code_public/mod_reqin_log
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: correction bugs + tests + migration el7 vers el10

Browse Source 
Correctifs de bugs critiques:
- Overflow entier dans le calcul du timestamp (nanoseconds)
- Validation des composantes temporelles dans format_iso8601
- Race condition mutex: échec dur pour MPM threadés (worker/event)
- Rejet des espaces en tête dans parse_int_strict

Nouveaux tests unitaires (38 ajoutés):
- Overflow timestamp, limites ISO8601, format fixe 20 chars
- Limite de taille JSON 64KB
- Détection headers sensibles (blacklist)
- Validation parse_int_strict
- dynbuf NULL handling et strlen mode

Migration packaging:
- Suppression CentOS 7 (EOL)
- Ajout AlmaLinux 10 (el10)
- RPMs supportés: el8, el9, el10

Mise à jour CI/CD et documentation:
- .gitlab-ci.yml: jobs verify pour el8/el9/el10
- architecture.yml: OS supportés à jour
- 70/70 tests pass

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-02-28 21:02:05 +01:00
parent 59856a7ed7
commit d0ca0a7e4c
8 changed files with 624 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/unit/test_json_serialization.c
View File

@ -192,10 +192,10 @@ static void test_json_escape_control_chars(void **state)
apr_pool_create(&pool, NULL);
testbuf_init(&buf, pool, 256);
/* Test with bell character (0x07) */
append_json_string(&buf, "test\bell");
/* Test with bell character (0x07) - use octal literal */
append_json_string(&buf, "test\007bell");
/* Should contain unicode escape */
/* Should contain unicode escape for bell (0x07) */
assert_true(strstr(buf.data, "\\u0007") != NULL);
apr_pool_destroy(pool);

