Update deps and requirements
This commit is contained in:
parent
c0efdf9c00
commit
b7f60dbdc7
|
@ -1,4 +1,4 @@
|
|||
FROM nginx:1.20.2-alpine AS builder
|
||||
FROM nginx:1.22.1-alpine AS builder
|
||||
|
||||
# Copy dependencies sources folder
|
||||
COPY src/deps /tmp/bunkerweb/deps
|
||||
|
@ -21,7 +21,7 @@ RUN apk add --no-cache --virtual build py3-pip && \
|
|||
pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
|
||||
apk del build
|
||||
|
||||
FROM nginx:1.20.2-alpine
|
||||
FROM nginx:1.22.1-alpine
|
||||
|
||||
# Copy dependencies
|
||||
COPY --from=builder /usr/share/bunkerweb /usr/share/bunkerweb
|
||||
|
@ -43,7 +43,7 @@ COPY src/common/utils /usr/share/bunkerweb/utils
|
|||
COPY src/VERSION /usr/share/bunkerweb/VERSION
|
||||
|
||||
# Install runtime dependencies, pypi packages, move bwcli, create data folders and set permissions
|
||||
RUN apk add --no-cache bash python3 && \
|
||||
RUN apk add --no-cache pcre bash python3 && \
|
||||
cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
|
||||
echo "Docker" > /usr/share/bunkerweb/INTEGRATION && \
|
||||
mkdir -p /var/tmp/bunkerweb && \
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
sqlalchemy==1.4.43
|
||||
sqlalchemy==1.4.44
|
||||
psycopg2-binary==2.9.5
|
||||
PyMySQL==1.0.2
|
||||
oracledb==1.1.1
|
||||
oracledb==1.2.0
|
||||
|
|
|
@ -160,30 +160,35 @@ greenlet==2.0.1 \
|
|||
--hash=sha256:f6327b6907b4cb72f650a5b7b1be23a2aab395017aa6f1adb13069d66360eb3f \
|
||||
--hash=sha256:fb412b7db83fe56847df9c47b6fe3f13911b06339c2aa02dcc09dce8bbf582cd
|
||||
# via sqlalchemy
|
||||
oracledb==1.1.1 \
|
||||
--hash=sha256:07846a86f481f9105dbf53390e1cb6b422ac929717949fbe9f2251a11a8f4332 \
|
||||
--hash=sha256:0f731830519aef5b8c90c051ac631bdb9458a960a95945532dcf91c2cb66edf2 \
|
||||
--hash=sha256:0f7ab47b95b5c7dad464fbcdad0731ee2e99defdecaf2d05808bceb7038d2489 \
|
||||
--hash=sha256:24296ff54bca75c3b26df7b988a3b49ccd51d6070fc15d4e1cafafb277361f97 \
|
||||
--hash=sha256:36d767d2e2a6abbb3f52ea76625f040bdaf32a141a4aa64942952e7e99051e0b \
|
||||
--hash=sha256:393245177e3a0fcddbbc4f738fe8bdff92d19f7656f0baf87aaef8c12ee0fe62 \
|
||||
--hash=sha256:39bf05208ada7c99ff85cd879f2a9f64c8f8fe73d4ce11d037f2bbedab0c4020 \
|
||||
--hash=sha256:6a0ddb1f248912d1b5bbbef191f60d9e9b00700085004de068fa1986e0755295 \
|
||||
--hash=sha256:6c643aa1826129af55688dc0a4a78a0525c991e17da26390e9f676067f92ddfe \
|
||||
--hash=sha256:6cf4f9031b8c6262d75aac1af3c8246a73697ebcf91fd33eb0c82f6cd2100716 \
|
||||
--hash=sha256:73f98552bb283baf385dba06a75d1de77f14d5870334c25ea5054e9d32fb6d1e \
|
||||
--hash=sha256:7c5bd39b08c8adbf7a92385cb3a3689976301249364003929f71d4559fbf95c5 \
|
||||
--hash=sha256:878cd5e18e0ad5885d1a74fd9a5f2e38eb320b6902ba63ad0a51aebd4bb4d68a \
|
||||
--hash=sha256:88319c122f190b02ddf99cd278c1a7942c361b0037f8d9cf83142b4019c09602 \
|
||||
--hash=sha256:8e0525c23b9a349a0ca63d6c2ef8e0fc6c526f2fffae8087ca5b43cef9969d6a \
|
||||
--hash=sha256:90e01f66a1251da02f2dea4ac42a591e22b1c0b67ba2a6964fd01ef09a014b82 \
|
||||
--hash=sha256:9be9d00b3f3118bacdffef8a9173a2ea3188552083d93129b1ab8c7907b3eea4 \
|
||||
--hash=sha256:da65ea1b598de23ef9453cf6dfa3c7cc0f1645c9c63058098b1a92ed0d0619fb \
|
||||
--hash=sha256:df25a33c00cd294cfee7b1112243a3b0d8d17982d1be301ba7c0b4c82eb8bc88 \
|
||||
--hash=sha256:dffcc7fe4292b2382c3e8c0c81b83f409ad8d7ddcfaee090dc2d9e3b4f4ca2c9 \
|
||||
--hash=sha256:f1aba62d17b2d2c91c410f384e05fdc94c1b36cb82ebb136842c82a37b7f981e \
|
||||
--hash=sha256:f233a4d374379e5ecd86e776f2061308f5c2655ff62c2bdb43d8d7b9969cbc88 \
|
||||
--hash=sha256:f35f8368dcd3adc33d1a695434fd994f78bb56a258136a6812b244e4ada24585
|
||||
oracledb==1.2.0 \
|
||||
--hash=sha256:1086bb446fdfaf3571d61ea0c3000afe2b2326aa27c9b75252a281e5d09c5aa9 \
|
||||
--hash=sha256:171b932eba53782500123047b23984c01c5d7d997d567108931e96538cbafd26 \
|
||||
--hash=sha256:1d5aff76c2bb2e6ca0ce7377381bb1d5869977deeaea6f8e675762d7ffffb0ad \
|
||||
--hash=sha256:2e0636c5b26d30b047f5acd60de20f6226936f9a4d30dec6f3b35edee08b6bbd \
|
||||
--hash=sha256:393c12c7f7adbd05e7650ca871e20485680305add0f76ae87247af9055d97153 \
|
||||
--hash=sha256:3b9adac2f87113c573582d4b48c1b28adb0e67115aa9f8db721a9c0a172048ee \
|
||||
--hash=sha256:43c856aacadb786d234e7508f28fcaf1b8888da052c6b9f1284702ca6509d7d5 \
|
||||
--hash=sha256:45a6ab3a7fdc2142fce95930d90bdef7dde1e344ab897b4381b5e381d11ba5e3 \
|
||||
--hash=sha256:4dad11f14d2cfa6276ea52f033bdd6ac98cc809c731acee2d23ecbefac76a7b8 \
|
||||
--hash=sha256:551ac2acde38a72380f5a3e93128262ece4e27aa5acb13d058e5aa10362031a5 \
|
||||
--hash=sha256:59bb3f3f66f4affe347ef138f85548c5cb919309e74a73d09a8f03f35af436b7 \
|
||||
--hash=sha256:6f7b7608c674b09527edb3a8fb6d4a688ecdbba6ad51d32930ddbfea7a9b389e \
|
||||
--hash=sha256:74f5c2f13dbebcaeac810ae72bfa19c115d7749959833ebaaae4b497695a625f \
|
||||
--hash=sha256:7b2fb0aacebde75d667e21cbb53e65ebc5d4110bd6b263c4d8a3798d2e0c889f \
|
||||
--hash=sha256:8043124a55b3946bffd9ebb83953141f62f9d14fb30fa4b9cfcb09bdd7e2fae5 \
|
||||
--hash=sha256:86fa01c9aa20edb533ec1dfde33fa097631e8fcc044a74ffba5e892313774d5a \
|
||||
--hash=sha256:8d12a9cd1d64dffcc442c405d84d23af79cde5d855831b2ae43cc8e1b39b9163 \
|
||||
--hash=sha256:989524ea2e54269b9119340d3ad690f0aacafa50f028d9ea9dad96b0b8ac8b4a \
|
||||
--hash=sha256:a48772323ce560fd85d5474bd9c9c858f79621eba85b766cb5e16f5a9d4a48dc \
|
||||
--hash=sha256:a69ad4a65872e323a64fd7348eafcc9a1ae7725ddb3918ceb78037f98d6becde \
|
||||
--hash=sha256:c03ffd713a2ca5551ae44d103e72b3ecf440a5041b99b2bf8462d5e54a8c01c5 \
|
||||
--hash=sha256:c4fcb54bc7910193760ea5a210310a88d22e06647f973a3951516c6533b8faa6 \
|
||||
--hash=sha256:d8b04167bb490895f924e43387b69dcf12aabef651becc245c38de40822e2c93 \
|
||||
--hash=sha256:dbe550e2fbd8ebdd5dcc1426ae5137f0ab3da435109e2a4947372eb8d73190b2 \
|
||||
--hash=sha256:dfee7490715a29db9fa11758c3732516dfec731511cea1cfe606c411250c6681 \
|
||||
--hash=sha256:e50fa0ef531df0b57cdf5b31bee6bc86fdcc27f5b5635e6ab057a46605db72e0 \
|
||||
--hash=sha256:ed037b902ed0b90067a71d2a38abb967692a9d82b100386159e1d693f8228b52 \
|
||||
--hash=sha256:f3c9a78b623696448834dc0ab49a18f985acb3cebb6fb96f4cdfbee17f9d2aa9
|
||||
# via -r requirements.in
|
||||
psycopg2-binary==2.9.5 \
|
||||
--hash=sha256:00475004e5ed3e3bf5e056d66e5dcdf41a0dc62efcd57997acd9135c40a08a50 \
|
||||
|
@ -266,46 +271,46 @@ pymysql==1.0.2 \
|
|||
--hash=sha256:41fc3a0c5013d5f039639442321185532e3e2c8924687abe6537de157d403641 \
|
||||
--hash=sha256:816927a350f38d56072aeca5dfb10221fe1dc653745853d30a216637f5d7ad36
|
||||
# via -r requirements.in
|
||||
sqlalchemy==1.4.43 \
|
||||
--hash=sha256:0c8a174f23bc021aac97bcb27fbe2ae3d4652d3d23e5768bc2ec3d44e386c7eb \
|
||||
--hash=sha256:13ce4f3a068ec4ef7598d2a77f42adc3d90c76981f5a7c198756b25c4f4a22ea \
|
||||
--hash=sha256:1d16aca30fad4753aeb4ebde564bbd4a248b9673e4f879b940f4e806a17be87f \
|
||||
--hash=sha256:23a4569d3db1ce44370d05c5ad79be4f37915fcc97387aef9da232b95db7b695 \
|
||||
--hash=sha256:27479b5a1e110e64c56b18ffbf8cf99e101572a3d1a43943ea02158f1304108e \
|
||||
--hash=sha256:2fef01240d32ada9007387afd8e0b2230f99efdc4b57ca6f1d1192fca4fcf6a5 \
|
||||
--hash=sha256:35dc0a5e934c41e282e019c889069b01ff4cd356b2ea452c9985e1542734cfb1 \
|
||||
--hash=sha256:41df873cdae1d56fde97a1b4f6ffa118f40e4b2d6a6aa8c25c50eea31ecbeb08 \
|
||||
--hash=sha256:42bff29eaecbb284f614f4bb265bb0c268625f5b93ce6268f8017811e0afbdde \
|
||||
--hash=sha256:491d94879f9ec0dea7e1cb053cd9cc65a28d2467960cf99f7b3c286590406060 \
|
||||
--hash=sha256:4a791e7a1e5ac33f70a3598f8f34fdd3b60c68593bbb038baf58bc50e02d7468 \
|
||||
--hash=sha256:4abda3e693d24169221ffc7aa0444ccef3dc43dfeab6ad8665d3836751cd6af7 \
|
||||
--hash=sha256:529e2cc8af75811114e5ab2eb116fd71b6e252c6bdb32adbfcd5e0c5f6d5ab06 \
|
||||
--hash=sha256:59bd0ae166253f7fed8c3f4f6265d2637f25d2f6614d00df34d7ee0d95d29c91 \
|
||||
--hash=sha256:5d5937e1bf7921e4d1acdfad72dd98d9e7f9ea5c52aeb12b3b05b534b527692d \
|
||||
--hash=sha256:6b462c070769f0ef06ea5fe65206b970bcf2b59cb3fda2bec2f4729e1be89c13 \
|
||||
--hash=sha256:736d4e706adb3c95a0a7e660073a5213dfae78ff2df6addf8ff2918c83fbeebe \
|
||||
--hash=sha256:7d6293010aa0af8bd3b0c9993259f8979db2422d6abf85a31d70ec69cb2ee4dc \
|
||||
--hash=sha256:962c7c80c54a42836c47cb0d8a53016986c8584e8d98e90e2ea723a4ed0ba85b \
|
||||
--hash=sha256:a22f46440e61d90100e0f378faac40335fb5bbf278472df0d83dc15b653b9896 \
|
||||
--hash=sha256:a7fa3e57a7b0476fbcba72b231150503d53dbcbdd23f4a86be5152912a923b6e \
|
||||
--hash=sha256:aa12e27cb465b4b006ffb777624fc6023363e01cfed2d3f89d33fb6da80f6de2 \
|
||||
--hash=sha256:b6fd58e25e6cdd2a131d7e97f9713f8f2142360cd40c75af8aa5b83d535f811c \
|
||||
--hash=sha256:bd80300d81d92661e2488a4bf4383f0c5dc6e7b05fa46d2823e231af4e30539a \
|
||||
--hash=sha256:c1ced2fae7a1177a36cf94d0a5567452d195d3b4d7d932dd61f123fb15ddf87b \
|
||||
--hash=sha256:c1f5bfffc3227d05d90c557b10604962f655b4a83c9f3ad507a81ac8d6847679 \
|
||||
--hash=sha256:c3dde668edea70dc8d55a74d933d5446e5a97786cdd1c67c8e4971c73bd087ad \
|
||||
--hash=sha256:c628697aad7a141da8fc3fd81b4874a711cc84af172e1b1e7bbfadf760446496 \
|
||||
--hash=sha256:c6de20de7c19b965c007c9da240268dde1451865099ca10f0f593c347041b845 \
|
||||
--hash=sha256:c9a6e878e63286392b262d86d21fe16e6eec12b95ccb0a92c392f2b1e0acca03 \
|
||||
--hash=sha256:c9b59863e2b1f1e1ebf9ee517f86cdfa82d7049c8d81ad71ab58d442b137bbe9 \
|
||||
--hash=sha256:cde363fb5412ab178f1cc1e596e9cfc396464da8a4fe8e733cc6d6b4e2c23aa9 \
|
||||
--hash=sha256:d05d7365c2d1df03a69d90157a3e9b3e7b62088cca8ee6686aed2598659a6e14 \
|
||||
--hash=sha256:dc1e005d490c101d27657481a05765851ab795cc8aedeb8d9425595088b20736 \
|
||||
--hash=sha256:ed1c950aba723b7a5b702b88f05d883607c587de918d7d8c2014fe7f55cf67e0 \
|
||||
--hash=sha256:ee9613b0460dce970414cfc990ca40afe518bc139e697243fcdf890285fb30ac \
|
||||
--hash=sha256:eeb55a555eef1a9607c1635bbdddd0b8a2bb9713bcb5bc8da1e8fae8ee46d1d8 \
|
||||
