From c2af511a8c67a3d3b04616d650cea136db991af5 Mon Sep 17 00:00:00 2001 From: Naveen GOPU Date: Wed, 13 Aug 2025 19:55:18 +0530 Subject: [PATCH 1/2] NLB-6875: update R34 Directives --- analyze.go | 34 +++++++++--------- analyze_nplus_R34_directives.gen.go | 24 ++++++------- analyze_nplus_latest_directives.gen.go | 33 +++++++++-------- analyze_test.go | 36 +++++++++++++++++++ .../generate/configs/nplus_R34_config.json | 17 +++++++-- .../generate/configs/nplus_latest_config.json | 29 ++++++++++++--- 6 files changed, 122 insertions(+), 51 deletions(-) diff --git a/analyze.go b/analyze.go index 039af5f1..4cda3549 100644 --- a/analyze.go +++ b/analyze.go @@ -82,22 +82,23 @@ const ( ngxConfTake1234 = ngxConfTake123 | ngxConfTake4 // bit masks for different directive locations. - ngxDirectConf = 0x00010000 // main file (not used) - ngxMgmtMainConf = 0x00020000 // mgmt // unique bitmask that may not match NGINX source - ngxMainConf = 0x00040000 // main context - ngxEventConf = 0x00080000 // events - ngxMailMainConf = 0x00100000 // mail - ngxMailSrvConf = 0x00200000 // mail > server - ngxStreamMainConf = 0x00400000 // stream - ngxStreamSrvConf = 0x00800000 // stream > server - ngxStreamUpsConf = 0x01000000 // stream > upstream - ngxHTTPMainConf = 0x02000000 // http - ngxHTTPSrvConf = 0x04000000 // http > server - ngxHTTPLocConf = 0x08000000 // http > location - ngxHTTPUpsConf = 0x10000000 // http > upstream - ngxHTTPSifConf = 0x20000000 // http > server > if - ngxHTTPLifConf = 0x40000000 // http > location > if - ngxHTTPLmtConf = 0x80000000 // http > location > limit_except + ngxDirectConf = 0x000010000 // main file (not used) + ngxMgmtMainConf = 0x000020000 // mgmt // unique bitmask that may not match NGINX source + ngxMainConf = 0x000040000 // main context + ngxEventConf = 0x000080000 // events + ngxMailMainConf = 0x000100000 // mail + ngxMailSrvConf = 0x000200000 // mail > server + ngxStreamMainConf = 0x000400000 // stream + ngxStreamSrvConf = 0x000800000 // stream > server + ngxStreamUpsConf = 0x001000000 // stream > upstream + ngxHTTPMainConf = 0x002000000 // http + ngxHTTPSrvConf = 0x004000000 // http > server + ngxHTTPLocConf = 0x008000000 // http > location + ngxHTTPUpsConf = 0x010000000 // http > upstream + ngxHTTPSifConf = 0x020000000 // http > server > if + ngxHTTPLifConf = 0x040000000 // http > location > if + ngxHTTPLmtConf = 0x080000000 // http > location > limit_except + ngxHTTPOIDCConf = 0x100000000 // http > oidc_provider ) // helpful directive location alias describing "any" context @@ -126,6 +127,7 @@ var contexts = map[string]uint{ blockCtx{"http", "location", "if"}.key(): ngxHTTPLifConf, blockCtx{"http", "location", "limit_except"}.key(): ngxHTTPLmtConf, blockCtx{"mgmt"}.key(): ngxMgmtMainConf, + blockCtx{"http", "oidc_provider"}.key(): ngxHTTPOIDCConf, } func enterBlockCtx(stmt *Directive, ctx blockCtx) blockCtx { diff --git a/analyze_nplus_R34_directives.gen.go b/analyze_nplus_R34_directives.gen.go index 9d7deca6..57dc5384 100644 --- a/analyze_nplus_R34_directives.gen.go +++ b/analyze_nplus_R34_directives.gen.go @@ -172,16 +172,16 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxConfTake1, }, "client_id": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "client_max_body_size": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, }, "client_secret": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "config_url": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "connect_timeout": { ngxMgmtMainConf | ngxConfTake1, @@ -190,7 +190,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxConfTake1, }, "cookie_name": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "create_full_put_path": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag, @@ -254,7 +254,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12, }, "extra_auth_args": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "f4f": { ngxHTTPLocConf | ngxConfNoArgs, @@ -704,7 +704,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPUpsConf | ngxConfNoArgs, }, "issuer": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "keepalive": { ngxHTTPUpsConf | ngxConfTake1, @@ -1350,7 +1350,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag, }, "redirect_uri": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "referer_hash_bucket_size": { ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, @@ -1532,7 +1532,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1234, }, "scope": { - ngxConf1More, + ngxHTTPOIDCConf | ngxConfTake1, }, "secure_link": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, @@ -1592,10 +1592,10 @@ var nginxPlusR34Directives = map[string][]uint{ ngxHTTPMainConf | ngxConf2More, }, "session_store": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "session_timeout": { - ngxConf1More, + ngxHTTPOIDCConf | ngxConfTake1, }, "set": { ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2, @@ -1692,7 +1692,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxMailMainConf | ngxMailSrvConf | ngxConfTake1, ngxMgmtMainConf | ngxConfTake1, ngxStreamMainConf | ngxStreamSrvConf | ngxConfTake1, - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "ssl_dhparam": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxConfTake1, @@ -1803,7 +1803,7 @@ var nginxPlusR34Directives = map[string][]uint{ ngxMailMainConf | ngxMailSrvConf | ngxConfTake1, ngxMgmtMainConf | ngxConfTake1, ngxStreamMainConf | ngxStreamSrvConf | ngxConfTake1, - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "ssl_verify": { ngxMgmtMainConf | ngxConfFlag, diff --git a/analyze_nplus_latest_directives.gen.go b/analyze_nplus_latest_directives.gen.go index 3918c4dd..ff98df2a 100644 --- a/analyze_nplus_latest_directives.gen.go +++ b/analyze_nplus_latest_directives.gen.go @@ -175,16 +175,16 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxConfTake1, }, "client_id": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "client_max_body_size": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, }, "client_secret": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "config_url": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "connect_timeout": { ngxMgmtMainConf | ngxConfTake1, @@ -193,7 +193,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxConfTake1, }, "cookie_name": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "create_full_put_path": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag, @@ -260,7 +260,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12, }, "extra_auth_args": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "f4f": { ngxHTTPLocConf | ngxConfNoArgs, @@ -710,7 +710,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPUpsConf | ngxConfNoArgs, }, "issuer": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "keepalive": { ngxHTTPUpsConf | ngxConfTake1, @@ -1034,6 +1034,10 @@ var nginxPlusLatestDirectives = map[string][]uint{ "protocol": { ngxMailSrvConf | ngxConfTake1, }, + "proxy": { + ngxMailMainConf | ngxMailSrvConf | ngxConfFlag, + ngxMgmtMainConf | ngxConfTake1, + }, "proxy_bind": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake12, ngxStreamMainConf | ngxStreamSrvConf | ngxConfTake12, @@ -1148,9 +1152,6 @@ var nginxPlusLatestDirectives = map[string][]uint{ "proxy_limit_rate": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, }, - "proxy_location": { - ngxConfTake1, - }, "proxy_max_temp_file_size": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, }, @@ -1192,7 +1193,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag, }, "proxy_password": { - ngxConfTake1, + ngxMgmtMainConf | ngxConfTake1, }, "proxy_protocol": { ngxMailMainConf | ngxMailSrvConf | ngxConfFlag, @@ -1321,7 +1322,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxStreamMainConf | ngxStreamSrvConf | ngxConfTake1, }, "proxy_username": { - ngxConfTake1, + ngxMgmtMainConf | ngxConfTake1, }, "queue": { ngxHTTPUpsConf | ngxConfTake12, @@ -1364,7 +1365,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag, }, "redirect_uri": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "referer_hash_bucket_size": { ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, @@ -1546,7 +1547,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1234, }, "scope": { - ngxConf1More, + ngxHTTPOIDCConf | ngxConfTake1, }, "secure_link": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1, @@ -1606,10 +1607,10 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxHTTPMainConf | ngxConf2More, }, "session_store": { - ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "session_timeout": { - ngxConf1More, + ngxHTTPOIDCConf | ngxConfTake1, }, "set": { ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2, @@ -1706,6 +1707,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxMailMainConf | ngxMailSrvConf | ngxConfTake1, ngxMgmtMainConf | ngxConfTake1, ngxStreamMainConf | ngxStreamSrvConf | ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "ssl_dhparam": { ngxHTTPMainConf | ngxHTTPSrvConf | ngxConfTake1, @@ -1816,6 +1818,7 @@ var nginxPlusLatestDirectives = map[string][]uint{ ngxMailMainConf | ngxMailSrvConf | ngxConfTake1, ngxMgmtMainConf | ngxConfTake1, ngxStreamMainConf | ngxStreamSrvConf | ngxConfTake1, + ngxHTTPOIDCConf | ngxConfTake1, }, "ssl_verify": { ngxMgmtMainConf | ngxConfFlag, diff --git a/analyze_test.go b/analyze_test.go index 4dac1716..d31a5d35 100644 --- a/analyze_test.go +++ b/analyze_test.go @@ -2894,6 +2894,42 @@ func TestAnalyze_oidc(t *testing.T) { blockCtx{"stream"}, true, }, + "client_id args not ok": { + &Directive{ + Directive: "client_id", + Args: []string{}, + Line: 5, + }, + blockCtx{"http", "oidc_provider"}, + true, + }, + "client_id args ok": { + &Directive{ + Directive: "client_id", + Args: []string{"unique_id"}, + Line: 5, + }, + blockCtx{"http", "oidc_provider"}, + false, + }, + "client_id context not ok": { + &Directive{ + Directive: "client_id", + Args: []string{"unique_id"}, + Line: 5, + }, + blockCtx{"http"}, + true, + }, + "client_id context ok": { + &Directive{ + Directive: "client_id", + Args: []string{"unique_id"}, + Line: 5, + }, + blockCtx{"http", "oidc_provider"}, + false, + }, } for name, tc := range testcases { diff --git a/scripts/generate/configs/nplus_R34_config.json b/scripts/generate/configs/nplus_R34_config.json index 4b50bfa3..7a2eb672 100644 --- a/scripts/generate/configs/nplus_R34_config.json +++ b/scripts/generate/configs/nplus_R34_config.json @@ -86,7 +86,7 @@ ["ngxMailMainConf", "ngxMailSrvConf", "ngxConfTake1"], ["ngxMgmtMainConf", "ngxConfTake1"], ["ngxStreamMainConf", "ngxStreamSrvConf", "ngxConfTake1"], - ["ngxConfTake1"] + ["ngxHTTPOIDCConf", "ngxConfTake1"] ], "ssl_name": [["ngxMgmtMainConf", "ngxConfTake1"]], "ssl_password_file": [ @@ -107,7 +107,7 @@ ["ngxMailMainConf", "ngxMailSrvConf", "ngxConfTake1"], ["ngxMgmtMainConf", "ngxConfTake1"], ["ngxStreamMainConf", "ngxStreamSrvConf", "ngxConfTake1"], - ["ngxConfTake1"] + ["ngxHTTPOIDCConf", "ngxConfTake1"] ], "ssl_verify": [["ngxMgmtMainConf", "ngxConfFlag"]], "ssl_verify_depth": [ @@ -127,7 +127,18 @@ ["ngxMgmtMainConf","ngxConfTake1"] ], "proxy_username": [["ngxMgmtMainConf","ngxConfTake1"]], - "proxy_password": [["ngxMgmtMainConf","ngxConfTake1"]] + "proxy_password": [["ngxMgmtMainConf","ngxConfTake1"]], + "client_id": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "client_secret": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "issuer": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "config_url": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "cookie_name": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "extra_auth_args": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "redirect_uri": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "scope": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "session_store": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "session_timeout": [["ngxHTTPOIDCConf", "ngxConfTake1"]] + }, "matchFuncComment":"MatchNginxPlusR34 