librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Squashed 'src/deps/src/modsecurity/' content from commit 205dac0e8 

git-subtree-dir: src/deps/src/modsecurity
git-subtree-split: 205dac0e8c675182f96b5c2fb06be7d1cf7af2b2
This commit is contained in:
Théophile Diot 2023-06-30 15:36:29 -04:00
commit 7e8f4adc3b
802 changed files with 124775 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.github/ISSUE_TEMPLATE/bug-report-for-version-2-x.md vendored Normal file
View File

@ -0,0 +1,49 @@
---
name: Bug report for version 2.x
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**Logs and dumps**
Output of:
1. DebugLogs (level 9)
2. AuditLogs
3. Error logs
4. If there is a crash, the core dump file.
_Notice:_ Be carefully to not leak any confidential information.
**To Reproduce**
Steps to reproduce the behavior:
A **curl** command line that mimics the original request and reproduces the problem. Or a ModSecurity v3 test case.
[e.g: curl "modsec-full/ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd" or [issue-394.json](https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/issue-394.json)]
**Expected behavior**
A clear and concise description of what you expected to happen.
**Server (please complete the following information):**
- ModSecurity version (and connector): [e.g. ModSecurity v3.0.1 with nginx-connector v1.0.0]
- WebServer: [e.g. nginx-1.15.5]
- OS (and distro): [e.g. Linux, archlinux]
**Rule Set (please complete the following information):**
- Running any public or commercial rule set? [e.g. SpiderLabs commercial rules]
- What is the version number? [e.g. 2018-08-11]
**Additional context**
Add any other context about the problem here.

50
.github/ISSUE_TEMPLATE/bug-report-for-version-3-x.md vendored Normal file
View File

@ -0,0 +1,50 @@
---
name: Bug report for version 3.x
about: Create a report to help us improve. If you don't know a specific detail or
piece of information leave it blank, if necessary we will help you to figure out.
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**Logs and dumps**
Output of:
1. DebugLogs (level 9)
2. AuditLogs
3. Error logs
4. If there is a crash, the core dump file.
_Notice:_ Be careful to not leak any confidential information.
**To Reproduce**
Steps to reproduce the behavior:
A **curl** command line that mimics the original request and reproduces the problem. Or a ModSecurity v3 test case.
[e.g: curl "modsec-full/ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd" or [issue-394.json](https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/issue-394.json)]
**Expected behavior**
A clear and concise description of what you expected to happen.
**Server (please complete the following information):**
- ModSecurity version (and connector): [e.g. ModSecurity v3.0.8 with nginx-connector v1.0.3]
- WebServer: [e.g. nginx-1.18.0]
- OS (and distro): [e.g. Linux, archlinux]
**Rule Set (please complete the following information):**
- Running any public or commercial rule set? [e.g. SpiderLabs commercial rules]
- What is the version number? [e.g. 2018-08-11]
**Additional context**
Add any other context about the problem here.

77
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,77 @@
name: Quality Assurance
on:
push:
pull_request:
jobs:
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
platform: [x32, x64]
compiler: [gcc, clang]
configure:
- {label: "with parser generation", opt: "--enable-parser-generation" }
- {label: "wo curl", opt: "--without-curl" }
- {label: "wo yajl", opt: "--without-yajl" }
- {label: "wo geoip", opt: "--without-geoip" }
- {label: "wo lmdb", opt: "--without-lmdb" }
- {label: "wo ssdeep", opt: "--without-ssdeep" }
- {label: "wo lua", opt: "--without-lua" }
- {label: "without maxmind", opt: "--without-maxmind" }
steps:
- name: Setup Dependencies
run: |
sudo add-apt-repository --yes ppa:maxmind/ppa
sudo apt-get update -y -qq
sudo apt-get install -y libfuzzy-dev libyajl-dev libgeoip-dev liblua5.2-dev liblmdb-dev cppcheck libmaxminddb-dev libcurl4-openssl-dev
- uses: actions/checkout@v2
with:
submodules: true
- name: build.sh
run: ./build.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }}
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `nproc`
- name: check
run: make check
- name: check-static
run: make check-static
build-macos:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-10.15]
compiler: [clang]
configure:
- {label: "with parser generation", opt: "--enable-parser-generation" }
- {label: "wo curl", opt: "--without-curl" }
- {label: "wo yajl", opt: "--without-yajl" }
- {label: "wo geoip", opt: "--without-geoip" }
- {label: "wo lmdb", opt: "--without-lmdb" }
- {label: "wo ssdeep", opt: "--without-ssdeep" }
- {label: "wo lua", opt: "--without-lua" }
- {label: "wo maxmind", opt: "--without-maxmind" }
steps:
- name: Setup Dependencies
run: |
brew install autoconf automake cppcheck lmdb libyaml lua ssdeep libmaxminddb bison
- uses: actions/checkout@v2
with:
submodules: true
- name: build.sh
run: ./build.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }}
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `sysctl -n hw.logicalcpu`
- name: check
run: make check
- name: check-static
run: make check-static

50
.gitignore vendored Normal file
View File

@ -0,0 +1,50 @@
*.o
*.lo
*.la
**/Makefile
**/Makefile.in
aclocal.m4
ar-lib
autom4te.cache/
build/libtool.m4
build/ltoptions.m4
build/ltsugar.m4
build/ltversion.m4
build/lt~obsolete.m4
compile
config.guess
config.log
config.status
config.sub
configure
depcomp
.deps
.libs
.dirstamp
src/config.h
src/config.h.in
src/location.hh
src/position.hh
src/stack.hh
src/stamp-h1
/test/rules_optimization
/test/regression_tests
/test/unit_tests
/test-driver
/test/massif.out.*
/test/benchmark/benchmark
/test/benchmark/owasp-v3/
/test/test-cases/regression/*.trs
/test/test-cases/regression/*.log
/test-suite.log
ylwrap
missing
install-sh
libtool
ltmain.sh
examples/simple_example_using_c/test
/tools/rules-check/modsec-rules-check
examples/multiprocess_c/multi
examples/reading_logs_via_rule_message/simple_request
examples/reading_logs_with_offset/read
examples/using_bodies_in_chunks/simple_request

9
.gitmodules vendored Normal file
View File

@ -0,0 +1,9 @@
[submodule "test/test-cases/secrules-language-tests"]
path = test/test-cases/secrules-language-tests
url = https://github.com/SpiderLabs/secrules-language-tests
[submodule "others/libinjection"]
path = others/libinjection
url = https://github.com/libinjection/libinjection.git
[submodule "bindings/python"]
path = bindings/python
url = https://github.com/SpiderLabs/ModSecurity-Python-bindings.git

4
AUTHORS Normal file
View File

@ -0,0 +1,4 @@
zimmerle = Felipe Zimmerle <felipe@zimmerle.org>
rbarnett = Ryan C. Barnett <rcbarnett@gmail.com>
csanders-git = Chaim Sanders <chaim@chaimsanders.com>
victorhora = Victor Hora <victorminuto@gmail.com>

552
CHANGES Normal file
View File

@ -0,0 +1,552 @@
v3.0.9 - 2023-Apr-12
--------------------
- Fix: possible segfault on reload if duplicate ip+CIDR in ip match list
[Issue #2877, #2890 - @tomsommer, @martinhsv]
- Add some member variable inits in Transaction class (possible segfault)
[Issue #2886 - @GNU-Plus-Windows-User, @airween, @mdounin, @martinhsv]
- Resolve memory leak on reload (bison-generated variable)
[Issue #2876 - @martinhsv]
- Support equals sign in XPath expressions
[Issue #2328 - @dennus, @martinhsv]
- Encode two special chars in error.log output
[Issue #2854 - @airween, @martinhsv]
- Add JIT support for PCRE2
[Issue #2791 - @wfjsw, @airween, @FireBurn, @martinhsv]
- Support comments in ipMatchFromFile file via '#' token
[Issue #2554 - @tomsommer, @martinhsv]
- Use name package name libmaxminddb with pkg-config
[Issue #2595, #2596 - @frankvanbever, @ffontaine, @arnout]
- Fix: FILES_TMP_CONTENT collection key should use part name
[Issue #2831 - @airween]
- Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
[Issue #2806 - @hughmcmaster]
- During configure, do not check for pcre if pcre2 specified
[Issue #2750 - @dvershinin, @martinhsv]
- Use pkg-config to find libxml2 first
[Issue #2714 - @hughmcmaster]
- Fix two rule-reload memory leak issues
[Issue #2801 - @Abce, @martinhsv]
- Correct whitespace handling for Include directive
[Issue #2800 - @877509395, @martinhsv]
v3.0.8 - 2022-Sep-07
--------------------
- Adjust parser activation rules in modsecurity.conf-recommended
[Issue #2796 - @terjanq, @martinhsv]
- Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
[Issue #2795 - @terjanq, @martinhsv]
- Prevent LMDB related segfault
[Issue #2755, #2761 - @dvershinin]
- Fix msc_transaction_cleanup function comment typo
[Issue #2788 - @lookat23]
- Fix: MULTIPART_INVALID_PART connected to wrong internal variable
[Issue #2785 - @martinhsv]
- Restore Unique_id to include random portion after timestamp
[Issue #2752, #2758 - @datkps11, @martinhsv]
v3.0.7 - 2022-May-30
--------------------
- Move PCRE2 match block from member variable
[@martinhsv]
- Add SecArgumentsLimit, 200007 to modsecurity.conf-recommended
[Issue #2738 - @jleproust, @martinhsv]
- Fix memory leak when concurrent log includes REMOTE_USER
[Issue #2727 - @liudongmiao]
- Fix LMDB initialization issues
[Issue #2688 - @ziollek, @martinhsv]
- Fix initcol error message wording
[Issue #2732 - @877509395, @martinhsv]
- Tolerate other parameters after boundary in multipart C-T
[Issue #1900 - @martinhsv]
- Add DebugLog message for bad pattern in rx operator
[Issue #2723 - @martinhsv]
- Support PCRE2
[Issue #2668 - @martinhsv]
- Support SecRequestBodyNoFilesLimit
[Issue #2670 - @airween, @martinhsv]
- Fix misuses of LMDB API
[Issue #2601, #2602 - @hyc]
- Fix duplication typo in code comment
[Issue #2677 - @gleydsonsoares]
- Add ctl:auditEngine action support
[Issue #2606 - @alekravch, @martinhsv]
- Fix multiMatch msg, etc, population in audit log
[Issue #2573 - @Sachin-M-Desai, @martinhsv]
- Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.
[Issue #2627, #2648 - @lontchianicet, @victorserbu2709, @martinhsv]
- Adjust confusing variable name in setRequestBody method
[Issue #2635 - @Mesar-Ali, @martinhsv]
- Multipart names/filenames may include single quote if double-quote enclosed
[Issue #2352 - @martinhsv]
- Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
[Issue #2647 - @theMiddleBlue, @airween, @877509395 ,@martinhsv]
v3.0.6 - 2021-Nov-19
-------------------------------------
- Support configurable limit on depth of JSON parsing
[@theMiddleBlue, @martinhsv]
v3.0.5 - 2021-Jul-07
--------------------
- Handle URI received with uri-fragment
[@martinhsv]
- Having ARGS_NAMES, variables proxied
[@zimmerle, @martinhsv, @KaNikita]
- Use explicit path for cross-compile environments.
[Issue #2485 - @dtoubelis]
- Fix: FILES variable does not use multipart part name for key
[Issue #2377 - @martinhsv]
- Replaces put with setenv in SetEnv action
[Issue #2469 - @martinhsv, @WGH-, @zimmerle]
- Regression: Mark the test as failed in case of segfault.
[@zimmerle]
- Regex key selection should not be case-sensitive
[Issue #2296, #2107, #2297 - @michaelgranzow-avi, @victorhora,
@airween, @martinhsv, @zimmerle]
- Fix: Only delete Multipart tmp files after rules have run
[Issue #2427 - @martinhsv]
- Fixed MatchedVar on chained rules
[Issue #2423, #2435, #2436 - @michaelgranzow-avi]
- Add support for new operator rxGlobal
[@martinhsv]
- Fix maxminddb link on FreeBSD
[Issue #2131 - @granalberto, @zimmerle]
- Fix IP address logging in Section A
[Issue #2300 - @inaratech, @zavazingo, @martinhsv]
- Adds support to lua 5.4
[@zimmerle]
- GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
[Issues #2378, #2186 - @defanator]
- rx: exit after full match (remove /g emulation); ensure capture
groups occuring after unused groups still populate TX vars
[Issue #2336 - @martinhsv]
- Correct CHANGES file entry for #2234
- Add support to test framework for audit log content verification
and add regression tests for issues #2000, #2196
- Support configurable limit on number of arguments processed
[Issue #2234 - @jleproust, @martinhsv]
- Multipart Content-Dispostion should allow field: filename*=
[@martinhsv]
- Fix rule-update-target for non-regex
[Issue 2251 - @martinhsv]
- Fix configure script when packaging for Buildroot
[Issue 2235 - @frankvanbever]
- modsecurity.pc.in: add Libs.private
[Issue #1918, #2253 - @ffontaine, @Dridi, @victorhora]
v3.0.4 - 2020-Jan-13
--------------------
- Fix: audit log data omitted when nolog,auditlog
[@martinhsv]
- Fix: ModSecurity 3.x inspectFile operator does not pass
FILES_TMPNAMES parameter to lua engine
[Issue #2204, #2205 - @kadirerdogan]
- XML: Remove error messages from stderr
[Issue #2010 - @JaiHarpalani, @zimmerle]
- Filter comment or blank line for pmFromFile operator
[Issue #1645 - @LeeShan87, @victorhora, @tdoubley]
- Additional adjustment to Cookie header parsing
[@martinhsv]
- Restore chained rule part H logging to be more like 2.9 behaviour
[Issue #2196 - @martinhsv]
- Small fixes in log messages to help debugging the file upload
[Issue #2130 - @airween]
- Fix Cookie header parsing issues
[Issue #2201 - @airween, @martinhsv]
- Fix rules with nolog are logging to part H
[Issue #2196 - @martinhsv]
- Fix argument key-value pair parsing cases
[Issue #1904 - @martinhsv]
- Fix: audit log part for response body for JSON format to be E
[Issue #2066 - @martinhsv, @zimmerle]
- Make sure m_rulesMessages is filled after successfull match
[Issue #2000, #2048 - @victorhora, @defanator]
- Fix @pm lookup for possible matches on offset zero.
[@zimmerle, @afoxdavidi, @martinhsv, @marshal09]
- Regex lookup on the key name instead of COLLECTION:key
[@rdiperri-yottaa, @danbiagini-work, @mmelo-yottaa, @zimmerle]
- Missing throw in Operator::instantiate
[Issue #2106 - @marduone]
- Making block action execution dependent of the SecEngine status
[Issue #2113, #2111 - @theMiddleBlue, @airween]
- Making block action execution dependent of the SecEngine status
[Issue #1960 - @theMiddleBlue, @zimmerle, @airween, @victorhora]
- Having body limits to respect the rule engine state
[@zimmerle]
- Fix SecRuleUpdateTargetById does not match regular expressions
[Issue #1872 - @zimmerle, @anush-cr, @victorhora, @j0k2r]
- Adds missing check for runtime ctl:ruleRemoveByTag
[Issue #2102, #2099 - @airween]
- Adds a new operator verifySVNR that checks for Austrian social
security numbers.
[Issue #2063 - @Rufus125]
- Fix variables output in debug logs
[Issue #2057 - @jleproust]
- Correct typo validade in log output
[Issue #2059 - @nerrehmit]
- fix/minor: Error encoding hexa decimal.
[Issue #2068 - @tech-ozon-io]
- Limit more log variables to 200 characters.
[Issue #2073 - @jleproust]
- parser: fix parsed file names
[@zimmerle]
- Allow empty anchored variable
[Issue #2024 - @airween]
- Fixed FILES_NAMES collection after the end of multipart parsing
[Issue #2016 - @airween]
- Fixed validateByteRange parsing method
[Issue #2017 - @airween]
- Removes a memory leak on the JSON parser
[@zimmerle]
- Enables LMDB on the regression tests.
[Issue #2011, #2008 - @WGH-, @mdunc]
- Fix: Extra whitespace in some configuration directives causing error
[Issue #2006 - @porjo, @zimmerle]
- Refactoring on Regex and SMatch classes.
[@WGH-]
- Fixed buffer overflow in Utils::Md5::hexdigest()
[Issue #2002 - @defanator]
- Implemented merge() method for ConfigInt, ConfigDouble, ConfigString
[Issue #1990 - @defanator]
- Adds initially support to the drop action.
[@zimmerle]
- Complete merging of particular rule properties
[Issue #1978 - @defanator]
- Replaces AC_CHECK_FILE with 'test -f'
[Issue #1984 - @chuckwolber]
- Fix inet addr handling on 64 bit big endian systems
[Issue #1980 - @airween]
- Fix tests on FreeBSD
[Issue #1973 - @defanator]
- Changes ENV test case to read the default MODSECURTIY env var
[Issue #1969 - @zimmerle, @airween, @inittab]
- Regression: Sets MODSECURITY env var during the tests execution
[Issue #1969 - @zimmerle, @airween, @inittab]
- Fix setenv action to strdup key=variable
[@zimmerle]
- Allow 0 length JSON requests.
[Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern]
- Fix "make dist" target to include default configuration
[Issue #1966 - @defanator]
- Replaced log locking using mutex with fcntl lock
[Issue #1949, #1927 - @Cloaked9000]
- Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES
[Issue #1959 - @weliu]
- Adds support to multiple ranges in ctl:ruleRemoveById
[Issue #1956 - @theseion, @victorhora, @zimmerle]
- Rule variable interpolation broken
[Issue #1961 - @soonum, @zimmerle]
- Make the boundary check less strict as per RFC2046
[Issue #1943 - @victorhora, @allanbomsft]
- Fix buffer size for utf8toUnicode transformation
[Issue #1208 - @katef, @victorhora]
v3.0.3 - 2018-Nov-05
--------------------
- Fix double macros bug
[Issue #1943 - @supplient, @zimmerle]
- Override the default status code if not suitable to redirect action
[Issue #1850 - @zimmerle, @victorhora]
- parser: Fix the support for CRLF configuration files
[Issue #1945 - @zimmerle, @defanator, @kjakub]
- Organizes the server logs
[0xb7c36 and 0x5ac20 - @zimmerle, @steven-j-wojcik]
- m_lineNumber in Rule not mapping with the correct line number in file
[Issue #1844 - @zimmerle, @victorhora, @xizeng]
- Using shared_ptr instead of unique_ptr on rules exceptions
[Issue #1697 - @zimmerle, @brianp9906, @victorhora, @LeSwiss, @defanator]
- Changes debuglogs schema to avoid unecessary str allocation
[0xb2840 - @zimmerle]
- Fix the SecUnicodeMapFile and SecUnicodeCodePage
[0x3094d - @zimmerle, @victorhora]
- Changes the timing to save the rule message
[0xca270 - @zimmerle]
- Fix crash in msc_rules_add_file() when using disruptive action in chain
[Issue #1849 - @victorhora, @zimmerle, @rperper]
- Fix memory leak in AuditLog::init()
[Issue #1897 - @weliu]
- Fix RulesProperties::appendRules()
[Issue #1901 - @steven-j-wojcik]
- Fix RULE lookup in chained rules
[0x3077c - @zimmerle]
- @ipMatch "Could not add entry" on slash/32 notation in 2.9.0
[Issue #849 - @zimmerle, @dune73]
- Using values after transformation at MATCHED_VARS
[0x14316 - @zimmerle]
- Adds support to UpdateActionById.
[Issue #1800 - @zimmerle, @victorhora, @NisariAIT]
- Add correct C function prototypes for msc_init and msc_create_rule_set
[Issue #1922 - @steven-j-wojcik]
- Allow LuaJIT 2.1 to be used
[Issue #1909 - @victorhora, @mdunc]
- Match m_id JSON log with RuleMessage and v2 format
[Issue #1185 - @victorhora]
- Adds support to setenv action.
[Issue #1044 - @zimmerle]
- Adds new transaction constructor that accepts the transaction id
as parameter.
[Issue #1627 - @defanator, @zimmerle]
- Adds request IDs and URIs to the debug log
[Issue #1627 - @defanator, @zimmerle]
- Treating variables exception on load-time instead of run time.
[0x028e0 and 0x275a1 - @zimmerle]
- Fix: function m.setvar in Lua scripts and add testcases
[Issue #1859 - @nowaits, @victorhora]
- Fix SecResponseBodyAccess and ctl:requestBodyAccess directives
[Issue #1531 - @victorhora, @defanator]
- Fix OpenBSD build
[Issue #1841 - @victorhora, @zimmerle, @juanfra684]
- Fix parser to support GeoLookup with MaxMind
[Issue #1884, #1895 - @victorhora, @everping]
- parser: Fix simple quote setvar in the end of the line
[Issue #1831 - @zimmerle, @csanders-git]
- Fix pc file
[Issue #1847 - @gquintard]
- modsec_rules_check: uses the gnu `.la' instead of `.a' file
[Issue #1853 - @ste7677, @victorhora, @zimmerle]
- good practices: Initialize variables before use it
[Issue #1889 - Marc Stern]
- Fix utf-8 character encoding conversion
[Issue #1794 - @tinselcity, @zimmerle]
- Adds support for ctl:requestBodyProcessor=URLENCODED
[Issue #1797 - @victorhora]
- Add LUA compatibility for CentOS and try to use LuaJIT first if available
[Issue #1622 - @victorhora, @dmitryzykov]
- Allow LuaJIT to be used
[Issue #1809 - @victorhora, @p0pr0ck5]
- Implement support for Lua 5.1
[Issue #1809 - @p0pr0ck5, @victorhora]
- Variable names must match fully, not partially. Match should be case
insensitive.
[Issue #1818, #1820, #1810, #1808 - @michaelgranzow-avi, @victorhora,
@theMiddleBlue, @airween, @zimmerle,
@LeeShan87]
- Improves the performance while loading the rules
[Issue #1735 - @zimmerle, @p0pr0ck5, @victorhora]
- Allow empty strings to be evaluated by regex::searchAll
[Issue #1799, #1785 - @victorhora, @XuanHuyDuong, @zimmerle]
- Adds basic pkg-config info
[Issue #1790 - @gquintard, @zimmerle]
- Fixed LMDB collection errors
[Issue #1787 - @airween, @zimmerle]
- Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors
[Issue #1747, #1924 - @airween, @victorhora, @defanator, @zimmerle]
- Fix ip tree lookup on netmask content
[Issue #1793 - @tinselcity, @zimmerle]
- Changes the behavior of the default sec actions
[Issue #1629 - @mirkodziadzka-avi, @zimmerle, @victorhora]
- Refactoring on {global,ip,resources,session,tx,user} collections
[Issue #1754, #1778 - @LeeShan87, @zimmerle, @victorhora, @wwd5613,
@sobigboy]
- Fix race condition in UniqueId::uniqueId()
[Issue #1786 - @weliu]
- Fix memory leak in error message for msc_rules_merge C APIs
[Issue #1765 - @weliu]
- Return false in SharedFiles::open() when an error happens
[Issue #1783 - @weliu]
- Use rvalue reference in ModSecurity::serverLog
[Issue #1769 - @weliu]
- Build System: Fix when multiple lines for curl version.
[Issue #1771 - @Artistan]
- Checks if response body inspection is enabled before process it
[Issue #1643 - @zoltan-fedor, @dennus, @defanator, @zimmerle]
- Code Cleanup.
[Issue #1757, #1755, #1756, #1761 - @p0pr0ck5]
- Fix setvar parsing of quoted data
[Issue #1733, #1759, #1775 - @victorhora, @JaiHarpalani, @defanator]
- Fix LDFLAGS for unit tests.
[Issue #1758 - @smlx]
- Adds time stamp back to the audit logs
[Issue #1762 - @Pjack, @zimmerle]
- Disables skip counter if debug log is disabled
[@zimmerle]
- Cosmetics: Represents amount of skipped rules without decimal
[Issue #1737 - @p0pr0ck5]
- Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser
[Issue #1752 - @victorhora]
- Fix STATUS var parsing and accept STATUS_LINE var for v2 backward comp.
[Issue #1738 - @victorhora]
- Fix memory leak in modsecurity::utils::expandEnv()
[Issue #1750 - @defanator]
- Initialize m_dtd member in ValidateDTD class as NULL
[Issue #1751 - @airween]
- Fix broken @detectxss operator regression test case
[Issue #1739 - @p0pr0ck5]
- Fix utils::string::ssplit() to handle delimiter in the end of string
[Issue #1743, #1744 - @defanator]
- Fix variable FILES_TMPNAMES
[Issue #1646, #1610 - @victorhora, @zimmerle, @defanator]
- Fix memory leak in Collections
[Issue #1729, #1730 - @defanator]
v3.0.2 - 2018-Apr-03
--------------------
- Fix lib version information while generating the .so file
[@gl1f1v21, @zimmerle]
v3.0.1 - 2018-Apr-02
--------------------
- Adds support for ctl:ruleRemoveByTag
[@zimmerle, @weliu]
- Fix SecUploadDir configuration merge
[Issue #1720 - @zimmerle, @gjvanetten]
- Include all prerequisites for "make check" into dist archive
[Issue #1716 - @defanator]
- Fix: Reverse logic of checking output in @inspectFile
[Issue #1715 - @defanator]
- Adds support to libMaxMind
[Issue #1307 - @zimmerle, @defanator]
- Adds capture action to detectXSS
[Issue #1698 - @victorhora]
- Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
[Issue #1701 - @victorhora]
- Adds capture action to detectSQLi
[Issue #1698 - @zimmerle]
- Adds capture action to rbl
[Issue #1698 - @zimmerle]
- Adds capture action to verifyCC
[Issue #1698 - @michaelgranzow-avi, @zimmerle]
- Adds capture action to verifySSN
[Issue #1698 - @zimmerle]
- Adds capture action to verifyCPF
[Issue #1698 - @zimmerle]
- Prettier error messages for unsupported configurations (UX)
[@victorhora]
- Add missing verify*** transformation statements to parser
[Issue #1006 and #1007 - @victorhora]
- Fix a set of compilation warnings
[Issue #1650 - @zimmerle, @JayCase]
- Check for disruptive action on SecDefaultAction.
[Issue #1614 - @zimmerle, @michaelgranzow-avi]
- Fix block-block infinite loop.
[Issue #1614 - @zimmerle, @michaelgranzow-avi]
- Correction remove_by_tag and remove_by_msg logic.
[Issue #1636 - @Minasu]
- Fix LMDB compile error
[Issue #1691 - @airween]
- Fix msc_who_am_i() to return pointer to a valid C string
[Issue #1640 - @defanator]
- Added some cosmetics to autoconf related code
[Issue #1652 - @airween]
- Fix "make dist" target to include necessary headers for Lua
[Issue #1678 - @defanator]
- Fix "include /foo/*.conf" for single matched object in directory
[Issue #1677 - @defanator, @zimmerle]
- Add missing Base64 transformation statements to parser
[Issue #1632 - @victorhora, @zimmerle]
- Fixed resource load on ip match from file
[#1674 - @zimmerle, @StefaanSeys]
- Fixed examples compilation while using disable-shared
[#1670 - @zimmerle, @ivanbaldo]
- Fixed compilation issue while xml is disabled
[0x243028 - @zimmerle]
- Having LDADD and LDFLAGS organized on Makefile.am
[0xd0e85e - @zimmerle]
- Checking std::deque size before use it
[0x217cbf - @zimmerle, Yaron Dayagi]
- perf improvement: Added the concept of RunTimeString and removed
all run time parser.
[0x3eae51 0x0320e0 0xb5688f 0xfe47a9 0xfa9842 0x1affc3 0x079de4
0xc7c04f 0x5262ea 0x01974a 0xd5ee1e - @zimmerle]
- perf improvement: Checks debuglog level before format debug msg
[0x42ee9 - @zimmerle]
- perf. improvement/rx: Only compute dynamic regex in case of macro
[0x91ff3 - @zimmerle]
- Fix uri on the benchmark utility
[0x63bec - @zimmerle]
- disable Lua on systems with liblua5.1
[Issue #1639 - @victorhora, @defanator]
v3.0.0 - 2017-Dec-13
--------------------
- Improvements on LUA build scripts and support for LUA 5.2.
[Issue #1617 and #1622 - @victorhora, @zimmerle]
- Fix compilation error with disable_debug_log flag
[0xfd84e - Izik Abramov]
- Improvements on the benchmark tool.
[Issue #1615 - @zimmerle]
- Fix lua headers on the build scripts
[Issue #1621 - @Minasu]
- Refactoring on the JSON parser.
[Issue #1576, #1577 - Tobias Gutknecht, @zimmerle, @victorhora, @marcstern]
- Adds support to WEBAPPID variable.
[Issue #1027 - @zimmerle, @victorhora]
- Adds support for SecWebAppId.
[Issue #1442 - @zimmerle, @victorhora]
- Adds support for SecRuleRemoveByTag.
[Issue #1476 - @zimmerle, @victorhora]
- Adds support for update target by message.
[Issue #1474 - @zimmerle, @victorhora]
- Adds support to SecRuleScript directive.
[Issue #994 - @zimmerle]
- Adds support for the exec action.
[Issue #1050 - @zimmerle]
- Adds support for transformations inside Lua engine
[Issue #994 - @zimmerle]
- Adds initial support for Lua engine.
[Issue #994 - @zimmerle]
- Adds support for @inspectFile operator.
[Issue #999 - @zimmerle, @victorhora]
- Adds support for RESOURCE variable collection.
[Issue #1014 - @zimmerle, @victorhora]
- Adds support for @fuzzyHash operator.
[Issue #997 - @zimmerle]
- Fix build on non x86 arch build
[Issue #1598 - @athmane]
- Fix memory issue while changing rule target dynamic
[Issue #1590 - @zimmerle, @slabber]
- Fix log while displaying the name of a dict selection by regex.
[@zimmerle]
- Setting http response code on the auditlog.
[Issue #1592 - @zimmerle]
- Refactoring on RuleMessage class, now accepting http code as parameter.
[@zimmerle]
- Having disruptive msgs as disruptive [instead of warnings] on audit log
[Issue #1592 - @zimmerle, @nobodysz]
- Parser: Pipes are no longer welcomed inside regex dict element selection.
[Issue #1591 - @zimmerle, @slabber]
- Avoids unicode initialization on every rules object
[Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias,
@intelbg]
- Makes clear to the user whenever the audit log is empty due to missing
JSON support.
[Issue #1585 - @zimmerle]
- Makes auditlog more verbose on debug logs
[Issue: #1559 - @zimmerle]
- Enable support for AuditLogFormat
Issue: #1583, #1493 and #1453 - @victorhora]
- Adds macro expansion for @rx operator
[Issue: #1528, #1536 - @asterite3, @zimmerle]
- Consideres under quoted variable while loading the rules.
[Felipe Zimmerle/@zimmerle, Victor Hora/@victorhora]
- Store the connection and url parameters in std::string
[Issue: #1571 - @majordaw]
- Eliminate some reorder and sign warnings
[Issue: #1572 - Dávid Major/@majordaw]
- Makes parallel logging to work when SELinux is enabled.
[Issue: #1562 - David Buckle/@met3or]
- Adds possibility to run the pm operator inside a mutex to avoid concurrent
access while working on a thread environment. This option is a compilation
flag.
[Felipe Zimmerle/@zimmerle]
v3.0.0-rc1 - 2017-Aug-28
------------------------
Very first public version.

201
LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

353
Makefile.am Normal file
View File

@ -0,0 +1,353 @@
if TEST_UTILITIES
export MAYBE_TEST = test
endif
if EXAMPLES
export MAYBE_EXAMPLES = examples
endif
SUBDIRS = \
others \
src \
doc \
tools \
$(MAYBE_EXAMPLES) \
$(MAYBE_TEST)
# make clean
CLEANFILES =
ACLOCAL_AMFLAGS = -I build
# make maintainer-clean
MAINTAINERCLEANFILES = \
aclocal.m4 \
ar-lib \
build/libtool.m4 \
build/lt~obsolete.m4 \
build/ltoptions.m4 \
build/ltsugar.m4 \
build/ltversion.m4 \
coding-style.txt \
compile \
config.guess \
config.sub \
configure \
cppcheck.txt \
depcomp \
install-sh \
ltmain.sh \
Makefile.in \
missing \
test/modsec-shared-collections \
test/modsec-shared-collections-lock \
test-suite-drd.log \
test-suite-helgrind.log \
test-suite-memcheck.log \
ylwrap
parser:
cat src/parser/seclang-parser.hh | sed "s/return \*new (yyas_<T> ()) T (t)/return *new (yyas_<T> ()) T (std::move((T\&)t))/g" > src/parser/seclang-parser.hh.fix && mv src/parser/seclang-parser.hh.fix src/parser/seclang-parser.hh
cppcheck:
@cppcheck -U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \
-D MS_CPPCHECK_DISABLED_FOR_PARSER -U YY_USER_INIT \
--suppressions-list=./test/cppcheck_suppressions.txt \
--enable=warning,style,performance,portability,unusedFunction,missingInclude \
--inconclusive \
--template="warning: {file},{line},{severity},{id},{message}" \
-I headers -I . -I others -I src -I others/mbedtls -I src/parser \
--error-exitcode=1 \
-i "src/parser/seclang-parser.cc" -i "src/parser/seclang-scanner.cc" \
--force --verbose .
check-static: cppcheck
check-style: check-coding-style
check-coding-style:
@cpplint.py \
$$(find . -name "*.h" -o -name "*.cc" | xargs) 2>&1 \
| egrep -v $$(echo -n "catchall" ; \
for i in $$(cat test/coding_style_suppressions.txt); do echo -n "|"$$i; done) \
| sed 's/^\./warning: ./g' > coding-style.txt
-cat coding-style.txt
@VALGRIND_CHECK_RULES@
VALGRIND_SUPPRESSIONS_FILES = valgrind_suppressions.txt
LOG_DRIVER = env $(SHELL) $(top_srcdir)/test/custom-test-driver
AM_TESTS_ENVIRONMENT=AUTOMAKE_TESTS=true; export AUTOMAKE_TESTS;
LOG_COMPILER=test/test-suite.sh
# for i in `find test/test-cases -iname *.json`; do echo TESTS+=$i; done
TESTS=
TESTS+=test/test-cases/regression/action-allow.json
TESTS+=test/test-cases/regression/action-block.json
TESTS+=test/test-cases/regression/action-ctl_request_body_access.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json
TESTS+=test/test-cases/regression/action-ctl_rule_engine.json
TESTS+=test/test-cases/regression/action-ctl_audit_engine.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json
TESTS+=test/test-cases/regression/action-disruptive.json
TESTS+=test/test-cases/regression/action-exec.json
TESTS+=test/test-cases/regression/action-id.json
TESTS+=test/test-cases/regression/action-initcol.json
TESTS+=test/test-cases/regression/action-msg.json
TESTS+=test/test-cases/regression/action-setenv.json
TESTS+=test/test-cases/regression/action-setrsc.json
TESTS+=test/test-cases/regression/action-setsid.json
TESTS+=test/test-cases/regression/action-setuid.json
TESTS+=test/test-cases/regression/actions.json
TESTS+=test/test-cases/regression/action-skip.json
TESTS+=test/test-cases/regression/action-tag.json
TESTS+=test/test-cases/regression/action-tnf-base64.json
TESTS+=test/test-cases/regression/action-xmlns.json
TESTS+=test/test-cases/regression/auditlog.json
TESTS+=test/test-cases/regression/collection-case-insensitive.json
TESTS+=test/test-cases/regression/collection-lua.json
TESTS+=test/test-cases/regression/collection-regular_expression_selection.json
TESTS+=test/test-cases/regression/collection-resource.json
TESTS+=test/test-cases/regression/collection-tx.json
TESTS+=test/test-cases/regression/collection-tx-with-macro.json
TESTS+=test/test-cases/regression/config-body_limits.json
TESTS+=test/test-cases/regression/config-calling_phases_by_name.json
TESTS+=test/test-cases/regression/config-include-bad.json
TESTS+=test/test-cases/regression/config-include.json
TESTS+=test/test-cases/regression/config-remove_by_id.json
TESTS+=test/test-cases/regression/config-remove_by_msg.json
TESTS+=test/test-cases/regression/config-remove_by_tag.json
TESTS+=test/test-cases/regression/config-response_type.json
TESTS+=test/test-cases/regression/config-secdefaultaction.json
TESTS+=test/test-cases/regression/config-secremoterules.json
TESTS+=test/test-cases/regression/config-update-action-by-id.json
TESTS+=test/test-cases/regression/config-update-target-by-id.json
TESTS+=test/test-cases/regression/config-update-target-by-msg.json
TESTS+=test/test-cases/regression/config-update-target-by-tag.json
TESTS+=test/test-cases/regression/config-xml_external_entity.json
TESTS+=test/test-cases/regression/debug_log.json
TESTS+=test/test-cases/regression/directive-sec_rule_script.json
TESTS+=test/test-cases/regression/issue-1152.json
TESTS+=test/test-cases/regression/issue-1528.json
TESTS+=test/test-cases/regression/issue-1565.json
TESTS+=test/test-cases/regression/issue-1576.json
TESTS+=test/test-cases/regression/issue-1591.json
TESTS+=test/test-cases/regression/issue-1725.json
TESTS+=test/test-cases/regression/issue-1743.json
TESTS+=test/test-cases/regression/issue-1785.json
TESTS+=test/test-cases/regression/issue-1812.json
TESTS+=test/test-cases/regression/issue-1831.json
TESTS+=test/test-cases/regression/issue-1844.json
TESTS+=test/test-cases/regression/issue-1850.json
TESTS+=test/test-cases/regression/issue-1941.json
TESTS+=test/test-cases/regression/issue-1943.json
TESTS+=test/test-cases/regression/issue-1956.json
TESTS+=test/test-cases/regression/issue-1960.json
TESTS+=test/test-cases/regression/issue-2099.json
TESTS+=test/test-cases/regression/issue-2000.json
TESTS+=test/test-cases/regression/issue-2111.json
TESTS+=test/test-cases/regression/issue-2196.json
TESTS+=test/test-cases/regression/issue-2423-msg-in-chain.json
TESTS+=test/test-cases/regression/issue-2427.json
TESTS+=test/test-cases/regression/issue-2296.json
TESTS+=test/test-cases/regression/issue-394.json
TESTS+=test/test-cases/regression/issue-849.json
TESTS+=test/test-cases/regression/issue-960.json
TESTS+=test/test-cases/regression/misc.json
TESTS+=test/test-cases/regression/misc-variable-under-quotes.json
TESTS+=test/test-cases/regression/offset-variable.json
TESTS+=test/test-cases/regression/operator-detectsqli.json
TESTS+=test/test-cases/regression/operator-detectxss.json
TESTS+=test/test-cases/regression/operator-fuzzyhash.json
TESTS+=test/test-cases/regression/operator-inpectFile.json
TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json
TESTS+=test/test-cases/regression/operator-pm.json
TESTS+=test/test-cases/regression/operator-rx.json
TESTS+=test/test-cases/regression/operator-rxGlobal.json
TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json
TESTS+=test/test-cases/regression/operator-validate-byte-range.json
TESTS+=test/test-cases/regression/operator-verifycc.json
TESTS+=test/test-cases/regression/operator-verifycpf.json
TESTS+=test/test-cases/regression/operator-verifyssn.json
TESTS+=test/test-cases/regression/operator-verifysvnr.json
TESTS+=test/test-cases/regression/request-body-parser-json.json
TESTS+=test/test-cases/regression/request-body-parser-multipart-crlf.json
TESTS+=test/test-cases/regression/request-body-parser-multipart.json
TESTS+=test/test-cases/regression/request-body-parser-xml.json
TESTS+=test/test-cases/regression/request-body-parser-xml-validade-dtd.json
TESTS+=test/test-cases/regression/rule-920120.json
TESTS+=test/test-cases/regression/rule-920200.json
TESTS+=test/test-cases/regression/rule-920274.json
TESTS+=test/test-cases/regression/secaction.json
TESTS+=test/test-cases/regression/secargumentslimit.json
TESTS+=test/test-cases/regression/sec_component_signature.json
TESTS+=test/test-cases/regression/secmarker.json
TESTS+=test/test-cases/regression/secruleengine.json
TESTS+=test/test-cases/regression/transformation-none.json
TESTS+=test/test-cases/regression/transformations.json
TESTS+=test/test-cases/regression/variable-ARGS_COMBINED_SIZE.json
TESTS+=test/test-cases/regression/variable-ARGS_GET.json
TESTS+=test/test-cases/regression/variable-ARGS_GET_NAMES.json
TESTS+=test/test-cases/regression/variable-ARGS.json
TESTS+=test/test-cases/regression/variable-ARGS_NAMES.json
TESTS+=test/test-cases/regression/variable-ARGS_POST.json
TESTS+=test/test-cases/regression/variable-ARGS_POST_NAMES.json
TESTS+=test/test-cases/regression/variable-AUTH_TYPE.json
TESTS+=test/test-cases/regression/variable-DURATION.json
TESTS+=test/test-cases/regression/variable-ENV.json
TESTS+=test/test-cases/regression/variable-FILES_COMBINED_SIZE.json
TESTS+=test/test-cases/regression/variable-FILES.json
TESTS+=test/test-cases/regression/variable-FILES_NAMES.json
TESTS+=test/test-cases/regression/variable-FILES_SIZES.json
TESTS+=test/test-cases/regression/variable-FULL_REQUEST.json
TESTS+=test/test-cases/regression/variable-FULL_REQUEST_LENGTH.json
TESTS+=test/test-cases/regression/variable-GEO.json
TESTS+=test/test-cases/regression/variable-HIGHEST_SEVERITY.json
TESTS+=test/test-cases/regression/variable-INBOUND_DATA_ERROR.json
TESTS+=test/test-cases/regression/variable-MATCHED_VAR.json
TESTS+=test/test-cases/regression/variable-MATCHED_VAR_NAME.json
TESTS+=test/test-cases/regression/variable-MATCHED_VARS.json
TESTS+=test/test-cases/regression/variable-MATCHED_VARS_NAMES.json
TESTS+=test/test-cases/regression/variable-MODSEC_BUILD.json
TESTS+=test/test-cases/regression/variable-MULTIPART_CRLF_LF_LINES.json
TESTS+=test/test-cases/regression/variable-MULTIPART_FILENAME.json
TESTS+=test/test-cases/regression/variable-MULTIPART_INVALID_HEADER_FOLDING.json
TESTS+=test/test-cases/regression/variable-MULTIPART_NAME.json
TESTS+=test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json
TESTS+=test/test-cases/regression/variable-MULTIPART_STRICT_ERROR.json
TESTS+=test/test-cases/regression/variable-MULTIPART_UNMATCHED_BOUNDARY.json
TESTS+=test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json
TESTS+=test/test-cases/regression/variable-PATH_INFO.json
TESTS+=test/test-cases/regression/variable-QUERY_STRING.json
TESTS+=test/test-cases/regression/variable-REMOTE_ADDR.json
TESTS+=test/test-cases/regression/variable-REMOTE_HOST.json
TESTS+=test/test-cases/regression/variable-REMOTE_PORT.json
TESTS+=test/test-cases/regression/variable-REMOTE_USER.json
TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json
TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR.json
TESTS+=test/test-cases/regression/variable-REQUEST_BASENAME.json
TESTS+=test/test-cases/regression/variable-REQUEST_BODY.json
TESTS+=test/test-cases/regression/variable-REQUEST_BODY_LENGTH.json
TESTS+=test/test-cases/regression/variable-REQUEST_COOKIES.json
TESTS+=test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json
TESTS+=test/test-cases/regression/variable-REQUEST_FILENAME.json
TESTS+=test/test-cases/regression/variable-REQUEST_HEADERS.json
TESTS+=test/test-cases/regression/variable-REQUEST_HEADERS_NAMES.json
TESTS+=test/test-cases/regression/variable-REQUEST_LINE.json
TESTS+=test/test-cases/regression/variable-REQUEST_METHOD.json
TESTS+=test/test-cases/regression/variable-REQUEST_PROTOCOL.json
TESTS+=test/test-cases/regression/variable-REQUEST_URI.json
TESTS+=test/test-cases/regression/variable-REQUEST_URI_RAW.json
TESTS+=test/test-cases/regression/variable-RESPONSE_BODY.json
TESTS+=test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json
TESTS+=test/test-cases/regression/variable-RESPONSE_CONTENT_TYPE.json
TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json
TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS_NAMES.json
TESTS+=test/test-cases/regression/variable-RESPONSE_PROTOCOL.json
TESTS+=test/test-cases/regression/variable-RULE.json
TESTS+=test/test-cases/regression/variable-SERVER_ADDR.json
TESTS+=test/test-cases/regression/variable-SERVER_NAME.json
TESTS+=test/test-cases/regression/variable-SERVER_PORT.json
TESTS+=test/test-cases/regression/variable-SESSIONID.json
TESTS+=test/test-cases/regression/variable-STATUS.json
TESTS+=test/test-cases/regression/variable-TIME_DAY.json
TESTS+=test/test-cases/regression/variable-TIME_EPOCH.json
TESTS+=test/test-cases/regression/variable-TIME_HOUR.json
TESTS+=test/test-cases/regression/variable-TIME.json
TESTS+=test/test-cases/regression/variable-TIME_MIN.json
TESTS+=test/test-cases/regression/variable-TIME_MON.json
TESTS+=test/test-cases/regression/variable-TIME_SEC.json
TESTS+=test/test-cases/regression/variable-TIME_WDAY.json
TESTS+=test/test-cases/regression/variable-TIME_YEAR.json
TESTS+=test/test-cases/regression/variable-TX.json
TESTS+=test/test-cases/regression/variable-UNIQUE_ID.json
TESTS+=test/test-cases/regression/variable-URLENCODED_ERROR.json
TESTS+=test/test-cases/regression/variable-USERID.json
TESTS+=test/test-cases/regression/variable-variation-count.json
TESTS+=test/test-cases/regression/variable-variation-exclusion.json
TESTS+=test/test-cases/regression/variable-WEBAPPID.json
TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json
TESTS+=test/test-cases/regression/variable-XML.json
TESTS+=test/test-cases/secrules-language-tests/operators/beginsWith.json
TESTS+=test/test-cases/secrules-language-tests/operators/contains.json
TESTS+=test/test-cases/secrules-language-tests/operators/containsWord.json
TESTS+=test/test-cases/secrules-language-tests/operators/detectSQLi.json
TESTS+=test/test-cases/secrules-language-tests/operators/detectXSS.json
TESTS+=test/test-cases/secrules-language-tests/operators/endsWith.json
TESTS+=test/test-cases/secrules-language-tests/operators/eq.json
TESTS+=test/test-cases/secrules-language-tests/operators/ge.json
TESTS+=test/test-cases/secrules-language-tests/operators/geoLookup.json
TESTS+=test/test-cases/secrules-language-tests/operators/gt.json
TESTS+=test/test-cases/secrules-language-tests/operators/ipMatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/le.json
TESTS+=test/test-cases/secrules-language-tests/operators/lt.json
TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json
TESTS+=test/test-cases/secrules-language-tests/operators/pm.json
TESTS+=test/test-cases/secrules-language-tests/operators/rx.json
TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json
TESTS+=test/test-cases/secrules-language-tests/operators/streq.json
TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/validateByteRange.json
TESTS+=test/test-cases/secrules-language-tests/operators/validateUrlEncoding.json
TESTS+=test/test-cases/secrules-language-tests/operators/validateUtf8Encoding.json
TESTS+=test/test-cases/secrules-language-tests/operators/verifyCC.json
TESTS+=test/test-cases/secrules-language-tests/operators/verifycpf.json
TESTS+=test/test-cases/secrules-language-tests/operators/verifyssn.json
TESTS+=test/test-cases/secrules-language-tests/operators/verifysvnr.json
TESTS+=test/test-cases/secrules-language-tests/operators/within.json
TESTS+=test/test-cases/secrules-language-tests/transformations/base64DecodeExt.json
TESTS+=test/test-cases/secrules-language-tests/transformations/base64Decode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/base64Encode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/cmdLine.json
TESTS+=test/test-cases/secrules-language-tests/transformations/compressWhitespace.json
TESTS+=test/test-cases/secrules-language-tests/transformations/cssDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/escapeSeqDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/hexDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/hexEncode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/htmlEntityDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/jsDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/length.json
TESTS+=test/test-cases/secrules-language-tests/transformations/lowercase.json
TESTS+=test/test-cases/secrules-language-tests/transformations/md5.json
TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePath.json
TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePathWin.json
TESTS+=test/test-cases/secrules-language-tests/transformations/parityEven7bit.json
TESTS+=test/test-cases/secrules-language-tests/transformations/parityOdd7bit.json
TESTS+=test/test-cases/secrules-language-tests/transformations/parityZero7bit.json
TESTS+=test/test-cases/secrules-language-tests/transformations/removeCommentsChar.json
TESTS+=test/test-cases/secrules-language-tests/transformations/removeComments.json
TESTS+=test/test-cases/secrules-language-tests/transformations/removeNulls.json
TESTS+=test/test-cases/secrules-language-tests/transformations/removeWhitespace.json
TESTS+=test/test-cases/secrules-language-tests/transformations/replaceComments.json
TESTS+=test/test-cases/secrules-language-tests/transformations/replaceNulls.json
TESTS+=test/test-cases/secrules-language-tests/transformations/sha1.json
TESTS+=test/test-cases/secrules-language-tests/transformations/sqlHexDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/trim.json
TESTS+=test/test-cases/secrules-language-tests/transformations/trimLeft.json
TESTS+=test/test-cases/secrules-language-tests/transformations/trimRight.json
TESTS+=test/test-cases/secrules-language-tests/transformations/urlDecode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/urlDecodeUni.json
TESTS+=test/test-cases/secrules-language-tests/transformations/urlEncode.json
TESTS+=test/test-cases/secrules-language-tests/transformations/utf8toUnicode.json
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = modsecurity.pc
EXTRA_DIST = modsecurity.pc.in \
modsecurity.conf-recommended \
unicode.mapping

