[-]
[+]
|
Deleted |
nginx.changes
|
@@ -1,28 +0,0 @@
--------------------------------------------------------------------
-Wed Dec 28 20:00:08 UTC 2016 - cs@linux-administrator.com
-
-- update to nginx 1.11.8
-
--------------------------------------------------------------------
-Wed Dec 14 11:07:19 UTC 2016 - cs@linux-administrator.com
-
-- update to nginx 1.11.7
-
--------------------------------------------------------------------
-Mon Nov 28 07:21:41 UTC 2016 - cs@linux-administrator.com
-
-- update to nginx 1.11.6
-- update nginx rtmp module to 1.1.10
-
--------------------------------------------------------------------
-Wed Oct 12 21:29:31 UTC 2016 - cs@linux-administrator.com
-
-- update to nginx 1.11.5
-
--------------------------------------------------------------------
-Wed Sep 28 18:04:31 UTC 2016 - cs@linux-administrator.com
-
-- update to nginx 1.11.4
-- update openssl to 1.0.2j
-- update nginx rtmp module to 1.1.9
-
|
[-]
[+]
|
Changed |
nginx.spec
^
|
|
[-]
[+]
|
Deleted |
2bc1dac6fb3ed263529decb211ec784824132bf4.patch
^
|
@@ -1,38 +0,0 @@
-From 2bc1dac6fb3ed263529decb211ec784824132bf4 Mon Sep 17 00:00:00 2001
-From: Chris Lea <chris.lea@gmail.com>
-Date: Tue, 15 Nov 2016 22:26:35 -0800
-Subject: [PATCH] default_port was removed in 1.11.6.
-
----
- ngx_http_upstream_fair_module.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/ngx_http_upstream_fair_module.c b/ngx_http_upstream_fair_module.c
-index a4419ca..66144e9 100644
---- a/ngx_http_upstream_fair_module.c
-+++ b/ngx_http_upstream_fair_module.c
-@@ -540,7 +540,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us)
-
- /* an upstream implicitly defined by proxy_pass, etc. */
-
-+#if nginx_version < 1011006
- if (us->port == 0 && us->default_port == 0) {
-+#else
-+ if (us->port == 0) {
-+#endif
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no port in upstream \"%V\" in %s:%ui",
- &us->host, us->file_name, us->line);
-@@ -550,8 +554,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us)
- ngx_memzero(&u, sizeof(ngx_url_t));
-
- u.host = us->host;
-+#if nginx_version < 1011006
- u.port = (in_port_t) (us->port ? us->port : us->default_port);
--
-+#else
-+ u.port = (in_port_t) us->port;
-+#endif
- if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
- if (u.err) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
[-]
[+]
|
Deleted |
check_1.7.5+.patch
^
|
@@ -1,195 +0,0 @@
-diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c
-index 148d73a..913e395 100644
---- a/src/http/modules/ngx_http_upstream_ip_hash_module.c
-+++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c
-@@ -9,6 +9,9 @@
- #include <ngx_core.h>
- #include <ngx_http.h>
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+#include "ngx_http_upstream_check_module.h"
-+#endif
-
- typedef struct {
- /* the round robin data must be first */
-@@ -212,6 +215,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data)
- goto next_try;
- }
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
-+ "get ip_hash peer, check_index: %ui",
-+ peer->check_index);
-+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
-+ goto next_try;
-+ }
-+#endif
-+
- if (peer->max_fails
- && peer->fails >= peer->max_fails
- && now - peer->checked <= peer->fail_timeout)
-diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c
-index 623bc9b..a223839 100644
---- a/src/http/modules/ngx_http_upstream_least_conn_module.c
-+++ b/src/http/modules/ngx_http_upstream_least_conn_module.c
-@@ -9,6 +9,9 @@
- #include <ngx_core.h>
- #include <ngx_http.h>
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+#include "ngx_http_upstream_check_module.h"
-+#endif
-
- typedef struct {
- ngx_uint_t *conns;
-@@ -203,6 +206,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
- continue;
- }
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
-+ "get least_conn peer, check_index: %ui",
-+ peer->check_index);
-+
-+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
-+ continue;
-+ }
-+#endif
-+
- if (peer->max_fails
- && peer->fails >= peer->max_fails
- && now - peer->checked <= peer->fail_timeout)
-@@ -256,6 +269,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
- continue;
- }
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
-+ "get least_conn peer, check_index: %ui",
-+ peer->check_index);
-+
-+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
-+ continue;
-+ }
-+#endif
-+
- if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) {
- continue;
- }
-diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c
-index 2d0649b..b9789eb 100644
---- a/src/http/ngx_http_upstream_round_robin.c
-+++ b/src/http/ngx_http_upstream_round_robin.c
-@@ -9,6 +9,9 @@
- #include <ngx_core.h>
- #include <ngx_http.h>
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+#include "ngx_http_upstream_check_module.h"
-+#endif
-
- #define ngx_http_upstream_tries(p) ((p)->number \
- + ((p)->next ? (p)->next->number : 0))
-@@ -92,6 +95,14 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
- peer[n].fail_timeout = server[i].fail_timeout;
- peer[n].down = server[i].down;
- peer[n].server = server[i].name;
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ if (!server[i].down) {
-+ peers->peer[n].check_index =
-+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]);
-+ } else {
-+ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR;
-+ }
-+#endif
- n++;
- }
- }
-@@ -148,6 +159,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
- peer[n].fail_timeout = server[i].fail_timeout;
- peer[n].down = server[i].down;
- peer[n].server = server[i].name;
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ if (!server[i].down) {
-+ backup->peer[n].check_index =
-+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]);
-+ }
-+ else {
-+ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR;
-+ }
-+#endif
- n++;
- }
- }
-@@ -207,6 +227,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
- peer[i].current_weight = 0;
- peer[i].max_fails = 1;
- peer[i].fail_timeout = 10;
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR;
-+#endif
- }
-
- us->peer.data = peers;
-@@ -316,7 +339,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r,
- peer[0].current_weight = 0;
- peer[0].max_fails = 1;
- peer[0].fail_timeout = 10;
--
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR;
-+#endif
- } else {
-
- for (i = 0; i < ur->naddrs; i++) {
-@@ -356,6 +381,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r,
- peer[i].current_weight = 0;
- peer[i].max_fails = 1;
- peer[i].fail_timeout = 10;
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR;
-+#endif
- }
- }
-
-@@ -415,6 +443,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data)
- goto failed;
- }
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
-+ goto failed;
-+ }
-+#endif
-+
- } else {
-
- /* there are several peers */
-@@ -507,6 +541,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp)
- continue;
- }
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
-+ continue;
-+ }
-+#endif
-+
- if (peer->max_fails
- && peer->fails >= peer->max_fails
- && now - peer->checked <= peer->fail_timeout)
-diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h
-index 9db82a6..6e19a65 100644
---- a/src/http/ngx_http_upstream_round_robin.h
-+++ b/src/http/ngx_http_upstream_round_robin.h
-@@ -31,6 +31,10 @@ typedef struct {
- ngx_uint_t max_fails;
- time_t fail_timeout;
-
-+#if (NGX_HTTP_UPSTREAM_CHECK)
-+ ngx_uint_t check_index;
-+#endif
-+
- ngx_uint_t down; /* unsigned down:1; */
-
- #if (NGX_HTTP_SSL)
|
[-]
[+]
|
Deleted |
nginx-0.4.0-no_Werror.patch
^
|
@@ -1,13 +0,0 @@
-Index: auto/cc/gcc
-===================================================================
---- auto/cc/gcc.orig
-+++ auto/cc/gcc
-@@ -171,7 +171,7 @@
-
-
- # stop on warning
--CFLAGS="$CFLAGS -Werror"
-+CFLAGS="$CFLAGS"
-
- # debug
- CFLAGS="$CFLAGS -g"
|
[-]
[+]
|
Deleted |
nginx-0.4.0-perl_vendor_install.patch
^
|
@@ -1,13 +0,0 @@
-Index: auto/install
-===================================================================
---- auto/install.orig
-+++ auto/install
-@@ -7,7 +7,7 @@
- cat << END >> $NGX_MAKEFILE
-
- install_perl_modules:
-- cd $NGX_OBJS/src/http/modules/perl && make install
-+ cd $NGX_OBJS/src/http/modules/perl && make install_vendor
- END
-
- NGX_INSTALL_PERL_MODULES=install_perl_modules
|
[-]
[+]
|
Deleted |
nginx-0.6.31-DESTDIR.patch
^
|
@@ -1,75 +0,0 @@
-Index: auto/install
-===================================================================
---- auto/install.orig 2007-07-30 12:51:55.000000000 +0200
-+++ auto/install 2008-05-29 18:00:45.383221398 +0200
-@@ -19,45 +19,45 @@ cat << END
-
- install: $NGX_OBJS${ngx_dirsep}nginx${ngx_binext} \
- $NGX_INSTALL_PERL_MODULES
-- test -d '$NGX_PREFIX' || mkdir -p '$NGX_PREFIX'
-+ test -d '\$(DESTDIR)$NGX_PREFIX' || mkdir -p '\$(DESTDIR)$NGX_PREFIX'
-
-- test -d '`dirname "$NGX_SBIN_PATH"`' \
-- || mkdir -p '`dirname "$NGX_SBIN_PATH"`'
-- test ! -f '$NGX_SBIN_PATH' || mv '$NGX_SBIN_PATH' '$NGX_SBIN_PATH.old'
-- cp $NGX_OBJS/nginx '$NGX_SBIN_PATH'
-+ test -d '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' \
-+ || mkdir -p '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`'
-+ test ! -f '\$(DESTDIR)$NGX_SBIN_PATH' || mv '\$(DESTDIR)$NGX_SBIN_PATH' '\$(DESTDIR)$NGX_SBIN_PATH.old'
-+ cp $NGX_OBJS/nginx '\$(DESTDIR)$NGX_SBIN_PATH'
-
-- test -d '$NGX_CONF_PREFIX' || mkdir -p '$NGX_CONF_PREFIX'
-+ test -d '\$(DESTDIR)$NGX_CONF_PREFIX' || mkdir -p '\$(DESTDIR)$NGX_CONF_PREFIX'
-
-- cp conf/koi-win '$NGX_CONF_PREFIX'
-- cp conf/koi-utf '$NGX_CONF_PREFIX'
-- cp conf/win-utf '$NGX_CONF_PREFIX'
-+ cp conf/koi-win '\$(DESTDIR)$NGX_CONF_PREFIX'
-+ cp conf/koi-utf '\$(DESTDIR)$NGX_CONF_PREFIX'
-+ cp conf/win-utf '\$(DESTDIR)$NGX_CONF_PREFIX'
-
-- test -f '$NGX_CONF_PREFIX/mime.types' \
-- || cp conf/mime.types '$NGX_CONF_PREFIX'
-- cp conf/mime.types '$NGX_CONF_PREFIX/mime.types.default'
-+ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types' \
-+ || cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX'
-+ cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types.default'
-
-- test -f '$NGX_CONF_PREFIX/fastcgi_params' \
-- || cp conf/fastcgi_params '$NGX_CONF_PREFIX'
-- cp conf/fastcgi_params '$NGX_CONF_PREFIX/fastcgi_params.default'
-+ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params' \
-+ || cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX'
-+ cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params.default'
-
-- test -f '$NGX_CONF_PATH' || cp conf/nginx.conf '$NGX_CONF_PREFIX'
-- cp conf/nginx.conf '$NGX_CONF_PREFIX/nginx.conf.default'
-+ test -f '\$(DESTDIR)$NGX_CONF_PATH' || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX'
-+ cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
-
-- test -d '`dirname "$NGX_PID_PATH"`' \
-- || mkdir -p '`dirname "$NGX_PID_PATH"`'
-+ test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \
-+ || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`'
-
-- test -d '`dirname "$NGX_HTTP_LOG_PATH"`' || \
-- mkdir -p '`dirname "$NGX_HTTP_LOG_PATH"`'
-+ test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' || \
-+ mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
-
-- test -d '$NGX_PREFIX/html' || cp -r html '$NGX_PREFIX'
-+ test -d '\$(DESTDIR)$NGX_PREFIX/html' || cp -r html '\$(DESTDIR)$NGX_PREFIX'
- END
-
-
--if test -n "$NGX_ERROR_LOG_PATH"; then
-+if test -n "\$(DESTDIR)$NGX_ERROR_LOG_PATH"; then
- cat << END >> $NGX_MAKEFILE
-
-- test -d '`dirname "$NGX_ERROR_LOG_PATH"`' || \
-- mkdir -p '`dirname "$NGX_ERROR_LOG_PATH"`'
-+ test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' || \
-+ mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`'
- END
-
- fi
|
[-]
[+]
|
Deleted |
nginx-0.6.31_default_config.patch
^
|
@@ -1,71 +0,0 @@
-Index: conf/nginx.conf
-===================================================================
---- conf/nginx.conf.orig 2009-04-06 15:43:46.000000000 +0200
-+++ conf/nginx.conf 2009-05-08 20:19:55.436773498 +0200
-@@ -1,12 +1,12 @@
-
--#user nobody;
-+user nginx;
- worker_processes 1;
-
--#error_log logs/error.log;
--#error_log logs/error.log notice;
--#error_log logs/error.log info;
-+#error_log /var/log/nginx/error.log;
-+#error_log /var/log/nginx/error.log notice;
-+#error_log /var/log/nginx/error.log info;
-
--#pid logs/nginx.pid;
-+#pid /var/run/nginx.pid;
-
-
- events {
-@@ -22,7 +22,7 @@ http {
- # '$status $body_bytes_sent "$http_referer" '
- # '"$http_user_agent" "$http_x_forwarded_for"';
-
-- #access_log logs/access.log main;
-+ #access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-@@ -38,10 +38,10 @@ http {
-
- #charset koi8-r;
-
-- #access_log logs/host.access.log main;
-+ #access_log /var/log/nginx/host.access.log main;
-
- location / {
-- root html;
-+ root /srv/www/htdocs/;
- index index.html index.htm;
- }
-
-@@ -51,7 +51,7 @@ http {
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
-- root html;
-+ root /srv/www/htdocs/;
- }
-
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-@@ -87,7 +87,7 @@ http {
- # server_name somename alias another.alias;
-
- # location / {
-- # root html;
-+ # root /srv/www/htdocs/;
- # index index.html index.htm;
- # }
- #}
-@@ -110,7 +110,7 @@ http {
- # ssl_prefer_server_ciphers on;
-
- # location / {
-- # root html;
-+ # root /srv/www/htdocs/;
- # index index.html index.htm;
- # }
- #}
|
[-]
[+]
|
Deleted |
nginx-0.6.38-html.patch
^
|
@@ -1,14 +0,0 @@
-Index: auto/install
-===================================================================
---- auto/install.orig
-+++ auto/install
-@@ -54,8 +54,7 @@
- test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' || \
- mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
-
-- test -d '\$(DESTDIR)$NGX_PREFIX/html' \
-- || cp -r html '\$(DESTDIR)$NGX_PREFIX'
-+ test -d '\$(DESTDIR)/srv/www/htdocs' || install -d '\$(DESTDIR)/srv/www/' && cp -r html '\$(DESTDIR)/srv/www/htdocs'
- END
-
-
|
[-]
[+]
|
Deleted |
openssl-rc4tilt.patch
^
|
@@ -1,17 +0,0 @@
-Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch.
-diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c
---- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200
-@@ -3844,6 +3844,11 @@
- (TLS1_get_version(s) < TLS1_2_VERSION))
- continue;
-
-+ /* Disable RC4 for TLS v1.1+ */
-+ if ((c->algorithm_enc == SSL_RC4) &&
-+ (TLS1_get_version(s) >= TLS1_1_VERSION))
-+ continue;
-+
- ssl_set_cert_masks(cert,c);
- mask_k = cert->mask_k;
- mask_a = cert->mask_a;
-Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
|
[-]
[+]
|
Deleted |
openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch
^
|
@@ -1,5227 +0,0 @@
-From d21c75c622eb13a80080ed15fa30474f806a0a0f Mon Sep 17 00:00:00 2001
-From: Vlad Krasnov <vlad@cloudflare.com>
-Date: Fri, 12 Feb 2016 18:25:11 -0800
-Subject: [PATCH] Implementation of draft and RFC versions of CHACHA20-POLY1305
- ciphers
-
----
- Configure | 48 +-
- Makefile.org | 4 +-
- apps/speed.c | 30 +-
- crypto/chacha20poly1305/Makefile | 97 +++
- crypto/chacha20poly1305/asm/chacha20_avx.pl | 408 +++++++++++
- crypto/chacha20poly1305/asm/chacha20_avx2.pl | 443 ++++++++++++
- crypto/chacha20poly1305/asm/poly1305_avx.pl | 732 ++++++++++++++++++++
- crypto/chacha20poly1305/asm/poly1305_avx2.pl | 984 +++++++++++++++++++++++++++
- crypto/chacha20poly1305/asm/poly1305_x64.pl | 281 ++++++++
- crypto/chacha20poly1305/chacha20.c | 162 +++++
- crypto/chacha20poly1305/chacha20poly1305.h | 79 +++
- crypto/chacha20poly1305/chapolytest.c | 470 +++++++++++++
- crypto/chacha20poly1305/poly1305.c | 287 ++++++++
- crypto/cryptlib.c | 10 -
- crypto/evp/Makefile | 7 +-
- crypto/evp/e_chacha20poly1305.c | 435 ++++++++++++
- crypto/evp/evp.h | 4 +
- ssl/s3_lib.c | 119 ++++
- ssl/ssl.h | 2 +
- ssl/ssl_ciph.c | 60 +-
- ssl/ssl_locl.h | 2 +
- ssl/tls1.h | 28 +
- test/Makefile | 17 +-
- 23 files changed, 4655 insertions(+), 54 deletions(-)
- create mode 100644 crypto/chacha20poly1305/Makefile
- create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx.pl
- create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx2.pl
- create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx.pl
- create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx2.pl
- create mode 100644 crypto/chacha20poly1305/asm/poly1305_x64.pl
- create mode 100644 crypto/chacha20poly1305/chacha20.c
- create mode 100644 crypto/chacha20poly1305/chacha20poly1305.h
- create mode 100644 crypto/chacha20poly1305/chapolytest.c
- create mode 100644 crypto/chacha20poly1305/poly1305.c
- create mode 100644 crypto/evp/e_chacha20poly1305.c
-
-diff --git a/Configure b/Configure
-index 4a715dc..f3ab6cd 100755
---- a/Configure
-+++ b/Configure
-@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket";
- my $bits1="THIRTY_TWO_BIT ";
- my $bits2="SIXTY_FOUR_BIT ";
-
--my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
-+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o::";
-
- my $x86_elf_asm="$x86_asm:elf";
-
--my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
--my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
--my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
--my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
--my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
--my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
-+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o::chacha20_avx.o chacha20_avx2.o poly1305_x64.o poly1305_avx2.o";
-+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:::void";
-+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o:::void";
-+my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o::::::::::::::void";
-+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o:::void";
-+my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::::";
- my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
--my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
--my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
--my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
--my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
--my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
--my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
-+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o::";
-+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o:::void";
-+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o::";
-+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::32";
-+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::64";
-+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o::";
- my $ppc32_asm=$ppc64_asm;
--my $no_asm="::::::::::::::::void";
-+my $no_asm=":::::::::::::::::void";
-
- # As for $BSDthreads. Idea is to maintain "collective" set of flags,
- # which would cover all BSD flavors. -pthread applies to them all,
-@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++;
- my $idx_cmll_obj = $idx++;
- my $idx_modes_obj = $idx++;
- my $idx_engines_obj = $idx++;
-+my $idx_chapoly_obj = $idx++;
- my $idx_perlasm_scheme = $idx++;
- my $idx_dso_scheme = $idx++;
- my $idx_shared_target = $idx++;
-@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h";
- my $bn_asm ="bn_asm.o";
- my $des_enc="des_enc.o fcrypt_b.o";
- my $aes_enc="aes_core.o aes_cbc.o";
-+my $chapoly_enc="";
- my $bf_enc ="bf_enc.o";
- my $cast_enc="c_enc.o";
- my $rc4_enc="rc4_enc.o rc4_skey.o";
-@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/]
-
- print "IsMK1MF=$IsMK1MF\n";
-
--my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 31 , -1);
- my $cc = $fields[$idx_cc];
- # Allow environment CC to override compiler...
- if($ENV{CC}) {
-@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj];
- my $cmll_obj = $fields[$idx_cmll_obj];
- my $modes_obj = $fields[$idx_modes_obj];
- my $engines_obj = $fields[$idx_engines_obj];
-+my $chapoly_obj = $fields[$idx_chapoly_obj];
- my $perlasm_scheme = $fields[$idx_perlasm_scheme];
- my $dso_scheme = $fields[$idx_dso_scheme];
- my $shared_target = $fields[$idx_shared_target];
-@@ -1405,7 +1408,7 @@ if ($no_asm)
- {
- $cpuid_obj=$bn_obj=$ec_obj=
- $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
-- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
-+ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=$chapoly_obj="";
- }
-
- if (!$no_shared)
-@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
- $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
- $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
- $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
-+if ($chapoly_obj =~ /\.o$/)
-+ {
-+ $cflags.=" -DCHAPOLY_x86_64_ASM";
-+ }
-+else
-+ {
-+ $chapoly_obj=$chapoly_enc;
-+ }
- if ($sha1_obj =~ /\.o$/)
- {
- # $sha1_obj=$sha1_enc;
-@@ -1740,6 +1751,7 @@ while (<IN>)
- s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
- s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
- s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
-+ s/^CHAPOLY_ENC=.*$/CHAPOLY_ENC= $chapoly_obj/;
- s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
- s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
- s/^PROCESSOR=.*/PROCESSOR= $processor/;
-@@ -1802,6 +1814,7 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n";
- print "CMLL_ENC =$cmll_obj\n";
- print "MODES_OBJ =$modes_obj\n";
- print "ENGINES_OBJ =$engines_obj\n";
-+print "CHAPOLY_ENC =$chapoly_obj\n";
- print "PROCESSOR =$processor\n";
- print "RANLIB =$ranlib\n";
- print "ARFLAGS =$arflags\n";
-@@ -2200,7 +2213,7 @@ sub print_table_entry
- my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags,
- $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj,
- $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj,
-- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj,
-+ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, $chapoly_obj,
- $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
- $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
- split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-@@ -2231,6 +2244,7 @@ sub print_table_entry
- \$cmll_obj = $cmll_obj
- \$modes_obj = $modes_obj
- \$engines_obj = $engines_obj
-+\$chapoly_obj = $chapoly_obj
- \$perlasm_scheme = $perlasm_scheme
- \$dso_scheme = $dso_scheme
- \$shared_target= $shared_target
-diff --git a/Makefile.org b/Makefile.org
-index 76fdbdf..6556ef6 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o
- EC_ASM=
- DES_ENC= des_enc.o fcrypt_b.o
- AES_ENC= aes_core.o aes_cbc.o
-+CHAPOLY_ENC=
- BF_ENC= bf_enc.o
- CAST_ENC= c_enc.o
- RC4_ENC= rc4_enc.o
-@@ -148,7 +149,7 @@ SDIRS= \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-- cms pqueue ts jpake srp store cmac
-+ cms pqueue ts jpake srp store cmac chacha20poly1305
- # keep in mind that the above list is adjusted by ./Configure
- # according to no-xxx arguments...
-
-@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
|
|
Deleted |
1.13.35.1-x64.tar.gz
^
|
|
Changed |
1.13.35.2-x64.tar.gz
^
|
[-]
[+]
|
Changed |
_service
^
|
@@ -2,6 +2,11 @@
<service name="download_url">
<param name="host">nginx.org</param>
<param name="protocol">http</param>
- <param name="path">/download/nginx-1.13.7.tar.gz</param>
+ <param name="path">/download/nginx-1.18.0.tar.gz</param>
</service>
-<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.13.7.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services>
\ No newline at end of file
+ <service name="download_url">
+ <param name="host">www.openssl.org</param>
+ <param name="protocol">https</param>
+ <param name="path">/source/openssl-1.1.1h.tar.gz</param>
+ </service>
+</services>
|
|
Changed |
_service:download_url:nginx-1.18.0.tar.gz
^
|
|
Deleted |
_service:download_url:openssl-1.1.0g.tar.gz
^
|
|
Added |
_service:download_url:openssl-1.1.1h.tar.gz
^
|
[-]
[+]
|
Deleted |
magento-sample.conf-disabled
^
|
@@ -1,113 +0,0 @@
-server {
- include /etc/nginx/port.conf;
- server_name example.com;
- return 301 $scheme://www.example.com$request_uri;
-}
-
-server {
- include /etc/nginx/port.conf;
- #listen 443 ssl;
- server_name www.example.com; ## Domain is here
- root /var/www/html;
- access_log /var/log/nginx/access_www.example.com.log main;
-
- if ($http_user_agent = "") { return 444;}
-
- ####################################################################################
- ## SSL CONFIGURATION
-
- #ssl_certificate /etc/ssl/certs/www_server_com.chained.crt;
- #ssl_certificate_key /etc/ssl/certs/server.key;
-
- ####################################################################################
- ## Server maintenance block. insert dev ip 1.2.3.4 static address www.whatismyip.com
-
- #if ($remote_addr !~ "^(1.2.3.4|1.2.3.4)$") {
- #return 503;
- #}
-
- #error_page 503 @maintenance;
- #location @maintenance {
- #rewrite ^(.*)$ /error_page/503.html break;
- #internal;
- #access_log off;
- #log_not_found off;
- #}
-
- ####################################################################################
- ## 403 error log/page
-
- #error_page 403 /403.html;
- #location = /403.html {
- #root /var/www/html/error_page;
- #internal;
- #access_log /var/log/nginx/403.log error403;
- #}
-
- ####################################################################################
- ## Main Magento location
-
- location / {
- try_files $uri $uri/ @handler;
- }
-
- ####################################################################################
- ## These locations would be hidden by .htaccess normally, protected
-
- location ~ (/(app/|includes/|pkginfo/|var/|errors/local.xml)|/\.) {
- deny all;
- }
-
- ####################################################################################
- ## Protecting /admin/ and /downloader/ 1.2.3.4 = static ip (www.whatismyip.com)
-
- #location /downloader/ {
- #allow 1.2.3.4; allow 1.2.3.4; deny all;
- #rewrite ^/downloader/(.*)$ /downloader/index.php$1;
- #}
- #location /admin {
- #allow 1.2.3.4; allow 1.2.3.4; deny all;
- #rewrite / /@handler;
- #}
-
- ####################################################################################
- ## Images, scripts and styles set far future Expires header
-
- location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
- open_file_cache max=10000 inactive=8h;
- open_file_cache_valid 1h;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
- expires max;
- log_not_found off;
- access_log off;
- }
-
- ####################################################################################
- ## Main Magento location
-
- location @handler {
- rewrite / /index.php?$args;
- }
-
- location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
- rewrite ^(.*.php)/ $1 last;
- }
-
- ####################################################################################
- ## Execute PHP scripts
-
- location ~ .php$ {
- add_header X-UA-Compatible 'IE=Edge,chrome=1';
- add_header X-Time-Spent $request_time;
- try_files $uri $uri/ =404;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- ## Store code with multi domain
- #fastcgi_param MAGE_RUN_CODE $storecode;
- ## Default Store code
- fastcgi_param MAGE_RUN_CODE default;
- fastcgi_param MAGE_RUN_TYPE store; ## or website;
- include fastcgi_params; ## See /etc/nginx/fastcgi_params
- }
- }
|
[-]
[+]
|
Deleted |
naxsi-0.55.3.tar.gz/naxsi_src/nginx.conf.example
^
|
@@ -1,36 +0,0 @@
-master_process off;
-worker_processes 1;
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
-events {
- worker_connections 1024;
-}
-http {
- include /tmp/naxsi_ut/naxsi_core.rules;
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- server {
- listen 4242;
- server_name localhost;
- location / {
- LearningMode;
- SecRulesEnabled;
- DeniedUrl "/50x.html";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$EVADE >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- error_log /tmp/ngx_error.log debug;
- access_log /tmp/ngx_access.log;
- root html;
- index index.html index.htm;
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root html;
- }
- }
-}
-
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/.travis.yml
^
|
@@ -10,7 +10,7 @@
env:
global:
- VER_NGINX=1.9.11
- - COV=1
+ - COV=0
compiler:
- clang
@@ -27,7 +27,7 @@
- cd ./naxsi_src
- if [ "$CC" == "clang" ]; then COV=0; fi
- make
- - cpanm -v --notest Test::Nginx
+ - sudo cpanm -v --notest Test::Nginx
before_script:
- lcov --directory "../nginx-${VER_NGINX}" --zerocounters
@@ -39,7 +39,3 @@
- cat /tmp/ngx_error.log
- cat /tmp/ngx_access.log
-after_success:
- - lcov --list naxsi.info
- - coveralls-lcov --repo-token ${COVERALLS_TOKEN} naxsi.info
-
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/README.md
^
|
@@ -4,6 +4,8 @@
[![travis-ci](https://travis-ci.org/nbs-system/naxsi.svg?branch=master)](https://travis-ci.org/nbs-system/naxsi)
[![coveralls](https://coveralls.io/repos/github/nbs-system/naxsi/badge.svg?branch=master)](https://coveralls.io/github/nbs-system/naxsi?branch=master)
[![codecov](http://codecov.io/github/nbs-system/naxsi/coverage.svg?branch=master)](http://codecov.io/github/nbs-system/naxsi?branch=master)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/740/badge)](https://bestpractices.coreinfrastructure.org/projects/740)
+[![Gitter](https://img.shields.io/gitter/room/nwjs/nw.js.svg)](https://gitter.im/nbs-system/naxsi)
### We need your help
@@ -41,7 +43,7 @@
and free (as in free beer) to use.
## What does it run on?
-Naxsi is compatible with any nginx version, although it currently doesn't play well with the new HTTPv2 protocol added in recent nginx versions. See [issue #227]( https://github.com/nbs-system/naxsi/issues/227 ) for more details.
+Naxsi should be compatible with any nginx version.
It depends on `libpcre` for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS.
@@ -50,3 +52,12 @@
- The [documentation](https://github.com/nbs-system/naxsi/wiki)
- Some [rules]( https://github.com/nbs-system/naxsi-rules ) for mainstream software
- The [nxapi/nxtool]( https://github.com/nbs-system/naxsi/tree/master/nxapi ) to generate rules
+
+
+<img alt="nxapi-dashboard logo" src="https://raw.githubusercontent.com/wiki/nbs-system/naxsi/Images/kibana.png" align="center"/>
+
+## Security issues
+If you find a security issue, please send it by email to `tko@nbs-system.com`;
+you can use the gpg key
+[0x251A28DE2685AED4](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x251A28DE2685AED4)
+to encrypt it.