490
tests/unit/test_module_real.c
View File

@ -1,6 +1,6 @@
/*
* test_module_real.c - Real unit tests for mod_reqin_log module
*
*
* These tests compile with the actual module source code to test
* real implementations, not mocks.
*/
@ -12,18 +12,26 @@
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <errno.h>
#include <apr_pools.h>
#include <apr_strings.h>
#include <apr_time.h>
#include <apr_lib.h>
#include <apr_tables.h>
/* Maximum JSON log line size (64KB) - must match module definition */
#define MAX_JSON_SIZE (64 * 1024)
/* Include the module source to test real functions */
/* We need to extract and test specific functions */
/* ============================================================================
* dynbuf_t structure and functions (copied from module for testing)
* Forward declarations for functions under test
* (These match the implementations in mod_reqin_log.c)
* ============================================================================ */
/* Dynamic string buffer */
typedef struct {
char *data;
apr_size_t len;
@ -31,6 +39,31 @@ typedef struct {
apr_pool_t *pool;
} dynbuf_t;
/* Module configuration structure */
typedef struct {
int enabled;
const char *socket_path;
apr_array_header_t *headers;
int max_headers;
int max_header_value_len;
int reconnect_interval;
int error_report_interval;
} reqin_log_config_t;
/* Function signatures for testing */
static void dynbuf_init(dynbuf_t *db, apr_pool_t *pool, apr_size_t initial_capacity);
static void dynbuf_append(dynbuf_t *db, const char *str, apr_size_t len);
static void dynbuf_append_char(dynbuf_t *db, char c);
static void append_json_string(dynbuf_t *db, const char *str);
static void format_iso8601(dynbuf_t *db, apr_time_t t);
static int parse_int_strict(const char *arg, int *out);
static int is_sensitive_header(const char *name);
static char *truncate_header_value(apr_pool_t *pool, const char *value, int max_len);
/* ============================================================================
* dynbuf functions (copied from module for testing)
* ============================================================================ */
static void dynbuf_init(dynbuf_t *db, apr_pool_t *pool, apr_size_t initial_capacity)
{
db->pool = pool;
@ -116,10 +149,33 @@ static void format_iso8601(dynbuf_t *db, apr_time_t t)
apr_time_exp_t tm;
apr_time_exp_gmt(&tm, t);
/* Validate time components to prevent buffer overflow and invalid output.
* apr_time_exp_gmt should always produce valid values, but we validate
* defensively to catch any APR bugs or memory corruption. */
int year = tm.tm_year + 1900;
int mon = tm.tm_mon + 1;
int day = tm.tm_mday;
int hour = tm.tm_hour;
int min = tm.tm_min;
int sec = tm.tm_sec;
/* Clamp values to valid ranges to ensure fixed-width output (20 chars + null) */
if (year < 0) year = 0;
if (year > 9999) year = 9999;
if (mon < 1) mon = 1;
if (mon > 12) mon = 12;
if (day < 1) day = 1;
if (day > 31) day = 31;
if (hour < 0) hour = 0;
if (hour > 23) hour = 23;
if (min < 0) min = 0;
if (min > 59) min = 59;
if (sec < 0) sec = 0;
if (sec > 61) sec = 61;
char time_str[32];
snprintf(time_str, sizeof(time_str), "%04d-%02d-%02dT%02d:%02d:%02dZ",
tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
tm.tm_hour, tm.tm_min, tm.tm_sec);
year, mon, day, hour, min, sec);
dynbuf_append(db, time_str, -1);
}
@ -140,6 +196,55 @@ static char *truncate_header_value(apr_pool_t *pool, const char *value, int max_
return apr_pstrdup(pool, value);
}
/* ============================================================================
* Sensitive header detection (real logic from module)
* ============================================================================ */
static const char *DEFAULT_SENSITIVE_HEADERS[] = {
"Authorization",
"Cookie",
"Set-Cookie",
"X-Api-Key",
"X-Auth-Token",
"Proxy-Authorization",
"WWW-Authenticate",
NULL
};
static int is_sensitive_header(const char *name)
{
if (name == NULL) {
return 0;
}
for (int i = 0; DEFAULT_SENSITIVE_HEADERS[i] != NULL; i++) {
if (strcasecmp(name, DEFAULT_SENSITIVE_HEADERS[i]) == 0) {
return 1;
}
}
return 0;
}
/* ============================================================================
* Strict integer parsing (real logic from module)
* ============================================================================ */
static int parse_int_strict(const char *arg, int *out)
{
char *end = NULL;
long v;
if (arg == NULL || *arg == '\0' || out == NULL) return -1;
/* Reject leading whitespace (strtol skips it by default) */
if (apr_isspace(*arg)) return -1;
errno = 0;
v = strtol(arg, &end, 10);
if (errno != 0 || end == arg || *end != '\0' || v < INT_MIN || v > INT_MAX) return -1;
*out = (int)v;
return 0;
}
/* ============================================================================
* Test setup and teardown
* ============================================================================ */
@ -521,7 +626,7 @@ static void test_header_value_json_escape(void **state)
dynbuf_init(&db, pool, 256);
const char *header_value = "test\"value\\with\tspecial";
/* Simulate what the module does */
dynbuf_append(&db, "\"header_Test\":\"", -1);
append_json_string(&db, header_value);
@ -535,6 +640,350 @@ static void test_header_value_json_escape(void **state)
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: ISO8601 format with year 0 (edge case)
* ============================================================================ */
static void test_iso8601_format_year_zero(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, 64);
/* Use time that would result in year 0 or negative after conversion */
/* This tests the clamping logic */
apr_time_t test_time = apr_time_from_sec(0);
format_iso8601(&db, test_time);
/* Should produce valid ISO8601 with clamped values */