276
README.md Normal file
View File

@ -0,0 +1,276 @@
<img src="https://github.com/SpiderLabs/ModSecurity/raw/v3/master/others/modsec.png" width="50%">
![Quality Assurance](https://github.com/SpiderLabs/ModSecurity/workflows/Quality%20Assurance/badge.svg)
[![Build Status](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=alert_status)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
[![](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=sqale_rating
)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
[![](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=reliability_rating
)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
[![](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=security_rating
)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
[![](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=vulnerabilities
)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
Libmodsecurity is one component of the ModSecurity v3 project. The library
codebase serves as an interface to ModSecurity Connectors taking in web traffic
and applying traditional ModSecurity processing. In general, it provides the
capability to load/interpret rules written in the ModSecurity SecRules format
and apply them to HTTP content provided by your application via Connectors.
If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenance and available:
[here](https://github.com/SpiderLabs/ModSecurity/tree/v2/master).
### What is the difference between this project and the old ModSecurity (v2.x.x)?
* All Apache dependencies have been removed
* Higher performance
* New features
* New architecture
Libmodsecurity is a complete rewrite of the ModSecurity platform. When it was first devised the ModSecurity project started as just an Apache module. Over time the project has been extended, due to popular demand, to support other platforms including (but not limited to) Nginx and IIS. In order to provide for the growing demand for additional platform support, it has became necessary to remove the Apache dependencies underlying this project, making it more platform independent.
As a result of this goal we have rearchitected Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opportunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to natively support auditlogs in the JSON format, along with a host of other functionality in future versions.
### It is no longer just a module.
The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
Keeping these connectors separated allows each project to have different release cycles, issues and development trees. Additionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
# Compilation
Before starting the compilation process, make sure that you have all the
dependencies in place. Read the subsection “Dependencies” for further
information.
After the compilation make sure that there are no issues on your
build/platform. We strongly recommend the utilization of the unit tests and
regression tests. These test utilities are located under the subfolder tests.
As a dynamic library, dont forget that libmodsecurity must be installed to a location (folder) where you OS will be looking for dynamic libraries.
### Unix (Linux, MacOS, FreeBSD, …)
On unix the project uses autotools to help the compilation process.
```shell
$ ./build.sh
$ ./configure
$ make
$ sudo make install
```
Details on distribution specific builds can be found in our Wiki:
[Compilation Recipes](https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes)
### Windows
Windows build is not ready yet.
## Dependencies
This library is written in C++ using the C++11 standards. It also uses Flex
and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests.
All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows:
* libinjection is needed for the operator @detectXSS and @detectSQL
* curl is needed for the directive SecRemoteRules.
If those libraries are missing ModSecurity will be compiled without the support for the operator @detectXSS and the configuration directive SecRemoteRules.
# Library documentation
The library documentation is written within the code in Doxygen format. To generate this documentation, please use the doxygen utility with the provided configuration file, “doxygen.cfg”, located with the "doc/" subfolder. This will generate HTML formatted documentation including usage examples.
# Library utilization
The library provides a C++ and C interface. Some resources are currently only
available via the C++ interface, for instance, the capability to create custom logging
mechanism (see the regression test to check for how those logging mechanism works).
The objective is to have both APIs (C, C++) providing the same functionality,
if you find an aspect of the API that is missing via a particular interface, please open an issue.
Inside the subfolder examples, there are simple examples on how to use the API.
Below some are illustrated:
### Simple example using C++
```c++
using ModSecurity::ModSecurity;
using ModSecurity::Rules;
using ModSecurity::Transaction;
ModSecurity *modsec;
ModSecurity::Rules *rules;
modsec = new ModSecurity();
rules = new Rules();
rules->loadFromUri(rules_file);
Transaction *modsecTransaction = new Transaction(modsec, rules);
modsecTransaction->processConnection("127.0.0.1");
if (modsecTransaction->intervention()) {
std::cout << "There is an intervention" << std::endl;
}
```
### Simple example using C
```c
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
char main_rule_uri[] = "basic_rules.conf";
int main (int argc, char **argv)
{
ModSecurity *modsec = NULL;
Transaction *transaction = NULL;
Rules *rules = NULL;
modsec = msc_init();
rules = msc_create_rules_set();
msc_rules_add_file(rules, main_rule_uri);
transaction = msc_new_transaction(modsec, rules);
msc_process_connection(transaction, "127.0.0.1");
msc_process_uri(transaction, "http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3&test=args&test=test");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
msc_process_response_headers(transaction);
msc_process_response_body(transaction);
return 0;
}
```
# Contributing
You are more than welcome to contribute to this project and look forward to growing the community around this new version of ModSecurity. Areas of interest include: New
functionalities, fixes, bug report, support for beginning users, or anything that you
are willing to help with.
## Providing patches
We prefer to have your patch within the GitHub infrastructure to facilitate our
review work, and our Q.A. integration. GitHub provides excellent
documentation on how to perform “Pull Requests”, more information available
here: https://help.github.com/articles/using-pull-requests/
Please respect the coding style. Pull requests can include various commits, so
provide one fix or one piece of functionality per commit. Please do not change anything outside
the scope of your target work (e.g. coding style in a function that you have
passed by). For further information about the coding style used in this
project, please check: https://www.chromium.org/blink/coding-style
Provides explanative commit messages. Your first line should give the highlights of your
patch, 3rd and on give a more detailed explanation/technical details about your
patch. Patch explanation is valuable during the review process.
### Dont know where to start?
Within our code there are various items marked as TODO or FIXME that may need
your attention. Check the list of items by performing a grep:
```
$ cd /path/to/modsecurity-nginx
$ egrep -Rin "TODO|FIXME" -R *
```
A TODO list is also available as part of the Doxygen documentation.
### Testing your patch
Along with the manual testing, we strongly recommend you to use the our
regression tests and unit tests. If you have implemented an operator, dont
forget to create unit tests for it. If you implement anything else, it is encouraged that you develop complimentary regression tests for it.
The regression test and unit test utilities are native and do not demand any
external tool or script, although you need to fetch the test cases from other
repositories, as they are shared with other versions of ModSecurity, those
others repositories git submodules. To fetch the submodules repository and run
the utilities, follow the commands listed below:
```shell
$ cd /path/to/your/ModSecurity
$ git submodule foreach git pull
$ cd test
$ ./regression-tests
$ ./unit-tests
```
### Debugging
Before start the debugging process, make sure of where your bug is. The problem
could be on your connector or in libmodsecurity. In order to identify where the
bug is, it is recommended that you develop a regression test that mimics the
scenario where the bug is happening. If the bug is reproducible with the
regression-test utility, then it will be far simpler to debug and ensure that it never occurs again. On Linux it is
recommended that anyone undertaking debugging utilize gdb and/or valgrind as needed.
During the configuration/compilation time, you may want to disable the compiler
optimization making your “back traces” populated with readable data. Use the
CFLAGS to disable the compilation optimization parameters:
```shell
$ export CFLAGS="-g -O0"
$ ./build.sh
$ ./configure
$ make
$ sudo make install
```
## Reporting Issues
If you are facing a configuration issue or something is not working as you
expected to be, please use the ModSecurity users mailing list. Issues on GitHub
are also welcomed, but we prefer to have user ask questions on the mailing list first so that you can reach an entire community. Also dont forget to look for existing issues before open a new one.
If you are going to open a new issue on GitHub, dont forget to tell us the
version of your libmodsecurity and the version of a specific connector if there
is one.
### Security issue
Please do not make public any security issue. Contact us at:
security@modsecurity.org reporting the issue. Once the problem is fixed your
credit will be given.
## Feature request
We are open to discussing any new feature request with the community via the mailing lists. You can alternativly,
feel free to open GitHub issues requesting new features. Before opening a
new issue, please check if there is one already opened on the same topic.
## Bindings
The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
* Python - https://github.com/actions-security/pymodsecurity
* Varnish - https://github.com/xdecock/vmod-modsecurity
## Packaging
Having our packages in distros on time is a desire that we have, so let us know
if there is anything we can do to facilitate your work as a packager.
## Sponsor Note
Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/

9
SECURITY.md Normal file
View File

@ -0,0 +1,9 @@
# Security Policy
## Supported Versions
The latest versions of both v2.9.x and v3.0.x are supported.
## Reporting a Vulnerability
For information on how to report a security issue, please see https://github.com/SpiderLabs/ModSecurity#security-issue

1
bindings/python Submodule

@ -0,0 +1 @@
Subproject commit bc625d5bb0bac6a64bcce8dc9902208612399348

13
build.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
rm -rf autom4te.cache
rm -f aclocal.m4
case `uname` in Darwin*) glibtoolize --force --copy ;;
*) libtoolize --force --copy ;; esac
autoreconf --install
autoheader
automake --add-missing --foreign --copy --force-missing
autoconf --force
rm -rf autom4te.cache

0
build/.empty Normal file
View File

171
build/ax_cxx_compile_stdcxx_11.m4 Normal file
View File

@ -0,0 +1,171 @@
# ============================================================================
# http://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx_11.html
# ============================================================================
#
# SYNOPSIS
#
# AX_CXX_COMPILE_STDCXX_11([ext|noext],[mandatory|optional])
#
# DESCRIPTION
#
# Check for baseline language coverage in the compiler for the C++11
# standard; if necessary, add switches to CXXFLAGS to enable support.
#
# The first argument, if specified, indicates whether you insist on an
# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g.
# -std=c++11). If neither is specified, you get whatever works, with
# preference for an extended mode.
#
# The second argument, if specified 'mandatory' or if left unspecified,
# indicates that baseline C++11 support is required and that the macro
# should error out if no mode with that support is found. If specified
# 'optional', then configuration proceeds regardless, after defining
# HAVE_CXX11 if and only if a supporting mode is found.
#
# LICENSE
#
# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com>
# Copyright (c) 2012 Zack Weinberg <zackw@panix.com>
# Copyright (c) 2013 Roy Stogner <roystgnr@ices.utexas.edu>
# Copyright (c) 2014, 2015 Google Inc.; contributed by Alexey Sokolov <sokolov@google.com>
# Copyright (c) 2015 Paul Norman <penorman@mac.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 12
m4_define([_AX_CXX_COMPILE_STDCXX_11_testbody], [[
template <typename T>
struct check
{
static_assert(sizeof(int) <= sizeof(T), "not big enough");
};
struct Base {
virtual void f() {}
};
struct Child : public Base {
virtual void f() override {}
};
typedef check<check<bool>> right_angle_brackets;
int a;
decltype(a) b;
typedef check<int> check_type;
check_type c;
check_type&& cr = static_cast<check_type&&>(c);
auto d = a;
auto l = [](){};
// Prevent Clang error: unused variable 'l' [-Werror,-Wunused-variable]
struct use_l { use_l() { l(); } };
// http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae
// Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function because of this
namespace test_template_alias_sfinae {
struct foo {};
template<typename T>
using member = typename T::member_type;
template<typename T>
void func(...) {}
template<typename T>
void func(member<T>*) {}
void test();
void test() {
func<foo>(0);
}
}
// Check for C++11 attribute support
void noret [[noreturn]] () { throw 0; }
]])
AC_DEFUN([AX_CXX_COMPILE_STDCXX_11], [dnl
m4_if([$1], [], [],
[$1], [ext], [],
[$1], [noext], [],
[m4_fatal([invalid argument `$1' to AX_CXX_COMPILE_STDCXX_11])])dnl
m4_if([$2], [], [ax_cxx_compile_cxx11_required=true],
[$2], [mandatory], [ax_cxx_compile_cxx11_required=true],
[$2], [optional], [ax_cxx_compile_cxx11_required=false],
[m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX_11])])
AC_LANG_PUSH([C++])dnl
ac_success=no
AC_CACHE_CHECK(whether $CXX supports C++11 features by default,
ax_cv_cxx_compile_cxx11,
[AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])],
[ax_cv_cxx_compile_cxx11=yes],
[ax_cv_cxx_compile_cxx11=no])])
if test x$ax_cv_cxx_compile_cxx11 = xyes; then
ac_success=yes
fi
m4_if([$1], [noext], [], [dnl
if test x$ac_success = xno; then
for switch in -std=gnu++11 -std=gnu++0x; do
cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch])
AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch,
$cachevar,
[ac_save_CXXFLAGS="$CXXFLAGS"
CXXFLAGS="$CXXFLAGS $switch"
AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])],
[eval $cachevar=yes],
[eval $cachevar=no])
CXXFLAGS="$ac_save_CXXFLAGS"])
if eval test x\$$cachevar = xyes; then
CXXFLAGS="$CXXFLAGS $switch"
ac_success=yes
break
fi
done
fi])
m4_if([$1], [ext], [], [dnl
if test x$ac_success = xno; then
dnl HP's aCC needs +std=c++11 according to:
dnl http://h21007.www2.hp.com/portal/download/files/unprot/aCxx/PDF_Release_Notes/769149-001.pdf
for switch in -std=c++11 -std=c++0x +std=c++11; do
cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch])
AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch,
$cachevar,
[ac_save_CXXFLAGS="$CXXFLAGS"
CXXFLAGS="$CXXFLAGS $switch"
AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])],
[eval $cachevar=yes],
[eval $cachevar=no])
CXXFLAGS="$ac_save_CXXFLAGS"])
if eval test x\$$cachevar = xyes; then
CXXFLAGS="$CXXFLAGS $switch"
ac_success=yes
break
fi
done
fi])
AC_LANG_POP([C++])
if test x$ax_cxx_compile_cxx11_required = xtrue; then
if test x$ac_success = xno; then
AC_MSG_ERROR([*** A compiler with support for C++11 language features is required.])
fi
else
if test x$ac_success = xno; then
HAVE_CXX11=0
AC_MSG_NOTICE([No compiler with C++11 support was found])
else
HAVE_CXX11=1
AC_DEFINE(HAVE_CXX11,1,
[define if the compiler supports basic C++11 syntax])
fi
AC_SUBST(HAVE_CXX11)
fi
])

533
build/ax_prog_doxygen.m4 Normal file
View File

@ -0,0 +1,533 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_prog_doxygen.html
# ===========================================================================
#
# SYNOPSIS
#
# DX_INIT_DOXYGEN(PROJECT-NAME, DOXYFILE-PATH, [OUTPUT-DIR])
# DX_DOXYGEN_FEATURE(ON|OFF)
# DX_DOT_FEATURE(ON|OFF)
# DX_HTML_FEATURE(ON|OFF)
# DX_CHM_FEATURE(ON|OFF)
# DX_CHI_FEATURE(ON|OFF)
# DX_MAN_FEATURE(ON|OFF)
# DX_RTF_FEATURE(ON|OFF)
# DX_XML_FEATURE(ON|OFF)
# DX_PDF_FEATURE(ON|OFF)
# DX_PS_FEATURE(ON|OFF)
#
# DESCRIPTION
#
# The DX_*_FEATURE macros control the default setting for the given
# Doxygen feature. Supported features are 'DOXYGEN' itself, 'DOT' for
# generating graphics, 'HTML' for plain HTML, 'CHM' for compressed HTML
# help (for MS users), 'CHI' for generating a seperate .chi file by the
# .chm file, and 'MAN', 'RTF', 'XML', 'PDF' and 'PS' for the appropriate
# output formats. The environment variable DOXYGEN_PAPER_SIZE may be
# specified to override the default 'a4wide' paper size.
#
# By default, HTML, PDF and PS documentation is generated as this seems to
# be the most popular and portable combination. MAN pages created by
# Doxygen are usually problematic, though by picking an appropriate subset
# and doing some massaging they might be better than nothing. CHM and RTF
# are specific for MS (note that you can't generate both HTML and CHM at
# the same time). The XML is rather useless unless you apply specialized
# post-processing to it.
#
# The macros mainly control the default state of the feature. The use can
# override the default by specifying --enable or --disable. The macros
# ensure that contradictory flags are not given (e.g.,
# --enable-doxygen-html and --enable-doxygen-chm,
# --enable-doxygen-anything with --disable-doxygen, etc.) Finally, each
# feature will be automatically disabled (with a warning) if the required
# programs are missing.
#
# Once all the feature defaults have been specified, call DX_INIT_DOXYGEN
# with the following parameters: a one-word name for the project for use
# as a filename base etc., an optional configuration file name (the
# default is 'Doxyfile', the same as Doxygen's default), and an optional
# output directory name (the default is 'doxygen-doc').
#
# Automake Support
#
# The following is a template aminclude.am file for use with Automake.
# Make targets and variables values are controlled by the various
# DX_COND_* conditionals set by autoconf.
#
# The provided targets are:
#
# doxygen-doc: Generate all doxygen documentation.
#
# doxygen-run: Run doxygen, which will generate some of the
# documentation (HTML, CHM, CHI, MAN, RTF, XML)
# but will not do the post processing required
# for the rest of it (PS, PDF, and some MAN).
#
# doxygen-man: Rename some doxygen generated man pages.
#
# doxygen-ps: Generate doxygen PostScript documentation.
#
# doxygen-pdf: Generate doxygen PDF documentation.
#
# Note that by default these are not integrated into the automake targets.
# If doxygen is used to generate man pages, you can achieve this
# integration by setting man3_MANS to the list of man pages generated and
# then adding the dependency:
#
# $(man3_MANS): doxygen-doc
#
# This will cause make to run doxygen and generate all the documentation.
#
# The following variable is intended for use in Makefile.am:
#
# DX_CLEANFILES = everything to clean.
#
# Then add this variable to MOSTLYCLEANFILES.
#
# ----- begin aminclude.am -------------------------------------
#
# ## --------------------------------- ##
# ## Format-independent Doxygen rules. ##
# ## --------------------------------- ##
#
# if DX_COND_doc
#
# ## ------------------------------- ##
# ## Rules specific for HTML output. ##
# ## ------------------------------- ##
#
# if DX_COND_html
#
# DX_CLEAN_HTML = @DX_DOCDIR@/html
#
# endif DX_COND_html
#
# ## ------------------------------ ##
# ## Rules specific for CHM output. ##
# ## ------------------------------ ##
#
# if DX_COND_chm
#
# DX_CLEAN_CHM = @DX_DOCDIR@/chm
#
# if DX_COND_chi
#
# DX_CLEAN_CHI = @DX_DOCDIR@/@PACKAGE@.chi
#
# endif DX_COND_chi
#
# endif DX_COND_chm
#
# ## ------------------------------ ##
# ## Rules specific for MAN output. ##
# ## ------------------------------ ##
#
# if DX_COND_man
#
# DX_CLEAN_MAN = @DX_DOCDIR@/man
#
# endif DX_COND_man
#
# ## ------------------------------ ##
# ## Rules specific for RTF output. ##
# ## ------------------------------ ##
#
# if DX_COND_rtf
#
# DX_CLEAN_RTF = @DX_DOCDIR@/rtf
#
# endif DX_COND_rtf
#
# ## ------------------------------ ##
# ## Rules specific for XML output. ##
# ## ------------------------------ ##
#
# if DX_COND_xml
#
# DX_CLEAN_XML = @DX_DOCDIR@/xml
#
# endif DX_COND_xml
#
# ## ----------------------------- ##
# ## Rules specific for PS output. ##
# ## ----------------------------- ##
#
# if DX_COND_ps
#
# DX_CLEAN_PS = @DX_DOCDIR@/@PACKAGE@.ps
#
# DX_PS_GOAL = doxygen-ps
#
# doxygen-ps: @DX_DOCDIR@/@PACKAGE@.ps
#
# @DX_DOCDIR@/@PACKAGE@.ps: @DX_DOCDIR@/@PACKAGE@.tag
# cd @DX_DOCDIR@/latex; \
# rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \
# $(DX_LATEX) refman.tex; \
# $(MAKEINDEX_PATH) refman.idx; \
# $(DX_LATEX) refman.tex; \
# countdown=5; \
# while $(DX_EGREP) 'Rerun (LaTeX|to get cross-references right)' \
# refman.log > /dev/null 2>&1 \
# && test $$countdown -gt 0; do \
# $(DX_LATEX) refman.tex; \
# countdown=`expr $$countdown - 1`; \
# done; \
# $(DX_DVIPS) -o ../@PACKAGE@.ps refman.dvi
#
# endif DX_COND_ps
#
# ## ------------------------------ ##
# ## Rules specific for PDF output. ##
# ## ------------------------------ ##
#
# if DX_COND_pdf
#
# DX_CLEAN_PDF = @DX_DOCDIR@/@PACKAGE@.pdf
#
# DX_PDF_GOAL = doxygen-pdf
#
# doxygen-pdf: @DX_DOCDIR@/@PACKAGE@.pdf
#
# @DX_DOCDIR@/@PACKAGE@.pdf: @DX_DOCDIR@/@PACKAGE@.tag
# cd @DX_DOCDIR@/latex; \
# rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \
# $(DX_PDFLATEX) refman.tex; \
# $(DX_MAKEINDEX) refman.idx; \
# $(DX_PDFLATEX) refman.tex; \
# countdown=5; \
# while $(DX_EGREP) 'Rerun (LaTeX|to get cross-references right)' \
# refman.log > /dev/null 2>&1 \
# && test $$countdown -gt 0; do \
# $(DX_PDFLATEX) refman.tex; \
# countdown=`expr $$countdown - 1`; \
# done; \
# mv refman.pdf ../@PACKAGE@.pdf
#
# endif DX_COND_pdf
#
# ## ------------------------------------------------- ##
# ## Rules specific for LaTeX (shared for PS and PDF). ##
# ## ------------------------------------------------- ##
#
# if DX_COND_latex
#
# DX_CLEAN_LATEX = @DX_DOCDIR@/latex
#
# endif DX_COND_latex
#
# .PHONY: doxygen-run doxygen-doc $(DX_PS_GOAL) $(DX_PDF_GOAL)
#
# .INTERMEDIATE: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL)
#
# doxygen-run: @DX_DOCDIR@/@PACKAGE@.tag
#
# doxygen-doc: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL)
#
# @DX_DOCDIR@/@PACKAGE@.tag: $(DX_CONFIG) $(pkginclude_HEADERS)
# rm -rf @DX_DOCDIR@
# $(DX_ENV) $(DX_DOXYGEN) $(srcdir)/$(DX_CONFIG)
# echo Timestamp >$@
#
# DX_CLEANFILES = \
# @DX_DOCDIR@/@PACKAGE@.tag \
# -r \
# $(DX_CLEAN_HTML) \
# $(DX_CLEAN_CHM) \
# $(DX_CLEAN_CHI) \
# $(DX_CLEAN_MAN) \
# $(DX_CLEAN_RTF) \
# $(DX_CLEAN_XML) \
# $(DX_CLEAN_PS) \
# $(DX_CLEAN_PDF) \
# $(DX_CLEAN_LATEX)
#
# endif DX_COND_doc
#
# ----- end aminclude.am ---------------------------------------
#
# LICENSE
#
# Copyright (c) 2009 Oren Ben-Kiki <oren@ben-kiki.org>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 13
## ----------##
## Defaults. ##
## ----------##
DX_ENV=""
AC_DEFUN([DX_FEATURE_doc], ON)
AC_DEFUN([DX_FEATURE_dot], OFF)
AC_DEFUN([DX_FEATURE_man], OFF)
AC_DEFUN([DX_FEATURE_html], ON)
AC_DEFUN([DX_FEATURE_chm], OFF)
AC_DEFUN([DX_FEATURE_chi], OFF)
AC_DEFUN([DX_FEATURE_rtf], OFF)
AC_DEFUN([DX_FEATURE_xml], OFF)
AC_DEFUN([DX_FEATURE_pdf], ON)
AC_DEFUN([DX_FEATURE_ps], ON)
## --------------- ##
## Private macros. ##
## --------------- ##
# DX_ENV_APPEND(VARIABLE, VALUE)
# ------------------------------
# Append VARIABLE="VALUE" to DX_ENV for invoking doxygen.
AC_DEFUN([DX_ENV_APPEND], [AC_SUBST([DX_ENV], ["$DX_ENV $1='$2'"])])
# DX_DIRNAME_EXPR
# ---------------
# Expand into a shell expression prints the directory part of a path.
AC_DEFUN([DX_DIRNAME_EXPR],
[[expr ".$1" : '\(\.\)[^/]*$' \| "x$1" : 'x\(.*\)/[^/]*$']])
# DX_IF_FEATURE(FEATURE, IF-ON, IF-OFF)
# -------------------------------------
# Expands according to the M4 (static) status of the feature.
AC_DEFUN([DX_IF_FEATURE], [ifelse(DX_FEATURE_$1, ON, [$2], [$3])])
# DX_REQUIRE_PROG(VARIABLE, PROGRAM)
# ----------------------------------
# Require the specified program to be found for the DX_CURRENT_FEATURE to work.
AC_DEFUN([DX_REQUIRE_PROG], [
AC_PATH_TOOL([$1], [$2])
if test "$DX_FLAG_[]DX_CURRENT_FEATURE$$1" = 1; then
AC_MSG_WARN([$2 not found - will not DX_CURRENT_DESCRIPTION])
AC_SUBST(DX_FLAG_[]DX_CURRENT_FEATURE, 0)
fi
])
# DX_TEST_FEATURE(FEATURE)
# ------------------------
# Expand to a shell expression testing whether the feature is active.
AC_DEFUN([DX_TEST_FEATURE], [test "$DX_FLAG_$1" = 1])
# DX_CHECK_DEPEND(REQUIRED_FEATURE, REQUIRED_STATE)
# -------------------------------------------------
# Verify that a required features has the right state before trying to turn on
# the DX_CURRENT_FEATURE.
AC_DEFUN([DX_CHECK_DEPEND], [
test "$DX_FLAG_$1" = "$2" \
|| AC_MSG_ERROR([doxygen-DX_CURRENT_FEATURE ifelse([$2], 1,
requires, contradicts) doxygen-DX_CURRENT_FEATURE])
])
# DX_CLEAR_DEPEND(FEATURE, REQUIRED_FEATURE, REQUIRED_STATE)
# ----------------------------------------------------------
# Turn off the DX_CURRENT_FEATURE if the required feature is off.
AC_DEFUN([DX_CLEAR_DEPEND], [
test "$DX_FLAG_$1" = "$2" || AC_SUBST(DX_FLAG_[]DX_CURRENT_FEATURE, 0)
])
# DX_FEATURE_ARG(FEATURE, DESCRIPTION,
# CHECK_DEPEND, CLEAR_DEPEND,
# REQUIRE, DO-IF-ON, DO-IF-OFF)
# --------------------------------------------
# Parse the command-line option controlling a feature. CHECK_DEPEND is called
# if the user explicitly turns the feature on (and invokes DX_CHECK_DEPEND),
# otherwise CLEAR_DEPEND is called to turn off the default state if a required
# feature is disabled (using DX_CLEAR_DEPEND). REQUIRE performs additional
# requirement tests (DX_REQUIRE_PROG). Finally, an automake flag is set and
# DO-IF-ON or DO-IF-OFF are called according to the final state of the feature.
AC_DEFUN([DX_ARG_ABLE], [
AC_DEFUN([DX_CURRENT_FEATURE], [$1])
AC_DEFUN([DX_CURRENT_DESCRIPTION], [$2])
AC_ARG_ENABLE(doxygen-$1,
[AS_HELP_STRING(DX_IF_FEATURE([$1], [--disable-doxygen-$1],
[--enable-doxygen-$1]),
DX_IF_FEATURE([$1], [don't $2], [$2]))],
[
case "$enableval" in
#(
y|Y|yes|Yes|YES)
AC_SUBST([DX_FLAG_$1], 1)
$3
;; #(
n|N|no|No|NO)
AC_SUBST([DX_FLAG_$1], 0)
;; #(
*)
AC_MSG_ERROR([invalid value '$enableval' given to doxygen-$1])
;;
esac
], [
AC_SUBST([DX_FLAG_$1], [DX_IF_FEATURE([$1], 1, 0)])
$4
])
if DX_TEST_FEATURE([$1]); then
$5
:
fi
AM_CONDITIONAL(DX_COND_$1, DX_TEST_FEATURE([$1]))
if DX_TEST_FEATURE([$1]); then
$6
:
else
$7
:
fi
])
## -------------- ##
## Public macros. ##
## -------------- ##
# DX_XXX_FEATURE(DEFAULT_STATE)
# -----------------------------
AC_DEFUN([DX_DOXYGEN_FEATURE], [AC_DEFUN([DX_FEATURE_doc], [$1])])
AC_DEFUN([DX_DOT_FEATURE], [AC_DEFUN([DX_FEATURE_dot], [$1])])
AC_DEFUN([DX_MAN_FEATURE], [AC_DEFUN([DX_FEATURE_man], [$1])])
AC_DEFUN([DX_HTML_FEATURE], [AC_DEFUN([DX_FEATURE_html], [$1])])
AC_DEFUN([DX_CHM_FEATURE], [AC_DEFUN([DX_FEATURE_chm], [$1])])
AC_DEFUN([DX_CHI_FEATURE], [AC_DEFUN([DX_FEATURE_chi], [$1])])
AC_DEFUN([DX_RTF_FEATURE], [AC_DEFUN([DX_FEATURE_rtf], [$1])])
AC_DEFUN([DX_XML_FEATURE], [AC_DEFUN([DX_FEATURE_xml], [$1])])
AC_DEFUN([DX_XML_FEATURE], [AC_DEFUN([DX_FEATURE_xml], [$1])])
AC_DEFUN([DX_PDF_FEATURE], [AC_DEFUN([DX_FEATURE_pdf], [$1])])
AC_DEFUN([DX_PS_FEATURE], [AC_DEFUN([DX_FEATURE_ps], [$1])])
# DX_INIT_DOXYGEN(PROJECT, [CONFIG-FILE], [OUTPUT-DOC-DIR])
# ---------------------------------------------------------
# PROJECT also serves as the base name for the documentation files.
# The default CONFIG-FILE is "Doxyfile" and OUTPUT-DOC-DIR is "doxygen-doc".
AC_DEFUN([DX_INIT_DOXYGEN], [
# Files:
AC_SUBST([DX_PROJECT], [$1])
AC_SUBST([DX_CONFIG], [ifelse([$2], [], Doxyfile, [$2])])
AC_SUBST([DX_DOCDIR], [ifelse([$3], [], doxygen-doc, [$3])])
# Environment variables used inside doxygen.cfg:
DX_ENV_APPEND(SRCDIR, $srcdir)
DX_ENV_APPEND(PROJECT, $DX_PROJECT)
DX_ENV_APPEND(DOCDIR, $DX_DOCDIR)
DX_ENV_APPEND(VERSION, $PACKAGE_VERSION)
# Doxygen itself:
DX_ARG_ABLE(doc, [generate any doxygen documentation],
[],
[],
[DX_REQUIRE_PROG([DX_DOXYGEN], doxygen)
DX_REQUIRE_PROG([DX_PERL], perl)],
[DX_ENV_APPEND(PERL_PATH, $DX_PERL)])
# Dot for graphics:
DX_ARG_ABLE(dot, [generate graphics for doxygen documentation],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[DX_REQUIRE_PROG([DX_DOT], dot)],
[DX_ENV_APPEND(HAVE_DOT, YES)
DX_ENV_APPEND(DOT_PATH, [`DX_DIRNAME_EXPR($DX_DOT)`])],
[DX_ENV_APPEND(HAVE_DOT, NO)])
# Man pages generation:
DX_ARG_ABLE(man, [generate doxygen manual pages],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[],
[DX_ENV_APPEND(GENERATE_MAN, YES)],
[DX_ENV_APPEND(GENERATE_MAN, NO)])
# RTF file generation:
DX_ARG_ABLE(rtf, [generate doxygen RTF documentation],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[],
[DX_ENV_APPEND(GENERATE_RTF, YES)],
[DX_ENV_APPEND(GENERATE_RTF, NO)])
# XML file generation:
DX_ARG_ABLE(xml, [generate doxygen XML documentation],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[],
[DX_ENV_APPEND(GENERATE_XML, YES)],
[DX_ENV_APPEND(GENERATE_XML, NO)])
# (Compressed) HTML help generation:
DX_ARG_ABLE(chm, [generate doxygen compressed HTML help documentation],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[DX_REQUIRE_PROG([DX_HHC], hhc)],
[DX_ENV_APPEND(HHC_PATH, $DX_HHC)
DX_ENV_APPEND(GENERATE_HTML, YES)
DX_ENV_APPEND(GENERATE_HTMLHELP, YES)],
[DX_ENV_APPEND(GENERATE_HTMLHELP, NO)])
# Seperate CHI file generation.
DX_ARG_ABLE(chi, [generate doxygen seperate compressed HTML help index file],
[DX_CHECK_DEPEND(chm, 1)],
[DX_CLEAR_DEPEND(chm, 1)],
[],
[DX_ENV_APPEND(GENERATE_CHI, YES)],
[DX_ENV_APPEND(GENERATE_CHI, NO)])
# Plain HTML pages generation:
DX_ARG_ABLE(html, [generate doxygen plain HTML documentation],
[DX_CHECK_DEPEND(doc, 1) DX_CHECK_DEPEND(chm, 0)],
[DX_CLEAR_DEPEND(doc, 1) DX_CLEAR_DEPEND(chm, 0)],
[],
[DX_ENV_APPEND(GENERATE_HTML, YES)],
[DX_TEST_FEATURE(chm) || DX_ENV_APPEND(GENERATE_HTML, NO)])
# PostScript file generation:
DX_ARG_ABLE(ps, [generate doxygen PostScript documentation],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[DX_REQUIRE_PROG([DX_LATEX], latex)
DX_REQUIRE_PROG([DX_MAKEINDEX], makeindex)
DX_REQUIRE_PROG([DX_DVIPS], dvips)
DX_REQUIRE_PROG([DX_EGREP], egrep)])
# PDF file generation:
DX_ARG_ABLE(pdf, [generate doxygen PDF documentation],
[DX_CHECK_DEPEND(doc, 1)],
[DX_CLEAR_DEPEND(doc, 1)],
[DX_REQUIRE_PROG([DX_PDFLATEX], pdflatex)
DX_REQUIRE_PROG([DX_MAKEINDEX], makeindex)
DX_REQUIRE_PROG([DX_EGREP], egrep)])
# LaTeX generation for PS and/or PDF:
AM_CONDITIONAL(DX_COND_latex, DX_TEST_FEATURE(ps) || DX_TEST_FEATURE(pdf))
if DX_TEST_FEATURE(ps) || DX_TEST_FEATURE(pdf); then
DX_ENV_APPEND(GENERATE_LATEX, YES)
else
DX_ENV_APPEND(GENERATE_LATEX, NO)
fi
# Paper size for PS and/or PDF:
AC_ARG_VAR(DOXYGEN_PAPER_SIZE,
[a4wide (default), a4, letter, legal or executive])
case "$DOXYGEN_PAPER_SIZE" in
#(
"")
AC_SUBST(DOXYGEN_PAPER_SIZE, "")
;; #(
a4wide|a4|letter|legal|executive)
DX_ENV_APPEND(PAPER_SIZE, $DOXYGEN_PAPER_SIZE)
;; #(
*)
AC_MSG_ERROR([unknown DOXYGEN_PAPER_SIZE='$DOXYGEN_PAPER_SIZE'])
;;
esac
#For debugging:
#echo DX_FLAG_doc=$DX_FLAG_doc
#echo DX_FLAG_dot=$DX_FLAG_dot
#echo DX_FLAG_man=$DX_FLAG_man
#echo DX_FLAG_html=$DX_FLAG_html
#echo DX_FLAG_chm=$DX_FLAG_chm
#echo DX_FLAG_chi=$DX_FLAG_chi
#echo DX_FLAG_rtf=$DX_FLAG_rtf
#echo DX_FLAG_xml=$DX_FLAG_xml
#echo DX_FLAG_pdf=$DX_FLAG_pdf
#echo DX_FLAG_ps=$DX_FLAG_ps
#echo DX_ENV=$DX_ENV
])