--hash=sha256:f5438f6c768b7e928f0463777b545965648ba0d55877afd14a4e96d2a99702e7 \
|
||||
--hash=sha256:f6e036714a586f757a3e12ff0798ce9a90aa04a60cff392d8bcacc5ecf79c95e \
|
||||
--hash=sha256:fa46d86a17cccd48c6762df1a60aecf5aaa2e0c0973efacf146c637694b62ffd \
|
||||
--hash=sha256:fb9a44e7124f72b79023ab04e1c8fcd8f392939ef0d7a75beae8634e15605d30
|
||||
sqlalchemy==1.4.44 \
|
||||
--hash=sha256:0be9b479c5806cece01f1581726573a8d6515f8404e082c375b922c45cfc2a7b \
|
||||
--hash=sha256:17aee7bfcef7bf0dea92f10e5dfdd67418dcf6fe0759f520e168b605855c003e \
|
||||
--hash=sha256:21f3df74a0ab39e1255e94613556e33c1dc3b454059fe0b365ec3bbb9ed82e4a \
|
||||
--hash=sha256:237067ba0ef45a518b64606e1807f7229969ad568288b110ed5f0ca714a3ed3a \
|
||||
--hash=sha256:2dda5f96719ae89b3ec0f1b79698d86eb9aecb1d54e990abb3fdd92c04b46a90 \
|
||||
--hash=sha256:393f51a09778e8984d735b59a810731394308b4038acdb1635397c2865dae2b6 \
|
||||
--hash=sha256:3ca21b35b714ce36f4b8d1ee8d15f149db8eb43a472cf71600bf18dae32286e7 \
|
||||
--hash=sha256:3cbdbed8cdcae0f83640a9c44fa02b45a6c61e149c58d45a63c9581aba62850f \
|
||||
--hash=sha256:3eba07f740488c3a125f17c092a81eeae24a6c7ec32ac9dbc52bf7afaf0c4f16 \
|
||||
--hash=sha256:3f68eab46649504eb95be36ca529aea16cd199f080726c28cbdbcbf23d20b2a2 \
|
||||
--hash=sha256:4c56e6899fa6e767e4be5d106941804a4201c5cb9620a409c0b80448ec70b656 \
|
||||
--hash=sha256:53f90a2374f60e703c94118d21533765412da8225ba98659de7dd7998641ab17 \
|
||||
--hash=sha256:595b185041a4dc5c685283ea98c2f67bbfa47bb28e4a4f5b27ebf40684e7a9f8 \
|
||||
--hash=sha256:65a0ad931944fcb0be12a8e0ac322dbd3ecf17c53f088bc10b6da8f0caac287b \
|
||||
--hash=sha256:68e0cd5d32a32c4395168d42f2fefbb03b817ead3a8f3704b8bd5697c0b26c24 \
|
||||
--hash=sha256:6a06c2506c41926d2769f7968759995f2505e31c5b5a0821e43ca5a3ddb0e8ae \
|
||||
--hash=sha256:6d7e1b28342b45f19e3dea7873a9479e4a57e15095a575afca902e517fb89652 \
|
||||
--hash=sha256:6f0ea4d7348feb5e5d0bf317aace92e28398fa9a6e38b7be9ec1f31aad4a8039 \
|
||||
--hash=sha256:7313e4acebb9ae88dbde14a8a177467a7625b7449306c03a3f9f309b30e163d0 \
|
||||
--hash=sha256:7cf7c7adbf4417e3f46fc5a2dbf8395a5a69698217337086888f79700a12e93a \
|
||||
--hash=sha256:80ead36fb1d676cc019586ffdc21c7e906ce4bf243fe4021e4973dae332b6038 \
|
||||
--hash=sha256:9470633395e5f24d6741b4c8a6e905bce405a28cf417bba4ccbaadf3dab0111d \
|
||||
--hash=sha256:94c0093678001f5d79f2dcbf3104c54d6c89e41ab50d619494c503a4d3f1aef2 \
|
||||
--hash=sha256:95f4f8d62589755b507218f2e3189475a4c1f5cc9db2aec772071a7dc6cd5726 \
|
||||
--hash=sha256:9c857676d810ca196be73c98eb839125d6fa849bfa3589be06201a6517f9961c \
|
||||
--hash=sha256:a22208c1982f1fe2ae82e5e4c3d4a6f2445a7a0d65fb7983a3d7cbbe3983f5a4 \
|
||||
--hash=sha256:ad5f966623905ee33694680dda1b735544c99c7638f216045d21546d3d8c6f5b \
|
||||
--hash=sha256:ae1ed1ebc407d2f66c6f0ec44ef7d56e3f455859df5494680e2cf89dad8e3ae0 \
|
||||
--hash=sha256:afd1ac99179d1864a68c06b31263a08ea25a49df94e272712eb2824ef151e294 \
|
||||
--hash=sha256:b6a337a2643a41476fb6262059b8740f4b9a2ec29bf00ffb18c18c080f6e0aed \
|
||||
--hash=sha256:b737fbeb2f78926d1f59964feb287bbbd050e7904766f87c8ce5cfb86e6d840c \
|
||||
--hash=sha256:c46322354c58d4dc039a2c982d28284330f8919f31206894281f4b595b9d8dbe \
|
||||
--hash=sha256:c7e3b9e01fdbe1ce3a165cc7e1ff52b24813ee79c6df6dee0d1e13888a97817e \
|
||||
--hash=sha256:c9aa372b295a36771cffc226b6517df3011a7d146ac22d19fa6a75f1cdf9d7e6 \
|
||||
--hash=sha256:d3b6d4588994da73567bb00af9d7224a16c8027865a8aab53ae9be83f9b7cbd1 \
|
||||
--hash=sha256:d3b9ac11f36ab9a726097fba7c7f6384f0129aedb017f1d4d1d4fce9052a1320 \
|
||||
--hash=sha256:d654870a66027af3a26df1372cf7f002e161c6768ebe4c9c6fdc0da331cb5173 \
|
||||
--hash=sha256:d8080bc51a775627865e0f1dbfc0040ff4ace685f187f6036837e1727ba2ed10 \
|
||||
--hash=sha256:da60b98b0f6f0df9fbf8b72d67d13b73aa8091923a48af79a951d4088530a239 \
|
||||
--hash=sha256:f5e8ed9cde48b76318ab989deeddc48f833d2a6a7b7c393c49b704f67dedf01d \
|
||||
--hash=sha256:f8e5443295b218b08bef8eb85d31b214d184b3690d99a33b7bd8e5591e2b0aa1
|
||||
# via -r requirements.in
|
||||
|
|
|
@ -190,7 +190,7 @@ websocket-client==1.4.2 \
|
|||
# kubernetes
|
||||
|
||||
# The following packages are considered to be unsafe in a requirements file:
|
||||
setuptools==65.5.1 \
|
||||
--hash=sha256:d0b9a8433464d5800cbe05094acf5c6d52a91bfac9b52bcfc4d41382be5d5d31 \
|
||||
--hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f
|
||||
setuptools==65.6.0 \
|
||||
--hash=sha256:6211d2f5eddad8757bd0484923ca7c0a6302ebc4ab32ea5e94357176e0ca0840 \
|
||||
--hash=sha256:d1eebf881c6114e51df1664bc2c9133d022f78d12d5f4f665b9191f084e2862d
|
||||
# via kubernetes
|
||||
|
|
|
@ -128,103 +128,103 @@ function do_and_check_cmd() {
|
|||
return 0
|
||||
}
|
||||
|
||||
# nginx 1.20.2
|
||||
echo "ℹ️ Download nginx"
|
||||
NGINX_VERSION="1.20.2"
|
||||
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "8b65e881ea4ac6162cbf32e5e95cf47a6d5418819f8763ca4a781cffa38187dd7886d4bc195d000a7046111a27121ff25800f8645405174995247e6738b4279a"
|
||||
# nginx 1.22.1
|
||||
echo "ℹ️ Downloading nginx"
|
||||
NGINX_VERSION="1.22.1"
|
||||
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "1d468dcfa9bbd348b8a5dc514ac1428a789e73a92384c039b73a51ce376785f74bf942872c5594a9fcda6bbf44758bd727ce15ac2395f1aa989c507014647dcc"
|
||||
if [ -f "deps/src/nginx-${NGINX_VERSION}.tar.gz" ] ; then
|
||||
do_and_check_cmd tar -xvzf deps/src/nginx-${NGINX_VERSION}.tar.gz -C deps/src
|
||||
do_and_check_cmd rm -f deps/src/nginx-${NGINX_VERSION}.tar.gz
|
||||
fi
|
||||
|
||||
# Lua 5.1.5
|
||||
echo "ℹ️ Download Lua"
|
||||
echo "ℹ️ Downloading Lua"
|
||||
LUA_VERSION="5.1.5"
|
||||
secure_download "https://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz" "lua-${LUA_VERSION}.tar.gz" "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
|
||||
if [ -f "deps/src/lua-${LUA_VERSION}.tar.gz" ] ; then
|
||||
do_and_check_cmd tar -xvzf deps/src/lua-${LUA_VERSION}.tar.gz -C deps/src
|
||||
do_and_check_cmd rm -f deps/src/lua-${LUA_VERSION}.tar.gz
|
||||
do_and_check_cmd patch deps/src/lua-5.1.5/Makefile deps/misc/lua.patch1
|
||||
do_and_check_cmd patch deps/src/lua-5.1.5/src/Makefile deps/misc/lua.patch2
|
||||
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/Makefile deps/misc/lua.patch1
|
||||
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/src/Makefile deps/misc/lua.patch2
|
||||
fi
|
||||
|
||||
# LuaJIT 2.1-20220111
|
||||
echo "ℹ️ Download LuaJIT"
|
||||
git_secure_clone "https://github.com/openresty/luajit2.git" "f1491357fa1dbfa3480ba67513fee19a9c65ca6f"
|
||||
# LuaJIT v2.1-20220915
|
||||
echo "ℹ️ Downloading LuaJIT"
|
||||
git_secure_clone "https://github.com/openresty/luajit2.git" "8384278b14988390cf030b787537aa916a9709bb"
|
||||
|
||||
# lua-nginx-module v0.10.20
|
||||
echo "ℹ️ Download lua-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "9007d673e28938f5dfa7720438991e22b794d225"
|
||||
# lua-nginx-module v0.10.22
|
||||
echo "ℹ️ Downloading lua-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "8d9032298ef542aef058fa02940a6ecd9cf25423"
|
||||
|
||||
# lua-resty-core v0.1.22
|
||||
echo "ℹ️ Download lua-resty-core"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "12f26310a35e45c37157420f7e1f395a0e36e457"
|
||||
# lua-resty-core v0.1.24
|
||||
echo "ℹ️ Downloading lua-resty-core"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "c48e90a8fc9d974d8a6a369e031940cedf473789"
|
||||
|
||||
# lua-resty-lrucache v0.11
|
||||
echo "ℹ️ Download lua-resty-lrucache"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "f20bb8ac9489ba87d90d78f929552c2eab153caa"
|
||||
# lua-resty-lrucache v0.13
|
||||
echo "ℹ️ Downloading lua-resty-lrucache"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "2ab2624c841cbf04785cc6384c5e213933d3b5f2"
|
||||
|
||||
# lua-resty-dns v0.22
|
||||
echo "ℹ️ Download lua-resty-dns"
|
||||
echo "ℹ️ Downloading lua-resty-dns"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-dns.git" "869d2fbb009b6ada93a5a10cb93acd1cc12bd53f"
|
||||
|
||||
# lua-resty-session v3.10
|
||||
echo "ℹ️ Download lua-resty-session"
|
||||
echo "ℹ️ Downloading lua-resty-session"
|
||||
git_secure_clone "https://github.com/bungle/lua-resty-session.git" "e6bf2630c90df7b3db35e859f0aa7e096af3e918"
|
||||
|
||||
# lua-resty-random v?
|
||||
echo "ℹ️ Download lua-resty-random"
|
||||
echo "ℹ️ Downloading lua-resty-random"
|
||||
git_secure_clone "https://github.com/bungle/lua-resty-random.git" "17b604f7f7dd217557ca548fc1a9a0d373386480"
|
||||
|
||||
# lua-resty-string v0.15
|
||||
echo "ℹ️ Download lua-resty-string"
|
||||
echo "ℹ️ Downloading lua-resty-string"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-string.git" "b192878f6ed31b0af237935bbc5a8110a3c2256c"
|
||||
|
||||
# lua-cjson v2.1.0.8
|
||||
echo "ℹ️ Download lua-cjson"
|
||||
git_secure_clone "https://github.com/openresty/lua-cjson.git" "0df488874f52a881d14b5876babaa780bb6200ee"
|
||||
# lua-cjson v2.1.0.9
|
||||
echo "ℹ️ Downloading lua-cjson"
|
||||
git_secure_clone "https://github.com/openresty/lua-cjson.git" "891962b11d6d3b1b7275550b5c109e16c73ac94f"
|
||||
|
||||
# lua-gd v?
|
||||
echo "ℹ️ Download lua-gd"
|
||||
# lua-gd v2.0.33r3+
|
||||
echo "ℹ️ Downloading lua-gd"
|
||||
git_secure_clone "https://github.com/ittner/lua-gd.git" "2ce8e478a8591afd71e607506bc8c64b161bbd30"
|
||||
|
||||
# lua-resty-http v1.16.1
|
||||
echo "ℹ️ Download lua-resty-http"
|
||||
# lua-resty-http v0.16.1
|
||||
echo "ℹ️ Downloading lua-resty-http"
|
||||
git_secure_clone "https://github.com/ledgetech/lua-resty-http.git" "9bf951dfe162dd9710a0e1f4525738d4902e9d20"
|
||||
|
||||
# lualogging v1.6.0
|
||||
echo "ℹ️ Download lualogging"
|
||||
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "0bc4415de03ff1a99c92c02a5bed14a45b078079"
|
||||
# lualogging v1.8.0
|
||||
echo "ℹ️ Downloading lualogging"
|
||||
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "1c6fcf5f68e4d0324c5977f1a27083c06f4d1b8f"
