Skip to content

limit_req_zone with 4 arguments not being analyzed #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

limit_req_zone with 4 arguments not being analyzed #104

wants to merge 4 commits into from

Conversation

oliveromahony
Copy link
Contributor

Proposed changes

Limit request zone has an issue with not being throwing: invalid number of arguments in "limit_req_zone" directive error despite being 4 arguments.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • I have updated any relevant documentation (README.md)

@oliveromahony oliveromahony requested a review from a team as a code owner July 10, 2024 14:19
ryepup
ryepup reviewed Jul 10, 2024
View reviewed changes
analyze_test.go
t.Run(name, func(t *testing.T) {
t.Parallel()
err := analyze("nginx.conf", tc.stmt, ";", tc.ctx, &ParseOptions{
DirectiveSources: []MatchFunc{NgxPlusLatestDirectivesMatchFn, AppProtectWAFv4DirectivesMatchFn},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this test would pass without any other changes if we use a different source

Suggested change
DirectiveSources: []MatchFunc{NgxPlusLatestDirectivesMatchFn, AppProtectWAFv4DirectivesMatchFn},
DirectiveSources: []MatchFunc{NgxPlusR31DirectivesMatchFn, AppProtectWAFv4DirectivesMatchFn},

NgxPlusLatestDirectivesMatchFn thinks limit_req_zone has a mask of ngxHTTPMainConf | ngxConfTake3 | ngxConfTake2,, but NgxPlusR31DirectivesMatchFn has the correct mask ngxHTTPMainConf | ngxConfTake3 | ngxConfTake4

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding details from our conversation external to the PR. Take4 is only correct for NGINX+ to allow the sync flag. OSS is Take3.

@dengsh12
Copy link
Contributor

The problem comes from a mismatch in a legacy version of code generator, the flag NGX_CONF_TAKE4 of keyval and limit_req_zone mapped to ngxConfTake2 wrongly. analyze_nplus_latest_directives.go may be override to the legacy version while I was dealing with branches. I've proposed another MR #105 to fix. Thanks for your findings!

For the uint part it seems we define the bitmasks using untyped int and they can be compatible with uint, maybe we don't need to change them.

@oliveromahony
Copy link
Contributor Author

oliveromahony commented Jul 10, 2024
edited
Loading

The problem comes from a mismatch in a legacy version of code generator, the flag NGX_CONF_TAKE4 of keyval and limit_req_zone mapped to ngxConfTake2 wrongly. analyze_nplus_latest_directives.go may be override to the legacy version while I was dealing with branches. I've proposed another MR #105 to fix. Thanks for your findings!

For the uint part it seems we define the bitmasks using untyped int and they can be compatible with uint, maybe we don't need to change them.

Happy to close this PR. Can we add tests to cover this scenario in #105 ?

@dengsh12
Copy link
Contributor

dengsh12 commented Jul 10, 2024
edited
Loading

The problem comes from a mismatch in a legacy version of code generator, the flag NGX_CONF_TAKE4 of keyval and limit_req_zone mapped to ngxConfTake2 wrongly. analyze_nplus_latest_directives.go may be override to the legacy version while I was dealing with branches. I've proposed another MR #105 to fix. Thanks for your findings!
For the uint part it seems we define the bitmasks using untyped int and they can be compatible with uint, maybe we don't need to change them.

Happy to close this PR. Can we add tests to cover this scenario in #105 ?

Yeah! Root reason comes from a legacy version of the generator has a wrong mapping from NGX_CONF_TAKE4 to ngxConfTake2 and I added one unit test with all bitmask in nginx to the MR of generator #101

It would also be helpful to add an unit test for limit_req_zone. Your test case in this PR is a very good example, could I add it to #105 ?

@ryepup
Copy link
Contributor

ryepup commented Jul 10, 2024

It would also be helpful to add an unit test for limit_req_zone. Your test case in this PR is a very good example, could I add it to #105 ?

please do

@oliveromahony
Copy link
Contributor Author

The problem comes from a mismatch in a legacy version of code generator, the flag NGX_CONF_TAKE4 of keyval and limit_req_zone mapped to ngxConfTake2 wrongly. analyze_nplus_latest_directives.go may be override to the legacy version while I was dealing with branches. I've proposed another MR #105 to fix. Thanks for your findings!
For the uint part it seems we define the bitmasks using untyped int and they can be compatible with uint, maybe we don't need to change them.

Happy to close this PR. Can we add tests to cover this scenario in #105 ?

Yeah! Root reason comes from a legacy version of the generator has a wrong mapping from NGX_CONF_TAKE4 to ngxConfTake2 and I added one unit test with all bitmask in nginx to the MR of generator #101

It would also be helpful to add an unit test for limit_req_zone. Your test case in this PR is a very good example, could I add it to #105 ?

That would be great

@dengsh12 dengsh12 mentioned this pull request Jul 10, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryepup ryepup ryepup left review comments

@ornj ornj ornj left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@oliveromahony @dengsh12 @ryepup @ornj