236
build/ax_valgrind_check.m4 Normal file
View File

@ -0,0 +1,236 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_valgrind_check.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_VALGRIND_DFLT(memcheck|helgrind|drd|sgcheck, on|off)
# AX_VALGRIND_CHECK()
#
# DESCRIPTION
#
# AX_VALGRIND_CHECK checks whether Valgrind is present and, if so, allows
# running `make check` under a variety of Valgrind tools to check for
# memory and threading errors.
#
# Defines VALGRIND_CHECK_RULES which should be substituted in your
# Makefile; and $enable_valgrind which can be used in subsequent configure
# output. VALGRIND_ENABLED is defined and substituted, and corresponds to
# the value of the --enable-valgrind option, which defaults to being
# enabled if Valgrind is installed and disabled otherwise. Individual
# Valgrind tools can be disabled via --disable-valgrind-<tool>, the
# default is configurable via the AX_VALGRIND_DFLT command or is to use
# all commands not disabled via AX_VALGRIND_DFLT. All AX_VALGRIND_DFLT
# calls must be made before the call to AX_VALGRIND_CHECK.
#
# If unit tests are written using a shell script and automake's
# LOG_COMPILER system, the $(VALGRIND) variable can be used within the
# shell scripts to enable Valgrind, as described here:
#
# https://www.gnu.org/software/gnulib/manual/html_node/Running-self_002dtests-under-valgrind.html
#
# Usage example:
#
# configure.ac:
#
# AX_VALGRIND_DFLT([sgcheck], [off])
# AX_VALGRIND_CHECK
#
# Makefile.am:
#
# @VALGRIND_CHECK_RULES@
# VALGRIND_SUPPRESSIONS_FILES = my-project.supp
# EXTRA_DIST = my-project.supp
#
# This results in a "check-valgrind" rule being added to any Makefile.am
# which includes "@VALGRIND_CHECK_RULES@" (assuming the module has been
# configured with --enable-valgrind). Running `make check-valgrind` in
# that directory will run the module's test suite (`make check`) once for
# each of the available Valgrind tools (out of memcheck, helgrind and drd)
# while the sgcheck will be skipped unless enabled again on the
# commandline with --enable-valgrind-sgcheck. The results for each check
# will be output to test-suite-$toolname.log. The target will succeed if
# there are zero errors and fail otherwise.
#
# Alternatively, a "check-valgrind-$TOOL" rule will be added, for $TOOL in
# memcheck, helgrind, drd and sgcheck. These are useful because often only
# some of those tools can be ran cleanly on a codebase.
#
# The macro supports running with and without libtool.
#
# LICENSE
#
# Copyright (c) 2014, 2015, 2016 Philip Withnall <philip.withnall@collabora.co.uk>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 13
dnl Configured tools
m4_define([valgrind_tool_list], [[memcheck], [helgrind], [drd], [sgcheck]])
m4_set_add_all([valgrind_exp_tool_set], [sgcheck])
m4_foreach([vgtool], [valgrind_tool_list],
[m4_define([en_dflt_valgrind_]vgtool, [on])])
AC_DEFUN([AX_VALGRIND_DFLT],[
m4_define([en_dflt_valgrind_$1], [$2])
])dnl
AC_DEFUN([AX_VALGRIND_CHECK],[
dnl Check for --enable-valgrind
AC_ARG_ENABLE([valgrind],
[AS_HELP_STRING([--enable-valgrind], [Whether to enable Valgrind on the unit tests])],
[enable_valgrind=$enableval],[enable_valgrind=])
AS_IF([test "$enable_valgrind" != "no"],[
# Check for Valgrind.
AC_CHECK_PROG([VALGRIND],[valgrind],[valgrind])
AS_IF([test "$VALGRIND" = ""],[
AS_IF([test "$enable_valgrind" = "yes"],[
AC_MSG_ERROR([Could not find valgrind; either install it or reconfigure with --disable-valgrind])
],[
enable_valgrind=no
])
],[
enable_valgrind=yes
])
])
AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"])
AC_SUBST([VALGRIND_ENABLED],[$enable_valgrind])
# Check for Valgrind tools we care about.
[valgrind_enabled_tools=]
m4_foreach([vgtool],[valgrind_tool_list],[
AC_ARG_ENABLE([valgrind-]vgtool,
m4_if(m4_defn([en_dflt_valgrind_]vgtool),[off],dnl
[AS_HELP_STRING([--enable-valgrind-]vgtool, [Whether to use ]vgtool[ during the Valgrind tests])],dnl
[AS_HELP_STRING([--disable-valgrind-]vgtool, [Whether to skip ]vgtool[ during the Valgrind tests])]),
[enable_valgrind_]vgtool[=$enableval],
[enable_valgrind_]vgtool[=])
AS_IF([test "$enable_valgrind" = "no"],[
enable_valgrind_]vgtool[=no],
[test "$enable_valgrind_]vgtool[" ]dnl
m4_if(m4_defn([en_dflt_valgrind_]vgtool), [off], [= "yes"], [!= "no"]),[
AC_CACHE_CHECK([for Valgrind tool ]vgtool,
[ax_cv_valgrind_tool_]vgtool,[
ax_cv_valgrind_tool_]vgtool[=no
m4_set_contains([valgrind_exp_tool_set],vgtool,
[m4_define([vgtoolx],[exp-]vgtool)],
[m4_define([vgtoolx],vgtool)])
AS_IF([`$VALGRIND --tool=]vgtoolx[ --help >/dev/null 2>&1`],[
ax_cv_valgrind_tool_]vgtool[=yes
])
])
AS_IF([test "$ax_cv_valgrind_tool_]vgtool[" = "no"],[
AS_IF([test "$enable_valgrind_]vgtool[" = "yes"],[
AC_MSG_ERROR([Valgrind does not support ]vgtool[; reconfigure with --disable-valgrind-]vgtool)
],[
enable_valgrind_]vgtool[=no
])
],[
enable_valgrind_]vgtool[=yes
])
])
AS_IF([test "$enable_valgrind_]vgtool[" = "yes"],[
valgrind_enabled_tools="$valgrind_enabled_tools ]m4_bpatsubst(vgtool,[^exp-])["
])
AC_SUBST([ENABLE_VALGRIND_]vgtool,[$enable_valgrind_]vgtool)
])
AC_SUBST([valgrind_tools],["]m4_join([ ], valgrind_tool_list)["])
AC_SUBST([valgrind_enabled_tools],[$valgrind_enabled_tools])
[VALGRIND_CHECK_RULES='
# Valgrind check
#
# Optional:
# - VALGRIND_SUPPRESSIONS_FILES: Space-separated list of Valgrind suppressions
# files to load. (Default: empty)
# - VALGRIND_FLAGS: General flags to pass to all Valgrind tools.
# (Default: --num-callers=30)
# - VALGRIND_$toolname_FLAGS: Flags to pass to Valgrind $toolname (one of:
# memcheck, helgrind, drd, sgcheck). (Default: various)
# Optional variables
VALGRIND_SUPPRESSIONS ?= $(addprefix --suppressions=,$(VALGRIND_SUPPRESSIONS_FILES))
VALGRIND_FLAGS ?= --num-callers=30
VALGRIND_memcheck_FLAGS ?= --leak-check=full --show-reachable=no
VALGRIND_helgrind_FLAGS ?= --history-level=approx
VALGRIND_drd_FLAGS ?=
VALGRIND_sgcheck_FLAGS ?=
# Internal use
valgrind_log_files = $(addprefix test-suite-,$(addsuffix .log,$(valgrind_tools)))
valgrind_memcheck_flags = --tool=memcheck $(VALGRIND_memcheck_FLAGS)
valgrind_helgrind_flags = --tool=helgrind $(VALGRIND_helgrind_FLAGS)
valgrind_drd_flags = --tool=drd $(VALGRIND_drd_FLAGS)
valgrind_sgcheck_flags = --tool=exp-sgcheck $(VALGRIND_sgcheck_FLAGS)
valgrind_quiet = $(valgrind_quiet_$(V))
valgrind_quiet_ = $(valgrind_quiet_$(AM_DEFAULT_VERBOSITY))
valgrind_quiet_0 = --quiet
valgrind_v_use = $(valgrind_v_use_$(V))
valgrind_v_use_ = $(valgrind_v_use_$(AM_DEFAULT_VERBOSITY))
valgrind_v_use_0 = @echo " USE " $(patsubst check-valgrind-%,%,$''@):;
# Support running with and without libtool.
ifneq ($(LIBTOOL),)
valgrind_lt = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=execute
else
valgrind_lt =
endif
# Use recursive makes in order to ignore errors during check
check-valgrind:
ifeq ($(VALGRIND_ENABLED),yes)
-$(A''M_V_at)$(foreach tool,$(valgrind_enabled_tools), \
$(MAKE) $(AM_MAKEFLAGS) -k check-valgrind-$(tool); \
)
else
@echo "Need to reconfigure with --enable-valgrind"
endif
# Valgrind running
VALGRIND_TESTS_ENVIRONMENT = \
$(TESTS_ENVIRONMENT) \
env VALGRIND=$(VALGRIND) \
G_SLICE=always-malloc,debug-blocks \
G_DEBUG=fatal-warnings,fatal-criticals,gc-friendly
VALGRIND_LOG_COMPILER = test/test-suite.sh $(VALGRIND_SUPPRESSIONS) $(VALGRIND_FLAGS)
# $(valgrind_lt) \
# $(VALGRIND) $(VALGRIND_SUPPRESSIONS) --error-exitcode=1 $(VALGRIND_FLAGS)
define valgrind_tool_rule =
check-valgrind-$(1):
ifeq ($$(VALGRIND_ENABLED)-$$(ENABLE_VALGRIND_$(1)),yes-yes)
$$(valgrind_v_use)$$(MAKE) check-TESTS \
TESTS_ENVIRONMENT="$$(VALGRIND_TESTS_ENVIRONMENT)" \
LOG_COMPILER="$$(VALGRIND_LOG_COMPILER)" \
LOG_FLAGS="$$(valgrind_$(1)_flags)" \
TEST_SUITE_LOG=test-suite-$(1).log
else ifeq ($$(VALGRIND_ENABLED),yes)
@echo "Need to reconfigure with --enable-valgrind-$(1)"
else
@echo "Need to reconfigure with --enable-valgrind"
endif
endef
$(foreach tool,$(valgrind_tools),$(eval $(call valgrind_tool_rule,$(tool))))
A''M_DISTCHECK_CONFIGURE_FLAGS ?=
A''M_DISTCHECK_CONFIGURE_FLAGS += --disable-valgrind
MOSTLYCLEANFILES ?=
MOSTLYCLEANFILES += $(valgrind_log_files)
.PHONY: check-valgrind $(add-prefix check-valgrind-,$(valgrind_tools))
']
AC_SUBST([VALGRIND_CHECK_RULES])
m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([VALGRIND_CHECK_RULES])])
])

131
build/curl.m4 Normal file
View File

@ -0,0 +1,131 @@
dnl Check for CURL Libraries
dnl CHECK_CURL(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl CURL_CFLAGS
dnl CURL_LIBS
CURL_CONFIG=""
CURL_VERSION=""
CURL_CPPFLAGS=""
CURL_CFLAGS=""
CURL_LDFLAGS=""
CURL_LDADD=""
CURL_MIN_VERSION="7.15.1"
AC_DEFUN([CHECK_CURL], [
AC_ARG_WITH(
curl,
[AS_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
[test_paths="${with_curl}"],
[test_paths="/usr/local/libcurl /usr/local/curl /usr/local /opt/libcurl /opt/curl /opt /usr"])
AC_MSG_CHECKING([for libcurl config script])
for x in ${test_paths}; do
dnl # Determine if the script was specified and use it directly
if test ! -d "$x" -a -e "$x"; then
CURL_CONFIG=$x
curl_path="no"
break
fi
dnl # Try known config script names/locations
for CURL_CONFIG in curl-config; do
if test -e "${x}/bin/${CURL_CONFIG}"; then
curl_path="${x}/bin"
break
elif test -e "${x}/${CURL_CONFIG}"; then
curl_path="${x}"
break
else
curl_path=""
fi
done
if test -n "$curl_path"; then
break
fi
done
if test -n "${curl_path}"; then
if test "${curl_path}" != "no"; then
CURL_CONFIG="${curl_path}/${CURL_CONFIG}"
fi
AC_MSG_RESULT([${CURL_CONFIG}])
CURL_VERSION=`${CURL_CONFIG} --version | sed 's/^[[^0-9]][[^[:space:]]][[^[:space:]]]*[[[:space:]]]*//' | tr '\r\n' ' '`
if test ! -z "${CURL_VERSION}"; then AC_MSG_NOTICE(curl VERSION: $CURL_VERSION); fi
CURL_CFLAGS="`${CURL_CONFIG} --cflags`"
if test ! -z "${CURL_CFLAGS}"; then AC_MSG_NOTICE(curl CFLAGS: $CURL_CFLAGS); fi
CURL_LDADD="`${CURL_CONFIG} --libs`"
if test ! -z "${CURL_CONFIG}"; then AC_MSG_NOTICE(curl LDADD: $CURL_LIBS); fi
dnl # Check version is ok
AC_MSG_CHECKING([if libcurl is at least v${CURL_MIN_VERSION}])
curl_min_ver=`echo ${CURL_MIN_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
curl_ver=`echo ${CURL_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
if test "$curl_min_ver" -le "$curl_ver"; then
AC_MSG_RESULT([yes, $CURL_VERSION])
curl_tlsv2_ver=`echo 7.34.0 | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
if test "$curl_tlsv2_ver" -le "$curl_ver"; then
CURL_CFLAGS="${CURL_CFLAGS} -DWITH_CURL_SSLVERSION_TLSv1_2"
fi
CURL_CFLAGS="${CURL_CFLAGS} -DWITH_CURL"
else
AC_MSG_RESULT([no, $CURL_VERSION])
AC_MSG_NOTICE([NOTE: curl library may be too old])
fi
dnl # Check/warn if GnuTLS is used
AC_MSG_CHECKING([if libcurl is linked with gnutls])
curl_uses_gnutls=`echo ${CURL_LIBS} | grep gnutls | wc -l`
if test "$curl_uses_gnutls" -ne 0; then
AC_MSG_RESULT([yes])
AC_MSG_NOTICE([NOTE: curl linked with gnutls may be buggy, openssl recommended])
CURL_USES_GNUTLS=yes
else
AC_MSG_RESULT([no])
CURL_USES_GNUTLS=no
fi
else
AC_MSG_RESULT([no])
fi
AC_SUBST(CURL_CONFIG)
AC_SUBST(CURL_VERSION)
AC_SUBST(CURL_CPPFLAGS)
AC_SUBST(CURL_CFLAGS)
AC_SUBST(CURL_LDFLAGS)
AC_SUBST(CURL_LDADD)
AC_SUBST(CURL_USES_GNUTLS)
if test "x${with_curl}" == "xno"; then
CURL_DISABLED=yes
else
if test "x${with_curl}" != "x"; then
CURL_MANDATORY=yes
fi
fi
if test -z "${CURL_VERSION}"; then
AC_MSG_NOTICE([*** curl library not found.])
if test -z "${CURL_MANDATORY}"; then
if test -z "${CURL_DISABLED}"; then
CURL_FOUND=0
else
CURL_FOUND=2
fi
else
AC_MSG_ERROR([Curl was explicitly referenced but it was not found])
CURL_FOUND=-1
fi
else
CURL_FOUND=1
AC_MSG_NOTICE([using curl v${CURL_VERSION}])
CURL_DISPLAY="${CURL_LDADD}, ${CURL_CFLAGS}"
fi
AC_SUBST(CURL_FOUND)
AC_SUBST(CURL_DISPLAY)
])

186
build/libgeoip.m4 Normal file
View File

@ -0,0 +1,186 @@
dnl Check for GEOIP Libraries
dnl CHECK_GEOIP(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl GEOIP_CFLAGS
dnl GEOIP_LDADD
dnl GEOIP_LDFLAGS
dnl GEOIP_LIBS
dnl GEOIP_VERSION
AC_DEFUN([PROG_GEOIP], [
# Possible names for the geoip library/package (pkg-config)
GEOIP_POSSIBLE_LIB_NAMES="geoip2 geoip GeoIP"
# Possible extensions for the library
GEOIP_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
GEOIP_POSSIBLE_PATHS="/usr/local/libgeoip /usr/local/geoip /usr/local /opt/libgeoip /opt/geoip /opt /usr /opt/local/include /opt/local /usr/lib /usr/local/lib /usr/lib64 /usr"
# Variables to be set by this very own script.
GEOIP_VERSION=""
GEOIP_CFLAGS=""
GEOIP_CPPFLAGS=""
GEOIP_LDADD=""
GEOIP_LDFLAGS=""
AC_ARG_WITH(
geoip,
AS_HELP_STRING(
[--with-geoip=PATH],
[Path to GeoIP (including headers). Use 'no' to disable GeoIP support.]
)
)
# AS_HELP_STRING(
# [--without-geoip],
# [Complete dsiables GeoIP support]
# )
if test "x${with_geoip}" == "xno"; then
AC_DEFINE(HAVE_GEOIP, 0, [Support for GeoIP was disabled by the utilization of --without-geoip or --with-geoip=no])
AC_MSG_NOTICE([Support for GeoIP was disabled by the utilization of --without-geoip or --with-geoip=no])
GEOIP_DISABLED=yes
else
if test "x${with_geoip}" == "xyes"; then
GEOIP_MANDATORY=yes
AC_MSG_NOTICE([GeoIP support was marked as mandatory by the utilization of --with-geoip=yes])
fi
# for x in ${GEOIP_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_GEOIP_AT(${x})
# if test -n "${GEOIP_VERSION}"; then
# break
# fi
# done
# if test "x${with_geoip}" != "xyes" or test "x${with_geoip}" == "xyes"; then
if test "x${with_geoip}" == "x" || test "x${with_geoip}" == "xyes"; then
# Nothing about GeoIP was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
GEOIP_PKG_NAME=""
for x in ${GEOIP_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
GEOIP_PKG_NAME="$x"
break
fi
done
fi
AC_MSG_NOTICE([Nothing about GeoIP was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${GEOIP_PKG_NAME}"; then
# Package was found using the pkg-config scripts
GEOIP_VERSION="`${PKG_CONFIG} ${GEOIP_PKG_NAME} --modversion`"
GEOIP_CFLAGS="`${PKG_CONFIG} ${GEOIP_PKG_NAME} --cflags`"
GEOIP_LDADD="`${PKG_CONFIG} ${GEOIP_PKG_NAME} --libs-only-l`"
GEOIP_LDFLAGS="`${PKG_CONFIG} ${GEOIP_PKG_NAME} --libs-only-L --libs-only-other`"
GEOIP_DISPLAY="${GEOIP_LDADD}, ${GEOIP_CFLAGS}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${GEOIP_POSSIBLE_PATHS}; do
CHECK_FOR_GEOIP_AT(${x})
if test -n "${GEOIP_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_geoip}" != "x"; then
# An specific path was informed, lets check.
GEOIP_MANDATORY=yes
CHECK_FOR_GEOIP_AT(${with_geoip})
fi
# fi
fi
if test -z "${GEOIP_CFLAGS}"; then
if test -z "${GEOIP_MANDATORY}"; then
if test -z "${GEOIP_DISABLED}"; then
AC_MSG_NOTICE([GeoIP library was not found])
GEOIP_FOUND=0
else
GEOIP_FOUND=2
fi
else
AC_MSG_ERROR([GeoIP was explicit requested but it was not found])
GEOIP_FOUND=-1
fi
else
GEOIP_FOUND=1
AC_MSG_NOTICE([using GeoIP v${GEOIP_VERSION}])
GEOIP_CFLAGS="-DWITH_GEOIP ${GEOIP_CFLAGS}"
AC_SUBST(GEOIP_VERSION)
AC_SUBST(GEOIP_LDADD)
AC_SUBST(GEOIP_LIBS)
AC_SUBST(GEOIP_LDFLAGS)
AC_SUBST(GEOIP_CFLAGS)
AC_SUBST(GEOIP_DISPLAY)
fi
AC_SUBST(GEOIP_FOUND)
]) # AC_DEFUN [PROG_GEOIP]
AC_DEFUN([CHECK_FOR_GEOIP_AT], [
path=$1
for y in ${GEOIP_POSSIBLE_EXTENSIONS}; do
for z in ${GEOIP_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
geoip_lib_path="${path}/"
geoip_lib_name="${z}"
geoip_lib_file="${geoip_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
geoip_lib_path="${path}/"
geoip_lib_name="${z}"
geoip_lib_file="${geoip_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
geoip_lib_path="${path}/lib/"
geoip_lib_name="${z}"
geoip_lib_file="${geoip_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib64/lib${z}.${y}"; then
geoip_lib_path="${path}/lib64/"
geoip_lib_name="${z}"
geoip_lib_file="${geoip_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
geoip_lib_path="${path}/lib/x86_64-linux-gnu/"
geoip_lib_name="${z}"
geoip_lib_file="${geoip_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$geoip_lib_path"; then
break
fi
done
if test -e "${path}/include/GeoIPCity.h"; then
geoip_inc_path="${path}/include"
elif test -e "${path}/GeoIPCity.h"; then
geoip_inc_path="${path}"
fi
if test -n "${geoip_inc_path}" -a -n "${geoip_lib_path}"; then
AC_MSG_NOTICE([GeoIP headers found at: ${geoip_inc_path}])
AC_MSG_NOTICE([GeoIP library found at: ${geoip_lib_file}])
fi
if test -n "${geoip_lib_path}" -a -n "${geoip_inc_path}"; then
# TODO: Compile a piece of code to check the version.
GEOIP_CFLAGS="-I${geoip_inc_path}"
GEOIP_LDADD="-l${geoip_lib_name}"
GEOIP_LDFLAGS="-L${geoip_lib_path}"
GEOIP_DISPLAY="${geoip_lib_file}, ${geoip_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_GEOIP_AT]

187
build/libmaxmind.m4 Normal file
View File

@ -0,0 +1,187 @@
dnl Check for MAXMIND Libraries
dnl CHECK_MAXMIND(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl MAXMIND_CFLAGS
dnl MAXMIND_LDADD
dnl MAXMIND_LDFLAGS
dnl MAXMIND_LIBS
dnl MAXMIND_VERSION
AC_DEFUN([PROG_MAXMIND], [
# Possible names for the maxmind library/package (pkg-config)
MAXMIND_POSSIBLE_LIB_NAMES="maxminddb maxmind"
# Possible extensions for the library
MAXMIND_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
MAXMIND_POSSIBLE_PATHS="/usr/local/libmaxmind /usr/local/maxmind /usr/local /opt/libmaxmind /opt/maxmind /opt /usr /opt/local/include /opt/local /usr/lib /usr/local/lib /usr/lib64 /usr /usr/include/x86_64-linux-gnu/"
# Variables to be set by this very own script.
MAXMIND_VERSION=""
MAXMIND_CFLAGS=""
MAXMIND_CPPFLAGS=""
MAXMIND_LDADD=""
MAXMIND_LDFLAGS=""
AC_ARG_WITH(
maxmind,
AS_HELP_STRING(
[--with-maxmind=PATH],
[Path to MaxMind (including headers). Use 'no' to disable MaxMind support.]
)
)
# AS_HELP_STRING(
# [--without-maxmind],
# [Complete dsiables MaxMind support]
# )
if test "x${with_maxmind}" == "xno"; then
AC_DEFINE(HAVE_MAXMIND, 0, [Support for MaxMind was disabled by the utilization of --without-maxmind or --with-maxmind=no])
AC_MSG_NOTICE([Support for MaxMind was disabled by the utilization of --without-maxmind or --with-maxmind=no])
MAXMIND_DISABLED=yes
else
if test "x${with_maxmind}" == "xyes"; then
MAXMIND_MANDATORY=yes
AC_MSG_NOTICE([MaxMind support was marked as mandatory by the utilization of --with-maxmind=yes])
fi
# for x in ${MAXMIND_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_MAXMIND_AT(${x})
# if test -n "${MAXMIND_VERSION}"; then
# break
# fi
# done
# if test "x${with_maxmind}" != "xyes" or test "x${with_maxmind}" == "xyes"; then
if test "x${with_maxmind}" == "x" || test "x${with_maxmind}" == "xyes"; then
# Nothing about MaxMind was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
MAXMIND_PKG_NAME=""
if ${PKG_CONFIG} --exists libmaxminddb; then
MAXMIND_PKG_NAME="libmaxminddb"
break
fi
fi
AC_MSG_NOTICE([Nothing about MaxMind was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${MAXMIND_PKG_NAME}"; then
# Package was found using the pkg-config scripts
MAXMIND_VERSION="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --modversion`"
MAXMIND_CFLAGS="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --cflags`"
MAXMIND_LDADD="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --libs-only-l`"
MAXMIND_LDFLAGS="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --libs-only-L --libs-only-other`"
MAXMIND_DISPLAY="${MAXMIND_LDADD}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${MAXMIND_POSSIBLE_PATHS}; do
CHECK_FOR_MAXMIND_AT(${x})
if test -n "${MAXMIND_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_maxmind}" != "x"; then
# An specific path was informed, lets check.
MAXMIND_MANDATORY=yes
CHECK_FOR_MAXMIND_AT(${with_maxmind})
fi
# fi
fi
if test -z "${MAXMIND_DISPLAY}"; then
if test -z "${MAXMIND_MANDATORY}"; then
if test -z "${MAXMIND_DISABLED}"; then
AC_MSG_NOTICE([MaxMind library was not found])
MAXMIND_FOUND=0
else
MAXMIND_FOUND=2
fi
else
AC_MSG_ERROR([MaxMind was explicit requested but it was not found])
MAXMIND_FOUND=-1
fi
else
MAXMIND_FOUND=1
AC_MSG_NOTICE([using MaxMind v${MAXMIND_VERSION}])
MAXMIND_CFLAGS="-DWITH_MAXMIND ${MAXMIND_CFLAGS}"
if ! test "x$MAXMIND_CFLAGS" = "x"; then
MAXMIND_DISPLAY="${MAXMIND_DISPLAY}, ${MAXMIND_CFLAGS}"
fi
AC_SUBST(MAXMIND_VERSION)
AC_SUBST(MAXMIND_LDADD)
AC_SUBST(MAXMIND_LIBS)
AC_SUBST(MAXMIND_LDFLAGS)
AC_SUBST(MAXMIND_CFLAGS)
AC_SUBST(MAXMIND_DISPLAY)
fi
AC_SUBST(MAXMIND_FOUND)
]) # AC_DEFUN [PROG_MAXMIND]
AC_DEFUN([CHECK_FOR_MAXMIND_AT], [
path=$1
for y in ${MAXMIND_POSSIBLE_EXTENSIONS}; do
for z in ${MAXMIND_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
maxmind_lib_path="${path}/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
maxmind_lib_path="${path}/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
maxmind_lib_path="${path}/lib/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib64/lib${z}.${y}"; then
maxmind_lib_path="${path}/lib64/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
maxmind_lib_path="${path}/lib/x86_64-linux-gnu/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$maxmind_lib_path"; then
break
fi
done
if test -e "${path}/include/maxminddb.h"; then
maxmind_inc_path="${path}/include"
elif test -e "${path}/maxminddb.h"; then
maxmind_inc_path="${path}"
fi
if test -n "${maxmind_inc_path}" -a -n "${maxmind_lib_path}"; then
AC_MSG_NOTICE([MaxMind headers found at: ${maxmind_inc_path}])
AC_MSG_NOTICE([MaxMind library found at: ${maxmind_lib_file}])
fi
if test -n "${maxmind_lib_path}" -a -n "${maxmind_inc_path}"; then
# TODO: Compile a piece of code to check the version.
MAXMIND_CFLAGS="-I${maxmind_inc_path}"
MAXMIND_LDADD="-l${maxmind_lib_name}"
MAXMIND_LDFLAGS="-L${maxmind_lib_path}"
MAXMIND_DISPLAY="${maxmind_lib_file}, ${maxmind_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_MAXMIND_AT]

135
build/libxml.m4 Normal file
View File

@ -0,0 +1,135 @@
dnl Check for LIBXML2 Libraries
dnl CHECK_LIBXML2(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl LIBXML2_CFLAGS
dnl LIBXML2_LIBS
AC_DEFUN([CHECK_XML2CONFIG], [
AC_MSG_CHECKING([for libxml2 config script])
for x in ${test_paths}; do
dnl # Determine if the script was specified and use it directly
if test ! -d "$x" -a -e "$x"; then
LIBXML2_CONFIG=$x
libxml2_path="no"
break
fi
dnl # Try known config script names/locations
for LIBXML2_CONFIG in xml2-config xml-2-config xml-config; do
if test -e "${x}/bin/${LIBXML2_CONFIG}"; then
libxml2_path="${x}/bin"
break
elif test -e "${x}/${LIBXML2_CONFIG}"; then
libxml2_path="${x}"
break
else
libxml2_path=""
fi
done
if test -n "$libxml2_path"; then
break
fi
done
if test -n "${libxml2_path}"; then
if test "${libxml2_path}" != "no"; then
LIBXML2_CONFIG="${libxml2_path}/${LIBXML2_CONFIG}"
fi
AC_MSG_RESULT([${LIBXML2_CONFIG}])
LIBXML2_VERSION=`${LIBXML2_CONFIG} --version | sed 's/^[[^0-9]][[^[:space:]]][[^[:space:]]]*[[[:space:]]]*//'`
if test ! -z "${LIBXML2_VERSION}"; then AC_MSG_NOTICE(xml VERSION: $LIBXML2_VERSION); fi
LIBXML2_CFLAGS="`${LIBXML2_CONFIG} --cflags` -DWITH_LIBXML2"
if test ! -z "${LIBXML2_CFLAGS}"; then AC_MSG_NOTICE(xml CFLAGS: $LIBXML2_CFLAGS); fi
LIBXML2_LDADD="`${LIBXML2_CONFIG} --libs`"
if test ! -z "${LIBXML2_LDADD}"; then AC_MSG_NOTICE(xml LDADD: $LIBXML2_LDADD); fi
AC_MSG_CHECKING([if libxml2 is at least v${LIBXML2_MIN_VERSION}])
libxml2_min_ver=`echo ${LIBXML2_MIN_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
libxml2_ver=`echo ${LIBXML2_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
if test "$libxml2_ver" -ge "$libxml2_min_ver"; then
AC_MSG_RESULT([yes, $LIBXML2_VERSION])
else
AC_MSG_RESULT([no, $LIBXML2_VERSION])
AC_MSG_ERROR([NOTE: libxml2 library must be at least ${LIBXML2_MIN_VERSION}])
fi
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_LIBXML2], [
AC_ARG_WITH(
libxml,
[AS_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
[test_paths="${with_libxml}"],
[test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
LIBXML2_MIN_VERSION="2.6.29"
LIBXML2_PKG_NAME="libxml-2.0"
LIBXML2_CONFIG=""
LIBXML2_VERSION=""
LIBXML2_CFLAGS=""
LIBXML2_CPPFLAGS=""
LIBXML2_LDADD=""
LIBXML2_LDFLAGS=""
if test "x${with_libxml}" != "xno"; then
if test -n "${PKG_CONFIG}"; then
AC_MSG_CHECKING([for libxml2 >= ${LIBXML2_MIN_VERSION} via pkg-config])
if `${PKG_CONFIG} --exists "${LIBXML2_PKG_NAME} >= ${LIBXML2_MIN_VERSION}"`; then
LIBXML2_VERSION="`${PKG_CONFIG} --modversion ${LIBXML2_PKG_NAME}`"
LIBXML2_CFLAGS="`${PKG_CONFIG} --cflags ${LIBXML2_PKG_NAME}` -DWITH_LIBXML2"
LIBXML2_LDADD="`${PKG_CONFIG} --libs-only-l ${LIBXML2_PKG_NAME}`"
LIBXML2_LDFLAGS="`${PKG_CONFIG} --libs-only-L --libs-only-other ${LIBXML2_PKG_NAME}`"
AC_MSG_RESULT([found version ${LIBXML2_VERSION}])
else
AC_MSG_RESULT([not found])
fi
fi
if test -z "${LIBXML2_VERSION}"; then
CHECK_XML2CONFIG
fi
fi
AC_SUBST(LIBXML2_CONFIG)
AC_SUBST(LIBXML2_VERSION)
AC_SUBST(LIBXML2_CFLAGS)
AC_SUBST(LIBXML2_CPPFLAGS)
AC_SUBST(LIBXML2_LDADD)
AC_SUBST(LIBXML2_LDFLAGS)
if test "x${with_libxml}" == "xno"; then
LIBXML2_DISABLED=yes
else
if test "x${with_libxml}" != "x"; then
LIBXML2_MANDATORY=yes
fi
fi
if test -z "${LIBXML2_VERSION}"; then
AC_MSG_NOTICE([*** libxml2 library not found.])
if test -z "${LIBXML2_MANDATORY}"; then
if test -z "${LIBXML2_DISABLED}"; then
LIBXML2_FOUND=0
else
LIBXML2_FOUND=2
fi
else
AC_MSG_ERROR([Libxml2 was explicitly referenced but it was not found])
LIBXML2_FOUND=-1
fi
else
LIBXML2_FOUND=1
AC_MSG_NOTICE([using libxml2 v${LIBXML2_VERSION}])
LIBXML2_DISPLAY="${LIBXML2_LDADD}, ${LIBXML2_CFLAGS}"
fi
AC_SUBST(LIBXML2_FOUND)
AC_SUBST(LIBXML2_DISPLAY)
])

180
build/lmdb.m4 Normal file
View File

@ -0,0 +1,180 @@
dnl Check for LMDB Libraries
dnl CHECK_LMDB(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_LMDB], [
# Possible names for the lmdb library/package (pkg-config)
LMDB_POSSIBLE_LIB_NAMES="lmdb"
# Possible extensions for the library
LMDB_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
LMDB_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/liblmdb /usr/local/lmdb /usr/local /opt/liblmdb /opt/lmdb /opt /usr /usr/lib64 /opt/local"
# Variables to be set by this very own script.
LMDB_VERSION=""
LMDB_CFLAGS=""
LMDB_CPPFLAGS=""
LMDB_LDADD=""
LMDB_LDFLAGS=""
AC_ARG_WITH(
lmdb,
[AS_HELP_STRING([--with-lmdb=PATH],[Path to lmdb prefix or config script])]
)
if test "x${with_lmdb}" == "xno"; then
AC_DEFINE(HAVE_LMDB, 0, [Support for LMDB was disabled by the utilization of --without-lmdb or --with-lmdb=no])
AC_MSG_NOTICE([Support for LMDB was disabled by the utilization of --without-lmdb or --with-lmdb=no])
LMDB_DISABLED=yes
else
if test "x${with_lmdb}" == "xyes"; then
LMDB_MANDATORY=yes
AC_MSG_NOTICE([LMDB support was marked as mandatory by the utilization of --with-lmdb=yes])
fi
# for x in ${LMDB_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_LMDB_AT(${x})
# if test -n "${LMDB_VERSION}"; then
# break
# fi
# done
# if test "x${with_lmdb}" != "xyes" or test "x${with_lmdb}" == "xyes"; then
if test "x${with_lmdb}" == "x" || test "x${with_lmdb}" == "xyes"; then
# Nothing about LMDB was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
LMDB_PKG_NAME=""
for x in ${LMDB_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
LMDB_PKG_NAME="$x"
break
fi
done
fi
AC_MSG_NOTICE([Nothing about LMDB was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${LMDB_PKG_NAME}"; then
# Package was found using the pkg-config scripts
LMDB_VERSION="`${PKG_CONFIG} ${LMDB_PKG_NAME} --modversion`"
LMDB_CFLAGS="`${PKG_CONFIG} ${LMDB_PKG_NAME} --cflags`"
LMDB_LDADD="`${PKG_CONFIG} ${LMDB_PKG_NAME} --libs-only-l`"
LMDB_LDFLAGS="`${PKG_CONFIG} ${LMDB_PKG_NAME} --libs-only-L --libs-only-other`"
LMDB_DISPLAY="${LMDB_LDADD}, ${LMDB_CFLAGS}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${LMDB_POSSIBLE_PATHS}; do
CHECK_FOR_LMDB_AT(${x})
if test -n "${LMDB_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_lmdb}" != "x"; then
# An specific path was informed, lets check.
LMDB_MANDATORY=yes
CHECK_FOR_LMDB_AT(${with_lmdb})
fi
# fi
fi
if test -z "${LMDB_LDADD}"; then
if test -z "${LMDB_MANDATORY}"; then
if test -z "${LMDB_DISABLED}"; then
AC_MSG_NOTICE([LMDB library was not found])
LMDB_FOUND=0
else
LMDB_FOUND=2
fi
else
AC_MSG_ERROR([LMDB was explicitly referenced but it was not found])
LMDB_FOUND=-1
fi
else
if test -z "${LMDB_MANDATORY}"; then
LMDB_FOUND=2
AC_MSG_NOTICE([LMDB is disabled by default.])
else
LMDB_FOUND=1
AC_MSG_NOTICE([using LMDB v${LMDB_VERSION}])
LMDB_CFLAGS="-DWITH_LMDB ${LMDB_CFLAGS}"
LMDB_DISPLAY="${LMDB_LDADD}, ${LMDB_CFLAGS}"
AC_SUBST(LMDB_VERSION)
AC_SUBST(LMDB_LDADD)
AC_SUBST(LMDB_LIBS)
AC_SUBST(LMDB_LDFLAGS)
AC_SUBST(LMDB_CFLAGS)
AC_SUBST(LMDB_DISPLAY)
fi
fi
AC_SUBST(LMDB_FOUND)
]) # AC_DEFUN [PROG_LMDB]
AC_DEFUN([CHECK_FOR_LMDB_AT], [
path=$1
echo "*** LOOKING AT PATH: " ${path}
for y in ${LMDB_POSSIBLE_EXTENSIONS}; do
for z in ${LMDB_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
lmdb_lib_path="${path}/"
lmdb_lib_name="${z}"
lmdb_lib_file="${lmdb_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
lmdb_lib_path="${path}/"
lmdb_lib_name="${z}"
lmdb_lib_file="${lmdb_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
lmdb_lib_path="${path}/lib/"
lmdb_lib_name="${z}"
lmdb_lib_file="${lmdb_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
lmdb_lib_path="${path}/lib/x86_64-linux-gnu/"
lmdb_lib_name="${z}"
lmdb_lib_file="${lmdb_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
lmdb_lib_path="${path}/lib/i386-linux-gnu/"
lmdb_lib_name="${z}"
lmdb_lib_file="${lmdb_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$lmdb_lib_path"; then
break
fi
done
if test -e "${path}/include/lmdb.h"; then
lmdb_inc_path="${path}/include"
elif test -e "${path}/lmdb.h"; then
lmdb_inc_path="${path}"
elif test -e "${path}/include/lmdb/lmdb.h"; then
lmdb_inc_path="${path}/include"
fi
if test -n "${lmdb_lib_path}"; then
AC_MSG_NOTICE([LMDB library found at: ${lmdb_lib_file}])
fi
if test -n "${lmdb_inc_path}"; then
AC_MSG_NOTICE([LMDB headers found at: ${lmdb_inc_path}])
fi
if test -n "${lmdb_lib_path}" -a -n "${lmdb_inc_path}"; then
# TODO: Compile a piece of code to check the version.
LMDB_CFLAGS="-I${lmdb_inc_path}"
LMDB_LDADD="-l${lmdb_lib_name}"
LMDB_LDFLAGS="-L${lmdb_lib_path}"
LMDB_DISPLAY="${lmdb_lib_file}, ${lmdb_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_LMDB_AT]

