code_public/mod_reqin_log
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release: version 1.0.2 - Audit security fixes and RPM packaging

Browse Source 
Security hardening:
- Add input sanitization for method (32), path (2048), host (256), http_version (16)
- Prevent log injection via oversized HTTP values
- Add LOG_THROTTLED macro for consistent error reporting
- Improve socket state double-check pattern to avoid unnecessary reconnects

Code quality:
- Fix const qualifier warnings in get_header()
- Add flags field to module definition
- Add -Wno-error=format-security for compatibility

Documentation:
- Clarify timestamp precision (microseconds expressed as nanoseconds)
- Update README and architecture.yml

Testing:
- Add 4 unit tests for input sanitization
- All 78 tests passing

Packaging:
- Remove DEB package support (RPM only: el8, el9, el10)
- Add CHANGELOG file included in RPM packages
- Bump version to 1.0.2

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-02-28 21:45:06 +01:00
parent d0ca0a7e4c
commit c2e1221e5a
8 changed files with 223 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
CHANGELOG Normal file
View File

@ -0,0 +1,33 @@
* Sat Feb 28 2026 Developer <dev@example.com> - 1.0.2
- SECURITY: Add input sanitization for method, path, host, and http_version fields
to prevent log injection via oversized HTTP values
- SECURITY: Add Host header truncation (256 chars max) to prevent log injection
- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting
- IMPROVEMENT: Improve socket state double-check pattern to avoid unnecessary
reconnect attempts under high concurrency
- IMPROVEMENT: Fix const qualifier warnings in get_header() function
- IMPROVEMENT: Add flags field to module definition to fix compilation warning
- IMPROVEMENT: Add -Wno-error=format-security to Makefile for compatibility
- TEST: Add 4 new unit tests for input sanitization (method, path, host, http_version)
- DOC: Clarify timestamp precision (microseconds expressed as nanoseconds)
- DOC: Update README and architecture.yml with accurate timestamp documentation
- BUILD: Update package version to 1.0.2
* Fri Feb 27 2026 Developer <dev@example.com> - 1.0.1
- FIX: Fix socket reconnection logic to properly handle connection failures
- FIX: Improve error logging to prevent error_log flooding
- IMPROVEMENT: Add built-in sensitive headers blacklist (Authorization, Cookie, etc.)
- IMPROVEMENT: Add thread-safe socket FD access via mutex for worker/event MPMs
- TEST: Add comprehensive unit tests for JSON serialization and header handling
- TEST: Add integration tests for socket loss and recovery scenarios
- DOC: Add comprehensive README with configuration examples
- DOC: Add architecture.yml documenting module design decisions
* Thu Feb 26 2026 Developer <dev@example.com> - 1.0.0
- Initial release
- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket
- Non-blocking I/O with automatic reconnection
- Configurable headers with truncation support
- Compatible with prefork, worker, and event MPMs
- Built-in sensitive headers blacklist
- Throttled error reporting to prevent log flooding