|
||||
|
||||
# luasocket v?
|
||||
echo "ℹ️ Download luasocket"
|
||||
git_secure_clone "https://github.com/diegonehab/luasocket.git" "5b18e475f38fcf28429b1cc4b17baee3b9793a62"
|
||||
# luasocket v3.1.0
|
||||
echo "ℹ️ Downloading luasocket"
|
||||
git_secure_clone "https://github.com/diegonehab/luasocket.git" "95b7efa9da506ef968c1347edf3fc56370f0deed"
|
||||
|
||||
# luasec v1.0.2
|
||||
echo "ℹ️ Download luasec"
|
||||
git_secure_clone "https://github.com/brunoos/luasec.git" "ef14b27a2c8e541cac071165048250e85a7216df"
|
||||
# luasec v1.2.0
|
||||
echo "ℹ️ Downloading luasec"
|
||||
git_secure_clone "https://github.com/brunoos/luasec.git" "d9215ee00f6694a228daad50ee85827a4cd13583"
|
||||
|
||||
# lua-resty-ipmatcher v0.6.1 (1 commit after just in case)
|
||||
echo "ℹ️ Download lua-resty-ipmatcher"
|
||||
# lua-resty-ipmatcher v0.6.1 (3 commits after just in case)
|
||||
echo "ℹ️ Downloading lua-resty-ipmatcher"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/lua-resty-ipmatcher" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "3948a92d2e168db14fa5ecd4bb10a7c0fe7ead70"
|
||||
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "7fbb618f7221b1af1451027d3c64e51f3182761c"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua deps/misc/ipmatcher.patch
|
||||
fi
|
||||
|
||||
# lua-resty-redis v0.29
|
||||
echo "ℹ️ Download lua-resty-redis"
|
||||
echo "ℹ️ Downloading lua-resty-redis"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-redis.git" "053f989c7f43d8edc79d5151e73b79249c6b5d94"
|
||||
|
||||
# lua-resty-upload v0.10
|
||||
echo "ℹ️ Download lua-resty-upload"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "cae01f590456561bc8d95da3d2d9f937bef57bec"
|
||||
# lua-resty-upload v0.10 (8 commits after just in case)
|
||||
echo "ℹ️ Downloading lua-resty-upload"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "73c89846e866bf5d0660ffa881df37fd63f04391"
|
||||
|
||||
# luajit-geoip v2.1.0
|
||||
echo "ℹ️ Download luajit-geoip"
|
||||
echo "ℹ️ Downloading luajit-geoip"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/luajit-geoip" ] ; then
|
||||
dopatch="yes"
|
||||
|
@ -235,59 +235,60 @@ if [ "$dopatch" = "yes" ] ; then
|
|||
fi
|
||||
|
||||
# lbase64 v1.5.3
|
||||
echo "ℹ️ Download lbase64"
|
||||
echo "ℹ️ Downloading lbase64"
|
||||
git_secure_clone "https://github.com/iskolbin/lbase64.git" "c261320edbdf82c16409d893a96c28c704aa0ab8"
|
||||
|
||||
# ModSecurity v3.0.4 (looks like v3.0.5 has a memleak on reload)
|
||||
# TODO : test v3.0.6
|
||||
echo "ℹ️ Download ModSecurity"
|
||||
# ModSecurity v3.0.8 (19 commits after just in case)
|
||||
echo "ℹ️ Downloading ModSecurity"
|
||||
if [ ! -d "deps/src/ModSecurity" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "753145fbd1d6751a6b14fdd700921eb3cc3a1d35"
|
||||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "40f7a5067c695b1770920b881f30abc09a4e02b3"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/ModSecurity/configure.ac deps/misc/modsecurity.patch
|
||||
fi
|
||||
# libinjection v?
|
||||
echo "ℹ️ Download libinjection"
|
||||
|
||||
# libinjection v3.10.0+
|
||||
# TODO: check if the latest commit is fine
|
||||
echo "ℹ️ Downloading libinjection"
|
||||
git_secure_clone "https://github.com/libinjection/libinjection.git" "49904c42a6e68dc8f16c022c693e897e4010a06c"
|
||||
do_and_check_cmd cp -r deps/src/libinjection deps/src/ModSecurity/others
|
||||
|
||||
# ModSecurity-nginx v1.0.2
|
||||
echo "ℹ️ Download ModSecurity-nginx"
|
||||
# ModSecurity-nginx v1.0.3
|
||||
echo "ℹ️ Downloading ModSecurity-nginx"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/ModSecurity-nginx" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "2497e6ac654d0b117b9534aa735b757c6b11c84f"
|
||||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "d59e4ad121df702751940fd66bcc0b3ecb51a079"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c deps/misc/modsecurity-nginx.patch
|
||||
fi
|
||||
|
||||
# libmaxminddb v1.6.0
|
||||
echo "ℹ️ Download libmaxminddb"
|
||||
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "2d0e6b7360b88f645e67ffc5a709b2327d361ac3"
|
||||
# libmaxminddb v1.7.1
|
||||
echo "ℹ️ Downloading libmaxminddb"
|
||||
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "ac4d0d2480032a8664e251588e57d7b306ca630c"
|
||||
|
||||
# headers-more-nginx-module v?
|
||||
echo "ℹ️ Download headers-more-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "a4a0686605161a6777d7d612d5aef79b9e7c13e0"
|
||||
# headers-more-nginx-module v0.34
|
||||
echo "ℹ️ Downloading headers-more-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0"
|
||||
|
||||
# ngx_http_geoip2_module v3.3
|
||||
#echo "ℹ️ Download ngx_http_geoip2_module"
|
||||
#echo "ℹ️ Downloading ngx_http_geoip2_module"
|
||||
#dosed="no"
|
||||
#if [ ! -d "deps/src/ngx_http_geoip2_module" ] ; then
|
||||
# dosed="yes"
|
||||
#fi
|
||||
#git_secure_clone "https://github.com/leev/ngx_http_geoip2_module.git" "5a83b6f958c67ea88d2899d0b3c2a5db8e36b211"
|
||||
#if [ "$dosed" = "yes" ] ; then
|
||||
# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/usr/share/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
|
||||
# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/usr/share/bunkerweb/deps/lib -L/usr/share/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
|
||||
# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/opt/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
|
||||
# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/opt/bunkerweb/deps/lib -L/opt/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
|
||||
#fi
|
||||
|
||||
# nginx_cookie_flag_module v1.1.0
|
||||
echo "ℹ️ Download nginx_cookie_flag_module"
|
||||
echo "ℹ️ Downloading nginx_cookie_flag_module"
|
||||
git_secure_clone "https://github.com/AirisX/nginx_cookie_flag_module.git" "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
|
||||
|
||||
# ngx_brotli v?
|
||||
echo "ℹ️ Download ngx_brotli"
|
||||
git_secure_clone "https://github.com/google/ngx_brotli.git" "9aec15e2aa6feea2113119ba06460af70ab3ea62"
|
||||
# ngx_brotli v1.0.0
|
||||
echo "ℹ️ Downloading ngx_brotli"
|
||||
git_secure_clone "https://github.com/google/ngx_brotli.git" "6e975bcb015f62e1f303054897783355e2a877dc"
|
||||
|
|
|
@ -17,13 +17,13 @@ function do_and_check_cmd() {
|
|||
|
||||
NTASK=$(nproc)
|
||||
|
||||
# Compile and install lua
|
||||
echo "ℹ️ Compile and install lua-5.1.5"
|
||||
# Compiling and installing lua
|
||||
echo "ℹ️ Compiling and installing lua-5.1.5"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-5.1.5" do_and_check_cmd make -j $NTASK linux
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-5.1.5" do_and_check_cmd make INSTALL_TOP=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Compile and install libmaxminddb
|
||||
echo "ℹ️ Compile and install libmaxminddb"
|
||||
# Compiling and installing libmaxminddb
|
||||
echo "ℹ️ Compiling and installing libmaxminddb"
|
||||
# TODO : temp fix run it twice...
|
||||
cd /tmp/bunkerweb/deps/src/libmaxminddb && ./bootstrap > /dev/null 2>&1
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd ./bootstrap
|
||||
|
@ -31,8 +31,8 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd ./configure -
|
|||
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd make install
|
||||
|
||||
# Compile and install ModSecurity
|
||||
echo "ℹ️ Compile and install ModSecurity"
|
||||
# Compiling and installing ModSecurity
|
||||
echo "ℹ️ Compiling and installing ModSecurity"
|
||||
# temp fix : Debian run it twice
|
||||
# TODO : patch it in clone.sh
|
||||
cd /tmp/bunkerweb/deps/src/ModSecurity && ./build.sh > /dev/null 2>&1
|
||||
|
@ -41,90 +41,91 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd ./configure --
|
|||
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make install-strip
|
||||
|
||||
# Compile and install luajit2
|
||||
echo "ℹ️ Compile and install luajit2"
|
||||
# Compiling and installing luajit2
|
||||
echo "ℹ️ Compiling and installing luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Install lua-resty-core
|
||||
echo "ℹ️ Install openresty/lua-resty-core"
|
||||
# Installing lua-resty-core
|
||||
echo "ℹ️ Installing openresty/lua-resty-core"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-core" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Install lua-resty-lrucache
|
||||
echo "ℹ️ Install lua-resty-lrucache"
|
||||
# Installing lua-resty-lrucache
|
||||
echo "ℹ️ Installing lua-resty-lrucache"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-lrucache" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Install lua-resty-dns
|
||||
echo "ℹ️ Install lua-resty-dns"
|
||||
# Installing lua-resty-dns
|
||||
echo "ℹ️ Installing lua-resty-dns"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-dns" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Install lua-resty-session
|
||||
echo "ℹ️ Install lua-resty-session"
|
||||
# Installing lua-resty-session
|
||||
echo "ℹ️ Installing lua-resty-session"
|
||||
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lua-resty-session/lib/resty/* /usr/share/bunkerweb/deps/lib/lua/resty
|
||||
|
||||
# Install lua-resty-random
|
||||
echo "ℹ️ Install lua-resty-random"
|
||||
# Installing lua-resty-random
|
||||
echo "ℹ️ Installing lua-resty-random"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-random" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Install lua-resty-string
|
||||
echo "ℹ️ Install lua-resty-string"
|
||||
# Installing lua-resty-string
|
||||
echo "ℹ️ Installing lua-resty-string"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-string" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Compile and install lua-cjson
|
||||
echo "ℹ️ Compile and install lua-cjson"
|
||||
# Compiling and installing lua-cjson
|
||||
echo "ℹ️ Compiling and installing lua-cjson"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make LUA_INCLUDE_DIR=/usr/share/bunkerweb/deps/include -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_CMODULE_DIR=/usr/share/bunkerweb/deps/lib/lua LUA_MODULE_DIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_CMODULE_DIR=/usr/share/bunkerweb/deps/lib/lua LUA_MODULE_DIR=/usr/share/bunkerweb/deps/lib/lua install-extra
|
||||
|
||||
# Compile and install lua-gd
|
||||
echo "ℹ️ Compile and install lua-gd"
|
||||
# Compiling and installing lua-gd
|
||||
echo "ℹ️ Compiling and installing lua-gd"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-gd" do_and_check_cmd make "CFLAGS=-O3 -Wall -fPIC -fomit-frame-pointer -I/usr/share/bunkerweb/deps/include -DVERSION=\\\"2.0.33r3\\\"" "LFLAGS=-shared -L/usr/share/bunkerweb/deps/lib -llua -lgd -Wl,-rpath=/usr/share/bunkerweb/deps/lib" LUABIN=/usr/share/bunkerweb/deps/bin/lua -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
# Download and install lua-resty-http
|
||||
echo "ℹ️ Install lua-resty-http"
|
||||
echo "ℹ️ Installing lua-resty-http"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-http" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Download and install lualogging
|
||||
echo "ℹ️ Install lualogging"
|
||||
echo "ℹ️ Installing lualogging"
|
||||
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lualogging/src/* /usr/share/bunkerweb/deps/lib/lua
|
||||
|
||||
# Compile and install luasocket
|
||||
echo "ℹ️ Compile and install luasocket"
|
||||
# Compiling and installing luasocket
|
||||
echo "ℹ️ Compiling and installing luasocket"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasocket" do_and_check_cmd make LUAINC_linux=/usr/share/bunkerweb/deps/include -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasocket" do_and_check_cmd make prefix=/usr/share/bunkerweb/deps CDIR_linux=lib/lua LDIR_linux=lib/lua install
|
||||
|
||||
# Compile and install luasec
|
||||
echo "ℹ️ Compile and install luasec"
|
||||
# Compiling and installing luasec
|
||||
echo "ℹ️ Compiling and installing luasec"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make INC_PATH=-I/usr/share/bunkerweb/deps/include linux -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make LUACPATH=/usr/share/bunkerweb/deps/lib/lua LUAPATH=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
# Install lua-resty-ipmatcher
|
||||
echo "ℹ️ Install lua-resty-ipmatcher"
|
||||
# Installing lua-resty-ipmatcher
|
||||
echo "ℹ️ Installing lua-resty-ipmatcher"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-ipmatcher" do_and_check_cmd make INST_PREFIX=/usr/share/bunkerweb/deps INST_LIBDIR=/usr/share/bunkerweb/deps/lib/lua INST_LUADIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
# Install lua-resty-redis
|
||||
echo "ℹ️ Install lua-resty-redis"
|
||||
# Installing lua-resty-redis
|
||||
echo "ℹ️ Installing lua-resty-redis"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-redis" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
# Install lua-resty-upload
|
||||
echo "ℹ️ Install lua-resty-upload"
|
||||
# Installing lua-resty-upload
|
||||
echo "ℹ️ Installing lua-resty-upload"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-upload" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
# Install lujit-geoip
|
||||
echo "ℹ️ Install luajit-geoip"
|
||||
# Installing lujit-geoip
|
||||
echo "ℹ️ Installing luajit-geoip"
|
||||
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/luajit-geoip/geoip /usr/share/bunkerweb/deps/lib/lua
|
||||
|
||||
# Install lbase64
|
||||
echo "ℹ️ Install lbase64"
|
||||
# Installing lbase64
|
||||
echo "ℹ️ Installing lbase64"
|
||||
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lbase64/base64.lua /usr/share/bunkerweb/deps/lib/lua
|
||||
|
||||
# Compile dynamic modules
|
||||
echo "ℹ️ Compile and install dynamic modules"
|
||||
echo "ℹ️ Compiling and installing dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt=-Wl/--with-ld-opt='-lpcre -Wl'/")"
|
||||
if [ "$OS" = "fedora" ] ; then
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'//" | sed "s/--with-cc-opt='.*'//")"
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
|
||||
fi
|
||||
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli" >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
--- ipmatcher.lua 2022-04-13 17:16:05.731322800 +0200
|
||||
+++ ipmatcher.lua2 2022-04-13 17:17:15.801322800 +0200
|
||||
@@ -123,7 +123,7 @@
|
||||
|
||||
|
||||
@@ -129,3 +129,3 @@
|
||||
local ngx_log = ngx.log
|
||||
-local ngx_INFO = ngx.INFO
|
||||
+local ngx_INFO = ngx.DEBUG
|
||||
local function log_info(...)
