Added support for mysqli (#241)

Author: tudor-timcu

.devcontainer/centos/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Centos Dev Container",
-  "runArgs": [],
+  "runArgs": ["--privileged"],
   "mounts": [
     "source=${localWorkspaceFolder}/.devcontainer/shared,target=/shared,type=bind"
   ],
@@ -20,7 +20,8 @@
         "ms-vscode.cpptools",
         "ms-vscode.cpptools-themes",
         "austin.code-gnu-global",
-        "ms-vscode.makefile-tools"
+        "ms-vscode.makefile-tools",
+        "ms-python.vscode-pylance"
       ]
     }
   }

.devcontainer/ubuntu/Dockerfile

@@ -1,20 +1,21 @@
-# Docker container used for building Zen for PHP from source on Ubuntu
-
-FROM --platform=linux/amd64 ubuntu:20.04
-
-ARG PHP_VERSION=8.1
-
-
-RUN apt-get update
-RUN apt install software-properties-common -y
-RUN add-apt-repository ppa:ondrej/php -y
-RUN apt update
-RUN apt install php${PHP_VERSION} php${PHP_VERSION}-cli php${PHP_VERSION}-cgi php${PHP_VERSION}-fpm php${PHP_VERSION}-dev php${PHP_VERSION}-curl php${PHP_VERSION}-sqlite3 -y
-RUN apt-get install -y wget autoconf bison re2c libxml2-dev libssl-dev libcurl4-gnutls-dev protobuf-compiler protobuf-compiler-grpc git alien
-RUN wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz
-RUN tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz
-ENV PATH="/usr/local/go/bin:${PATH}"
-ENV GOPATH="${HOME}/go"
-ENV PATH="${PATH}:${GOPATH}/bin"
-RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
-RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+# Docker container used for building Zen for PHP from source on Ubuntu
+
+FROM --platform=linux/amd64 ubuntu:22.04
+
+ARG PHP_VERSION=8.1
+
+RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime
+RUN echo "Etc/UTC" > /etc/timezone
+RUN apt-get update
+RUN apt install software-properties-common -y
+RUN add-apt-repository ppa:ondrej/php -y
+RUN apt update
+RUN apt install php${PHP_VERSION} php${PHP_VERSION}-cli php${PHP_VERSION}-cgi php${PHP_VERSION}-fpm php${PHP_VERSION}-dev php${PHP_VERSION}-curl php${PHP_VERSION}-sqlite3 -y
+RUN apt-get install -y wget autoconf bison re2c libxml2-dev libssl-dev libcurl4-gnutls-dev protobuf-compiler protobuf-compiler-grpc git alien
+RUN wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz
+RUN tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz
+ENV PATH="/usr/local/go/bin:${PATH}"
+ENV GOPATH="${HOME}/go"
+ENV PATH="${PATH}:${GOPATH}/bin"
+RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
+RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest

.devcontainer/ubuntu/devcontainer.json

@@ -8,7 +8,7 @@
     "platform": "linux/amd64",
     "dockerfile": "Dockerfile",
     "args": {
-      "PHP_VERSION": "8.2"
+      "PHP_VERSION": "8.1"
     }
   }
-}
+}

.github/workflows/build.yml

@@ -126,7 +126,7 @@ jobs:
       uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
       with:
         php-version: ${{ matrix.php_version }}
-        extensions: curl
+        extensions: curl, mysqli
         coverage: none
 
     - name: Check PHP setup
@@ -326,6 +326,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     container:
       image: quay.io/centos/centos:stream9
+      options: --privileged
     needs: [ build_rpm ]
     strategy:
       matrix:
@@ -352,11 +353,34 @@ jobs:
           dnf --assumeyes module reset php
           dnf --assumeyes --nogpgcheck module install php:remi-${{ matrix.php_version }}
           dnf --assumeyes install php-pdo
+          dnf --assumeyes install php-mysqlnd
           yum install -y mod_php
           yum install -y nginx
           yum install -y php-fpm
           dnf install -y procps-ng
 
+      - name: Install and start MySQL
+        run: |
+          yum install -y mysql-server
+          mkdir -p /var/lib/mysql
+          mysqld --initialize-insecure --datadir=/var/lib/mysql
+          mysqld -u root --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock &
+          sleep 10
+          mysql -u root -e "CREATE DATABASE IF NOT EXISTS db;"
+
+      - name: Test MySQL connection with mysqli
+        run: |
+          php -r '
+            $mysqli = new mysqli("localhost", "root", "", "db");
+            if ($mysqli->connect_error) {
+              echo "MySQL connection failed: " . $mysqli->connect_error . "\n";
+              exit(1);
+            } else {
+              echo "MySQL connection successful\n";
+              $mysqli->close();
+            }
+          '
+
       - name: Get Arch
         run: echo "ARCH=$(uname -m)" >> $GITHUB_ENV
 
@@ -397,6 +421,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     container:
       image: ${{ matrix.container }}
+      options: --privileged
     needs: [ build_deb ]
     strategy:
       matrix:
@@ -442,13 +467,35 @@ jobs:
           a2enmod mpm_prefork
           a2enmod rewrite
 
+      - name: Install MariaDB server
+        run: |
+          apt-get install -y mariadb-server
+          mkdir -p /var/lib/mysql
+          mkdir -p /run/mysqld
+          mysqld --user=root --datadir=/var/lib/mysql &
+          sleep 10
+          mysql -u root -e "CREATE DATABASE IF NOT EXISTS db;"
+
       - name: Setup PHP
         uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2
         with:
           php-version: ${{ matrix.php_version }}
-          extensions: curl, sqlite3
+          extensions: curl, sqlite3, mysqli
           coverage: none
 
