mod_reqin_log

Author	SHA1	Message	Date
Jacquin Antoine	395af61497	release: version 1.0.6 - Default socket path changed to /var/run/logcorrelator/http.sock - Docker build now uses cache for faster local builds Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:52:50 +01:00
Jacquin Antoine	e8c57dbf64	build: allow Docker cache for RPM builds - Remove --no-cache flag from docker build command - Faster local builds by reusing cached layers Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:51:59 +01:00
Jacquin Antoine	3e9ff25033	conf: change default socket path to /var/run/logcorrelator/http.sock - Update mod_reqin_log.conf example configuration - Update README.md documentation and examples - Update architecture.yml specification - Update test_config_parsing.c test case Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:49:39 +01:00
Jacquin Antoine	baf8ed801b	build: use spec_version macro in RPM spec file - Define %global spec_version before Version field - Allows RPM 4.18+ to manage version via macro - Simplifies version management in spec file Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:44:46 +01:00
Jacquin Antoine	08a6c72897	docs: add author information to architecture.yml - Add author name: Jacquin Antoine - Add author email: rpm@arkel.fr Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:06:36 +01:00
Jacquin Antoine	c228865a48	release: version 1.0.4 - Build system fixes and cleanup - Fix RPM package paths in Dockerfile.package (el8, el9, el10 directories) - Fix Makefile RPM extraction with separate volume mounts - Remove unused scripts (build.sh, test.sh) - Remove Python integration tests (not automated in CI) - Update README.md and architecture.yml for RPM-only packaging - Remove DEB and el7 references Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:03:48 +01:00
Jacquin Antoine	77aded8bb6	fix: update Makefile RPM extraction with separate volume mounts - Mount each distribution directory separately (el8, el9, el10) - Copy RPMs directly to target directories - Fix extraction path from /output/ to /output/el8/, etc. Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:02:14 +01:00
Jacquin Antoine	fe43ca90a8	fix: correct RPM package paths in Dockerfile.package and Makefile - Create /tmp/packages/el{8,9,10} directories before building RPMs - Copy RPMs to distribution-specific directories - Update Makefile extraction path to match new structure Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 00:41:59 +01:00
Jacquin Antoine	2ac75364c2	refactor: remove unused scripts and integration tests - Remove scripts/build.sh and scripts/test.sh (not referenced in CI/CD) - Remove tests/integration/test_integration.py (never automated) - Keep only unit tests (C/cmocka) executed in GitLab CI Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 00:35:15 +01:00
Jacquin Antoine	e3ea1fb486	docs: update README and architecture for RPM-only packaging - Remove DEB and el7 references (RPM only: el8, el9, el10) - Remove Python integration tests from documentation (not automated in CI) - Add file inventory in architecture.yml (source, packaging, tests) - Update CI verify jobs to check RPM metadata with rpm -qi - Organize RPM packages by distribution in dist/rpm/{el8,el9,el10}/ - Add security and RPM packaging features to README - Split Requirements into Runtime and Packaging sections Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 00:29:51 +01:00
Jacquin Antoine	8b381c7feb	build: migrate RPM packaging from fpm to rpmbuild with .spec file - Replace fpm with rpmbuild for standard RPM packaging - Add mod_reqin_log.spec file with Version, %install, %files, %changelog - Use Rocky Linux 9 as package-builder base image - Extract version automatically from .spec file - Remove CHANGELOG file (changelog now in .spec) - Build RPMs for el8, el9, el10 distributions Verified RPM metadata: Name: mod_reqin_log Version: 1.0.2 Release: 1.el8/el9/el10 License: Apache-2.0 Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 00:12:22 +01:00
Jacquin Antoine	3418cbcbbb	Add --no-cache to docker build command Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-28 23:09:59 +01:00
Jacquin Antoine	c2e1221e5a	release: version 1.0.2 - Audit security fixes and RPM packaging Security hardening: - Add input sanitization for method (32), path (2048), host (256), http_version (16) - Prevent log injection via oversized HTTP values - Add LOG_THROTTLED macro for consistent error reporting - Improve socket state double-check pattern to avoid unnecessary reconnects Code quality: - Fix const qualifier warnings in get_header() - Add flags field to module definition - Add -Wno-error=format-security for compatibility Documentation: - Clarify timestamp precision (microseconds expressed as nanoseconds) - Update README and architecture.yml Testing: - Add 4 unit tests for input sanitization - All 78 tests passing Packaging: - Remove DEB package support (RPM only: el8, el9, el10) - Add CHANGELOG file included in RPM packages - Bump version to 1.0.2 Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-28 21:45:06 +01:00