assert_int_equal(strlen(db.data), 20);
assert_true(strstr(db.data, "Z") != NULL);
assert_true(db.data[4] == '-');
assert_true(db.data[7] == '-');
assert_true(db.data[10] == 'T');
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: ISO8601 format with very large timestamp (overflow test)
* ============================================================================ */
static void test_iso8601_format_large_timestamp(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, 64);
/* Use maximum reasonable apr_time_t value */
/* This tests that large timestamps don't cause buffer overflow */
apr_time_t test_time = apr_time_from_sec(253402300799ULL); /* Year 9999 */
format_iso8601(&db, test_time);
/* Should produce valid ISO8601 with year 9999 or clamped */
assert_int_equal(strlen(db.data), 20);
assert_true(strstr(db.data, "Z") != NULL);
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: ISO8601 format output length is always fixed
* ============================================================================ */
static void test_iso8601_format_fixed_length(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, 64);
/* Test various timestamps */
apr_time_t times[] = {
apr_time_from_sec(0),
apr_time_from_sec(946684800), /* 2000-01-01 */
apr_time_from_sec(1772107200), /* 2026-02-26 */
apr_time_from_sec(253402300799ULL) /* Year 9999 */
};
for (size_t i = 0; i < sizeof(times) / sizeof(times[0]); i++) {
db.len = 0;
db.data[0] = '\0';
format_iso8601(&db, times[i]);
/* ISO8601 format is always 20 characters: YYYY-MM-DDTHH:MM:SSZ */
assert_int_equal(strlen(db.data), 20);
}
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: Timestamp calculation does not overflow
* ============================================================================ */
static void test_timestamp_no_overflow(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
/* Test that converting apr_time_t (microseconds) to nanoseconds
* doesn't overflow for reasonable timestamps */
/* Current time in microseconds */
apr_time_t now = apr_time_now();
/* Convert to nanoseconds (same as module does) */
apr_uint64_t ns = ((apr_uint64_t)now) * APR_UINT64_C(1000);
/* Should be a large but valid number */
assert_true(ns > 0);
/* Should be less than maximum apr_uint64_t */
/* Current time ~1.7e9 seconds * 1e9 = 1.7e18 nanoseconds */
/* APR_UINT64_MAX is ~1.8e19, so we have plenty of headroom */
assert_true(ns < APR_UINT64_MAX);
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: JSON size limit enforcement (64KB)
* ============================================================================ */
static void test_json_size_limit(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, 4096);
/* Build JSON up to the limit */
dynbuf_append(&db, "{", 1);
/* Add a large header value to approach the limit */
dynbuf_append(&db, "\"header_Test\":\"", -1);
/* Add data up to just under the limit */
size_t target_size = MAX_JSON_SIZE - 100;
char *large_data = apr_palloc(pool, target_size);
memset(large_data, 'A', target_size - 1);
large_data[target_size - 1] = '\0';
append_json_string(&db, large_data);
dynbuf_append(&db, "\"}", -1);
/* Should have built the JSON without crash */
assert_true(db.data[0] == '{');
/* Check that we can detect when limit is exceeded */
if (db.len >= MAX_JSON_SIZE) {
/* Size limit reached - this is expected for large data */
/* In real module this would be logged via ap_log_error */
}
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: JSON size limit - buffer check before headers
* ============================================================================ */
static void test_json_size_limit_before_headers(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, MAX_JSON_SIZE + 1024);
/* Build base JSON fields */
dynbuf_append(&db, "{\"time\":\"", -1);
format_iso8601(&db, apr_time_now());
dynbuf_append(&db, "\",\"timestamp\":", -1);
/* Add a very large timestamp field */
char ts_buf[64];
snprintf(ts_buf, sizeof(ts_buf), "%" APR_UINT64_T_FMT,
((apr_uint64_t)apr_time_now()) * APR_UINT64_C(1000));
dynbuf_append(&db, ts_buf, -1);
dynbuf_append(&db, ",\"src_ip\":\"", -1);
/* Add large IP-like string */
char *large_ip = apr_palloc(pool, MAX_JSON_SIZE - 200);
memset(large_ip, '1', MAX_JSON_SIZE - 201);
large_ip[MAX_JSON_SIZE - 201] = '\0';
dynbuf_append(&db, large_ip, -1);
dynbuf_append(&db, "\",\"method\":\"GET\"}", -1);
/* Should handle gracefully */
assert_true(db.data[0] == '{');
/* Verify size check would trigger */
if (db.len >= MAX_JSON_SIZE) {
/* This is expected - size limit check should catch this */
}
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: dynbuf append with NULL string
* ============================================================================ */
static void test_dynbuf_append_null(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, 64);
/* Should handle NULL gracefully */
dynbuf_append(&db, NULL, 10);
assert_int_equal(db.len, 0);
assert_string_equal(db.data, "");
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: dynbuf append with len=-1 (strlen mode)
* ============================================================================ */
static void test_dynbuf_append_strlen_mode(void **state)
{
apr_pool_t *pool;
apr_pool_create(&pool, NULL);
dynbuf_t db;
dynbuf_init(&db, pool, 64);
dynbuf_append(&db, "hello", (apr_size_t)-1);
assert_int_equal(db.len, 5);
assert_string_equal(db.data, "hello");
apr_pool_destroy(pool);
}
/* ============================================================================
* Test: Sensitive header detection - blacklist
* ============================================================================ */
static void test_sensitive_header_blacklist(void **state)
{
(void)state;
/* List of headers that should be blocked */
const char *sensitive[] = {
"Authorization",
