrix.arch }}" = "x86" ]; then - # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 - # else - # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" - # fi + # if [ "${{ matrix.arch }}" = "x86" ]; then + # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 + # else + # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" + # fi - # make dll - - # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin" - # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include" - # cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin/" - # cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include/" - # cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/" - - # - name: Restore vcpkg cache - # id: vcpkg-cache - # uses: TAServers/vcpkg-cache@v3 - # with: - # token: ${{ secrets.GITHUB_TOKEN }} - # prefix: vcpkg-iis-module-${{ matrix.arch }}/ - - # - name: Configure CMake for IIS Module - # env: - # VCPKG_FEATURE_FLAGS: "binarycaching" - # VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" - # VCPKG_DEFAULT_TRIPLET: ${{ matrix.arch }}-windows - # run: | - # $archFlag = "${{ matrix.arch }}" - # $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } - # $installDir = if ($archFlag -eq "x86") { "x86" } else { "amd64" } - - # cmake ` - # -DAPACHE_ROOT="$env:APACHE_ROOT" ` - # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` - # -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` - # -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` - # -A $cmakeArch ` - # -DWITH_SSDEEP=ON ` - # -DWITH_LUA=ON ` - # -DWITH_YAJL=ON ` - # -S IIS -B "iis\build-${{ matrix.arch }}" - - # - name: Build IIS Module - # shell: pwsh - # run: | - # cmake --build "iis\build-${{ matrix.arch }}" --config Release - - # - name: Upload artifacts - # uses: actions/upload-artifact@v4 - # with: - # name: iis-module-${{ matrix.arch }} - # path: iis/build-${{ matrix.arch }}/Release/ + # make dll + + # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin" + # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include" + # cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin/" + # cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include/" + # cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/" + + - name: Restore vcpkg cache + id: vcpkg-cache + uses: TAServers/vcpkg-cache@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + prefix: vcpkg-iis-module-${{ matrix.arch }}/ + + - name: Configure CMake for IIS Module + env: + VCPKG_FEATURE_FLAGS: "binarycaching" + VCPKG_BINARY_SOURCES: "clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite" + VCPKG_DEFAULT_TRIPLET: ${{ matrix.arch }}-windows + run: | + $archFlag = "${{ matrix.arch }}" + $cmakeArch = if ($archFlag -eq "x86") { "Win32" } else { "x64" } + $installDir = if ($archFlag -eq "x86") { "x86" } else { "amd64" } + + cmake ` + -DAPACHE_ROOT="$env:APACHE_ROOT" ` + # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` + -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` + -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` + -A $cmakeArch ` + # -DWITH_SSDEEP=ON ` + -DWITH_LUA=ON ` + -DWITH_YAJL=ON ` + -S IIS -B "iis\build-${{ matrix.arch }}" + + - name: Build IIS Module + shell: pwsh + run: | + cmake --build "iis\build-${{ matrix.arch }}" --config Release + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: iis-module-${{ matrix.arch }} + path: iis/build-${{ matrix.arch }}/Release/ - # package: - # needs: build - # runs-on: windows-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v5 - - # - name: Download x64 artifacts - # uses: actions/download-artifact@v4 - # with: - # name: iis-module-x64 - # path: iis/release/amd64/ - - # - name: Download x86 artifacts - # uses: actions/download-artifact@v4 - # with: - # name: iis-module-x86 - # path: iis/release/x86/ - - # - name: Generate wxs files - # shell: pwsh - # run: | - # heat dir "iis\release\amd64" -cg ModSec64Components -dr inetsrv64 -gg -sreg -srd -var var.ModSecurityIISRelease64 -out "iis\ModSec64.wxs" - # heat dir "iis\release\x86" -cg ModSec32Components -dr inetsrv32 -gg -sreg -srd -var var.ModSecurityIISRelease32 -out "iis\ModSec32.wxs" - - # - name: Compile wxs files - # shell: pwsh - # run: | - # candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" -out iis\ - # candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ - - # - name: Link wixobj files into MSI - # shell: pwsh - # run: | - # light.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wixobj" "iis\ModSec32.wixobj" "iis\ModSec64.wixobj" -out "iis\modsecurityiis.msi" - - # - name: Upload artifacts - # uses: actions/upload-artifact@v4 - # with: - # name: modsecurityiis-installers - # path: iis/modsecurityiis.msi + package: + needs: build + runs-on: windows-latest + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Download x64 artifacts + uses: actions/download-artifact@v4 + with: + name: iis-module-x64 + path: iis/release/amd64/ + + - name: Download x86 artifacts + uses: actions/download-artifact@v4 + with: + name: iis-module-x86 + path: iis/release/x86/ + + - name: Generate wxs files + shell: pwsh + run: | + heat dir "iis\release\amd64" -cg ModSec64Components -dr inetsrv64 -gg -sreg -srd -var var.ModSecurityIISRelease64 -out "iis\ModSec64.wxs" + heat dir "iis\release\x86" -cg ModSec32Components -dr inetsrv32 -gg -sreg -srd -var var.ModSecurityIISRelease32 -out "iis\ModSec32.wxs" + + - name: Compile wxs files + shell: pwsh + run: | + candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" -out iis\ + candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ + + - name: Link wixobj files into MSI + shell: pwsh + run: | + light.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wixobj" "iis\ModSec32.wixobj" "iis\ModSec64.wixobj" -out "iis\modsecurityiis.msi" + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: modsecurityiis-installers + path: iis/modsecurityiis.msi test: -# needs: package + needs: package runs-on: windows-latest steps: - - name: Enable IIS Feature + - name: Download MSI + uses: actions/download-artifact@v4 + with: + name: modsecurityiis-installers + path: ${{ github.workspace }}\ + + - name: Install MSI shell: pwsh run: | - $iisStatus = Get-WindowsFeature -Name Web-Server - if ($iisStatus.Installed -eq $false) { - Write-Host "IIS is not installed. Installing now..." - Install-WindowsFeature -Name Web-Server -IncludeManagementTools - } else { - Write-Host "IIS is already installed." - } - Install-WindowsFeature -name Web-Server -IncludeManagementTools - Install-WindowsFeature -name Web-Server, Web-ASP, Web-Mgmt-Tools, Web-WebSockets - - # - name: Download MSI - # uses: actions/download-artifact@v4 - # with: - # name: modsecurityiis-installers - # path: iis/ + msiexec /i modsecurityiis.msi /qn /norestart + + - name: ReStart IIS Feature + shell: pwsh + run: | + Restart-Service W3SVC - # - name: Install MSI - # shell: pwsh - # run: | \ No newline at end of file + - name: Test IIS Module + shell: pwsh + run: | + curl -I http://localhost/ + Get-EventLog -LogName Application -Newest 10 \ No newline at end of file diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index 4f061d250..b984bbada 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -171,6 +171,12 @@ if(APACHE_ROOT) IMPORTED_LOCATION "${APACHE_ROOT}/bin/libaprutil-1.dll" ) + add_library(Apache::apriconv SHARED IMPORTED) + set_target_properties(Apache::apriconv SHARED IMPORTED PROPERTIES + IMPORTED_IMPLIB "${APACHE_ROOT}/lib/libapriconv-1.lib" + IMPORTED_LOCATION "${APACHE_ROOT}/bin/libapriconv-1.dll" + ) + target_include_directories(${IIS_MODULE_NAME} PRIVATE ${APACHE_ROOT}/include ) @@ -283,9 +289,6 @@ if(WITH_SSDEEP) ) endif() - else() - message(WARNING "SSDEEP include (fuzzy.h) not found at ${SSDEEP_ROOT}/include. Disabling SSDEEP support.") - set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) endif() endif() endif() @@ -335,6 +338,7 @@ if(APACHE_ROOT) Apache::httpd Apache::apr Apache::aprutil + Apache::apriconv ) else() message(WARNING "APACHE_ROOT is not defined or path does not exist. Current APACHE_ROOT: '${APACHE_ROOT}'. Please set APACHE_ROOT to the Apache installation directory.") @@ -351,9 +355,6 @@ endif() if(WITH_SSDEEP AND SSDEEP_INCLUDE_DIR AND SSDEEP_GENERATED_LIB) target_link_libraries(${IIS_MODULE_NAME} PRIVATE SSDEEP::fuzzy) -else() - message(WARNING "SSDEEP library not found or generated. Disabling SSDEEP support.") - option(WITH_SSDEEP "Enable SSDEEP support" OFF) # Disable if library not found endif() if(APACHE_ROOT AND EXISTS "${APACHE_ROOT}/bin") @@ -364,6 +365,9 @@ if(APACHE_ROOT AND EXISTS "${APACHE_ROOT}/bin") COMMAND ${CMAKE_COMMAND} -E copy_if_different "${APACHE_ROOT}/bin/libaprutil-1.dll" $ + COMMAND ${CMAKE_COMMAND} -E copy_if_different + "${APACHE_ROOT}/bin/libapriconv-1.dll" + $ COMMENT "Copying Apache DLLs to output directory" ) else() @@ -377,8 +381,6 @@ if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/bin/fuzzy.dll") $ COMMENT "Copying SSDEEP DLL to output directory" ) -else() - message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Current SSDEEP_ROOT: '${SSDEEP_ROOT}'. Please set SSDEEP_ROOT to the SSDEEP installation directory.") endif() @@ -392,6 +394,7 @@ if(APACHE_ROOT AND EXISTS "${APACHE_ROOT}/bin") install(FILES "${APACHE_ROOT}/bin/libhttpd.dll" "${APACHE_ROOT}/bin/libaprutil-1.dll" + "${APACHE_ROOT}/bin/libapriconv-1.dll" DESTINATION . ) endif() From a97e8e6f726ff0439bb3f0e2dfe58a9fdb2a097a Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 05:04:05 +0800 Subject: [PATCH 32/52] comment --- .github/workflows/test-ci-windows.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 6efa1da3d..f39d00005 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -96,15 +96,16 @@ jobs: cmake ` -DAPACHE_ROOT="$env:APACHE_ROOT" ` - # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` -A $cmakeArch ` - # -DWITH_SSDEEP=ON ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` -S IIS -B "iis\build-${{ matrix.arch }}" + # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` + # -DWITH_SSDEEP=ON ` + - name: Build IIS Module shell: pwsh run: | From 056144060eae7551bd6e481d4aa26bb245075099 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 05:06:45 +0800 Subject: [PATCH 33/52] LLM --- iis/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index b984bbada..639be7edc 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -172,7 +172,7 @@ if(APACHE_ROOT) ) add_library(Apache::apriconv SHARED IMPORTED) - set_target_properties(Apache::apriconv SHARED IMPORTED PROPERTIES + set_target_properties(Apache::apriconv PROPERTIES IMPORTED_IMPLIB "${APACHE_ROOT}/lib/libapriconv-1.lib" IMPORTED_LOCATION "${APACHE_ROOT}/bin/libapriconv-1.dll" ) From 2563b1cec7b02d112c44c83134b384714cdaadb4 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 16:15:30 +0800 Subject: [PATCH 34/52] add def --- iis/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index 639be7edc..ad61443f2 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -62,6 +62,7 @@ set(IIS_MODULE_SOURCES main.cpp moduleconfig.cpp mymodule.cpp + mymodule.def ) From 67cab1cde1b713a87da1e490c4f55e54ab2b2c62 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 18:00:08 +0800 Subject: [PATCH 35/52] should? --- .github/workflows/test-ci-windows.yml | 19 ++------------- iis/CMakeLists.txt | 35 +++++++-------------------- 2 files changed, 11 insertions(+), 43 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index f39d00005..328dfd437 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -136,21 +136,13 @@ jobs: name: iis-module-x86 path: iis/release/x86/ - - name: Generate wxs files + - name: Generate MSI files shell: pwsh run: | heat dir "iis\release\amd64" -cg ModSec64Components -dr inetsrv64 -gg -sreg -srd -var var.ModSecurityIISRelease64 -out "iis\ModSec64.wxs" heat dir "iis\release\x86" -cg ModSec32Components -dr inetsrv32 -gg -sreg -srd -var var.ModSecurityIISRelease32 -out "iis\ModSec32.wxs" - - - name: Compile wxs files - shell: pwsh - run: | candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wxs" "iis\ModSec64.wxs" -arch x64 -dModSecurityIISRelease64="iis\release\amd64\" -out iis\ candle.exe -ext WixUtilExtension -ext WixUIExtension "iis\ModSec32.wxs" -arch x86 -dModSecurityIISRelease32="iis\release\x86\" -out iis\ - - - name: Link wixobj files into MSI - shell: pwsh - run: | light.exe -ext WixUtilExtension -ext WixUIExtension "iis\installer.wixobj" "iis\ModSec32.wixobj" "iis\ModSec64.wixobj" -out "iis\modsecurityiis.msi" - name: Upload artifacts @@ -163,20 +155,13 @@ jobs: needs: package runs-on: windows-latest steps: - - name: Download MSI + - name: Install MSI uses: actions/download-artifact@v4 with: name: modsecurityiis-installers path: ${{ github.workspace }}\ - - - name: Install MSI - shell: pwsh run: | msiexec /i modsecurityiis.msi /qn /norestart - - - name: ReStart IIS Feature - shell: pwsh - run: | Restart-Service W3SVC - name: Test IIS Module diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index ad61443f2..b7d7c20e5 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -57,15 +57,6 @@ set(IIS_STANDALONE_SOURCES ../standalone/server.c ) -# Source files for IIS-specific components -set(IIS_MODULE_SOURCES - main.cpp - moduleconfig.cpp - mymodule.cpp - mymodule.def -) - - # Determine architecture if(CMAKE_SIZEOF_VOID_P EQUAL 8) set(ARCHITECTURE "x64") @@ -91,19 +82,18 @@ add_custom_command( WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} ) -set(MC_GENERATED_RES "${CMAKE_CURRENT_BINARY_DIR}/ModSecurityIISMessage.res") -add_custom_command( - OUTPUT ${MC_GENERATED_RES} - COMMAND rc.exe - ARGS /fo "${MC_GENERATED_RES}" "${MC_GENERATED_RC}" - DEPENDS ${MC_GENERATED_RC} - COMMENT "Building resource file: ${MC_GENERATED_RES}" +# Source files for IIS-specific components +set(IIS_MODULE_SOURCES + main.cpp + moduleconfig.cpp + mymodule.cpp + mymodule.def + ${MC_GENERATED_RC} ) set_source_files_properties( ${MC_GENERATED_RC} ${MC_GENERATED_H} - ${MC_GENERATED_RES} PROPERTIES GENERATED TRUE ) @@ -111,7 +101,6 @@ add_library(${IIS_MODULE_NAME} SHARED ${IIS_APACHE_SOURCES} ${IIS_STANDALONE_SOURCES} ${IIS_MODULE_SOURCES} - ${MC_GENERATED_RES} ) # Set the output name and extension @@ -209,11 +198,11 @@ option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/include" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH ) find_library(YAJL_LIBRARY NAMES yajl - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/lib" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/lib" NO_DEFAULT_PATH ) @@ -241,7 +230,6 @@ if(WITH_SSDEEP) message(STATUS "SSDEEP_ROOT: ${SSDEEP_ROOT}") - # 查找头文件 find_path(SSDEEP_INCLUDE_DIR fuzzy.h PATHS "${SSDEEP_ROOT}/include" NO_DEFAULT_PATH @@ -252,7 +240,6 @@ if(WITH_SSDEEP) target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_SSDEEP) target_include_directories(${IIS_MODULE_NAME} PRIVATE ${SSDEEP_INCLUDE_DIR}) - # 检查 fuzzy.def 文件是否存在 set(SSDEEP_DEF_FILE "${SSDEEP_ROOT}/fuzzy.def") if(NOT EXISTS "${SSDEEP_DEF_FILE}") message(WARNING "fuzzy.def not found at ${SSDEEP_DEF_FILE}. Disabling SSDEEP support.") @@ -261,7 +248,6 @@ if(WITH_SSDEEP) set(SSDEEP_GENERATED_LIB "${CMAKE_CURRENT_BINARY_DIR}/fuzzy.lib") set(SSDEEP_GENERATED_dll "${CMAKE_CURRENT_BINARY_DIR}/bin/fuzzy.dll") - # 添加自定义命令生成 fuzzy.lib add_custom_command( OUTPUT ${SSDEEP_GENERATED_LIB} COMMAND lib.exe /machine:${ARCHITECTURE} /def:${SSDEEP_DEF_FILE} /out:${SSDEEP_GENERATED_LIB} @@ -270,16 +256,13 @@ if(WITH_SSDEEP) VERBATIM ) - # 确保自定义命令的输出被标记为生成文件 set_source_files_properties(${SSDEEP_GENERATED_LIB} PROPERTIES GENERATED TRUE) - # 添加自定义目标确保生成 fuzzy.lib add_custom_target(generate_ssdeep_lib ALL DEPENDS ${SSDEEP_GENERATED_LIB} COMMENT "Ensuring ssdeep lib is generated" ) - # 使主目标依赖于 fuzzy.lib 的生成 add_dependencies(${IIS_MODULE_NAME} generate_ssdeep_lib) add_library(SSDEEP::fuzzy SHARED IMPORTED) From 3c173f297ae1a97055cb362fe545f1df48622639 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 18:02:44 +0800 Subject: [PATCH 36/52] ok.. --- .github/workflows/test-ci-windows.