Jacquin Antoine	d0ca0a7e4c	fix: correction bugs + tests + migration el7 vers el10 Correctifs de bugs critiques: - Overflow entier dans le calcul du timestamp (nanoseconds) - Validation des composantes temporelles dans format_iso8601 - Race condition mutex: échec dur pour MPM threadés (worker/event) - Rejet des espaces en tête dans parse_int_strict Nouveaux tests unitaires (38 ajoutés): - Overflow timestamp, limites ISO8601, format fixe 20 chars - Limite de taille JSON 64KB - Détection headers sensibles (blacklist) - Validation parse_int_strict - dynbuf NULL handling et strlen mode Migration packaging: - Suppression CentOS 7 (EOL) - Ajout AlmaLinux 10 (el10) - RPMs supportés: el8, el9, el10 Mise à jour CI/CD et documentation: - .gitlab-ci.yml: jobs verify pour el8/el9/el10 - architecture.yml: OS supportés à jour - 70/70 tests pass Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-28 21:02:05 +01:00
Jacquin Antoine	59856a7ed7	fix: forcer la compilation en C11 dans le Makefile Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>	2026-02-28 20:42:29 +01:00
Jacquin Antoine	175a0cccda	fix: Sécuriser l’écriture socket et initialiser APR dans les tests Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>	2026-02-28 20:38:58 +01:00
Jacquin Antoine	ce1692bfba	fix: corriger la déclaration de reqin_log_module pour Apache Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>	2026-02-28 20:35:18 +01:00
Jacquin Antoine	77541f7500	fix: corriger la déclaration de reqin_log_module Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>	2026-02-28 20:33:42 +01:00
Jacquin Antoine	46291898e1	fix: renforcer la robustesse du module et étendre les tests/CI Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>	2026-02-28 20:28:40 +01:00
Jacquin Antoine	a935ed1641	ci: migrate to GitLab CI with multi-distribution RPM builds - Replace GitHub Actions with GitLab CI using Docker-in-Docker - Build 3 RPMs (el7, el8, el9) + 1 DEB from Dockerfile.package - Add verify jobs for each target distribution - Remove obsolete files: - Dockerfile, Dockerfile.test-socket (replaced by Dockerfile.package) - scripts/socket_consumer.py, scripts/socket_listener.py - scripts/test_unix_socket.sh, scripts/run_integration_tests.sh - Update README.md with new package targets - Update architecture.yml for GitLab CI workflow Breaks: Single RPM no longer supported (glibc incompatibility) Replaced by: Distribution-specific RPMs (el7, el8, el9) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-28 16:06:57 +01:00
Jacquin Antoine	2fc3f92cf8	docs: update README with new Docker-based packaging - Update installation section to use Docker-based packaging - Replace rpmbuild and debhelper commands with make package-* targets - Document new unified packaging workflow with fpm Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-27 16:17:46 +01:00
Jacquin Antoine	d098211752	refactor: remove obsolete packaging files - Remove debhelper files (compat, control, install, rules) - Remove rpm spec file (mod_reqin_log.spec) - All packaging now handled by fpm in Dockerfile.package Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-27 16:06:34 +01:00
Jacquin Antoine	395635ab36	docs: update architecture.yml with unified packaging section - Update CI package stage to use Dockerfile.package with fpm - Replace rpmbuild and debhelper with unified fpm approach - Document multi-stage build pipeline (builder, package_builder, output) - Add file mappings, dependencies, and verification commands Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-27 15:41:29 +01:00
Jacquin Antoine	802ce75a80	Unify packaging: use Docker + fpm for DEB and RPM builds - Add Dockerfile.package with multi-stage build (builder, package-builder, output) - Update Makefile to add package, package-deb, package-rpm, and test-package targets - Replace debhelper and rpmbuild with fpm for consistent packaging - Both DEB and RPM packages now built from single Dockerfile Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-27 15:31:55 +01:00