+      - name: Test MySQL connection with mysqli
+        run: |
+          php -r '
+            $mysqli = new mysqli("localhost", "root", "", "db");
+            if ($mysqli->connect_error) {
+              echo "MySQL connection failed: " . $mysqli->connect_error . "\n";
+              exit(1);
+            } else {
+              echo "MySQL connection successful\n";
+              $mysqli->close();
+            }
+          '
+
       - name: Check PHP setup
         run: |
           php_versions="php7.3 php7.4 php8.0 php8.1 php8.2 php8.3"
@@ -494,4 +541,5 @@ jobs:
           name: test-results-aikido-${{ env.AIKIDO_VERSION }}-${{ matrix.os }}-php-${{ matrix.php_version }}
           if-no-files-found: ignore
           path: |
-            ${{ github.workspace }}/tests/cli/**/*.diff
+            ${{ github.workspace }}/tests/cli/**/*.diff
+            /var/log/mysql/error.log

README.md

@@ -38,25 +38,25 @@ Prerequisites:
 
 ##### x86_64
 ```
-rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.x86_64.rpm
+rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.x86_64.rpm
 ```
 
 ##### arm64 / aarch64
 ```
-rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.aarch64.rpm
+rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.aarch64.rpm
 ```
 
 #### For Debian-based Systems (Debian, Ubuntu)
 
 ##### x86_64
 ```
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 ```
 
 ##### arm64 / aarch64
 ```
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.aarch64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.aarch64.deb
 dpkg -i -E ./aikido-php-firewall.aarch64.deb
 ```
 

docs/aws-elastic-beanstalk.md

@@ -4,7 +4,7 @@
 ```
 commands:
   aikido-php-firewall:
-    command: "rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.x86_64.rpm"
+    command: "rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.x86_64.rpm"
     ignoreErrors: true
 
 files:

docs/fly-io.md

@@ -32,7 +32,7 @@ Create a script to install the Aikido PHP Firewall during deployment:
 #!/usr/bin/env bash
 cd /tmp
 
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 ```
 

docs/laravel-forge.md

@@ -21,7 +21,7 @@ cd /tmp
 
 # Install commands from the "Manual install" section below, based on your OS
 
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.1.0/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.2.0/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 
 # Restarting the php services in order to load the Aikido PHP Firewall

lib/agent/globals/constants.go

@@ -1,7 +1,7 @@
 package globals
 
 const (
-	Version                             = "1.1.0"
+	Version                             = "1.2.0"
 	ConfigUpdatedAtMethod               = "GET"
 	ConfigUpdatedAtAPI                  = "/config"
 	ConfigAPIMethod                     = "GET"

lib/php-extension/HandlePDO.cpp lib/php-extension/HandleQueries.cpplib/php-extension/HandlePDO.cpp renamed to lib/php-extension/HandleQueries.cpp

@@ -6,8 +6,8 @@ AIKIDO_HANDLER_FUNCTION(handle_pre_pdo_query) {
     zend_string *query = NULL;
 
     ZEND_PARSE_PARAMETERS_START(0, -1)
-    Z_PARAM_OPTIONAL
-    Z_PARAM_STR(query)
+        Z_PARAM_OPTIONAL
+        Z_PARAM_STR(query)
     ZEND_PARSE_PARAMETERS_END();
 
     if (!query) {
@@ -34,7 +34,7 @@ AIKIDO_HANDLER_FUNCTION(handle_pre_pdo_exec) {
     zend_string *query = NULL;
 
     ZEND_PARSE_PARAMETERS_START(1, 1)
-    Z_PARAM_STR(query)
+        Z_PARAM_STR(query)
     ZEND_PARSE_PARAMETERS_END();
 
     if (!query) {
@@ -71,4 +71,45 @@ AIKIDO_HANDLER_FUNCTION(handle_pre_pdostatement_execute) {
 
     zval *pdo_object = &stmt->database_object_handle;
     eventCache.sqlDialect = GetSqlDialectFromPdo(pdo_object);
-}
+}
+
+zend_class_entry* helper_load_mysqli_link_class_entry() {
+    /* Static variable initialization ensures that the class entry is loaded only once and is thread-safe */
+    static zend_class_entry* mysqliLinkClassEntry = (zend_class_entry*)zend_hash_str_find_ptr(EG(class_table), "mysqli", sizeof("mysqli") - 1);
+    return mysqliLinkClassEntry;
+}
+
+AIKIDO_HANDLER_FUNCTION(handle_pre_mysqli_query){
+	zval*     mysqliLinkObject = nullptr;
+	char*	  query = nullptr;
+	size_t 	  queryLength;
+    zend_long resultMode;
+
+    zend_class_entry* mysqliLinkClassEntry = helper_load_mysqli_link_class_entry();
+    if (!mysqliLinkClassEntry) {
+        AIKIDO_LOG_WARN("handle_pre_mysqli_query: did not find mysqli link class!\n");
+        return;
+    }
+
+	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os|l", &mysqliLinkObject, mysqliLinkClassEntry, &query, &queryLength, &resultMode) == FAILURE) {
+		AIKIDO_LOG_WARN("handle_pre_mysqli_query: failed to parse parameters!\n");
+        return;
+	}
+
+	if (!queryLength) {
+        AIKIDO_LOG_WARN("handle_pre_mysqli_query: query length is 0!\n");
+		return;
+	}
+
+    if (!mysqliLinkObject) {
+        AIKIDO_LOG_WARN("handle_pre_mysqli_query: mysqli link object is null!\n");
+        return;
+    }
+
+    scopedTimer.SetSink(sink, "sql_op");
+
+    eventId = EVENT_PRE_SQL_QUERY_EXECUTED;
+    eventCache.moduleName = "mysqli";
+    eventCache.sqlQuery = query;
+    eventCache.sqlDialect = "mysql";
+}