Merge pull request #159 from AikidoSec/fix-apache-wordpress-crashes

Fix Apache + Wordpress crashes happening on turnkeylinux by reloading the _SERVER var

Author: willem-delbare

.devcontainer/centos/devcontainer.json

@@ -8,14 +8,19 @@
     "platform": "linux/arm64",
     "dockerfile": "Dockerfile",
     "args": {
-      "PHP_VERSION": "8.1"
+      "PHP_VERSION": "8.2"
     }
   },
   "customizations": {
     "vscode": {
       "extensions": [
         "golang.go",
-        "github.vscode-github-actions"
+        "github.vscode-github-actions",
+        "ms-vscode.cpptools-extension-pack",
+        "ms-vscode.cpptools",
+        "ms-vscode.cpptools-themes",
+        "austin.code-gnu-global",
+        "ms-vscode.makefile-tools"
       ]
     }
   }

.devcontainer/ubuntu/devcontainer.json

@@ -8,7 +8,7 @@
     "platform": "linux/amd64",
     "dockerfile": "Dockerfile",
     "args": {
-      "PHP_VERSION": "8.1"
+      "PHP_VERSION": "8.2"
     }
   }
 }

.github/workflows/build.yml

@@ -296,8 +296,13 @@ jobs:
       - name: Build deb
         run: |
           sudo alien --to-deb --scripts --keep-version ${{ env.AIKIDO_RPM }}/${{ env.AIKIDO_RPM }}
-          ls -R
-          mv aikido-php-firewall_${{ env.AIKIDO_VERSION }}-1_${{ env.DEB_ARCH }}.deb ${{ env.AIKIDO_ARTIFACT }}
+          mv aikido-php-firewall_${{ env.AIKIDO_VERSION }}-1_${{ env.DEB_ARCH }}.deb temp-${{ env.AIKIDO_ARTIFACT }}
+          
+          # Package contents into deb with gzip compression (because default zstd compression is not supported by older versions of dpkg)
+          mkdir deb-temp
+          dpkg-deb -R temp-${{ env.AIKIDO_ARTIFACT }} deb-temp/
+          dpkg-deb -Zgzip -b deb-temp ${{ env.AIKIDO_ARTIFACT }}
+          rm -rf deb-temp
   
       - name: Archive deb package
         uses: actions/upload-artifact@v4

README.md

@@ -37,13 +37,13 @@ Prerequisites:
 #### For Red Hat-based Systems (RHEL, CentOS, Fedora)
 
 ```
-rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.0.110/aikido-php-firewall.x86_64.rpm
+rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.0.111/aikido-php-firewall.x86_64.rpm
 ```
 
 #### For Debian-based Systems (Debian, Ubuntu)
 
 ```
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.110/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.111/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 ```
 

docs/aws-elastic-beanstalk.md

@@ -4,7 +4,7 @@
 ```
 commands:
   aikido-php-firewall:
-    command: "rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.0.110/aikido-php-firewall.x86_64.rpm"
+    command: "rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.0.111/aikido-php-firewall.x86_64.rpm"
     ignoreErrors: true
 
 files:

docs/fly-io.md

@@ -15,7 +15,7 @@ You can find their values in the Aikido platform.
 #!/usr/bin/env bash
 cd /tmp
 
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.110/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.111/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 ```
 

docs/laravel-forge.md

@@ -19,7 +19,7 @@ cd /tmp
 
 # Install commands from the "Manual install" section below, based on your OS
 
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.110/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.111/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 
 # Restarting the php services in order to load the Aikido PHP Firewall

lib/agent/globals/constants.go

@@ -1,7 +1,7 @@
 package globals
 
 const (
-	Version                             = "1.0.110"
+	Version                             = "1.0.111"
 	ConfigUpdatedAtMethod               = "GET"
 	ConfigUpdatedAtAPI                  = "/config"
 	ConfigAPIMethod                     = "GET"

lib/php-extension/GoWrappers.cpp

@@ -11,10 +11,6 @@ GoSlice GoCreateSlice(const std::vector<int64_t>& v) {
     Callback wrapper called by the RequestProcessor (GO) whenever it needs data from PHP (C++ extension).
 */
 char* GoContextCallback(int callbackId) {
-    if (!request.Ok()) {
-        AIKIDO_LOG_WARN("Request is not ok!\n");
-        return nullptr;
-    }
     std::string ctx;
     std::string ret;
 

lib/php-extension/Request.cpp

@@ -2,7 +2,11 @@
 
 Request request;
 
-bool Request::Init() {
+bool Request::LoadServerVar() {
+    if (this->server != NULL) {
+        return true;
+    }
+
     zend_string* serverString = zend_string_init("_SERVER", sizeof("_SERVER") - 1, 0);
     if (!serverString) {
         AIKIDO_LOG_WARN("Error allocating the '_SERVER' zend string!");
@@ -27,12 +31,12 @@ bool Request::Init() {
     return true;
 }
 
-bool Request::Ok() {
-    return this->server != NULL;
+void Request::UnloadServerVar() {
+    this->server = NULL;
 }
 
 std::string Request::GetVar(const char* var) {
-    if (!this->server) {
+    if (!this->LoadServerVar()) {
         return "";
     }
     zval* data = zend_hash_str_find(Z_ARRVAL_P(this->server), var, strlen(var));
@@ -43,9 +47,6 @@ std::string Request::GetVar(const char* var) {
 }
 
 std::string Request::GetRoute() {
-    if (!this->server) {
-        return "";
-    }
     std::string route = GetVar("REQUEST_URI");
     size_t pos = route.find("?");
     if (pos != std::string::npos) {
@@ -122,7 +123,7 @@ std::string Request::GetQuery() {
 }
 
 std::string Request::GetHeaders() {
-    if (!this->server) {
+    if (!this->LoadServerVar()) {
         return "";
     }
     std::map<std::string, std::string> headers;