|
||||
if cur_level and ngx_INFO > cur_level then
|
||||
return
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
--- mmdb.lua 2022-04-04 09:32:41.456286600 +0200
|
||||
+++ mmdb2.lua 2022-04-04 09:33:25.016286600 +0200
|
||||
@@ -166,7 +166,7 @@
|
||||
MMDB_entry_data_s *const entry_data,
|
||||
...);
|
||||
@@ -168,3 +168,3 @@
|
||||
]])
|
||||
-local lib = ffi.load("libmaxminddb")
|
||||
+local lib = ffi.load("/usr/share/bunkerweb/deps/lib/libmaxminddb.so")
|
||||
local consume_map, consume_array
|
||||
local consume_value
|
||||
consume_value = function(current)
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
--- ngx_http_modsecurity_log.c 2022-04-25 14:30:34.444469100 +0200
|
||||
+++ ngx_http_modsecurity_log.c2 2022-04-25 14:31:25.714469100 +0200
|
||||
@@ -30,7 +30,7 @@
|
||||
}
|
||||
msg = (const char *) data;
|
||||
@@ -32,3 +32,3 @@
|
||||
|
||||
- ngx_log_error(NGX_LOG_INFO, (ngx_log_t *)log, 0, "%s", msg);
|
||||
+ ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)log, 0, "%s", msg);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
--- before/configure.ac 2022-05-19 17:06:36.921274500 +0200
|
||||
+++ after/configure.ac 2022-05-17 11:51:17.319667600 +0200
|
||||
@@ -308,14 +308,14 @@
|
||||
|
||||
|
||||
@@ -322,12 +322,12 @@
|
||||
|
||||
# Decide if we want to build the tests or not.
|
||||
-buildTestUtilities=false
|
||||
-if test "x$YAJL_FOUND" = "x1"; then
|
||||
|
@ -12,10 +9,9 @@
|
|||
# But we still have the unit tests.
|
||||
# if test "$debugLogs" = "true"; then
|
||||
- buildTestUtilities=true
|
||||
+# buildTestUtilities=true
|
||||
+# buildTestUtilities=true
|
||||
# fi
|
||||
-fi
|
||||
+# fi
|
||||
|
||||
|
||||
AM_CONDITIONAL([TEST_UTILITIES], [test $buildTestUtilities = true])
|
||||
|
||||
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
v1.0.3 - 2022-May-24
|
||||
--------------------
|
||||
|
||||
- Support http protocol versions besides 0.9, 1.0, 1.1, 2.0
|
||||
[Issue #224 - @HQuest, @martinhsv]
|
||||
- Support for building with nginx configured with PCRE2
|
||||
[Issue #260 - @defanator]
|
||||
|
||||
v1.0.2 - 2021-Jun-02
|
||||
--------------------
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
#define MODSECURITY_NGINX_MAJOR "1"
|
||||
#define MODSECURITY_NGINX_MINOR "0"
|
||||
#define MODSECURITY_NGINX_PATCHLEVEL "2"
|
||||
#define MODSECURITY_NGINX_PATCHLEVEL "3"
|
||||
#define MODSECURITY_NGINX_TAG ""
|
||||
#define MODSECURITY_NGINX_TAG_NUM "100"
|
||||
|
||||
|
@ -140,8 +140,13 @@ extern ngx_module_t ngx_http_modsecurity_module;
|
|||
int ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log);
|
||||
ngx_http_modsecurity_ctx_t *ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
|
||||
char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p);
|
||||
#if (NGX_PCRE2)
|
||||
#define ngx_http_modsecurity_pcre_malloc_init(x) NULL
|
||||
#define ngx_http_modsecurity_pcre_malloc_done(x) (void)x
|
||||
#else
|
||||
ngx_pool_t *ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool);
|
||||
void ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool);
|
||||
#endif
|
||||
|
||||
/* ngx_http_modsecurity_body_filter.c */
|
||||
ngx_int_t ngx_http_modsecurity_body_filter_init(void);
|
||||
|
|
|
@ -38,6 +38,7 @@ static void ngx_http_modsecurity_cleanup_rules(void *data);
|
|||
* https://github.com/openresty/lua-nginx-module/blob/master/src/ngx_http_lua_pcrefix.c
|
||||
*/
|
||||
|
||||
#if !(NGX_PCRE2)
|
||||
static void *(*old_pcre_malloc)(size_t);
|
||||
static void (*old_pcre_free)(void *ptr);
|
||||
static ngx_pool_t *ngx_http_modsec_pcre_pool = NULL;
|
||||
|
@ -103,6 +104,7 @@ ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool)
|
|||
pcre_free = old_pcre_free;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ngx_string's are not null-terminated in common case, so we need to convert
|
||||
|
|
|
@ -138,7 +138,15 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
|
|||
break;
|
||||
#endif
|
||||
default :
|
||||
http_version = "1.0";
|
||||
http_version = ngx_str_to_char(r->http_protocol, r->pool);
|
||||
if (http_version == (char*)-1) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
if ((http_version != NULL) && (strlen(http_version) > 5) && (!strncmp("HTTP/", http_version, 5))) {
|
||||
http_version += 5;
|
||||
} else {
|
||||
http_version = "1.0";
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
name: Quality Assurance
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
build-linux:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-20.04]
|
||||
platform: [x32, x64]
|
||||
compiler: [gcc, clang]
|
||||
configure:
|
||||
- {label: "with parser generation", opt: "--enable-parser-generation" }
|
||||
- {label: "wo curl", opt: "--without-curl" }
|
||||
- {label: "wo yajl", opt: "--without-yajl" }
|
||||
- {label: "wo geoip", opt: "--without-geoip" }
|
||||
- {label: "wo lmdb", opt: "--without-lmdb" }
|
||||
- {label: "wo ssdeep", opt: "--without-ssdeep" }
|
||||
- {label: "wo lua", opt: "--without-lua" }
|
||||
- {label: "without maxmind", opt: "--without-maxmind" }
|
||||
steps:
|
||||
- name: Setup Dependencies
|
||||
run: |
|
||||
sudo add-apt-repository --yes ppa:maxmind/ppa
|
||||
sudo apt-get update -y -qq
|
||||
sudo apt-get install -y libfuzzy-dev libyajl-dev libgeoip-dev liblua5.2-dev liblmdb-dev cppcheck libmaxminddb-dev libcurl4-openssl-dev
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
submodules: true
|
||||
- name: build.sh
|
||||
run: ./build.sh
|
||||
- name: configure ${{ matrix.configure.label }}
|
||||
run: ./configure ${{ matrix.configure.opt }}
|
||||
- uses: ammaraskar/gcc-problem-matcher@master
|
||||
- name: make
|
||||
run: make -j `nproc`
|
||||
- name: check
|
||||
run: make check
|
||||
- name: check-static
|
||||
run: make check-static
|
||||
|
||||
build-macos:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
os: [macos-10.15]
|
||||
compiler: [clang]
|
||||
configure:
|
||||
- {label: "with parser generation", opt: "--enable-parser-generation" }
|
||||
- {label: "wo curl", opt: "--without-curl" }
|
||||
- {label: "wo yajl", opt: "--without-yajl" }
|
||||
- {label: "wo geoip", opt: "--without-geoip" }
|
||||
- {label: "wo lmdb", opt: "--without-lmdb" }
|
||||
- {label: "wo ssdeep", opt: "--without-ssdeep" }
|
||||
- {label: "wo lua", opt: "--without-lua" }
|
||||
- {label: "wo maxmind", opt: "--without-maxmind" }
|
||||
steps:
|
||||
- name: Setup Dependencies
|
||||
run: |
|
||||
brew install autoconf automake cppcheck lmdb libyaml lua ssdeep libmaxminddb bison
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
submodules: true
|
||||
- name: build.sh
|
||||
run: ./build.sh
|
||||
- name: configure ${{ matrix.configure.label }}
|
||||
run: ./configure ${{ matrix.configure.opt }}
|
||||
- uses: ammaraskar/gcc-problem-matcher@master
|
||||
- name: make
|
||||
run: make -j `sysctl -n hw.logicalcpu`
|
||||
- name: check
|
||||
run: make check
|
||||
- name: check-static
|
||||
run: make check-static
|
|
@ -3,7 +3,7 @@
|
|||
url = https://github.com/SpiderLabs/secrules-language-tests
|
||||
[submodule "others/libinjection"]
|
||||
path = others/libinjection
|
||||
url = https://github.com/client9/libinjection.git
|
||||
url = https://github.com/libinjection/libinjection.git
|
||||
[submodule "bindings/python"]
|
||||
path = bindings/python
|
||||
url = https://github.com/SpiderLabs/ModSecurity-Python-bindings.git
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
dist: trusty
|
||||
sudo: true
|
||||
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- libfuzzy-dev
|
||||
- libyajl-dev
|
||||
- libgeoip-dev
|
||||
- liblua5.2-dev
|
||||
- liblmdb-dev
|
||||
- cppcheck
|
||||
|
||||
language: cpp
|
||||
|
||||
compiler:
|
||||
- clang
|
||||
- gcc
|
||||
|
||||
os:
|
||||
- linux
|
||||
- osx
|
||||
|
||||
env:
|
||||
- OPTS="--enable-parser-generation $OPTS"
|
||||
- OPTS="--without-curl $OPTS"
|
||||
- OPTS="--without-yajl $OPTS"
|
||||
- OPTS="--without-geoip $OPTS"
|
||||
- OPTS="--with-lmdb $OPTS"
|
||||
- OPTS="--without-ssdeep $OPTS"
|
||||
- OPTS="--without-lua $OPTS"
|
||||
- OPTS="--without-maxmind $OPTS"
|
||||
|
||||
before_script:
|
||||
- echo $TRAVIS_OS_NAME
|
||||
- '[ "$TRAVIS_OS_NAME" != osx ] || brew update'
|
||||
- '[ "$TRAVIS_OS_NAME" != osx ] || brew install cppcheck'
|
||||
- '[ "$TRAVIS_OS_NAME" != osx ] || brew install libmaxminddb'
|
||||
- '[ "$TRAVIS_OS_NAME" != osx ] || brew install lmdb'
|
||||
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo add-apt-repository --yes ppa:maxmind/ppa'
|
||||
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-get update'
|
||||
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-cache search maxmind'
|
||||
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-get install -y libmaxminddb-dev'
|
||||
|
||||
script:
|
||||
- ./build.sh
|
||||
- ./configure $OPTS
|
||||
- make parser
|
||||
- make
|
||||
#
|
||||
# Temporarily disabled.
|
||||
# - make -j$(getconf _NPROCESSORS_ONLN)
|
||||
# Leading build to crash with parser enabled.
|
||||
# Not sure why.
|
||||
#
|
||||
- make check
|
||||
- make check-static
|
||||
|
||||
|
||||
|
|
@ -1,3 +1,128 @@
|
|||
v3.x.y - YYYY-MMM-DD (to be released)
|
||||
-------------------------------------
|
||||
|
||||
- Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
|
||||
[Issue #2806 - @hughmcmaster]
|
||||
- During configure, do not check for pcre if pcre2 specified
|
||||
[Issue #2750 - @dvershinin, @martinhsv]
|
||||
- Use pkg-config to find libxml2 first
|
||||
[Issue #2714 - @hughmcmaster]
|
||||
- Fix two rule-reload memory leak issues
|
||||
[Issue #2801 - @Abce, @martinhsv]
|
||||
- Correct whitespace handling for Include directive
|
||||
[Issue #2800 - @877509395, @martinhsv]
|
||||
|
||||
|
||||
v3.0.8 - 2022-Sep-07
|
||||
--------------------
|
||||
|
||||
- Adjust parser activation rules in modsecurity.conf-recommended
|
||||
[Issue #2796 - @terjanq, @martinhsv]
|
||||
- Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
|
||||
[Issue #2795 - @terjanq, @martinhsv]
|
||||
- Prevent LMDB related segfault
|
||||
[Issue #2755, #2761 - @dvershinin]
|
||||
- Fix msc_transaction_cleanup function comment typo
|
||||
[Issue #2788 - @lookat23]
|
||||
- Fix: MULTIPART_INVALID_PART connected to wrong internal variable
|
||||
[Issue #2785 - @martinhsv]
|
||||
- Restore Unique_id to include random portion after timestamp
|
||||
[Issue #2752, #2758 - @datkps11, @martinhsv]
|
||||
|
||||
v3.0.7 - 2022-May-30
|
||||
--------------------
|
||||
|
||||
- Move PCRE2 match block from member variable
|
||||
[@martinhsv]
|
||||
- Add SecArgumentsLimit, 200007 to modsecurity.conf-recommended
|
||||
[Issue #2738 - @jleproust, @martinhsv]
|
||||
- Fix memory leak when concurrent log includes REMOTE_USER
|
||||
[Issue #2727 - @liudongmiao]
|
||||
- Fix LMDB initialization issues
|
||||
[Issue #2688 - @ziollek, @martinhsv]
|
||||
- Fix initcol error message wording
|
||||
[Issue #2732 - @877509395, @martinhsv]
|
||||
- Tolerate other parameters after boundary in multipart C-T
|
||||
[Issue #1900 - @martinhsv]
|
||||
- Add DebugLog message for bad pattern in rx operator
|
||||
[Issue #2723 - @martinhsv]
|
||||
- Support PCRE2
|
||||
[Issue #2668 - @martinhsv]
|
||||
- Support SecRequestBodyNoFilesLimit
|
||||
[Issue #2670 - @airween, @martinhsv]
|
||||
- Fix misuses of LMDB API
|
||||
[Issue #2601, #2602 - @hyc]
|
||||
- Fix duplication typo in code comment
|
||||
[Issue #2677 - @gleydsonsoares]
|
||||
- Add ctl:auditEngine action support
|
||||
[Issue #2606 - @alekravch, @martinhsv]
|
||||
- Fix multiMatch msg, etc, population in audit log
|
||||
[Issue #2573 - @Sachin-M-Desai, @martinhsv]
|
||||
- Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.
|
||||
[Issue #2627, #2648 - @lontchianicet, @victorserbu2709, @martinhsv]
|
||||
- Adjust confusing variable name in setRequestBody method
|
||||
[Issue #2635 - @Mesar-Ali, @martinhsv]
|
||||
- Multipart names/filenames may include single quote if double-quote enclosed
|
||||
[Issue #2352 - @martinhsv]
|
||||
- Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
|
||||
[Issue #2647 - @theMiddleBlue, @airween, @877509395 ,@martinhsv]
|
||||
|
||||
|
||||
v3.0.6 - 2021-Nov-19
|
||||
-------------------------------------
|
||||
|
||||
- Support configurable limit on depth of JSON parsing
|
||||
[@theMiddleBlue, @martinhsv]
|
||||
|
||||
v3.0.5 - 2021-Jul-07
|
||||
--------------------
|
||||
|
||||
- Handle URI received with uri-fragment
|
||||
[@martinhsv]
|
||||
- Having ARGS_NAMES, variables proxied
|
||||
[@zimmerle, @martinhsv, @KaNikita]
|
||||
- Use explicit path for cross-compile environments.
|
||||
[Issue #2485 - @dtoubelis]
|
||||
- Fix: FILES variable does not use multipart part name for key
|
||||
[Issue #2377 - @martinhsv]
|
||||
- Replaces put with setenv in SetEnv action
|
||||
[Issue #2469 - @martinhsv, @WGH-, @zimmerle]
|
||||
- Regression: Mark the test as failed in case of segfault.
|
||||
[@zimmerle]
|
||||
- Regex key selection should not be case-sensitive
|
||||
[Issue #2296, #2107, #2297 - @michaelgranzow-avi, @victorhora,
|
||||
@airween, @martinhsv, @zimmerle]
|
||||
- Fix: Only delete Multipart tmp files after rules have run
|
||||
[Issue #2427 - @martinhsv]
|
||||
- Fixed MatchedVar on chained rules
|
||||
[Issue #2423, #2435, #2436 - @michaelgranzow-avi]
|
||||
- Add support for new operator rxGlobal
|
||||
[@martinhsv]
|
||||
- Fix maxminddb link on FreeBSD
|
||||
[Issue #2131 - @granalberto, @zimmerle]
|
||||
- Fix IP address logging in Section A
|
||||
[Issue #2300 - @inaratech, @zavazingo, @martinhsv]
|
||||
- Adds support to lua 5.4
|
||||
[@zimmerle]
|
||||
- GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
|
||||
[Issues #2378, #2186 - @defanator]
|
||||
- rx: exit after full match (remove /g emulation); ensure capture
|
||||
groups occuring after unused groups still populate TX vars
|
||||
[Issue #2336 - @martinhsv]
|
||||
- Correct CHANGES file entry for #2234
|
||||
- Add support to test framework for audit log content verification
|
||||
and add regression tests for issues #2000, #2196
|
||||
- Support configurable limit on number of arguments processed
|
||||
[Issue #2234 - @jleproust, @martinhsv]
|
||||
- Multipart Content-Dispostion should allow field: filename*=
|
||||
[@martinhsv]
|
||||
- Fix rule-update-target for non-regex
|
||||
[Issue 2251 - @martinhsv]
|
||||
- Fix configure script when packaging for Buildroot
|
||||
[Issue 2235 - @frankvanbever]
|
||||
- modsecurity.pc.in: add Libs.private
|
||||
[Issue #1918, #2253 - @ffontaine, @Dridi, @victorhora]
|
||||
|
||||
v3.0.4 - 2020-Jan-13
|
||||
--------------------
|
||||
|
||||
|
|
|
@ -56,13 +56,17 @@ parser:
|
|||
|
||||
|
||||
cppcheck:
|
||||
@cppcheck \
|
||||
@cppcheck -U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \
|
||||
-D MS_CPPCHECK_DISABLED_FOR_PARSER -U YY_USER_INIT \
|
||||
--suppressions-list=./test/cppcheck_suppressions.txt \
|
||||
--enable=all \
|
||||
--enable=warning,style,performance,portability,unusedFunction,missingInclude \
|
||||
--inconclusive \
|
||||
--template="warning: {file},{line},{severity},{id},{message}" \
|
||||
--std=posix . 2> cppcheck.txt
|
||||
cat cppcheck.txt | grep -v "/ lalr1.cc"
|
||||
-I headers -I . -I others -I src -I others/mbedtls -I src/parser \
|
||||
--error-exitcode=1 \
|
||||
-i "src/parser/seclang-parser.cc" -i "src/parser/seclang-scanner.cc" \
|
||||
--force --verbose .