248
build/lua.m4 Normal file
View File

@ -0,0 +1,248 @@
dnl Check for LUA Libraries
dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([CHECK_LUA],
[dnl
# Possible names for the lua library/package (pkg-config)
LUA_POSSIBLE_LIB_NAMES="lua54 lua5.4 lua-5.4 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
# Possible extensions for the library
LUA_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local /usr/lib/lua5.3/liblua /usr/lib/lua5.2/liblua"
# Variables to be set by this very own script.
LUA_CFLAGS=""
LUA_LDFLAGS=""
LUA_LDADD=""
LUA_DISPLAY=""
AC_ARG_WITH(
lua,
[AS_HELP_STRING([--with-lua=PATH],[Path to lua prefix])]
)
if test "x${with_lua}" == "xno"; then
AC_DEFINE(HAVE_LUA, 0, [Support for LUA was disabled by the utilization of --without-lua or --with-lua=no])
AC_MSG_NOTICE([Support for LUA was disabled by the utilization of --without-lua or --with-lua=no])
LUA_DISABLED=yes
else
if test "x${with_lua}" == "xyes"; then
LUA_MANDATORY=yes
AC_MSG_NOTICE([LUA support was marked as mandatory by the utilization of --with-lua=yes])
else
LUA_MANDATORY=no
fi
for x in ${LUA_POSSIBLE_PATHS}; do
CHECK_FOR_LUA_AT(${x})
if test -n "${LUA_CFLAGS}"; then
break
fi
done
if test -z "${LUA_CFLAGS}"; then
#Trying to figure out the version using pkg-config...
if test -n "${PKG_CONFIG}"; then
LUA_PKG_NAME=""
for x in ${LUA_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
LUA_PKG_NAME="$x"
LUA_PKG_VERSION="`${PKG_CONFIG} ${LUA_PKG_NAME} --modversion`"
break
fi
done
fi
if test -n "${LUA_PKG_NAME}"; then
# Package was found using the pkg-config scripts
LUA_PKG_VERSION="`${PKG_CONFIG} ${LUA_PKG_NAME} --modversion`"
LUA_CFLAGS="`${PKG_CONFIG} ${LUA_PKG_NAME} --cflags`"
LUA_LDADD="`${PKG_CONFIG} ${LUA_PKG_NAME} --libs-only-l`"
LUA_LDFLAGS="`${PKG_CONFIG} ${LUA_PKG_NAME} --libs-only-L --libs-only-other`"
LUA_DISPLAY="${LUA_LDADD}, ${LUA_CFLAGS}"
case $LUA_PKG_VERSION in
(5.1*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(5.2*) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
(5.3*) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
(5.4*) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
(2.0*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(2.1*) LUA_CFLAGS="-DWITH_LUA_5_1 -DWITH_LUA_JIT_2_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
esac
AC_MSG_NOTICE([LUA pkg-config version: ${LUA_PKG_VERSION}])
fi
fi
fi
if test -z "${LUA_CFLAGS}"; then
if test -z "${LUA_MANDATORY}" || test "x${LUA_MANDATORY}" == "xno"; then
if test -z "${LUA_DISABLED}"; then
AC_MSG_NOTICE([LUA library was not found])
LUA_FOUND=0
else
LUA_FOUND=2
fi
else
AC_MSG_ERROR([LUA was explicitly referenced but it was not found])
LUA_FOUND=-1
fi
else
if test -z "${LUA_MANDATORY}" || test "x${LUA_MANDATORY}" == "xno"; then
LUA_FOUND=1
AC_MSG_NOTICE([using LUA ${LUA_LDADD}])
LUA_CFLAGS="-DWITH_LUA ${LUA_CFLAGS}"
LUA_DISPLAY="${LUA_LDADD} ${LUA_LDFLAGS}, ${LUA_CFLAGS}"
AC_SUBST(LUA_LDFLAGS)
AC_SUBST(LUA_LDADD)
AC_SUBST(LUA_CFLAGS)
AC_SUBST(LUA_DISPLAY)
else
LUA_FOUND=1
AC_MSG_NOTICE([using LUA ${LUA_LDADD}])
LUA_CFLAGS="-DWITH_LUA ${LUA_CFLAGS}"
LUA_DISPLAY="${LUA_LDADD} ${LUA_LDFLAGS}, ${LUA_CFLAGS}"
AC_SUBST(LUA_LDFLAGS)
AC_SUBST(LUA_LDADD)
AC_SUBST(LUA_CFLAGS)
AC_SUBST(LUA_DISPLAY)
fi
fi
AC_SUBST(LUA_FOUND)
]) # AC_DEFUN [CHECK_LUA]
AC_DEFUN([CHECK_FOR_LUA_AT], [
path=$1
echo "*** LOOKING AT PATH: " ${path}
for y in ${LUA_POSSIBLE_EXTENSIONS}; do
for z in ${LUA_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
lua_lib_path="${path}/"
lua_lib_name="${z}"
lua_lib_file="${lua_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
lua_lib_path="${path}/"
lua_lib_name="${z}"
lua_lib_file="${lua_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
lua_lib_path="${path}/lib/"
lua_lib_name="${z}"
lua_lib_file="${lua_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
lua_lib_path="${path}/lib/x86_64-linux-gnu/"
lua_lib_name="${z}"
lua_lib_file="${lua_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
lua_lib_path="${path}/lib/i386-linux-gnu/"
lua_lib_name="${z}"
lua_lib_file="${lua_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$lua_lib_path"; then
break
fi
done
if test -e "${path}/include/lua.h"; then
lua_inc_path="${path}/include"
elif test -e "${path}/lua.h"; then
lua_inc_path="${path}"
elif test -e "${path}/include/lua/lua.h"; then
lua_inc_path="${path}/include/lua"
elif test -e "${path}/include/lua5.4/lua.h"; then
lua_inc_path="${path}/include/lua5.4"
LUA_VERSION=504
elif test -e "${path}/include/lua5.3/lua.h"; then
lua_inc_path="${path}/include/lua5.3"
LUA_VERSION=503
elif test -e "${path}/include/lua5.2/lua.h"; then
lua_inc_path="${path}/include/lua5.2"
LUA_VERSION=502
elif test -e "${path}/include/lua5.1/lua.h"; then
lua_inc_path="${path}/include/lua5.1"
LUA_VERSION=501
elif test -e "${path}/include/luajit-2.0/lua.h"; then
lua_inc_path="${path}/include/luajit-2.0"
LUA_VERSION=501
fi
if test -n "${lua_lib_path}"; then
AC_MSG_NOTICE([LUA library found at: ${lua_lib_file}])
fi
if test -n "${lua_inc_path}"; then
AC_MSG_NOTICE([LUA headers found at: ${lua_inc_path}])
fi
if test -n "${lua_lib_path}" -a -n "${lua_inc_path}"; then
LUA_CFLAGS="-I${lua_inc_path}"
LUA_LDADD="-l${lua_lib_name}"
LUA_LDFLAGS="-L${lua_lib_path}"
LUA_DISPLAY="${lua_lib_file}, ${lua_inc_path}"
# Double checking version from lua.h...
AC_TRY_COMPILE([ #include <lua.h>> ],
[ #if (LUA_VERSION_NUM < 502)
return 0;
#else
#error Lua 5.1 not detected
#endif ],
[ LUA_VERSION=501 ], [ lua_5_1=0 ]
)
AC_TRY_COMPILE([ #include <lua.h> ],
[ #if (LUA_VERSION_NUM == 502)
return 0;
#else
#error Lua 5.2 not detected
#endif ],
[ LUA_VERSION=502 ], [ lua_5_2=0 ]
)
AC_TRY_COMPILE([ #include <lua.h> ],
[ #if (LUA_VERSION_NUM == 504)
return 0;
#else
#error Lua 5.4 not detected
#endif ],
[ LUA_VERSION=504 ], [ lua_5_4=0 ]
)
if test -z "${LUA_VERSION}" ; then
# As a last resort, try to find LUA version from $lua_inc_path
while read -r line
do
case "$line" in
(\#define\ LUA_VERSION_NUM*501*) LUA_VERSION=501 ;;
(\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=502 ;;
(\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503 ;;
(\#define\ LUA_VERSION_NUM*504*) LUA_VERSION=504
esac
done <"${lua_inc_path}/lua.h"
AC_MSG_NOTICE([LUA_VERSION is ${LUA_VERSION} found at: ${lua_inc_path}])
else
AC_MSG_NOTICE([LUA version from includes: ${LUA_VERSION}])
fi
case $LUA_VERSION in
(501) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(502) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
(503) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
(504) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
esac
fi
]) # AC_DEFUN [CHECK_FOR_LUA_AT]

113
build/pcre.m4 Normal file
View File

@ -0,0 +1,113 @@
dnl Check for PCRE Libraries
dnl CHECK_PCRE(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl PCRE_CFLAGS
dnl PCRE_LIBS
PCRE_CONFIG=""
PCRE_VERSION=""
PCRE_CPPFLAGS=""
PCRE_CFLAGS=""
PCRE_LDFLAGS=""
PCRE_LDADD=""
PCRE_LD_PATH=""
AC_DEFUN([CHECK_PCRE],
[dnl
AC_ARG_WITH(
pcre,
[AS_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
[test_paths="${with_pcre}"],
[test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"])
if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then
AC_MSG_NOTICE([pcre2 specified; omitting check for pcre])
else
AC_MSG_CHECKING([for libpcre config script])
for x in ${test_paths}; do
dnl # Determine if the script was specified and use it directly
if test ! -d "$x" -a -e "$x"; then
PCRE_CONFIG=$x
pcre_path="no"
break
fi
dnl # Try known config script names/locations
for PCRE_CONFIG in pcre-config; do
if test -e "${x}/bin/${PCRE_CONFIG}"; then
pcre_path="${x}/bin"
break
elif test -e "${x}/${PCRE_CONFIG}"; then
pcre_path="${x}"
break
else
pcre_path=""
fi
done
if test -n "$pcre_path"; then
break
fi
done
if test -n "${pcre_path}"; then
if test "${pcre_path}" != "no"; then
PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
fi
AC_MSG_RESULT([${PCRE_CONFIG}])
PCRE_VERSION="`${PCRE_CONFIG} --version`"
if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
PCRE_LDADD="`${PCRE_CONFIG} --libs`"
if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
else
AC_MSG_RESULT([no])
fi
if test -n "${PCRE_VERSION}"; then
AC_MSG_CHECKING(for PCRE JIT)
save_CFLAGS=$CFLAGS
save_LDFLAGS=$LDFLAGS
save_LIBS=$LIBS
CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
LDFLAGS="${PCRE_LDADD} ${LDFLAGS}"
LIBS="${PCRE_LDADD} ${LIBS}"
AC_TRY_LINK([ #include <pcre.h> ],
[ pcre_jit_exec(NULL, NULL, NULL, 0, 0, 0, NULL, 0, NULL); ],
[ pcre_jit_available=yes ], [:]
)
if test "x$pcre_jit_available" = "xyes"; then
AC_MSG_RESULT(yes)
PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
else
AC_MSG_RESULT(no)
fi
CFLAGS=$save_CFLAGS
LDFLAGS=$save_LDFLAGS
LIBS=$save_LIBS
fi
AC_SUBST(PCRE_CONFIG)
AC_SUBST(PCRE_VERSION)
AC_SUBST(PCRE_CPPFLAGS)
AC_SUBST(PCRE_CFLAGS)
AC_SUBST(PCRE_LDFLAGS)
AC_SUBST(PCRE_LDADD)
AC_SUBST(PCRE_LD_PATH)
if test -z "${PCRE_VERSION}"; then
AC_MSG_NOTICE([*** pcre library not found.])
ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
else
AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
ifelse([$1], , , $1)
PCRE_LDADD="${PCRE_LDADD} -lpcre"
fi
fi
])

180
build/pcre2.m4 Normal file
View File

@ -0,0 +1,180 @@
dnl Check for PCRE2 Libraries
dnl CHECK_PCRE2(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_PCRE2], [
# Possible names for the pcre2 library/package (pkg-config)
PCRE2_POSSIBLE_LIB_NAMES="pcre2 pcre2-8"
# Possible extensions for the library
PCRE2_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
PCRE2_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/libpcre2-8 /usr/local/pcre2 /usr/local /opt/libpcre2-8 /opt/pcre2 /opt /usr /usr/lib64 /opt/local"
# Variables to be set by this very own script.
PCRE2_VERSION=""
PCRE2_CFLAGS=""
PCRE2_CPPFLAGS=""
PCRE2_LDADD=""
PCRE2_LDFLAGS=""
AC_ARG_WITH(
pcre2,
[AS_HELP_STRING([--with-pcre2=PATH],[Path to pcre2 prefix or config script])]
)
if test "x${with_pcre2}" == "xno"; then
AC_DEFINE(HAVE_PCRE2, 0, [Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
PCRE2_DISABLED=yes
else
if test "x${with_pcre2}" == "xyes"; then
PCRE2_MANDATORY=yes
AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
fi
# for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_PCRE2_AT(${x})
# if test -n "${PCRE2_VERSION}"; then
# break
# fi
# done
# if test "x${with_pcre2}" != "xyes" or test "x${with_pcre2}" == "xyes"; then
if test "x${with_pcre2}" == "x" || test "x${with_pcre2}" == "xyes"; then
# Nothing about PCRE2 was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
PCRE2_PKG_NAME=""
for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
PCRE2_PKG_NAME="$x"
break
fi
done
fi
AC_MSG_NOTICE([Nothing about PCRE2 was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${PCRE2_PKG_NAME}"; then
# Package was found using the pkg-config scripts
PCRE2_VERSION="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --modversion`"
PCRE2_CFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --cflags`"
PCRE2_LDADD="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-l`"
PCRE2_LDFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-L --libs-only-other`"
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${PCRE2_POSSIBLE_PATHS}; do
CHECK_FOR_PCRE2_AT(${x})
if test -n "${PCRE2_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_pcre2}" != "x"; then
# An specific path was informed, lets check.
PCRE2_MANDATORY=yes
CHECK_FOR_PCRE2_AT(${with_pcre2})
fi
# fi
fi
if test -z "${PCRE2_LDADD}"; then
if test -z "${PCRE2_MANDATORY}"; then
if test -z "${PCRE2_DISABLED}"; then
AC_MSG_NOTICE([PCRE2 library was not found])
PCRE2_FOUND=0
else
PCRE2_FOUND=2
fi
else
AC_MSG_ERROR([PCRE2 was explicitly referenced but it was not found])
PCRE2_FOUND=-1
fi
else
if test -z "${PCRE2_MANDATORY}"; then
PCRE2_FOUND=2
AC_MSG_NOTICE([PCRE2 is disabled by default.])
else
PCRE2_FOUND=1
AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}])
PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}"
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
AC_SUBST(PCRE2_VERSION)
AC_SUBST(PCRE2_LDADD)
AC_SUBST(PCRE2_LIBS)
AC_SUBST(PCRE2_LDFLAGS)
AC_SUBST(PCRE2_CFLAGS)
AC_SUBST(PCRE2_DISPLAY)
fi
fi
AC_SUBST(PCRE2_FOUND)
]) # AC_DEFUN [PROG_PCRE2]
AC_DEFUN([CHECK_FOR_PCRE2_AT], [
path=$1
echo "*** LOOKING AT PATH: " ${path}
for y in ${PCRE2_POSSIBLE_EXTENSIONS}; do
for z in ${PCRE2_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
pcre2_lib_path="${path}/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
pcre2_lib_path="${path}/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
pcre2_lib_path="${path}/lib/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
pcre2_lib_path="${path}/lib/x86_64-linux-gnu/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
pcre2_lib_path="${path}/lib/i386-linux-gnu/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$pcre2_lib_path"; then
break
fi
done
if test -e "${path}/include/pcre2.h"; then
pcre2_inc_path="${path}/include"
elif test -e "${path}/pcre2.h"; then
pcre2_inc_path="${path}"
elif test -e "${path}/include/pcre2/pcre2.h"; then
pcre2_inc_path="${path}/include"
fi
if test -n "${pcre2_lib_path}"; then
AC_MSG_NOTICE([PCRE2 library found at: ${pcre2_lib_file}])
fi
if test -n "${pcre2_inc_path}"; then
AC_MSG_NOTICE([PCRE2 headers found at: ${pcre2_inc_path}])
fi
if test -n "${pcre2_lib_path}" -a -n "${pcre2_inc_path}"; then
# TODO: Compile a piece of code to check the version.
PCRE2_CFLAGS="-I${pcre2_inc_path}"
PCRE2_LDADD="-l${pcre2_lib_name}"
PCRE2_LDFLAGS="-L${pcre2_lib_path}"
PCRE2_DISPLAY="${pcre2_lib_file}, ${pcre2_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_PCRE2_AT]

21
build/release.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
git clean -xfdi
git submodule foreach --recursive git clean -xfdi
VERSION=`git describe --tags`
DIR_NAME="modsecurity-$VERSION"
TAR_NAME="modsecurity-$VERSION.tar.gz"
MY_DIR=${PWD##*/}
./build.sh
cd ..
tar --transform "s/^$MY_DIR/$DIR_NAME/" -cvzf $TAR_NAME --exclude .git $MY_DIR
sha256sum $TAR_NAME > $TAR_NAME.sha256
gpg --detach-sign -a $TAR_NAME
cd -
echo $TAR_NAME ": done."

144
build/ssdeep.m4 Normal file
View File

@ -0,0 +1,144 @@
dnl Check for SSDEEP Libraries
dnl CHECK_SSDEEP(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([CHECK_SSDEEP],
[dnl
# Possible names for the ssdeep library/package (pkg-config)
SSDEEP_POSSIBLE_LIB_NAMES="fuzzy"
# Possible extensions for the library
SSDEEP_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
SSDEEP_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/fuzzy /usr/local/libfuzzy /usr/local /opt /usr /usr/lib64 /opt/local"
# Variables to be set by this very own script.
SSDEEP_CFLAGS=""
SSDEEP_LDFLAGS=""
SSDEEP_LDADD=""
SSDEEP_DISPLAY=""
AC_ARG_WITH(
ssdeep,
[AS_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])]
)
if test "x${with_ssdeep}" == "xno"; then
AC_DEFINE(HAVE_SSDEEP, 0, [Support for SSDEEP was disabled by the utilization of --without-ssdeep or --with-ssdeep=no])
AC_MSG_NOTICE([Support for SSDEEP was disabled by the utilization of --without-ssdeep or --with-ssdeep=no])
SSDEEP_DISABLED=yes
else
if test "x${with_ssdeep}" == "xyes"; then
SSDEEP_MANDATORY=yes
AC_MSG_NOTICE([SSDEEP support was marked as mandatory by the utilization of --with-ssdeep=yes])
else
SSDEEP_MANDATORY=no
fi
for x in ${SSDEEP_POSSIBLE_PATHS}; do
CHECK_FOR_SSDEEP_AT(${x})
if test -n "${SSDEEP_CFLAGS}"; then
break
fi
done
fi
if test -z "${SSDEEP_CFLAGS}"; then
if test -z "${SSDEEP_MANDATORY}" || test "x${SSDEEP_MANDATORY}" == "xno"; then
if test -z "${SSDEEP_DISABLED}"; then
AC_MSG_NOTICE([SSDEEP library was not found])
SSDEEP_FOUND=0
else
SSDEEP_FOUND=2
fi
else
AC_MSG_ERROR([SSDEEP was explicitly referenced but it was not found])
SSDEEP_FOUND=-1
fi
else
SSDEEP_FOUND=1
AC_MSG_NOTICE([using SSDEEP v${SSDEEP_VERSION}])
SSDEEP_CFLAGS="-DWITH_SSDEEP ${SSDEEP_CFLAGS}"
SSDEEP_DISPLAY="${SSDEEP_LDADD} ${SSDEEP_LDFLAGS}, ${SSDEEP_CFLAGS}"
AC_SUBST(SSDEEP_LDFLAGS)
AC_SUBST(SSDEEP_LDADD)
AC_SUBST(SSDEEP_CFLAGS)
AC_SUBST(SSDEEP_DISPLAY)
fi
AC_SUBST(SSDEEP_FOUND)
]) # AC_DEFUN [CHECK_SSDEEP]
AC_DEFUN([CHECK_FOR_SSDEEP_AT], [
path=$1
echo "*** LOOKING AT PATH: " ${path}
for y in ${SSDEEP_POSSIBLE_EXTENSIONS}; do
for z in ${SSDEEP_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
ssdeep_lib_path="${path}/"
ssdeep_lib_name="${z}"
ssdeep_lib_file="${ssdeep_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
ssdeep_lib_path="${path}/"
ssdeep_lib_name="${z}"
ssdeep_lib_file="${ssdeep_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
ssdeep_lib_path="${path}/lib/"
ssdeep_lib_name="${z}"
ssdeep_lib_file="${ssdeep_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
ssdeep_lib_path="${path}/lib/x86_64-linux-gnu/"
ssdeep_lib_name="${z}"
ssdeep_lib_file="${ssdeep_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
ssdeep_lib_path="${path}/lib/i386-linux-gnu/"
ssdeep_lib_name="${z}"
ssdeep_lib_file="${ssdeep_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$ssdeep_lib_path"; then
break
fi
done
if test -e "${path}/include/fuzzy.h"; then
ssdeep_inc_path="${path}/include"
elif test -e "${path}/fuzzy.h"; then
ssdeep_inc_path="${path}"
elif test -e "${path}/include/fuzzy/fuzzy.h"; then
ssdeep_inc_path="${path}/include"
fi
if test -n "${ssdeep_lib_path}"; then
AC_MSG_NOTICE([SSDEEP library found at: ${ssdeep_lib_file}])
fi
if test -n "${ssdeep_inc_path}"; then
AC_MSG_NOTICE([SSDEEP headers found at: ${ssdeep_inc_path}])
fi
if test -n "${ssdeep_lib_path}" -a -n "${ssdeep_inc_path}"; then
# TODO: Compile a piece of code to check the version.
SSDEEP_CFLAGS="-I${ssdeep_inc_path}"
SSDEEP_LDADD="-l${ssdeep_lib_name}"
SSDEEP_LDFLAGS="-L${ssdeep_lib_path}"
SSDEEP_DISPLAY="${ssdeep_lib_file}, ${ssdeep_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_SSDEEP_AT]

169
build/yajl.m4 Normal file
View File

@ -0,0 +1,169 @@
dnl Check for YAJL Libraries
dnl CHECK_YAJL(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_YAJL], [
# Possible names for the yajl library/package (pkg-config)
YAJL_POSSIBLE_LIB_NAMES="yajl2 yajl"
# Possible extensions for the library
YAJL_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
YAJL_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/libyajl /usr/local/yajl /usr/local /opt/libyajl /opt/yajl /opt /usr /usr/lib64"
# Variables to be set by this very own script.
YAJL_VERSION=""
YAJL_CFLAGS=""
YAJL_CPPFLAGS=""
YAJL_LDADD=""
YAJL_LDFLAGS=""
AC_ARG_WITH(
yajl,
[AS_HELP_STRING([--with-yajl=PATH],[Path to yajl prefix or config script])]
)
if test "x${with_yajl}" == "xno"; then
AC_DEFINE(HAVE_YAJL, 0, [Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
AC_MSG_NOTICE([Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
YAJL_DISABLED=yes
else
if test "x${with_yajl}" == "xyes"; then
YAJL_MANDATORY=yes
AC_MSG_NOTICE([YAJL support was marked as mandatory by the utilization of --with-yajl=yes])
fi
# for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_YAJL_AT(${x})
# if test -n "${YAJL_VERSION}"; then
# break
# fi
# done
# if test "x${with_yajl}" != "xyes" or test "x${with_yajl}" == "xyes"; then
if test "x${with_yajl}" == "x" || test "x${with_yajl}" == "xyes"; then
# Nothing about YAJL was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
YAJL_PKG_NAME=""
for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
YAJL_PKG_NAME="$x"
break
fi
done
fi
AC_MSG_NOTICE([Nothing about YAJL was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${YAJL_PKG_NAME}"; then
# Package was found using the pkg-config scripts
YAJL_VERSION="`${PKG_CONFIG} ${YAJL_PKG_NAME} --modversion`"
YAJL_CFLAGS="`${PKG_CONFIG} ${YAJL_PKG_NAME} --cflags`"
YAJL_LDADD="`${PKG_CONFIG} ${YAJL_PKG_NAME} --libs-only-l`"
YAJL_LDFLAGS="`${PKG_CONFIG} ${YAJL_PKG_NAME} --libs-only-L --libs-only-other`"
YAJL_DISPLAY="${YAJL_LDADD}, ${YAJL_CFLAGS}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
CHECK_FOR_YAJL_AT(${x})
if test -n "${YAJL_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_yajl}" != "x"; then
# An specific path was informed, lets check.
YAJL_MANDATORY=yes
CHECK_FOR_YAJL_AT(${with_yajl})
fi
# fi
fi
if test -z "${YAJL_LDADD}"; then
if test -z "${YAJL_MANDATORY}"; then
if test -z "${YAJL_DISABLED}"; then
AC_MSG_NOTICE([YAJL library was not found])
YAJL_FOUND=0
else
YAJL_FOUND=2
fi
else
AC_MSG_ERROR([YAJL was explicitly referenced but it was not found])
YAJL_FOUND=-1
fi
else
YAJL_FOUND=1
AC_MSG_NOTICE([using YAJL v${YAJL_VERSION}])
YAJL_CFLAGS="-DWITH_YAJL ${YAJL_CFLAGS}"
YAJL_DISPLAY="${YAJL_LDADD}, ${YAJL_CFLAGS}"
AC_SUBST(YAJL_VERSION)
AC_SUBST(YAJL_LDADD)
AC_SUBST(YAJL_LIBS)
AC_SUBST(YAJL_LDFLAGS)
AC_SUBST(YAJL_CFLAGS)
AC_SUBST(YAJL_DISPLAY)
fi
AC_SUBST(YAJL_FOUND)
]) # AC_DEFUN [PROG_YAJL]
AC_DEFUN([CHECK_FOR_YAJL_AT], [
path=$1
for y in ${YAJL_POSSIBLE_EXTENSIONS}; do
for z in ${YAJL_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
yajl_lib_path="${path}/"
yajl_lib_name="${z}"
yajl_lib_file="${yajl_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
yajl_lib_path="${path}/"
yajl_lib_name="${z}"
yajl_lib_file="${yajl_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
yajl_lib_path="${path}/lib/"
yajl_lib_name="${z}"
yajl_lib_file="${yajl_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
yajl_lib_path="${path}/lib/x86_64-linux-gnu/"
yajl_lib_name="${z}"
yajl_lib_file="${yajl_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$yajl_lib_path"; then
break
fi
done
if test -e "${path}/include/yajl_parse.h"; then
yajl_inc_path="${path}/include"
elif test -e "${path}/yajl_parse.h"; then
yajl_inc_path="${path}"
elif test -e "${path}/include/yajl/yajl_parse.h"; then
yajl_inc_path="${path}/include"
fi
if test -n "${yajl_lib_path}"; then
AC_MSG_NOTICE([YAJL library found at: ${yajl_lib_file}])
fi
if test -n "${yajl_inc_path}"; then
AC_MSG_NOTICE([YAJL headers found at: ${yajl_inc_path}])
fi
if test -n "${yajl_lib_path}" -a -n "${yajl_inc_path}"; then
# TODO: Compile a piece of code to check the version.
YAJL_CFLAGS="-I${yajl_inc_path}"
YAJL_LDADD="-l${yajl_lib_name}"
YAJL_LDFLAGS="-L${yajl_lib_path}"
YAJL_DISPLAY="${yajl_lib_file}, ${yajl_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_YAJL_AT]

639
configure.ac Normal file
View File

@ -0,0 +1,639 @@
# ModSecurity configure.ac
# Get the hash of the last commit, to be used if it is not an
# official release.
AC_DEFUN([MSC_GIT_HASH], m4_esyscmd_s(git log -1 --format="%h" --abbrev-commit))
AC_DEFUN([MSC_MAJOR], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_MAJOR " | awk {'print $3'} | sed 's/\"//g'))
AC_DEFUN([MSC_MINOR], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_MINOR " | awk {'print $3'} | sed 's/\"//g'))
AC_DEFUN([MSC_PATCHLEVEL], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_PATCHLEVEL " | awk {'print $3'} | sed 's/\"//g'))
AC_DEFUN([MSC_TAG], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_FTAG " | awk {'print $3'} | sed 's/\"//g'))
# Version definition to be further used by AC_INIT and
# .so file naming.
m4_define([msc_version_major], [MSC_MAJOR])
m4_define([msc_version_minor], [MSC_MINOR])
m4_define([msc_version_patchlevel], [MSC_PATCHLEVEL])
m4_define([msc_version_c_plus_a], [m4_eval(msc_version_major + msc_version_minor)])
m4_define([msc_version],
[msc_version_major.msc_version_minor])
m4_define([msc_version_with_patchlevel],
[msc_version_major.msc_version_minor.msc_version_patchlevel])
m4_define([msc_version_git],
[m4_esyscmd_s(git describe)])
m4_define([msc_version_info],
[msc_version_c_plus_a:msc_version_patchlevel:msc_version_minor])
# Project Information
AC_INIT([modsecurity], [3.0], [security@modsecurity.org])
# General definitions
AC_CONFIG_MACRO_DIR([build])
AC_PREFIX_DEFAULT([/usr/local/modsecurity])
# General automake options.
AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
# Check for dependencies (C++, AR, Lex, Yacc and Make)
AC_PROG_CXX
AM_PROG_AR
AC_PROG_MAKE_SET
PKG_PROG_PKG_CONFIG
# Check if the compiler is c++11 compatible.
# AX_CXX_COMPILE_STDCXX_11(,mandatory)
# Check for libinjection
if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then
AC_MSG_ERROR([\
libInjection was not found within ModSecurity source directory.
libInjection code is available as part of ModSecurity source code in a format
of a git-submodule. git-submodule allow us to specify the correct version of
libInjection and still uses the libInjection repository to download it.
You can download libInjection using git:
$ git submodule init
$ git submodule update
])
fi
# Libinjection version
AC_DEFUN([LIBINJECTION_VERSION], m4_esyscmd_s(cd "others/libinjection" && git describe && cd ../..))
# SecLang test version
AC_DEFUN([SECLANG_TEST_VERSION], m4_esyscmd_s(cd "test/test-cases/secrules-language-tests" && git log -1 --format="%h" --abbrev-commit && cd ../../..))
# Check for yajl
PROG_YAJL
AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""])
# Check for LibGeoIP
PROG_GEOIP
AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""])
# Check for MaxMind
PROG_MAXMIND
AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""])
# Check for LMDB
PROG_LMDB
AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""])
# Check for SSDEEP
CHECK_SSDEEP
AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""])
# Check for LUA
CHECK_LUA
AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""])
#
# Check for curl
#
CHECK_CURL
if ! test -z "${CURL_VERSION}"; then
AC_DEFINE([MSC_WITH_CURL], [1], [Define if libcurl is available])
fi
#
# Check for LibXML
#
CHECK_LIBXML2
#
# Check for libpcre
#
CHECK_PCRE
#
# Check for pcre2
#
PROG_PCRE2
AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([string])
AC_CHECK_HEADERS([iostream])
AC_CHECK_HEADERS([sys/utsname.h])
# ??
LT_INIT([dlopen])
# Identify platform
AC_CANONICAL_HOST
case $host in
*-*-aix*)
echo "Checking platform... Identified as AIX"
AC_DEFINE([AIX], [1], [Define if the operating system is AIX])
PLATFORM="AIX"
;;
*-*-hpux*)
echo "Checking platform... Identified as HPUX"
AC_DEFINE([HPUX], [1], [Define if the operating system is HPUX])
PLATFORM="HPUX"
;;
*-*-darwin*)
echo "Checking platform... Identified as Macintosh OS X"
AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
PLATFORM="MacOSX"
;;
*-*-linux* | *-*uclinux*)
echo "Checking platform... Identified as Linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
PLATFORM="Linux"
;;
*-*-solaris*)
echo "Checking platform... Identified as Solaris"
AC_DEFINE([SOLARIS], [1], [Define if the operating system is SOLARIS])
PLATFORM="Solaris"
;;
*-*-freebsd*)
echo "Checking platform... Identified as FreeBSD"
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
PLATFORM="FreeBSD"
;;
*-*-netbsd*)
echo "Checking platform... Identified as NetBSD"
AC_DEFINE([NETBSD], [1], [Define if the operating system is NETBSD])
PLATFORM="NetBSD"
;;
*-*-openbsd*)
echo "Checking platform... Identified as OpenBSD"
AC_DEFINE([OPENBSD], [1], [Define if the operating system is OPENBSD])
PLATFORM="OpenBSD"
;;
*-*-kfreebsd*)
echo "Checking platform... Identified as kFreeBSD, treating as linux"
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
PLATFORM="kFreeBSD"
;;
*-*-dragonfly*)
echo "Checking platform... Identified as DragonFlyBSD, treating as linux"
AC_DEFINE([DRAGONFLY], [1], [Define if the operating system is DRAGONFLY])
PLATFORM="DragonFly"
;;
*-*-gnu*.*)
echo "Checking platform... Identified as HURD, treating as linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
PLATFORM="HURD"
;;
*)
echo "Unknown CANONICAL_HOST $host"
exit 1
;;
esac
# Variables to be used inside the Makefile.am files.
MSC_BASE_DIR=`pwd`
AC_SUBST([MSC_BASE_DIR])
MSC_VERSION_INFO=msc_version_info
AC_SUBST([MSC_VERSION_INFO])
MSC_VERSION_WITH_PATCHLEVEL=msc_version_with_patchlevel
AC_SUBST([MSC_VERSION_WITH_PATCHLEVEL])
MSC_VERSION=msc_version
AC_SUBST([MSC_VERSION])
MSC_GIT_VERSION=msc_version_git
AC_SUBST([MSC_GIT_VERSION])
AC_ARG_ENABLE(debug-logs,
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
[case "${enableval}" in
yes) debugLogs=true ;;
no) debugLogs=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-debug-logs) ;;
esac],
[debugLogs=true]
)
if test "$debugLogs" != "true"; then
MODSEC_NO_LOGS="-DNO_LOGS=1"
AC_SUBST(MODSEC_NO_LOGS)
fi
# Fuzzer
AC_ARG_ENABLE(afl-fuzz,
[AS_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
[case "${enableval}" in
yes) aflFuzzer=true ;;
no) aflFuzzer=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-afl-fuzz) ;;
esac],
[aflFuzzer=false]
)
# Examples
AC_ARG_ENABLE(examples,
[AS_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
[case "${enableval}" in
yes) buildExamples=true ;;
no) buildExamples=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-examples) ;;
esac],
[buildExamples=true]
)
# Parser
AC_ARG_ENABLE(parser-generation,
[AS_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
[case "${enableval}" in
yes) buildParser=true ;;
no) buildParser=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-parser-generation) ;;
esac],
[buildParser=false]
)
# Mutex
AC_ARG_ENABLE(mutex-on-pm,
[AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
[case "${enableval}" in
yes) mutexPm=true ;;
no) mutexPm=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-mutex-on-pm) ;;
esac],
[mutexPm=false]
)
if test "$mutexPm" == "true"; then
MODSEC_MUTEX_ON_PM="-DMUTEX_ON_PM=1"
AC_SUBST(MODSEC_MUTEX_ON_PM)
fi
if test $buildParser = true; then
AC_PROG_YACC
AC_PROG_LEX
AC_PATH_PROG([FLEX], [flex])
test "x$FLEX" = "x" && AC_MSG_ERROR([flex is needed to build ModSecurity])
AC_PATH_PROG([BISON], [bison])
test "x$BISON" = "x" && AC_MSG_ERROR([bison is needed to build ModSecurity])
AC_PATH_PROG([YACC_INST], $YACC)
if test ! -f "$srcdir/gram.c"; then
if test -z "$YACC_INST"; then
AC_MSG_ERROR([yacc not found - unable to compile ModSecurity])
fi
fi
fi
# Decide if we want to build the tests or not.
buildTestUtilities=false
if test "x$YAJL_FOUND" = "x1"; then
# Regression tests will not be able to run without the logging support.
# But we still have the unit tests.
# if test "$debugLogs" = "true"; then
buildTestUtilities=true
# fi
fi
AM_CONDITIONAL([TEST_UTILITIES], [test $buildTestUtilities = true])
if test $buildTestUtilities = true; then
if test $debugLogs = true; then
if test -f ./test/test-list.sh; then
TEST_CASES=`./test/test-list.sh`
fi
fi
fi
AM_CONDITIONAL([EXAMPLES], [test $buildExamples = true])
AM_CONDITIONAL([BUILD_PARSER], [test $buildParser = true])
AM_CONDITIONAL([USE_MUTEX_ON_PM], [test $mutexPm = true])
# General link options
if test "$PLATFORM" != "MacOSX" -a "$PLATFORM" != "OpenBSD"; then
GLOBAL_LDADD="-lrt "
fi
if test "$aflFuzzer" == "true"; then
FUZZ_CPPCFLAGS="-fsanitize=address -fsanitize-coverage=4 "
GLOBAL_LDADD="$GLOBAL_LDADD -fsanitize=address "
GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS"
$buildExamples = false
fi
AC_SUBST(GLOBAL_LDADD)
AC_SUBST(GLOBAL_CPPFLAGS)
AM_CONDITIONAL([AFL_FUZZER], [test $aflFuzzer = true])
GLOBAL_CFLAGS=""
AC_SUBST(GLOBAL_CFLAGS)
# Files to be generated via autotools.
AC_CONFIG_FILES([\
modsecurity.pc \
Makefile \
doc/Makefile \
src/Makefile \
others/Makefile \
tools/Makefile \
tools/rules-check/Makefile
])
AM_COND_IF([TEST_UTILITIES],
[AC_CONFIG_FILES([test/Makefile test/benchmark/Makefile])])
AM_COND_IF([EXAMPLES],
[AC_CONFIG_FILES([ \
examples/Makefile \
examples/simple_example_using_c/Makefile \
examples/multiprocess_c/Makefile \
examples/reading_logs_with_offset/Makefile \
examples/reading_logs_via_rule_message/Makefile \
examples/using_bodies_in_chunks/Makefile \
])])
AM_COND_IF([AFL_FUZZER],
[AC_CONFIG_FILES([test/fuzzer/Makefile])])
AM_COND_IF([BUILD_PARSER],
[AC_CONFIG_FILES([src/parser/Makefile])])
AC_CONFIG_HEADERS([src/config.h])
# Doxygen support
DX_HTML_FEATURE(ON)
DX_CHM_FEATURE(OFF)
DX_CHI_FEATURE(OFF)
DX_MAN_FEATURE(OFF)
DX_RTF_FEATURE(OFF)
DX_XML_FEATURE(OFF)
DX_PDF_FEATURE(OFF)
DX_PS_FEATURE(OFF)
DX_INIT_DOXYGEN([ModSecurity],[doc/doxygen.cfg])
# make check-valgrind
AX_VALGRIND_DFLT([sgcheck], [off])
AX_VALGRIND_CHECK
# Generate the files.
AC_OUTPUT
# Print a fancy summary
echo " "
echo " "
echo "ModSecurity - ${MSC_GIT_VERSION} for $PLATFORM"
echo " "
echo " Mandatory dependencies"
echo -n " + libInjection ...."
echo LIBINJECTION_VERSION
echo -n " + SecLang tests ...."
echo SECLANG_TEST_VERSION
echo " "
echo " Optional dependencies"
## GeoIP - MaxMind
if test "x$GEOIP_FOUND" = "x0" && test "x$MAXMIND_FOUND" = "x0"; then
echo " + GeoIP/MaxMind ....not found"
fi
if test "x$GEOIP_FOUND" = "x1" || test "x$MAXMIND_FOUND" = "x1"; then
echo -n " + GeoIP/MaxMind ....found "
echo ""
if test "x$MAXMIND_FOUND" = "x1"; then
echo " * (MaxMind) v${MAXMIND_VERSION}"
echo " ${MAXMIND_DISPLAY}"
fi
if test "x$GEOIP_FOUND" = "x1"; then
echo " * (GeoIP) v${GEOIP_VERSION}"
echo " ${GEOIP_DISPLAY}"
fi
fi
if test "x$GEOIP_FOUND" = "x2" && test "x$MAXMIND_FOUND" = "x2"; then
echo " + GeoIP/MaxMind ....disabled"
fi
## LibCurl
if test "x$CURL_FOUND" = "x0"; then
echo " + LibCURL ....not found"
fi
if test "x$CURL_FOUND" = "x1"; then
echo -n " + LibCURL ....found "
if ! test "x$CURL_VERSION" = "x"; then
echo "v${CURL_VERSION}"
else
echo ""
fi
echo " ${CURL_DISPLAY}"
fi
if test "x$CURL_FOUND" = "x2"; then
echo " + LibCURL ....disabled"
fi
## YAJL
if test "x$YAJL_FOUND" = "x0"; then
echo " + YAJL ....not found"
fi
if test "x$YAJL_FOUND" = "x1"; then
echo -n " + YAJL ....found "
if ! test "x$YAJL_VERSION" = "x"; then
echo "v${YAJL_VERSION}"
else
echo ""
fi
echo " ${YAJL_DISPLAY}"
fi
if test "x$YAJL_FOUND" = "x2"; then
echo " + YAJL ....disabled"
fi
## LMDB
if test "x$LMDB_FOUND" = "x0"; then
echo " + LMDB ....not found"
fi
if test "x$LMDB_FOUND" = "x1"; then
echo -n " + LMDB ....found "
if ! test "x$LMDB_VERSION" = "x"; then
echo "v${LMDB_VERSION}"
else
echo ""
fi
echo " ${LMDB_DISPLAY}"
fi
if test "x$LMDB_FOUND" = "x2"; then
echo " + LMDB ....disabled"
fi
## libxml2
if test "x$LIBXML2_FOUND" = "x0"; then
echo " + LibXML2 ....not found"
fi
if test "x$LIBXML2_FOUND" = "x1"; then
echo -n " + LibXML2 ....found "
if ! test "x$LIBXML2_VERSION" = "x"; then
echo "v${LIBXML2_VERSION}"
else
echo ""
fi
echo " ${LIBXML2_DISPLAY}"
fi
if test "x$LIBXML2_FOUND" = "x2"; then
echo " + LibXML2 ....disabled"
fi
## SSDEEP
if test "x$SSDEEP_FOUND" = "x0"; then
echo " + SSDEEP ....not found"
fi
if test "x$SSDEEP_FOUND" = "x1"; then
echo -n " + SSDEEP ....found "
if ! test "x$SSDEEP_VERSION" = "x"; then
echo "v${SSDEEP_VERSION}"
else
echo ""
fi
echo " ${SSDEEP_DISPLAY}"
fi
if test "x$SSDEEP_FOUND" = "x2"; then
echo " + SSDEEP ....disabled"
fi
## LUA
if test "x$LUA_FOUND" = "x0"; then
echo " + LUA ....not found"
fi
if test "x$LUA_FOUND" = "x1"; then
echo -n " + LUA ....found "
if ! test "x$LUA_VERSION" = "x"; then
echo "v${LUA_VERSION}"
else
echo ""
fi
echo " ${LUA_DISPLAY}"
fi
if test "x$LUA_FOUND" = "x2"; then
echo " + LUA ....disabled"
fi
## PCRE2
if test "x$PCRE2_FOUND" = "x0"; then
echo " + PCRE2 ....not found"
fi
if test "x$PCRE2_FOUND" = "x1"; then
echo -n " + PCRE2 ....found "
if ! test "x$PCRE2_VERSION" = "x"; then
echo "v${PCRE2_VERSION}"
else
echo ""
fi
echo " ${PCRE2_DISPLAY}"
fi
if test "x$PCRE2_FOUND" = "x2"; then
echo " + PCRE2 ....disabled"
fi
echo " "
echo " Other Options"
if test $buildTestUtilities = true; then
if test $debugLogs = true; then
echo " + Test Utilities ....enabled"
else
echo " + Test Utilities ....partially"
fi
else
echo " + Test Utilities ....disabled"
fi
if test $debugLogs = true; then
echo " + SecDebugLog ....enabled"
else
echo " + SecDebugLog ....disabled"
fi
if test "$aflFuzzer" = "true"; then
echo " + afl fuzzer ....enabled"
echo " ($FUZZ_CPPCFLAGS)"
else
echo " + afl fuzzer ....disabled"
fi
if test "$buildExamples" = "true"; then
echo " + library examples ....enabled"
else
echo " + library examples ....disabled"
fi
if test "$buildParser" = "true"; then
echo " + Building parser ....enabled"
else
echo " + Building parser ....disabled"
fi
if test "$mutexPm" = "true"; then
echo " + Treating pm operations as critical section ....enabled"
else
echo " + Treating pm operations as critical section ....disabled"
fi
echo " "
if test "$aflFuzzer" = "true"; then
echo "WARNING: afl fuzzer was enabled. Make sure you are using the"
echo " 'afl-clang-fast' as the compiler, otherwise the compilation"
echo " will fail."
echo " "
echo " You can set the compiler using:"
echo " "
echo " $ export CXX=afl-clang-fast++ "
echo " $ export CC=afl-clang-fast "
echo " "
fi

