fix(config): update help message for the latest libinjection

.github/workflows/codecov.yml

@@ -1,37 +1,76 @@
 name: codecov
 
-on: [push]
+on: [pull_request]
 
 defaults:
   run:
     shell: bash
 
+# cancel previous runs if new commits are pushed to the PR, but run for each commit on master
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   codecov:
     runs-on: ubuntu-latest
     if: ${{ github.event_name	!= 'schedule' }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
           architecture: 'x64'
       - name: Install dependencies
         run: |
           sudo apt-get --yes update
-          sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev flex bison gcovr
+          # https://github.com/actions/runner-images/issues/2139
+          sudo apt-get remove \
+            libgd3 \
+            nginx-core \
+            nginx-full \
+            nginx-light \
+            nginx-extras
+          sudo apt-get install --yes \
+            libsodium23 \
+            libsodium-dev \
+            build-essential \
+            zlib1g-dev \
+            libpcre3 \
+            libpcre3-dev \
+            libssl-dev \
+            libxslt1-dev \
+            libxml2-dev \
+            libgeoip-dev \
+            libgd-dev \
+            libperl-dev \
+            uthash-dev \
+            flex \
+            bison \
+            autoconf \
+            libtool \
+            automake
           sudo pip install lastversion
       - name: Download nginx
         run: |
           chmod 777 -R ${{ github.workspace }}
           sudo make parser
           sudo git clone https://github.com/libinjection/libinjection.git inc/libinjection
-          sudo chmod 777 -R /usr/local/src
-          cd /usr/local/src
-          lastversion download nginx:stable
-          mkdir nginx
+          pushd inc/libinjection
+            sudo ./autogen.sh
+            sudo ./configure --prefix=$(pwd)/build --enable-shared=no --enable-static=yes --enable-optimize
+            sudo make -j$(nproc)
+            sudo make install -j$(nproc)
+          popd
+          if [ '${{ matrix.nginx-version }}' = 'stable nginx' ] ; then  \
+            version='stable' ;\
+          else  \
+            version='mainline' ;\
+          fi
+          lastversion download nginx:${version}
+          mkdir nginx-src
           tar zxf nginx-*.tar.gz --directory nginx --strip-components=1
       - name: Configure 
         run: |

.github/workflows/docker.yml

@@ -25,13 +25,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -68,13 +68,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -111,13 +111,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -154,13 +154,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:

.github/workflows/test.yml

@@ -1,8 +1,6 @@
 name: test
 
 on: 
-  push:
-    branches:
   pull_request:
   schedule:
     - cron: '0 0 * * SUN'
@@ -13,6 +11,11 @@ defaults:
   run:
     shell: bash
 
+# cancel previous runs if new commits are pushed to the PR, but run for each commit on master
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   self-trigger:
     runs-on: ubuntu-latest
@@ -38,24 +41,55 @@ jobs:
         nginx-version: ['stable nginx', 'mainline nginx']
         install-type:  ['static module', 'dynamic module']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
           architecture: 'x64'
       - name: Install dependencies
         run: |
           sudo apt-get --yes update
-          sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev flex bison
+          # https://github.com/actions/runner-images/issues/2139
+          sudo apt-get remove \
+            libgd3 \
+            nginx-core \
+            nginx-full \
+            nginx-light \
+            nginx-extras
+          sudo apt-get install --yes \
+            libsodium23 \
+            libsodium-dev \
+            build-essential \
+            zlib1g-dev \
+            libpcre3 \
+            libpcre3-dev \
+            libssl-dev \
+            libxslt1-dev \
+            libxml2-dev \
+            libgeoip-dev \
+            libgd-dev \
+            libperl-dev \
+            uthash-dev \
+            flex \
+            bison \
+            autoconf \
+            libtool \
+            automake
           sudo pip install lastversion
       - name: Download ${{ matrix.nginx-version }}
         run: |
           chmod 777 -R ${{ github.workspace }}
           sudo make parser
           sudo git clone https://github.com/libinjection/libinjection.git inc/libinjection
-          if [ ${{ matrix.nginx-version }} = 'stable nginx' ] ; then  \
+          pushd inc/libinjection
+            sudo ./autogen.sh
+            sudo ./configure --prefix=$(pwd)/build --enable-shared=no --enable-static=yes --enable-optimize
+            sudo make -j$(nproc)
+            sudo make install -j$(nproc)
+          popd
+          if [ '${{ matrix.nginx-version }}' = 'stable nginx' ] ; then  \
             version='stable' ;\
           else  \
             version='mainline' ;\
@@ -66,7 +100,7 @@ jobs:
       - name: Configure ${{ matrix.install-type }}
         run: |
           cd nginx-src
-          if [ ${{ matrix.install-type }} = 'static module' ] ; then \
+          if [ '${{ matrix.install-type }}' = 'static module' ] ; then \
             opt='--add-module' ;\
           else \
             opt='--add-dynamic-module' ;\
@@ -99,24 +133,24 @@ jobs:
         version: ['stable', 'mainline']
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Build module
         run: docker build --file docker/Dockerfile.${{ matrix.target }} --build-arg=VERSION=${{ matrix.version }} .
   triger:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (github.ref == 'refs/heads/lts' || github.ref == 'refs/heads/current')) }}
     needs: ['native', 'docker']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
       - name: Set up lastversion