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/naxsi_config/naxsi_core.rules
^
|
@@ -69,7 +69,7 @@
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-MainRule "rx:%[2|3]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/naxsi_src/Makefile
^
|
@@ -1,75 +1,113 @@
CORE_VERS := $(shell grep NAXSI_VERSION naxsi.h | cut -d '"' -f 2)
MOD_PATH := $(shell pwd)
-TMP_DIR := /tmp/nginx/
+TMP_DIR := /tmp/nginx/
# Keys for coverity
CAN :=
CAK :=
-#Set to 1 if you want coverage report
-COV ?= 1
+#Mode: coverage, fuzz, or base
+COV ?= 0
+FUZZ ?= 0
+STOCK ?= 1
#Allows to force for specific UT only
-#TEST := "29*.t"
-NGINX_VERS := "1.9.11"
+#TEST := ""
+NGINX_VERS := "1.12.2"
-NGINX_OPTIONS="--error-log-path=/tmp/naxsi_ut/error.log"
+
+NGINX_OPTIONS="--with-select_module"
NGINX_OPTIONS+="--conf-path=/tmp/naxsi_ut/nginx.conf"
NGINX_OPTIONS+="--http-client-body-temp-path=/tmp/naxsi_ut/body/"
NGINX_OPTIONS+="--http-fastcgi-temp-path=/tmp/naxsi_ut/fastcgi/"
-NGINX_OPTIONS+="--http-log-path=/tmp/naxsi_ut/access.log"
NGINX_OPTIONS+="--http-proxy-temp-path=/tmp/naxsi_ut/proxy/"
NGINX_OPTIONS+="--lock-path=/tmpnginx.lock"
NGINX_OPTIONS+="--pid-path=/tmp/naxsi_ut/nginx.pid"
NGINX_OPTIONS+="--modules-path=/tmp/naxsi_ut/modules/"
-NGINX_OPTIONS+="--with-http_ssl_module"
NGINX_OPTIONS+="--without-mail_pop3_module"
NGINX_OPTIONS+="--without-mail_smtp_module"
NGINX_OPTIONS+="--without-mail_imap_module"
+NGINX_OPTIONS+="--with-http_v2_module"
NGINX_OPTIONS+="--without-http_uwsgi_module"
NGINX_OPTIONS+="--without-http_scgi_module"
-NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)"
-NGINX_OPTIONS+="--with-ipv6"
+#dynamic or not NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)"
NGINX_OPTIONS+="--prefix=/tmp"
-NGINX_OPTIONS+="--with-debug"
-CFLAGS:="-Wall -Wextra"
+CFLAGS:="-Wall -Wextra -Werror"
all: nginx_download configure build install deploy
re: clean all test
+
+FUZZ_PATH := "../fuzz"
+AFL_PATH := $(PWD)"/"$(FUZZ_PATH)"/afl/"
+
+install_afl:
+ mkdir -p $(FUZZ_PATH)
+ cd $(FUZZ_PATH) && (wget -nc --no-clobber "http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz" || exit 1)
+ cd $(FUZZ_PATH) && (test -d $(AFL_PATH) || (mkdir $(FUZZ_PATH)"/afl" && tar -C $(AFL_PATH)/ -xzf afl-latest.tgz --strip-components=1))
+ cd $(FUZZ_PATH) && (make -C $(AFL_PATH) && make -C $(AFL_PATH)"/llvm_mode" clean all afl-clang-fast)
+
+install_preeny:
+ cd $(FUZZ_PATH) && (test -d preeny || git clone https://github.com/zardus/preeny.git)
+ cd $(FUZZ_PATH) && make -C preeny/src/
+
+fuzz_build: install_afl install_preeny
+ mkdir -p $(FUZZ_PATH)
+ STOCK=0 FUZZ=1 make nginx_download
+ cd $(TMP_DIR) && patch -p1 "./src/core/ngx_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_cycle.patch"
+ cd $(TMP_DIR) && patch -p1 "./src/os/unix/ngx_process_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_process_cycle.patch"
+ STOCK=0 FUZZ=1 make configure build install deploy
+
+fuzz:
+ LD_PRELOAD=$(FUZZ_PATH)"/preeny/src/desock.so" $(AFL_PATH)"afl-fuzz" -t 10 -i "../t/fuzz/" -o $(FUZZ_PATH)/findings $(TMP_DIR)/objs/nginx
+
clean:
rm -f "nginx-"$(NGINX_VERS)".tar.gz"
rm -f "nginx-"$(NGINX_VERS)".tar.gz.asc"
rm -rf /tmp/naxsi_ut/
rm -rf $(TMP_DIR)/
+ rm -rf $(FUZZ_PATH)/
nginx_download:
wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz" || exit 1
wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz.asc" || exit 1
- gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8
- gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" || exit 1
+# gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8
+# gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" || exit 1
mkdir -p $(TMP_DIR)/
tar -C $(TMP_DIR)/ -xzf nginx-$(NGINX_VERS).tar.gz --strip-components=1
configure:
+#build non dynamic module (faster) for fuzz/afl
+ifeq ($(FUZZ),1)
+ cd $(TMP_DIR)/ && AFL_PATH=$(AFL_PATH) ./configure --with-cc=$(AFL_PATH)"/llvm_mode/afl-clang-fast" --with-cc-opt="-O3" $(NGINX_OPTIONS) --add-module=$(MOD_PATH) --error-log-path=/dev/null --http-log-path=/dev/null
+endif
+
ifeq ($(COV),1)
- cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS)
-else
- cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS)
+ cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf
endif
+ifeq ($(STOCK),1)
+ cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf
+endif
+
+
build:
- cd $(TMP_DIR)/ && make
- if [ -d "/tmp/naxsi_ut" ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi
+ AFL_PATH=$(AFL_PATH) make -C $(TMP_DIR)
+ if [ -d "/tmp/naxsi_ut" ] && [ -f $(TMP_DIR)/objs/ngx_http_naxsi_module.so ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi
install:
- cd $(TMP_DIR)/ && make install
+ make -C $(TMP_DIR) install
-deploy:
- @cp ./nginx.conf.example /tmp/naxsi_ut/nginx.conf
+deploy:
+ifeq ($(FUZZ),1)
+ @cp ../t/confs/nginx_fuzz.conf.example /tmp/naxsi_ut/nginx.conf
+else
+ @cp ../t/confs/nginx.conf.example /tmp/naxsi_ut/nginx.conf
+endif
@cp ../naxsi_config/naxsi_core.rules /tmp/naxsi_ut/naxsi_core.rules
+ @openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt
# RUN UNIT TESTS
@@ -77,13 +115,10 @@
ifeq ($(COV),1)
lcov --directory $(TMP_DIR) --zerocounters
endif
-
if [ ! $(TEST) ] ; then TEST="*.t" ; fi
-
export PATH="$(TMP_DIR)/objs/:"$(PATH) ; \
- export PERL5LIB="~/perl5/lib/perl5/:/home/travis/perl5/lib/perl5/" ; \
+ export PERL5LIB="~/perl5/lib/perl5/" ;\
cd .. ; prove -r "t/$(TEST)"
-
ifeq ($(COV),1)
lcov --directory $(TMP_DIR)/objs/addon/naxsi_src/ --capture --output-file naxsi.info --base-directory $(TMP_DIR)
genhtml -s -o /tmp/naxsicov.html naxsi.info
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/naxsi_src/naxsi.h
^
|
@@ -32,7 +32,7 @@
#ifndef __FOO_H__
#define __FOO_H__
-#define NAXSI_VERSION "0.55.3"
+#define NAXSI_VERSION "0.56"
#include <nginx.h>
#include <ngx_config.h>
@@ -548,6 +548,7 @@
ngx_http_request_t *r);
int nx_check_ids(ngx_int_t match_id, ngx_array_t *wl_ids);
int naxsi_unescape(ngx_str_t *str);
+u_int naxsi_escape_nullbytes(ngx_str_t *str);
void ngx_http_dummy_json_parse(ngx_http_request_ctx_t *ctx,
ngx_http_request_t *r,
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/naxsi_src/naxsi_json.c
^
|
@@ -91,6 +91,7 @@
if (*(js->src+js->off) == '\\') {
js->off += 2;
if (js->off >= js->len) break;
+ continue;
}
if (*(js->src+js->off) == '"') {
vn_end = js->src+js->off;
@@ -161,7 +162,7 @@
ngx_http_basestr_ruleset_n(js->r->pool, &js->ckey, &val,
js->main_cf->body_rules, js->r, js->ctx,
BODY);
- NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "JSON '%V' : '%V'",
+ NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "quoted-JSON '%V' : '%V'",
&(js->ckey), &(val));
}
return (ret);
@@ -318,7 +319,7 @@
{
ngx_json_t *js;
-
+
js = ngx_pcalloc(r->pool, sizeof(ngx_json_t));
if (!js) return ;
js->json.data = js->src = src;
@@ -327,7 +328,7 @@
js->ctx = ctx;
js->loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_naxsi_module);
js->main_cf = ngx_http_get_module_main_conf(r, ngx_http_naxsi_module);
-
+
if (ngx_http_nx_json_seek(js, '{')) {
ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0);
return ;
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/naxsi_src/naxsi_runtime.c
^
|
@@ -108,6 +108,14 @@
ngx_http_rule_t *nx_int__libinject_sql; /*ID:17*/
ngx_http_rule_t *nx_int__libinject_xss; /*ID:18*/
+ngx_http_rule_t nx_int__no_rules = {/*type*/ 0, /*whitelist flag*/ 0,
+ /*wl_id ptr*/ NULL, /*rule_id*/ 19,
+ /*log_msg*/ NULL, /*score*/ 0,
+ /*sscores*/ NULL,
+ /*sc_block*/ 0, /*sc_allow*/ 0,
+ /*block*/ 0, /*allow*/ 0, /*drop*/ 1, /*log*/ 0,
+ /*br ptrs*/ NULL};
+
@@ -341,38 +349,44 @@
}
ngx_http_whitelist_rule_t *
-nx_find_wl_in_hash(ngx_str_t *mstr,
- ngx_http_dummy_loc_conf_t *cf,
- enum DUMMY_MATCH_ZONE zone)
+nx_find_wl_in_hash(
+ ngx_http_request_t *req,
+ ngx_str_t *mstr,
+ ngx_http_dummy_loc_conf_t *cf,
+ enum DUMMY_MATCH_ZONE zone)
{
-
ngx_int_t k;
ngx_http_whitelist_rule_t *b = NULL;
size_t i;
-
+ ngx_str_t scratch = {.data = mstr->data, .len = mstr->len};
+
+ if (zone == HEADERS) {
+ scratch.data = ngx_pcalloc(req->pool, scratch.len+1);
+ memcpy(scratch.data, mstr->data, scratch.len);
+ }
+
+ for (i = 0; i < scratch.len; i++)
+ scratch.data[i] = tolower(scratch.data[i]);
+
+ k = ngx_hash_key_lc(scratch.data, scratch.len);
- for (i = 0; i < mstr->len; i++)
- mstr->data[i] = tolower(mstr->data[i]);
-
- k = ngx_hash_key_lc(mstr->data, mstr->len);
-
if ((zone == BODY || zone == FILE_EXT) && cf->wlr_body_hash && cf->wlr_body_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_body_hash, k,
- (u_char*) mstr->data,
- mstr->len);
+ (u_char*) scratch.data,
+ scratch.len);
else if (zone == HEADERS && cf->wlr_headers_hash &&
cf->wlr_headers_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_headers_hash, k,
- (u_char*) mstr->data,
- mstr->len);
+ (u_char*) scratch.data,
+ scratch.len);
else if (zone == URL && cf->wlr_url_hash && cf->wlr_url_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_url_hash, k,
- (u_char*) mstr->data,
- mstr->len);
+ (u_char*) scratch.data,
+ scratch.len);
else if (zone == ARGS && cf->wlr_args_hash && cf->wlr_args_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_args_hash, k,
- (u_char*) mstr->data,
- mstr->len);
+ (u_char*) scratch.data,
+ scratch.len);
return (b);
}
@@ -639,7 +653,7 @@
if (name->len > 0) {
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V'", name, r->rule_id, name);
/* try to find in hashtables */
- b = nx_find_wl_in_hash(name, cf, zone);
+ b = nx_find_wl_in_hash(req, name, cf, zone);
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name))
return (1);
/*prefix hash with '#', to find whitelists that would be done only on ARGS_VAR:X|NAME */
@@ -649,7 +663,7 @@
tmp_hashname.data[0] = '#';
memcpy(tmp_hashname.data+1, name->data, name->len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V|NAME'", name, r->rule_id, name);
- b = nx_find_wl_in_hash(&tmp_hashname, cf, zone);
+ b = nx_find_wl_in_hash(req, &tmp_hashname, cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
tmp_hashname.data = NULL;
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name))
@@ -685,7 +699,7 @@
tmp_hashname.len = req->uri.len;
ngx_memcpy(tmp_hashname.data, req->uri.data, req->uri.len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#1 [%V] (rule:%d) ($URL:X|URI)", &(tmp_hashname), r->rule_id);
- b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone);
+ b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
tmp_hashname.data = NULL;
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name))
@@ -699,7 +713,7 @@
tmp_hashname.data[0] = '#';
ngx_memcpy(tmp_hashname.data+1, req->uri.data, req->uri.len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#3 [%V] (rule:%d) ($URL:X|ZONE|NAME)", &(tmp_hashname), r->rule_id);
- b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone);
+ b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
tmp_hashname.data = NULL;
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name))
@@ -718,7 +732,7 @@
strncat((char*)tmp_hashname.data, (char*)name->data, name->len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing MIX [%V] ($URL:x|$X_VAR:y) or ($URL:x|$X_VAR:y|NAME)", &tmp_hashname);
- b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone);
+ b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, MIXED, target_name))
@@ -797,6 +811,10 @@
if (!tmp_uri)
return (NGX_ERROR);
*ret_uri = tmp_uri;
+
+ if (r->uri.len >= (NGX_MAX_UINT32_VALUE/4)-1) {
+ r->uri.len /= 4;
+ }
tmp_uri->len = r->uri.len + (2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len,
NGX_ESCAPE_ARGS));
@@ -880,9 +898,21 @@
strcat(tmp_zone, "FILE_EXT");
if (mr[i].target_name)
strcat(tmp_zone, "|NAME");
+
+ ngx_str_t tmp_val;
+
+ if (mr[i].name->len >= (NGX_MAX_UINT32_VALUE/4)-1) {
+ mr[i].name->len /= 4;
+ }
+
+ tmp_val.len = mr[i].name->len + (2 * ngx_escape_uri(NULL, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT));
+
+ tmp_val.data = ngx_pcalloc(r->pool, tmp_val.len+1);
+ ngx_escape_uri(tmp_val.data, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT);
+
sub = snprintf(0, 0, fmt_rm, i, tmp_zone, i,
- mr[i].rule->rule_id, i, mr[i].name->len,
- mr[i].name->data);
+ mr[i].rule->rule_id, i, tmp_val.len,
+ tmp_val.data);
/*
** This one would not fit :
** append a seed to the current fragment,
@@ -896,7 +926,7 @@
}
sub = snprintf((char *)fragment->data+offset, sz_left,
fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i,
- mr[i].name->len, mr[i].name->data);
+ tmp_val.len, tmp_val.data);
if (sub >= sz_left)
sub = sz_left - 1;
offset += sub;
@@ -1166,7 +1196,7 @@
*/
int
ngx_http_spliturl_ruleset(ngx_pool_t *pool,
- char *str,
+ ngx_str_t *nx_str,
ngx_array_t *rules,
ngx_array_t *main_rules,
ngx_http_request_t *req,
@@ -1174,14 +1204,23 @@
enum DUMMY_MATCH_ZONE zone)
{
ngx_str_t name, val;
- char *eq, *ev, *orig;
+ char *eq, *ev, *orig, *str;
int len, full_len;
int nullbytes=0;
- NX_DEBUG(_debug_spliturl_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
- "XX-check url-like [%s]", str);
+ if (naxsi_escape_nullbytes(nx_str) > 0) {
+ ngx_str_t dummy;
+ dummy.data = NULL;
+ dummy.len = 0;
+ ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, req, &dummy, &dummy, zone, 1, 0);
+ }
+ str = (char *)nx_str->data;
+
+ NX_DEBUG(_debug_spliturl_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
+ "XX-check url-like [%s]", str);
+
orig = str;
full_len = strlen(orig);
while (str < (orig+full_len) && *str) {
@@ -1301,8 +1340,8 @@
enum DUMMY_MATCH_ZONE zone) {
/*
** Libinjection integration :
- ** 1 - check if libinjection_sql is explicitely enabled
- ** 2 - check if libinjection_xss is explicitely enabled
+ ** 1 - check if libinjection_sql is explicitly enabled
+ ** 2 - check if libinjection_xss is explicitly enabled
** if 1 is true : perform check on both name and content,
** in case of match, apply internal rule
** increasing the LIBINJECTION_SQL score
@@ -1345,12 +1384,12 @@
}
int
-ngx_http_basestr_ruleset_n(ngx_pool_t *pool,
+ngx_http_basestr_ruleset_n(ngx_pool_t *pool,
ngx_str_t *name,
ngx_str_t *value,
- ngx_array_t *rules,
- ngx_http_request_t *req,
- ngx_http_request_ctx_t *ctx,
+ ngx_array_t *rules,
+ ngx_http_request_t *req,
+ ngx_http_request_ctx_t *ctx,
enum DUMMY_MATCH_ZONE zone)
{
ngx_http_rule_t *r;
@@ -1389,7 +1428,7 @@
"XX-RULE %d : START", r[i].rule_id);
/* does the rule have a custom location ? custom location means checking only on a specific argument */
- if (name && name->len > 0 && r[i].br->custom_location) {
+ if (name && r[i].br->custom_location) {
location = r[i].br->custom_locations->elts;
/*
@@ -1401,18 +1440,23 @@
*/
for (z = 0; z < r[i].br->custom_locations->nelts; z++) {
- if (location[z].specific_url) {
-
+ if (location[z].specific_url) {
/* if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) */
- if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1)
- uri_constraint_ok = 0;
+ if (r[i].br->rx_mz) {
+
+ if (ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1) {
+ uri_constraint_ok = 0;
+ }
+ }
/* if it was a static string, ensure it matches (ie. BODY_VAR / ARGS_VAR / ..) */
- if ( (!r[i].br->rx_mz) && strncasecmp((const char *) req->uri.data,
- (const char *) location[z].target.data,
- req->uri.len) )
- uri_constraint_ok = 0;
-
+ if (!r[i].br->rx_mz) {
+ if (req->uri.len != location[z].target.len || strncasecmp((const char *) req->uri.data,
+ (const char *) location[z].target.data,
+ req->uri.len) != 0) {
+ uri_constraint_ok = 0;
+ }
+ }
break;