|
||||
|
||||
|
||||
check-static: cppcheck
|
||||
|
||||
|
@ -92,6 +96,7 @@ TESTS+=test/test-cases/regression/action-ctl_request_body_access.json
|
|||
TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
|
||||
TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json
|
||||
TESTS+=test/test-cases/regression/action-ctl_rule_engine.json
|
||||
TESTS+=test/test-cases/regression/action-ctl_audit_engine.json
|
||||
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json
|
||||
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json
|
||||
TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
|
||||
|
@ -151,7 +156,12 @@ TESTS+=test/test-cases/regression/issue-1943.json
|
|||
TESTS+=test/test-cases/regression/issue-1956.json
|
||||
TESTS+=test/test-cases/regression/issue-1960.json
|
||||
TESTS+=test/test-cases/regression/issue-2099.json
|
||||
TESTS+=test/test-cases/regression/issue-2000.json
|
||||
TESTS+=test/test-cases/regression/issue-2111.json
|
||||
TESTS+=test/test-cases/regression/issue-2196.json
|
||||
TESTS+=test/test-cases/regression/issue-2423-msg-in-chain.json
|
||||
TESTS+=test/test-cases/regression/issue-2427.json
|
||||
TESTS+=test/test-cases/regression/issue-2296.json
|
||||
TESTS+=test/test-cases/regression/issue-394.json
|
||||
TESTS+=test/test-cases/regression/issue-849.json
|
||||
TESTS+=test/test-cases/regression/issue-960.json
|
||||
|
@ -165,6 +175,7 @@ TESTS+=test/test-cases/regression/operator-inpectFile.json
|
|||
TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json
|
||||
TESTS+=test/test-cases/regression/operator-pm.json
|
||||
TESTS+=test/test-cases/regression/operator-rx.json
|
||||
TESTS+=test/test-cases/regression/operator-rxGlobal.json
|
||||
TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json
|
||||
TESTS+=test/test-cases/regression/operator-validate-byte-range.json
|
||||
TESTS+=test/test-cases/regression/operator-verifycc.json
|
||||
|
@ -180,6 +191,7 @@ TESTS+=test/test-cases/regression/rule-920120.json
|
|||
TESTS+=test/test-cases/regression/rule-920200.json
|
||||
TESTS+=test/test-cases/regression/rule-920274.json
|
||||
TESTS+=test/test-cases/regression/secaction.json
|
||||
TESTS+=test/test-cases/regression/secargumentslimit.json
|
||||
TESTS+=test/test-cases/regression/sec_component_signature.json
|
||||
TESTS+=test/test-cases/regression/secmarker.json
|
||||
TESTS+=test/test-cases/regression/secruleengine.json
|
||||
|
@ -213,6 +225,7 @@ TESTS+=test/test-cases/regression/variable-MULTIPART_CRLF_LF_LINES.json
|
|||
TESTS+=test/test-cases/regression/variable-MULTIPART_FILENAME.json
|
||||
TESTS+=test/test-cases/regression/variable-MULTIPART_INVALID_HEADER_FOLDING.json
|
||||
TESTS+=test/test-cases/regression/variable-MULTIPART_NAME.json
|
||||
TESTS+=test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json
|
||||
TESTS+=test/test-cases/regression/variable-MULTIPART_STRICT_ERROR.json
|
||||
TESTS+=test/test-cases/regression/variable-MULTIPART_UNMATCHED_BOUNDARY.json
|
||||
TESTS+=test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json
|
||||
|
@ -283,6 +296,7 @@ TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json
|
|||
TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json
|
||||
TESTS+=test/test-cases/secrules-language-tests/operators/pm.json
|
||||
TESTS+=test/test-cases/secrules-language-tests/operators/rx.json
|
||||
TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json
|
||||
TESTS+=test/test-cases/secrules-language-tests/operators/streq.json
|
||||
TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json
|
||||
TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
|
||||
<img src="https://github.com/SpiderLabs/ModSecurity/raw/v3/master/others/modsec.png" width="50%">
|
||||
|
||||
[![Build Status](https://travis-ci.org/SpiderLabs/ModSecurity.svg?branch=v3/master)](https://travis-ci.org/SpiderLabs/ModSecurity)
|
||||
[![](https://raw.githubusercontent.com/ZenHubIO/support/master/zenhub-badge.png)](https://zenhub.com)
|
||||
![Quality Assurance](https://github.com/SpiderLabs/ModSecurity/workflows/Quality%20Assurance/badge.svg)
|
||||
[![Build Status](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=alert_status)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
[![](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=sqale_rating
|
||||
)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
|
@ -21,26 +20,26 @@ and applying traditional ModSecurity processing. In general, it provides the
|
|||
capability to load/interpret rules written in the ModSecurity SecRules format
|
||||
and apply them to HTTP content provided by your application via Connectors.
|
||||
|
||||
If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenence and available:
|
||||
If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenance and available:
|
||||
[here](https://github.com/SpiderLabs/ModSecurity/tree/v2/master).
|
||||
|
||||
### What is the difference between this project and the old ModSecurity (v2.x.x)?
|
||||
|
||||
* All Apache dependences have been removed
|
||||
* All Apache dependencies have been removed
|
||||
* Higher performance
|
||||
* New features
|
||||
* New architecture
|
||||
|
||||
Libmodsecurity is a complete rewrite of the ModSecurity platform. When it was first devised the ModSecurity project started as just an Apache module. Over time the project has been extended, due to popular demand, to support other platforms including (but not limited to) Nginx and IIS. In order to provide for the growing demand for additional platform support, it has became necessary to remove the Apache dependencies underlying this project, making it more platform independent.
|
||||
|
||||
As a result of this goal we have rearchitechted Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opprotunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to nativly support auditlogs in the JSON format, along with a host of other functionality in future versions.
|
||||
As a result of this goal we have rearchitected Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opportunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to natively support auditlogs in the JSON format, along with a host of other functionality in future versions.
|
||||
|
||||
|
||||
### It is no longer just a module.
|
||||
|
||||
The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it undersands. Each of these connectors is maintained as a seperate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
|
||||
The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
|
||||
|
||||
Keeping these connectors seperated allows each project to be have different release cycles, issues and development trees. Addtionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
|
||||
Keeping these connectors separated allows each project to have different release cycles, issues and development trees. Additionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
|
||||
|
||||
# Compilation
|
||||
|
||||
|
@ -78,7 +77,7 @@ Windows build is not ready yet.
|
|||
## Dependencies
|
||||
|
||||
This library is written in C++ using the C++11 standards. It also uses Flex
|
||||
and Yacc to produce the “Sec Rules Language” parser. Other, manditory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet manditory) for processing regular expressions in SecRules, and libXML2 (not yet manditory) which is used for parsing XML requests.
|
||||
and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests.
|
||||
|
||||
All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows:
|
||||
|
||||
|
@ -97,7 +96,7 @@ The library provides a C++ and C interface. Some resources are currently only
|
|||
available via the C++ interface, for instance, the capability to create custom logging
|
||||
mechanism (see the regression test to check for how those logging mechanism works).
|
||||
The objective is to have both APIs (C, C++) providing the same functionality,
|
||||
if you find an aspect of the API that is missing via a perticular interface, please open an issue.
|
||||
if you find an aspect of the API that is missing via a particular interface, please open an issue.
|
||||
|
||||
Inside the subfolder examples, there are simple examples on how to use the API.
|
||||
Below some are illustrated:
|
||||
|
@ -168,7 +167,7 @@ are willing to help with.
|
|||
|
||||
## Providing patches
|
||||
|
||||
We prefer to have your patch within the GtiHub infrastructure to facilitate our
|
||||
We prefer to have your patch within the GitHub infrastructure to facilitate our
|
||||
review work, and our Q.A. integration. GitHub provides excellent
|
||||
documentation on how to perform “Pull Requests”, more information available
|
||||
here: https://help.github.com/articles/using-pull-requests/
|
||||
|
@ -199,7 +198,7 @@ A TODO list is also available as part of the Doxygen documentation.
|
|||
|
||||
Along with the manual testing, we strongly recommend you to use the our
|
||||
regression tests and unit tests. If you have implemented an operator, don’t
|
||||
forget to create unit tests for it. If you impliment anything else, it is encouraged that you develop complimentary regression tests for it.
|
||||
forget to create unit tests for it. If you implement anything else, it is encouraged that you develop complimentary regression tests for it.
|
||||
|
||||
The regression test and unit test utilities are native and do not demand any
|
||||
external tool or script, although you need to fetch the test cases from other
|
||||
|
@ -222,7 +221,7 @@ Before start the debugging process, make sure of where your bug is. The problem
|
|||
could be on your connector or in libmodsecurity. In order to identify where the
|
||||
bug is, it is recommended that you develop a regression test that mimics the
|
||||
scenario where the bug is happening. If the bug is reproducible with the
|
||||
regression-test utility, then it will be far simpliar to debug and ensure that it never occurs again. On Linux it is
|
||||
regression-test utility, then it will be far simpler to debug and ensure that it never occurs again. On Linux it is
|
||||
recommended that anyone undertaking debugging utilize gdb and/or valgrind as needed.
|
||||
|
||||
During the configuration/compilation time, you may want to disable the compiler
|
||||
|
@ -263,15 +262,15 @@ new issue, please check if there is one already opened on the same topic.
|
|||
|
||||
## Bindings
|
||||
|
||||
The libModSecurity design allows the integration with bindings. There is an effort to avoid brake the API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
|
||||
The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
|
||||
* Python - https://github.com/actions-security/pymodsecurity
|
||||
* Varnish - https://github.com/xdecock/vmod-modsecurity
|
||||
|
||||
## Packing
|
||||
## Packaging
|
||||
|
||||
Having our packages in distros on time is a desire that we have, so let us know
|
||||
if there is anything we can do to facilitate your work as a packager.
|
||||
|
||||
## Sponsor Note
|
||||
|
||||
|
||||
|
||||
Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
The latest versions of both v2.9.x and v3.0.x are supported.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
For information on how to report a security issue, please see https://github.com/SpiderLabs/ModSecurity#security-issue
|
|
@ -17,7 +17,7 @@ AC_DEFUN([CHECK_CURL], [
|
|||
|
||||
AC_ARG_WITH(
|
||||
curl,
|
||||
[AC_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
|
||||
[AS_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
|
||||
[test_paths="${with_curl}"],
|
||||
[test_paths="/usr/local/libcurl /usr/local/curl /usr/local /opt/libcurl /opt/curl /opt /usr"])
|
||||
|
||||
|
|
|
@ -9,11 +9,6 @@ dnl GEOIP_VERSION
|
|||
|
||||
AC_DEFUN([PROG_GEOIP], [
|
||||
|
||||
|
||||
# Needed if pkg-config will be used.
|
||||
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
|
||||
|
||||
# Possible names for the geoip library/package (pkg-config)
|
||||
GEOIP_POSSIBLE_LIB_NAMES="geoip2 geoip GeoIP"