Jacquin Antoine	b5d093f8cb	Docs: update security documentation and hardening notes architecture.yml: - Update header_handling: document built-in sensitive headers blacklist - Expand security section with hardening measures - Add socket permissions, path recommendations, environment variable README.md: - Add new 'Built-in Sensitive Headers Blacklist' section - Document all blocked headers (Authorization, Cookie, X-Api-Key, etc.) - Update socket security: permissions 0o660, /var/run path, group membership - Add hardening features: path validation, JSON size limit, NULL checks, mutex - Fix JSON example (remove extra closing brace) - Update socket consumer example with secure permissions (0o660) - Add MOD_REQIN_LOG_SOCKET environment variable to example - Update Fields table: header_<Name> flat structure description - Add note about automatic sensitive header exclusion Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-26 23:41:51 +01:00
Jacquin Antoine	e44059865b	Security: fix critical vulnerabilities and harden module Security fixes: #1 Buffer overflow: Validate socket path length against sun_path limit - Add MAX_SOCKET_PATH_LEN constant - Reject paths >= 108 bytes before snprintf #2,#3 NULL pointer dereference: Add NULL checks - r->connection->local_ip: use conditional append - r->protocol: fallback to "UNKNOWN" if NULL #4 Sensitive headers blacklist: Prevent credential leakage - Add DEFAULT_SENSITIVE_HEADERS[] blacklist - Block: Authorization, Cookie, Set-Cookie, X-Api-Key, etc. - Log skipped headers at DEBUG level only #5 Memory exhaustion DoS: Add MAX_JSON_SIZE limit (64KB) - Check buffer size before adding headers - Truncate header list if limit reached #6 Socket permissions: Change 0o666 → 0o660 - Owner and group only (not world-writable) - Apache user must be in socket's group #7 Race condition: Add mutex for FD access in worker/event MPMs - apr_thread_mutex_t protects socket_fd - FD_MUTEX_LOCK/UNLOCK macros - Created in reqin_log_create_server_conf() #8 Timestamp overflow: Document 2262 limitation - Add comment explaining apr_time_t limits - Safe until ~2262 (uint64 nanoseconds) #9 Error logging verbosity: Reduce information disclosure - APLOG_ERR: Generic messages only - APLOG_DEBUG: Detailed error information #10 Socket path security: Move from /tmp to /var/run - Update socket_consumer.py, test scripts - Use environment variable MOD_REQIN_LOG_SOCKET - More secure default location Files modified: - src/mod_reqin_log.c: All security fixes - scripts/socket_consumer.py: Permissions, path - scripts/run_integration_tests.sh: Path security - scripts/test_unix_socket.sh: Path security - tests/integration/test_integration.py: Path security Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-26 23:37:30 +01:00
Jacquin Antoine	070c2a7bd2	Refactor: thread-safe per-process state and add tests Major changes: - Move child state from global variable to server config (reqin_log_server_conf_t) - Add reqin_log_create_server_conf() for proper per-server initialization - Fix thread safety for worker/event MPMs - Add cmocka unit tests (test_module_real.c) - Add Python integration tests (test_integration.py) - Update CI workflow and Dockerfiles for test execution - Fix: Remove child_exit hook (not in architecture.yml) Tests: - Unit tests: JSON escaping, ISO8601 formatting, header truncation - Integration tests: basic_logging, header_limits, socket_unavailable, socket_loss Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-26 23:28:45 +01:00
Jacquin Antoine	7cfd14fb65	Fix: add missing child_exit hook per architecture.yml - Add reqin_log_child_exit() to close Unix socket on child exit - Register hook with ap_hook_child_exit() - Ensures clean socket cleanup as specified in architecture.yml Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-26 14:04:47 +01:00
Jacquin Antoine	66549acf5c	Initial commit: mod_reqin_log Apache module Features: - JSON logging of HTTP requests to Unix domain socket - Configurable HTTP headers logging (flat JSON structure) - Header value truncation and count limits - Automatic reconnect on socket disconnection - Error reporting with throttling Configuration directives: - JsonSockLogEnabled: Enable/disable logging - JsonSockLogSocket: Unix socket path - JsonSockLogHeaders: List of headers to log - JsonSockLogMaxHeaders: Maximum headers to log - JsonSockLogMaxHeaderValueLen: Max header value length - JsonSockLogReconnectInterval: Reconnect delay - JsonSockLogErrorReportInterval: Error log throttle Includes: - Module source code (src/) - Unit and integration tests (tests/, scripts/) - Documentation (README.md, architecture.yml) - Build configuration (CMakeLists.txt, Makefile) - Packaging (deb/rpm) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-26 13:55:07 +01:00

29 Commits