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 328dfd437..8b607c910 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -160,10 +160,13 @@ jobs: with: name: modsecurityiis-installers path: ${{ github.workspace }}\ + + - name: Install MSI + shell: pwsh run: | msiexec /i modsecurityiis.msi /qn /norestart Restart-Service W3SVC - + - name: Test IIS Module shell: pwsh run: | From f82b27baf9a78d67896a69ee87f6ae32599ca76b Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 18:05:43 +0800 Subject: [PATCH 37/52] ...... --- iis/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index b7d7c20e5..abd2229a6 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -198,11 +198,11 @@ option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH ) find_library(YAJL_LIBRARY NAMES yajl - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/lib" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/lib" NO_DEFAULT_PATH ) From 1fde9d8fff134d186162a704416de294c4af8c35 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 20:37:56 +0800 Subject: [PATCH 38/52] testing --- .github/workflows/test-ci-windows.yml | 131 +++++++++++++++++++++++++- 1 file changed, 127 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 8b607c910..412b4c0f8 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -155,6 +155,9 @@ jobs: needs: package runs-on: windows-latest steps: + - name: Checkout code + uses: actions/checkout@v5 + - name: Install MSI uses: actions/download-artifact@v4 with: @@ -164,11 +167,131 @@ jobs: - name: Install MSI shell: pwsh run: | - msiexec /i modsecurityiis.msi /qn /norestart - Restart-Service W3SVC + $msiPath = "${{ github.workspace }}\modsecurityiis.msi" + if (-not (Test-Path $msiPath)) { + Write-Error "MSI file not found at $msiPath" + exit 1 + } + + # Install with logging for debugging + $installLog = "${{ github.workspace }}\install.log" + $installResult = Start-Process -FilePath "msiexec.exe" -ArgumentList @( + "/i", "`"$msiPath`"", + "/qn", + "/norestart", + "/l*", "`"$installLog`"" + ) -Wait -PassThru + if ($installResult.ExitCode -ne 0) { + Write-Error "MSI installation failed with exit code $($installResult.ExitCode)" + Get-Content $installLog | Write-Host + exit 1 + } + + $installDir = "C:\Program Files\ModSecurity IIS" + $requiredFiles = @( + "modsecurity.conf", + "modsecurity_iis.conf" + ) + + foreach ($file in $requiredFiles) { + $filePath = Join-Path $installDir $file + if (-not (Test-Path $filePath)) { + Write-Error "Required file $file not found in installation directory" + exit 1 + } + } + + - name: Install OWASP Core Rules + shell: pwsh + run: | + $crsVersion = "v4.18.0" + $crsUrl = "https://github.com/coreruleset/coreruleset/archive/refs/tags/$crsVersion.tar.gz" + $crsDir = "C:\Program Files\ModSecurity IIS\coreruleset" + $modSecurityConfigDir = "C:\Program Files\ModSecurity IIS" + + try { + New-Item -ItemType Directory -Path $crsDir -Force + Invoke-WebRequest -Uri $crsUrl -OutFile "$crsDir\$crsVersion.tar.gz" + tar -xzf "$crsDir\$crsVersion.tar.gz" -C $crsDir --strip-components=1 + + Get-ChildItem "$crsDir" -Recurse -Filter "*.example" | ForEach-Object { + $newName = $_.Name.Replace(".example", "") + Rename-Item -Path $_.FullName -NewName $newName + } + + $modSecurityConfigFile = "$modSecurityConfigDir\modsecurity_iis.conf" + + $crsRules = @( + "Include coreruleset/crs-setup.conf", + "Include coreruleset/rules/*.conf", + "Include coreruleset/plugins/*-config.conf", + "Include coreruleset/plugins/*-before.conf", + "Include coreruleset/rules/*.conf", + "Include coreruleset/plugins/*-after.conf" + ) + + Add-Content -Path $modSecurityConfigFile -Value $crsRules + + (Get-Content -Path $modSecurityConfigDir\modsecurity.conf) -replace 'SecRuleEngine DetectionOnly', 'SecRuleEngine On' | Set-Content -Path $modSecurityConfigDir\modsecurity.conf + + } + catch { + Write-Error "Failed to install OWASP Core Rules: $($_.Exception.Message)" + exit 1 + } + - name: Test IIS Module shell: pwsh run: | - curl -I http://localhost/ - Get-EventLog -LogName Application -Newest 10 \ No newline at end of file + $iisConfigDir = "C:\Program Files\ModSecurity IIS\" + + Restart-Service W3SVC -Force + + $modules = & "$env:SystemRoot\system32\inetsrv\appcmd.exe" list modules + if ($LASTEXITCODE -ne 0) { + Write-Error "appcmd failed with exit code $LASTEXITCODE" + exit 1 + } + + if (-not ($modules -match "ModSecurity")) { + Write-Error "ModSecurity module not found in IIS modules" + Write-Host "IIS modules: $modules" + exit 1 + } + + $testCases = @( + @{Url = "http://localhost/"; Description = "Normal request"; ExpectedCode = 200}, + @{Url = "http://localhost/?id=1' OR '1'='1"; Description = "SQL injection attempt"; ExpectedCode = 403}, + @{Url = "http://localhost/?q="; Description = "XSS attempt"; ExpectedCode = 403} + ) + + foreach ($test in $testCases) { + try { + $response = Invoke-WebRequest $test.Url -UseBasicParsing -SkipHttpErrorCheck -TimeoutSec 30 + + if ($response.StatusCode -eq $test.ExpectedCode) { + Write-Host "PASS: $($test.Description) - returned $($response.StatusCode)" + } + else { + Write-Host "FAIL: $($test.Description) - expected $($test.ExpectedCode) but got $($response.StatusCode)" + } + } + catch { + Write-Host "ERROR: $($test.Description) - request failed: $($_.Exception.Message)" + } + } + + + # Check event log + $badMessagePattern = 'Failed to find the RegisterModule entrypoint|The description for Event ID|The data is the error|dll failed to load' + + $events = Get-EventLog -LogName Application -Newest 100 | + Where-Object { $_.Message -match $badMessagePattern } | + Where-Object { $_.Source -match 'IIS|W3SVC|mscor|IIS-W3SVC|IIS-W3WP|ModSecurity' } + + if ($events -and $events.Count -gt 0) { + Write-Host '::error:: Found errors in event log' + $events | Select-Object TimeGenerated, Source, EntryType, EventID, Message | Format-List + Exit 1 + } \ No newline at end of file From e9a9850c46bce5534c92e433b65d5fd83b5e28b6 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sun, 21 Sep 2025 21:40:52 +0800 Subject: [PATCH 39/52] there there --- .github/workflows/test-ci-windows.