0
doc/.empty Normal file
View File

17
doc/Makefile.am Normal file
View File

@ -0,0 +1,17 @@
ACLOCAL_AMFLAGS = -I build
# Doxygen support
# include $(top_srcdir)/build/ax_prog_doxygen.m4
# distribution of the Doxygen configuration file
EXTRA_DIST = \
doxygen.cfg
MAINTAINERCLEANFILES = \
Makefile.in \
doxygen_sqlite3.db \
html \
latex

2403
doc/doxygen.cfg Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
doc/ms-doxygen-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

21
examples/Makefile.am Normal file
View File

@ -0,0 +1,21 @@
ACLOCAL_AMFLAGS = -I build
SUBDIRS = \
multiprocess_c \
reading_logs_with_offset \
reading_logs_via_rule_message \
simple_example_using_c \
using_bodies_in_chunks
pkginclude_HEADERS = \
reading_logs_via_rule_message/reading_logs_via_rule_message.h
# make clean
CLEANFILES =
# make maintainer-clean
MAINTAINERCLEANFILES = \
Makefile.in

34
examples/multiprocess_c/Makefile.am Normal file
View File

@ -0,0 +1,34 @@
noinst_PROGRAMS = multi
multi_SOURCES = \
multi.c
multi_LDADD = \
$(SSDEEP_LDADD) \
$(LUA_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD)
multi_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS)
multi_CFLAGS = \
-I$(top_builddir)/headers \
-I$(top_builddir) \
$(GLOBAL_CFLAGS)
MAINTAINERCLEANFILES = \
Makefile.in

14
examples/multiprocess_c/basic_rules.conf Normal file
View File

@ -0,0 +1,14 @@
SecDebugLog /dev/stdout
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:User-Agent ".*" "id:1,phase:1,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{MATCHED_VAR}"
SecAction "phase:2,initcol:ip=%{REMOTE_ADDR}_%{tx.ua_hash}"
SecRule REQUEST_HEADERS:User-Agent ".*" "id:2,phase:2,setvar:ip.auth_attempt=+1"
SecRule ARGS:foo "herewego" "id:3,phase:2,setvar:ip.foo=bar"
SecRule IP "bar" "id:4,phase:2"
SecRule IP:auth_attempt "bar" "id:5,phase:2"

146
examples/multiprocess_c/multi.c Normal file
View File

@ -0,0 +1,146 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <modsecurity/modsecurity.h>
#include <modsecurity/transaction.h>
#include <modsecurity/rules_set.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/time.h>
#define FORKS 5
#define REQUESTS_PER_PROCESS 100
char main_rule_uri[] = "basic_rules.conf";
RulesSet *rules = NULL;
ModSecurity *modsec = NULL;
void process_special_request (int j) {
Transaction *transaction;
transaction = msc_new_transaction(modsec, rules, NULL);
msc_process_connection(transaction, "127.0.0.1", 12345, "127.0.0.1", 80);
msc_process_uri(transaction,
"http://www.modsecurity.org/test?foo=herewego",
"GET", "1.1");
msc_add_request_header(transaction,
(const unsigned char *) "User-Agent",
(const unsigned char *) "Basic ModSecurity example");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
msc_add_response_header(transaction,
(const unsigned char *) "Content-type",
(const unsigned char *) "text/html");
msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction);
msc_process_logging(transaction);
msc_transaction_cleanup(transaction);
}
void process_request (int j) {
int i;
for (i = 0; i < REQUESTS_PER_PROCESS; i++) {
if (i == 1 && j == 1) {
process_special_request(j);
continue;
}
struct timeval tv;
Transaction *transaction;
transaction = msc_new_transaction(modsec, rules, NULL);
msc_process_connection(transaction, "127.0.0.1", 12345, "127.0.0.1", 80);
msc_process_uri(transaction,
"http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3",
"GET", "1.1");
msc_add_request_header(transaction,
(const unsigned char *) "User-Agent",
(const unsigned char *) "Basic ModSecurity example");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
msc_add_response_header(transaction,
(const unsigned char *) "Content-type",
(const unsigned char *) "text/html");
msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction);
msc_process_logging(transaction);
msc_transaction_cleanup(transaction);
tv.tv_sec = 1;
tv.tv_usec = 500;
select(0, NULL, NULL, NULL, &tv);
}
}
int main (int argc, char **argv)
{
int ret;
const char *error = NULL;
pid_t pid;
int f;
modsec = msc_init();
msc_set_connector_info(modsec, "ModSecurity-test v0.0.1-alpha (Simple " \
"example on how to use ModSecurity API");
rules = msc_create_rules_set();
ret = msc_rules_add_file(rules, main_rule_uri, &error);
if (ret < 0) {
fprintf(stderr, "Problems loading the rules --\n");
fprintf(stderr, "%s\n", error);
goto end;
}
msc_rules_dump(rules);
for (f = 0; f < FORKS; f++) {
pid = fork();
if (pid == 0) {
process_request(f);
goto child;
}
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 500;
select(0, NULL, NULL, NULL, &tv);
}
wait(NULL);
child:
if (pid == 0) {
return 0;
}
end:
msc_rules_cleanup(rules);
msc_cleanup(modsec);
return 0;
}

56
examples/reading_logs_via_rule_message/Makefile.am Normal file
View File

@ -0,0 +1,56 @@
noinst_PROGRAMS = simple_request
simple_request_SOURCES = \
simple_request.cc
simple_request_LDADD = \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
$(MAXMIND_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)
simple_request_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(YAJL_LDFLAGS)
simple_request_CPPFLAGS = \
$(GLOBAL_CFLAGS) \
-std=c++11 \
-I$(top_builddir)/headers \
-I$(top_builddir) \
-g \
-I../others \
-fPIC \
-O3 \
$(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(YAJL_CFLAGS) \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(LIBXML2_CFLAGS)
MAINTAINERCLEANFILES = \
Makefile.in

3
examples/reading_logs_via_rule_message/blocked_request.conf Normal file
View File

@ -0,0 +1,3 @@
SecRule ARGS:param1 "test" "id:1,deny,phase:2,chain,msg:'test'"
SecRule ARGS:param1 "test" "log"

2
examples/reading_logs_via_rule_message/blocked_request_engine_on.conf Normal file
View File

@ -0,0 +1,2 @@
SecRuleEngine On
SecRule ARGS:param1 "test" "id:1,deny"

1
examples/reading_logs_via_rule_message/match.conf Normal file
View File

@ -0,0 +1 @@
SecRule ARGS:param1 "test" "id:1,deny,msg:'this',msg:'is',msg:'a',msg:'test'"

1
examples/reading_logs_via_rule_message/no_match.conf Normal file
View File

@ -0,0 +1 @@
SecRule ARGS:param1 "WHEEE" "id:1,phase:2,deny,msg:'this',msg:'is',msg:'a',msg:'test'"

208
examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h Normal file
View File

@ -0,0 +1,208 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <unistd.h>
#include <string>
#include <memory>
#define NUM_THREADS 100
char request_header[] = "" \
"GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1\n\r" \
"Host: net.tutsplus.com\n\r" \
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5)" \
" Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)\n\r" \
"Accept: text/html,application/xhtml+xml,application/xml; " \
"q=0.9,*/*;q=0.8\n\r" \
"Accept-Language: en-us,en;q=0.5\n\r" \
"Accept-Encoding: gzip,deflate\n\r" \
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\n\r" \
"Keep-Alive: 300\n\r" \
"Connection: keep-alive\n\r" \
"Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120\n\r" \
"Pragma: no-cache\n\r" \
"Cache-Control: no-cache\n\r";
char request_uri[] = "/test.pl?param1=test&para2=test2";
char request_body[] = "";
char response_headers[] = "" \
"HTTP/1.1 200 OK\n\r" \
"Content-Type: text/xml; charset=utf-8\n\r" \
"Content-Length: length\n\r";
char response_body[] = "" \
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
"xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" " \
"xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n\r" \
" <soap:Body>\n\r" \
" <EnlightenResponse xmlns=\"http://clearforest.com/\">\n\r" \
" <EnlightenResult>string</EnlightenResult>\n\r" \
" </EnlightenResponse>\n\r" \
" </soap:Body>\n\r" \
"</soap:Envelope>\n\r";
char ip[] = "200.249.12.31";
#include "modsecurity/rule_message.h"
#ifndef EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_
#define EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_
struct data_ms {
modsecurity::ModSecurity *modsec;
modsecurity::RulesSet *rules;
};
static void *process_request(void *data) {
struct data_ms *a = (struct data_ms *)data;
modsecurity::ModSecurity *modsec = a->modsec;
modsecurity::RulesSet *rules = a->rules;
int z = 0;
for (z = 0; z < 10000; z++) {
modsecurity::Transaction *modsecTransaction = \
new modsecurity::Transaction(modsec, rules, NULL);
modsecTransaction->processConnection(ip, 12345, "127.0.0.1", 80);
modsecTransaction->processURI(request_uri, "GET", "1.1");
usleep(10);
modsecTransaction->addRequestHeader("Host",
"net.tutsplus.com");
modsecTransaction->processRequestHeaders();
modsecTransaction->processRequestBody();
modsecTransaction->addResponseHeader("HTTP/1.1",
"200 OK");
modsecTransaction->processResponseHeaders(200, "HTTP 1.2");
modsecTransaction->appendResponseBody(
(const unsigned char*)response_body,
strlen((const char*)response_body));
modsecTransaction->processResponseBody();
modsecTransaction->processLogging();
delete modsecTransaction;
}
pthread_exit(NULL);
return NULL;
}
class ReadingLogsViaRuleMessage {
public:
ReadingLogsViaRuleMessage(char *request_header,
char *request_uri,
char *request_body,
char *response_headers,
char *response_body,
char *ip,
const std::string &rules) :
m_request_header(request_header),
m_request_uri(request_uri),
m_request_body(request_body),
m_response_headers(response_headers),
m_response_body(response_body),
m_ip(ip),
m_rules(rules)
{ }
int process() {
pthread_t threads[NUM_THREADS];
int i;
struct data_ms dms;
void *status;
modsecurity::ModSecurity *modsec;
modsecurity::RulesSet *rules;
modsec = new modsecurity::ModSecurity();
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
" (ModSecurity test)");
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
| modsecurity::IncludeFullHighlightLogProperty);
rules = new modsecurity::RulesSet();
if (rules->loadFromUri(m_rules.c_str()) < 0) {
std::cout << "Problems loading the rules..." << std::endl;
std::cout << rules->m_parserError.str() << std::endl;
return -1;
}
dms.modsec = modsec;
dms.rules = rules;
for (i = 0; i < NUM_THREADS; i++) {
pthread_create(&threads[i], NULL, process_request,
reinterpret_cast<void *>(&dms));
// process_request((void *)&dms);
}
usleep(10000);
for (i=0; i < NUM_THREADS; i++) {
pthread_join(threads[i], &status);
std::cout << "Main: completed thread id :" << i << std::endl;
}
delete rules;
delete modsec;
pthread_exit(NULL);
return 0;
}
static void logCb(void *data, const void *ruleMessagev) {
if (ruleMessagev == NULL) {
std::cout << "I've got a call but the message was null ;(";
std::cout << std::endl;
return;
}
const modsecurity::RuleMessage *ruleMessage = \
reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev);
std::cout << "Rule Id: " << std::to_string(ruleMessage->m_ruleId);
std::cout << " phase: " << std::to_string(ruleMessage->m_phase);
std::cout << std::endl;
if (ruleMessage->m_isDisruptive) {
std::cout << " * Disruptive action: ";
std::cout << modsecurity::RuleMessage::log(ruleMessage);
std::cout << std::endl;
std::cout << " ** %d is meant to be informed by the webserver.";
std::cout << std::endl;
} else {
std::cout << " * Match, but no disruptive action: ";
std::cout << modsecurity::RuleMessage::log(ruleMessage);
std::cout << std::endl;
}
}
protected:
char *m_request_header;
char *m_request_uri;
char *m_request_body;
char *m_response_headers;
char *m_response_body;
char *m_ip;
std::string m_rules;
};
#endif // EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_

42
examples/reading_logs_via_rule_message/simple_request.cc Normal file
View File

@ -0,0 +1,42 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <string.h>
#include <modsecurity/modsecurity.h>
#include <modsecurity/rules_set.h>
#include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
int main(int argc, char **argv) {
if (argc < 2) {
std::cout << "Use " << *argv << " test-case-file.conf";
std::cout << std::endl << std::endl;
return -1;
}
char *rule = *(++argv);
std::string rules(rule);
ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
response_headers, response_body, ip, rules);
rlvrm.process();
pthread_exit(NULL);
return 0;
}

57
examples/reading_logs_with_offset/Makefile.am Normal file
View File

@ -0,0 +1,57 @@
noinst_PROGRAMS = read
read_SOURCES = \
read.cc
read_LDADD = \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)
read_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS)
read_CPPFLAGS = \
$(GLOBAL_CFLAGS) \
-std=c++11 \
-I$(top_builddir)/headers \
-I$(top_builddir) \
-g \
-I../others \
-fPIC \
-O3 \
$(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(YAJL_CFLAGS) \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(LIBXML2_CFLAGS)
MAINTAINERCLEANFILES = \
Makefile.in

34
examples/reading_logs_with_offset/read.cc Normal file
View File

@ -0,0 +1,34 @@
#include <stdio.h>
#include <string.h>
#include <modsecurity/modsecurity.h>
// Variable offset - REQUEST_HEADERS_NAMES
const char *request = "" \
"GET /index.html?param1=value1&param2=value1&param3=value1 HTTP/\n" \
"AuThOrIzAtIoN: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==\n" \
"Host: localhost\n" \
"Content-Length: 27\n" \
"Content-Type: application/x-www-form-urlencoded\n";
int main() {
modsecurity::ModSecurity msc;
std::string json("");
const char *err = NULL;
int ret = 0;
ret = msc.processContentOffset(request, strlen(request),
"o0,4v64,13v114,4v130,14v149,12t:lowercase", &json, &err);
if (ret >= 0) {
std::cout << json << std::endl;
} else {
std::cout << err << std::endl;
}
return ret;
}

31
examples/simple_example_using_c/Makefile.am Normal file
View File

@ -0,0 +1,31 @@
noinst_PROGRAMS = test
test_SOURCES = \
test.c
test_LDADD = \
$(GLOBAL_LDADD) \
$(LUA_LDADD) \
$(SSDEEP_LDADD)
test_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lm \
-lstdc++ \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(YAJL_LDFLAGS)
test_CFLAGS = \
-I$(top_builddir)/headers \
-I$(top_builddir) \
$(GLOBAL_CFLAGS)
MAINTAINERCLEANFILES = \
Makefile.in

223
examples/simple_example_using_c/basic_rules.conf Normal file
View File

@ -0,0 +1,223 @@
# -- Rule engine initialization ----------------------------------------------
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine DetectionOnly
# -- Request body handling ---------------------------------------------------
# Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit.
#
SecRequestBodyAccess On
# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type
#
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Enable JSON request body parser.
# Initiate JSON Processor in case of JSON content-type; change accordingly
# if your application does not use 'application/json'
#
SecRule REQUEST_HEADERS:Content-Type "application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Maximum request body size we will accept for buffering. If you support
# file uploads then the value given on the first line has to be as large
# as the largest file you are willing to accept. The second value refers
# to the size of data, with files excluded. You want to keep that value as
# low as practical.
#
# Store up to 128 KB of request body data in memory. When the multipart
# parser reachers this limit, it will start using your hard disk for
# storage. That is slow, but unavoidable.
#
# What do do if the request body size is above our configured limit.
# Keep in mind that this setting will automatically be set to ProcessPartial
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
# disruptions when initially deploying ModSecurity.
#
SecRequestBodyLimitAction Reject
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
# or log a high-severity alert (when deployed in detection-only mode).
#
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
# By default be strict with what we accept in the multipart/form-data
# request body. If the rule below proves to be too strict for your
# environment consider changing it to detection-only. You are encouraged
# _not_ to remove it altogether.
#
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:400, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
# Did we see anything that might be a boundary?
#
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
# PCRE Tuning
# We want to avoid a potential RegEx DoS condition
#
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
# Some internal errors will set flags in TX and we will need to look for these.
# All of these are prefixed with "MSC_". The following flags currently exist:
#
# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
#
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# -- Response body handling --------------------------------------------------
# Allow ModSecurity to access response bodies.
# You should have this directive enabled in order to identify errors
# and data leakage issues.
#
# Do keep in mind that enabling this directive does increases both
# memory consumption and response latency.
#
SecResponseBodyAccess On
# Which response MIME types do you want to inspect? You should adjust the
# configuration below to catch documents but avoid static files
# (e.g., images and archives).
#
SecResponseBodyMimeType text/plain text/html text/xml
# Buffer response bodies of up to 512 KB in length.
SecResponseBodyLimit 524288
# What happens when we encounter a response body larger than the configured
# limit? By default, we process what we have and let the rest through.
# That's somewhat less secure, but does not break any legitimate pages.
#
SecResponseBodyLimitAction ProcessPartial
# -- Filesystem configuration ------------------------------------------------
# The location where ModSecurity stores temporary files (for example, when
# it needs to handle a file upload that is larger than the configured limit).
#
# This default setting is chosen due to all systems have /tmp available however,
# this is less than ideal. It is recommended that you specify a location that's private.
#
SecTmpDir /tmp/
# The location where ModSecurity will keep its persistent data. This default setting
# is chosen due to all systems have /tmp available however, it
# too should be updated to a place that other users can't access.
#
SecDataDir /tmp/
# -- File uploads handling configuration -------------------------------------
# The location where ModSecurity stores intercepted uploaded files. This
# location must be private to ModSecurity. You don't want other users on
# the server to access the files, do you?
#
#SecUploadDir /opt/modsecurity/var/upload/
# By default, only keep the files that were determined to be unusual
# in some way (by an external inspection script). For this to work you
# will also need at least one file inspection rule.
#
#SecUploadKeepFiles RelevantOnly
# Uploaded files are by default created with permissions that do not allow
# any other user to access them. You may need to relax that if you want to
# interface ModSecurity to an external program (e.g., an anti-virus).
#
#SecUploadFileMode 0600
# -- Debug log configuration -------------------------------------------------
# The default debug log configuration is to duplicate the error, warning
# and notice messages from the error log.
#
#SecDebugLog /opt/modsecurity/var/log/debug.log
#SecDebugLogLevel 3
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
# Log everything we know about a transaction.
SecAuditLogParts ABIJDEFHZ
# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only ocassionally.
#
SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log
# Specify the path for concurrent audit logging.
#SecAuditLogStorageDir /opt/modsecurity/var/audit/
# -- Miscellaneous -----------------------------------------------------------
# Use the most commonly used application/x-www-form-urlencoded parameter
# separator. There's probably only one application somewhere that uses
# something else so don't expect to change this value.
#
SecArgumentSeparator &
# Settle on version 0 (zero) cookies, as that is what most applications
# use. Using an incorrect cookie version may open your installation to
# evasion attacks (against the rules that examine named cookies).
#
SecCookieFormat 0
# Specify your Unicode Code Point.
# This mapping is used by the t:urlDecodeUni transformation function
# to properly map encoded data to your language. Properly setting
# these directives helps to reduce false positives and negatives.
#
SecUnicodeMapFile unicode.mapping 20127
# Improve the quality of ModSecurity by sharing information about your
# current ModSecurity version and dependencies versions.
# The following information will be shared: ModSecurity version,
# Web Server version, APR version, PCRE version, Lua version, Libxml2
# version, Anonymous unique id for host.
SecStatusEngine On

4
examples/simple_example_using_c/test-valgrind.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
valgrind --tool=massif
valgrind --show-leak-kinds=all --leak-check=full ./test

77
examples/simple_example_using_c/test.c Normal file
View File

@ -0,0 +1,77 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include "modsecurity/modsecurity.h"
#include "modsecurity/rules_set.h"
char main_rule_uri[] = "basic_rules.conf";
int main (int argc, char **argv)
{
int ret;
const char *error = NULL;
ModSecurity *modsec;
Transaction *transaction = NULL;
RulesSet *rules;
modsec = msc_init();
msc_set_connector_info(modsec, "ModSecurity-test v0.0.1-alpha (Simple " \
"example on how to use ModSecurity API");
rules = msc_create_rules_set();
ret = msc_rules_add_file(rules, main_rule_uri, &error);
if (ret < 0) {
fprintf(stderr, "Problems loading the rules --\n");
fprintf(stderr, "%s\n", error);
goto end;
}
msc_rules_dump(rules);
ret = msc_rules_add_remote(rules, "test",
"https://www.modsecurity.org/modsecurity-regression-test-secremoterules.txt",
&error);
if (ret < 0) {
fprintf(stderr, "Problems loading the rules --\n");
fprintf(stderr, "%s\n", error);
goto end;
}
msc_rules_dump(rules);
transaction = msc_new_transaction(modsec, rules, NULL);
msc_process_connection(transaction, "127.0.0.1", 12345, "127.0.0.1", 80);
msc_process_uri(transaction,
"http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3",
"GET", "1.1");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
msc_process_response_headers(transaction, 200, "HTTP 1.3");
msc_process_response_body(transaction);
msc_process_logging(transaction);
end:
msc_rules_cleanup(rules);
msc_cleanup(modsec);
return 0;
}

57
examples/using_bodies_in_chunks/Makefile.am Normal file
View File

@ -0,0 +1,57 @@
noinst_PROGRAMS = simple_request
simple_request_SOURCES = \
simple_request.cc
simple_request_LDADD = \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)
simple_request_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \
-lpthread \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(YAJL_LDFLAGS)
simple_request_CPPFLAGS = \
$(GLOBAL_CFLAGS) \
-std=c++11 \
-I$(top_builddir)/headers \
-I$(top_builddir) \
-g \
-I../others \
-fPIC \
-O3 \
$(GEOIP_CFLAGS) \
$(CURL_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(YAJL_CFLAGS) \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(LIBXML2_CFLAGS)
MAINTAINERCLEANFILES = \
Makefile.in

3
examples/using_bodies_in_chunks/example.conf Normal file
View File

@ -0,0 +1,3 @@
SecDebugLog /dev/stdout
SecDebugLogLevel 9
SecRule RESPONSE_BODY "/soap:Body" "id:1,phase:5,deny"

278
examples/using_bodies_in_chunks/simple_request.cc Normal file
View File

@ -0,0 +1,278 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <modsecurity/modsecurity.h>
#include <modsecurity/rules_set.h>
#include <modsecurity/rule_message.h>
#include <string>
#include <memory>
char request_uri[] = "/test.pl?param1=test&para2=test2";
char request_body_first[] = "" \
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
"xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" ";
char request_body_second[] = "" \
"xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n\r" \
" <soap:Body>\n\r" \
" <EnlightenResponse xmlns=\"http://clearforest.com/\">\n\r" \
" <EnlightenResult>string</EnlightenResult>\n\r";
char request_body_third[] = "" \
" </EnlightenResponse>\n\r" \
" </soap:Body>\n\r" \
"</soap:Envelope>\n\r";
char response_body_first[] = "" \
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
"xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" ";
char response_body_second[] = "" \
"xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n\r" \
" <soap:Body>\n\r" \
" <EnlightenResponse xmlns=\"http://clearforest.com/\">\n\r" \
" <EnlightenResult>string</EnlightenResult>\n\r";
char response_body_third[] = "" \
" </EnlightenResponse>\n\r" \
" </soap:Body>\n\r" \
"</soap:Envelope>\n\r";
char ip[] = "200.249.12.31";
static void logCb(void *data, const void *ruleMessagev) {
if (ruleMessagev == NULL) {
std::cout << "I've got a call but the message was null ;(";
std::cout << std::endl;
return;
}
const modsecurity::RuleMessage *ruleMessage = \
reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev);
std::cout << "Rule Id: " << std::to_string(ruleMessage->m_ruleId);
std::cout << " phase: " << std::to_string(ruleMessage->m_phase);
std::cout << std::endl;
if (ruleMessage->m_isDisruptive) {
std::cout << " * Disruptive action: ";
std::cout << modsecurity::RuleMessage::log(ruleMessage);
std::cout << std::endl;
std::cout << " ** %d is meant to be informed by the webserver.";
std::cout << std::endl;
} else {
std::cout << " * Match, but no disruptive action: ";
std::cout << modsecurity::RuleMessage::log(ruleMessage);
std::cout << std::endl;
}
}
int process_intervention(modsecurity::Transaction *transaction) {
modsecurity::ModSecurityIntervention intervention;
intervention.status = 200;
intervention.url = NULL;
intervention.log = NULL;
intervention.disruptive = 0;
if (msc_intervention(transaction, &intervention) == 0) {
return 0;
}
if (intervention.log == NULL) {
intervention.log = strdup("(no log message was specified)");
}
std::cout << "Log: " << intervention.log << std::endl;
free(intervention.log);
intervention.log = NULL;
if (intervention.url != NULL) {
std::cout << "Intervention, redirect to: " << intervention.url;
std::cout << " with status code: " << intervention.status << std::endl;
free(intervention.url);
intervention.url = NULL;
return intervention.status;
}
if (intervention.status != 200) {
std::cout << "Intervention, returning code: " << intervention.status;
std::cout << std::endl;
return intervention.status;
}
return 0;
}
int main(int argc, char **argv) {
modsecurity::ModSecurity *modsec;
modsecurity::RulesSet *rules;
if (argc < 2) {
std::cout << "Use " << *argv << " test-case-file.conf";
std::cout << std::endl << std::endl;
return -1;
}
char *rule = *(++argv);
std::string rules_arg(rule);
/**
* ModSecurity initial setup
*
*/
modsec = new modsecurity::ModSecurity();
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
" (ModSecurity test)");
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
| modsecurity::IncludeFullHighlightLogProperty);
/**
* loading the rules....
*
*/
rules = new modsecurity::RulesSet();
if (rules->loadFromUri(rules_arg.c_str()) < 0) {
std::cout << "Problems loading the rules..." << std::endl;
std::cout << rules->m_parserError.str() << std::endl;
return -1;
}
/**
* We are going to have a transaction
*
*/
modsecurity::Transaction *modsecTransaction = \
new modsecurity::Transaction(modsec, rules, NULL);
process_intervention(modsecTransaction);
/**
* Initial connection setup
*
*/
modsecTransaction->processConnection(ip, 12345, "127.0.0.1", 80);
process_intervention(modsecTransaction);
/**
* Finally we've got the URI
*
*/
modsecTransaction->processURI(request_uri, "GET", "1.1");
process_intervention(modsecTransaction);
/**
* Lets add our request headers.
*
*/
modsecTransaction->addRequestHeader("Host",
"net.tutsplus.com");
process_intervention(modsecTransaction);
/**
* No other reuqest header to add, let process it.
*
*/
modsecTransaction->processRequestHeaders();
process_intervention(modsecTransaction);
/**
* There is a request body to be informed...
*
*/
modsecTransaction->appendRequestBody(
(const unsigned char*)request_body_first,
strlen((const char*)request_body_first));
process_intervention(modsecTransaction);
modsecTransaction->appendRequestBody(
(const unsigned char*)request_body_second,
strlen((const char*)request_body_second));
process_intervention(modsecTransaction);
modsecTransaction->appendRequestBody(
(const unsigned char*)request_body_third,
strlen((const char*)request_body_third));
process_intervention(modsecTransaction);
/**
* Request body is there ;) lets process it.
*
*/
modsecTransaction->processRequestBody();
process_intervention(modsecTransaction);
/**
* The webserver is giving back the response headers.
*/
modsecTransaction->addResponseHeader("HTTP/1.1",
"200 OK");
process_intervention(modsecTransaction);
/**
* The response headers are filled in, lets process.
*
*/
modsecTransaction->processResponseHeaders(200, "HTTP 1.2");
process_intervention(modsecTransaction);
/**
* It is time to let modsec aware of the response body
*
*/
modsecTransaction->appendResponseBody(
(const unsigned char*)response_body_first,
strlen((const char*)response_body_first));
process_intervention(modsecTransaction);
modsecTransaction->appendResponseBody(
(const unsigned char*)response_body_second,
strlen((const char*)response_body_second));
process_intervention(modsecTransaction);
modsecTransaction->appendResponseBody(
(const unsigned char*)response_body_third,
strlen((const char*)response_body_third));
process_intervention(modsecTransaction);
/**
* Finally, lets have the response body processed.
*
*/
modsecTransaction->processResponseBody();
process_intervention(modsecTransaction);
/**
* Keeping track of everything: saving the logs.
*
*/
modsecTransaction->processLogging();
process_intervention(modsecTransaction);
/**
* cleanup.
*/
delete modsecTransaction;
delete rules;
delete modsec;
}

155
headers/modsecurity/actions/action.h Normal file
View File

@ -0,0 +1,155 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <memory>
#endif
#include "modsecurity/intervention.h"
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_actions.h"
#ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_
#define HEADERS_MODSECURITY_ACTIONS_ACTION_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
class RuleWithOperator;
namespace actions {
class Action {
public:
explicit Action(const std::string& _action)
: m_isNone(false),
temporaryAction(false),
action_kind(2),
m_name(nullptr),
m_parser_payload("") {
set_name_and_payload(_action);
}
explicit Action(const std::string& _action, int kind)
: m_isNone(false),
temporaryAction(false),
action_kind(kind),
m_name(nullptr),
m_parser_payload("") {
set_name_and_payload(_action);
}
Action(const Action &a)
: m_isNone(a.m_isNone),
temporaryAction(a.temporaryAction),
action_kind(a.action_kind),
m_name(a.m_name),
m_parser_payload(a.m_parser_payload) { }
Action &operator=(const Action& a) {
m_isNone = a.m_isNone;
temporaryAction = a.temporaryAction;
action_kind = a.action_kind;
m_name = a.m_name;
m_parser_payload = a.m_parser_payload;
return *this;
}
virtual ~Action() { }
virtual std::string evaluate(const std::string &exp,
Transaction *transaction);
virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> ruleMessage) {
return evaluate(rule, transaction);
}
virtual bool init(std::string *error) { return true; }
virtual bool isDisruptive() { return false; }
void set_name_and_payload(const std::string& data) {
size_t pos = data.find(":");
std::string t = "t:";
if (data.compare(0, t.length(), t) == 0) {
pos = data.find(":", 2);
}
if (pos == std::string::npos) {
m_name = std::shared_ptr<std::string>(new std::string(data));
return;
}
m_name = std::shared_ptr<std::string>(new std::string(data, 0, pos));
m_parser_payload = std::string(data, pos + 1, data.length());
if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) {
m_parser_payload.erase(0, 1);
m_parser_payload.pop_back();
}
}
bool m_isNone;
bool temporaryAction;
int action_kind;
std::shared_ptr<std::string> m_name;
std::string m_parser_payload;
/**
*
* Define the action kind regarding to the execution time.
*
*
*/
enum Kind {
/**
*
* Action that are executed while loading the configuration. For instance
* the rule ID or the rule phase.
*
*/
ConfigurationKind,
/**
*
* Those are actions that demands to be executed before call the operator.
* For instance the tranformations.
*
*
*/
RunTimeBeforeMatchAttemptKind,
/**
*
* Actions that are executed after the execution of the operator, only if
* the operator returned Match (or True). For instance the disruptive
* actions.
*
*/
RunTimeOnlyIfMatchKind,
};
};
} // namespace actions
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ACTIONS_ACTION_H_

113
headers/modsecurity/anchored_set_variable.h Normal file
View File

@ -0,0 +1,113 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <list>
#include <map>
#include <sstream>
#include <string>
#include <unordered_map>
#include <utility>
#include <vector>
#include <algorithm>
#include <memory>
#endif
#include "modsecurity/variable_value.h"
#ifndef HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_
#define HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
namespace Utils {
class Regex;
}
namespace variables {
class KeyExclusions;
}
struct MyEqual {
bool operator()(const std::string& Left, const std::string& Right) const {
return Left.size() == Right.size()
&& std::equal(Left.begin(), Left.end(), Right.begin(),
[](char a, char b) {
return tolower(a) == tolower(b);
});
}
};
struct MyHash{
size_t operator()(const std::string& Keyval) const {
// You might need a better hash function than this
size_t h = 0;
std::for_each(Keyval.begin(), Keyval.end(), [&](char c) {
h += tolower(c);
});
return h;
}
};
class AnchoredSetVariable : public std::unordered_multimap<std::string,
VariableValue *, MyHash, MyEqual> {
public:
AnchoredSetVariable(Transaction *t, const std::string &name);
~AnchoredSetVariable();
void unset();
void set(const std::string &key, const std::string &value,
size_t offset);
void set(const std::string &key, const std::string &value,
size_t offset, size_t len);
void setCopy(std::string key, std::string value, size_t offset);
void resolve(std::vector<const VariableValue *> *l);
void resolve(std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke);
void resolve(const std::string &key,
std::vector<const VariableValue *> *l);
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l);
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke);
std::unique_ptr<std::string> resolveFirst(const std::string &key);
Transaction *m_transaction;
std::string m_name;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_

126
headers/modsecurity/anchored_set_variable_translation_proxy.h Normal file
View File

@ -0,0 +1,126 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#include <algorithm>
#include <memory>
#include <functional>
#include <iostream>
#endif
#include "modsecurity/variable_value.h"
#include "modsecurity/anchored_set_variable.h"
#ifndef HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
#define HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
#ifdef __cplusplus
namespace modsecurity {
class AnchoredSetVariableTranslationProxy {
public:
AnchoredSetVariableTranslationProxy(
const std::string &name,
AnchoredSetVariable *fount)
: m_name(name),
m_fount(fount)
{
m_translate = [](std::string *name, std::vector<const VariableValue *> *l) {
for (int i = 0; i < l->size(); ++i) {
VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey());
const VariableValue *oldVariableValue = l->at(i);
l->at(i) = newVariableValue;
for (auto &oldOrigin : oldVariableValue->getOrigin()) {
std::unique_ptr<VariableOrigin> newOrigin(new VariableOrigin);
newOrigin->m_length = oldVariableValue->getKey().size();
newOrigin->m_offset = oldOrigin->m_offset - oldVariableValue->getKey().size() - 1;
newVariableValue->addOrigin(std::move(newOrigin));
}
delete oldVariableValue;
}
};
}
virtual ~AnchoredSetVariableTranslationProxy()
{ }
void resolve(std::vector<const VariableValue *> *l) {
m_fount->resolve(l);
m_translate(&m_name, l);
}
void resolve(std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
m_fount->resolve(l, ke);
m_translate(&m_name, l);
}
void resolve(const std::string &key,
std::vector<const VariableValue *> *l) {
m_fount->resolve(key, l);
m_translate(&m_name, l);
};
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l) {
m_fount->resolveRegularExpression(r, l);
m_translate(&m_name, l);
};
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
m_fount->resolveRegularExpression(r, l, ke);
m_translate(&m_name, l);
};
std::unique_ptr<std::string> resolveFirst(const std::string &key) {
std::vector<const VariableValue *> l;
resolve(&l);
if (l.empty()) {
return nullptr;
}
std::unique_ptr<std::string> ret(new std::string(""));
ret->assign(l.at(0)->getValue());
while (!l.empty()) {
auto &a = l.back();
l.pop_back();
delete a;
}
return ret;
}
std::string m_name;
private:
AnchoredSetVariable *m_fount;
std::function<void(std::string *name, std::vector<const VariableValue *> *l)> m_translate;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_

87
headers/modsecurity/anchored_variable.h Normal file
View File

@ -0,0 +1,87 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <list>
#include <map>
#include <sstream>
#include <string>
#include <unordered_map>
#include <utility>
#include <vector>
#include <memory>
#endif
#include "modsecurity/variable_value.h"
#ifndef HEADERS_MODSECURITY_ANCHORED_VARIABLE_H_
#define HEADERS_MODSECURITY_ANCHORED_VARIABLE_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
class AnchoredVariable {
public:
AnchoredVariable(Transaction* t, const std::string &name);
AnchoredVariable(const AnchoredVariable &a) = delete;
AnchoredVariable &operator= (const AnchoredVariable &a) = delete;
/*
: m_transaction(a.m_transaction),
m_offset(a.m_offset),
m_name(a.m_name),
m_value(a.m_value),
m_var(a.m_var) { }
*/
~AnchoredVariable();
void unset();
void set(const std::string &a, size_t offset);
void set(const std::string &a, size_t offset, size_t offsetLen);
void append(const std::string &a, size_t offset,
bool spaceSeparator = false);
void append(const std::string &a, size_t offset,
bool spaceSeparator, int size);
void evaluate(std::vector<const VariableValue *> *l);
std::string * evaluate();
std::unique_ptr<std::string> resolveFirst();
Transaction *m_transaction;
int m_offset;
std::string m_name;
std::string m_value;
private:
VariableValue *m_var;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ANCHORED_VARIABLE_H_