}
}
@@ -1421,8 +1465,11 @@
** if one of the custom location rule specifies an $URL/$URL_X
** and it was mismatched, skip the rule.
*/
- if (uri_constraint_ok == 0)
+ if (uri_constraint_ok == 0) {
+ NX_DEBUG(_debug_basestr_ruleset , NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
+ "XX URI CONSTRAINT MISMATCH, SKIP");
continue;
+ }
/* for each custom location */
for (z = 0; z < r[i].br->custom_locations->nelts; z++) {
@@ -1433,7 +1480,7 @@
!(zone == HEADERS && location[z].headers_var != 0) &&
!(zone == ARGS && location[z].args_var != 0))
continue;
-
+
/* if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) */
if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, name->data, name->len) == -1)
continue;
@@ -1445,7 +1492,6 @@
location[z].target.len)) )
continue;
-
NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
"XX-[SPECIFIC] check one rule [%d] iteration %d * %d", r[i].rule_id, i, z);
@@ -1490,20 +1536,25 @@
(zone == FILE_EXT && r[i].br->file_ext) ) {
- NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
- "XX-test rulematch [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match);
-
+ /*
+ ** If the Rule **specifically** targets name (ie. mz:BODY|NAME), only check against name
+ */
+ if (!r[i].br->target_name) {
+ NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
+ "XX-test rulematch (value) [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match);
+
- /* check the rule against the value*/
- ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match);
- /*if our rule matched, apply effects (score etc.)*/
- if (ret == 1) {
- NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
- "XX-apply rulematch!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match);
-
- ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0);
+ /* check the rule against the value*/
+ ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match);
+ /*if our rule matched, apply effects (score etc.)*/
+ if (ret == 1) {
+ NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
+ "XX-apply rulematch (value) [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match);
+
+ ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0);
+ }
}
-
+
if (!r[i].br->negative) {
NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
"XX-test rulematch [against-name]!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match);
@@ -2000,8 +2051,8 @@
NX_DEBUG(_debug_post_heavy, NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"XX-POST DATA [%V]", &tmp);
-
- if(ngx_http_spliturl_ruleset(r->pool, (char *)tmp.data,
+
+ if(ngx_http_spliturl_ruleset(r->pool, &tmp,
cf->body_rules, main_cf->body_rules,
r, ctx, BODY)) {
ngx_http_apply_rulematch_v_n(&nx_int__uncommon_url, ctx, r, NULL, NULL, BODY, 1, 0);
@@ -2018,6 +2069,11 @@
(u_char *) "application/json", 16)) {
ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len);
}
+ /* 22 = echo -n "application/csp-report" | wc -c */
+ else if (!ngx_strncasecmp(r->headers_in.content_type->value.data,
+ (u_char *) "application/csp-report", 22)) {
+ ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len);
+ }
else {
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"[POST] Unknown content-type");
@@ -2057,7 +2113,9 @@
if ( (ctx->block && !ctx->learning) || ctx->drop )
return ;
if (!main_cf->generic_rules && !cf->generic_rules) {
- dummy_error_fatal(ctx, r, "no generic rules ?!");
+ tmp.data = NULL;
+ tmp.len = 0;
+ ngx_http_apply_rulematch_v_n(&nx_int__no_rules, ctx, r, &tmp, &tmp, URL, 1, 0);
return ;
}
tmp.len = r->uri.len;
@@ -2067,6 +2125,12 @@
return ;
}
memcpy(tmp.data, r->uri.data, r->uri.len);
+ if (naxsi_escape_nullbytes(&tmp) > 0) {
+ ngx_str_t tmp_name, tmp_val;
+ tmp_name.data = tmp_val.data = NULL;
+ tmp_name.len = tmp_val.len = 0;
+ ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &tmp_name, &tmp_val, URL, 1, 0);
+ }
name.data = NULL;
name.len = 0;
if (cf->generic_rules)
@@ -2098,7 +2162,8 @@
return ;
}
memcpy(tmp.data, r->args.data, r->args.len);
- if(ngx_http_spliturl_ruleset(r->pool, (char *)tmp.data,
+
+ if(ngx_http_spliturl_ruleset(r->pool, &tmp,
cf->get_rules, main_cf->get_rules, r,
ctx, ARGS)) {
dummy_error_fatal(ctx, r,
@@ -2116,6 +2181,7 @@
ngx_list_part_t *part;
ngx_table_elt_t *h;
unsigned int i;
+ ngx_str_t lowcase_header;
if (!cf->header_rules && !main_cf->header_rules)
return ;
@@ -2133,11 +2199,19 @@
h = part->elts;
i = 0;
}
+ lowcase_header.data = h[i].lowcase_key;
+ lowcase_header.len = h[i].key.len;
+ if (naxsi_escape_nullbytes(&lowcase_header) > 0) {
+ ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 1);
+ }
+ if (naxsi_escape_nullbytes(&h[i].value) > 0) {
+ ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 0);
+ }
if (cf->header_rules)
- ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value),
+ ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value),
cf->header_rules, r, ctx, HEADERS);
if (main_cf->header_rules)
- ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value),
+ ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value),
main_cf->header_rules, r, ctx, HEADERS);
}
return ;
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/naxsi_src/naxsi_utils.c
^
|
@@ -85,6 +85,20 @@
return (NULL);
}
+u_int naxsi_escape_nullbytes(ngx_str_t *str) {
+
+ size_t i = 0;
+ u_int nullbytes = 0;
+
+ for (i = 0; i < str->len; i++) {
+ if (str->data[i] == 0) {
+ str->data[i] = '0';
+ nullbytes++;
+ }
+ }
+ return nullbytes;
+}
+
/* unescape routine, returns number of nullbytes present */
int naxsi_unescape(ngx_str_t *str) {
u_char *dst, *src;
@@ -756,32 +770,32 @@
//encode uri
tmp_uri.len = req->uri.len + (2 * ngx_escape_uri(NULL, req->uri.data, req->uri.len,
- NGX_ESCAPE_ARGS));
+ NGX_ESCAPE_URI_COMPONENT));
tmp_uri.data = ngx_pcalloc(req->pool, tmp_uri.len+1);
if (tmp_uri.data == NULL)
return ;
- ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_ARGS);
+ ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_URI_COMPONENT);
//encode val
if (val->len <= 0)
tmp_val = empty;
else {
tmp_val.len = val->len + (2 * ngx_escape_uri(NULL, val->data, val->len,
- NGX_ESCAPE_ARGS));
+ NGX_ESCAPE_URI_COMPONENT));
tmp_val.data = ngx_pcalloc(req->pool, tmp_val.len+1);
if (tmp_val.data == NULL)
return ;
- ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_ARGS);
+ ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_URI_COMPONENT);
}
//encode name
if (name->len <= 0)
tmp_name = empty;
else {
tmp_name.len = name->len + (2 * ngx_escape_uri(NULL, name->data, name->len,
- NGX_ESCAPE_ARGS));
+ NGX_ESCAPE_URI_COMPONENT));
tmp_name.data = ngx_pcalloc(req->pool, tmp_name.len+1);
if (tmp_name.data == NULL)
return ;
- ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_ARGS);
+ ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_URI_COMPONENT);
}
ngx_log_error(NGX_LOG_ERR, req->connection->log, 0,
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/nxapi/README.md
^
|
@@ -311,18 +311,20 @@
}
Here is how nxtool will use this to generate whitelists:
- 1. extract global_filters from nxapi.json, and create the base ES filter :
- { "whitelisted" : "false" }
- 2. merge base ES filter with provided cmd line filter (--filter, -s www.x1.fr)
- { "whitelisted" : "false", "server" : "www.x1.fr" }
- 3. For each static field of the template, merge it in base ES filter :
- { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" }
- 4. For each field to be expanded (value is `?`) :
- 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here)
- 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores.
- { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"}
- { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"}
- 5. For each final set that provided results, output a whitelist.
+
+1. extract global_filters from nxapi.json, and create the base ES filter: `{ "whitelisted" : "false" }`
+2. merge base ES filter with provided cmd line filter (`--filter`, `-s www.x1.fr`): `{ "whitelisted" : "false", "server" : "www.x1.fr" }`
+3. For each static field of the template, merge it in base ES filter: `{ "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" }`
+4. For each field to be expanded (value is `?`) :
+
+ 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here)
+
+ 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores:
+
+ { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"}
+ { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"}
+
+5. For each final set that provided results, output a whitelist.
Templates support :
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/nxapi/nxapi.json
^
|
@@ -3,6 +3,8 @@
"host" : "127.0.0.1:9200",
"use_ssl" : false,
"index" : "nxapi",
+ "number_of_shards" : "4",
+ "number_of_replicas" : "0",
"doctype" : "events",
"default_ttl" : "7200",
"max_size" : "1000",
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/nxapi/nxapi/nxparse.py
^
|
@@ -67,6 +67,7 @@
print "Unable to get syslog host and port"
sys.exit(1)
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+ s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
s.bind((host,port))
s.listen(10)
@@ -406,6 +407,12 @@
try:
self.es.indices.create(
index=self.cfg["elastic"]["index"],
+ body = {
+ "settings" : {
+ "number_of_shards": self.cfg["elastic"]["number_of_shards"],
+ "number_of_replicas": self.cfg["elastic"]["number_of_replicas"]
+ }
+ },
ignore=400 # Ignore 400 cause by IndexAlreadyExistsException when creating an index
)
except Exception as idxadd_error:
@@ -439,7 +446,12 @@
index=self.cfg["elastic"]["index"],
doc_type=self.cfg["elastic"]["doctype"],
# id=repo_name,
- body={},
+ body = {
+ "settings" : {
+ "number_of_shards": self.cfg["elastic"]["number_of_shards"],
+ "number_of_replicas": self.cfg["elastic"]["number_of_replicas"]
+ }
+ },
ignore=409 # 409 - conflict - would be returned if the document is already there
)
except Exception as idxadd_error:
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/nxapi/nxtool.py
^
|
@@ -275,7 +275,12 @@
# statistics
if options.stats is True:
print translate.red.format("# Whitelist(ing) ratio :")
- translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2)
+ for e in translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2):
+ try:
+ list_e = e.split()
+ print '# {0} {1} {2}{3}'.format(translate.grn.format(list_e[0]), list_e[1], list_e[2], list_e[3])
+ except:
+ print "--malformed--"
print translate.red.format("# Top servers :")
for e in translate.fetch_top(cfg.cfg["global_filters"], "server", limit=10):
try:
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/t/01naxsi_whitelists.t
^
|
@@ -272,7 +272,7 @@
return 412;
}
--- more_headers
-Cookie: foobar
+cookie: foobar
--- request
GET /another-page
--- error_code: 200
@@ -361,7 +361,7 @@
return 412;
}
--- more_headers
-COOKIE: foobar
+cookie: foobar
--- request
GET /another-page
--- error_code: 200
@@ -1192,3 +1192,81 @@
--- request
GET /?a123a=lol
--- error_code: 200
+=== WL TEST 20.0 : wl:0 in cookies (#405)
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK;
+--- config
+location / {
+ SecRulesEnabled;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- more_headers
+Cookie: 123
+--- request
+GET /
+--- error_code: 412
+=== WL TEST 20.1 : wl:0 in cookies (#405)
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK;
+--- config
+location / {
+ SecRulesEnabled;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- more_headers
+Cookie: 124
+--- request
+GET /
+--- error_code: 200
+=== WL TEST 20.0 : wl:0 in cookies (#405)
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK;
+--- config
+location / {
+ SecRulesEnabled;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ BasicRule wl:0 "mz:$HEADERS_VAR:cookie";
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- more_headers
+Cookie: 123
+--- request
+GET /
+--- error_code: 200
+
+
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/t/02naxsi_bypass.t
^
|
@@ -317,3 +317,30 @@
--- request
GET /?val&
--- error_code: 412
+=== TEST 5.1: DENY : XSS bypass vector true nullbyte
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+location / {
+ #LearningMode;
+ SecRulesEnabled;
+ DeniedUrl "/RequestDenied";
+CheckRule "$SQL >= 8" BLOCK;
+CheckRule "$RFI >= 2" BLOCK;
+CheckRule "$TRAVERSAL >= 4" BLOCK;
+CheckRule "$XSS >= 8" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- more_headers
+Content-Type: application/x-www-form-urlencoded
+--- request eval
+use URI::Escape;
+"POST /foobar
+a=a�<><><>"
+--- error_code: 412
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/t/11naxsi_newstyle_config.t
^
|
@@ -75,7 +75,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -134,7 +134,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -193,7 +193,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -252,7 +252,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -311,7 +311,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -370,7 +370,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -429,7 +429,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -493,7 +493,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -557,7 +557,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -621,7 +621,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -681,7 +681,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -741,7 +741,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -808,7 +808,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -877,7 +877,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -946,7 +946,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1015,7 +1015,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1078,7 +1078,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1146,7 +1146,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1211,7 +1211,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1276,7 +1276,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1343,7 +1343,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1411,7 +1411,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1478,7 +1478,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1547,7 +1547,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1615,7 +1615,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1682,7 +1682,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1749,7 +1749,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1816,7 +1816,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1880,7 +1880,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1947,7 +1947,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2011,7 +2011,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2075,7 +2075,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2139,7 +2139,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2203,7 +2203,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2267,7 +2267,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2331,7 +2331,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/t/14json.t
^
|
@@ -740,3 +740,35 @@
\"fu\" : { \"aa\" : \"bb\"
}"
--- error_code: 412
+
+=== JSON14 : bug_418
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+set $naxsi_extensive_log 1;
+location / {
+ SecRulesEnabled;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+ error_page 405 = $uri;
+}
+location /RequestDenied {
+ return 412;
+}
+--- more_headers
+Content-Type: application/json
+--- request eval
+use URI::Escape;
+"POST /
+{
+ \"error\":
+ \"ERROR_REPORT:{\\\"request\\\":{\\\"bar\\\":\\\"\\\"},\\\"response\\\":{\\\"bar\\\":[{\\\"schema_id\\\":\\\"foo\\\"}]}}\"
+}"
+--- error_code: 412
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/t/28log.t
^
|
@@ -79,8 +79,8 @@
--- error_code: 404
--- error_log eval
[qr@NAXSI_FMT: ip=127\.0\.0\.1&server=localhost&uri=/x,y&learning=1&vers=[^&]+&total_processed=1&total_blocked=1&block=1&cscore0=\$SQL&score0=8&zone0=URL&id0=1015&var_name0=&zone1=ARGS&id1=1015&var_name1=uuu@,
-qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y,@,
-qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=ARGS&var_name=uuu&content=b,c@
+qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy@,
+qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=ARGS&var_name=uuu&content=b%2Cc@
]
=== TEST 1.4 : learning + no-block score + naxsi_extensive_log, NAXSI_EXLOG only
--- main_config
@@ -104,7 +104,7 @@
GET /x,y?uuu=bc
--- error_code: 404
--- error_log eval
-qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y, client: 127\.0\.0\.1,@
+qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy, client: 127\.0\.0\.1,@
--- no_error_log
NAXSI_FMT
=== TEST 1.6 : learning + block-score + naxsi_extensive_log, NAXSI_EXLOG only
|
[-]
[+]
|
Changed |
naxsi-0.56.tar.gz/t/29regression.t
^
|
@@ -209,3 +209,70 @@
"POST /wp-json/wp/v2/posts/111
id=1a&foo2=bar2"
--- error_code: 412
+=== WL TEST 3.0: false-positive on virtual-patch with empty var name
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485;
+--- config
+location / {
+ SecRulesEnabled;
+ CheckRule "$LOG_TEST >= 1" LOG;
+ CheckRule "$UWA >= 8" BLOCK;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 4" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- request
+GET /?a=bui&FOOBAR
+--- error_code: 200
+=== WL TEST 3.0: false-positive on virtual-patch with empty var name
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485;
+--- config
+location / {
+ SecRulesEnabled;
+ CheckRule "$LOG_TEST >= 1" LOG;
+ CheckRule "$UWA >= 8" BLOCK;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 4" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- request
+GET /wp-includes/js/plupload/plupload.flash.swf?a=bui&FOOBAR
+--- error_code: 412
+=== WL TEST 3.01: false-positive on virtual-patch with empty var name
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485;
+--- config
+location / {
+ SecRulesEnabled;
+ CheckRule "$LOG_TEST >= 1" LOG;
+ CheckRule "$UWA >= 8" BLOCK;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 4" BLOCK;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- request
+GET /wp-includes/js/plupload/plupload.flash.swf/xxx/?a=bui&FOOBAR
+--- error_code: 404
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/30regr.t
^
|
@@ -0,0 +1,121 @@
+#vi:filetype=perl
+
+
+# A AJOUTER :
+# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
+# La même sur des arguments :)
+
+use lib 'lib';
+use Test::Nginx::Socket;
+
+repeat_each(3);
+
+plan tests => repeat_each(1) * blocks();
+no_root_location();
+no_long_string();
+$ENV{TEST_NGINX_SERVROOT} = server_root();
+run_tests();
+
+
+__DATA__
+=== TEST 1: rule target body|name
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+location / {
+ SecRulesEnabled;
+ LearningMode;
+ BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY|NAME" "s:$TEST_LOG:8";
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ CheckRule "$TEST_LOG >= 8" DROP;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+ error_page 405 = $uri;
+}
+location /RequestDenied {
+ return 412;
+ # return 412;
+}
+--- more_headers
+Content-Type: application/x-www-form-urlencoded
+--- request eval
+use URI::Escape;
+"POST /
+9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=]@&foo2=bar2"
+--- error_code: 412
+
+=== TEST 1: rule target body|name
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+location / {
+ SecRulesEnabled;
+ LearningMode;
+ BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY|NAME" "s:$TEST_LOG:8";
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ CheckRule "$TEST_LOG >= 8" DROP;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+ error_page 405 = $uri;
+}
+location /RequestDenied {
+ return 412;
+ # return 412;
+}
+--- more_headers
+Content-Type: application/x-www-form-urlencoded
+--- request eval
+use URI::Escape;
+"POST /
+9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=ww&foo2=bar2"
+--- error_code: 412
+
+
+=== TEST 1: rule target body|name
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+location / {
+ SecRulesEnabled;
+ LearningMode;
+ BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY|NAME" "s:$TEST_LOG:8";
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ CheckRule "$TEST_LOG >= 8" DROP;
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+ error_page 405 = $uri;
+}
+location /RequestDenied {
+ return 412;
+ # return 412;
+}
+--- more_headers
+Content-Type: application/x-www-form-urlencoded
+--- request eval
+use URI::Escape;
+"POST /
+ww=9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc&foo2=bar2"
+--- error_code: 200
+
+
+
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/31norules.t
^
|
@@ -0,0 +1,73 @@
+#vi:filetype=perl
+
+
+# A AJOUTER :
+# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
+# La même sur des arguments :)
+
+use lib 'lib';
+use Test::Nginx::Socket;
+
+repeat_each(3);
+
+plan tests => repeat_each(1) * blocks();
+no_root_location();
+no_long_string();
+$ENV{TEST_NGINX_SERVROOT} = server_root();
+run_tests();
+
+
+__DATA__
+=== TEST 1: Basic GET request with no rules, drop
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- config
+location / {
+ SecRulesEnabled;
+ LearningMode;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ LibInjectionXss;
+ CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
+ LibInjectionSql;
+ CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
+
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- request
+GET /?a=buibui
+--- error_code: 412
+=== TEST 1.1: Basic GET request with no rules, whitelist the special rule.