config

@@ -12,7 +12,12 @@ deps="$ngx_addon_dir/inc/ngx_http_waf_module_check.h \
     $ngx_addon_dir/inc/ngx_http_waf_module_under_attack.h \
     $ngx_addon_dir/inc/ngx_http_waf_module_vm.h \
     $ngx_addon_dir/inc/ngx_http_waf_module_lexer.h \
-    $ngx_addon_dir/inc/ngx_http_waf_module_parser.tab.h"
+    $ngx_addon_dir/inc/ngx_http_waf_module_parser.tab.h \
+    $ngx_addon_dir/inc/libinjection/build/include/libinjection.h \
+    $ngx_addon_dir/inc/libinjection/build/include/libinjection_sqli.h \
+    $ngx_addon_dir/inc/libinjection/build/include/libinjection_xss.h \
+    $ngx_addon_dir/inc/libinjection/build/include/libinjection_sqli_data.h \
+    $ngx_addon_dir/inc/libinjection/build/lib/libinjection.a"
 
 srcs="$ngx_addon_dir/src/ngx_http_waf_module_core.c \
     $ngx_addon_dir/src/ngx_http_waf_module_check.c \
@@ -24,10 +29,7 @@ srcs="$ngx_addon_dir/src/ngx_http_waf_module_core.c \
     $ngx_addon_dir/src/ngx_http_waf_module_util.c \
     $ngx_addon_dir/src/ngx_http_waf_module_vm.c \
     $ngx_addon_dir/src/ngx_http_waf_module_lexer.c \
-    $ngx_addon_dir/src/ngx_http_waf_module_parser.tab.c \
-    $ngx_addon_dir/inc/libinjection/src/libinjection_html5.c \
-    $ngx_addon_dir/inc/libinjection/src/libinjection_sqli.c \
-    $ngx_addon_dir/inc/libinjection/src/libinjection_xss.c"
+    $ngx_addon_dir/src/ngx_http_waf_module_parser.tab.c"
 
 
 ngx_http_waf_module_libs=""
@@ -184,8 +186,8 @@ END
 fi
 
 
-ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${ngx_addon_dir}/inc/libinjection/src"
-
+ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${ngx_addon_dir}/inc/libinjection/build/include"
+ngx_http_waf_module_libs=" ${ngx_http_waf_module_libs} -L ${ngx_addon_dir}/inc/libinjection/build/lib -Wl,-Bstatic -l injection -Wl,-Bdynamic "
 
 # Check if libinjection exists.
 ngx_feature="injection library"
@@ -209,7 +211,12 @@ if [ $ngx_found = no  ] ; then
     cat << END
 $0: error: the $ngx_addon_name module requires the $ngx_feature.
 
-Please run cd $ngx_addon_dir && git clone https://github.com/libinjection/libinjection.git inc/libinjection && cd $PWD
+Please run  cd $ngx_addon_dir \\
+        &&  git clone https://github.com/libinjection/libinjection.git inc/libinjection \\
+        &&  cd inc/libinjection \\
+        &&  ./autogen.sh \\
+        &&  ./configure --prefix=\$(pwd)/build --enable-shared=no --enable-static=yes --enable-optimize \\
+        &&  cd $PWD
 
 END
     PWD=''
@@ -285,6 +292,6 @@ if test -n "$ngx_module_link"; then
 else
     HTTP_MODULES="$HTTP_MODULES ${ngx_addon_name}"
     HTTP_DEPS-"$HTTP_DEPS $deps"
-    HTTP_INCS="$HTTP_INCS -I $ngx_addon_dir/inc $ngx_addon_dir/inc/libinjection/src"
+    HTTP_INCS="$HTTP_INCS -I $ngx_addon_dir/inc $ngx_addon_dir/inc/libinjection/build/include"
     NGX_ADDON_SRCS="$NGX_ADDON_SRCS $srcs"
 fi

docker/Dockerfile.glibc

@@ -1,6 +1,6 @@
 ARG NGX_VER=stable
 FROM nginx:${NGX_VER} as base
-ARG CHANGE_SOURCE=false
+ARG CN_MIRROR=false
 ARG NGX_VER=stable
 ARG LIB_SODIUM_VER=1.0.18-RELEASE
 
@@ -9,7 +9,7 @@ COPY . ./ngx_waf
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN set -xe \ 
-    &&  if [ ${CHANGE_SOURCE} == true ] ; then \
+    &&  if [ ${CN_MIRROR} == true ] ; then \
             cp ./ngx_waf/docker/sources.list /etc/apt/sources.list ; \
             apt-get clean all ; \
         fi \
@@ -34,13 +34,24 @@ RUN set -xe \
             libmaxminddb-dev \
             flex \
             bison \
-    &&  if [ ${CHANGE_SOURCE} == true ] ; then \
+            autoconf \
+            libtool \
+            automake \
+    &&  if [ ${CN_MIRROR} == true ] ; then \
             pip3 config set global.index-url https://mirrors.cloud.tencent.com/pypi/simple ; \
         fi \
-    &&  pip3 install lastversion
+    &&  pip3 install lastversion || pip3 install lastversion --break-system-packages
 RUN set -xe \
-    &&  (cd ngx_waf && git clone https://github.com/libinjection/libinjection.git inc/libinjection) \
-    &&  (cd ngx_waf && make parser) \
+    &&  cd ngx_waf \
+    &&      make parser \
+    &&      git clone https://github.com/libinjection/libinjection.git inc/libinjection \
+    &&      cd inc/libinjection \
+    &&          ./autogen.sh \
+    &&          ./configure --prefix=$(pwd)/build --enable-shared=no --enable-static=yes --enable-optimize \
+    &&          make -j$(nproc) \
+    &&          make install -j$(nproc) \
+    &&      cd .. \
+    &&  cd .. \
     &&  git clone https://github.com/troydhanson/uthash.git \
     &&  export LIB_UTHASH=/usr/local/src/uthash \
     &&  git clone https://github.com/jedisct1/libsodium.git --branch ${LIB_SODIUM_VER} libsodium-src \