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 412b4c0f8..14d9f238c 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -158,7 +158,7 @@ jobs: - name: Checkout code uses: actions/checkout@v5 - - name: Install MSI + - name: Download MSI files uses: actions/download-artifact@v4 with: name: modsecurityiis-installers @@ -294,4 +294,6 @@ jobs: Write-Host '::error:: Found errors in event log' $events | Select-Object TimeGenerated, Source, EntryType, EventID, Message | Format-List Exit 1 - } \ No newline at end of file + } + + Get-EventLog -LogName Application -Source ModSecurity -Newest 10 \ No newline at end of file From 691617b5ae912f35c6fb7ff3f7a1baf69015627a Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Mon, 22 Sep 2025 17:37:19 +0800 Subject: [PATCH 40/52] try to fix ipv6 --- iis/mymodule.cpp | 112 ++++++++++++++++++++++++++++------------------- 1 file changed, 67 insertions(+), 45 deletions(-) diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index e9d5ce376..d4bec9ba1 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -17,6 +17,9 @@ #undef inline #define inline inline +#include "winsock2.h" +#include + // IIS7 Server API header file #include #include @@ -30,8 +33,6 @@ #include "api.h" #include "moduleconfig.h" -#include "winsock2.h" - class REQUEST_STORED_CONTEXT : public IHttpStoredContext { @@ -90,63 +91,84 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - const char *format = "%15[0-9.]:%5[0-9]"; - char ip[16] = { 0 }; // ip4 addresses have max len 15 - char port[6] = { 0 }; // port numbers are 16bit, ie 5 digits max - - DWORD len = 50; - char *buf = (char *)apr_palloc(pool, len); - - if(buf == NULL) + if (pAddr == NULL) { return ""; + } - buf[0] = 0; - - WSAAddressToString(pAddr, sizeof(SOCKADDR), NULL, buf, &len); + char ipbuf[INET6_ADDRSTRLEN] = {0}; + const char *res = ""; - // test for IPV4 with port on the end - if (sscanf(buf, format, ip, port) == 2) { - // IPV4 but with port - remove the port - char* input = ":"; - char* ipv4 = strtok(buf, input); - return ipv4; + switch (pAddr->sa_family) { + case AF_INET: + { + SOCKADDR_IN *sin = (SOCKADDR_IN *)pAddr; + if (InetNtopA(AF_INET, &sin->sin_addr, ipbuf, sizeof(ipbuf)) != NULL) { + res = (const char *)apr_pstrdup(pool, ipbuf); + } else { + res = ""; + } + } + break; + case AF_INET6: + { + SOCKADDR_IN6 *sin6 = (SOCKADDR_IN6 *)pAddr; + if (InetNtopA(AF_INET6, &sin6->sin6_addr, ipbuf, sizeof(ipbuf)) != NULL) { + res = (const char *)apr_pstrdup(pool, ipbuf); + } else { + res = ""; + } + } + break; + default: + res = ""; + break; } - return buf; + return (char *)res; } apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); - int adrlen = 16, iplen = 4; + apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); - if(pAddr->sa_family == AF_INET6) - { - adrlen = 46; - iplen = 16; + addr->pool = pool; + addr->hostname = "unknown"; + addr->servname = addr->hostname; + addr->family = AF_UNSPEC; + addr->addr_str_len = 0; + addr->ipaddr_len = 0; + addr->ipaddr_ptr = NULL; + addr->salen = 0; + addr->port = 0; + + if (pAddr == NULL) { + return addr; } - addr->addr_str_len = adrlen; addr->family = pAddr->sa_family; - addr->hostname = "unknown"; -#ifdef WIN32 - addr->ipaddr_len = sizeof(IN_ADDR); -#else - addr->ipaddr_len = sizeof(struct in_addr); -#endif - addr->ipaddr_ptr = &addr->sa.sin.sin_addr; - addr->pool = pool; - addr->port = 80; -#ifdef WIN32 - memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); -#else - memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); -#endif - addr->sa.sin.sin_family = pAddr->sa_family; - addr->sa.sin.sin_port = 80; - addr->salen = sizeof(addr->sa); - addr->servname = addr->hostname; + if (pAddr->sa_family == AF_INET) { + SOCKADDR_IN *sin = (SOCKADDR_IN *)pAddr; + addr->addr_str_len = INET_ADDRSTRLEN; + addr->ipaddr_len = sizeof(struct in_addr); + addr->ipaddr_ptr = &addr->sa.sin.sin_addr; + addr->sa.sin.sin_family = AF_INET; + addr->sa.sin.sin_port = sin->sin_port; /* keep network byte order */ + /* copy address */ + memcpy(&addr->sa.sin.sin_addr, &sin->sin_addr, sizeof(struct in_addr)); + addr->salen = sizeof(addr->sa); + addr->port = ntohs(sin->sin_port); + } else if (pAddr->sa_family == AF_INET6) { + SOCKADDR_IN6 *sin6 = (SOCKADDR_IN6 *)pAddr; + addr->addr_str_len = INET6_ADDRSTRLEN; + addr->ipaddr_len = sizeof(struct in6_addr); + addr->ipaddr_ptr = &addr->sa.sin6.sin6_addr; + addr->sa.sin6.sin6_family = AF_INET6; + addr->sa.sin6.sin6_port = sin6->sin6_port; + memcpy(&addr->sa.sin6.sin6_addr, &sin6->sin6_addr, sizeof(struct in6_addr)); + addr->salen = sizeof(addr->sa); + addr->port = ntohs(sin6->sin6_port); + } return addr; } From e67f3a4fe607282545e53c5b493d725fef57a82b Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Mon, 22 Sep 2025 17:49:28 +0800 Subject: [PATCH 41/52] why config error --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 14d9f238c..38cd8136f 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -296,4 +296,4 @@ jobs: Exit 1 } - Get-EventLog -LogName Application -Source ModSecurity -Newest 10 \ No newline at end of file + Get-EventLog -LogName Application -Source ModSecurity | Format-List \ No newline at end of file From 5320e3601548077ee8823964b7d09b3105cc6ebd Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Mon, 22 Sep 2025 18:06:50 +0800 Subject: [PATCH 42/52] fix include --- .github/workflows/test-ci-windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 38cd8136f..d2c0eb272 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -224,7 +224,6 @@ jobs: $crsRules = @( "Include coreruleset/crs-setup.conf", - "Include coreruleset/rules/*.conf", "Include coreruleset/plugins/*-config.conf", "Include coreruleset/plugins/*-before.conf", "Include coreruleset/rules/*.conf", From c0dc37f484d00f45484c769a8a166f66debfb11b Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Mon, 22 Sep 2025 18:06:50 +0800 Subject: [PATCH 43/52] mujiansu --- .github/workflows/test-ci-windows.yml | 1 - iis/mymodule.cpp | 50 +++++++++------------------ 2 files changed, 16 insertions(+), 35 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 38cd8136f..d2c0eb272 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -224,7 +224,6 @@ jobs: $crsRules = @( "Include coreruleset/crs-setup.conf", - "Include coreruleset/rules/*.conf", "Include coreruleset/plugins/*-config.conf", "Include coreruleset/plugins/*-before.conf", "Include coreruleset/rules/*.conf", diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index d4bec9ba1..7e29933b0 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -91,40 +91,22 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - if (pAddr == NULL) { - return ""; - } - - char ipbuf[INET6_ADDRSTRLEN] = {0}; - const char *res = ""; - - switch (pAddr->sa_family) { - case AF_INET: - { - SOCKADDR_IN *sin = (SOCKADDR_IN *)pAddr; - if (InetNtopA(AF_INET, &sin->sin_addr, ipbuf, sizeof(ipbuf)) != NULL) { - res = (const char *)apr_pstrdup(pool, ipbuf); - } else { - res = ""; - } - } - break; - case AF_INET6: - { - SOCKADDR_IN6 *sin6 = (SOCKADDR_IN6 *)pAddr; - if (InetNtopA(AF_INET6, &sin6->sin6_addr, ipbuf, sizeof(ipbuf)) != NULL) { - res = (const char *)apr_pstrdup(pool, ipbuf); - } else { - res = ""; - } - } - break; - default: - res = ""; - break; - } - - return (char *)res; + if (pAddr == NULL) { + return ""; + } + + DWORD addrSize = pAddr->sa_family == AF_INET ? sizeof(SOCKADDR_IN) : sizeof(SOCKADDR_IN6); + char* buf = (char*)apr_palloc(pool, NI_MAXHOST); + if (buf == NULL) { + return ""; + } + buf[0] = '\0'; + + if (GetNameInfo(pAddr, addrSize, buf, NI_MAXHOST, NULL, 0, NI_NUMERICHOST) != 0) { + return ""; + } + + return buf; } apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) From 65546f0a191be894f0a14cf30d915587f89e0f42 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Tue, 21 Oct 2025 00:02:29 +0800 Subject: [PATCH 44/52] fix: SonarCloud issues --- .github/workflows/test-ci-windows.yml | 3 +++ iis/mymodule.cpp | 23 +++++++++++------------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index d2c0eb272..405a1186e 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -84,6 +84,8 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} prefix: vcpkg-iis-module-${{ matrix.arch }}/ + - uses: ammaraskar/msvc-problem-matcher@master + - name: Configure CMake for IIS Module env: VCPKG_FEATURE_FLAGS: "binarycaching" @@ -248,6 +250,7 @@ jobs: Restart-Service W3SVC -Force $modules = & "$env:SystemRoot\system32\inetsrv\appcmd.exe" list modules + Write-Host "IIS modules: $modules" if ($LASTEXITCODE -ne 0) { Write-Error "appcmd failed with exit code $LASTEXITCODE" exit 1 diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index 7e29933b0..dfaee4b2c 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -18,7 +18,6 @@ #define inline inline #include "winsock2.h" -#include // IIS7 Server API header file #include @@ -91,19 +90,19 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - if (pAddr == NULL) { - return ""; + if (pAddr == nullptr) { + return apr_pstrdup(pool, ""); } DWORD addrSize = pAddr->sa_family == AF_INET ? sizeof(SOCKADDR_IN) : sizeof(SOCKADDR_IN6); - char* buf = (char*)apr_palloc(pool, NI_MAXHOST); - if (buf == NULL) { - return ""; + auto buf = (char*)apr_palloc(pool, NI_MAXHOST); + if (buf == nullptr) { + return apr_pstrdup(pool, ""); } buf[0] = '\0'; - if (GetNameInfo(pAddr, addrSize, buf, NI_MAXHOST, NULL, 0, NI_NUMERICHOST) != 0) { - return ""; + if (GetNameInfo(pAddr, addrSize, buf, NI_MAXHOST, nullptr, 0, NI_NUMERICHOST) != 0) { + return apr_pstrdup(pool, ""); } return buf; @@ -119,18 +118,18 @@ apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) addr->family = AF_UNSPEC; addr->addr_str_len = 0; addr->ipaddr_len = 0; - addr->ipaddr_ptr = NULL; + addr->ipaddr_ptr = nullptr; addr->salen = 0; addr->port = 0; - if (pAddr == NULL) { + if (pAddr == nullptr) { return addr; } addr->family = pAddr->sa_family; if (pAddr->sa_family == AF_INET) { - SOCKADDR_IN *sin = (SOCKADDR_IN *)pAddr; + auto sin = (SOCKADDR_IN *)pAddr; addr->addr_str_len = INET_ADDRSTRLEN; addr->ipaddr_len = sizeof(struct in_addr); addr->ipaddr_ptr = &addr->sa.sin.sin_addr; @@ -141,7 +140,7 @@ apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) addr->salen = sizeof(addr->sa); addr->port = ntohs(sin->sin_port); } else if (pAddr->sa_family == AF_INET6) { - SOCKADDR_IN6 *sin6 = (SOCKADDR_IN6 *)pAddr; + auto sin6 = (SOCKADDR_IN6 *)pAddr; addr->addr_str_len = INET6_ADDRSTRLEN; addr->ipaddr_len = sizeof(struct in6_addr); addr->ipaddr_ptr = &addr->sa.sin6.sin6_addr; From 6f53e50297a4c2dab133a7779d17fcf038726b48 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Tue, 21 Oct 2025 01:09:01 +0800 Subject: [PATCH 45/52] build: add ftw cloud test --- .github/workflows/test-ci-windows.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 405a1186e..f4fa32c75 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -298,4 +298,14 @@ jobs: Exit 1 } - Get-EventLog -LogName Application -Source ModSecurity | Format-List \ No newline at end of file + Get-EventLog -LogName Application -Source ModSecurity | Format-List + + - name: Test ModSecurity Rules + shell: pwsh + run: | + $testRuleDir = "C:\Program Files\ModSecurity IIS\coreruleset\tests\regression\tests" + + go install github.com/coreruleset/go-ftw@latest + cd go\bin + & go-ftw.exe -d $testRuleDir --cloud -e 920380-1 --show-failures-only + From e6192b8056ccc9c10d19056348c0294304348e64 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Tue, 21 Oct 2025 01:31:22 +0800 Subject: [PATCH 46/52] fix: go bin location --- .github/workflows/test-ci-windows.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index f4fa32c75..35614cb78 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -306,6 +306,13 @@ jobs: $testRuleDir = "C:\Program Files\ModSecurity IIS\coreruleset\tests\regression\tests" go install github.com/coreruleset/go-ftw@latest - cd go\bin - & go-ftw.exe -d $testRuleDir --cloud -e 920380-1 --show-failures-only + $goBinPath = "" + if ($env:GOBIN) { + $goBinPath = $env:GOBIN + } elseif ($env:GOPATH) { + $goBinPath = Join-Path $env:GOPATH "bin" + } else { + $goBinPath = Join-Path $env:USERPROFILE "go\bin" + } + & "$goBinPath\go-ftw.exe" -d $testRuleDir --cloud -e 920380-1 --show-failures-only From fa4166ffd97b6798414ea3846c330f09653d2fad Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Tue, 21 Oct 2025 01:45:17 +0800 Subject: [PATCH 47/52] fix: go-ftw command --- .github/workflows/test-ci-windows.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 35614cb78..adc5a874f 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -300,12 +300,15 @@ jobs: Get-EventLog -LogName Application -Source ModSecurity | Format-List + - name: Install go-ftw + shell: pwsh + run: | + go install github.com/coreruleset/go-ftw@latest + - name: Test ModSecurity Rules shell: pwsh run: | $testRuleDir = "C:\Program Files\ModSecurity IIS\coreruleset\tests\regression\tests" - - go install github.com/coreruleset/go-ftw@latest $goBinPath = "" if ($env:GOBIN) { $goBinPath = $env:GOBIN @@ -314,5 +317,6 @@ jobs: } else { $goBinPath = Join-Path $env:USERPROFILE "go\bin" } - & "$goBinPath\go-ftw.exe" -d $testRuleDir --cloud -e 920380-1 --show-failures-only + + & "$goBinPath\go-ftw.exe" run -d $testRuleDir --cloud -e 920380-1 --show-failures-only From 7eca5bb06d39881c5190e33ba884fd450f0afb00 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Thu, 23 Oct 2025 00:16:50 +0800 Subject: [PATCH 48/52] fix: testing error --- .github/workflows/test-ci-windows.yml | 31 +++++--- iis/CMakeLists.txt | 15 +--- iis/mymodule.cpp | 105 +++++++++++++------------- 3 files changed, 75 insertions(+), 76 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index adc5a874f..070ce361b 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -13,6 +13,7 @@ jobs: strategy: matrix: arch: [x86, x64] + config: [Release, RelWithDebInfo] runs-on: windows-latest # For Caching @@ -39,6 +40,10 @@ jobs: run: | echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + # Original Make file contain comment build script for ssdeep, + # which is rely on MSYS2, so we need to install MSYS2. + # If it's enabled, it need msys2 library for ssdeep. + # - name: Setup MSYS2 # uses: msys2/setup-msys2@v2 # with: @@ -103,7 +108,7 @@ jobs: -A $cmakeArch ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` - -S IIS -B "iis\build-${{ matrix.arch }}" + -S IIS -B "iis\build" # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` # -DWITH_SSDEEP=ON ` @@ -111,17 +116,20 @@ jobs: - name: Build IIS Module shell: pwsh run: | - cmake --build "iis\build-${{ matrix.arch }}" --config Release + cmake --build "iis\build" --config ${{ matrix.config }} - name: Upload artifacts uses: actions/upload-artifact@v4 with: - name: iis-module-${{ matrix.arch }} - path: iis/build-${{ matrix.arch }}/Release/ + name: iis-module-${{ matrix.arch }}-${{ matrix.config }} + path: iis/build/${{ matrix.config }}/ package: needs: build runs-on: windows-latest + strategy: + matrix: + config: [Release, RelWithDebInfo] steps: - name: Checkout code uses: actions/checkout@v5 @@ -129,13 +137,13 @@ jobs: - name: Download x64 artifacts uses: actions/download-artifact@v4 with: - name: iis-module-x64 + name: iis-module-x64-${{ matrix.config }} path: iis/release/amd64/ - name: Download x86 artifacts uses: actions/download-artifact@v4 with: - name: iis-module-x86 + name: iis-module-x86-${{ matrix.config }} path: iis/release/x86/ - name: Generate MSI files @@ -150,12 +158,15 @@ jobs: - name: Upload artifacts uses: actions/upload-artifact@v4 with: - name: modsecurityiis-installers + name: modsecurityiis-installers-${{ matrix.config }} path: iis/modsecurityiis.msi test: needs: package runs-on: windows-latest + strategy: + matrix: + config: [Release, RelWithDebInfo] steps: - name: Checkout code uses: actions/checkout@v5 @@ -163,8 +174,8 @@ jobs: - name: Download MSI files uses: actions/download-artifact@v4 with: - name: modsecurityiis-installers - path: ${{ github.workspace }}\ + name: modsecurityiis-installers-${{ matrix.config }} + path: ${{ github.workspace }}/ - name: Install MSI shell: pwsh @@ -318,5 +329,5 @@ jobs: $goBinPath = Join-Path $env:USERPROFILE "go\bin" } - & "$goBinPath\go-ftw.exe" run -d $testRuleDir --cloud -e 920380-1 --show-failures-only + & "$goBinPath\go-ftw.exe" run -d $testRuleDir --cloud -e "920100-2$|920100-4$|920100-8$|920100-12$|920272-5$|920290-1$|920620-1$|920380-1$" --show-failures-only diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index abd2229a6..c65dd14d1 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -175,8 +175,6 @@ endif() # Compile definitions to match the original Makefile.win set(MODSECURITY_VERSION_FLAG "VERSION_IIS") # Define the version flag string target_compile_definitions(${IIS_MODULE_NAME} PRIVATE - WIN32 - WINNT inline=APR_INLINE AP_DECLARE_STATIC WITH_CURL @@ -198,11 +196,11 @@ option(WITH_YAJL "Enable YAJL support" OFF) if(WITH_YAJL) # Manually find YAJL if config.cmake is not available (e.g., from vcpkg) find_path(YAJL_INCLUDE_DIR yajl/yajl_common.h - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/include" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/include" NO_DEFAULT_PATH ) find_library(YAJL_LIBRARY NAMES yajl - PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build-${ARCHITECTURE}/vcpkg_installed/${ARCHITECTURE}-windows/lib" + PATHS "${CMAKE_CURRENT_SOURCE_DIR}/build/vcpkg_installed/${ARCHITECTURE}-windows/lib" NO_DEFAULT_PATH ) @@ -281,17 +279,10 @@ endif() if(MSVC) target_compile_options(${IIS_MODULE_NAME} PRIVATE /nologo - /O2 /W3 /wd4244 /wd4018 - /MD - /Zi - ) - - # Linker options to match the original Makefile.win - set_target_properties(${IIS_MODULE_NAME} PROPERTIES - LINK_FLAGS "/DEBUG /OPT:REF /OPT:ICF" + ) endif() diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index dfaee4b2c..98863fdc2 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -17,8 +17,6 @@ #undef inline #define inline inline -#include "winsock2.h" - // IIS7 Server API header file #include #include @@ -32,6 +30,8 @@ #include "api.h" #include "moduleconfig.h" +#include "winsock2.h" + class REQUEST_STORED_CONTEXT : public IHttpStoredContext { @@ -90,66 +90,63 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - if (pAddr == nullptr) { - return apr_pstrdup(pool, ""); - } - - DWORD addrSize = pAddr->sa_family == AF_INET ? sizeof(SOCKADDR_IN) : sizeof(SOCKADDR_IN6); - auto buf = (char*)apr_palloc(pool, NI_MAXHOST); - if (buf == nullptr) { - return apr_pstrdup(pool, ""); - } - buf[0] = '\0'; - - if (GetNameInfo(pAddr, addrSize, buf, NI_MAXHOST, nullptr, 0, NI_NUMERICHOST) != 0) { - return apr_pstrdup(pool, ""); - } - - return buf; + const char *format = "%15[0-9.]:%5[0-9]"; + char ip[16] = { 0 }; // ip4 addresses have max len 15 + char port[6] = { 0 }; // port numbers are 16bit, ie 5 digits max + + DWORD len = 50; + char *buf = (char *)apr_palloc(pool, len); + + if(buf == NULL) + return ""; + + buf[0] = 0; + + WSAAddressToString(pAddr, sizeof(SOCKADDR), NULL, buf, &len); + + // test for IPV4 with port on the end + if (sscanf(buf, format, ip, port) == 2) { + // IPV4 but with port - remove the port + char* input = ":"; + char* ipv4 = strtok(buf, input); + return ipv4; + } + + return buf; } apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); + apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); + int adrlen = 16, iplen = 4; - addr->pool = pool; - addr->hostname = "unknown"; - addr->servname = addr->hostname; - addr->family = AF_UNSPEC; - addr->addr_str_len = 0; - addr->ipaddr_len = 0; - addr->ipaddr_ptr = nullptr; - addr->salen = 0; - addr->port = 0; - - if (pAddr == nullptr) { - return addr; + if(pAddr->sa_family == AF_INET6) + { + adrlen = 46; + iplen = 16; } + addr->addr_str_len = adrlen; addr->family = pAddr->sa_family; - if (pAddr->sa_family == AF_INET) { - auto sin = (SOCKADDR_IN *)pAddr; - addr->addr_str_len = INET_ADDRSTRLEN; - addr->ipaddr_len = sizeof(struct in_addr); - addr->ipaddr_ptr = &addr->sa.sin.sin_addr; - addr->sa.sin.sin_family = AF_INET; - addr->sa.sin.sin_port = sin->sin_port; /* keep network byte order */ - /* copy address */ - memcpy(&addr->sa.sin.sin_addr, &sin->sin_addr, sizeof(struct in_addr)); - addr->salen = sizeof(addr->sa); - addr->port = ntohs(sin->sin_port); - } else if (pAddr->sa_family == AF_INET6) { - auto sin6 = (SOCKADDR_IN6 *)pAddr; - addr->addr_str_len = INET6_ADDRSTRLEN; - addr->ipaddr_len = sizeof(struct in6_addr); - addr->ipaddr_ptr = &addr->sa.sin6.sin6_addr; - addr->sa.sin6.sin6_family = AF_INET6; - addr->sa.sin6.sin6_port = sin6->sin6_port; - memcpy(&addr->sa.sin6.sin6_addr, &sin6->sin6_addr, sizeof(struct in6_addr)); - addr->salen = sizeof(addr->sa); - addr->port = ntohs(sin6->sin6_port); - } + addr->hostname = "unknown"; +#ifdef WIN32 + addr->ipaddr_len = sizeof(IN_ADDR); +#else + addr->ipaddr_len = sizeof(struct in_addr); +#endif + addr->ipaddr_ptr = &addr->sa.sin.sin_addr; + addr->pool = pool; + addr->port = 80; +#ifdef WIN32 + memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); +#else + memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); +#endif + addr->sa.sin.sin_family = pAddr->sa_family; + addr->sa.sin.sin_port = 80; + addr->salen = sizeof(addr->sa); + addr->servname = addr->hostname; return addr; } @@ -1324,4 +1321,4 @@ BOOL CMyHttpModule::WriteEventViewerLog(LPCSTR szNotification, WORD category) NULL, 1, 0, &szNotification, NULL ); } return FALSE; -} +} \ No newline at end of file From c85d3997805540a1f7dd56ca704499c584391b82 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Thu, 23 Oct 2025 01:25:12 +0800 Subject: [PATCH 49/52] fix: version number --- .github/workflows/test-ci-windows.yml | 2 +- iis/installer.wxs | 22 +++++++++++----------- iis/mymodule.cpp | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 070ce361b..891707616 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -12,7 +12,7 @@ jobs: build: strategy: matrix: - arch: [x86, x64] + arch: [x64, x86] config: [Release, RelWithDebInfo] runs-on: windows-latest diff --git a/iis/installer.wxs b/iis/installer.wxs index 7f134bea3..240db63e2 100644 --- a/iis/installer.wxs +++ b/iis/installer.wxs @@ -7,7 +7,7 @@ lightArgs: --> - + @@ -25,11 +25,11 @@ - + - + @@ -89,18 +89,18 @@ - + - + - + - + VersionNT64 @@ -108,9 +108,9 @@ - + - + @@ -152,7 +152,7 @@ - + @@ -194,7 +194,7 @@ - + diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index 98863fdc2..e9d5ce376 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -1321,4 +1321,4 @@ BOOL CMyHttpModule::WriteEventViewerLog(LPCSTR szNotification, WORD category) NULL, 1, 0, &szNotification, NULL ); } return FALSE; -} \ No newline at end of file +} From b4e245e4103ba7c4eccf38ad677b694465452ce8 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 25 Oct 2025 00:20:32 +0800 Subject: [PATCH 50/52] build: Enable ssdeep and revert Version --- .github/workflows/test-ci-windows.yml | 82 +++++++++----------- iis/.gitignore | 1 + iis/CMakeLists.txt | 65 ++++------------ iis/installer.wxs | 2 +- iis/mymodule.cpp | 103 +++++++++++++------------- 5 files changed, 106 insertions(+), 147 deletions(-) create mode 100644 iis/.gitignore diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index 891707616..f616b48bc 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -2,11 +2,7 @@ name: CI/CD for IIS Module on: push: - branches: - - v2/test-ci-windows pull_request: - branches: - - v2/test-ci-windows jobs: build: @@ -39,48 +35,42 @@ jobs: shell: pwsh run: | echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - - # Original Make file contain comment build script for ssdeep, - # which is rely on MSYS2, so we