217
headers/modsecurity/audit_log.h Normal file
View File

@ -0,0 +1,217 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <iostream>
#include <fstream>
#include <string>
#endif
#ifndef HEADERS_MODSECURITY_AUDIT_LOG_H_
#define HEADERS_MODSECURITY_AUDIT_LOG_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
namespace audit_log {
namespace writer {
class Writer;
}
/** @ingroup ModSecurity_CPP_API */
class AuditLog {
public:
AuditLog();
virtual ~AuditLog();
AuditLog(const AuditLog &a) = delete;
enum AuditLogType {
NotSetAuditLogType,
SerialAuditLogType,
ParallelAuditLogType,
HttpsAuditLogType
};
enum AuditLogStatus {
NotSetLogStatus,
OnAuditLogStatus,
OffAuditLogStatus,
RelevantOnlyAuditLogStatus
};
enum AuditLogFormat {
NotSetAuditLogFormat,
JSONAuditLogFormat,
NativeAuditLogFormat
};
enum AuditLogParts {
/**
* Audit log header (mandatory).
*
*/
AAuditLogPart = 2,
/**
* Request headers.
*
*/
BAuditLogPart = 4,
/**
* Request body (present only if the request body exists and ModSecurity
* is configured to intercept it).
*
*/
CAuditLogPart = 8,
/**
* Reserved for intermediary response headers; not implemented yet.
*
*/
DAuditLogPart = 16,
/**
* Intermediary response body (present only if ModSecurity is configured
* to intercept response bodies, and if the audit log engine is
* configured to record it). Intermediary response body is the same as the
* actual response body unless ModSecurity intercepts the intermediary
* response body, in which case the actual response body will contain the
* error message (either the Apache default error message, or the
* ErrorDocument page).
*
*/
EAuditLogPart = 32,
/**
* Final response headers (excluding the Date and Server headers, which
* are always added by Apache in the late stage of content delivery).
*
*/
FAuditLogPart = 64,
/**
* Reserved for the actual response body; not implemented yet.
*
*/
GAuditLogPart = 128,
/**
* Audit log trailer.
*
*/
HAuditLogPart = 256,
/**
* This part is a replacement for part C. It will log the same data as C
* in all cases except when multipart/form-data encoding in used. In this
* case, it will log a fake application/x-www-form-urlencoded body that
* contains the information about parameters but not about the files. This
* is handy if you dont want to have (often large) files stored in your
* audit logs.
*
*/
IAuditLogPart = 512,
/**
* This part contains information about the files uploaded using
* multipart/form-data encoding.
*/
JAuditLogPart = 1024,
/**
* This part contains a full list of every rule that matched (one per
* line) in the order they were matched. The rules are fully qualified and
* will thus show inherited actions and default operators. Supported as of
* v2.5.0.
*
*/
KAuditLogPart = 2048,
/**
* Final boundary, signifies the end of the entry (mandatory).
*
*/
ZAuditLogPart = 4096
};
bool setStorageDirMode(int permission);
bool setFileMode(int permission);
bool setStatus(AuditLogStatus new_status);
bool setRelevantStatus(const std::basic_string<char>& new_relevant_status);
bool setFilePath1(const std::basic_string<char>& path);
bool setFilePath2(const std::basic_string<char>& path);
bool setStorageDir(const std::basic_string<char>& path);
bool setFormat(AuditLogFormat fmt);
int getDirectoryPermission() const;
int getFilePermission() const;
int getParts() const;
bool setParts(const std::basic_string<char>& new_parts);
bool setType(AuditLogType audit_type);
bool init(std::string *error);
virtual bool close();
bool saveIfRelevant(Transaction *transaction);
bool saveIfRelevant(Transaction *transaction, int parts);
bool isRelevant(int status);
static int addParts(int parts, const std::string& new_parts);
static int removeParts(int parts, const std::string& new_parts);
void setCtlAuditEngineActive() {
m_ctlAuditEngineActive = true;
}
bool merge(AuditLog *from, std::string *error);
std::string m_path1;
std::string m_path2;
std::string m_storage_dir;
AuditLogFormat m_format;
protected:
int m_parts;
int m_defaultParts = AAuditLogPart | BAuditLogPart | CAuditLogPart
| FAuditLogPart | HAuditLogPart | ZAuditLogPart;
int m_filePermission;
int m_defaultFilePermission = 0640;
int m_directoryPermission;
int m_defaultDirectoryPermission = 0750;
private:
AuditLogStatus m_status;
AuditLogType m_type;
std::string m_relevant;
audit_log::writer::Writer *m_writer;
bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
};
} // namespace audit_log
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_AUDIT_LOG_H_

205
headers/modsecurity/collection/collection.h Normal file
View File

@ -0,0 +1,205 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <unordered_map>
#include <list>
#include <vector>
#include <algorithm>
#include <memory>
#endif
#include "modsecurity/variable_value.h"
#ifndef HEADERS_MODSECURITY_COLLECTION_COLLECTION_H_
#define HEADERS_MODSECURITY_COLLECTION_COLLECTION_H_
#ifndef __cplusplus
typedef struct Variable_t Variables;
#endif
#ifdef __cplusplus
namespace modsecurity {
namespace variables {
class KeyExclusions;
}
namespace collection {
class Collection {
public:
explicit Collection(const std::string &a) : m_name(a) { }
virtual ~Collection() { }
virtual void store(std::string key, std::string value) = 0;
virtual bool storeOrUpdateFirst(const std::string &key,
const std::string &value) = 0;
virtual bool updateFirst(const std::string &key,
const std::string &value) = 0;
virtual void del(const std::string& key) = 0;
virtual std::unique_ptr<std::string> resolveFirst(
const std::string& var) = 0;
virtual void resolveSingleMatch(const std::string& var,
std::vector<const VariableValue *> *l) = 0;
virtual void resolveMultiMatches(const std::string& var,
std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) = 0;
virtual void resolveRegularExpression(const std::string& var,
std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) = 0;
/* store */
virtual void store(std::string key, std::string compartment,
std::string value) {
std::string nkey = compartment + "::" + key;
store(nkey, value);
}
virtual void store(std::string key, std::string compartment,
std::string compartment2, std::string value) {
std::string nkey = compartment + "::" + compartment2 + "::" + key;
store(nkey, value);
}
/* storeOrUpdateFirst */
virtual bool storeOrUpdateFirst(const std::string &key,
std::string compartment, const std::string &value) {
std::string nkey = compartment + "::" + key;
return storeOrUpdateFirst(nkey, value);
}
virtual bool storeOrUpdateFirst(const std::string &key,
std::string compartment, std::string compartment2,
const std::string &value) {
std::string nkey = compartment + "::" + compartment2 + "::" + key;
return storeOrUpdateFirst(nkey, value);
}
/* updateFirst */
virtual bool updateFirst(const std::string &key, std::string compartment,
const std::string &value) {
std::string nkey = compartment + "::" + key;
return updateFirst(nkey, value);
}
virtual bool updateFirst(const std::string &key, std::string compartment,
std::string compartment2, const std::string &value) {
std::string nkey = compartment + "::" + compartment2 + "::" + key;
return updateFirst(nkey, value);
}
/* del */
virtual void del(const std::string& key, std::string compartment) {
std::string nkey = compartment + "::" + key;
del(nkey);
}
virtual void del(const std::string& key, std::string compartment,
std::string compartment2) {
std::string nkey = compartment + "::" + compartment2 + "::" + key;
del(nkey);
}
/* resolveFirst */
virtual std::unique_ptr<std::string> resolveFirst(const std::string& var,
std::string compartment) {
std::string nkey = compartment + "::" + var;
return resolveFirst(nkey);
}
virtual std::unique_ptr<std::string> resolveFirst(const std::string& var,
std::string compartment, std::string compartment2) {
std::string nkey = compartment + "::" + compartment2 + "::" + var;
return resolveFirst(nkey);
}
/* resolveSingleMatch */
virtual void resolveSingleMatch(const std::string& var,
std::string compartment, std::vector<const VariableValue *> *l) {
std::string nkey = compartment + "::" + var;
resolveSingleMatch(nkey, l);
}
virtual void resolveSingleMatch(const std::string& var,
std::string compartment, std::string compartment2,
std::vector<const VariableValue *> *l) {
std::string nkey = compartment + "::" + compartment2 + "::" + var;
resolveSingleMatch(nkey, l);
}
/* resolveMultiMatches */
virtual void resolveMultiMatches(const std::string& var,
std::string compartment, std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + var;
resolveMultiMatches(nkey, l, ke);
}
virtual void resolveMultiMatches(const std::string& var,
std::string compartment, std::string compartment2,
std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + compartment2 + "::" + var;
resolveMultiMatches(nkey, l, ke);
}
/* resolveRegularExpression */
virtual void resolveRegularExpression(const std::string& var,
std::string compartment, std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + var;
resolveRegularExpression(nkey, l, ke);
}
virtual void resolveRegularExpression(const std::string& var,
std::string compartment, std::string compartment2,
std::vector<const VariableValue *> *l, variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + compartment2 + "::" + var;
resolveRegularExpression(nkey, l, ke);
}
std::string m_name;
};
} // namespace collection
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_COLLECTION_COLLECTION_H_

76
headers/modsecurity/collection/collections.h Normal file
View File

@ -0,0 +1,76 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <unordered_map>
#include <fstream>
#include <vector>
#include <iomanip>
#include <set>
#include <cstdio>
#include <string>
#include <list>
#include <memory>
#endif
#include "modsecurity/collection/collection.h"
#include "modsecurity/variable_value.h"
#ifndef HEADERS_MODSECURITY_COLLECTION_COLLECTIONS_H_
#define HEADERS_MODSECURITY_COLLECTION_COLLECTIONS_H_
#ifndef __cplusplus
typedef struct Collections_t Collections;
#endif
#ifdef __cplusplus
namespace modsecurity {
namespace collection {
class Collections {
public:
Collections(Collection *global, Collection *ip, Collection *session,
Collection *user, Collection *resource);
~Collections();
Collections(const Collections &c) = delete;
Collections& operator =(const Collections &c) = delete;
std::string m_global_collection_key;
std::string m_ip_collection_key;
std::string m_session_collection_key;
std::string m_user_collection_key;
std::string m_resource_collection_key;
Collection *m_global_collection;
Collection *m_ip_collection;
Collection *m_session_collection;
Collection *m_user_collection;
Collection *m_resource_collection;
Collection *m_tx_collection;
};
} // namespace collection
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_COLLECTION_COLLECTIONS_H_

63
headers/modsecurity/debug_log.h Normal file
View File

@ -0,0 +1,63 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#endif
#ifndef HEADERS_MODSECURITY_DEBUG_LOG_H_
#define HEADERS_MODSECURITY_DEBUG_LOG_H_
#ifndef __cplusplus
typedef struct DebugLog_t DebugLog;
#endif
#ifdef __cplusplus
namespace modsecurity {
namespace debug_log {
/** @ingroup ModSecurity_CPP_API */
class DebugLog {
public:
DebugLog()
: m_debugLevel(-1),
m_fileName("") { }
virtual ~DebugLog();
virtual void write(int level, const std::string &msg);
virtual void write(int level, const std::string &id,
const std::string &uri, const std::string &msg);
virtual bool isLogFileSet();
virtual bool isLogLevelSet();
virtual void setDebugLogLevel(int level);
virtual void setDebugLogFile(const std::string &fileName, std::string *error);
virtual const std::string& getDebugLogFile();
virtual int getDebugLogLevel();
int m_debugLevel;
private:
std::string m_fileName;
};
} // namespace debug_log
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_DEBUG_LOG_H_

71
headers/modsecurity/intervention.h Normal file
View File

@ -0,0 +1,71 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifndef HEADERS_MODSECURITY_INTERVENTION_H_
#define HEADERS_MODSECURITY_INTERVENTION_H_
#ifdef __cplusplus
namespace modsecurity {
#endif
typedef struct ModSecurityIntervention_t {
int status;
int pause;
char *url;
char *log;
int disruptive;
} ModSecurityIntervention;
#ifdef __cplusplus
namespace intervention {
static void reset(ModSecurityIntervention_t *i) {
i->status = 200;
i->pause = 0;
i->disruptive = 0;
}
static void clean(ModSecurityIntervention_t *i) {
i->url = NULL;
i->log = NULL;
reset(i);
}
static void freeUrl(ModSecurityIntervention_t *i) {
if (i->url) {
free(i->url);
i->url = NULL;
}
}
static void freeLog(ModSecurityIntervention_t *i) {
if (i->log) {
free(i->log);
i->log = NULL;
}
}
static void free(ModSecurityIntervention_t *i) {
freeUrl(i);
freeLog(i);
}
} // namespace intervention
#endif
#ifdef __cplusplus
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_INTERVENTION_H_

340
headers/modsecurity/modsecurity.h Normal file
View File

@ -0,0 +1,340 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2023 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
/** @file modsecurity.h Main ModSecurity header file */
/** @mainpage ModSecurity - open source, cross platform web application firewall
*
* Example Usage:
* @code
*
* using ModSecurity::ModSecurity;
* using ModSecurity::Rules;
* using ModSecurity::Transaction;
*
* ModSecurity *modsec;
* ModSecurity::Rules *rules;
*
* modsec = new ModSecurity();
* rules = new Rules();
* rules->loadFromUri(rules_file);
*
* Transaction *modsecTransaction = new Transaction(modsec, rules);
* modsecTransaction->processConnection("127.0.0.1");
*
* if (modsecTransaction->intervention()) {
* std::cout << "There is an intervention" << std::endl;
* }
*
* ...
*
* @endcode
*
*/
/**
* @defgroup ModSecurity_C_API ModSecurity C API
*
* This is the ModSecurity C API description
*
* At this page you can get information on how the extend your C
* application, by embedding ModSecurity.
*
*/
/**
* @defgroup ModSecurity_CPP_API ModSecurity CPP API
*
* This is the ModSecurity CPP API description.
*
* At this page you can get information on how the extend your CPP
* application, by embedding ModSecurity.
*
*/
/**
* @defgroup ModSecurity_Operator ModSecurity Operators
*
* SecLanguage operator
*/
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <memory>
#endif
#ifndef HEADERS_MODSECURITY_MODSECURITY_H_
#define HEADERS_MODSECURITY_MODSECURITY_H_
#ifndef __cplusplus
typedef struct ModSecurity_t modsecurity;
#else
namespace modsecurity {
/**
*
* The Phases enumerator consists in mapping the different stages of a
* given request. ModSecurity is expected to inspect data based on those
* "phases". If your module/application use this in a different order, it
* will lead ModSecurity to act in an unexpected behavior.
*
* It is mandatory to call all the phases, even if you don't have this
* phases segmented in your end.
*
*/
enum Phases {
/**
*
* The connection is the very first information that ModSecurity can
* inspect. It is expected to happens before the virtual host name be
* resolved. This phase is expected to happen immediately after a
* connection is established.
*
*/
ConnectionPhase,
/**
*
* The "URI" phase happens just after the web server (or any other
* application that you may use with ModSecurity) have the acknowledgement
* of the full request URI.
*
*/
UriPhase,
/**
*
* The "RequestHeaders" phase happens when the server has all the
* information about the headers. Notice however, that it is expected to
* happen prior to the reception of the request body (if any).
*
*/
RequestHeadersPhase,
/**
*
* At the "RequestHeaders" phase, ModSecurity is expected to inspect the
* content of a request body, that does not happens when the server has all
* the content but prior to that, when the body transmission started.
* ModSecurity can ask the webserver to block (or make any other disruptive
* action) while the client is still transmitting the data.
*
*/
RequestBodyPhase,
/**
*
* The "ResponseHeaders" happens just before all the response headers are
* ready to be delivery to the client.
*
*/
ResponseHeadersPhase,
/**
*
* Same as "RequestBody" the "ResponseBody" phase perform a stream
* inspection which may result in a disruptive action.
*
*/
ResponseBodyPhase,
/**
*
* The last phase is the logging phase. At this phase ModSecurity will
* generate the internal logs, there is no need to hold the request at
* this point as this phase does not produce any kind of action.
*
*/
LoggingPhase,
/**
* Just a marking for the expected number of phases.
*
*/
NUMBER_OF_PHASES,
};
} // namespace modsecurity
#endif
#include "modsecurity/intervention.h"
#include "modsecurity/transaction.h"
#include "modsecurity/debug_log.h"
/**
* TAG_NUM:
*
* Alpha - 001
* Beta - 002
* Dev - 010
* Rc1 - 051
* Rc2 - 052
* ... - ...
* Release- 100
*
*/
#define MODSECURITY_MAJOR "3"
#define MODSECURITY_MINOR "0"
#define MODSECURITY_PATCHLEVEL "9"
#define MODSECURITY_TAG ""
#define MODSECURITY_TAG_NUM "100"
#define MODSECURITY_VERSION MODSECURITY_MAJOR "." \
MODSECURITY_MINOR "." MODSECURITY_PATCHLEVEL \
MODSECURITY_TAG
#define MODSECURITY_VERSION_NUM 3090100
#define MODSECURITY_CHECK_VERSION(a) (MODSECURITY_VERSION_NUM <= a)
/*
* @name ModSecLogCb
* @brief Callback to be function on every log generation
*
*
* The callback is going to be called on every log request.
*
*
* void * Internal reference to be used by the API consumer. Whatever
* is set here will be passed on every call.
* void * Pointer to a const char * or RuleMessage class. The returned
* data is selected on the log register property.
*
* @note Vide LogProperty enum to learn more about Log Properties.
*
*/
typedef void (*ModSecLogCb) (void *, const void *);
#ifdef __cplusplus
namespace modsecurity {
/* few forwarded declarations */
namespace actions {
class Action;
}
class RuleWithOperator;
#ifdef __cplusplus
extern "C" {
#endif
/**
*
* Properties used to configure the general log callback.
*
*/
enum LogProperty {
/**
*
* Original ModSecurity text log entry. The same entry that can be found
* within the Apache error_log (in the 2.x family)
*
*/
TextLogProperty = 1,
/**
*
* Instead of return the text log entry an instance of the class
* RuleMessages is returned.
*
*/
RuleMessageLogProperty = 2,
/**
* This property only makes sense with the utilization of the
* RuleMessageLogProperty. Without this property set the RuleMessage
* structure will not be filled with the information of the hightlight.
*
* Notice that the highlight can be calculate post-analisys. Calculate it
* during the analisys may delay the analisys process.
*
*/
IncludeFullHighlightLogProperty = 4,
};
#ifdef __cplusplus
}
#endif
/** @ingroup ModSecurity_CPP_API */
class ModSecurity {
public:
ModSecurity();
~ModSecurity();
ModSecurity(const ModSecurity &m) = delete;
ModSecurity& operator= (const ModSecurity &m) = delete;
const std::string& whoAmI();
void setConnectorInformation(const std::string &connector);
void setServerLogCb(ModSecLogCb cb);
/**
*
* properties Properties to inform ModSecurity what kind of infornation
* is expected be returned.
*
*/
void setServerLogCb(ModSecLogCb cb, int properties);
void serverLog(void *data, std::shared_ptr<RuleMessage> rm);
const std::string& getConnectorInformation() const;
static int processContentOffset(const char *content, size_t len,
const char *matchString, std::string *json, const char **err);
collection::Collection *m_global_collection;
collection::Collection *m_resource_collection;
collection::Collection *m_ip_collection;
collection::Collection *m_session_collection;
collection::Collection *m_user_collection;
private:
std::string m_connector;
std::string m_whoami;
ModSecLogCb m_logCb;
int m_logProperties;
};
#endif
#ifdef __cplusplus
extern "C" {
#endif
/** @ingroup ModSecurity_C_API */
ModSecurity *msc_init(void);
/** @ingroup ModSecurity_C_API */
const char *msc_who_am_i(ModSecurity *msc);
/** @ingroup ModSecurity_C_API */
void msc_set_connector_info(ModSecurity *msc, const char *connector);
/** @ingroup ModSecurity_C_API */
void msc_set_log_cb(ModSecurity *msc, ModSecLogCb cb);
/** @ingroup ModSecurity_C_API */
void msc_cleanup(ModSecurity *msc);
#ifdef __cplusplus
}
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_MODSECURITY_H_

129
headers/modsecurity/rule.h Normal file
View File

@ -0,0 +1,129 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_H_
#define HEADERS_MODSECURITY_RULE_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#ifdef __cplusplus
namespace modsecurity {
namespace variables {
class Variable;
class Variables;
}
namespace actions {
class Action;
class Severity;
class LogData;
class Msg;
class Rev;
class SetVar;
class Tag;
namespace transformations {
class Transformation;
}
}
namespace operators {
class Operator;
}
using TransformationResult = std::pair<std::shared_ptr<std::string>,
std::shared_ptr<std::string>>;
using TransformationResults = std::list<TransformationResult>;
using Transformation = actions::transformations::Transformation;
using Transformations = std::vector<Transformation *>;
using Actions = std::vector<actions::Action *>;
using Tags = std::vector<actions::Tag *>;
using SetVars = std::vector<actions::SetVar *>;
using MatchActions = std::vector<actions::Action *>;
class Rule {
public:
Rule(std::unique_ptr<std::string> fileName, int lineNumber)
: m_fileName(std::make_shared<std::string>(*fileName)),
m_lineNumber(lineNumber),
m_phase(modsecurity::Phases::RequestHeadersPhase) {
}
Rule(const Rule &other) :
m_fileName(other.m_fileName),
m_lineNumber(other.m_lineNumber),
m_phase(other.m_phase)
{ }
Rule &operator=(const Rule& other) {
m_fileName = other.m_fileName;
m_lineNumber = other.m_lineNumber;
m_phase = other.m_phase;
return *this;
}
virtual ~Rule() {}
virtual bool evaluate(Transaction *transaction) = 0;
virtual bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm) = 0;
std::shared_ptr<std::string> getFileName() const {
return m_fileName;
}
int getLineNumber() const {
return m_lineNumber;
}
int getPhase() const { return m_phase; }
void setPhase(int phase) { m_phase = phase; }
virtual std::string getReference() {
if (m_fileName) {
return *m_fileName + ":" + std::to_string(m_lineNumber);
}
return "<<no file>>:" + std::to_string(m_lineNumber);
}
virtual bool isMarker() { return false; }
private:
std::shared_ptr<std::string> m_fileName;
int m_lineNumber;
// FIXME: phase may not be neede to SecMarker.
int m_phase;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_H_

91
headers/modsecurity/rule_marker.h Normal file
View File

@ -0,0 +1,91 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_MARKER_H_
#define HEADERS_MODSECURITY_RULE_MARKER_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleMarker : public Rule {
public:
RuleMarker(
const std::string &name,
std::unique_ptr<std::string> fileName,
int lineNumber)
: Rule(std::move(fileName), lineNumber),
m_name(std::make_shared<std::string>(name)) { }
RuleMarker(const RuleMarker& r) :
Rule(r),
m_name(r.m_name)
{ }
RuleMarker &operator =(const RuleMarker& r) {
Rule::operator = (r);
m_name = r.m_name;
return *this;
}
virtual bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override {
return evaluate(transaction);
}
virtual bool evaluate(Transaction *transaction) override {
if (transaction->isInsideAMarker()) {
if (*transaction->getCurrentMarker() == *m_name) {
transaction->removeMarker();
// FIXME: Move this to .cc
// ms_dbg_a(transaction, 4, "Out of a SecMarker " + *m_name);
}
}
return true;
};
std::shared_ptr<std::string> getName() {
return m_name;
}
bool isMarker() override { return true; }
private:
std::shared_ptr<std::string> m_name;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_MARKER_H_

216
headers/modsecurity/rule_message.h Normal file
View File

@ -0,0 +1,216 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <cstring>
#endif
#ifndef HEADERS_MODSECURITY_RULE_MESSAGE_H_
#define HEADERS_MODSECURITY_RULE_MESSAGE_H_
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_operator.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleMessage {
public:
enum LogMessageInfo {
ErrorLogTailLogMessageInfo = 2,
ClientLogMessageInfo = 4
};
/**
*
* FIXME: RuleMessage is currently too big, doing a lot of
* unnecessary data duplication. Needs to be shrink down.
*
*/
RuleMessage(RuleWithActions *rule, Transaction *trans) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(trans->m_clientIpAddress),
m_data(""),
m_id(trans->m_id),
m_isDisruptive(false),
m_match(""),
m_maturity(rule->m_maturity),
m_message(""),
m_noAuditLog(false),
m_phase(rule->getPhase() - 1),
m_reference(""),
m_rev(rule->m_rev),
m_rule(rule),
m_ruleFile(rule->getFileName()),
m_ruleId(rule->m_ruleId),
m_ruleLine(rule->getLineNumber()),
m_saveMessage(true),
m_serverIpAddress(trans->m_serverIpAddress),
m_severity(0),
m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded),
m_ver(rule->m_ver),
m_tags()
{ }
explicit RuleMessage(RuleMessage *rule) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(rule->m_clientIpAddress),
m_data(rule->m_data),
m_id(rule->m_id),
m_isDisruptive(rule->m_isDisruptive),
m_match(rule->m_match),
m_maturity(rule->m_maturity),
m_message(rule->m_message),
m_noAuditLog(rule->m_noAuditLog),
m_phase(rule->m_phase),
m_reference(rule->m_reference),
m_rev(rule->m_rev),
m_rule(rule->m_rule),
m_ruleFile(rule->m_ruleFile),
m_ruleId(rule->m_ruleId),
m_ruleLine(rule->m_ruleLine),
m_saveMessage(rule->m_saveMessage),
m_serverIpAddress(rule->m_serverIpAddress),
m_severity(rule->m_severity),
m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
m_ver(rule->m_ver),
m_tags(rule->m_tags)
{ }
RuleMessage(const RuleMessage& ruleMessage)
: m_accuracy(ruleMessage.m_accuracy),
m_clientIpAddress(ruleMessage.m_clientIpAddress),
m_data(ruleMessage.m_data),
m_id(ruleMessage.m_id),
m_isDisruptive(ruleMessage.m_isDisruptive),
m_match(ruleMessage.m_match),
m_maturity(ruleMessage.m_maturity),
m_message(ruleMessage.m_message),
m_noAuditLog(ruleMessage.m_noAuditLog),
m_phase(ruleMessage.m_phase),
m_reference(ruleMessage.m_reference),
m_rev(ruleMessage.m_rev),
m_rule(ruleMessage.m_rule),
m_ruleFile(ruleMessage.m_ruleFile),
m_ruleId(ruleMessage.m_ruleId),
m_ruleLine(ruleMessage.m_ruleLine),
m_saveMessage(ruleMessage.m_saveMessage),
m_serverIpAddress(ruleMessage.m_serverIpAddress),
m_severity(ruleMessage.m_severity),
m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded),
m_ver(ruleMessage.m_ver),
m_tags(ruleMessage.m_tags)
{ }
RuleMessage &operator=(const RuleMessage& ruleMessage) {
m_accuracy = ruleMessage.m_accuracy;
m_clientIpAddress = ruleMessage.m_clientIpAddress;
m_data = ruleMessage.m_data;
m_id = ruleMessage.m_id;
m_isDisruptive = ruleMessage.m_isDisruptive;
m_match = ruleMessage.m_match;
m_maturity = ruleMessage.m_maturity;
m_message = ruleMessage.m_message;
m_noAuditLog = ruleMessage.m_noAuditLog;
m_phase = ruleMessage.m_phase;
m_reference = ruleMessage.m_reference;
m_rev = ruleMessage.m_rev;
m_rule = ruleMessage.m_rule;
m_ruleFile = ruleMessage.m_ruleFile;
m_ruleId = ruleMessage.m_ruleId;
m_ruleLine = ruleMessage.m_ruleLine;
m_saveMessage = ruleMessage.m_saveMessage;
m_serverIpAddress = ruleMessage.m_serverIpAddress;
m_severity = ruleMessage.m_severity;
m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded;
m_ver = ruleMessage.m_ver;
m_tags = ruleMessage.m_tags;
return *this;
}
void clean() {
m_data = "";
m_match = "";
m_isDisruptive = false;
m_reference = "";
m_severity = 0;
m_ver = "";
}
std::string log() {
return log(this, 0);
}
std::string log(int props) {
return log(this, props);
}
std::string log(int props, int responseCode) {
return log(this, props, responseCode);
}
std::string errorLog() {
return log(this,
ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
}
static std::string log(const RuleMessage *rm, int props, int code);
static std::string log(const RuleMessage *rm, int props) {
return log(rm, props, -1);
}
static std::string log(const RuleMessage *rm) {
return log(rm, 0);
}
static std::string _details(const RuleMessage *rm);
static std::string _errorLogTail(const RuleMessage *rm);
int m_accuracy;
std::shared_ptr<std::string> m_clientIpAddress;
std::string m_data;
std::shared_ptr<std::string> m_id;
bool m_isDisruptive;
std::string m_match;
int m_maturity;
std::string m_message;
bool m_noAuditLog;
int m_phase;
std::string m_reference;
std::string m_rev;
RuleWithActions *m_rule;
std::shared_ptr<std::string> m_ruleFile;
int m_ruleId;
int m_ruleLine;
bool m_saveMessage;
std::shared_ptr<std::string> m_serverIpAddress;
int m_severity;
std::shared_ptr<std::string> m_uriNoQueryStringDecoded;
std::string m_ver;
std::list<std::string> m_tags;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_MESSAGE_H_

68
headers/modsecurity/rule_unconditional.h Normal file
View File

@ -0,0 +1,68 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
#define HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/rule_with_actions.h"
#include "modsecurity/actions/action.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleUnconditional : public RuleWithActions {
public:
RuleUnconditional(
std::vector<actions::Action *> *actions,
Transformations *transformations,
std::unique_ptr<std::string> fileName,
int lineNumber)
: RuleWithActions(actions, transformations, std::move(fileName), lineNumber) { }
RuleUnconditional(const RuleUnconditional& r)
: RuleWithActions(r)
{ }
RuleUnconditional &operator=(const RuleUnconditional& r) {
RuleWithActions::operator = (r);
return *this;
}
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
private:
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_

191
headers/modsecurity/rule_with_actions.h Normal file
View File

@ -0,0 +1,191 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
#define HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithActions : public Rule {
public:
RuleWithActions(
Actions *a,
Transformations *t,
std::unique_ptr<std::string> fileName,
int lineNumber);
~RuleWithActions();
RuleWithActions(const RuleWithActions& r)
: Rule(r),
m_rev(r.m_rev),
m_ver(r.m_ver),
m_accuracy(r.m_accuracy),
m_maturity(r.m_maturity),
m_ruleId(r.m_ruleId),
m_chainedRuleChild(r.m_chainedRuleChild),
m_chainedRuleParent(r.m_chainedRuleParent),
m_disruptiveAction(r.m_disruptiveAction),
m_logData(r.m_logData),
m_msg(r.m_msg),
m_severity(r.m_severity),
m_actionsRuntimePos(r.m_actionsRuntimePos),
m_actionsSetVar(r.m_actionsSetVar),
m_actionsTag(r.m_actionsTag),
m_transformations(r.m_transformations),
m_containsCaptureAction(r.m_containsCaptureAction),
m_containsMultiMatchAction(r.m_containsMultiMatchAction),
m_containsStaticBlockAction(r.m_containsStaticBlockAction),
m_isChained(r.m_isChained)
{ }
RuleWithActions &operator=(const RuleWithActions& r) {
Rule::operator = (r);
m_rev = r.m_rev;
m_ver = r.m_ver;
m_accuracy = r.m_accuracy;
m_maturity = r.m_maturity;
m_ruleId = r.m_ruleId;
m_chainedRuleChild = r.m_chainedRuleChild;
m_chainedRuleParent = r.m_chainedRuleParent;
m_disruptiveAction = r.m_disruptiveAction;
m_logData = r.m_logData;
m_msg = r.m_msg;
m_severity = r.m_severity;
m_actionsRuntimePos = r.m_actionsRuntimePos;
m_actionsSetVar = r.m_actionsSetVar;
m_actionsTag = r.m_actionsTag;
m_transformations = r.m_transformations;
m_containsCaptureAction = r.m_containsCaptureAction;
m_containsMultiMatchAction = r.m_containsMultiMatchAction;
m_containsStaticBlockAction = r.m_containsStaticBlockAction;
m_isChained = r.m_isChained;
return *this;
}
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
virtual bool evaluate(Transaction *transaction) override;
void executeActionsIndependentOfChainedRuleResult(
Transaction *trasn,
bool *containsDisruptive,
std::shared_ptr<RuleMessage> ruleMessage);
void executeActionsAfterFullMatch(
Transaction *trasn,
bool containsDisruptive,
std::shared_ptr<RuleMessage> ruleMessage);
void executeAction(Transaction *trans,
bool containsBlock,
std::shared_ptr<RuleMessage> ruleMessage,
actions::Action *a,
bool context);
void executeTransformations(
Transaction *trasn, const std::string &value, TransformationResults &ret);
inline void executeTransformation(
actions::transformations::Transformation *a,
std::shared_ptr<std::string> *value,
Transaction *trans,
TransformationResults *ret,
std::string *path,
int *nth) const;
void performLogging(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage,
bool lastLog = true,
bool chainedParentNull = false);
std::vector<actions::Action *> getActionsByName(const std::string& name,
Transaction *t);
bool containsTag(const std::string& name, Transaction *t);
bool containsMsg(const std::string& name, Transaction *t);
inline bool isChained() const { return m_isChained == true; }
inline bool hasCaptureAction() const { return m_containsCaptureAction == true; }
inline void setChained(bool b) { m_isChained = b; }
inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; }
inline bool hasBlockAction() const { return m_containsStaticBlockAction == true; }
inline bool hasMultimatch() const { return m_containsMultiMatchAction == true; }
inline bool hasLogData() const { return m_logData != NULL; }
std::string logData(Transaction *t);
inline bool hasMsg() const { return m_msg != NULL; }
std::string msg(Transaction *t);
inline bool hasSeverity() const { return m_severity != NULL; }
int severity() const;
std::string m_rev;
std::string m_ver;
int m_accuracy;
int m_maturity;
int64_t m_ruleId;
std::shared_ptr<RuleWithActions> m_chainedRuleChild;
RuleWithActions *m_chainedRuleParent;
private:
/* actions */
actions::Action *m_disruptiveAction;
actions::LogData *m_logData;
actions::Msg *m_msg;
actions::Severity *m_severity;
MatchActions m_actionsRuntimePos;
SetVars m_actionsSetVar;
Tags m_actionsTag;
/* actions > transformations */
Transformations m_transformations;
bool m_containsCaptureAction:1;
bool m_containsMultiMatchAction:1;
bool m_containsStaticBlockAction:1;
bool m_isChained:1;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_

82
headers/modsecurity/rule_with_operator.h Normal file
View File

@ -0,0 +1,82 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
#define HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_actions.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithOperator : public RuleWithActions {
public:
RuleWithOperator(operators::Operator *op,
variables::Variables *variables,
std::vector<actions::Action *> *actions,
Transformations *transformations,
std::unique_ptr<std::string> fileName,
int lineNumber);
virtual ~RuleWithOperator();
bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
void getVariablesExceptions(Transaction *t,
variables::Variables *exclusion, variables::Variables *addition);
inline void getFinalVars(variables::Variables *vars,
variables::Variables *eclusion, Transaction *trans);
bool executeOperatorAt(Transaction *trasn, const std::string &key,
const std::string &value, std::shared_ptr<RuleMessage> rm);
static void updateMatchedVars(Transaction *trasn, const std::string &key,
const std::string &value);
static void cleanMatchedVars(Transaction *trasn);
std::string getOperatorName() const;
virtual std::string getReference() override {
return std::to_string(m_ruleId);
}
private:
modsecurity::variables::Variables *m_variables;
operators::Operator *m_operator;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_

96
headers/modsecurity/rules.h Normal file
View File

@ -0,0 +1,96 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <string.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <memory>
#endif
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_operator.h"
#include "modsecurity/rule_with_actions.h"
#ifndef HEADERS_MODSECURITY_RULES_H_
#define HEADERS_MODSECURITY_RULES_H_
#ifdef __cplusplus
namespace modsecurity {
class Rules {
public:
void dump() const {
for (int j = 0; j < m_rules.size(); j++) {
std::cout << " Rule ID: " << m_rules.at(j)->getReference();
std::cout << "--" << m_rules.at(j) << std::endl;
}
}
int append(Rules *from, const std::vector<int64_t> &ids, std::ostringstream *err) {
size_t j = 0;
for (; j < from->size(); j++) {
RuleWithOperator *rule = dynamic_cast<RuleWithOperator *>(from->at(j).get());
if (rule && std::binary_search(ids.begin(), ids.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
}
m_rules.insert(m_rules.end(), from->m_rules.begin(), from->m_rules.end());
return j;
}
bool insert(const std::shared_ptr<Rule> &rule) {
return insert(rule, nullptr, nullptr);
}
bool insert(std::shared_ptr<Rule> rule, const std::vector<int64_t> *ids, std::ostringstream *err) {
RuleWithOperator *r = dynamic_cast<RuleWithOperator *>(rule.get());
if (r && ids != nullptr && std::binary_search(ids->begin(), ids->end(), r->m_ruleId)) {
if (err != nullptr) {
*err << "Rule id: " << std::to_string(r->m_ruleId) \
<< " is duplicated" << std::endl;
}
return false;
}
m_rules.push_back(rule);
return true;
}
size_t size() const { return m_rules.size(); }
std::shared_ptr<Rule> operator[](int index) const { return m_rules[index]; }
std::shared_ptr<Rule> at(int index) const { return m_rules[index]; }
std::vector<std::shared_ptr<Rule> > m_rules;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_H_

98
headers/modsecurity/rules_exceptions.h Normal file
View File

@ -0,0 +1,98 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <list>
#include <map>
#include <sstream>
#include <string>
#include <unordered_map>
#include <utility>
#include <vector>
#include <memory>
#endif
#ifndef HEADERS_MODSECURITY_RULES_EXCEPTIONS_H_
#define HEADERS_MODSECURITY_RULES_EXCEPTIONS_H_
#ifdef __cplusplus
namespace modsecurity {
namespace actions {
class Action;
}
namespace variables {
class Variable;
}
class RulesExceptions {
public:
RulesExceptions();
~RulesExceptions();
bool load(const std::string &data, std::string *error);
bool addRange(int a, int b);
bool addNumber(int a);
bool contains(int a);
bool merge(RulesExceptions *from);
bool loadRemoveRuleByMsg(const std::string &msg, std::string *error);
bool loadRemoveRuleByTag(const std::string &msg, std::string *error);
bool loadUpdateTargetByMsg(const std::string &msg,
std::unique_ptr<std::vector<std::unique_ptr<variables::Variable> > > v,
std::string *error);
bool loadUpdateTargetByTag(const std::string &tag,
std::unique_ptr<std::vector<std::unique_ptr<variables::Variable> > > v,
std::string *error);
bool loadUpdateTargetById(double id,
std::unique_ptr<std::vector<std::unique_ptr<variables::Variable> > > v,
std::string *error);
bool loadUpdateActionById(double id,
std::unique_ptr<std::vector<std::unique_ptr<actions::Action> > > actions,
std::string *error);
std::unordered_multimap<std::shared_ptr<std::string>,
std::shared_ptr<variables::Variable>> m_variable_update_target_by_tag;
std::unordered_multimap<std::shared_ptr<std::string>,
std::shared_ptr<variables::Variable>> m_variable_update_target_by_msg;
std::unordered_multimap<double,
std::shared_ptr<variables::Variable>> m_variable_update_target_by_id;
std::unordered_multimap<double,
std::shared_ptr<actions::Action>> m_action_pre_update_target_by_id;
std::unordered_multimap<double,
std::shared_ptr<actions::Action>> m_action_pos_update_target_by_id;
std::list<std::string> m_remove_rule_by_msg;
std::list<std::string> m_remove_rule_by_tag;
private:
std::list<std::pair<int, int> > m_ranges;
std::list<int> m_numbers;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_EXCEPTIONS_H_

18
headers/modsecurity/rules_properties.h Normal file
View File

@ -0,0 +1,18 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <modsecurity/rules_set_properties.h>

109
headers/modsecurity/rules_set.h Normal file
View File

@ -0,0 +1,109 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <string.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_H_
#define HEADERS_MODSECURITY_RULES_SET_H_
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_set_phases.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithOperator;
namespace Parser {
class Driver;
}
/** @ingroup ModSecurity_CPP_API */
class RulesSet : public RulesSetProperties {
public:
RulesSet()
: RulesSetProperties(new DebugLog())
#ifndef NO_LOGS
,m_secmarker_skipped(0)
#endif
{ }
explicit RulesSet(DebugLog *customLog)
: RulesSetProperties(customLog)
#ifndef NO_LOGS
,m_secmarker_skipped(0)
#endif
{ }
~RulesSet() { }
int loadFromUri(const char *uri);
int loadRemote(const char *key, const char *uri);
int load(const char *rules);
int load(const char *rules, const std::string &ref);
void dump() const;
int merge(Parser::Driver *driver);
int merge(RulesSet *rules);
int evaluate(int phase, Transaction *transaction);
std::string getParserError();
void debug(int level, const std::string &id, const std::string &uri,
const std::string &msg);
RulesSetPhases m_rulesSetPhases;
private:
#ifndef NO_LOGS
uint8_t m_secmarker_skipped;
#endif
};
#endif
#ifdef __cplusplus
extern "C" {
#endif
RulesSet *msc_create_rules_set(void);
void msc_rules_dump(RulesSet *rules);
int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error);
int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri,
const char **error);
int msc_rules_add_file(RulesSet *rules, const char *file, const char **error);
int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error);
int msc_rules_cleanup(RulesSet *rules);
#ifdef __cplusplus
}
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_H_

63
headers/modsecurity/rules_set_phases.h Normal file
View File

@ -0,0 +1,63 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <string.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_PHASES_H_
#define HEADERS_MODSECURITY_RULES_SET_PHASES_H_
#include "modsecurity/rules.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithOperator;
namespace Parser {
class Driver;
}
/** @ingroup ModSecurity_CPP_API */
class RulesSetPhases {
public:
bool insert(std::shared_ptr<Rule> rule);
int append(RulesSetPhases *from, std::ostringstream *err);
void dump() const;
Rules *operator[](int index) { return &m_rulesAtPhase[index]; }
Rules *at(int index) { return &m_rulesAtPhase[index]; }
private:
Rules m_rulesAtPhase[8];
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_PHASES_H_

