Security: fix critical vulnerabilities and harden module

Security fixes:
#1 Buffer overflow: Validate socket path length against sun_path limit
    - Add MAX_SOCKET_PATH_LEN constant
    - Reject paths >= 108 bytes before snprintf

#2,#3 NULL pointer dereference: Add NULL checks
    - r->connection->local_ip: use conditional append
    - r->protocol: fallback to "UNKNOWN" if NULL

#4 Sensitive headers blacklist: Prevent credential leakage
    - Add DEFAULT_SENSITIVE_HEADERS[] blacklist
    - Block: Authorization, Cookie, Set-Cookie, X-Api-Key, etc.
    - Log skipped headers at DEBUG level only

#5 Memory exhaustion DoS: Add MAX_JSON_SIZE limit (64KB)
    - Check buffer size before adding headers
    - Truncate header list if limit reached

#6 Socket permissions: Change 0o666 → 0o660
    - Owner and group only (not world-writable)
    - Apache user must be in socket's group

#7 Race condition: Add mutex for FD access in worker/event MPMs
    - apr_thread_mutex_t protects socket_fd
    - FD_MUTEX_LOCK/UNLOCK macros
    - Created in reqin_log_create_server_conf()

#8 Timestamp overflow: Document 2262 limitation
    - Add comment explaining apr_time_t limits
    - Safe until ~2262 (uint64 nanoseconds)

#9 Error logging verbosity: Reduce information disclosure
    - APLOG_ERR: Generic messages only
    - APLOG_DEBUG: Detailed error information

#10 Socket path security: Move from /tmp to /var/run
    - Update socket_consumer.py, test scripts
    - Use environment variable MOD_REQIN_LOG_SOCKET
    - More secure default location

Files modified:
- src/mod_reqin_log.c: All security fixes
- scripts/socket_consumer.py: Permissions, path
- scripts/run_integration_tests.sh: Path security
- scripts/test_unix_socket.sh: Path security
- tests/integration/test_integration.py: Path security

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

scripts/run_integration_tests.sh

@@ -11,8 +11,9 @@
 set -e
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-SOCKET_PATH="${SOCKET_PATH:-/tmp/mod_reqin_log.sock}"
-LOG_FILE="/tmp/mod_reqin_log_test.log"
+# Use /var/run for production (more secure than /tmp)
+SOCKET_PATH="${SOCKET_PATH:-/var/run/mod_reqin_log.sock}"
+LOG_FILE="${LOG_FILE:-/var/log/mod_reqin_log_test.log}"
 APACHE_URL="${APACHE_URL:-http://localhost:8080}"
 
 # Colors for output

scripts/socket_consumer.py

@@ -22,7 +22,8 @@ import argparse
 from datetime import datetime
 
 # Default socket path
-DEFAULT_SOCKET_PATH = "/tmp/mod_reqin_log.sock"
+# Use /var/run for production (more secure than /tmp)
+DEFAULT_SOCKET_PATH = os.environ.get("MOD_REQIN_LOG_SOCKET", "/var/run/mod_reqin_log.sock")
 
 # Global flag for graceful shutdown
 shutdown_requested = False
@@ -76,8 +77,9 @@ def create_socket(socket_path):
     server.bind(socket_path)
     server.listen(5)
     
-    # Set permissions (allow Apache to connect)
-    os.chmod(socket_path, 0o666)
+    # Set permissions (owner and group only, not world-writable)
+    # Apache user must be in the socket's group to connect
+    os.chmod(socket_path, 0o660)
     
     return server
 

scripts/test_unix_socket.sh

@@ -10,8 +10,9 @@
 
 set -e
 
-SOCKET_PATH="/tmp/mod_reqin_log_test.sock"
-LOG_OUTPUT="/tmp/mod_reqin_log_output.jsonl"
+# Use /var/run for production (more secure than /tmp)
+SOCKET_PATH="${SOCKET_PATH:-/var/run/mod_reqin_log_test.sock}"
+LOG_OUTPUT="${LOG_OUTPUT:-/var/log/mod_reqin_log_output.jsonl}"
 APACHE_PORT="${APACHE_PORT:-8080}"
 TIMEOUT=30