|
||||
|
||||
|
|
|
@ -9,13 +9,8 @@ dnl MAXMIND_VERSION
|
|||
|
||||
AC_DEFUN([PROG_MAXMIND], [
|
||||
|
||||
|
||||
# Needed if pkg-config will be used.
|
||||
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
|
||||
|
||||
# Possible names for the maxmind library/package (pkg-config)
|
||||
MAXMIND_POSSIBLE_LIB_NAMES="libmaxminddb maxminddb maxmind"
|
||||
MAXMIND_POSSIBLE_LIB_NAMES="maxminddb maxmind"
|
||||
|
||||
# Possible extensions for the library
|
||||
MAXMIND_POSSIBLE_EXTENSIONS="so la sl dll dylib"
|
||||
|
|
|
@ -4,20 +4,7 @@ dnl Sets:
|
|||
dnl LIBXML2_CFLAGS
|
||||
dnl LIBXML2_LIBS
|
||||
|
||||
LIBXML2_CONFIG=""
|
||||
LIBXML2_VERSION=""
|
||||
LIBXML2_CFLAGS=""
|
||||
LIBXML2_CPPFLAGS=""
|
||||
LIBXML2_LDADD=""
|
||||
LIBXML2_LDFLAGS=""
|
||||
|
||||
AC_DEFUN([CHECK_LIBXML2], [
|
||||
|
||||
AC_ARG_WITH(
|
||||
libxml,
|
||||
[AC_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
|
||||
[test_paths="${with_libxml}"],
|
||||
[test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
|
||||
AC_DEFUN([CHECK_XML2CONFIG], [
|
||||
|
||||
AC_MSG_CHECKING([for libxml2 config script])
|
||||
|
||||
|
@ -58,19 +45,56 @@ if test -n "${libxml2_path}"; then
|
|||
LIBXML2_LDADD="`${LIBXML2_CONFIG} --libs`"
|
||||
if test ! -z "${LIBXML2_LDADD}"; then AC_MSG_NOTICE(xml LDADD: $LIBXML2_LDADD); fi
|
||||
|
||||
AC_MSG_CHECKING([if libxml2 is at least v2.6.29])
|
||||
libxml2_min_ver=`echo 2.6.29 | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
|
||||
AC_MSG_CHECKING([if libxml2 is at least v${LIBXML2_MIN_VERSION}])
|
||||
libxml2_min_ver=`echo ${LIBXML2_MIN_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
|
||||
libxml2_ver=`echo ${LIBXML2_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
|
||||
if test "$libxml2_ver" -ge "$libxml2_min_ver"; then
|
||||
AC_MSG_RESULT([yes, $LIBXML2_VERSION])
|
||||
else
|
||||
AC_MSG_RESULT([no, $LIBXML2_VERSION])
|
||||
AC_MSG_ERROR([NOTE: libxml2 library must be at least 2.6.29])
|
||||
AC_MSG_ERROR([NOTE: libxml2 library must be at least ${LIBXML2_MIN_VERSION}])
|
||||
fi
|
||||
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
])
|
||||
|
||||
AC_DEFUN([CHECK_LIBXML2], [
|
||||
|
||||
AC_ARG_WITH(
|
||||
libxml,
|
||||
[AS_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
|
||||
[test_paths="${with_libxml}"],
|
||||
[test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
|
||||
|
||||
LIBXML2_MIN_VERSION="2.6.29"
|
||||
LIBXML2_PKG_NAME="libxml-2.0"
|
||||
LIBXML2_CONFIG=""
|
||||
LIBXML2_VERSION=""
|
||||
LIBXML2_CFLAGS=""
|
||||
LIBXML2_CPPFLAGS=""
|
||||
LIBXML2_LDADD=""
|
||||
LIBXML2_LDFLAGS=""
|
||||
|
||||
if test "x${with_libxml}" != "xno"; then
|
||||
if test -n "${PKG_CONFIG}"; then
|
||||
AC_MSG_CHECKING([for libxml2 >= ${LIBXML2_MIN_VERSION} via pkg-config])
|
||||
if `${PKG_CONFIG} --exists "${LIBXML2_PKG_NAME} >= ${LIBXML2_MIN_VERSION}"`; then
|
||||
LIBXML2_VERSION="`${PKG_CONFIG} --modversion ${LIBXML2_PKG_NAME}`"
|
||||
LIBXML2_CFLAGS="`${PKG_CONFIG} --cflags ${LIBXML2_PKG_NAME}` -DWITH_LIBXML2"
|
||||
LIBXML2_LDADD="`${PKG_CONFIG} --libs-only-l ${LIBXML2_PKG_NAME}`"
|
||||
LIBXML2_LDFLAGS="`${PKG_CONFIG} --libs-only-L --libs-only-other ${LIBXML2_PKG_NAME}`"
|
||||
AC_MSG_RESULT([found version ${LIBXML2_VERSION}])
|
||||
else
|
||||
AC_MSG_RESULT([not found])
|
||||
fi
|
||||
fi
|
||||
|
||||
if test -z "${LIBXML2_VERSION}"; then
|
||||
CHECK_XML2CONFIG
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBXML2_CONFIG)
|
||||
AC_SUBST(LIBXML2_VERSION)
|
||||
|
|
|
@ -3,10 +3,6 @@ dnl CHECK_LMDB(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
|
|||
|
||||
AC_DEFUN([PROG_LMDB], [
|
||||
|
||||
# Needed if pkg-config will be used.LMDB
|
||||
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
|
||||
|
||||
# Possible names for the lmdb library/package (pkg-config)
|
||||
LMDB_POSSIBLE_LIB_NAMES="lmdb"
|
||||
|
||||
|
@ -25,10 +21,7 @@ LMDB_LDFLAGS=""
|
|||
|
||||
AC_ARG_WITH(
|
||||
lmdb,
|
||||
AC_HELP_STRING(
|
||||
[--with-lmdb=PATH],
|
||||
[Path to lmdb prefix or config script]
|
||||
)
|
||||
[AS_HELP_STRING([--with-lmdb=PATH],[Path to lmdb prefix or config script])]
|
||||
)
|
||||
|
||||
if test "x${with_lmdb}" == "xno"; then
|
||||
|
|
|
@ -6,13 +6,13 @@ AC_DEFUN([CHECK_LUA],
|
|||
[dnl
|
||||
|
||||
# Possible names for the lua library/package (pkg-config)
|
||||
LUA_POSSIBLE_LIB_NAMES="luajit luajit-5.1 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
|
||||
LUA_POSSIBLE_LIB_NAMES="lua54 lua5.4 lua-5.4 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
|
||||
|
||||
# Possible extensions for the library
|
||||
LUA_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
|
||||
LUA_POSSIBLE_EXTENSIONS="so la sl dll dylib"
|
||||
|
||||
# Possible paths (if pkg-config was not found, proceed with the file lookup)
|
||||
LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local"
|
||||
LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local /usr/lib/lua5.3/liblua /usr/lib/lua5.2/liblua"
|
||||
|
||||
# Variables to be set by this very own script.
|
||||
LUA_CFLAGS=""
|
||||
|
@ -22,10 +22,7 @@ LUA_DISPLAY=""
|
|||
|
||||
AC_ARG_WITH(
|
||||
lua,
|
||||
AC_HELP_STRING(
|
||||
[--with-lua=PATH],
|
||||
[Path to lua prefix]
|
||||
)
|
||||
[AS_HELP_STRING([--with-lua=PATH],[Path to lua prefix])]
|
||||
)
|
||||
|
||||
|
||||
|
@ -68,6 +65,8 @@ else
|
|||
case $LUA_PKG_VERSION in
|
||||
(5.1*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
|
||||
(5.2*) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
|
||||
(5.3*) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
|
||||
(5.4*) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
|
||||
(2.0*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
|
||||
(2.1*) LUA_CFLAGS="-DWITH_LUA_5_1 -DWITH_LUA_JIT_2_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
|
||||
esac
|
||||
|
@ -162,6 +161,9 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
|
|||
lua_inc_path="${path}"
|
||||
elif test -e "${path}/include/lua/lua.h"; then
|
||||
lua_inc_path="${path}/include/lua"
|
||||
elif test -e "${path}/include/lua5.4/lua.h"; then
|
||||
lua_inc_path="${path}/include/lua5.4"
|
||||
LUA_VERSION=504
|
||||
elif test -e "${path}/include/lua5.3/lua.h"; then
|
||||
lua_inc_path="${path}/include/lua5.3"
|
||||
LUA_VERSION=503
|
||||
|
@ -207,6 +209,14 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
|
|||
#endif ],
|
||||
[ LUA_VERSION=502 ], [ lua_5_2=0 ]
|
||||
)
|
||||
AC_TRY_COMPILE([ #include <lua.h> ],
|
||||
[ #if (LUA_VERSION_NUM == 504)
|
||||
return 0;
|
||||
#else
|
||||
#error Lua 5.4 not detected
|
||||
#endif ],
|
||||
[ LUA_VERSION=504 ], [ lua_5_4=0 ]
|
||||
)
|
||||
|
||||
if test -z "${LUA_VERSION}" ; then
|
||||
# As a last resort, try to find LUA version from $lua_inc_path
|
||||
|
@ -214,8 +224,9 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
|
|||
do
|
||||
case "$line" in
|
||||
(\#define\ LUA_VERSION_NUM*501*) LUA_VERSION=501 ;;
|
||||
(\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=501 ;;
|
||||
(\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503
|
||||
(\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=502 ;;
|
||||
(\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503 ;;
|
||||
(\#define\ LUA_VERSION_NUM*504*) LUA_VERSION=504
|
||||
esac
|
||||
done <"${lua_inc_path}/lua.h"
|
||||
AC_MSG_NOTICE([LUA_VERSION is ${LUA_VERSION} found at: ${lua_inc_path}])
|
||||
|
@ -226,6 +237,8 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
|
|||
case $LUA_VERSION in
|
||||
(501) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
|
||||
(502) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
|
||||
(503) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
|
||||
(504) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
|
|
@ -17,93 +17,97 @@ AC_DEFUN([CHECK_PCRE],
|
|||
|
||||
AC_ARG_WITH(
|
||||
pcre,
|
||||
[AC_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
|
||||
[AS_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
|
||||
[test_paths="${with_pcre}"],
|
||||
[test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"])
|
||||
|
||||
AC_MSG_CHECKING([for libpcre config script])
|
||||
if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then
|
||||
AC_MSG_NOTICE([pcre2 specified; omitting check for pcre])
|
||||
else
|
||||
|
||||
for x in ${test_paths}; do
|
||||
dnl # Determine if the script was specified and use it directly
|
||||
if test ! -d "$x" -a -e "$x"; then
|
||||
PCRE_CONFIG=$x
|
||||
pcre_path="no"
|
||||
break
|
||||
fi
|
||||
AC_MSG_CHECKING([for libpcre config script])
|
||||
|
||||
dnl # Try known config script names/locations
|
||||
for PCRE_CONFIG in pcre-config; do
|
||||
if test -e "${x}/bin/${PCRE_CONFIG}"; then
|
||||
pcre_path="${x}/bin"
|
||||
for x in ${test_paths}; do
|
||||
dnl # Determine if the script was specified and use it directly
|
||||
if test ! -d "$x" -a -e "$x"; then
|
||||
PCRE_CONFIG=$x
|
||||
pcre_path="no"
|
||||
break
|
||||
elif test -e "${x}/${PCRE_CONFIG}"; then
|
||||
pcre_path="${x}"
|
||||
fi
|
||||
|
||||
dnl # Try known config script names/locations
|
||||
for PCRE_CONFIG in pcre-config; do
|
||||
if test -e "${x}/bin/${PCRE_CONFIG}"; then
|
||||
pcre_path="${x}/bin"
|
||||
break
|
||||
elif test -e "${x}/${PCRE_CONFIG}"; then
|
||||
pcre_path="${x}"
|
||||
break
|
||||
else
|
||||
pcre_path=""
|
||||
fi
|
||||
done
|
||||
if test -n "$pcre_path"; then
|
||||
break
|
||||
else
|
||||
pcre_path=""
|
||||
fi
|
||||
done
|
||||
if test -n "$pcre_path"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if test -n "${pcre_path}"; then
|
||||
if test "${pcre_path}" != "no"; then
|
||||
PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
|
||||
fi
|
||||
AC_MSG_RESULT([${PCRE_CONFIG}])
|
||||
PCRE_VERSION="`${PCRE_CONFIG} --version`"
|
||||
if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
|
||||
PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
|
||||
if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
|
||||
PCRE_LDADD="`${PCRE_CONFIG} --libs`"
|
||||
if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
|
||||
PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
|
||||
if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
|
||||
if test -n "${PCRE_VERSION}"; then
|
||||
AC_MSG_CHECKING(for PCRE JIT)
|
||||
save_CFLAGS=$CFLAGS
|
||||
save_LDFLAGS=$LDFLAGS
|
||||
CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
|
||||
LDFLAGS="${LDFLAGS} ${PCRE_LDADD}"
|
||||
AC_TRY_COMPILE([ #include <stdio.h>
|
||||
#include <pcre.h> ],
|
||||
[ int jit = 0;
|
||||
pcre_free_study(NULL);
|
||||
pcre_config(PCRE_CONFIG_JIT, &jit);
|
||||
if (jit != 1) return 1; ],
|
||||
[ pcre_jit_available=yes ], [:]
|
||||
)
|
||||
|
||||
if test "x$pcre_jit_available" = "xyes"; then
|
||||
AC_MSG_RESULT(yes)
|
||||
PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
|
||||
if test -n "${pcre_path}"; then
|
||||
if test "${pcre_path}" != "no"; then
|
||||
PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
|
||||
fi
|
||||
AC_MSG_RESULT([${PCRE_CONFIG}])
|
||||
PCRE_VERSION="`${PCRE_CONFIG} --version`"
|
||||
if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
|
||||
PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
|
||||
if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
|
||||
PCRE_LDADD="`${PCRE_CONFIG} --libs`"
|
||||
if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
|
||||
PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
|
||||
if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
CFLAGS=$save_CFLAGS
|
||||
LDFLAGS=$save_$LDFLAGS
|
||||
|
||||
if test -n "${PCRE_VERSION}"; then
|
||||
AC_MSG_CHECKING(for PCRE JIT)
|
||||
save_CFLAGS=$CFLAGS
|
||||
save_LDFLAGS=$LDFLAGS
|
||||
save_LIBS=$LIBS
|
||||
CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
|
||||
LDFLAGS="${PCRE_LDADD} ${LDFLAGS}"
|
||||
LIBS="${PCRE_LDADD} ${LIBS}"
|
||||
AC_TRY_LINK([ #include <pcre.h> ],
|
||||
[ pcre_jit_exec(NULL, NULL, NULL, 0, 0, 0, NULL, 0, NULL); ],
|
||||
[ pcre_jit_available=yes ], [:]
|
||||
)
|
||||
|
||||
if test "x$pcre_jit_available" = "xyes"; then
|
||||
AC_MSG_RESULT(yes)
|
||||
PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
CFLAGS=$save_CFLAGS
|
||||
LDFLAGS=$save_LDFLAGS
|
||||
LIBS=$save_LIBS
|
||||
fi
|
||||
|
||||
AC_SUBST(PCRE_CONFIG)
|
||||
AC_SUBST(PCRE_VERSION)
|
||||
AC_SUBST(PCRE_CPPFLAGS)
|
||||
AC_SUBST(PCRE_CFLAGS)
|
||||
AC_SUBST(PCRE_LDFLAGS)
|
||||
AC_SUBST(PCRE_LDADD)
|
||||
AC_SUBST(PCRE_LD_PATH)
|
||||
|
||||
if test -z "${PCRE_VERSION}"; then
|
||||
AC_MSG_NOTICE([*** pcre library not found.])
|
||||
ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
|
||||
else
|
||||
AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
|
||||
ifelse([$1], , , $1)
|
||||
PCRE_LDADD="${PCRE_LDADD} -lpcre"
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(PCRE_CONFIG)
|
||||
AC_SUBST(PCRE_VERSION)
|
||||
AC_SUBST(PCRE_CPPFLAGS)
|
||||
AC_SUBST(PCRE_CFLAGS)
|
||||
AC_SUBST(PCRE_LDFLAGS)
|
||||
AC_SUBST(PCRE_LDADD)
|
||||
AC_SUBST(PCRE_LD_PATH)
|
||||
|
||||
if test -z "${PCRE_VERSION}"; then
|
||||
AC_MSG_NOTICE([*** pcre library not found.])
|
||||
ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
|
||||
else
|
||||
AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
|
||||
ifelse([$1], , , $1)
|
||||
PCRE_LDADD="${PCRE_LDADD} -lpcre"
|
||||
fi
|
||||
])
|
||||
|
|
|
@ -0,0 +1,180 @@
|
|||
dnl Check for PCRE2 Libraries
|
||||
dnl CHECK_PCRE2(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
|
||||
|
||||
AC_DEFUN([PROG_PCRE2], [
|
||||
|
||||
# Possible names for the pcre2 library/package (pkg-config)
|
||||
PCRE2_POSSIBLE_LIB_NAMES="pcre2 pcre2-8"
|
||||
|
||||
# Possible extensions for the library
|
||||
PCRE2_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
|
||||
|
||||
# Possible paths (if pkg-config was not found, proceed with the file lookup)
|
||||
PCRE2_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/libpcre2-8 /usr/local/pcre2 /usr/local /opt/libpcre2-8 /opt/pcre2 /opt /usr /usr/lib64 /opt/local"
|
||||
|
||||
# Variables to be set by this very own script.
|
||||
PCRE2_VERSION=""
|
||||
PCRE2_CFLAGS=""
|
||||
PCRE2_CPPFLAGS=""
|
||||
PCRE2_LDADD=""
|
||||
PCRE2_LDFLAGS=""
|
||||
|
||||
AC_ARG_WITH(
|
||||
pcre2,
|
||||
[AS_HELP_STRING([--with-pcre2=PATH],[Path to pcre2 prefix or config script])]
|
||||
)
|
||||
|
||||
if test "x${with_pcre2}" == "xno"; then
|
||||
AC_DEFINE(HAVE_PCRE2, 0, [Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
|
||||
AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
|
||||
PCRE2_DISABLED=yes
|
||||
else
|
||||
if test "x${with_pcre2}" == "xyes"; then
|
||||
PCRE2_MANDATORY=yes
|
||||
AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
|
||||
fi
|
||||
# for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
|
||||
# CHECK_FOR_PCRE2_AT(${x})
|
||||
# if test -n "${PCRE2_VERSION}"; then
|
||||
# break
|
||||
# fi
|
||||
# done
|
||||
|
||||
# if test "x${with_pcre2}" != "xyes" or test "x${with_pcre2}" == "xyes"; then
|
||||
if test "x${with_pcre2}" == "x" || test "x${with_pcre2}" == "xyes"; then
|
||||
# Nothing about PCRE2 was informed, using the pkg-config to figure things out.
|
||||
if test -n "${PKG_CONFIG}"; then
|
||||
PCRE2_PKG_NAME=""
|
||||
for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
|
||||
if ${PKG_CONFIG} --exists ${x}; then
|
||||
PCRE2_PKG_NAME="$x"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
AC_MSG_NOTICE([Nothing about PCRE2 was informed during the configure phase. Trying to detect it on the platform...])