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- config
+location / {
+ SecRulesEnabled;
+ BasicRule wl:19;
+ LearningMode;
+ DeniedUrl "/RequestDenied";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ LibInjectionXss;
+ CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
+ LibInjectionSql;
+ CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
+
+ root $TEST_NGINX_SERVROOT/html/;
+ index index.html index.htm;
+}
+location /RequestDenied {
+ return 412;
+}
+--- request
+GET /?a=buibui
+--- error_code: 200
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/confs
^
|
+(directory)
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/confs/nginx.conf.example
^
|
@@ -0,0 +1,44 @@
+master_process off;
+#worker_processes 1;
+daemon off;
+
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+events {
+ worker_connections 1024;
+ use select;
+}
+http {
+ include /tmp/naxsi_ut/naxsi_core.rules;
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+ server {
+ listen 4242 ssl http2;
+ ssl_certificate /tmp/nginx.crt;
+ ssl_certificate_key /tmp/nginx.key;
+ server_name localhost;
+ set $naxsi_extensive_log 1;
+ location / {
+ LearningMode;
+ SecRulesEnabled;
+ DeniedUrl "/50x.html";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$EVADE >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ return 200;
+# error_log /tmp/ngx_error.log debug;
+# access_log /tmp/ngx_access.log;
+# root html;
+# index index.html index.htm;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ return 500;
+ # root html;
+ }
+ }
+}
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/confs/nginx_fuzz.conf.example
^
|
@@ -0,0 +1,48 @@
+master_process off;
+daemon off;
+
+#load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+events {
+ worker_connections 1024;
+ use select;
+}
+http {
+MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
+MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
+MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
+## Hardcore rules
+MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
+MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
+MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
+MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
+MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
+MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
+MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
+
+# include /tmp/naxsi_ut/naxsi_core.rules;
+# include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+ server {
+ listen 4242;
+ server_name localhost;
+ location / {
+ LearningMode;
+ SecRulesEnabled;
+ DeniedUrl "/50x.html";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$EVADE >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ return 200;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ return 500;
+ }
+ }
+}
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/confs/ngx_cycle.patch
^
|
@@ -0,0 +1,13 @@
+--- a/src/core/ngx_cycle.c.orig 2016-02-09 15:11:57.000000000 +0100
++++ b/src/core/ngx_cycle.c 2016-12-12 18:05:53.832725017 +0100
+--- nginx/src/core/ngx_cycle.c 2016-02-09 15:11:57.000000000 +0100
++++ ngx_cycle.c 2016-12-13 09:49:47.762221499 +0100
+@@ -602,6 +602,8 @@
+ }
+ }
+
++ __AFL_INIT();
++
+ if (ngx_open_listening_sockets(cycle) != NGX_OK) {
+ goto failed;
+ }
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/confs/ngx_process_cycle.patch
^
|
@@ -0,0 +1,25 @@
+--- a/src/os/unix/ngx_process_cycle.c.orig 2016-02-09 15:11:58.000000000 +0100
++++ a/src/os/unix/ngx_process_cycle.c 2016-12-12 15:05:21.000000000 +0100
+@@ -303,7 +303,11 @@
+ }
+ }
+
++
++ int ran_once=0;
++
+ for ( ;; ) {
++
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle");
+
+ ngx_process_events_and_timers(cycle);
+@@ -337,6 +341,11 @@
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs");
+ ngx_reopen_files(cycle, (ngx_uid_t) -1);
+ }
++
++ ran_once += 1;
++ //printf("ran : %d\n", ran_once);
++ if (ran_once == 2) exit(0);
++
+ }
+ }
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz
^
|
+(directory)
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/big-json-post
^
|
@@ -0,0 +1,30 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: application/json
+Content-Length: 542
+
+{
+ "glossary": {
+ "title": "example glossary",
+"GlossDiv": {
+ "title": "S",
+"GlossList": {
+ "GlossEntry": {
+ "ID": "SGML",
+"SortAs": "SGML",
+"GlossTerm": "Standard Generalized Markup Language",
+"Acronym": "SGML",
+"Abbrev": "ISO 8879:1986",
+"GlossDef": {
+ "para": "A meta-markup language used to create markup languages such as DocBook.",
+"GlossSeeAlso": ["GML", "XML"]
+ },
+"GlossSee": "markup"
+ }
+ }
+ }
+ }
+
+}}
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/big-multipart-post
^
|
@@ -0,0 +1,22 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: multipart/form-data; boundary=---------------------------103832778631715
+Content-Length: 4449
+
+-----------------------------103832778631715
+Content-Disposition: form-data; name="name"
+
+azzzo
+
+
+-----------------------------103832778631715
+Content-Disposition: form-data; name="married"
+
+not single
+-----------------------------103832778631715
+Content-Disposition: form-data; name="male"
+
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-----------------------------103832778631715--
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/med-get-bad-format
^
|
@@ -0,0 +1,4 @@
+GET /?a=1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227 HTTP/1.0
+
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/med-get-with-path
^
|
@@ -0,0 +1,6 @@
+GET /bla?/bla=1999&bu=1998 HTTP/1.1
+Host: localhost
+Connection: close
+
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/med-json-post
^
|
@@ -0,0 +1,14 @@
+POST /test_uri HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: application/json
+Content-Length: 183
+
+{
+ "oh" : ["there", "is", "no", "way"],
+ "this" : { "will" : ["work", "does"],
+ "it" : "??" },
+ "trigger" : {"test_1234" : ["foobar", "will", "trigger", "it"]},
+ "foo" : "baar"
+}
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/med-multipart-file-post
^
|
@@ -0,0 +1,26 @@
+POST /foobar HTTP/1.1
+Host: 127.0.0.1
+Connection: Close
+User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.5
+Accept-Encoding: gzip, deflate
+Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+Referer: http://127.0.0.1/
+Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957
+Content-Length: 394
+
+-----------------------------1919886344942015258287623957
+Content-Disposition: form-data; name="textline"
+
+valid text and small file
+-----------------------------1919886344942015258287623957
+Content-Disposition: form-data; name="datafile"; filename="bla.txt"; name="bla.txt"
+Content-Type: text/plain
+
+buibuibubi
+buibuibuib
+
+-----------------------------1919886344942015258287623957--
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/med-multipart-post
^
|
@@ -0,0 +1,21 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: multipart/form-data; boundary=---------------------------103832778631715
+Content-Length: 42
+
+-----------------------------103832778631715
+Content-Disposition: form-data; name="name"
+
+MyName
+-----------------------------103832778631715
+Content-Disposition: form-data; name="married"
+
+not single
+-----------------------------103832778631715
+Content-Disposition: form-data; name="male"
+
+yes
+-----------------------------103832778631715--
+
+
|
|
Added |
naxsi-0.56.tar.gz/t/fuzz/med-post-non-ascii
^
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-get-nohost
^
|
@@ -0,0 +1,4 @@
+GET /?a=1%20UnioN%20SeLEct%201 HTTP/1.0
+
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-get-sig
^
|
@@ -0,0 +1,4 @@
+GET /?a=1+/*!30000AND+2>1*/-- HTTP/1.0
+
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-json-post
^
|
@@ -0,0 +1,10 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: application/json
+Content-Length: 18
+
+{
+ "lol" : "bar"
+}
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-ko-get
^
|
@@ -0,0 +1,6 @@
+GET /?==yesone&&& HTTP/1.1
+Host: localhost
+Connection: close
+
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-multipart-post
^
|
@@ -0,0 +1,26 @@
+POST /foobar HTTP/1.1
+Host: 127.0.0.1
+Connection: Close
+User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.5
+Accept-Encoding: gzip, deflate
+Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+Referer: http://127.0.0.1/
+Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957
+Content-Length: 378
+
+-----------------------------1919886344942015258287623957
+Content-Disposition: form-data; name="textline"
+
+valid text and small file
+-----------------------------1919886344942015258287623957
+Content-Disposition: form-data; name="datafile"; filename="bla.txt"
+Content-Type: text/plain
+
+buibuibubi
+buibuibuib
+
+-----------------------------1919886344942015258287623957--
+
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-ok-get
^
|
@@ -0,0 +1,6 @@
+GET /?a=<> HTTP/1.1
+Host: localhost
+Connection: close
+
+
+
|
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-unknown-CT-post
^
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-urlencded-post-2
^
|
@@ -0,0 +1,8 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 32
+
+foo1='><script>alert(1)</script>
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/mini-urlencoded-post
^
|
@@ -0,0 +1,8 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 9
+
+a1=trolol
+
|
[-]
[+]
|
Added |
naxsi-0.56.tar.gz/t/fuzz/small-multipart-post
^
|
@@ -0,0 +1,20 @@
+POST / HTTP/1.1
+Host: localhost
+Connection: close
+Content-Type: multipart/form-data; boundary=---------------------------103832778631715
+Content-Length: 353
+
+-----------------------------103832778631715
+Content-Disposition: form-data; name="name"
+
+MyName
+-----------------------------103832778631715
+Content-Disposition: form-data; name="married"
+
+not single
+-----------------------------103832778631715
+Content-Disposition: form-data; name="male"
+
+yes
+-----------------------------103832778631715--
+
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/HEAD
^
|
@@ -1 +0,0 @@
-ref: refs/heads/master
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/config
^
|
@@ -1,12 +0,0 @@
-[core]
- repositoryformatversion = 0
- filemode = true
- bare = false
- logallrefupdates = true
- ignorecase = true
-[remote "origin"]
- fetch = +refs/heads/*:refs/remotes/origin/*
- url = https://github.com/arut/nginx-rtmp-module.git
-[branch "master"]
- remote = origin
- merge = refs/heads/master
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/description
^
|
@@ -1 +0,0 @@
-Unnamed repository; edit this file 'description' to name the repository.
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/applypatch-msg.sample
^
|
@@ -1,15 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to check the commit log message taken by
-# applypatch from an e-mail message.
-#
-# The hook should exit with non-zero status after issuing an
-# appropriate message if it wants to stop the commit. The hook is
-# allowed to edit the commit message file.
-#
-# To enable this hook, rename this file to "applypatch-msg".
-
-. git-sh-setup
-test -x "$GIT_DIR/hooks/commit-msg" &&
- exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"}
-:
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/commit-msg.sample
^
|
@@ -1,24 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to check the commit log message.
-# Called by "git commit" with one argument, the name of the file
-# that has the commit message. The hook should exit with non-zero
-# status after issuing an appropriate message if it wants to stop the
-# commit. The hook is allowed to edit the commit message file.
-#
-# To enable this hook, rename this file to "commit-msg".
-
-# Uncomment the below to add a Signed-off-by line to the message.
-# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
-# hook is more suited to it.
-#
-# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
-# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
-
-# This example catches duplicate Signed-off-by lines.
-
-test "" = "$(grep '^Signed-off-by: ' "$1" |
- sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || {
- echo >&2 Duplicate Signed-off-by lines.
- exit 1
-}
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/post-update.sample
^
|
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to prepare a packed repository for use over
-# dumb transports.
-#
-# To enable this hook, rename this file to "post-update".
-
-exec git update-server-info
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-applypatch.sample
^
|
@@ -1,14 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed
-# by applypatch from an e-mail message.
-#
-# The hook should exit with non-zero status after issuing an
-# appropriate message if it wants to stop the commit.
-#
-# To enable this hook, rename this file to "pre-applypatch".
-
-. git-sh-setup
-test -x "$GIT_DIR/hooks/pre-commit" &&
- exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"}
-:
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-commit.sample
^
|
@@ -1,50 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed.
-# Called by "git commit" with no arguments. The hook should
-# exit with non-zero status after issuing an appropriate message if
-# it wants to stop the commit.
-#
-# To enable this hook, rename this file to "pre-commit".
-
-if git rev-parse --verify HEAD >/dev/null 2>&1
-then
- against=HEAD
-else
- # Initial commit: diff against an empty tree object
- against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
-fi
-
-# If you want to allow non-ascii filenames set this variable to true.
-allownonascii=$(git config hooks.allownonascii)
-
-# Redirect output to stderr.
-exec 1>&2
-
-# Cross platform projects tend to avoid non-ascii filenames; prevent
-# them from being added to the repository. We exploit the fact that the
-# printable range starts at the space character and ends with tilde.
-if [ "$allownonascii" != "true" ] &&
- # Note that the use of brackets around a tr range is ok here, (it's
- # even required, for portability to Solaris 10's /usr/bin/tr), since
- # the square bracket bytes happen to fall in the designated range.
- test $(git diff --cached --name-only --diff-filter=A -z $against |
- LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
-then
- echo "Error: Attempt to add a non-ascii file name."
- echo
- echo "This can cause problems if you want to work"
- echo "with people on other platforms."
- echo
- echo "To be portable it is advisable to rename the file ..."
- echo
- echo "If you know what you are doing you can disable this"
- echo "check using:"
- echo
- echo " git config hooks.allownonascii true"
- echo
- exit 1
-fi
-
-# If there are whitespace errors, print the offending file names and fail.
-exec git diff-index --check --cached $against --
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-rebase.sample
^
|
@@ -1,169 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006, 2008 Junio C Hamano
-#
-# The "pre-rebase" hook is run just before "git rebase" starts doing
-# its job, and can prevent the command from running by exiting with
-# non-zero status.
-#
-# The hook is called with the following parameters:
-#
-# $1 -- the upstream the series was forked from.
-# $2 -- the branch being rebased (or empty when rebasing the current branch).
-#
-# This sample shows how to prevent topic branches that are already
-# merged to 'next' branch from getting rebased, because allowing it
-# would result in rebasing already published history.
-
-publish=next
-basebranch="$1"
-if test "$#" = 2
-then
- topic="refs/heads/$2"
-else
- topic=`git symbolic-ref HEAD` ||
- exit 0 ;# we do not interrupt rebasing detached HEAD
-fi
-
-case "$topic" in
-refs/heads/??/*)
- ;;
-*)
- exit 0 ;# we do not interrupt others.
- ;;
-esac
-
-# Now we are dealing with a topic branch being rebased
-# on top of master. Is it OK to rebase it?
-
-# Does the topic really exist?
-git show-ref -q "$topic" || {
- echo >&2 "No such branch $topic"
- exit 1
-}
-
-# Is topic fully merged to master?
-not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
-if test -z "$not_in_master"
-then
- echo >&2 "$topic is fully merged to master; better remove it."
- exit 1 ;# we could allow it, but there is no point.
-fi
-
-# Is topic ever merged to next? If so you should not be rebasing it.
-only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
-only_next_2=`git rev-list ^master ${publish} | sort`
-if test "$only_next_1" = "$only_next_2"
-then
- not_in_topic=`git rev-list "^$topic" master`
- if test -z "$not_in_topic"
- then
- echo >&2 "$topic is already up-to-date with master"
- exit 1 ;# we could allow it, but there is no point.
- else
- exit 0
- fi
-else
- not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
- /usr/bin/perl -e '
- my $topic = $ARGV[0];
- my $msg = "* $topic has commits already merged to public branch:\n";
- my (%not_in_next) = map {
- /^([0-9a-f]+) /;
- ($1 => 1);
- } split(/\n/, $ARGV[1]);
- for my $elem (map {
- /^([0-9a-f]+) (.*)$/;
- [$1 => $2];
- } split(/\n/, $ARGV[2])) {
- if (!exists $not_in_next{$elem->[0]}) {
- if ($msg) {
- print STDERR $msg;
- undef $msg;
- }
- print STDERR " $elem->[1]\n";
- }
- }
- ' "$topic" "$not_in_next" "$not_in_master"
- exit 1
-fi
-
-exit 0
-
-################################################################
-
-This sample hook safeguards topic branches that have been
-published from being rewound.
-
-The workflow assumed here is:
-
- * Once a topic branch forks from "master", "master" is never
- merged into it again (either directly or indirectly).
-
- * Once a topic branch is fully cooked and merged into "master",
- it is deleted. If you need to build on top of it to correct
- earlier mistakes, a new topic branch is created by forking at
- the tip of the "master". This is not strictly necessary, but
- it makes it easier to keep your history simple.
-
- * Whenever you need to test or publish your changes to topic
- branches, merge them into "next" branch.
-
-The script, being an example, hardcodes the publish branch name
-to be "next", but it is trivial to make it configurable via
-$GIT_DIR/config mechanism.
-
-With this workflow, you would want to know:
-
-(1) ... if a topic branch has ever been merged to "next". Young
- topic branches can have stupid mistakes you would rather
- clean up before publishing, and things that have not been
- merged into other branches can be easily rebased without
- affecting other people. But once it is published, you would
- not want to rewind it.
-
-(2) ... if a topic branch has been fully merged to "master".
- Then you can delete it. More importantly, you should not
- build on top of it -- other people may already want to
- change things related to the topic as patches against your
- "master", so if you need further changes, it is better to
- fork the topic (perhaps with the same name) afresh from the
- tip of "master".
-
-Let's look at this example:
-
- o---o---o---o---o---o---o---o---o---o "next"
- / / / /
- / a---a---b A / /
- / / / /
- / / c---c---c---c B /
- / / / \ /
- / / / b---b C \ /
- / / / / \ /
- ---o---o---o---o---o---o---o---o---o---o---o "master"
-
-
-A, B and C are topic branches.
-
- * A has one fix since it was merged up to "next".
-
- * B has finished. It has been fully merged up to "master" and "next",
- and is ready to be deleted.