contains directives in Nginx Plus R34 source code(including GEOIP, Perl, and XSLT)" diff --git a/scripts/generate/configs/nplus_latest_config.json b/scripts/generate/configs/nplus_latest_config.json index b3250d84..766bff9c 100644 --- a/scripts/generate/configs/nplus_latest_config.json +++ b/scripts/generate/configs/nplus_latest_config.json @@ -6,7 +6,6 @@ "health_check_header", "body", "body_size", - "proxy", "http2_pool_size", "post_action", "pcre_buffer", @@ -36,7 +35,8 @@ "post_acceptex", "open_file_cache_events", "gzip_no_buffer", - "deployment_context" + "deployment_context", + "proxy_location" ], "override":{ "if":[[ "ngxHTTPSrvConf", "ngxHTTPLocConf", "ngxConfBlock", "ngxConfExpr", "ngxConf1More"]], @@ -85,7 +85,8 @@ ["ngxHTTPMainConf", "ngxHTTPSrvConf", "ngxConfTake1"], ["ngxMailMainConf", "ngxMailSrvConf", "ngxConfTake1"], ["ngxMgmtMainConf", "ngxConfTake1"], - ["ngxStreamMainConf", "ngxStreamSrvConf", "ngxConfTake1"] + ["ngxStreamMainConf", "ngxStreamSrvConf", "ngxConfTake1"], + ["ngxHTTPOIDCConf", "ngxConfTake1"] ], "ssl_name": [["ngxMgmtMainConf", "ngxConfTake1"]], "ssl_password_file": [ @@ -105,7 +106,8 @@ ["ngxHTTPMainConf", "ngxHTTPSrvConf", "ngxConfTake1"], ["ngxMailMainConf", "ngxMailSrvConf", "ngxConfTake1"], ["ngxMgmtMainConf", "ngxConfTake1"], - ["ngxStreamMainConf", "ngxStreamSrvConf", "ngxConfTake1"] + ["ngxStreamMainConf", "ngxStreamSrvConf", "ngxConfTake1"], + ["ngxHTTPOIDCConf", "ngxConfTake1"] ], "ssl_verify": [["ngxMgmtMainConf", "ngxConfFlag"]], "ssl_verify_depth": [ @@ -119,7 +121,24 @@ "enforce_initial_report": [["ngxMgmtMainConf","ngxConfFlag"]], "license_token": [["ngxMgmtMainConf","ngxConfTake1"]], "state_path": [["ngxMgmtMainConf","ngxConfTake1"]], - "zone_sync": [["ngxStreamSrvConf","ngxConfNoArgs"]] + "zone_sync": [["ngxStreamSrvConf","ngxConfNoArgs"]], + "proxy":[ + ["ngxMailMainConf","ngxMailSrvConf","ngxConfFlag"], + ["ngxMgmtMainConf","ngxConfTake1"] + ], + "proxy_username": [["ngxMgmtMainConf","ngxConfTake1"]], + "proxy_password": [["ngxMgmtMainConf","ngxConfTake1"]], + "client_id": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "client_secret": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "issuer": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "config_url": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "cookie_name": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "extra_auth_args": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "redirect_uri": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "scope": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "session_store": [["ngxHTTPOIDCConf", "ngxConfTake1"]], + "session_timeout": [["ngxHTTPOIDCConf", "ngxConfTake1"]] + }, "matchFuncComment":"MatchNginxPlusLatest contains directives in latest version of Nginx Plus source code(including GEOIP, Perl, and XSLT)" } From b859d62363ec88821febce1a3d47019e216d5db0 Mon Sep 17 00:00:00 2001 From: Naveen GOPU Date: Wed, 13 Aug 2025 21:49:57 +0530 Subject: [PATCH 2/2] NLB-6875: expand test coverage --- types_test.go | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/types_test.go b/types_test.go index 53b295d5..1e69be95 100644 --- a/types_test.go +++ b/types_test.go @@ -284,6 +284,38 @@ func TestDirective_Equal(t *testing.T) { b: nil, equal: true, }, + { + a: &Directive{ + Directive: "location", + IsMapBlockParameter: false, + }, + b: &Directive{ + Directive: "location", + IsMapBlockParameter: true, + }, + equal: false, + }, + { + a: &Directive{ + Directive: "location", + Block: []*Directive{ + { + Directive: "root", + Args: []string{"/data/images"}, + }, + }, + }, + b: &Directive{ + Directive: "location", + Block: []*Directive{ + { + Directive: "root", + Args: []string{"/other"}, + }, + }, + }, + equal: false, + }, } { eq := ef.a.Equal(ef.b) if eq != ef.equal {