499
headers/modsecurity/rules_set_properties.h Normal file
View File

@ -0,0 +1,499 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <set>
#include <cstring>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
#define HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_exceptions.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#define CODEPAGE_SEPARATORS " \t\n\r"
#define merge_boolean_value(to, from, default) \
if (to == PropertyNotSetConfigBoolean) { \
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
}
#define merge_ruleengine_value(to, from, default) \
if (to == PropertyNotSetRuleEngine) { \
to = (from == PropertyNotSetRuleEngine) ? default : from; \
}
#define merge_bodylimitaction_value(to, from, default) \
if (to == PropertyNotSetBodyLimitAction) { \
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
}
#ifdef __cplusplus
namespace modsecurity {
class RulesExceptions;
namespace Parser {
class Driver;
}
using modsecurity::debug_log::DebugLog;
using modsecurity::audit_log::AuditLog;
/** @ingroup ModSecurity_CPP_API */
class ConfigInt {
public:
ConfigInt() : m_set(false), m_value(0) { }
bool m_set;
int m_value;
void merge(ConfigInt *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigDouble {
public:
ConfigDouble() : m_set(false), m_value(0) { }
bool m_set;
double m_value;
void merge(ConfigDouble *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigString {
public:
ConfigString() : m_set(false), m_value("") { }
bool m_set;
std::string m_value;
void merge(ConfigString *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigSet {
public:
ConfigSet() : m_set(false), m_clear(false) { }
bool m_set;
bool m_clear;
std::set<std::string> m_value;
};
class UnicodeMapHolder {
public:
UnicodeMapHolder() {
memset(m_data, -1, (sizeof(int)*65536));
};
int& operator[](int index) { return m_data[index]; }
int operator[](int index) const { return m_data[index]; }
int at(int index) const { return m_data[index]; }
void change(int i, int a) { m_data[i] = a; }
int m_data[65536];
};
class RulesSetProperties;
class ConfigUnicodeMap {
public:
ConfigUnicodeMap() : m_set(false),
m_unicodeCodePage(0),
m_unicodeMapTable(NULL) { }
static void loadConfig(std::string f, double codePage,
RulesSetProperties *driver, std::string *errg);
void merge(ConfigUnicodeMap *from) {
if (from->m_set == false) {
return;
}
m_set = true;
m_unicodeCodePage = from->m_unicodeCodePage;
m_unicodeMapTable = from->m_unicodeMapTable;
return;
}
bool m_set;
double m_unicodeCodePage;
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
};
class RulesSetProperties {
public:
RulesSetProperties() :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(new DebugLog()),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
explicit RulesSetProperties(DebugLog *debugLog) :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(debugLog),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
RulesSetProperties(const RulesSetProperties &r) = delete;
RulesSetProperties &operator =(const RulesSetProperties &r) = delete;
~RulesSetProperties() {
int i = 0;
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<std::shared_ptr<actions::Action> > *tmp = \
&m_defaultActions[i];
while (tmp->empty() == false) {
tmp->pop_back();
}
}
delete m_debugLog;
delete m_auditLog;
}
/**
*
*
*/
enum ConfigBoolean {
TrueConfigBoolean,
FalseConfigBoolean,
PropertyNotSetConfigBoolean
};
/**
*
* The RuleEngine enumerator consists in mapping the different states
* of the rule engine.
*
*/
enum RuleEngine {
/**
*
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
*
*/
DisabledRuleEngine,
/**
*
* Rules will be evaluated and disturb actions will take place if needed.
*
*/
EnabledRuleEngine,
/**
* Rules will be evaluated but it won't generate any disruptive action.
*
*/
DetectionOnlyRuleEngine,
/**
*
*/
PropertyNotSetRuleEngine
};
/**
*
* Defines what actions should be taken in case the body (response or
* request) is bigger than the expected size.
*
*/
enum BodyLimitAction {
/**
*
* Process partial
*
*/
ProcessPartialBodyLimitAction,
/**
*
* Reject the request
*
*/
RejectBodyLimitAction,
/**
*
*/
PropertyNotSetBodyLimitAction
};
/**
*
* Defines what actions should be taken in case the remote rules failed to
* be downloaded (independent of the circumstances)
*
*
*/
enum OnFailedRemoteRulesAction {
/**
*
* Abort
*
*/
AbortOnFailedRemoteRulesAction,
/**
*
* Warn on logging
*
*/
WarnOnFailedRemoteRulesAction,
/**
*
*/
PropertyNotSetRemoteRulesAction
};
static const char *ruleEngineStateString(RuleEngine i) {
switch (i) {
case DisabledRuleEngine:
return "Disabled";
case EnabledRuleEngine:
return "Enabled";
case DetectionOnlyRuleEngine:
return "DetectionOnly";
case PropertyNotSetRuleEngine:
return "PropertyNotSet/DetectionOnly";
}
return NULL;
}
static std::string configBooleanString(ConfigBoolean i) {
switch (i) {
case TrueConfigBoolean:
return "True";
case FalseConfigBoolean:
return "False";
case PropertyNotSetConfigBoolean:
return "Not set";
}
return NULL;
}
static int mergeProperties(RulesSetProperties *from,
RulesSetProperties *to, std::ostringstream *err) {
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
PropertyNotSetRuleEngine);
merge_boolean_value(to->m_secRequestBodyAccess,
from->m_secRequestBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secResponseBodyAccess,
from->m_secResponseBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secXMLExternalEntity,
from->m_secXMLExternalEntity,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_uploadKeepFiles,
from->m_uploadKeepFiles,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_tmpSaveUploadedFiles,
from->m_tmpSaveUploadedFiles,
PropertyNotSetConfigBoolean);
to->m_argumentsLimit.merge(&from->m_argumentsLimit);
to->m_requestBodyJsonDepthLimit.merge(&from->m_requestBodyJsonDepthLimit);
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
to->m_requestBodyNoFilesLimit.merge(&from->m_requestBodyNoFilesLimit);
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
from->m_requestBodyLimitAction,
PropertyNotSetBodyLimitAction);
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
from->m_responseBodyLimitAction,
PropertyNotSetBodyLimitAction);
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
to->m_secWebAppId.merge(&from->m_secWebAppId);
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
to->m_httpblKey.merge(&from->m_httpblKey);
to->m_exceptions.merge(&from->m_exceptions);
to->m_components.insert(to->m_components.end(),
from->m_components.begin(), from->m_components.end());
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
to->m_responseBodyTypeToBeInspected.m_value.clear();
from->m_responseBodyTypeToBeInspected.m_value.clear();
} else {
for (std::set<std::string>::iterator
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end();
++it) {
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
}
}
to->m_responseBodyTypeToBeInspected.m_set = true;
}
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<std::shared_ptr<actions::Action> > *actions_from = \
&from->m_defaultActions[i];
std::vector<std::shared_ptr<actions::Action> > *actions_to = \
&to->m_defaultActions[i];
for (size_t j = 0; j < actions_from->size(); j++) {
actions_to->push_back(actions_from->at(j));
}
}
if (to->m_auditLog) {
std::string error;
to->m_auditLog->merge(from->m_auditLog, &error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogFileSet()) {
if (to->m_debugLog->isLogFileSet() == false) {
std::string error;
to->m_debugLog->setDebugLogFile(
from->m_debugLog->getDebugLogFile(),
&error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogLevelSet()) {
if (to->m_debugLog->isLogLevelSet() == false) {
to->m_debugLog->setDebugLogLevel(
from->m_debugLog->getDebugLogLevel());
}
}
return 1;
}
audit_log::AuditLog *m_auditLog;
BodyLimitAction m_requestBodyLimitAction;
BodyLimitAction m_responseBodyLimitAction;
ConfigBoolean m_secRequestBodyAccess;
ConfigBoolean m_secResponseBodyAccess;
ConfigBoolean m_secXMLExternalEntity;
ConfigBoolean m_tmpSaveUploadedFiles;
ConfigBoolean m_uploadKeepFiles;
ConfigDouble m_argumentsLimit;
ConfigDouble m_requestBodyJsonDepthLimit;
ConfigDouble m_requestBodyLimit;
ConfigDouble m_requestBodyNoFilesLimit;
ConfigDouble m_responseBodyLimit;
ConfigInt m_uploadFileLimit;
ConfigInt m_uploadFileMode;
DebugLog *m_debugLog;
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
RuleEngine m_secRuleEngine;
RulesExceptions m_exceptions;
std::list<std::string> m_components;
std::ostringstream m_parserError;
ConfigSet m_responseBodyTypeToBeInspected;
ConfigString m_httpblKey;
ConfigString m_uploadDirectory;
ConfigString m_uploadTmpDirectory;
ConfigString m_secArgumentSeparator;
ConfigString m_secWebAppId;
std::vector<std::shared_ptr<actions::Action> > \
m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
ConfigUnicodeMap m_unicodeMapTable;
};
#endif
#ifdef __cplusplus
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_

729
headers/modsecurity/transaction.h Normal file
View File

@ -0,0 +1,729 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <list>
#include <map>
#include <sstream>
#include <string>
#include <unordered_map>
#include <utility>
#include <vector>
#include <memory>
#include <stack>
#endif
#include <stdlib.h>
#include <stddef.h>
#ifndef HEADERS_MODSECURITY_TRANSACTION_H_
#define HEADERS_MODSECURITY_TRANSACTION_H_
#ifndef __cplusplus
typedef struct ModSecurity_t ModSecurity;
typedef struct Transaction_t Transaction;
typedef struct Rules_t RulesSet;
#endif
#include "modsecurity/anchored_set_variable.h"
#include "modsecurity/anchored_variable.h"
#include "modsecurity/intervention.h"
#include "modsecurity/collection/collections.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/collection/collection.h"
#include "modsecurity/variable_origin.h"
#include "modsecurity/anchored_set_variable_translation_proxy.h"
#include "modsecurity/audit_log.h"
#ifndef NO_LOGS
#define ms_dbg(b, c) \
do { \
if (m_rules && m_rules->m_debugLog && m_rules->m_debugLog->m_debugLevel >= b) { \
m_rules->debug(b, *m_id.get(), m_uri, c); \
} \
} while (0);
#else
#define ms_dbg(b, c) \
do { } while (0);
#endif
#ifndef NO_LOGS
#define ms_dbg_a(t, b, c) \
do { \
if (t && t->m_rules && t->m_rules->m_debugLog && t->m_rules->m_debugLog->m_debugLevel >= b) { \
t->debug(b, c); \
} \
} while (0);
#else
#define ms_dbg_a(t, b, c) \
do { } while (0);
#endif
#define LOGFY_ADD(a, b) \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
if (b == NULL) { \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(""), \
strlen("")); \
} else { \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(b), \
strlen(b)); \
}
#define LOGFY_ADD_INT(a, b) \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
yajl_gen_number(g, reinterpret_cast<const char*>(b), strlen(b));
#define LOGFY_ADD_NUM(a, b) \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
yajl_gen_integer(g, b);
#ifdef __cplusplus
namespace modsecurity {
class ModSecurity;
class Transaction;
class RulesSet;
class RuleMessage;
namespace actions {
class Action;
namespace disruptive {
enum AllowType : int;
}
}
namespace RequestBodyProcessor {
class XML;
class JSON;
class MultipartPartTmpFile;
}
namespace operators {
class Operator;
}
class TransactionAnchoredVariables {
public:
explicit TransactionAnchoredVariables(Transaction *t)
: m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
m_variableARGScombinedSize(t, "ARGS_COMBINED_SIZE"),
m_variableAuthType(t, "AUTH_TYPE"),
m_variableFilesCombinedSize(t, "FILES_COMBINED_SIZE"),
m_variableFullRequest(t, "FULL_REQUEST"),
m_variableFullRequestLength(t, "FULL_REQUEST_LENGTH"),
m_variableInboundDataError(t, "INBOUND_DATA_ERROR"),
m_variableMatchedVar(t, "MATCHED_VAR"),
m_variableMatchedVarName(t, "MATCHED_VAR_NAME"),
m_variableMultipartBoundaryQuoted(t, "MULTIPART_BOUNDARY_QUOTED"),
m_variableMultipartBoundaryWhiteSpace(t,
"MULTIPART_BOUNDARY_WHITESPACE"),
m_variableMultipartCrlfLFLines(t, "MULTIPART_CRLF_LF_LINES"),
m_variableMultipartDataAfter(t, "MULTIPART_DATA_AFTER"),
m_variableMultipartDataBefore(t, "MULTIPART_DATA_BEFORE"),
m_variableMultipartFileLimitExceeded(t,
"MULTIPART_FILE_LIMIT_EXCEEDED"),
m_variableMultipartHeaderFolding(t, "MULTIPART_HEADER_FOLDING"),
m_variableMultipartInvalidHeaderFolding(t,
"MULTIPART_INVALID_HEADER_FOLDING"),
m_variableMultipartInvalidPart(t, "MULTIPART_INVALID_PART"),
m_variableMultipartInvalidQuoting(t, "MULTIPART_INVALID_QUOTING"),
m_variableMultipartLFLine(t, "MULTIPART_LF_LINE"),
m_variableMultipartMissingSemicolon(t, "MULTIPART_MISSING_SEMICOLON"),
m_variableMultipartStrictError(t, "MULTIPART_STRICT_ERROR"),
m_variableMultipartUnmatchedBoundary(t,
"MULTIPART_UNMATCHED_BOUNDARY"),
m_variableOutboundDataError(t, "OUTBOUND_DATA_ERROR"),
m_variablePathInfo(t, "PATH_INFO"),
m_variableQueryString(t, "QUERY_STRING"),
m_variableRemoteAddr(t, "REMOTE_ADDR"),
m_variableRemoteHost(t, "REMOTE_HOST"),
m_variableRemotePort(t, "REMOTE_PORT"),
m_variableReqbodyError(t, "REQBODY_ERROR"),
m_variableReqbodyErrorMsg(t, "REQBODY_ERROR_MSG"),
m_variableReqbodyProcessorError(t, "REQBODY_PROCESSOR_ERROR"),
m_variableReqbodyProcessorErrorMsg(t, "REQBODY_PROCESSOR_ERROR_MSG"),
m_variableReqbodyProcessor(t, "REQBODY_PROCESSOR"),
m_variableRequestBasename(t, "REQUEST_BASENAME"),
m_variableRequestBody(t, "REQUEST_BODY"),
m_variableRequestBodyLength(t, "REQUEST_BODY_LENGTH"),
m_variableRequestFilename(t, "REQUEST_FILENAME"),
m_variableRequestLine(t, "REQUEST_LINE"),
m_variableRequestMethod(t, "REQUEST_METHOD"),
m_variableRequestProtocol(t, "REQUEST_PROTOCOL"),
m_variableRequestURI(t, "REQUEST_URI"),
m_variableRequestURIRaw(t, "REQUEST_URI_RAW"),
m_variableResource(t, "RESOURCE"),
m_variableResponseBody(t, "RESPONSE_BODY"),
m_variableResponseContentLength(t, "RESPONSE_CONTENT_LENGTH"),
m_variableResponseProtocol(t, "RESPONSE_PROTOCOL"),
m_variableResponseStatus(t, "RESPONSE_STATUS"),
m_variableServerAddr(t, "SERVER_ADDR"),
m_variableServerName(t, "SERVER_NAME"),
m_variableServerPort(t, "SERVER_PORT"),
m_variableSessionID(t, "SESSIONID"),
m_variableUniqueID(t, "UNIQUE_ID"),
m_variableUrlEncodedError(t, "URLENCODED_ERROR"),
m_variableUserID(t, "USERID"),
m_variableArgs(t, "ARGS"),
m_variableArgsGet(t, "ARGS_GET"),
m_variableArgsPost(t, "ARGS_POST"),
m_variableFilesSizes(t, "FILES_SIZES"),
m_variableFilesNames(t, "FILES_NAMES"),
m_variableFilesTmpContent(t, "FILES_TMP_CONTENT"),
m_variableMultipartFileName(t, "MULTIPART_FILENAME"),
m_variableMultipartName(t, "MULTIPART_NAME"),
m_variableMatchedVarsNames(t, "MATCHED_VARS_NAMES"),
m_variableMatchedVars(t, "MATCHED_VARS"),
m_variableFiles(t, "FILES"),
m_variableRequestCookies(t, "REQUEST_COOKIES"),
m_variableRequestHeaders(t, "REQUEST_HEADERS"),
m_variableResponseHeaders(t, "RESPONSE_HEADERS"),
m_variableGeo(t, "GEO"),
m_variableRequestCookiesNames(t, "REQUEST_COOKIES_NAMES"),
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
m_variableMultipartPartHeaders(t, "MULTIPART_PART_HEADERS"),
m_variableOffset(0),
m_variableArgsNames("ARGS_NAMES", &m_variableArgs),
m_variableArgsGetNames("ARGS_GET_NAMES", &m_variableArgsGet),
m_variableArgsPostNames("ARGS_POST_NAMES", &m_variableArgsPost)
{ }
AnchoredSetVariable m_variableRequestHeadersNames;
AnchoredVariable m_variableResponseContentType;
AnchoredSetVariable m_variableResponseHeadersNames;
AnchoredVariable m_variableARGScombinedSize;
AnchoredVariable m_variableAuthType;
AnchoredVariable m_variableFilesCombinedSize;
AnchoredVariable m_variableFullRequest;
AnchoredVariable m_variableFullRequestLength;
AnchoredVariable m_variableInboundDataError;
AnchoredVariable m_variableMatchedVar;
AnchoredVariable m_variableMatchedVarName;
AnchoredVariable m_variableMultipartBoundaryQuoted;
AnchoredVariable m_variableMultipartBoundaryWhiteSpace;
AnchoredVariable m_variableMultipartCrlfLFLines;
AnchoredVariable m_variableMultipartDataAfter;
AnchoredVariable m_variableMultipartDataBefore;
AnchoredVariable m_variableMultipartFileLimitExceeded;
AnchoredVariable m_variableMultipartHeaderFolding;
AnchoredVariable m_variableMultipartInvalidHeaderFolding;
AnchoredVariable m_variableMultipartInvalidPart;
AnchoredVariable m_variableMultipartInvalidQuoting;
AnchoredVariable m_variableMultipartLFLine;
AnchoredVariable m_variableMultipartMissingSemicolon;
AnchoredVariable m_variableMultipartStrictError;
AnchoredVariable m_variableMultipartUnmatchedBoundary;
AnchoredVariable m_variableOutboundDataError;
AnchoredVariable m_variablePathInfo;
AnchoredVariable m_variableQueryString;
AnchoredVariable m_variableRemoteAddr;
AnchoredVariable m_variableRemoteHost;
AnchoredVariable m_variableRemotePort;
AnchoredVariable m_variableReqbodyError;
AnchoredVariable m_variableReqbodyErrorMsg;
AnchoredVariable m_variableReqbodyProcessorError;
AnchoredVariable m_variableReqbodyProcessorErrorMsg;
AnchoredVariable m_variableReqbodyProcessor;
AnchoredVariable m_variableRequestBasename;
AnchoredVariable m_variableRequestBody;
AnchoredVariable m_variableRequestBodyLength;
AnchoredVariable m_variableRequestFilename;
AnchoredVariable m_variableRequestLine;
AnchoredVariable m_variableRequestMethod;
AnchoredVariable m_variableRequestProtocol;
AnchoredVariable m_variableRequestURI;
AnchoredVariable m_variableRequestURIRaw;
AnchoredVariable m_variableResource;
AnchoredVariable m_variableResponseBody;
AnchoredVariable m_variableResponseContentLength;
AnchoredVariable m_variableResponseProtocol;
AnchoredVariable m_variableResponseStatus;
AnchoredVariable m_variableServerAddr;
AnchoredVariable m_variableServerName;
AnchoredVariable m_variableServerPort;
AnchoredVariable m_variableSessionID;
AnchoredVariable m_variableUniqueID;
AnchoredVariable m_variableUrlEncodedError;
AnchoredVariable m_variableUserID;
AnchoredSetVariable m_variableArgs;
AnchoredSetVariable m_variableArgsGet;
AnchoredSetVariable m_variableArgsPost;
AnchoredSetVariable m_variableFilesSizes;
AnchoredSetVariable m_variableFilesNames;
AnchoredSetVariable m_variableFilesTmpContent;
AnchoredSetVariable m_variableMultipartFileName;
AnchoredSetVariable m_variableMultipartName;
AnchoredSetVariable m_variableMatchedVarsNames;
AnchoredSetVariable m_variableMatchedVars;
AnchoredSetVariable m_variableFiles;
AnchoredSetVariable m_variableRequestCookies;
AnchoredSetVariable m_variableRequestHeaders;
AnchoredSetVariable m_variableResponseHeaders;
AnchoredSetVariable m_variableGeo;
AnchoredSetVariable m_variableRequestCookiesNames;
AnchoredSetVariable m_variableFilesTmpNames;
AnchoredSetVariable m_variableMultipartPartHeaders;
int m_variableOffset;
AnchoredSetVariableTranslationProxy m_variableArgsNames;
AnchoredSetVariableTranslationProxy m_variableArgsGetNames;
AnchoredSetVariableTranslationProxy m_variableArgsPostNames;
};
class TransactionSecMarkerManagement {
public:
bool isInsideAMarker() const {
if (m_marker) {
return true;
}
return false;
}
std::shared_ptr<std::string> getCurrentMarker() const {
if (m_marker) {
return m_marker;
} else {
throw;
}
}
void removeMarker() {
m_marker.reset();
}
void addMarker(const std::shared_ptr<std::string> &name) {
m_marker = name;
}
private:
std::shared_ptr<std::string> m_marker;
};
/** @ingroup ModSecurity_CPP_API */
class Transaction : public TransactionAnchoredVariables, public TransactionSecMarkerManagement {
public:
Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData);
Transaction(ModSecurity *transaction, RulesSet *rules, char *id,
void *logCbData);
~Transaction();
Transaction ( const Transaction & ) = delete;
bool operator ==(const Transaction &b) const { return false; };
Transaction &operator =(const Transaction &b) const = delete;
/** TODO: Should be an structure that fits an IP address */
int processConnection(const char *client, int cPort,
const char *server, int sPort);
int processURI(const char *uri, const char *protocol,
const char *http_version);
/**
* Types of request body that ModSecurity may give a special treatment
* for the data.
*/
enum RequestBodyType {
/**
*
*/
UnknownFormat,
/**
*
*/
MultiPartRequestBody,
/**
*
*/
WWWFormUrlEncoded,
/**
*
*/
JSONRequestBody,
/**
*
*/
XMLRequestBody
};
int processRequestHeaders();
int addRequestHeader(const std::string& key, const std::string& value);
int addRequestHeader(const unsigned char *key, const unsigned char *value);
int addRequestHeader(const unsigned char *key, size_t len_key,
const unsigned char *value, size_t len_value);
int processRequestBody();
int appendRequestBody(const unsigned char *body, size_t size);
int requestBodyFromFile(const char *path);
int processResponseHeaders(int code, const std::string& proto);
int addResponseHeader(const std::string& key, const std::string& value);
int addResponseHeader(const unsigned char *key, const unsigned char *value);
int addResponseHeader(const unsigned char *key, size_t len_key,
const unsigned char *value, size_t len_value);
int processResponseBody();
int appendResponseBody(const unsigned char *body, size_t size);
int processLogging();
int updateStatusCode(int status);
bool intervention(ModSecurityIntervention *it);
bool addArgument(const std::string& orig, const std::string& key,
const std::string& value, size_t offset);
bool extractArguments(const std::string &orig, const std::string& buf,
size_t offset);
const char *getResponseBody() const;
size_t getResponseBodyLength();
size_t getRequestBodyLength();
#ifndef NO_LOGS
void debug(int, const std::string&) const;
#endif
void serverLog(std::shared_ptr<RuleMessage> rm);
int getRuleEngineState() const;
std::string toJSON(int parts);
std::string toOldAuditLogFormat(int parts, const std::string &trailer);
std::string toOldAuditLogFormatIndex(const std::string &filename,
double size, const std::string &md5);
/**
* Filled during the class instantiation, this variable can be later
* used to fill the SecRule variable `duration'. The variable `duration'
* is dynamic calculated, it is always relative to the value found in
* m_creationTimeStamp.
*
* @note There is space for performance improvement. This value don't
* need to be filled if there is no rule using the variable
* `duration'.
*/
clock_t m_creationTimeStamp;
/**
* Holds the client IP address.
*/
std::shared_ptr<std::string> m_clientIpAddress;
/**
* Holds the HTTP version: 1.2, 2.0, 3.0 and so on....
*/
std::string m_httpVersion;
/**
* Holds the server IP Address
*/
std::shared_ptr<std::string> m_serverIpAddress;
/**
* Holds the raw URI that was requested.
*/
std::string m_uri;
/**
* Holds the URI that was requests (without the query string).
*/
std::shared_ptr<std::string> m_uri_no_query_string_decoded;
/**
* Holds the combined size of all arguments, later used to fill the
* variable ARGS_COMBINED_SIZE.
*/
double m_ARGScombinedSizeDouble;
/**
* Client tcp port.
*/
int m_clientPort;
/**
* This variable is set by the action `severity' and later can be
* consulted via the SecLanguage variable HIGHEST_SEVERITY.
*/
int m_highestSeverityAction;
/**
* Holds the HTTP return code when it is known. If 0 nothing was
* set.
*/
int m_httpCodeReturned;
/**
* Holds the server port.
*/
int m_serverPort;
/**
* ModSecurity instance used to start this transaction. Basically used
* to fill the server log whenever is needed.
*/
ModSecurity *m_ms;
/**
* Holds the type of the request body, in case there is one.
*/
RequestBodyType m_requestBodyType;
/**
* Holds the request body "processor"
*/
RequestBodyType m_requestBodyProcessor;
/**
* Rules object utilized during this specific transaction.
*/
RulesSet *m_rules;
/**
*
*/
std::list<int > m_ruleRemoveById;
std::list<std::pair<int, int> > m_ruleRemoveByIdRange;
/**
*
*/
std::list<std::string> m_ruleRemoveByTag;
/**
*
*/
std::list< std::pair<std::string, std::string> > m_ruleRemoveTargetByTag;
/**
*
*/
std::list< std::pair<int, std::string> > m_ruleRemoveTargetById;
/**
*
*/
int m_requestBodyAccess;
/**
* The list m_auditLogModifier contains modifications to the `auditlogs'
* for this specific request, those modifications can happens via the
* utilization of the action: `ctl:auditLogParts='
*
*/
std::list< std::pair<int, std::string> > m_auditLogModifier;
/**
* This transaction's most recent action ctl:auditEngine
*
*/
audit_log::AuditLog::AuditLogStatus m_ctlAuditEngine;
/**
* This variable holds all the messages asked to be save by the utilization
* of the actions: `log_data' and `msg'. These should be included on the
* auditlogs.
*/
std::list<modsecurity::RuleMessage> m_rulesMessages;
/**
* Holds the request body, in case of any.
*/
std::ostringstream m_requestBody;
/**
* Holds the response body, in case of any.
*/
std::ostringstream m_responseBody;
/**
* Contains the unique ID of the transaction. Use by the variable
* `UNIQUE_ID'. This unique id is also saved as part of the AuditLog.
*/
std::shared_ptr<std::string> m_id;
/**
* Holds the amount of rules that should be skipped. If bigger than 0 the
* current rule should be skipped and the number needs to be decreased.
*/
int m_skip_next;
/**
* If allow action was utilized, this variable holds the allow type.
*/
modsecurity::actions::disruptive::AllowType m_allowType;
/**
* Holds the decode URI. Notice that m_uri holds the raw version
* of the URI.
*/
std::string m_uri_decoded;
/**
* Actions (disruptive?) that should be taken by the connector related to
* that transaction.
*/
std::vector<ModSecurityIntervention> m_actions;
ModSecurityIntervention m_it;
/**
* Holds the creation time stamp, using std::time.
*
* TODO: m_timeStamp and m_creationTimeStamp may be merged into a single
* variable.
*/
time_t m_timeStamp;
/**
* Holds all the collections related to that transaction.
*/
collection::Collections m_collections;
/**
* Holds the whatever matched in the operation utilization.
* That variable will be further used by the capture action.
*
*/
std::list<std::string> m_matched;
RequestBodyProcessor::XML *m_xml;
RequestBodyProcessor::JSON *m_json;
int m_secRuleEngine;
std::string m_variableDuration;
std::map<std::string, std::string> m_variableEnvs;
std::string m_variableHighestSeverityAction;
std::string m_variableRemoteUser;
std::string m_variableTime;
std::string m_variableTimeDay;
std::string m_variableTimeEpoch;
std::string m_variableTimeHour;
std::string m_variableTimeMin;
std::string m_variableTimeSec;
std::string m_variableTimeWDay;
std::string m_variableTimeYear;
std::vector<std::shared_ptr<RequestBodyProcessor::MultipartPartTmpFile>> m_multipartPartTmpFiles;
private:
/**
* Pointer to the callback function that will be called to fill
* the web server (connector) log.
*/
void *m_logCbData;
};
#endif
#ifdef __cplusplus
extern "C" {
#endif
/** @ingroup ModSecurity_C_API */
Transaction *msc_new_transaction(ModSecurity *ms,
RulesSet *rules, void *logCbData);
/** @ingroup ModSecurity_C_API */
Transaction *msc_new_transaction_with_id(ModSecurity *ms,
RulesSet *rules, char *id, void *logCbData);
/** @ingroup ModSecurity_C_API */
int msc_process_connection(Transaction *transaction,
const char *client, int cPort, const char *server, int sPort);
/** @ingroup ModSecurity_C_API */
int msc_process_request_headers(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
int msc_add_request_header(Transaction *transaction, const unsigned char *key,
const unsigned char *value);
/** @ingroup ModSecurity_C_API */
int msc_add_n_request_header(Transaction *transaction,
const unsigned char *key, size_t len_key, const unsigned char *value,
size_t len_value);
/** @ingroup ModSecurity_C_API */
int msc_process_request_body(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
int msc_append_request_body(Transaction *transaction,
const unsigned char *body, size_t size);
/** @ingroup ModSecurity_C_API */
int msc_request_body_from_file(Transaction *transaction, const char *path);
/** @ingroup ModSecurity_C_API */
int msc_process_response_headers(Transaction *transaction, int code,
const char* protocol);
/** @ingroup ModSecurity_C_API */
int msc_add_response_header(Transaction *transaction,
const unsigned char *key, const unsigned char *value);
/** @ingroup ModSecurity_C_API */
int msc_add_n_response_header(Transaction *transaction,
const unsigned char *key, size_t len_key, const unsigned char *value,
size_t len_value);
/** @ingroup ModSecurity_C_API */
int msc_process_response_body(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
int msc_append_response_body(Transaction *transaction,
const unsigned char *body, size_t size);
/** @ingroup ModSecurity_C_API */
int msc_process_uri(Transaction *transaction, const char *uri,
const char *protocol, const char *http_version);
/** @ingroup ModSecurity_C_API */
const char *msc_get_response_body(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
size_t msc_get_response_body_length(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
size_t msc_get_request_body_length(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
void msc_transaction_cleanup(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
int msc_intervention(Transaction *transaction, ModSecurityIntervention *it);
/** @ingroup ModSecurity_C_API */
int msc_process_logging(Transaction *transaction);
/** @ingroup ModSecurity_C_API */
int msc_update_status_code(Transaction *transaction, int status);
#ifdef __cplusplus
}
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_TRANSACTION_H_

56
headers/modsecurity/variable_origin.h Normal file
View File

@ -0,0 +1,56 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#endif
#ifndef HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_
#define HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_
#ifndef __cplusplus
typedef struct DebugLog_t DebugLog;
#endif
#ifdef __cplusplus
namespace modsecurity {
/** @ingroup ModSecurity_CPP_API */
class VariableOrigin {
public:
VariableOrigin()
: m_length(0),
m_offset(0) { }
std::string toText() {
std::string offset = std::to_string(m_offset);
std::string len = std::to_string(m_length);
return "v" + offset + "," + len;
}
int m_length;
size_t m_offset;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_

121
headers/modsecurity/variable_value.h Normal file
View File

@ -0,0 +1,121 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <memory>
#include <list>
#include <utility>
#endif
#include "modsecurity/variable_origin.h"
#ifndef HEADERS_MODSECURITY_VARIABLE_VALUE_H_
#define HEADERS_MODSECURITY_VARIABLE_VALUE_H_
#ifndef __cplusplus
typedef struct Variable_t VariableValue;
#endif
#ifdef __cplusplus
namespace modsecurity {
class Collection;
class VariableValue {
public:
using Origins = std::list<std::unique_ptr<VariableOrigin>>;
explicit VariableValue(const std::string *key,
const std::string *value = nullptr)
: m_collection(""),
m_key(*key),
m_keyWithCollection(*key),
m_value(value != nullptr?*value:"")
{ }
VariableValue(const std::string *collection,
const std::string *key,
const std::string *value)
: m_collection(*collection),
m_key(*key),
m_keyWithCollection(*collection + ":" + *key),
m_value(*value)
{ }
explicit VariableValue(const VariableValue *o) :
m_collection(o->m_collection),
m_key(o->m_key),
m_keyWithCollection(o->m_keyWithCollection),
m_value(o->m_value)
{
for (auto &i : o->m_orign) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
origin->m_offset = i->m_offset;
origin->m_length = i->m_length;
m_orign.push_back(std::move(origin));
}
}
VariableValue(const VariableValue &v) = delete;
const std::string& getKey() const {
return m_key;
}
const std::string& getKeyWithCollection() const {
return m_keyWithCollection;
}
const std::string& getCollection() const {
return m_collection;
}
const std::string& getValue() const {
return m_value;
}
void setValue(const std::string &value) {
m_value = value;
}
void addOrigin(std::unique_ptr<VariableOrigin> origin) {
m_orign.push_back(std::move(origin));
}
const Origins& getOrigin() const {
return m_orign;
}
private:
Origins m_orign;
std::string m_collection;
std::string m_key;
std::string m_keyWithCollection;
std::string m_value;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_VARIABLE_VALUE_H_

285
modsecurity.conf-recommended Normal file
View File

@ -0,0 +1,285 @@
# -- Rule engine initialization ----------------------------------------------
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine DetectionOnly
# -- Request body handling ---------------------------------------------------
# Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit.
#
SecRequestBodyAccess On
# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type
#
SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Enable JSON request body parser.
# Initiate JSON Processor in case of JSON content-type; change accordingly
# if your application does not use 'application/json'
#
SecRule REQUEST_HEADERS:Content-Type "^application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Sample rule to enable JSON request body parser for more subtypes.
# Uncomment or adapt this rule if you want to engage the JSON
# Processor for "+json" subtypes
#
#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Maximum request body size we will accept for buffering. If you support
# file uploads then the value given on the first line has to be as large
# as the largest file you are willing to accept. The second value refers
# to the size of data, with files excluded. You want to keep that value as
# low as practical.
#
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
# What to do if the request body size is above our configured limit.
# Keep in mind that this setting will automatically be set to ProcessPartial
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
# disruptions when initially deploying ModSecurity.
#
SecRequestBodyLimitAction Reject
# Maximum parsing depth allowed for JSON objects. You want to keep this
# value as low as practical.
#
SecRequestBodyJsonDepthLimit 512
# Maximum number of args allowed per request. You want to keep this
# value as low as practical. The value should match that in rule 200007.
SecArgumentsLimit 1000
# If SecArgumentsLimit has been set, you probably want to reject any
# request body that has only been partly parsed. The value used in this
# rule should match what was used with SecArgumentsLimit
SecRule &ARGS "@ge 1000" \
"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
# or log a high-severity alert (when deployed in detection-only mode).
#
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
# By default be strict with what we accept in the multipart/form-data
# request body. If the rule below proves to be too strict for your
# environment consider changing it to detection-only. You are encouraged
# _not_ to remove it altogether.
#
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:400, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
# Did we see anything that might be a boundary?
#
# Here is a short description about the ModSecurity Multipart parser: the
# parser returns with value 0, if all "boundary-like" line matches with
# the boundary string which given in MIME header. In any other cases it returns
# with different value, eg. 1 or 2.
#
# The RFC 1341 descript the multipart content-type and its syntax must contains
# only three mandatory lines (above the content):
# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING
# * --BOUNDARY_STRING
# * --BOUNDARY_STRING--
#
# First line indicates, that this is a multipart content, second shows that
# here starts a part of the multipart content, third shows the end of content.
#
# If there are any other lines, which starts with "--", then it should be
# another boundary id - or not.
#
# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive.
#
# If multipart content contains the three necessary lines with correct order, but
# there are one or more lines with "--", then parser returns with value 2 (non-zero).
#
# If some of the necessary lines (usually the start or end) misses, or the order
# is wrong, then parser returns with value 1 (also a non-zero).
#
# You can choose, which one is what you need. The example below contains the
# 'strict' mode, which means if there are any lines with start of "--", then
# ModSecurity blocked the content. But the next, commented example contains
# the 'permissive' mode, then you check only if the necessary lines exists in
# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."),
# or other text files, which contains eg. HTTP headers.
#
# The difference is only the operator - in strict mode (first) the content blocked
# in case of any non-zero value. In permissive mode (second, commented) the
# content blocked only if the value is explicit 1. If it 0 or 2, the content will
# allowed.
#
#
# See #1747 and #1924 for further information on the possible values for
# MULTIPART_UNMATCHED_BOUNDARY.
#
SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
# PCRE Tuning
# We want to avoid a potential RegEx DoS condition
#
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
# Some internal errors will set flags in TX and we will need to look for these.
# All of these are prefixed with "MSC_". The following flags currently exist:
#
# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
#
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# -- Response body handling --------------------------------------------------
# Allow ModSecurity to access response bodies.
# You should have this directive enabled in order to identify errors
# and data leakage issues.
#
# Do keep in mind that enabling this directive does increases both
# memory consumption and response latency.
#
SecResponseBodyAccess On
# Which response MIME types do you want to inspect? You should adjust the
# configuration below to catch documents but avoid static files
# (e.g., images and archives).
#
SecResponseBodyMimeType text/plain text/html text/xml
# Buffer response bodies of up to 512 KB in length.
SecResponseBodyLimit 524288
# What happens when we encounter a response body larger than the configured
# limit? By default, we process what we have and let the rest through.
# That's somewhat less secure, but does not break any legitimate pages.
#
SecResponseBodyLimitAction ProcessPartial
# -- Filesystem configuration ------------------------------------------------
# The location where ModSecurity stores temporary files (for example, when
# it needs to handle a file upload that is larger than the configured limit).
#
# This default setting is chosen due to all systems have /tmp available however,
# this is less than ideal. It is recommended that you specify a location that's private.
#
SecTmpDir /tmp/
# The location where ModSecurity will keep its persistent data. This default setting
# is chosen due to all systems have /tmp available however, it
# too should be updated to a place that other users can't access.
#
SecDataDir /tmp/
# -- File uploads handling configuration -------------------------------------
# The location where ModSecurity stores intercepted uploaded files. This
# location must be private to ModSecurity. You don't want other users on
# the server to access the files, do you?
#
#SecUploadDir /opt/modsecurity/var/upload/
# By default, only keep the files that were determined to be unusual
# in some way (by an external inspection script). For this to work you
# will also need at least one file inspection rule.
#
#SecUploadKeepFiles RelevantOnly
# Uploaded files are by default created with permissions that do not allow
# any other user to access them. You may need to relax that if you want to
# interface ModSecurity to an external program (e.g., an anti-virus).
#
#SecUploadFileMode 0600
# -- Debug log configuration -------------------------------------------------
# The default debug log configuration is to duplicate the error, warning
# and notice messages from the error log.
#
#SecDebugLog /opt/modsecurity/var/log/debug.log
#SecDebugLogLevel 3
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
# Log everything we know about a transaction.
SecAuditLogParts ABIJDEFHZ
# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only ocassionally.
#
SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log
# Specify the path for concurrent audit logging.
#SecAuditLogStorageDir /opt/modsecurity/var/audit/
# -- Miscellaneous -----------------------------------------------------------
# Use the most commonly used application/x-www-form-urlencoded parameter
# separator. There's probably only one application somewhere that uses
# something else so don't expect to change this value.
#
SecArgumentSeparator &
# Settle on version 0 (zero) cookies, as that is what most applications
# use. Using an incorrect cookie version may open your installation to
# evasion attacks (against the rules that examine named cookies).
#
SecCookieFormat 0
# Specify your Unicode Code Point.
# This mapping is used by the t:urlDecodeUni transformation function
# to properly map encoded data to your language. Properly setting
# these directives helps to reduce false positives and negatives.
#
SecUnicodeMapFile unicode.mapping 20127
# Improve the quality of ModSecurity by sharing information about your
# current ModSecurity version and dependencies versions.
# The following information will be shared: ModSecurity version,
# Web Server version, APR version, PCRE version, Lua version, Libxml2
# version, Anonymous unique id for host.
SecStatusEngine On

11
modsecurity.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: ModSecurity
Description: ModSecurity API
Version: @MSC_VERSION_WITH_PATCHLEVEL@
Cflags: -I@includedir@
Libs: -L@libdir@ -lmodsecurity
Libs.private: @CURL_LDADD@ @GEOIP_LDADD@ @MAXMIND_LDADD@ @GLOBAL_LDADD@ @LIBXML2_LDADD@ @LMDB_LDADD@ @LUA_LDADD@ @PCRE_LDADD@ @SSDEEP_LDADD@ @YAJL_LDADD@

28
others/Makefile.am Normal file
View File

@ -0,0 +1,28 @@
noinst_LTLIBRARIES = libinjection.la libmbedtls.la
libinjection_la_SOURCES = \
libinjection/src/libinjection_html5.c \
libinjection/src/libinjection_sqli.c \
libinjection/src/libinjection_xss.c
noinst_HEADERS = \
libinjection/src/libinjection.h \
libinjection/src/libinjection_html5.h \
libinjection/src/libinjection_sqli.h \
libinjection/src/libinjection_sqli_data.h \
libinjection/src/libinjection_xss.h \
mbedtls/base64.h \
mbedtls/check_config.h \
mbedtls/mbed-tls-config.h \
mbedtls/md5.h \
mbedtls/platform.h \
mbedtls/sha1.h
libmbedtls_la_SOURCES = \
mbedtls/base64.c \
mbedtls/md5.c \
mbedtls/sha1.c
libmbedtls_la_CFLAGS = -D MBEDTLS_CONFIG_FILE=\"mbed-tls-config.h\" -Iothers
libmbedtls_la_CPPFLAGS =
libmbedtls_la_LIBADD =