-
- * C has not merged to "next" at all.
-
-We would want to allow C to be rebased, refuse A, and encourage
-B to be deleted.
-
-To compute (1):
-
- git rev-list ^master ^topic next
- git rev-list ^master next
-
- if these match, topic has not merged in next at all.
-
-To compute (2):
-
- git rev-list master..topic
-
- if this is empty, it is fully merged to "master".
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/prepare-commit-msg.sample
^
|
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to prepare the commit log message.
-# Called by "git commit" with the name of the file that has the
-# commit message, followed by the description of the commit
-# message's source. The hook's purpose is to edit the commit
-# message file. If the hook fails with a non-zero status,
-# the commit is aborted.
-#
-# To enable this hook, rename this file to "prepare-commit-msg".
-
-# This hook includes three examples. The first comments out the
-# "Conflicts:" part of a merge commit.
-#
-# The second includes the output of "git diff --name-status -r"
-# into the message, just before the "git status" output. It is
-# commented because it doesn't cope with --amend or with squashed
-# commits.
-#
-# The third example adds a Signed-off-by line to the message, that can
-# still be edited. This is rarely a good idea.
-
-case "$2,$3" in
- merge,)
- /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;
-
-# ,|template,)
-# /usr/bin/perl -i.bak -pe '
-# print "\n" . `git diff --cached --name-status -r`
-# if /^#/ && $first++ == 0' "$1" ;;
-
- *) ;;
-esac
-
-# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
-# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/update.sample
^
|
@@ -1,128 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to blocks unannotated tags from entering.
-# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
-#
-# To enable this hook, rename this file to "update".
-#
-# Config
-# ------
-# hooks.allowunannotated
-# This boolean sets whether unannotated tags will be allowed into the
-# repository. By default they won't be.
-# hooks.allowdeletetag
-# This boolean sets whether deleting tags will be allowed in the
-# repository. By default they won't be.
-# hooks.allowmodifytag
-# This boolean sets whether a tag may be modified after creation. By default
-# it won't be.
-# hooks.allowdeletebranch
-# This boolean sets whether deleting branches will be allowed in the
-# repository. By default they won't be.
-# hooks.denycreatebranch
-# This boolean sets whether remotely creating branches will be denied
-# in the repository. By default this is allowed.
-#
-
-# --- Command line
-refname="$1"
-oldrev="$2"
-newrev="$3"
-
-# --- Safety check
-if [ -z "$GIT_DIR" ]; then
- echo "Don't run this script from the command line." >&2
- echo " (if you want, you could supply GIT_DIR then run" >&2
- echo " $0 <ref> <oldrev> <newrev>)" >&2
- exit 1
-fi
-
-if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
- echo "Usage: $0 <ref> <oldrev> <newrev>" >&2
- exit 1
-fi
-
-# --- Config
-allowunannotated=$(git config --bool hooks.allowunannotated)
-allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
-denycreatebranch=$(git config --bool hooks.denycreatebranch)
-allowdeletetag=$(git config --bool hooks.allowdeletetag)
-allowmodifytag=$(git config --bool hooks.allowmodifytag)
-
-# check for no description
-projectdesc=$(sed -e '1q' "$GIT_DIR/description")
-case "$projectdesc" in
-"Unnamed repository"* | "")
- echo "*** Project description file hasn't been set" >&2
- exit 1
- ;;
-esac
-
-# --- Check types
-# if $newrev is 0000...0000, it's a commit to delete a ref.
-zero="0000000000000000000000000000000000000000"
-if [ "$newrev" = "$zero" ]; then
- newrev_type=delete
-else
- newrev_type=$(git cat-file -t $newrev)
-fi
-
-case "$refname","$newrev_type" in
- refs/tags/*,commit)
- # un-annotated tag
- short_refname=${refname##refs/tags/}
- if [ "$allowunannotated" != "true" ]; then
- echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
- echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
- exit 1
- fi
- ;;
- refs/tags/*,delete)
- # delete tag
- if [ "$allowdeletetag" != "true" ]; then
- echo "*** Deleting a tag is not allowed in this repository" >&2
- exit 1
- fi
- ;;
- refs/tags/*,tag)
- # annotated tag
- if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
- then
- echo "*** Tag '$refname' already exists." >&2
- echo "*** Modifying a tag is not allowed in this repository." >&2
- exit 1
- fi
- ;;
- refs/heads/*,commit)
- # branch
- if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
- echo "*** Creating a branch is not allowed in this repository" >&2
- exit 1
- fi
- ;;
- refs/heads/*,delete)
- # delete branch
- if [ "$allowdeletebranch" != "true" ]; then
- echo "*** Deleting a branch is not allowed in this repository" >&2
- exit 1
- fi
- ;;
- refs/remotes/*,commit)
- # tracking branch
- ;;
- refs/remotes/*,delete)
- # delete tracking branch
- if [ "$allowdeletebranch" != "true" ]; then
- echo "*** Deleting a tracking branch is not allowed in this repository" >&2
- exit 1
- fi
- ;;
- *)
- # Anything else (is there anything else?)
- echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
- exit 1
- ;;
-esac
-
-# --- Finished
-exit 0
|
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/index
^
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/info
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/info/exclude
^
|
@@ -1,6 +0,0 @@
-# git ls-files --others --exclude-from=.git/info/exclude
-# Lines that start with '#' are comments.
-# For a project mostly in C, the following would be a good set of
-# exclude patterns (uncomment them if you want to use them):
-# *.[oa]
-# *~
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/logs
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/logs/HEAD
^
|
@@ -1 +0,0 @@
-0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads/master
^
|
@@ -1 +0,0 @@
-0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/objects
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/objects/info
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack
^
|
-(directory)
|
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.idx
^
|
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.pack
^
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/packed-refs
^
|
@@ -1,369 +0,0 @@
-# pack-refs with: peeled
-406d3a9527e08ea148e7c10ffa4009e0e5070b11 refs/remotes/origin/access-log
-e19ff641b06d3abd30b3bad5cfb491d158835713 refs/remotes/origin/aggregate
-eee52d83c4bdafe712685be06822acb051d407a7 refs/remotes/origin/async-client-handshake
-87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/atc
-3d5f6df7311594b051fdd26d3ae120d4ae708bb4 refs/remotes/origin/atc-only
-3c2e29f215fb09e5b4cb29040d1e5e092ce73849 refs/remotes/origin/auto-push
-f39d3f66a3ea6bb15b50737b90004b12056a3ad1 refs/remotes/origin/avc-parser
-205664d8c5e040a61b36ae0b74ddf17bc16d2150 refs/remotes/origin/big-endian
-10bcbf0e8daf38e3f3569ba84050f85fd46dd2d0 refs/remotes/origin/big-hls-buffer
-fad4f4717b47ab368d80ff480f2889631edc6521 refs/remotes/origin/big-nal-buffer
-f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 refs/remotes/origin/chunksizefix
-d9579d627d727d8ad5edd2a0054f66324bebd459 refs/remotes/origin/close-stream
-aeae84bf8babcd7130f71b5941834eeb4fafa61a refs/remotes/origin/cmd-handler-init
-ebc47f03a43758c4f44ae90c193f4111f9ab1e16 refs/remotes/origin/codec
-cb4623aa4f7e6c2d1cb4c9c9f55ea6107f3a3985 refs/remotes/origin/const-fix
-0b757e8a49480a88f5e051f6590f25e6c4de3288 refs/remotes/origin/control
-ef424df677eb545ba5277649ee99fbea7e38bb55 refs/remotes/origin/control-director
-5e5dd797c2307b40a11409df806f07a427b3cd57 refs/remotes/origin/control-redirect
-b07e0e2dee3a2019dc2be34591b1c4e27730b2a0 refs/remotes/origin/dash
-e8081fd94f1d7ae4483f0a5ca002af8a79d447eb refs/remotes/origin/dash-discont
-fe4877f2168e7e62d6a45cb26708d662f0416961 refs/remotes/origin/dash-timeline
-39717828d67359329797d0ab5f297162b5d5e248 refs/remotes/origin/default-buflen
-90f985fa2f015e8bdfe92a9b57a5d04b779d7be1 refs/remotes/origin/defclose
-63d19ada51b6a1932e1cd73d9895a08cb1ae7827 refs/remotes/origin/drop-old-publisher
-6c79085d5c4203d11d9aa53d456ef7195de8cdc4 refs/remotes/origin/drop-restart
-fe8bf2d6974834ab346b82533151bc953fdfaa7b refs/remotes/origin/drop-restart-mstat
-52c2ef3f91569c3b1c10a40fd1bf56bb4dc1d9de refs/remotes/origin/enotify
-57a96ac2bc1812188aa81237ad582ca115f4391f refs/remotes/origin/envivo-fix
-87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/exec-fix
-67aa7d5d0da67a43683e8b05467afbdff5622532 refs/remotes/origin/exec-init
-f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/exec-logging
-b62651efbdcaa77f7836ef5c52ddccfdf9ca473f refs/remotes/origin/exec-pull
-a6913ea68ad017eff14d098f4086c5dafae12af6 refs/remotes/origin/exec-pull-ext
-8c39b37131d150f152aa21a03f076501f39bf4a1 refs/remotes/origin/exec-static
-5e55f62b88f439dc1fbe311060bef53dfcfbc42e refs/remotes/origin/fast-start
-0210f7ca83f8fd65261c4b9040743edf30a258fc refs/remotes/origin/flv-append-fix
-fac68de376a2e20aed5627681ffc90d6374bf295 refs/remotes/origin/flv-header-mask
-b31539ce95d2f84ce8be22b9d11cb4abcd3cb90a refs/remotes/origin/fmle-reset-byte-counter
-990222d643b30a3c9e0db31209416ae9b47e16d3 refs/remotes/origin/fmle-time-fix
-cbccd06babfc66ab920e7e2331d125516715f709 refs/remotes/origin/freebsd-auto-push
-6f2808c7d11564e2269e9f64b9671f8c080c893d refs/remotes/origin/get-notify
-12a0d39bed54bfb3c30272d8d1328d74378853ce refs/remotes/origin/gh-pages
-76211a4bd254e5145d38c0275ad790dc9fac8fd4 refs/remotes/origin/good-logger
-ec282438514e88f7267653728b42c77e3df23bc3 refs/remotes/origin/handshakefix
-d34c6393f6ff22ef6cff6cb2c4ef7c1fe6cd35fa refs/remotes/origin/hls-async-delete
-49a3ee0dc6d5b85fe1164995c8d94424a0971838 refs/remotes/origin/hls-base-url
-4906e816bec876e3e81b129622de3f5e430dcc32 refs/remotes/origin/hls-continuous
-764a039c5856bb8bfb251ff15f4c95cf1c82e54b refs/remotes/origin/hls-debug
-a43bafe3de4641268d04f9105f6ef409abb8ede2 refs/remotes/origin/hls-discont-fix
-8acacd0d7906820039bc5e1e22a4ba332caada3e refs/remotes/origin/hls-encrypt
-7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 refs/remotes/origin/hls-encrypt-auto
-78dcfbcc359f8275a55b7a14d6228e9928c75816 refs/remotes/origin/hls-ensure-directory
-737ea5ce34c8270479811acfacba02112e202625 refs/remotes/origin/hls-event
-546c42efeb910fb6b7b592293f5737324ddd606a refs/remotes/origin/hls-granularity
-2ed36a2611c1674d495f754ef3066c4a8bf98aa3 refs/remotes/origin/hls-nocache
-21174b2ee743c9ea1a0bccb46436c56c871febd3 refs/remotes/origin/hls-nocrackle
-6298aa7e1d95df8b806a262196a6589159284c74 refs/remotes/origin/hls-offset-fix
-059dba448ddeed901d06f825ed84e5e85c0f64cc refs/remotes/origin/hls-read-playlist
-0aaf2a625903ba6d4d9e1e761a0e866215149994 refs/remotes/origin/hls-restart
-2bb16425da9b593f5f9568f7c91bf06a5a1012f1 refs/remotes/origin/hls-restart-on-audio
-3d54d69e252bb537dc8fb03cc96ada084bd5da8d refs/remotes/origin/hls-trailer
-4ff1bd09fcbd8a77618bd528fd8d32fb72bd2661 refs/remotes/origin/hls-ts-discont
-2f1091679b60b8741e59f257ac2c59905cec8206 refs/remotes/origin/hls-variant
-dc698edf242a1ba6d806571e2b32e50fb4d6fcae refs/remotes/origin/hlslight
-7b88858b44371ae03d29052fe6d398750fba851e refs/remotes/origin/http
-050a4e7586552003baff9dd920d28d51eaf8ab22 refs/remotes/origin/idle-streams
-3fc1598db94b234b2ec5f368c34c5d3e877040a0 refs/remotes/origin/init_queue
-d9d749af5b156ea2b4623f7e8d0efa5139885924 refs/remotes/origin/interleave
-5150993accb5edefa61d71e1c81ad8c02f515428 refs/remotes/origin/master
-67443c28b4aff60023ce143475c2d287c264f2f7 refs/remotes/origin/meta-copy
-266e206afcda93cf2880e660fb796eb99fb6df6c refs/remotes/origin/mixed-codecs
-58491f8feddbe801557704dd1d1ac9d0950cdf3f refs/remotes/origin/mp4
-af5703b35756667eb008bdffb22626616bbae020 refs/remotes/origin/mp4-choose-track
-3f9451fdfd2707e91536bb3b942cd0a8202ebc31 refs/remotes/origin/mpeg-dash
-05a23dbc8b8a23bcb49ea71978239ab1e2e79d5d refs/remotes/origin/mstat
-cbe760aa8ad43d3908b7c9408d7f3946747981b1 refs/remotes/origin/msvc-fix1
-4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multi-pull
-004accda9aef265eb1b4df39846156e6892d6a30 refs/remotes/origin/multi-record
-41515325899813d996e092ce4219204cec56ae3a refs/remotes/origin/multiplay
-4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multipull
-1894d333aa9fd76e857532efe6c64d343df137e7 refs/remotes/origin/native-hls
-e22ca286044d343745a4a28b15c6298f80a9fb61 refs/remotes/origin/native-hls-rr
-b5461f61c6833aee803b5134f2285aa652978e09 refs/remotes/origin/new-live
-903abb6646153c9eca2697727231d46804a0c1b7 refs/remotes/origin/new-live2