"Cookie",
"Set-Cookie",
"X-Api-Key",
"X-Auth-Token",
"Proxy-Authorization",
"WWW-Authenticate",
NULL
};
/* List of headers that should NOT be blocked */
const char *non_sensitive[] = {
"X-Request-Id",
"User-Agent",
"Referer",
"Host",
"Content-Type",
"Accept",
NULL
};
/* Test sensitive headers */
for (int i = 0; sensitive[i] != NULL; i++) {
assert_true(is_sensitive_header(sensitive[i]));
}
/* Test non-sensitive headers */
for (int i = 0; non_sensitive[i] != NULL; i++) {
assert_false(is_sensitive_header(non_sensitive[i]));
}
}
/* ============================================================================
* Test: Sensitive header detection - case insensitive
* ============================================================================ */
static void test_sensitive_header_case_insensitive(void **state)
{
(void)state;
/* Should be blocked regardless of case */
assert_true(is_sensitive_header("authorization"));
assert_true(is_sensitive_header("AUTHORIZATION"));
assert_true(is_sensitive_header("Authorization"));
assert_true(is_sensitive_header("cookie"));
assert_true(is_sensitive_header("COOKIE"));
assert_true(is_sensitive_header("x-api-key"));
assert_true(is_sensitive_header("X-API-KEY"));
}
/* ============================================================================
* Test: Sensitive header detection - NULL handling
* ============================================================================ */
static void test_sensitive_header_null(void **state)
{
(void)state;
/* NULL should not be considered sensitive (returns 0) */
assert_false(is_sensitive_header(NULL));
}
/* ============================================================================
* Test: Parse integer strict - valid values
* ============================================================================ */
static void test_parse_int_strict_valid(void **state)
{
int out;
(void)state;
assert_int_equal(parse_int_strict("0", &out), 0);
assert_int_equal(out, 0);
assert_int_equal(parse_int_strict("10", &out), 0);
assert_int_equal(out, 10);
assert_int_equal(parse_int_strict("-5", &out), 0);
assert_int_equal(out, -5);
assert_int_equal(parse_int_strict("2147483647", &out), 0);
assert_int_equal(out, 2147483647);
assert_int_equal(parse_int_strict("-2147483648", &out), 0);
assert_int_equal(out, -2147483648);
}
/* ============================================================================
* Test: Parse integer strict - invalid values
* ============================================================================ */
static void test_parse_int_strict_invalid(void **state)
{
int out;
(void)state;
/* Invalid: empty string */
assert_int_equal(parse_int_strict("", &out), -1);
/* Invalid: NULL */
assert_int_equal(parse_int_strict(NULL, &out), -1);
/* Invalid: non-numeric */
assert_int_equal(parse_int_strict("abc", &out), -1);
/* Invalid: mixed */
assert_int_equal(parse_int_strict("10abc", &out), -1);
/* Invalid: whitespace */
assert_int_equal(parse_int_strict(" 10", &out), -1);
assert_int_equal(parse_int_strict("10 ", &out), -1);
}
/* ============================================================================
* Main test runner
* ============================================================================ */
@ -545,7 +994,9 @@ int main(void)
cmocka_unit_test_setup_teardown(test_dynbuf_init, setup, teardown),
cmocka_unit_test_setup_teardown(test_dynbuf_append_basic, setup, teardown),
cmocka_unit_test_setup_teardown(test_dynbuf_append_resize, setup, teardown),
cmocka_unit_test_setup_teardown(test_dynbuf_append_null, setup, teardown),
cmocka_unit_test_setup_teardown(test_dynbuf_append_strlen_mode, setup, teardown),
/* JSON escaping tests */
cmocka_unit_test_setup_teardown(test_json_escape_empty, setup, teardown),
cmocka_unit_test_setup_teardown(test_json_escape_null, setup, teardown),
@ -556,19 +1007,38 @@ int main(void)
cmocka_unit_test_setup_teardown(test_json_escape_control_char, setup, teardown),
cmocka_unit_test_setup_teardown(test_json_escape_user_agent, setup, teardown),
cmocka_unit_test_setup_teardown(test_json_escape_combined_special, setup, teardown),
/* ISO8601 formatting */
cmocka_unit_test_setup_teardown(test_iso8601_format, setup, teardown),
cmocka_unit_test_setup_teardown(test_iso8601_format_year_zero, setup, teardown),
cmocka_unit_test_setup_teardown(test_iso8601_format_large_timestamp, setup, teardown),
cmocka_unit_test_setup_teardown(test_iso8601_format_fixed_length, setup, teardown),
/* Timestamp overflow tests */
cmocka_unit_test_setup_teardown(test_timestamp_no_overflow, setup, teardown),
/* JSON size limit tests */
cmocka_unit_test_setup_teardown(test_json_size_limit, setup, teardown),
cmocka_unit_test_setup_teardown(test_json_size_limit_before_headers, setup, teardown),
/* Header truncation tests */
cmocka_unit_test_setup_teardown(test_header_truncation_within, setup, teardown),
cmocka_unit_test_setup_teardown(test_header_truncation_exceeds, setup, teardown),
cmocka_unit_test_setup_teardown(test_header_truncation_null, setup, teardown),
cmocka_unit_test_setup_teardown(test_header_truncation_empty, setup, teardown),
/* Sensitive header tests */
cmocka_unit_test_setup_teardown(test_sensitive_header_blacklist, setup, teardown),
cmocka_unit_test_setup_teardown(test_sensitive_header_case_insensitive, setup, teardown),
cmocka_unit_test_setup_teardown(test_sensitive_header_null, setup, teardown),
/* Parse integer strict tests */
cmocka_unit_test_setup_teardown(test_parse_int_strict_valid, setup, teardown),
cmocka_unit_test_setup_teardown(test_parse_int_strict_invalid, setup, teardown),
/* Full JSON structure */
cmocka_unit_test_setup_teardown(test_full_json_line, setup, teardown),
/* Header value escaping */
cmocka_unit_test_setup_teardown(test_header_value_json_escape, setup, teardown),
};