1
others/libinjection Submodule

@ -0,0 +1 @@
Subproject commit bfba51f5af8f1f6cf5d6c4bf862f1e2474e018e3

289
others/mbedtls/base64.c Normal file
View File

@ -0,0 +1,289 @@
/*
* RFC 1521 base64 encoding/decoding
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h"
#include <stdint.h>
#if defined(MBEDTLS_SELF_TEST)
#include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
static const unsigned char base64_enc_map[64] =
{
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', '+', '/'
};
static const unsigned char base64_dec_map[128] =
{
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
49, 50, 51, 127, 127, 127, 127, 127
};
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
/*
* Encode a buffer into base64 format
*/
int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen )
{
size_t i, n;
int C1, C2, C3;
unsigned char *p;
if( slen == 0 )
{
*olen = 0;
return( 0 );
}
n = slen / 3 + ( slen % 3 != 0 );
if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
{
*olen = BASE64_SIZE_T_MAX;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
}
n *= 4;
if( dlen < n + 1 )
{
*olen = n + 1;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
}
n = ( slen / 3 ) * 3;
for( i = 0, p = dst; i < n; i += 3 )
{
C1 = *src++;
C2 = *src++;
C3 = *src++;
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
*p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
*p++ = base64_enc_map[C3 & 0x3F];
}
if( i < slen )
{
C1 = *src++;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
if( ( i + 1 ) < slen )
*p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
else *p++ = '=';
*p++ = '=';
}
*olen = p - dst;
*p = 0;
return( 0 );
}
/*
* Decode a base64-formatted buffer
*/
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen )
{
size_t i, n;
uint32_t j, x;
unsigned char *p;
/* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ )
{
/* Skip spaces before checking for EOL */
x = 0;
while( i < slen && src[i] == ' ' )
{
++i;
++x;
}
/* Spaces at end of buffer are OK */
if( i == slen )
break;
if( ( slen - i ) >= 2 &&
src[i] == '\r' && src[i + 1] == '\n' )
continue;
if( src[i] == '\n' )
continue;
/* Space inside a line is an error */
if( x != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] == '=' && ++j > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( base64_dec_map[src[i]] < 64 && j != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
n++;
}
if( n == 0 )
{
*olen = 0;
return( 0 );
}
n = ( ( n * 6 ) + 7 ) >> 3;
n -= j;
if( dst == NULL || dlen < n )
{
*olen = n;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
}
for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
{
if( *src == '\r' || *src == '\n' || *src == ' ' )
continue;
j -= ( base64_dec_map[*src] == 64 );
x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
if( ++n == 4 )
{
n = 0;
if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
if( j > 1 ) *p++ = (unsigned char)( x >> 8 );
if( j > 2 ) *p++ = (unsigned char)( x );
}
}
*olen = p - dst;
return( 0 );
}
#if defined(MBEDTLS_SELF_TEST)
static const unsigned char base64_test_dec[64] =
{
0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13,
0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31,
0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38,
0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B,
0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97
};
static const unsigned char base64_test_enc[] =
"JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK"
"swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw==";
/*
* Checkup routine
*/
int mbedtls_base64_self_test( int verbose )
{
size_t len;
const unsigned char *src;
unsigned char buffer[128];
if( verbose != 0 )
mbedtls_printf( " Base64 encoding test: " );
src = base64_test_dec;
if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
mbedtls_printf( "passed\n Base64 decoding test: " );
src = base64_test_enc;
if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
mbedtls_printf( "passed\n\n" );
return( 0 );
}
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_BASE64_C */

88
others/mbedtls/base64.h Normal file
View File

@ -0,0 +1,88 @@
/**
* \file base64.h
*
* \brief RFC 1521 base64 encoding/decoding
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
#include <stddef.h>
#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Encode a buffer into base64 format
*
* \param dst destination buffer
* \param dlen size of the destination buffer
* \param olen number of bytes written
* \param src source buffer
* \param slen amount of data to be encoded
*
* \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
* *olen is always updated to reflect the amount
* of data that has (or would have) been written.
* If that length cannot be represented, then no data is
* written to the buffer and *olen is set to the maximum
* length representable as a size_t.
*
* \note Call this function with dlen = 0 to obtain the
* required buffer size in *olen
*/
int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen );
/**
* \brief Decode a base64-formatted buffer
*
* \param dst destination buffer (can be NULL for checking size)
* \param dlen size of the destination buffer
* \param olen number of bytes written
* \param src source buffer
* \param slen amount of data to be decoded
*
* \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
* MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
* not correct. *olen is always updated to reflect the amount
* of data that has (or would have) been written.
*
* \note Call this function with *dst = NULL or dlen = 0 to obtain
* the required buffer size in *olen
*/
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_base64_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* base64.h */

540
others/mbedtls/check_config.h Normal file
View File

@ -0,0 +1,540 @@
/**
* \file check_config.h
*
* \brief Consistency checks for configuration options
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* It is recommended to include this file from your config.h
* in order to catch dependency issues early.
*/
#ifndef MBEDTLS_CHECK_CONFIG_H
#define MBEDTLS_CHECK_CONFIG_H
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.
*/
#include <limits.h>
#if CHAR_BIT != 8
#error "mbed TLS requires a platform with 8-bit chars"
#endif
#if defined(_WIN32)
#if !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_C is required on Windows"
#endif
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
* it would confuse config.pl. */
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#endif
#endif /* _WIN32 */
#if defined(TARGET_LIKE_MBED) && \
( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
#endif
#if defined(MBEDTLS_DEPRECATED_WARNING) && \
!defined(__GNUC__) && !defined(__clang__)
#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDSA_C) && \
( !defined(MBEDTLS_ECP_C) || \
!defined(MBEDTLS_ASN1_PARSE_C) || \
!defined(MBEDTLS_ASN1_WRITE_C) )
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECJPAKE_C) && \
( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_SHA256_C))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \
defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_GCM_C) && ( \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
!defined(MBEDTLS_ECDH_C)
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) )
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_PKCS1_V15) )
#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_PKCS1_V15) )
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_C) && \
( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
defined(MBEDTLS_PLATFORM_EXIT_ALT) )
#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
defined(MBEDTLS_PLATFORM_STD_FREE)
#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
#endif
#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
defined(MBEDTLS_PLATFORM_STD_CALLOC)
#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
#endif
#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
!defined(MBEDTLS_PLATFORM_EXIT_ALT)
#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
!defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
!defined(MBEDTLS_PLATFORM_PRINTF_ALT)
#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
!defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) || \
!defined(MBEDTLS_SHA1_C) )
#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
!defined(MBEDTLS_SHA1_C) )
#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) || \
!defined(MBEDTLS_SHA1_C) )
#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \
!defined(MBEDTLS_MD_C) )
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
!defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2))
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
#error "Illegal protocol selection"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
#error "Illegal protocol selection"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
!defined(MBEDTLS_SSL_PROTO_TLS1_1)))
#error "Illegal protocol selection"
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
!defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
#endif
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
!defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
!defined(MBEDTLS_X509_CRT_PARSE_C)
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_THREADING_PTHREAD)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
#endif
#define MBEDTLS_THREADING_IMPL
#endif
#if defined(MBEDTLS_THREADING_ALT)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
#endif
#define MBEDTLS_THREADING_IMPL
#endif
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_C defined, single threading implementation required"
#endif
#undef MBEDTLS_THREADING_IMPL
#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
!defined(MBEDTLS_PK_PARSE_C) )
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
!defined(MBEDTLS_PK_WRITE_C) )
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
* #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
*/
typedef int mbedtls_iso_c_forbids_empty_translation_units;
#endif /* MBEDTLS_CHECK_CONFIG_H */

2511
others/mbedtls/mbed-tls-config.h Normal file
View File

File diff suppressed because it is too large Load Diff

404
others/mbedtls/md5.c Normal file
View File

@ -0,0 +1,404 @@
/*
* RFC 1321 compliant MD5 implementation
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The MD5 algorithm was designed by Ron Rivest in 1991.
*
* http://www.ietf.org/rfc/rfc1321.txt
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
#include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD5_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
void mbedtls_md5_init( mbedtls_md5_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_md5_context ) );
}
void mbedtls_md5_free( mbedtls_md5_context *ctx )
{
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) );
}
void mbedtls_md5_clone( mbedtls_md5_context *dst,
const mbedtls_md5_context *src )
{
*dst = *src;
}
/*
* MD5 context setup
*/
void mbedtls_md5_starts( mbedtls_md5_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xEFCDAB89;
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
}
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] )
{
uint32_t X[16], A, B, C, D;
GET_UINT32_LE( X[ 0], data, 0 );
GET_UINT32_LE( X[ 1], data, 4 );
GET_UINT32_LE( X[ 2], data, 8 );
GET_UINT32_LE( X[ 3], data, 12 );
GET_UINT32_LE( X[ 4], data, 16 );
GET_UINT32_LE( X[ 5], data, 20 );
GET_UINT32_LE( X[ 6], data, 24 );
GET_UINT32_LE( X[ 7], data, 28 );
GET_UINT32_LE( X[ 8], data, 32 );
GET_UINT32_LE( X[ 9], data, 36 );
GET_UINT32_LE( X[10], data, 40 );
GET_UINT32_LE( X[11], data, 44 );
GET_UINT32_LE( X[12], data, 48 );
GET_UINT32_LE( X[13], data, 52 );
GET_UINT32_LE( X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
#define P(a,b,c,d,k,s,t) \
{ \
a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \
}
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
#define F(x,y,z) (z ^ (x & (y ^ z)))
P( A, B, C, D, 0, 7, 0xD76AA478 );
P( D, A, B, C, 1, 12, 0xE8C7B756 );
P( C, D, A, B, 2, 17, 0x242070DB );
P( B, C, D, A, 3, 22, 0xC1BDCEEE );
P( A, B, C, D, 4, 7, 0xF57C0FAF );
P( D, A, B, C, 5, 12, 0x4787C62A );
P( C, D, A, B, 6, 17, 0xA8304613 );
P( B, C, D, A, 7, 22, 0xFD469501 );
P( A, B, C, D, 8, 7, 0x698098D8 );
P( D, A, B, C, 9, 12, 0x8B44F7AF );
P( C, D, A, B, 10, 17, 0xFFFF5BB1 );
P( B, C, D, A, 11, 22, 0x895CD7BE );
P( A, B, C, D, 12, 7, 0x6B901122 );
P( D, A, B, C, 13, 12, 0xFD987193 );
P( C, D, A, B, 14, 17, 0xA679438E );
P( B, C, D, A, 15, 22, 0x49B40821 );
#undef F
#define F(x,y,z) (y ^ (z & (x ^ y)))
P( A, B, C, D, 1, 5, 0xF61E2562 );
P( D, A, B, C, 6, 9, 0xC040B340 );
P( C, D, A, B, 11, 14, 0x265E5A51 );
P( B, C, D, A, 0, 20, 0xE9B6C7AA );
P( A, B, C, D, 5, 5, 0xD62F105D );
P( D, A, B, C, 10, 9, 0x02441453 );
P( C, D, A, B, 15, 14, 0xD8A1E681 );
P( B, C, D, A, 4, 20, 0xE7D3FBC8 );
P( A, B, C, D, 9, 5, 0x21E1CDE6 );
P( D, A, B, C, 14, 9, 0xC33707D6 );
P( C, D, A, B, 3, 14, 0xF4D50D87 );
P( B, C, D, A, 8, 20, 0x455A14ED );
P( A, B, C, D, 13, 5, 0xA9E3E905 );
P( D, A, B, C, 2, 9, 0xFCEFA3F8 );
P( C, D, A, B, 7, 14, 0x676F02D9 );
P( B, C, D, A, 12, 20, 0x8D2A4C8A );
#undef F
#define F(x,y,z) (x ^ y ^ z)
P( A, B, C, D, 5, 4, 0xFFFA3942 );
P( D, A, B, C, 8, 11, 0x8771F681 );
P( C, D, A, B, 11, 16, 0x6D9D6122 );
P( B, C, D, A, 14, 23, 0xFDE5380C );
P( A, B, C, D, 1, 4, 0xA4BEEA44 );
P( D, A, B, C, 4, 11, 0x4BDECFA9 );
P( C, D, A, B, 7, 16, 0xF6BB4B60 );
P( B, C, D, A, 10, 23, 0xBEBFBC70 );
P( A, B, C, D, 13, 4, 0x289B7EC6 );
P( D, A, B, C, 0, 11, 0xEAA127FA );
P( C, D, A, B, 3, 16, 0xD4EF3085 );
P( B, C, D, A, 6, 23, 0x04881D05 );
P( A, B, C, D, 9, 4, 0xD9D4D039 );
P( D, A, B, C, 12, 11, 0xE6DB99E5 );
P( C, D, A, B, 15, 16, 0x1FA27CF8 );
P( B, C, D, A, 2, 23, 0xC4AC5665 );
#undef F
#define F(x,y,z) (y ^ (x | ~z))
P( A, B, C, D, 0, 6, 0xF4292244 );
P( D, A, B, C, 7, 10, 0x432AFF97 );
P( C, D, A, B, 14, 15, 0xAB9423A7 );
P( B, C, D, A, 5, 21, 0xFC93A039 );
P( A, B, C, D, 12, 6, 0x655B59C3 );
P( D, A, B, C, 3, 10, 0x8F0CCC92 );
P( C, D, A, B, 10, 15, 0xFFEFF47D );
P( B, C, D, A, 1, 21, 0x85845DD1 );
P( A, B, C, D, 8, 6, 0x6FA87E4F );
P( D, A, B, C, 15, 10, 0xFE2CE6E0 );
P( C, D, A, B, 6, 15, 0xA3014314 );
P( B, C, D, A, 13, 21, 0x4E0811A1 );
P( A, B, C, D, 4, 6, 0xF7537E82 );
P( D, A, B, C, 11, 10, 0xBD3AF235 );
P( C, D, A, B, 2, 15, 0x2AD7D2BB );
P( B, C, D, A, 9, 21, 0xEB86D391 );
#undef F
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
}
#endif /* !MBEDTLS_MD5_PROCESS_ALT */
/*
* MD5 process buffer
*/
void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
uint32_t left;
if( ilen == 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
memcpy( (void *) (ctx->buffer + left), input, fill );
mbedtls_md5_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 )
{
mbedtls_md5_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
{
memcpy( (void *) (ctx->buffer + left), input, ilen );
}
}
static const unsigned char md5_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* MD5 final digest
*/
void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_UINT32_LE( low, msglen, 0 );
PUT_UINT32_LE( high, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
mbedtls_md5_update( ctx, md5_padding, padn );
mbedtls_md5_update( ctx, msglen, 8 );
PUT_UINT32_LE( ctx->state[0], output, 0 );
PUT_UINT32_LE( ctx->state[1], output, 4 );
PUT_UINT32_LE( ctx->state[2], output, 8 );
PUT_UINT32_LE( ctx->state[3], output, 12 );
}
#endif /* !MBEDTLS_MD5_ALT */
/*
* output = MD5( input buffer )
*/
void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
{
mbedtls_md5_context ctx;
mbedtls_md5_init( &ctx );
mbedtls_md5_starts( &ctx );
mbedtls_md5_update( &ctx, input, ilen );
mbedtls_md5_finish( &ctx, output );
mbedtls_md5_free( &ctx );
}
#if defined(MBEDTLS_SELF_TEST)
/*
* RFC 1321 test vectors
*/
static const unsigned char md5_test_buf[7][81] =
{
{ "" },
{ "a" },
{ "abc" },
{ "message digest" },
{ "abcdefghijklmnopqrstuvwxyz" },
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
{ "12345678901234567890123456789012345678901234567890123456789012" \
"345678901234567890" }
};
static const int md5_test_buflen[7] =
{
0, 1, 3, 14, 26, 62, 80
};
static const unsigned char md5_test_sum[7][16] =
{
{ 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E },
{ 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 },
{ 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 },
{ 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 },
{ 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B },
{ 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F },
{ 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A }
};
/*
* Checkup routine
*/
int mbedtls_md5_self_test( int verbose )
{
int i;
unsigned char md5sum[16];
for( i = 0; i < 7; i++ )
{
if( verbose != 0 )
mbedtls_printf( " MD5 test #%d: ", i + 1 );
mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
mbedtls_printf( "passed\n" );
}
if( verbose != 0 )
mbedtls_printf( "\n" );
return( 0 );
}
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_MD5_C */

136
others/mbedtls/md5.h Normal file
View File

@ -0,0 +1,136 @@
/**
* \file md5.h
*
* \brief MD5 message digest algorithm (hash function)
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#include <stdint.h>
#if !defined(MBEDTLS_MD5_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief MD5 context structure
*/
typedef struct
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
}
mbedtls_md5_context;
/**
* \brief Initialize MD5 context
*
* \param ctx MD5 context to be initialized
*/
void mbedtls_md5_init( mbedtls_md5_context *ctx );
/**
* \brief Clear MD5 context
*
* \param ctx MD5 context to be cleared
*/
void mbedtls_md5_free( mbedtls_md5_context *ctx );
/**
* \brief Clone (the state of) an MD5 context
*
* \param dst The destination context
* \param src The context to be cloned
*/
void mbedtls_md5_clone( mbedtls_md5_context *dst,
const mbedtls_md5_context *src );
/**
* \brief MD5 context setup
*
* \param ctx context to be initialized
*/
void mbedtls_md5_starts( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
*
* \param ctx MD5 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief MD5 final digest
*
* \param ctx MD5 context
* \param output MD5 checksum result
*/
void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
/* Internal use */
void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_MD5_ALT */
#include "md5_alt.h"
#endif /* MBEDTLS_MD5_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = MD5( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output MD5 checksum result
*/
void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_md5_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* mbedtls_md5.h */

214
others/mbedtls/platform.h Normal file
View File

@ -0,0 +1,214 @@
/**
* \file platform.h
*
* \brief mbed TLS Platform abstraction layer
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#ifdef __cplusplus
extern "C" {
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
#if defined(_WIN32)
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */
#else
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */
#endif
#endif
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default free to use */
#endif
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
#include MBEDTLS_PLATFORM_STD_MEM_HDR
#endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
/* \} name SECTION: Module settings */
/*
* The function pointers for calloc and free
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
#else
/* For size_t */
#include <stddef.h>
extern void * (*mbedtls_calloc)( size_t n, size_t size );
extern void (*mbedtls_free)( void *ptr );
/**
* \brief Set your own memory implementation function pointers
*
* \param calloc_func the calloc function implementation
* \param free_func the free function implementation
*
* \return 0 if successful
*/
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
void (*free_func)( void * ) );
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
#define mbedtls_free free
#define mbedtls_calloc calloc
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
/*
* The function pointers for fprintf
*/
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
/* We need FILE * */
#include <stdio.h>
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
/**
* \brief Set your own fprintf function pointer
*
* \param fprintf_func the fprintf function implementation
*
* \return 0
*/
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
... ) );
#else
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
#else
#define mbedtls_fprintf fprintf
#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
/*
* The function pointers for printf
*/
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
extern int (*mbedtls_printf)( const char *format, ... );
/**
* \brief Set your own printf function pointer
*
* \param printf_func the printf function implementation
*
* \return 0
*/
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
#else
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
/*
* The function pointers for snprintf
*
* The snprintf implementation should conform to C99:
* - it *must* always correctly zero-terminate the buffer
* (except when n == 0, then it must leave the buffer untouched)
* - however it is acceptable to return -1 instead of the required length when
* the destination buffer is too short.
*/
#if defined(_WIN32)
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
/**
* \brief Set your own snprintf function pointer
*
* \param snprintf_func the snprintf function implementation
*
* \return 0
*/
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
const char * format, ... ) );
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else
#define mbedtls_snprintf snprintf
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
/*
* The function pointers for exit
*/
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
extern void (*mbedtls_exit)( int status );
/**
* \brief Set your own exit function pointer
*
* \param exit_func the exit function implementation
*
* \return 0
*/
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
#else
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
#else
#define mbedtls_exit exit
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
#ifdef __cplusplus
}
#endif
#endif /* platform.h */

448
others/mbedtls/sha1.c Normal file
View File

@ -0,0 +1,448 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The SHA-1 standard was published by NIST in 1993.
*
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA1_C)
#include "mbedtls/sha1.h"
#include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA1_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
}
void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
{
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
}
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src )
{
*dst = *src;
}
/*
* SHA-1 context setup
*/
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xEFCDAB89;
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xC3D2E1F0;
}
#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
{
uint32_t temp, W[16], A, B, C, D, E;
GET_UINT32_BE( W[ 0], data, 0 );
GET_UINT32_BE( W[ 1], data, 4 );
GET_UINT32_BE( W[ 2], data, 8 );
GET_UINT32_BE( W[ 3], data, 12 );
GET_UINT32_BE( W[ 4], data, 16 );
GET_UINT32_BE( W[ 5], data, 20 );
GET_UINT32_BE( W[ 6], data, 24 );
GET_UINT32_BE( W[ 7], data, 28 );
GET_UINT32_BE( W[ 8], data, 32 );
GET_UINT32_BE( W[ 9], data, 36 );
GET_UINT32_BE( W[10], data, 40 );
GET_UINT32_BE( W[11], data, 44 );
GET_UINT32_BE( W[12], data, 48 );
GET_UINT32_BE( W[13], data, 52 );
GET_UINT32_BE( W[14], data, 56 );
GET_UINT32_BE( W[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
#define R(t) \
( \
temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
( W[t & 0x0F] = S(temp,1) ) \
)
#define P(a,b,c,d,e,x) \
{ \
e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
}
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
E = ctx->state[4];
#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999
P( A, B, C, D, E, W[0] );
P( E, A, B, C, D, W[1] );
P( D, E, A, B, C, W[2] );
P( C, D, E, A, B, W[3] );
P( B, C, D, E, A, W[4] );
P( A, B, C, D, E, W[5] );
P( E, A, B, C, D, W[6] );
P( D, E, A, B, C, W[7] );
P( C, D, E, A, B, W[8] );
P( B, C, D, E, A, W[9] );
P( A, B, C, D, E, W[10] );
P( E, A, B, C, D, W[11] );
P( D, E, A, B, C, W[12] );
P( C, D, E, A, B, W[13] );
P( B, C, D, E, A, W[14] );
P( A, B, C, D, E, W[15] );
P( E, A, B, C, D, R(16) );
P( D, E, A, B, C, R(17) );
P( C, D, E, A, B, R(18) );
P( B, C, D, E, A, R(19) );
#undef K
#undef F
#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1
P( A, B, C, D, E, R(20) );
P( E, A, B, C, D, R(21) );
P( D, E, A, B, C, R(22) );
P( C, D, E, A, B, R(23) );
P( B, C, D, E, A, R(24) );
P( A, B, C, D, E, R(25) );
P( E, A, B, C, D, R(26) );
P( D, E, A, B, C, R(27) );
P( C, D, E, A, B, R(28) );
P( B, C, D, E, A, R(29) );
P( A, B, C, D, E, R(30) );
P( E, A, B, C, D, R(31) );
P( D, E, A, B, C, R(32) );
P( C, D, E, A, B, R(33) );
P( B, C, D, E, A, R(34) );
P( A, B, C, D, E, R(35) );
P( E, A, B, C, D, R(36) );
P( D, E, A, B, C, R(37) );
P( C, D, E, A, B, R(38) );
P( B, C, D, E, A, R(39) );
#undef K
#undef F
#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC
P( A, B, C, D, E, R(40) );
P( E, A, B, C, D, R(41) );
P( D, E, A, B, C, R(42) );
P( C, D, E, A, B, R(43) );
P( B, C, D, E, A, R(44) );
P( A, B, C, D, E, R(45) );
P( E, A, B, C, D, R(46) );
P( D, E, A, B, C, R(47) );
P( C, D, E, A, B, R(48) );
P( B, C, D, E, A, R(49) );
P( A, B, C, D, E, R(50) );
P( E, A, B, C, D, R(51) );
P( D, E, A, B, C, R(52) );
P( C, D, E, A, B, R(53) );
P( B, C, D, E, A, R(54) );
P( A, B, C, D, E, R(55) );
P( E, A, B, C, D, R(56) );
P( D, E, A, B, C, R(57) );
P( C, D, E, A, B, R(58) );
P( B, C, D, E, A, R(59) );
#undef K
#undef F
#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6
P( A, B, C, D, E, R(60) );
P( E, A, B, C, D, R(61) );
P( D, E, A, B, C, R(62) );
P( C, D, E, A, B, R(63) );
P( B, C, D, E, A, R(64) );
P( A, B, C, D, E, R(65) );
P( E, A, B, C, D, R(66) );
P( D, E, A, B, C, R(67) );
P( C, D, E, A, B, R(68) );
P( B, C, D, E, A, R(69) );
P( A, B, C, D, E, R(70) );
P( E, A, B, C, D, R(71) );
P( D, E, A, B, C, R(72) );
P( C, D, E, A, B, R(73) );
P( B, C, D, E, A, R(74) );
P( A, B, C, D, E, R(75) );
P( E, A, B, C, D, R(76) );
P( D, E, A, B, C, R(77) );
P( C, D, E, A, B, R(78) );
P( B, C, D, E, A, R(79) );
#undef K
#undef F
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
ctx->state[4] += E;
}
#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
/*
* SHA-1 process buffer
*/
void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
{
size_t fill;
uint32_t left;
if( ilen == 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
memcpy( (void *) (ctx->buffer + left), input, fill );
mbedtls_sha1_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 )
{
mbedtls_sha1_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
memcpy( (void *) (ctx->buffer + left), input, ilen );
}
static const unsigned char sha1_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* SHA-1 final digest
*/
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
{
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_UINT32_BE( high, msglen, 0 );
PUT_UINT32_BE( low, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
mbedtls_sha1_update( ctx, sha1_padding, padn );
mbedtls_sha1_update( ctx, msglen, 8 );
PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 );
PUT_UINT32_BE( ctx->state[2], output, 8 );
PUT_UINT32_BE( ctx->state[3], output, 12 );
PUT_UINT32_BE( ctx->state[4], output, 16 );
}
#endif /* !MBEDTLS_SHA1_ALT */
/*
* output = SHA-1( input buffer )
*/
void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
{
mbedtls_sha1_context ctx;
mbedtls_sha1_init( &ctx );
mbedtls_sha1_starts( &ctx );
mbedtls_sha1_update( &ctx, input, ilen );
mbedtls_sha1_finish( &ctx, output );
mbedtls_sha1_free( &ctx );
}
#if defined(MBEDTLS_SELF_TEST)
/*
* FIPS-180-1 test vectors
*/
static const unsigned char sha1_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
{ "" }
};
static const int sha1_test_buflen[3] =
{
3, 56, 1000
};
static const unsigned char sha1_test_sum[3][20] =
{
{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
};
/*
* Checkup routine
*/
int mbedtls_sha1_self_test( int verbose )
{
int i, j, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha1sum[20];
mbedtls_sha1_context ctx;
mbedtls_sha1_init( &ctx );
/*
* SHA-1
*/
for( i = 0; i < 3; i++ )
{
if( verbose != 0 )
mbedtls_printf( " SHA-1 test #%d: ", i + 1 );
mbedtls_sha1_starts( &ctx );
if( i == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
mbedtls_sha1_update( &ctx, buf, buflen );
}
else
mbedtls_sha1_update( &ctx, sha1_test_buf[i],
sha1_test_buflen[i] );
mbedtls_sha1_finish( &ctx, sha1sum );
if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
ret = 1;
goto exit;
}
if( verbose != 0 )
mbedtls_printf( "passed\n" );
}
if( verbose != 0 )
mbedtls_printf( "\n" );
exit:
mbedtls_sha1_free( &ctx );
return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_SHA1_C */

136
others/mbedtls/sha1.h Normal file
View File

@ -0,0 +1,136 @@
/**
* \file sha1.h
*
* \brief SHA-1 cryptographic hash function
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#include <stdint.h>
#if !defined(MBEDTLS_SHA1_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief SHA-1 context structure
*/
typedef struct
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
}
mbedtls_sha1_context;
/**
* \brief Initialize SHA-1 context
*
* \param ctx SHA-1 context to be initialized
*/
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
/**
* \brief Clear SHA-1 context
*
* \param ctx SHA-1 context to be cleared
*/
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
/**
* \brief Clone (the state of) a SHA-1 context
*
* \param dst The destination context
* \param src The context to be cloned
*/
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src );
/**
* \brief SHA-1 context setup
*
* \param ctx context to be initialized
*/
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
/**
* \brief SHA-1 process buffer
*
* \param ctx SHA-1 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief SHA-1 final digest
*
* \param ctx SHA-1 context
* \param output SHA-1 checksum result
*/
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
/* Internal use */
void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_SHA1_ALT */
#include "sha1_alt.h"
#endif /* MBEDTLS_SHA1_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = SHA-1( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output SHA-1 checksum result
*/
void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_sha1_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* mbedtls_sha1.h */

BIN
others/modsec.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

364
src/Makefile.am Normal file
View File

@ -0,0 +1,364 @@
if BUILD_PARSER
export MAYBE_PARSER = parser
endif
SUBDIRS = \
$(MAYBE_PARSER)
lib_LTLIBRARIES = libmodsecurity.la
libmodsecurity_ladir = $(prefix)/include
libmodsecurity_includesub_collectiondir = $(pkgincludedir)/collection/
libmodsecurity_includesub_actionsdir = $(pkgincludedir)/actions/
# pregenerated parser + parser sources
EXTRA_DIST = \
parser/Makefile.am \
parser/Makefile.in \
parser/location.hh \
parser/position.hh \
parser/seclang-parser.cc \
parser/seclang-parser.hh \
parser/seclang-parser.yy \
parser/seclang-scanner.cc \
parser/seclang-scanner.ll \
parser/stack.hh
MAINTAINERCLEANFILES = \
Makefile.in \
config.h.in \
config.h.in~
pkginclude_HEADERS = \
../headers/modsecurity/anchored_set_variable_translation_proxy.h \
../headers/modsecurity/anchored_set_variable.h \
../headers/modsecurity/anchored_variable.h \
../headers/modsecurity/audit_log.h \
../headers/modsecurity/debug_log.h \
../headers/modsecurity/intervention.h \
../headers/modsecurity/modsecurity.h \
../headers/modsecurity/rule.h \
../headers/modsecurity/rule_marker.h \
../headers/modsecurity/rule_unconditional.h \
../headers/modsecurity/rule_with_actions.h \
../headers/modsecurity/rule_with_operator.h \
../headers/modsecurity/rules.h \
../headers/modsecurity/rule_message.h \
../headers/modsecurity/rules_set.h \
../headers/modsecurity/rules_set_phases.h \
../headers/modsecurity/rules_set_properties.h \
../headers/modsecurity/rules_exceptions.h \
../headers/modsecurity/transaction.h \
../headers/modsecurity/variable_origin.h \
../headers/modsecurity/variable_value.h
libmodsecurity_includesub_collection_HEADERS = \
../headers/modsecurity/collection/collection.h \
../headers/modsecurity/collection/collections.h
libmodsecurity_includesub_actions_HEADERS = \
../headers/modsecurity/actions/action.h
noinst_HEADERS = \
actions/*.h \
actions/ctl/*.h \
actions/data/*.h \
actions/disruptive/*.h \
actions/transformations/*.h \
debug_log/*.h \
audit_log/writer/*.h \
collection/backend/*.h \
operators/*.h \
parser/*.h \
request_body_processor/*.h \
utils/*.h \
variables/*.h \
engine/*.h \
*.h
ENGINES = \
engine/lua.cc
VARIABLES = \
variables/duration.cc \
variables/env.cc \
variables/highest_severity.cc \
variables/modsec_build.cc \
variables/remote_user.cc \
variables/rule.cc \
variables/time.cc \
variables/time_day.cc \
variables/time_epoch.cc \
variables/time_hour.cc \
variables/time_min.cc \
variables/time_mon.cc \
variables/time_sec.cc \
variables/time_wday.cc \
variables/time_year.cc \
variables/tx.cc \
variables/variable.cc \
variables/xml.cc
ACTIONS = \
actions/accuracy.cc \
actions/action.cc \
actions/audit_log.cc \
actions/block.cc \
actions/capture.cc \
actions/chain.cc \
actions/ctl/audit_log_parts.cc \
actions/ctl/audit_engine.cc \
actions/ctl/rule_engine.cc \
actions/ctl/request_body_processor_json.cc \
actions/ctl/request_body_processor_xml.cc \
actions/ctl/request_body_processor_urlencoded.cc \
actions/ctl/rule_remove_target_by_tag.cc \
actions/ctl/rule_remove_target_by_id.cc \
actions/ctl/rule_remove_by_id.cc \
actions/ctl/rule_remove_by_tag.cc \
actions/ctl/request_body_access.cc\
actions/disruptive/allow.cc \
actions/disruptive/deny.cc \
actions/disruptive/drop.cc \
actions/disruptive/redirect.cc \
actions/disruptive/pass.cc \
actions/exec.cc \
actions/init_col.cc \
actions/log.cc \
actions/log_data.cc \
actions/maturity.cc \
actions/msg.cc \
actions/multi_match.cc \
actions/no_audit_log.cc \
actions/no_log.cc \
actions/phase.cc \
actions/rev.cc \
actions/rule_id.cc \
actions/severity.cc \
actions/set_env.cc \
actions/set_rsc.cc \
actions/set_sid.cc \
actions/set_uid.cc \
actions/set_var.cc \
actions/data/status.cc \
actions/skip.cc \
actions/skip_after.cc \
actions/tag.cc \
actions/transformations/base64_decode.cc \
actions/transformations/base64_encode.cc \
actions/transformations/base64_decode_ext.cc \
actions/transformations/cmd_line.cc \
actions/transformations/compress_whitespace.cc \
actions/transformations/css_decode.cc \
actions/transformations/escape_seq_decode.cc \
actions/transformations/hex_decode.cc \
actions/transformations/hex_encode.cc \
actions/transformations/html_entity_decode.cc \
actions/transformations/js_decode.cc \
actions/transformations/length.cc \
actions/transformations/lower_case.cc \
actions/transformations/md5.cc \
actions/transformations/none.cc \
actions/transformations/normalise_path.cc \
actions/transformations/normalise_path_win.cc \
actions/transformations/parity_even_7bit.cc \
actions/transformations/parity_odd_7bit.cc \
actions/transformations/parity_zero_7bit.cc \
actions/transformations/remove_comments.cc \
actions/transformations/remove_comments_char.cc \
actions/transformations/remove_nulls.cc \
actions/transformations/remove_whitespace.cc \
actions/transformations/replace_comments.cc \
actions/transformations/replace_nulls.cc \
actions/transformations/sha1.cc \
actions/transformations/sql_hex_decode.cc \
actions/transformations/transformation.cc \
actions/transformations/trim.cc \
actions/transformations/trim_left.cc \
actions/transformations/trim_right.cc \
actions/transformations/upper_case.cc \
actions/transformations/url_decode.cc \
actions/transformations/url_decode_uni.cc \
actions/transformations/url_encode.cc \
actions/transformations/utf8_to_unicode.cc \
actions/ver.cc \
actions/xmlns.cc
OPERATORS = \
operators/begins_with.cc \
operators/contains.cc \
operators/contains_word.cc \
operators/detect_sqli.cc \
operators/detect_xss.cc \
operators/ends_with.cc \
operators/eq.cc \
operators/fuzzy_hash.cc \
operators/ge.cc \
operators/geo_lookup.cc \
operators/gsblookup.cc \
operators/gt.cc \
operators/inspect_file.cc \
operators/ip_match.cc \
operators/ip_match_f.cc \
operators/ip_match_from_file.cc \
operators/le.cc \
operators/lt.cc \
operators/no_match.cc \
operators/operator.cc \
operators/pm.cc \
operators/pm_f.cc \
operators/pm_from_file.cc \
operators/rbl.cc \
operators/rsub.cc \
operators/rx.cc \
operators/rx_global.cc \
operators/str_eq.cc \
operators/str_match.cc \
operators/validate_byte_range.cc \
operators/validate_dtd.cc \
operators/validate_hash.cc \
operators/validate_schema.cc \
operators/validate_url_encoding.cc \
operators/validate_utf8_encoding.cc \
operators/verify_cc.cc \
operators/verify_cpf.cc \
operators/verify_ssn.cc \
operators/verify_svnr.cc \
operators/within.cc \
operators/unconditional_match.cc
UTILS = \
utils/acmp.cc \
utils/base64.cc \
utils/decode.cc \
utils/geo_lookup.cc \
utils/https_client.cc \
utils/ip_tree.cc \
utils/md5.cc \
utils/msc_tree.cc \
utils/random.cc \
utils/regex.cc \
utils/sha1.cc \
utils/string.cc \
utils/system.cc \
utils/shared_files.cc
COLLECTION = \
collection/collections.cc \
collection/backend/in_memory-per_process.cc \
collection/backend/lmdb.cc
BODY_PROCESSORS = \
request_body_processor/multipart.cc \
request_body_processor/xml.cc \
request_body_processor/json.cc
libmodsecurity_la_SOURCES = \
parser/seclang-parser.cc \
parser/seclang-scanner.cc \
parser/driver.cc \
transaction.cc \
anchored_set_variable.cc \
anchored_variable.cc \
audit_log/audit_log.cc \
audit_log/writer/writer.cc \
audit_log/writer/https.cc \
audit_log/writer/serial.cc \
audit_log/writer/parallel.cc \
modsecurity.cc \
rules_set.cc \
rules_set_phases.cc \
rules_set_properties.cc \
debug_log/debug_log.cc \
debug_log/debug_log_writer.cc \
run_time_string.cc \
rule.cc \
rule_unconditional.cc \
rule_with_actions.cc \
rule_with_operator.cc \
rule_message.cc \
rule_script.cc \
unique_id.cc \
rules_exceptions.cc \
${BODY_PROCESSORS} \
${ACTIONS} \
${ENGINES} \
${COLLECTION} \
${OPERATORS} \
${UTILS} \
${VARIABLES}
libmodsecurity_la_CFLAGS =
libmodsecurity_la_CPPFLAGS = \
-std=c++11 \
-I.. \
-g \
-I../others \
-fPIC \
-O3 \
-I../headers \
$(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(MODSEC_MUTEX_ON_PM) \
$(YAJL_CFLAGS) \
$(LMDB_CFLAGS) \
$(PCRE_CFLAGS) \
$(PCRE2_CFLAGS) \
$(SSDEEP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(LUA_CFLAGS) \
$(LIBXML2_CFLAGS)
libmodsecurity_la_LDFLAGS = \
$(CURL_LDFLAGS) \
$(GEOIP_LDFLAGS) \
$(GLOBAL_LDFLAGS) \
$(LDFLAGS) \
$(LIBXML2_LDFLAGS) \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(PCRE_LDFLAGS) \
$(PCRE2_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \
-version-info @MSC_VERSION_INFO@
libmodsecurity_la_LIBADD = \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
$(LUA_LDADD) \
../others/libinjection.la \
../others/libmbedtls.la \
$(PCRE_LDADD) \
$(PCRE2_LDADD) \
$(MAXMIND_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

49
src/actions/accuracy.cc Normal file
View File

@ -0,0 +1,49 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/actions/accuracy.h"
#include <iostream>
#include <string>
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
namespace modsecurity {
namespace actions {
bool Accuracy::init(std::string *error) {
try {
m_accuracy = std::stoi(m_parser_payload);
} catch (...) {
error->assign("Accuracy: The input \"" + m_parser_payload + "\" is " \
"not a number.");
return false;
}
return true;
}
bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_accuracy = m_accuracy;
return true;
}
} // namespace actions
} // namespace modsecurity

47
src/actions/accuracy.h Normal file
View File

@ -0,0 +1,47 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "modsecurity/actions/action.h"
#ifndef SRC_ACTIONS_ACCURACY_H_
#define SRC_ACTIONS_ACCURACY_H_
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class Accuracy : public Action {
public:
explicit Accuracy(const std::string &action)
: Action(action, ConfigurationKind),
m_accuracy(0) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
int m_accuracy;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_ACCURACY_H_

60
src/actions/action.cc Normal file
View File

@ -0,0 +1,60 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/actions/action.h"
#include <iostream>
#include <string>
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils/string.h"
#include "src/actions/block.h"
#include "src/actions/chain.h"
#include "src/actions/disruptive/deny.h"
#include "src/actions/disruptive/redirect.h"
#include "src/actions/data/status.h"
#include "src/actions/rule_id.h"
#include "src/actions/phase.h"
#include "src/actions/severity.h"
#include "src/actions/capture.h"
#include "src/actions/disruptive/pass.h"
#include "src/actions/log.h"
#include "src/actions/no_log.h"
#include "src/actions/no_audit_log.h"
#include "src/actions/multi_match.h"
#define IF_MATCH(a) \
if (op.compare(1, std::strlen(#a), #a) == 0)
namespace modsecurity {
namespace actions {
std::string Action::evaluate(const std::string &value,
Transaction *transaction) {
return value;
}
bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) {
return true;
}
} // namespace actions
} // namespace modsecurity

41
src/actions/audit_log.cc Normal file
View File

@ -0,0 +1,41 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/actions/audit_log.h"
#include <iostream>
#include <string>
#include <memory>
#include "modsecurity/transaction.h"
#include "modsecurity/rule_message.h"
#include "modsecurity/rules_set.h"
namespace modsecurity {
namespace actions {
bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
rm->m_noAuditLog = false;
ms_dbg_a(transaction, 9, "Saving transaction to logs");
rm->m_saveMessage = true;
return true;
}
} // namespace actions
} // namespace modsecurity

47
src/actions/audit_log.h Normal file
View File

@ -0,0 +1,47 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include <memory>
#include "modsecurity/actions/action.h"
#ifndef SRC_ACTIONS_AUDIT_LOG_H_
#define SRC_ACTIONS_AUDIT_LOG_H_
#ifdef __cplusplus
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class AuditLog : public Action {
public:
explicit AuditLog(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
};
} // namespace actions
} // namespace modsecurity
#endif
#endif // SRC_ACTIONS_AUDIT_LOG_H_

48
src/actions/block.cc Normal file
View File

@ -0,0 +1,48 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/actions/block.h"
#include <iostream>
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/intervention.h"
#include "src/actions/data/status.h"
namespace modsecurity {
namespace actions {
bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
ms_dbg_a(transaction, 8, "Marking request as disruptive.");
for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
if (a->isDisruptive() == false) {
continue;
}
a->evaluate(rule, transaction, rm);
}
return true;
}
} // namespace actions
} // namespace modsecurity

47
src/actions/block.h Normal file
View File

@ -0,0 +1,47 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include <memory>
#include "modsecurity/actions/action.h"
#include "modsecurity/rule_message.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_BLOCK_H_
#define SRC_ACTIONS_DISRUPTIVE_BLOCK_H_
#ifdef __cplusplus
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class Block : public Action {
public:
explicit Block(const std::string &action) : Action(action) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
};
} // namespace actions
} // namespace modsecurity
#endif
#endif // SRC_ACTIONS_DISRUPTIVE_BLOCK_H_

Some files were not shown because too many files have changed in this diff Show More