-02dd440a25097e8528d9cdfa85132b6920649547 refs/remotes/origin/new-live3
-22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/new-relay
-7b5c5e99327c19600ab2bab89960ba217be52949 refs/remotes/origin/new-stat
-591d7f5f3f0a2381f466f578a768ff19344cfbb0 refs/remotes/origin/newhandshake
-cbaff8f1df7c7eabc9474909104f8f4f05324930 refs/remotes/origin/notify-addr
-7f7fcc8d5c0e8468db2b37de9a4ef3ec392c52a7 refs/remotes/origin/notify-redirect
-8d28f7f1de08a81ce356f55c6e29141369bf7aec refs/remotes/origin/notify-redirect-md5
-58bd6029463c79347d45be4488a3786abe5cebb8 refs/remotes/origin/notify-relay
-f89bbae2354ea09cb5d8b04d24ba4df8415e7f09 refs/remotes/origin/on-connect
-62e03d710cd02043156ac86da3b07e5186c78e11 refs/remotes/origin/on-update
-15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 refs/remotes/origin/optsend
-9788b1a5309d40809df6832e81593392f3b381a2 refs/remotes/origin/out-metadata
-2fdec454604b76b40d322b83106ec1a35b98dfce refs/remotes/origin/out-queue-settings
-0478c4445f26f55d33e360a91a7ab4cd57f44f3b refs/remotes/origin/pause
-940ff260099958edf27eb11fe0b959e881fd5dfa refs/remotes/origin/peer-timestamp
-067c73710d15f046945ada24d5ca25d50b2751c7 refs/remotes/origin/play-publish-done
-5d3189ad97c87bbdac9fb455f7505d0d4d5eb058 refs/remotes/origin/play-seek
-8a8f28f3b67d0177f79e754c478e845bac70eb58 refs/remotes/origin/play2
-521f8998b0cf1e197152655b214285ebde974fd3 refs/remotes/origin/play2-continue
-3e25f91004b83c1a1fa25a8993cdd691f65bf658 refs/remotes/origin/postconf-handler-init
-4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/preemption
-a72e33ea411ed5f55df04ea9ab9dfceb09137642 refs/remotes/origin/proxy-protocol
-6ab14605ba4a410b39916543302a9a9eb4d19698 refs/remotes/origin/publish-optional-type
-1c2470975e4f23742d3e468649c2ad2bbfb77e7f refs/remotes/origin/publish-time-fix2
-dbc3ac2438757b23a65e1612c36b5691e7173585 refs/remotes/origin/push-reconnect
-0b6a84b0b829c6794c0635dd30a2aa6712417c8f refs/remotes/origin/record-append
-abc2704db1193bd993b886463063059d1ff5050e refs/remotes/origin/record-done
-8658d99529384a487113bb9b80aaffd7714f16a7 refs/remotes/origin/record-keyframes
-9b3471d79f43382db134b407cfce4f5b4ee24ae0 refs/remotes/origin/record-lock
-f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/record-name-format
-bff1c355ec7db875972da6682e2553d65ac847ad refs/remotes/origin/record-notify
-b69efd3e94113f627f25d0ab67fcd1036eab5fb1 refs/remotes/origin/reentrant-relay
-1f9072bbe69e015021a31784b3ac66f0b296c911 refs/remotes/origin/relay
-c9973fc68a91284c632f3afb736303d6402f6c4e refs/remotes/origin/relay-vars
-7aa513cfcd5fd345ea477ea582faa8858628974d refs/remotes/origin/reltime
-de2a4258d77aecdc2fab34b5857ca4529b1fe0ba refs/remotes/origin/remote-redirect
-60038b6ea15ae34dc1f177625adc73ddb39eb984 refs/remotes/origin/rooms
-35753c5f6221c31edad65a2f70802b856e642fe3 refs/remotes/origin/rooms2
-4a1358723a7ce288aeec9583da97166c260b38dd refs/remotes/origin/rtmp-ads
-71f92aca8d631cbc800c8eed235535e0b0a52991 refs/remotes/origin/safe-amf-parser
-87d1cebfe2822d75f9c97fe2487723029abc272a refs/remotes/origin/sample-access
-57dd1406bd59224eea4e0aabf9dbfe4c82e6be9a refs/remotes/origin/session-relay
-22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/shared-live-streams
-5d7a5ea535ed40e7a9459967dc607bb52b10db12 refs/remotes/origin/shared_record
-18e4762db29139ada9c8be4b36070005e8d01efc refs/remotes/origin/smart-drop
-a8d148473db0fe5fb17e5e7527a3cafcfafb1fff refs/remotes/origin/smartos-compilation-fix
-2cff2a58210c2f964f4d2ee76a8461fb81e28610 refs/remotes/origin/stat-no-underline
-e3be78bc6b6f91fea27ba235a6393dee50817bcf refs/remotes/origin/stat-redesign
-3bd60857bd5ea2f3024e7de248bdc3d64b58859d refs/remotes/origin/static-relay
-7a35372e30dca2a10c843219597bc4bc481fdda0 refs/remotes/origin/static-relay-cleanup
-882b4f15b287b3e313088a67b2a4a543fbb6511d refs/remotes/origin/static-relay2
-ac13bbf1af345532a009a88d93ac4b7869ffe456 refs/remotes/origin/sync
-9b4725a01a9615dfa7133d659ff936bd69e91345 refs/remotes/origin/sync-atc
-7fbfb36440d99786f3c4ecc723ae61fcdedc3ce5 refs/remotes/origin/sync-atc-fmle
-466c1fdf168646d57f0f43c463ad524143917e01 refs/remotes/origin/sync-atc-fmle2
-93b669273561ebd80fbf106b8b482d28a4377b81 refs/remotes/origin/sync-enotify
-c8ad56e2d232933453d54767db55e96e00dd3d6c refs/remotes/origin/video-key
-6ad152ee4c43238bd6a9f71f36b8e5a1757909a0 refs/remotes/origin/video-on-demand
-b6194ed6e6a01ce14026c1778148db61a9a6765e refs/remotes/origin/virtual
-4adc5f7487b0bb27cf027c3e792b00821ad30ada refs/remotes/origin/vod-http
-0f337fe9a482e3da10ca7e8055ae1d8a2ccb9037 refs/remotes/origin/vod-sample-access
-98d959ac5374bd14123f53318e6c8a8d481ffd92 refs/remotes/origin/vod-seek
-770e67b1f33134c7db41e99f27ef167b16be8032 refs/remotes/origin/vod-stat
-5db5d5af24af798f698fcc0f6eeecbac52932139 refs/remotes/origin/vod-stat2
-658f5ec639e290476f19eb91f371e2bf453616c0 refs/remotes/origin/win
-289ee42c53f49728eb134f2226a2ef9ca7a32414 refs/remotes/origin/win1
-92d4c071d91b9de67e7293efcb72ad97c28285a7 refs/tags/freebsd-native-hls
-^1894d333aa9fd76e857532efe6c64d343df137e7
-316b05d54e7e290546872cb26ad5b431b2a935af refs/tags/v0.0.1
-^eda826a386f10109816c57db9ed0908bdca92330
-2ba5b409dfac19e28befd698e0e03ea8f3799517 refs/tags/v0.0.10
-^d943d519754d1c08073298114807a8afb154d07f
-f00415d4264d303b1a2771a3c6a36c026217e000 refs/tags/v0.0.11
-^bcd601832a0a2dc968621e065f1dbeaa14b77bb6
-3080d5f1e2f6e7b4da23585fb538152cbe91bf77 refs/tags/v0.0.12
-^caec91b85772dc5e078a3152cb6ed436c26bfbc3
-740f8034ec343eeab3c19c5e777fc1af05af12e5 refs/tags/v0.0.13
-^d3c5ad11969c6bfba083a33c5c7540d79692ab0a
-18719a9ae0332480c80acac56b54e87b6131f46c refs/tags/v0.0.14
-^cf1976cd05a6e73cdf5fb1506f84508a297688b6
-903e750ce238efa3cde37a40a00c83d0efa7190b refs/tags/v0.0.15
-^6295147db1d44c9e8430b09cf2bf3d0a43c16b56
-93cd6b10d401382dfc8f740dd8e995fc5241eacc refs/tags/v0.0.16
-^359c346d3516403f5545dac0e9d8fe57ff09238e
-88536319dc71fa9e8202eb000dcce7f1aa864321 refs/tags/v0.0.17
-^15405e8edde4db9e3c6b56c3a17edbf7dcd974f0
-6eba477d8578b5c488e034ab25d45e34e30636f5 refs/tags/v0.0.2
-^8204245eb223290cfed21f6748860a4bec510ed1
-4793210ff635d428fc37692d88a1107e32f3839e refs/tags/v0.0.3
-^96ebed857347b368cb78749de3515797eb0d9364
-110118d72aa68bced1a7da6d427c4a1473153f8b refs/tags/v0.0.4
-^b9ee8dbe097b2ab9cd60786c1cfa9a48237c51dd
-49d4548bbc229885290915256d3b75f5d0b2863e refs/tags/v0.0.5
-^1e9a7e6efcd6990662f41e54587f27ab3f28ba87
-1c620f4121a3c4c64ccc71ca9a3aee100b702221 refs/tags/v0.0.6
-^3980a5923715131c8ac011410e63250ef5d13c93
-dbad1b31d510f290c5ebac4f073f5b7c3ef97e04 refs/tags/v0.0.7
-^7b70e9241327b93d04554cd7b8d2eeadb2acc4e6
-41ca3077bdbd20c2ddefdcc5f03a26b9ab6c358b refs/tags/v0.0.8
-^e563c3146e31eb8ce48634262435978bab26f7f0
-dc702ef73579582157563de257bf906d5ac77e18 refs/tags/v0.0.9
-^31d18ed4478684571476aed6125e942bfc738d77
-e2dcb0bea3859e6a66a7601356a7d90434d5ef4f refs/tags/v0.1.0
-^c61d7ac56f4895dc3f0513344b45d74943d4da19
-a0e0796bff7e6a33181d4cb6a1981a9889cf791c refs/tags/v0.1.1
-^f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0
-80db4c48b3cc30ad12112b5bde3831520c81a92a refs/tags/v0.1.10
-^88346934e51595118518957553316afda5a8b771
-b103795c7f1f41a51451dace848f8de085d59840 refs/tags/v0.1.11
-^45cd9825a2bb882c3b65a9c1139342bc59e40750
-8c8410a1def03c6f535110352398a0fc463d08f8 refs/tags/v0.1.12
-^63c4269a9146370db970894512523b9f3893ffad
-951872e641cbebbd925c17cb8e8cc8a0289fe9cd refs/tags/v0.1.13
-^1719ef4433de03e8d95be7838a933326d717f1ee
-6432ba9937589a7bbd58975d2e253a65e433e17b refs/tags/v0.1.14
-^fa3630d63d77ec4e6dcfa14a88afb5804b1b3596
-4b89a9819cc22c6ca1852613c518e0f400c6c048 refs/tags/v0.1.15
-^8def5f394543b822b6b450e79bdbf9a73f1d0a99
-40d6554b7196933e96aff91bba15f6b31c99dedb refs/tags/v0.1.2
-^4e713b75e8e3cd8f5456303e2f7f4803776f33de
-a33ca7451cbd32dc2f43e01b3b87552f055a56ae refs/tags/v0.1.3
-^d82c16499de14965ff1259c457b33b5a81614c40
-dd9683b203e09b13d08e717e20304060c1d320cb refs/tags/v0.1.4
-^a4f48c5baa427c9d9093c0ceee339820c2167624
-d216f3dd61f67da413503b492af4b1f5c3e58451 refs/tags/v0.1.5
-^32279ddf26a9d9e0f34ff62d460bf4c1b14e2088
-2dab9cce52024dbf7ae3273770e159e73db21618 refs/tags/v0.1.6
-^49382c826b041589badb32b5f5f512592405a736
-c83a64c91d926c1bc5ac35036d49c31f87165466 refs/tags/v0.1.7
-^63e19f8d67d4f442f2700103c4d8ee9d137c0116
-0ab4039b703078ddacd4e70adc67b99efd946de3 refs/tags/v0.1.8
-^4bb48483be9d91a74a2efd5cb80fa136918ae466
-c9d359554132dc807d599b8d28b3193c8e37d841 refs/tags/v0.1.9
-^6143abc41803be6da47bfc4e15bbfe1d315de832
-4d20bb15480652145358c20f444f77ddbe2eeac6 refs/tags/v0.2.0
-^eb4e9e8d9033cb7c1775eec114cd7b90af26b047
-9df13315600aa2752fc99e80fb8b73a78e0f0fbf refs/tags/v0.2.1
-^1a2a8e2867f4d1cd64853bc49af9e725ee7f8343
-7e8b090de600016d965d3080b0cd6bc81eb60f67 refs/tags/v0.2.2
-^4e475cccb507951e5091f0ff5f1d4ef1903fd439
-f7f24bade80cca3a09e7286f250bb464cfab2df1 refs/tags/v0.2.3
-^295551947a187a265e5c60e6cccdf4c894a21e24
-2bf2e04da1cd97187612ba73ce9010c96393b76a refs/tags/v0.3.0
-^58491f8feddbe801557704dd1d1ac9d0950cdf3f
-aded30326d7e233283346dab1258d4fdf69c31e7 refs/tags/v0.4.0
-^3c2e29f215fb09e5b4cb29040d1e5e092ce73849
-3381f10c50c161b0350ca8030535a97f43977940 refs/tags/v0.4.1
-^067c73710d15f046945ada24d5ca25d50b2751c7
-943ca88b8160225ef8decfab7aa3c6ba40c012a7 refs/tags/v0.4.2
-^ff247dafff1cab945c85ceefcf97d76fa1972c0e
-2864097d4bf7e81a95bc85d133121beaf8262fc9 refs/tags/v0.4.3
-^ed5f06db8a90746059730fe8b55cf9ddc64ca67e
-ed9bef4dc07d34078749b79d072cde59f385084a refs/tags/v0.5.0
-^abc2704db1193bd993b886463063059d1ff5050e
-eb94d37c69842eb563fa3e7c9cc286cc942fd2e8 refs/tags/v0.5.1
-^6485716fb4734d5fc25ba12d849e2dedab63707d
-0b020f1757f052a24a4d4c2061fcc4f8e1dbd440 refs/tags/v0.5.2
-^87686029aa2cfddfea765c626be7161981583482
-053bdc9277034a6db7edcc3d46c042ab8c62989b refs/tags/v0.5.3
-^cc632eb6b683eacdced09bfbe905e510779d5efc
-307f468efdffa4ad07e79c0e39eab9f9eb195307 refs/tags/v0.5.4
-^bff1c355ec7db875972da6682e2553d65ac847ad
-98438d54995ad4d11d7a020ff6b77919ca368448 refs/tags/v0.6.0
-^72d175ed7f5dfb4874ac6e002b737d866a0553d7
-f1eeb39f851366614b7dc1afa1fba21e1595475f refs/tags/v0.6.1
-^21174b2ee743c9ea1a0bccb46436c56c871febd3
-2b20008d1f3cb4b357d74ee288e2c00ac801d415 refs/tags/v0.6.2
-^795c1538a3602d5eedf7617c6d13c775721a66b9
-6b1f2547203b946cbac8c60bd86e5f04ad1a9a1d refs/tags/v0.6.3
-^c86e30fd270103b00c244f136c8780fb3a51b921
-d623935695e9ac6418a1baa24283bd35a42fef81 refs/tags/v0.6.4
-^f65f07deb32565b144e22faece57638f8961d62f
-d3a7be773484e670119dfa20ff56cb0a91a8554f refs/tags/v0.6.5
-^4adc5f7487b0bb27cf027c3e792b00821ad30ada
-293ebabd1220ec4615e2eb89d19ca3e7a381d1a3 refs/tags/v0.7.0
-^101b43a478bb44018733e75a3bf3b1f8adc5b2e5
-4b12afb07c889648864458c3a6096dc274c7420e refs/tags/v0.7.1
-^98d959ac5374bd14123f53318e6c8a8d481ffd92
-eb5ccb5fb1f735b82da3a43ee0d8d398bd932840 refs/tags/v0.7.2
-^6f2808c7d11564e2269e9f64b9671f8c080c893d
-23fe9e844ecafd18a5d713618a36fb68846db951 refs/tags/v0.7.3
-^62e03d710cd02043156ac86da3b07e5186c78e11
-09b1e2bab6467a8d50e37939b4d1fc0b9777adfd refs/tags/v0.7.4
-^696e488ecb089236a297939248d4616d4665d347
-fa8752466e94879be074386c2f0420640cec3b41 refs/tags/v0.8.0
-^02dd440a25097e8528d9cdfa85132b6920649547
-7c3df8e2c78a85ef7f5d2e8f100e5f54573c71c7 refs/tags/v0.8.1
-^9f4296c08382b1374018346cce3bb5d40036f47a
-f8899c67c2508ded911a93117b3186df6df631bd refs/tags/v0.8.2
-^ac924d7f940f05063d7ef0503aa7f3a1576bf380
-683a29d4d0a536b6a97c07d1deeacb8cc11a6af7 refs/tags/v0.8.3
-^3d54d69e252bb537dc8fb03cc96ada084bd5da8d
-2aeefa379b700de0c9c1b4ed94e186e0d1d1a580 refs/tags/v0.8.4
-^f2f28cbe487883caed333ffb4f5f7942bed64c09
-5ea2a003691a63630e6c1d492c96d6581338efb8 refs/tags/v0.8.5
-^bd562e4ff7c10cad71711828548cbb584bd4a80b
-11ee9f81e8b8a077113cdf96d655d7cf9961a03d refs/tags/v0.8.6
-^e5e5766ebb51e1c36b6804fe0ddc02ee8ca19cc6
-544c73b3b27c93df0d61172c62a7eee2e8252953 refs/tags/v0.8.7
-^3eaa43a7a327646acdebe87000422c6fd086adbe
-83055d17d104c267aeebda070246b0917dbfffb2 refs/tags/v0.9.0
-^406d3a9527e08ea148e7c10ffa4009e0e5070b11
-37a1511c0e7c6a1a522bab7355289a71a7876ad2 refs/tags/v0.9.1
-^ea65ac688cdd89dad65bcdc3b62d5e152b47f1ec
-ee0df070f78e83f3857301aa0e4340c15743403d refs/tags/v0.9.10
-^6923889e5386abad1aa07e2c29462fc469d3a5d4
-cb5e1df91a1b8d020de63d6cbbacd9f74097a375 refs/tags/v0.9.11
-^3aa528fccd2c3500b2eeafa6589c3f8f07564186
-6d328d3291833a9991cb27df45d1c82cfc3bc5fb refs/tags/v0.9.12
-^11e3f53fd259f0297a4d8f440afceb8395b45622
-b63100856c3a795440047324aaf863c6339e859f refs/tags/v0.9.13
-^0a8f0ee6c560edc032f66a25d527e9cd7ed6b62b
-e13bcdadf3b57f91e8eca678846480522eb214ba refs/tags/v0.9.14
-^612fc4dd7514b3da2ac774a6daeb7baa60314f36
-1c92b49d30e7215483d5c0c038da2d09d6ac1d16 refs/tags/v0.9.15
-^7b5c5e99327c19600ab2bab89960ba217be52949
-bc3fe7a8ebf166e5187f7bac00c70e40a9b192fe refs/tags/v0.9.16