need to install MSYS2. - # If it's enabled, it need msys2 library for ssdeep. - # - name: Setup MSYS2 - # uses: msys2/setup-msys2@v2 - # with: - # msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} - # update: true - # install: > - # git - # make - # autoconf - # automake - # libtool - # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} - # ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} - - # - name: Clone and build ssdeep - # shell: msys2 {0} - # run: | - # MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') - # echo "Converted workspace path: $MSYS2_WORKSPACE" - - # git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 - # cd ssdeep - # autoreconf -i + - name: Setup MSYS2 + uses: msys2/setup-msys2@v2 + with: + msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} + update: true + install: > + git + make + autoconf + automake + libtool + ${{ matrix.arch == 'x86' && 'mingw-w64-i686-gcc' || 'mingw-w64-ucrt-x86_64-gcc' }} + ${{ matrix.arch == 'x86' && 'mingw-w64-i686-pkg-config' || 'mingw-w64-ucrt-x86_64-pkg-config' }} + + - name: Clone and build ssdeep + shell: msys2 {0} + run: | + MSYS2_WORKSPACE=$(cygpath -u '${{ github.workspace }}') + + git clone https://github.com/ssdeep-project/ssdeep.git --depth 1 + cd ssdeep + autoreconf -i - # if [ "${{ matrix.arch }}" = "x86" ]; then - # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 - # else - # ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" - # fi + if [ "${{ matrix.arch }}" = "x86" ]; then + ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" --build=i686-pc-mingw32 + else + ./configure --enable-shared --disable-static CFLAGS="-O3" CXXFLAGS="-O3" + fi - # make dll + make dll - # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin" - # mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include" - # cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/bin/" - # cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/include/" - # cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install-${{ matrix.arch }}/" + mkdir -p "${MSYS2_WORKSPACE}/ssdeep-install/" + cp -v fuzzy.dll "${MSYS2_WORKSPACE}/ssdeep-install/" + cp -v fuzzy.h "${MSYS2_WORKSPACE}/ssdeep-install/" + cp -v fuzzy.def "${MSYS2_WORKSPACE}/ssdeep-install/" - name: Restore vcpkg cache id: vcpkg-cache @@ -105,14 +95,13 @@ jobs: -DAPACHE_ROOT="$env:APACHE_ROOT" ` -DCMAKE_INSTALL_PREFIX="${{ github.workspace }}\iis\release\$installDir" ` -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ` + -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install" ` + -DWITH_SSDEEP=ON ` -A $cmakeArch ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` -S IIS -B "iis\build" - # -DSSDEEP_ROOT="${{ github.workspace }}\ssdeep-install-${{ matrix.arch }}" ` - # -DWITH_SSDEEP=ON ` - - name: Build IIS Module shell: pwsh run: | @@ -316,6 +305,9 @@ jobs: run: | go install github.com/coreruleset/go-ftw@latest + # Certain rules are disabled due to specific IIS behavior patterns. + # Using go-ftw in cloud mode as the IIS connector does not generate logs in file format. + # Technically, Event logs can be streamed to files, but this requires implementing rate limits to avoid log overflow. - name: Test ModSecurity Rules shell: pwsh run: | diff --git a/iis/.gitignore b/iis/.gitignore new file mode 100644 index 000000000..d16386367 --- /dev/null +++ b/iis/.gitignore @@ -0,0 +1 @@ +build/ \ No newline at end of file diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index c65dd14d1..fe5e1d0f5 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -7,10 +7,8 @@ find_package(PCRE2 CONFIG REQUIRED) find_package(CURL CONFIG REQUIRED) find_package(APR CONFIG REQUIRED) -# iis/CMakeLists.txt -set(IIS_MODULE_NAME "modsecurityiis") # Name should match the original output +set(IIS_MODULE_NAME "modsecurityiis") -# Source files for IIS module (reusing Apache sources) set(IIS_APACHE_SOURCES ../apache2/mod_security2.c ../apache2/apache2_config.c @@ -46,7 +44,6 @@ set(IIS_APACHE_SOURCES ../apache2/libinjection/libinjection_xss.c ) -# Source files for standalone components (if they exist in the project) set(IIS_STANDALONE_SOURCES ../standalone/api.c ../standalone/buckets.c @@ -57,18 +54,12 @@ set(IIS_STANDALONE_SOURCES ../standalone/server.c ) -# Determine architecture if(CMAKE_SIZEOF_VOID_P EQUAL 8) set(ARCHITECTURE "x64") else() set(ARCHITECTURE "x86") endif() -# Check if standalone directory exists, if not, exclude those sources -if(NOT EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/../standalone) - set(IIS_STANDALONE_SOURCES "") -endif() - set(IIS_RESOURCE_MC "${CMAKE_CURRENT_SOURCE_DIR}/ModSecurityIISMessage.mc") set(MC_GENERATED_RC "${CMAKE_CURRENT_BINARY_DIR}/ModSecurityIISMessage.rc") @@ -110,27 +101,19 @@ set_target_properties(${IIS_MODULE_NAME} PROPERTIES SUFFIX ".dll" ) -# Include directories target_include_directories(${IIS_MODULE_NAME} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/.. ${CMAKE_CURRENT_SOURCE_DIR}/../apache2 ${CMAKE_CURRENT_SOURCE_DIR}/../apache2/libinjection ${LIBXML2_INCLUDE_DIR}/libxml + ${CMAKE_CURRENT_SOURCE_DIR}/../standalone ${PCRE2_INCLUDE_DIRS} ${CURL_INCLUDE_DIRS} ${APR_INCLUDE_DIRS} ${CMAKE_CURRENT_BINARY_DIR} ) -# Include standalone directory if it exists -if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/../standalone) - target_include_directories(${IIS_MODULE_NAME} PRIVATE - ${CMAKE_CURRENT_SOURCE_DIR}/../standalone - ) -endif() - -# Apache-specific includes if(APACHE_ROOT) if(NOT EXISTS "${APACHE_ROOT}") message(FATAL_ERROR "APACHE_ROOT is defined but the directory '${APACHE_ROOT}' does not exist. Please set APACHE_ROOT to a valid Apache installation directory.") @@ -172,7 +155,6 @@ if(APACHE_ROOT) ) endif() -# Compile definitions to match the original Makefile.win set(MODSECURITY_VERSION_FLAG "VERSION_IIS") # Define the version flag string target_compile_definitions(${IIS_MODULE_NAME} PRIVATE inline=APR_INLINE @@ -181,11 +163,10 @@ target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_REMOTE_RULES MSC_LARGE_STREAM_INPUT WITH_YAJL - ${MODSECURITY_VERSION_FLAG} # Use the defined version flag + ${MODSECURITY_VERSION_FLAG} ) option(WITH_LUA "Enable Lua support" OFF) -# Optional compile definitions if(WITH_LUA) find_package(Lua CONFIG REQUIRED) target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_LUA) @@ -211,30 +192,26 @@ if(WITH_YAJL) target_include_directories(${IIS_MODULE_NAME} PRIVATE ${YAJL_INCLUDE_DIRS}) else() message(WARNING "YAJL not found. YAJL_INCLUDE_DIR: '${YAJL_INCLUDE_DIR}', YAJL_LIBRARY: '${YAJL_LIBRARY}'. Please ensure yajl is installed via vcpkg in the vcpkg_installed directory. Disabling YAJL support.") - option(WITH_YAJL "Enable YAJL support" OFF) # Disable if not found + option(WITH_YAJL "Enable YAJL support" OFF) endif() endif() option(WITH_SSDEEP "Enable SSDEEP support" OFF) if(WITH_SSDEEP) - set(SSDEEP_ROOT "" CACHE PATH "Path to manually built ssdeep") - if(NOT SSDEEP_ROOT OR NOT EXISTS "${SSDEEP_ROOT}") + if(NOT EXISTS "${SSDEEP_ROOT}") message(WARNING "SSDEEP_ROOT is not defined or path does not exist. Current SSDEEP_ROOT: '${SSDEEP_ROOT}'. Please set SSDEEP_ROOT to the ssdeep installation directory. Disabling SSDEEP support.") set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) else() file(TO_CMAKE_PATH "${SSDEEP_ROOT}" SSDEEP_ROOT) - message(STATUS "SSDEEP_ROOT: ${SSDEEP_ROOT}") - find_path(SSDEEP_INCLUDE_DIR fuzzy.h - PATHS "${SSDEEP_ROOT}/include" + PATHS "${SSDEEP_ROOT}" NO_DEFAULT_PATH ) if(SSDEEP_INCLUDE_DIR) - message(STATUS "Found manually built ssdeep include: ${SSDEEP_INCLUDE_DIR}") target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_SSDEEP) target_include_directories(${IIS_MODULE_NAME} PRIVATE ${SSDEEP_INCLUDE_DIR}) @@ -244,7 +221,7 @@ if(WITH_SSDEEP) set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) else() set(SSDEEP_GENERATED_LIB "${CMAKE_CURRENT_BINARY_DIR}/fuzzy.lib") - set(SSDEEP_GENERATED_dll "${CMAKE_CURRENT_BINARY_DIR}/bin/fuzzy.dll") + set(SSDEEP_GENERATED_dll "${CMAKE_CURRENT_BINARY_DIR}/fuzzy.dll") add_custom_command( OUTPUT ${SSDEEP_GENERATED_LIB} @@ -271,43 +248,30 @@ if(WITH_SSDEEP) ) endif() + else() + message(WARNING "fuzzy.h not found at ${SSDEEP_INCLUDE_DIR}. Disabling SSDEEP support.") + set(WITH_SSDEEP OFF CACHE BOOL "Enable SSDEEP support" FORCE) endif() endif() endif() -# Compiler-specific options for MSVC to match the original Makefile.win if(MSVC) target_compile_options(${IIS_MODULE_NAME} PRIVATE /nologo /W3 /wd4244 /wd4018 - ) endif() -# Link libraries to match the original Makefile.win target_link_libraries(${IIS_MODULE_NAME} PRIVATE LibXml2::LibXml2 PCRE2::8BIT CURL::libcurl - kernel32 - user32 - gdi32 - winspool - comdlg32 - advapi32 - shell32 - ole32 - oleaut32 - uuid - odbc32 - odbccp32 ws2_32 iphlpapi ) -# Apache-specific libraries if(APACHE_ROOT) target_link_libraries(${IIS_MODULE_NAME} PRIVATE Apache::httpd @@ -319,7 +283,6 @@ else() message(WARNING "APACHE_ROOT is not defined or path does not exist. Current APACHE_ROOT: '${APACHE_ROOT}'. Please set APACHE_ROOT to the Apache installation directory.") endif() -# Optional link libraries if(WITH_LUA) target_link_libraries(${IIS_MODULE_NAME} PRIVATE ${LUA_LIBRARIES}) endif() @@ -349,10 +312,10 @@ else() message(WARNING "APACHE_ROOT is not defined or path does not exist. Current APACHE_ROOT: '${APACHE_ROOT}'. Please set APACHE_ROOT to the Apache installation directory.") endif() -if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/bin/fuzzy.dll") +if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/fuzzy.dll") add_custom_command(TARGET ${IIS_MODULE_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different - "${SSDEEP_ROOT}/bin/fuzzy.dll" + "${SSDEEP_ROOT}/fuzzy.dll" $ COMMENT "Copying SSDEEP DLL to output directory" ) @@ -374,9 +337,9 @@ if(APACHE_ROOT AND EXISTS "${APACHE_ROOT}/bin") ) endif() -if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/bin/fuzzy.dll") +if(WITH_SSDEEP AND SSDEEP_ROOT AND EXISTS "${SSDEEP_ROOT}/fuzzy.dll") install(FILES - "${SSDEEP_ROOT}/bin/fuzzy.dll" + "${SSDEEP_ROOT}/fuzzy.dll" DESTINATION . ) endif() diff --git a/iis/installer.wxs b/iis/installer.wxs index 240db63e2..3f1744332 100644 --- a/iis/installer.wxs +++ b/iis/installer.wxs @@ -7,7 +7,7 @@ lightArgs: --> - + diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index e9d5ce376..dfaee4b2c 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -17,6 +17,8 @@ #undef inline #define inline inline +#include "winsock2.h" + // IIS7 Server API header file #include #include @@ -30,8 +32,6 @@ #include "api.h" #include "moduleconfig.h" -#include "winsock2.h" - class REQUEST_STORED_CONTEXT : public IHttpStoredContext { @@ -90,63 +90,66 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - const char *format = "%15[0-9.]:%5[0-9]"; - char ip[16] = { 0 }; // ip4 addresses have max len 15 - char port[6] = { 0 }; // port numbers are 16bit, ie 5 digits max - - DWORD len = 50; - char *buf = (char *)apr_palloc(pool, len); - - if(buf == NULL) - return ""; - - buf[0] = 0; - - WSAAddressToString(pAddr, sizeof(SOCKADDR), NULL, buf, &len); - - // test for IPV4 with port on the end - if (sscanf(buf, format, ip, port) == 2) { - // IPV4 but with port - remove the port - char* input = ":"; - char* ipv4 = strtok(buf, input); - return ipv4; - } - - return buf; + if (pAddr == nullptr) { + return apr_pstrdup(pool, ""); + } + + DWORD addrSize = pAddr->sa_family == AF_INET ? sizeof(SOCKADDR_IN) : sizeof(SOCKADDR_IN6); + auto buf = (char*)apr_palloc(pool, NI_MAXHOST); + if (buf == nullptr) { + return apr_pstrdup(pool, ""); + } + buf[0] = '\0'; + + if (GetNameInfo(pAddr, addrSize, buf, NI_MAXHOST, nullptr, 0, NI_NUMERICHOST) != 0) { + return apr_pstrdup(pool, ""); + } + + return buf; } apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr) { - apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); - int adrlen = 16, iplen = 4; + apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t)); - if(pAddr->sa_family == AF_INET6) - { - adrlen = 46; - iplen = 16; + addr->pool = pool; + addr->hostname = "unknown"; + addr->servname = addr->hostname; + addr->family = AF_UNSPEC; + addr->addr_str_len = 0; + addr->ipaddr_len = 0; + addr->ipaddr_ptr = nullptr; + addr->salen = 0; + addr->port = 0; + + if (pAddr == nullptr) { + return addr; } - addr->addr_str_len = adrlen; addr->family = pAddr->sa_family; - addr->hostname = "unknown"; -#ifdef WIN32 - addr->ipaddr_len = sizeof(IN_ADDR); -#else - addr->ipaddr_len = sizeof(struct in_addr); -#endif - addr->ipaddr_ptr = &addr->sa.sin.sin_addr; - addr->pool = pool; - addr->port = 80; -#ifdef WIN32 - memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); -#else - memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); -#endif - addr->sa.sin.sin_family = pAddr->sa_family; - addr->sa.sin.sin_port = 80; - addr->salen = sizeof(addr->sa); - addr->servname = addr->hostname; + if (pAddr->sa_family == AF_INET) { + auto sin = (SOCKADDR_IN *)pAddr; + addr->addr_str_len = INET_ADDRSTRLEN; + addr->ipaddr_len = sizeof(struct in_addr); + addr->ipaddr_ptr = &addr->sa.sin.sin_addr; + addr->sa.sin.sin_family = AF_INET; + addr->sa.sin.sin_port = sin->sin_port; /* keep network byte order */ + /* copy address */ + memcpy(&addr->sa.sin.sin_addr, &sin->sin_addr, sizeof(struct in_addr)); + addr->salen = sizeof(addr->sa); + addr->port = ntohs(sin->sin_port); + } else if (pAddr->sa_family == AF_INET6) { + auto sin6 = (SOCKADDR_IN6 *)pAddr; + addr->addr_str_len = INET6_ADDRSTRLEN; + addr->ipaddr_len = sizeof(struct in6_addr); + addr->ipaddr_ptr = &addr->sa.sin6.sin6_addr; + addr->sa.sin6.sin6_family = AF_INET6; + addr->sa.sin6.sin6_port = sin6->sin6_port; + memcpy(&addr->sa.sin6.sin6_addr, &sin6->sin6_addr, sizeof(struct in6_addr)); + addr->salen = sizeof(addr->sa); + addr->port = ntohs(sin6->sin6_port); + } return addr; } From 98a1f9a9d6349327c14dcc37d78e35aa2d8e89c4 Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 25 Oct 2025 02:22:35 +0800 Subject: [PATCH 51/52] fix: pinning commit for some action --- .github/workflows/test-ci-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index f616b48bc..c340d55b7 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -74,12 +74,12 @@ jobs: - name: Restore vcpkg cache id: vcpkg-cache - uses: TAServers/vcpkg-cache@v3 + uses: TAServers/vcpkg-cache@e848939f754daf406a06006be2e05eb5b17cc481 with: token: ${{ secrets.GITHUB_TOKEN }} prefix: vcpkg-iis-module-${{ matrix.arch }}/ - - uses: ammaraskar/msvc-problem-matcher@master + - uses: ammaraskar/msvc-problem-matcher@1ebcb382869bfdc2cc645e8a2a43b6d319ea1cc0 - name: Configure CMake for IIS Module env: From 326da02e920a71969e09daa835f66fc756565c8a Mon Sep 17 00:00:00 2001 From: A13501350 <18516149786@163.com> Date: Sat, 25 Oct 2025 17:53:13 +0800 Subject: [PATCH 52/52] fix: make SonarCloud happy --- .github/workflows/test-ci-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index c340d55b7..fa27757d3 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -37,7 +37,7 @@ jobs: echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Setup MSYS2 - uses: msys2/setup-msys2@v2 + uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2 with: msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} update: true