|
||||
if test -n "${PCRE2_PKG_NAME}"; then
|
||||
# Package was found using the pkg-config scripts
|
||||
PCRE2_VERSION="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --modversion`"
|
||||
PCRE2_CFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --cflags`"
|
||||
PCRE2_LDADD="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-l`"
|
||||
PCRE2_LDFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-L --libs-only-other`"
|
||||
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
|
||||
else
|
||||
# If pkg-config did not find anything useful, go over file lookup.
|
||||
for x in ${PCRE2_POSSIBLE_PATHS}; do
|
||||
CHECK_FOR_PCRE2_AT(${x})
|
||||
if test -n "${PCRE2_VERSION}"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
if test "x${with_pcre2}" != "x"; then
|
||||
# An specific path was informed, lets check.
|
||||
PCRE2_MANDATORY=yes
|
||||
CHECK_FOR_PCRE2_AT(${with_pcre2})
|
||||
fi
|
||||
# fi
|
||||
fi
|
||||
|
||||
if test -z "${PCRE2_LDADD}"; then
|
||||
if test -z "${PCRE2_MANDATORY}"; then
|
||||
if test -z "${PCRE2_DISABLED}"; then
|
||||
AC_MSG_NOTICE([PCRE2 library was not found])
|
||||
PCRE2_FOUND=0
|
||||
else
|
||||
PCRE2_FOUND=2
|
||||
fi
|
||||
else
|
||||
AC_MSG_ERROR([PCRE2 was explicitly referenced but it was not found])
|
||||
PCRE2_FOUND=-1
|
||||
fi
|
||||
else
|
||||
if test -z "${PCRE2_MANDATORY}"; then
|
||||
PCRE2_FOUND=2
|
||||
AC_MSG_NOTICE([PCRE2 is disabled by default.])
|
||||
else
|
||||
PCRE2_FOUND=1
|
||||
AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}])
|
||||
PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}"
|
||||
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
|
||||
AC_SUBST(PCRE2_VERSION)
|
||||
AC_SUBST(PCRE2_LDADD)
|
||||
AC_SUBST(PCRE2_LIBS)
|
||||
AC_SUBST(PCRE2_LDFLAGS)
|
||||
AC_SUBST(PCRE2_CFLAGS)
|
||||
AC_SUBST(PCRE2_DISPLAY)
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
AC_SUBST(PCRE2_FOUND)
|
||||
|
||||
]) # AC_DEFUN [PROG_PCRE2]
|
||||
|
||||
|
||||
AC_DEFUN([CHECK_FOR_PCRE2_AT], [
|
||||
path=$1
|
||||
echo "*** LOOKING AT PATH: " ${path}
|
||||
for y in ${PCRE2_POSSIBLE_EXTENSIONS}; do
|
||||
for z in ${PCRE2_POSSIBLE_LIB_NAMES}; do
|
||||
if test -e "${path}/${z}.${y}"; then
|
||||
pcre2_lib_path="${path}/"
|
||||
pcre2_lib_name="${z}"
|
||||
pcre2_lib_file="${pcre2_lib_path}/${z}.${y}"
|
||||
break
|
||||
fi
|
||||
if test -e "${path}/lib${z}.${y}"; then
|
||||
pcre2_lib_path="${path}/"
|
||||
pcre2_lib_name="${z}"
|
||||
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
|
||||
break
|
||||
fi
|
||||
if test -e "${path}/lib/lib${z}.${y}"; then
|
||||
pcre2_lib_path="${path}/lib/"
|
||||
pcre2_lib_name="${z}"
|
||||
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
|
||||
break
|
||||
fi
|
||||
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
|
||||
pcre2_lib_path="${path}/lib/x86_64-linux-gnu/"
|
||||
pcre2_lib_name="${z}"
|
||||
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
|
||||
break
|
||||
fi
|
||||
if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
|
||||
pcre2_lib_path="${path}/lib/i386-linux-gnu/"
|
||||
pcre2_lib_name="${z}"
|
||||
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
if test -n "$pcre2_lib_path"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
if test -e "${path}/include/pcre2.h"; then
|
||||
pcre2_inc_path="${path}/include"
|
||||
elif test -e "${path}/pcre2.h"; then
|
||||
pcre2_inc_path="${path}"
|
||||
elif test -e "${path}/include/pcre2/pcre2.h"; then
|
||||
pcre2_inc_path="${path}/include"
|
||||
fi
|
||||
|
||||
if test -n "${pcre2_lib_path}"; then
|
||||
AC_MSG_NOTICE([PCRE2 library found at: ${pcre2_lib_file}])
|
||||
fi
|
||||
|
||||
if test -n "${pcre2_inc_path}"; then
|
||||
AC_MSG_NOTICE([PCRE2 headers found at: ${pcre2_inc_path}])
|
||||
fi
|
||||
|
||||
if test -n "${pcre2_lib_path}" -a -n "${pcre2_inc_path}"; then
|
||||
# TODO: Compile a piece of code to check the version.
|
||||
PCRE2_CFLAGS="-I${pcre2_inc_path}"
|
||||
PCRE2_LDADD="-l${pcre2_lib_name}"
|
||||
PCRE2_LDFLAGS="-L${pcre2_lib_path}"
|
||||
PCRE2_DISPLAY="${pcre2_lib_file}, ${pcre2_inc_path}"
|
||||
fi
|
||||
]) # AC_DEFUN [CHECK_FOR_PCRE2_AT]
|
|
@ -22,10 +22,7 @@ SSDEEP_DISPLAY=""
|
|||
|
||||
AC_ARG_WITH(
|
||||
ssdeep,
|
||||
AC_HELP_STRING(
|
||||
[--with-ssdeep=PATH],
|
||||
[Path to ssdeep prefix]
|
||||
)
|
||||
[AS_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])]
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -3,10 +3,6 @@ dnl CHECK_YAJL(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
|
|||
|
||||
AC_DEFUN([PROG_YAJL], [
|
||||
|
||||
# Needed if pkg-config will be used.
|
||||
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
|
||||
|
||||
# Possible names for the yajl library/package (pkg-config)
|
||||
YAJL_POSSIBLE_LIB_NAMES="yajl2 yajl"
|
||||
|
||||
|
@ -25,20 +21,17 @@ YAJL_LDFLAGS=""
|
|||
|
||||
AC_ARG_WITH(
|
||||
yajl,
|
||||
AC_HELP_STRING(
|
||||
[--with-yajl=PATH],
|
||||
[Path to yajl prefix or config script]
|
||||
)
|
||||
[AS_HELP_STRING([--with-yajl=PATH],[Path to yajl prefix or config script])]
|
||||
)
|
||||
|
||||
if test "x${with_yajl}" == "xno"; then
|
||||
AC_DEFINE(HAVE_GEOIP, 0, [Support for GeoIP was disabled by the utilization of --without-yajl or --with-yajl=no])
|
||||
AC_MSG_NOTICE([Support for GeoIP was disabled by the utilization of --without-yajl or --with-yajl=no])
|
||||
AC_DEFINE(HAVE_YAJL, 0, [Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
|
||||
AC_MSG_NOTICE([Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
|
||||
YAJL_DISABLED=yes
|
||||
else
|
||||
if test "x${with_yajl}" == "xyes"; then
|
||||
YAJL_MANDATORY=yes
|
||||
AC_MSG_NOTICE([GeoIP support was marked as mandatory by the utilization of --with-yajl=yes])
|
||||
AC_MSG_NOTICE([YAJL support was marked as mandatory by the utilization of --with-yajl=yes])
|
||||
fi
|
||||
# for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
|
||||
# CHECK_FOR_YAJL_AT(${x})
|
||||
|
@ -49,7 +42,7 @@ else
|
|||
|
||||
# if test "x${with_yajl}" != "xyes" or test "x${with_yajl}" == "xyes"; then
|
||||
if test "x${with_yajl}" == "x" || test "x${with_yajl}" == "xyes"; then
|
||||
# Nothing about GeoIP was informed, using the pkg-config to figure things out.
|
||||
# Nothing about YAJL was informed, using the pkg-config to figure things out.
|
||||
if test -n "${PKG_CONFIG}"; then
|
||||
YAJL_PKG_NAME=""
|
||||
for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
|
||||
|
@ -59,7 +52,7 @@ else
|
|||
fi
|
||||
done
|
||||
fi
|
||||
AC_MSG_NOTICE([Nothing about GeoIP was informed during the configure phase. Trying to detect it on the platform...])
|
||||
AC_MSG_NOTICE([Nothing about YAJL was informed during the configure phase. Trying to detect it on the platform...])
|
||||
if test -n "${YAJL_PKG_NAME}"; then
|
||||
# Package was found using the pkg-config scripts
|
||||
YAJL_VERSION="`${PKG_CONFIG} ${YAJL_PKG_NAME} --modversion`"
|
||||
|
|
|
@ -49,13 +49,14 @@ AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
|
|||
AC_PROG_CXX
|
||||
AM_PROG_AR
|
||||
AC_PROG_MAKE_SET
|
||||
PKG_PROG_PKG_CONFIG
|
||||
|
||||
|
||||
# Check if the compiler is c++11 compatible.
|
||||
# AX_CXX_COMPILE_STDCXX_11(,mandatory)
|
||||
|
||||
# Check for libinjection
|
||||
if ! test -f "others/libinjection/src/libinjection_html5.c"; then
|
||||
if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then
|
||||
AC_MSG_ERROR([\
|
||||
|
||||
|
||||
|
@ -128,6 +129,13 @@ CHECK_LIBXML2
|
|||
CHECK_PCRE
|
||||
|
||||
|
||||
#
|
||||
# Check for pcre2
|
||||
#
|
||||
PROG_PCRE2
|
||||
AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
|
||||
|
||||
|
||||
# Checks for header files.
|
||||
AC_HEADER_STDC
|
||||
AC_CHECK_HEADERS([string])
|
||||
|
@ -157,7 +165,7 @@ case $host in
|
|||
AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
|
||||
PLATFORM="MacOSX"
|
||||
;;
|
||||
*-*-linux*)
|
||||
*-*-linux* | *-*uclinux*)
|
||||
echo "Checking platform... Identified as Linux"
|
||||
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
|
||||
PLATFORM="Linux"
|
||||
|
@ -187,6 +195,11 @@ case $host in
|
|||
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
|
||||
PLATFORM="kFreeBSD"
|
||||
;;
|
||||
*-*-dragonfly*)
|
||||
echo "Checking platform... Identified as DragonFlyBSD, treating as linux"
|
||||
AC_DEFINE([DRAGONFLY], [1], [Define if the operating system is DRAGONFLY])
|
||||
PLATFORM="DragonFly"
|
||||
;;
|
||||
*-*-gnu*.*)
|
||||
echo "Checking platform... Identified as HURD, treating as linux"
|
||||
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
|
||||
|
@ -194,7 +207,7 @@ case $host in
|
|||
;;
|
||||
*)
|
||||
echo "Unknown CANONICAL_HOST $host"
|
||||
exit
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
@ -216,7 +229,7 @@ AC_SUBST([MSC_GIT_VERSION])
|
|||
|
||||
|
||||
AC_ARG_ENABLE(debug-logs,
|
||||
[AC_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
|
||||
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) debugLogs=true ;;
|
||||
|
@ -234,7 +247,7 @@ fi
|
|||
|
||||
# Fuzzer
|
||||
AC_ARG_ENABLE(afl-fuzz,
|
||||
[AC_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
|
||||
[AS_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) aflFuzzer=true ;;
|
||||
|
@ -247,7 +260,7 @@ AC_ARG_ENABLE(afl-fuzz,
|
|||
|
||||
# Examples
|
||||
AC_ARG_ENABLE(examples,
|
||||
[AC_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
|
||||
[AS_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) buildExamples=true ;;
|
||||
|
@ -260,7 +273,7 @@ AC_ARG_ENABLE(examples,
|
|||
|
||||
# Parser
|
||||
AC_ARG_ENABLE(parser-generation,
|
||||
[AC_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
|
||||
[AS_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) buildParser=true ;;
|
||||
|
@ -273,7 +286,7 @@ AC_ARG_ENABLE(parser-generation,
|
|||
|
||||
# Mutex
|
||||
AC_ARG_ENABLE(mutex-on-pm,
|
||||
[AC_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
|
||||
[AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) mutexPm=true ;;
|
||||
|
@ -313,7 +326,7 @@ fi
|
|||
# Regression tests will not be able to run without the logging support.
|
||||
# But we still have the unit tests.
|
||||
# if test "$debugLogs" = "true"; then
|
||||
# buildTestUtilities=true
|
||||
# buildTestUtilities=true
|
||||
# fi
|
||||
# fi
|
||||
|
||||
|
@ -549,6 +562,23 @@ if test "x$LUA_FOUND" = "x2"; then
|
|||
fi
|
||||
|
||||
|
||||
## PCRE2
|
||||
if test "x$PCRE2_FOUND" = "x0"; then
|
||||
echo " + PCRE2 ....not found"
|
||||
fi
|
||||
if test "x$PCRE2_FOUND" = "x1"; then
|
||||
echo -n " + PCRE2 ....found "
|
||||
if ! test "x$PCRE2_VERSION" = "x"; then
|
||||
echo "v${PCRE2_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${PCRE2_DISPLAY}"
|
||||
fi
|
||||
if test "x$PCRE2_FOUND" = "x2"; then
|
||||
echo " + PCRE2 ....disabled"
|
||||
fi
|
||||
|
||||
echo " "
|
||||
echo " Other Options"
|
||||
if test $buildTestUtilities = true; then
|
||||
|
|
|
@ -32,7 +32,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# title of most generated pages and in a few other places.