-^c0fc4bbdccf1d328eaa098f3287e427e369517c0
-d5288d89f8c1e1c8c82218a23deedfabb845fa1c refs/tags/v0.9.17
-^f79aa206ec572c225c8bd32b5c2b1d7cc5ede692
-bce7ea3e62682b29d61d56cc6bcc0e794857d557 refs/tags/v0.9.18
-^c61e99a36878fc618e29633db0e9652be13f6284
-39cb7ca0a51e7e4bfc400b285141a71ac7b565c7 refs/tags/v0.9.19
-^a47b23204b43d5b823feeb52b0c868b2c96847ca
-43dd6489282d965072eb48479af5e8d90ac6ad38 refs/tags/v0.9.2
-^af5703b35756667eb008bdffb22626616bbae020
-73e60038c62b281fd0e4ff5565f35797fed46a1a refs/tags/v0.9.20
-^e29e64ed7d262904d22ce0a708e67cc02115f497
-828fcd80c23df5caf0b7fdbf897ba45a92f3dce7 refs/tags/v0.9.3
-^aeae84bf8babcd7130f71b5941834eeb4fafa61a
-31f684d189aec37550e82e4c7cf3ac751a781ade refs/tags/v0.9.4
-^f358a2e8f9269afef85d82549de4945942b39d6c
-63540cc06386523c08857cf435ad9c2f6daaef8a refs/tags/v0.9.5
-^c0ad999f37675dd1bbed11d901f34259827bb405
-e7fe15e6ca0cb0f81ec42b5b309ce6f720525193 refs/tags/v0.9.6
-^5325df0135c467d21cf93cd5c5df6af60a87a9e8
-0dda255fe75318707bb20e0078ace6da1f160cd2 refs/tags/v0.9.7
-^138c330da2ace7617af3c6b671fbee049f387fb7
-568ce8f0a850d3d7e00c33247edffe366cff0d51 refs/tags/v0.9.8
-^6903ac23e430b4170b108bb2f631562560c37fe0
-2d5bc52527e46171d2e2a7c4d9c87fa2a4e39fee refs/tags/v0.9.9
-^af8446a0985ba76873c25a6aae5125e47c7a3194
-d27f964d1f45d546419795b058fea60f3f1f21ab refs/tags/v1.0.0
-^613234b866fd08ea2221d183edfd9eb6d8a8bf4d
-421d9ff41f699cc344845df9869dccff0ce4ad86 refs/tags/v1.0.1
-^cbe760aa8ad43d3908b7c9408d7f3946747981b1
-e1ec6d2f08937878a985bfa7d4f49e93312dc7e0 refs/tags/v1.0.2
-^6b92cd6b29ddeea5a113b6e5d8d854b6986e3fd1
-7749d54fb000641dfa6c8eebfb8765175f187a13 refs/tags/v1.0.3
-^7b4df729c1c4d86589f8ccadc0bd20ee733416f9
-aaeca4ff01f858cd719ea5b86eef7dcc3ba259ca refs/tags/v1.0.4
-^67443c28b4aff60023ce143475c2d287c264f2f7
-d7e1af79c4d152d16bcacfcd2ca18d58e6b3201b refs/tags/v1.0.5
-^737ea5ce34c8270479811acfacba02112e202625
-0acf1123a044c8afd68112387712abd59e45a2eb refs/tags/v1.0.6
-^1cfb7aeb582789f3b15a03da5b662d1811e2a3f1
-bd4f1b4cf7c58e55298c326184e5ad1a15c3aff0 refs/tags/v1.0.7
-^995688b9cfea4fb01a5b8ad0e110fec0866e501c
-5beda43a6b388af5e7c1bcc55384163d97dcf836 refs/tags/v1.0.8
-^d01ffc0c88d9ce736be3dee99b4f9d3fcc07b685
-f792dab070dbdedc3b968483287fa59e6ae48a03 refs/tags/v1.0.9
-^471d299f5d5348dfbba6132779587553c3a709a7
-a08c7835b05e2bd816efb1f8036cb7c9bf59b906 refs/tags/v1.1.0
-^8542e21e17587ee2e928cdfedc1cb82996df7719
-e9d11158cb1b18a0631a94c4e8599c0f8c64adb7 refs/tags/v1.1.1
-^8608faad1e0b25c80b1f9b93439d6fd450db5c15
-cf710155b2666d2456a58a49dac1af4d93b215ce refs/tags/v1.1.10
-^5150993accb5edefa61d71e1c81ad8c02f515428
-2a721794867c76e9ac9e653e76da9503cbc9d60f refs/tags/v1.1.2
-^65cd61e43350c0de0a69103aed1ecf7f2b081ab8
-c130de320738a9ae084ba3d54f033c98e6e82d65 refs/tags/v1.1.3
-^6f768dc4eb2a2cb7798e31c7465af77b94ca2733
-3fdbbcc01249d7a3f0559192debfe09f844aef6e refs/tags/v1.1.4
-^8c2229cce5d4d4574e8fb7b130281497f746f0fa
-28618cde22c864eef6ecdba9da636a2f2f611b20 refs/tags/v1.1.5
-^7500b4bd90fc942468f94dd3a12dbcdf9c3199a6
-1706bc84f5b0882dec6f1854d9054be7e3d12ab2 refs/tags/v1.1.6
-^7a35372e30dca2a10c843219597bc4bc481fdda0
-c0a5fb42c214d585a84967b2e172889d9278d325 refs/tags/v1.1.7
-^f62a0838064baf089ad9fe3c8f6f2ffe0775afb2
-1fe006d50fbca7537984fc080dd32906b9cb5455 refs/tags/v1.1.8
-^cb54ed4ac0994e36b92d21a51313af44ecdfdadd
-c7447b49ee18232dab330fadf6c2dfb5fa2bbfb2 refs/tags/v1.1.9
-^c0bf381d10de05c135f913921c58272838d5e1ee
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads/master
^
|
@@ -1 +0,0 @@
-5150993accb5edefa61d71e1c81ad8c02f515428
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin
^
|
-(directory)
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin/HEAD
^
|
@@ -1 +0,0 @@
-ref: refs/remotes/origin/master
|
[-]
[+]
|
Deleted |
nginx-rtmp-module-1.1.15.tar.gz/.git/refs/tags
^
|
-(directory)
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/dash/ngx_rtmp_dash_module.c
^
|
@@ -52,7 +52,7 @@
ngx_str_t playlist_bak;
ngx_str_t name;
ngx_str_t stream;
- ngx_time_t start_time;
+ time_t start_time;
ngx_uint_t nfrags;
ngx_uint_t frag;
@@ -228,8 +228,8 @@
ngx_rtmp_dash_app_conf_t *dacf;
static u_char buffer[NGX_RTMP_DASH_BUFSIZE];
- static u_char start_time[sizeof("1970-09-28T12:00:00+06:00")];
- static u_char end_time[sizeof("1970-09-28T12:00:00+06:00")];
+ static u_char start_time[sizeof("1970-09-28T12:00:00Z")];
+ static u_char pub_time[sizeof("1970-09-28T12:00:00Z")];
dacf = ngx_rtmp_get_module_app_conf(s, ngx_rtmp_dash_module);
ctx = ngx_rtmp_get_module_ctx(s, ngx_rtmp_dash_module);
@@ -252,18 +252,16 @@
return NGX_ERROR;
}
-
#define NGX_RTMP_DASH_MANIFEST_HEADER \
"<?xml version=\"1.0\"?>\n" \
"<MPD\n" \
" type=\"dynamic\"\n" \
" xmlns=\"urn:mpeg:dash:schema:mpd:2011\"\n" \
" availabilityStartTime=\"%s\"\n" \
- " availabilityEndTime=\"%s\"\n" \
+ " publishTime=\"%s\"\n" \
" minimumUpdatePeriod=\"PT%uiS\"\n" \
" minBufferTime=\"PT%uiS\"\n" \
- " timeShiftBufferDepth=\"PT0H0M0.00S\"\n" \
- " suggestedPresentationDelay=\"PT%uiS\"\n" \
+ " timeShiftBufferDepth=\"PT%uiS\"\n" \
" profiles=\"urn:hbbtv:dash:profile:isoff-live:2012," \
"urn:mpeg:dash:profile:isoff-live:2011\"\n" \
" xmlns:xsi=\"http://www.w3.org/2011/XMLSchema-instance\"\n" \
@@ -285,11 +283,9 @@
" width=\"%ui\"\n" \
" height=\"%ui\"\n" \
" frameRate=\"%ui\"\n" \
- " sar=\"1:1\"\n" \
" startWithSAP=\"1\"\n" \
" bandwidth=\"%ui\">\n" \
" <SegmentTemplate\n" \
- " presentationTimeOffset=\"0\"\n" \
" timescale=\"1000\"\n" \
" media=\"%V%s$Time$.m4v\"\n" \
" initialization=\"%V%sinit.m4v\">\n" \
@@ -323,7 +319,6 @@
" startWithSAP=\"1\"\n" \
" bandwidth=\"%ui\">\n" \
" <SegmentTemplate\n" \
- " presentationTimeOffset=\"0\"\n" \
" timescale=\"1000\"\n" \
" media=\"%V%s$Time$.m4a\"\n" \
" initialization=\"%V%sinit.m4a\">\n" \
@@ -341,38 +336,33 @@
" </Period>\n" \
"</MPD>\n"
- ngx_libc_localtime(ctx->start_time.sec +
- ngx_rtmp_dash_get_frag(s, 0)->timestamp / 1000, &tm);
+ ngx_libc_gmtime(ctx->start_time, &tm);
- *ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d",
- tm.tm_year + 1900, tm.tm_mon + 1,
- tm.tm_mday, tm.tm_hour,
- tm.tm_min, tm.tm_sec,
- ctx->start_time.gmtoff < 0 ? '-' : '+',
- ngx_abs(ctx->start_time.gmtoff / 60),
- ngx_abs(ctx->start_time.gmtoff % 60)) = 0;
-
- ngx_libc_localtime(ctx->start_time.sec +
- (ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->timestamp +
- ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->duration) /
- 1000, &tm);
-
- *ngx_sprintf(end_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d",
- tm.tm_year + 1900, tm.tm_mon + 1,
- tm.tm_mday, tm.tm_hour,
- tm.tm_min, tm.tm_sec,
- ctx->start_time.gmtoff < 0 ? '-' : '+',
- ngx_abs(ctx->start_time.gmtoff / 60),
- ngx_abs(ctx->start_time.gmtoff % 60)) = 0;
+ ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z",
+ tm.tm_year + 1900, tm.tm_mon + 1,
+ tm.tm_mday, tm.tm_hour,
+ tm.tm_min, tm.tm_sec);
+
+ ngx_libc_gmtime(ngx_time(), &tm);
+
+ ngx_sprintf(pub_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z",
+ tm.tm_year + 1900, tm.tm_mon + 1,
+ tm.tm_mday, tm.tm_hour,
+ tm.tm_min, tm.tm_sec);
last = buffer + sizeof(buffer);
p = ngx_slprintf(buffer, last, NGX_RTMP_DASH_MANIFEST_HEADER,
start_time,
- end_time,
+ pub_time,
(ngx_uint_t) (dacf->fraglen / 1000),
(ngx_uint_t) (dacf->fraglen / 1000),
- (ngx_uint_t) (dacf->fraglen / 500));
+ (ngx_uint_t) (dacf->fraglen / 250 + 1));
+
+ /*
+ * timeShiftBufferDepth formula:
+ * 2 * minBufferTime + max_fragment_length + 1
+ */
n = ngx_write_fd(fd, buffer, p - buffer);
@@ -952,7 +942,7 @@
"dash: playlist='%V' playlist_bak='%V' stream_pattern='%V'",
&ctx->playlist, &ctx->playlist_bak, &ctx->stream);
- ctx->start_time = *ngx_cached_time;
+ ctx->start_time = ngx_time();
if (ngx_rtmp_dash_ensure_directory(s) != NGX_OK) {
return NGX_ERROR;
@@ -1008,6 +998,11 @@
f->duration = timestamp - f->timestamp;
hit = (f->duration >= dacf->fraglen);
+ /* keep fragment lengths within 2x factor for dash.js */
+ if (f->duration >= dacf->fraglen * 2) {
+ boundary = 1;
+ }
+
} else {
/* sometimes clients generate slightly unordered frames */
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/hls/ngx_rtmp_hls_module.c
^
|
@@ -1951,6 +1951,7 @@
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"hls: error appending AUD NAL");
}
+ /* fall through */
case 9:
aud_sent = 1;
break;
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp.h
^
|
@@ -135,6 +135,8 @@
#define NGX_RTMP_MSG_AGGREGATE 22
#define NGX_RTMP_MSG_MAX 22
+#define NGX_RTMP_MAX_CHUNK_SIZE 10485760
+
#define NGX_RTMP_CONNECT NGX_RTMP_MSG_MAX + 1
#define NGX_RTMP_DISCONNECT NGX_RTMP_MSG_MAX + 2
#define NGX_RTMP_HANDSHAKE_DONE NGX_RTMP_MSG_MAX + 3
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_access_module.c
^
|
@@ -410,8 +410,8 @@
break;
}
- /* "all" passes through */
#endif
+ /* fall through */
default: /* AF_INET */
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_amf.c
^
|
@@ -331,6 +331,7 @@
if (elts->type & NGX_RTMP_AMF_OPTIONAL) {
return NGX_OK;
}
+ /* fall through */
case NGX_ERROR:
return NGX_ERROR;
}
@@ -398,6 +399,7 @@
if (ngx_rtmp_amf_get(ctx, &max_index, 4) != NGX_OK) {
return NGX_ERROR;
}
+ /* fall through */
case NGX_RTMP_AMF_OBJECT:
if (ngx_rtmp_amf_read_object(ctx, data,
@@ -592,6 +594,7 @@
if (ngx_rtmp_amf_put(ctx, &max_index, 4) != NGX_OK) {
return NGX_ERROR;
}
+ /* fall through */
case NGX_RTMP_AMF_OBJECT:
type8 = NGX_RTMP_AMF_END;
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_eval.c
^
|
@@ -154,6 +154,7 @@
name.len = p - name.data;
ngx_rtmp_eval_append_var(ctx, &b, e, &name, log);
+ /* fall through */
case NORMAL:
switch (c) {
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_handler.c
^
|
@@ -821,6 +821,12 @@
ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
"setting chunk_size=%ui", size);
+ if (size > NGX_RTMP_MAX_CHUNK_SIZE) {
+ ngx_log_error(NGX_LOG_ALERT, s->connection->log, 0,
+ "too big RTMP chunk size:%ui", size);
+ return NGX_ERROR;
+ }
+
cscf = ngx_rtmp_get_module_srv_conf(s, ngx_rtmp_core_module);
s->in_old_pool = s->in_pool;
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_handshake.c
^
|
@@ -104,30 +104,37 @@
ngx_rtmp_make_digest(ngx_str_t *key, ngx_buf_t *src,
u_char *skip, u_char *dst, ngx_log_t *log)
{
- static HMAC_CTX hmac;
- static unsigned hmac_initialized;
+ static HMAC_CTX *hmac;
unsigned int len;
- if (!hmac_initialized) {
- HMAC_CTX_init(&hmac);
- hmac_initialized = 1;
+ if (hmac == NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static HMAC_CTX shmac;
+ hmac = &shmac;
+ HMAC_CTX_init(hmac);
+#else
+ hmac = HMAC_CTX_new();
+ if (hmac == NULL) {
+ return NGX_ERROR;
+ }
+#endif
}
- HMAC_Init_ex(&hmac, key->data, key->len, EVP_sha256(), NULL);
+ HMAC_Init_ex(hmac, key->data, key->len, EVP_sha256(), NULL);
if (skip && src->pos <= skip && skip <= src->last) {
if (skip != src->pos) {
- HMAC_Update(&hmac, src->pos, skip - src->pos);
+ HMAC_Update(hmac, src->pos, skip - src->pos);
}
if (src->last != skip + NGX_RTMP_HANDSHAKE_KEYLEN) {
- HMAC_Update(&hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN,
+ HMAC_Update(hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN,
src->last - skip - NGX_RTMP_HANDSHAKE_KEYLEN);
}
} else {
- HMAC_Update(&hmac, src->pos, src->last - src->pos);
+ HMAC_Update(hmac, src->pos, src->last - src->pos);
}
- HMAC_Final(&hmac, dst, &len);
+ HMAC_Final(hmac, dst, &len);
return NGX_OK;
}
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_init.c
^
|
@@ -79,6 +79,7 @@
case AF_UNIX:
unix_socket = 1;
+ /* fall through */
default: /* AF_INET */
sin = (struct sockaddr_in *) sa;
@@ -110,6 +111,7 @@
case AF_UNIX:
unix_socket = 1;
+ /* fall through */
default: /* AF_INET */
addr = port->addrs;
|
[-]
[+]
|
Changed |
nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_notify_module.c
^
|
@@ -892,6 +892,7 @@
n = 0;
state = parse_name;
+ /* fall through */
case parse_name:
switch (c) {
@@ -919,6 +920,7 @@
break;
}
state = parse_value;
+ /* fall through */
case parse_value:
if (c == '\n') {
|
|
Added |
ngx_http_substitutions_filter_module-master.zip
^
|
|
Deleted |
ngx_pagespeed-1.12.34.2-stable.zip
^
|
|
Deleted |
ngx_pagespeed-1.12.34.3-stable.zip
^
|
|
Deleted |
ngx_pagespeed-1.13.35.1-beta.zip
^
|
|
Added |
ngx_pagespeed-1.13.35.2-stable.zip
^
|
|
Deleted |
ngx_pagespeed-latest-testing.zip
^
|
|
Deleted |
openssl-1.1.0c.tar.gz
^
|
|
Deleted |
openssl-1.1.0e.tar.gz
^
|
|
Deleted |
openssl-1.1.0f.tar.gz
^
|
|
Deleted |
openssl-1.1.0g.tar.gz
^
|
|
Deleted |
release-1.11.33.2-beta.zip
^
|
[-]
[+]
|
Deleted |
removed_link
^
|
@@ -1,5 +0,0 @@
-<link project="internetx:projects:http" baserev="237c0be32f188ec780a60222265cfcb9">
- <patches>
- <branch/>
- </patches>
-</link>
|
|
Deleted |
v1.10.33.6-beta.zip
^
|