|
||||
# The default value is: My Project.
|
||||
|
||||
PROJECT_NAME = ModSecurty
|
||||
PROJECT_NAME = ModSecurity
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
|
||||
# could be handy for archiving the generated documentation or if some version
|
||||
|
@ -51,7 +51,7 @@ PROJECT_BRIEF = "ModSecurity is an open source, cross platform web appl
|
|||
# and the maximum width should not exceed 200 pixels. Doxygen will copy the logo
|
||||
# to the output directory.
|
||||
|
||||
PROJECT_LOGO = doc/ms-doxygen-logo.png
|
||||
PROJECT_LOGO = ../doc/ms-doxygen-logo.png
|
||||
|
||||
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
|
||||
# into which the generated documentation will be written. If a relative path is
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -15,7 +15,7 @@
|
|||
|
||||
#include <modsecurity/modsecurity.h>
|
||||
#include <modsecurity/transaction.h>
|
||||
#include <modsecurity/rules.h>
|
||||
#include <modsecurity/rules_set.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -24,12 +24,13 @@
|
|||
#include <sys/wait.h>
|
||||
#include <sys/time.h>
|
||||
|
||||
|
||||
#define FORKS 5
|
||||
#define REQUESTS_PER_PROCESS 100
|
||||
|
||||
|
||||
char main_rule_uri[] = "basic_rules.conf";
|
||||
Rules *rules = NULL;
|
||||
RulesSet *rules = NULL;
|
||||
ModSecurity *modsec = NULL;
|
||||
|
||||
|
||||
|
@ -41,11 +42,14 @@ void process_special_request (int j) {
|
|||
msc_process_uri(transaction,
|
||||
"http://www.modsecurity.org/test?foo=herewego",
|
||||
"GET", "1.1");
|
||||
msc_add_request_header(transaction, "User-Agent",
|
||||
"Basic ModSecurity example");
|
||||
msc_add_request_header(transaction,
|
||||
(const unsigned char *) "User-Agent",
|
||||
(const unsigned char *) "Basic ModSecurity example");
|
||||
msc_process_request_headers(transaction);
|
||||
msc_process_request_body(transaction);
|
||||
msc_add_response_header(transaction, "Content-type", "text/html");
|
||||
msc_add_response_header(transaction,
|
||||
(const unsigned char *) "Content-type",
|
||||
(const unsigned char *) "text/html");
|
||||
msc_process_response_headers(transaction, 200, "HTTP 1.0");
|
||||
msc_process_response_body(transaction);
|
||||
msc_process_logging(transaction);
|
||||
|
@ -69,11 +73,14 @@ void process_request (int j) {
|
|||
msc_process_uri(transaction,
|
||||
"http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3",
|
||||
"GET", "1.1");
|
||||
msc_add_request_header(transaction, "User-Agent",
|
||||
"Basic ModSecurity example");
|
||||
msc_add_request_header(transaction,
|
||||
(const unsigned char *) "User-Agent",
|
||||
(const unsigned char *) "Basic ModSecurity example");
|
||||
msc_process_request_headers(transaction);
|
||||
msc_process_request_body(transaction);
|
||||
msc_add_response_header(transaction, "Content-type", "text/html");
|
||||
msc_add_response_header(transaction,
|
||||
(const unsigned char *) "Content-type",
|
||||
(const unsigned char *) "text/html");
|
||||
msc_process_response_headers(transaction, 200, "HTTP 1.0");
|
||||
msc_process_response_body(transaction);
|
||||
msc_process_logging(transaction);
|
||||
|
@ -90,7 +97,6 @@ int main (int argc, char **argv)
|
|||
{
|
||||
int ret;
|
||||
const char *error = NULL;
|
||||
int i = 0;
|
||||
pid_t pid;
|
||||
int f;
|
||||
|
||||
|
|
|
@ -6,7 +6,6 @@ simple_request_SOURCES = \
|
|||
simple_request.cc
|
||||
|
||||
simple_request_LDADD = \
|
||||
$(top_builddir)/src/.libs/libmodsecurity.a \
|
||||
$(CURL_LDADD) \
|
||||
$(GEOIP_LDADD) \
|
||||
$(GLOBAL_LDADD) \
|
||||
|
@ -19,9 +18,13 @@ simple_request_LDADD = \
|
|||
$(YAJL_LDADD)
|
||||
|
||||
simple_request_LDFLAGS = \
|
||||
-L$(top_builddir)/src/.libs/ \
|
||||
$(GEOIP_LDFLAGS) \
|
||||
$(LMDB_LDFLAGS) \
|
||||
-lmodsecurity \
|
||||
-lpthread \
|
||||
-lm \
|
||||
-lstdc++ \
|
||||
$(LMDB_LDFLAGS) \
|
||||
$(LUA_LDFLAGS) \
|
||||
$(MAXMIND_LDFLAGS) \
|
||||
$(SSDEEP_LDFLAGS) \
|
||||
|
@ -36,6 +39,7 @@ simple_request_CPPFLAGS = \
|
|||
-I../others \
|
||||
-fPIC \
|
||||
-O3 \
|
||||
$(CURL_CFLAGS) \
|
||||
$(GEOIP_CFLAGS) \
|
||||
$(GLOBAL_CPPFLAGS) \
|
||||
$(MODSEC_NO_LOGS) \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -69,14 +69,14 @@ char ip[] = "200.249.12.31";
|
|||
|
||||
struct data_ms {
|
||||
modsecurity::ModSecurity *modsec;
|
||||
modsecurity::Rules *rules;
|
||||
modsecurity::RulesSet *rules;
|
||||
};
|
||||
|
||||
|
||||
static void *process_request(void *data) {
|
||||
struct data_ms *a = (struct data_ms *)data;
|
||||
modsecurity::ModSecurity *modsec = a->modsec;
|
||||
modsecurity::Rules *rules = a->rules;
|
||||
modsecurity::RulesSet *rules = a->rules;
|
||||
int z = 0;
|
||||
|
||||
for (z = 0; z < 10000; z++) {
|
||||
|
@ -115,7 +115,7 @@ class ReadingLogsViaRuleMessage {
|
|||
char *response_headers,
|
||||
char *response_body,
|
||||
char *ip,
|
||||
std::string rules) :
|
||||
const std::string &rules) :
|
||||
m_request_header(request_header),
|
||||
m_request_uri(request_uri),
|
||||
m_request_body(request_body),
|
||||
|
@ -132,8 +132,7 @@ class ReadingLogsViaRuleMessage {
|
|||
void *status;
|
||||
|
||||
modsecurity::ModSecurity *modsec;
|
||||
modsecurity::Rules *rules;
|
||||
modsecurity::ModSecurityIntervention it;
|
||||
modsecurity::RulesSet *rules;
|
||||
|
||||
modsec = new modsecurity::ModSecurity();
|
||||
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
|
||||
|
@ -141,7 +140,7 @@ class ReadingLogsViaRuleMessage {
|
|||
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
|
||||
| modsecurity::IncludeFullHighlightLogProperty);
|
||||
|
||||
rules = new modsecurity::Rules();
|
||||
rules = new modsecurity::RulesSet();
|
||||
if (rules->loadFromUri(m_rules.c_str()) < 0) {
|
||||
std::cout << "Problems loading the rules..." << std::endl;
|
||||
std::cout << rules->m_parserError.str() << std::endl;
|
||||
|
@ -168,8 +167,6 @@ class ReadingLogsViaRuleMessage {
|
|||
delete modsec;
|
||||
pthread_exit(NULL);
|
||||
return 0;
|
||||
end:
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void logCb(void *data, const void *ruleMessagev) {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -17,7 +17,7 @@
|
|||
#include <string.h>
|
||||
|
||||
#include <modsecurity/modsecurity.h>
|
||||
#include <modsecurity/rules.h>
|
||||
#include <modsecurity/rules_set.h>
|
||||
#include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
|
||||
|
||||
|
||||
|
@ -29,8 +29,8 @@ int main(int argc, char **argv) {
|
|||
return -1;
|
||||
}
|
||||
|
||||
*(argv++);
|
||||
std::string rules(*argv);
|
||||
char *rule = *(++argv);
|
||||
std::string rules(rule);
|
||||
ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
|
||||
response_headers, response_body, ip, rules);
|
||||
rlvrm.process();
|
||||
|
|
|
@ -6,7 +6,6 @@ read_SOURCES = \
|
|||
read.cc
|
||||
|
||||
read_LDADD = \
|
||||
$(top_builddir)/src/.libs/libmodsecurity.a \
|
||||
$(CURL_LDADD) \
|
||||
$(GEOIP_LDADD) \
|
||||
$(MAXMIND_LDADD) \
|
||||
|
@ -19,7 +18,12 @@ read_LDADD = \
|
|||
$(YAJL_LDADD)
|
||||
|
||||
read_LDFLAGS = \
|
||||
-L$(top_builddir)/src/.libs/ \
|
||||
$(GEOIP_LDFLAGS) \
|
||||
-lmodsecurity \
|
||||
-lpthread \
|
||||
-lm \
|
||||
-lstdc++ \
|
||||
$(LMDB_LDFLAGS) \
|
||||
$(LUA_LDFLAGS) \
|
||||
$(SSDEEP_LDFLAGS) \
|
||||
|
@ -35,6 +39,7 @@ read_CPPFLAGS = \
|
|||
-I../others \
|
||||
-fPIC \
|
||||
-O3 \
|
||||
$(CURL_CFLAGS) \
|
||||
$(GEOIP_CFLAGS) \
|
||||
$(MAXMIND_CFLAGS) \
|
||||
$(GLOBAL_CPPFLAGS) \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -18,7 +18,7 @@
|
|||
#include <stdlib.h>
|
||||
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/rules.h"
|
||||
#include "modsecurity/rules_set.h"
|
||||
|
||||
|
||||
char main_rule_uri[] = "basic_rules.conf";
|
||||
|
@ -29,7 +29,7 @@ int main (int argc, char **argv)
|
|||
const char *error = NULL;
|
||||
ModSecurity *modsec;
|
||||
Transaction *transaction = NULL;
|
||||
Rules *rules;
|
||||
RulesSet *rules;
|
||||
|
||||
modsec = msc_init();
|
||||
|
||||
|
|
|
@ -6,7 +6,6 @@ simple_request_SOURCES = \
|
|||
simple_request.cc
|
||||
|
||||
simple_request_LDADD = \
|
||||
$(top_builddir)/src/.libs/libmodsecurity.a \
|
||||
$(CURL_LDADD) \
|
||||
$(GEOIP_LDADD) \
|
||||
$(MAXMIND_LDADD) \
|
||||
|
@ -19,7 +18,12 @@ simple_request_LDADD = \
|
|||
$(YAJL_LDADD)
|
||||
|
||||
simple_request_LDFLAGS = \
|
||||
-L$(top_builddir)/src/.libs/ \
|
||||
$(GEOIP_LDFLAGS) \
|
||||
-lmodsecurity \
|
||||
-lpthread \
|
||||
-lm \
|
||||
-lstdc++ \
|
||||
$(MAXMIND_LDFLAGS) \
|
||||
$(LMDB_LDFLAGS) \
|
||||
-lpthread \
|
||||
|
@ -37,6 +41,7 @@ simple_request_CPPFLAGS = \
|
|||
-fPIC \
|
||||
-O3 \
|
||||
$(GEOIP_CFLAGS) \
|
||||
$(CURL_CFLAGS) \
|
||||
$(MAXMIND_CFLAGS) \
|
||||
$(GLOBAL_CPPFLAGS) \
|
||||
$(MODSEC_NO_LOGS) \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -19,7 +19,7 @@
|
|||
|
||||
|
||||
#include <modsecurity/modsecurity.h>
|
||||
#include <modsecurity/rules.h>
|
||||
#include <modsecurity/rules_set.h>
|
||||
#include <modsecurity/rule_message.h>
|
||||
|
||||
|
||||
|
@ -28,6 +28,7 @@
|
|||
|
||||
|
||||
|
||||
|
||||
char request_uri[] = "/test.pl?param1=test¶2=test2";
|
||||
|
||||
char request_body_first[] = "" \
|
||||
|
@ -125,17 +126,15 @@ int process_intervention(modsecurity::Transaction *transaction) {
|
|||
|
||||
int main(int argc, char **argv) {
|
||||
modsecurity::ModSecurity *modsec;
|
||||
modsecurity::Rules *rules;
|
||||
modsecurity::ModSecurityIntervention it;
|
||||
modsecurity::RulesSet *rules;
|
||||
|
||||
if (argc < 2) {
|
||||
std::cout << "Use " << *argv << " test-case-file.conf";
|
||||
std::cout << std::endl << std::endl;
|
||||
return -1;
|
||||
}
|
||||
*(argv++);
|
||||
|
||||
std::string rules_arg(*argv);
|
||||
char *rule = *(++argv);
|
||||
std::string rules_arg(rule);
|
||||
|
||||
/**
|
||||
* ModSecurity initial setup
|
||||
|
@ -151,7 +150,7 @@ int main(int argc, char **argv) {
|
|||
* loading the rules....
|
||||
*
|
||||
*/
|
||||
rules = new modsecurity::Rules();
|
||||
rules = new modsecurity::RulesSet();
|
||||
if (rules->loadFromUri(rules_arg.c_str()) < 0) {
|
||||
std::cout << "Problems loading the rules..." << std::endl;
|
||||
std::cout << rules->m_parserError.str() << std::endl;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -23,6 +23,7 @@
|
|||
|
||||
#include "modsecurity/intervention.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rule_with_actions.h"
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_
|
||||
#define HEADERS_MODSECURITY_ACTIONS_ACTION_H_
|
||||
|
@ -31,7 +32,7 @@
|
|||
|
||||
namespace modsecurity {
|
||||
class Transaction;
|
||||
class Rule;
|
||||
class RuleWithOperator;
|
||||
|
||||
namespace actions {
|
||||
|
||||
|
@ -42,27 +43,41 @@ class Action {
|
|||
: m_isNone(false),
|
||||
temporaryAction(false),
|
||||
action_kind(2),
|
||||
m_name(""),
|
||||
m_parser_payload(""),
|
||||
m_referenceCount(1) {
|
||||
m_name(nullptr),
|
||||
m_parser_payload("") {
|
||||
set_name_and_payload(_action);
|
||||
}
|
||||
explicit Action(const std::string& _action, int kind)
|
||||
: m_isNone(false),
|
||||
temporaryAction(false),
|
||||
action_kind(kind),
|
||||
m_name(""),
|
||||
m_parser_payload(""),
|
||||
m_referenceCount(1) {
|
||||
m_name(nullptr),
|
||||
m_parser_payload("") {
|
||||
set_name_and_payload(_action);
|
||||
}
|
||||
|
||||
Action(const Action &a)
|
||||
: m_isNone(a.m_isNone),
|
||||
temporaryAction(a.temporaryAction),
|
||||
action_kind(a.action_kind),
|
||||
m_name(a.m_name),
|
||||
m_parser_payload(a.m_parser_payload) { }
|
||||
|
||||
Action &operator=(const Action& a) {
|
||||
m_isNone = a.m_isNone;
|
||||
temporaryAction = a.temporaryAction;
|
||||
action_kind = a.action_kind;
|
||||
m_name = a.m_name;
|
||||
m_parser_payload = a.m_parser_payload;
|
||||
return *this;
|
||||
}
|
||||
|
||||
virtual ~Action() { }
|
||||
|
||||
virtual std::string evaluate(std::string exp,
|
||||
virtual std::string evaluate(const std::string &exp,
|
||||
Transaction *transaction);
|
||||
virtual bool evaluate(Rule *rule, Transaction *transaction);
|
||||
virtual bool evaluate(Rule *rule, Transaction *transaction,
|
||||
virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
|
||||
virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> ruleMessage) {
|
||||
return evaluate(rule, transaction);
|
||||
}
|
||||
|
@ -79,11 +94,11 @@ class Action {
|
|||
}
|
||||
|
||||
if (pos == std::string::npos) {
|
||||
m_name = data;
|
||||
m_name = std::shared_ptr<std::string>(new std::string(data));
|
||||
return;
|
||||
}
|
||||
|
||||
m_name = std::string(data, 0, pos);
|
||||
m_name = std::shared_ptr<std::string>(new std::string(data, 0, pos));
|
||||
m_parser_payload = std::string(data, pos + 1, data.length());
|
||||
|
||||
if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) {
|
||||
|
@ -92,23 +107,10 @@ class Action {
|
|||
}
|
||||
}
|
||||
|
||||
int refCountDecreaseAndCheck() {
|
||||
this->m_referenceCount--;
|
||||
if (this->m_referenceCount == 0) {
|
||||
delete this;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void refCountIncrease() {
|
||||
this->m_referenceCount++;
|
||||
}
|
||||
|
||||
bool m_isNone;
|
||||
bool temporaryAction;
|
||||
int action_kind;
|
||||
std::string m_name;
|
||||
std::shared_ptr<std::string> m_name;
|
||||
std::string m_parser_payload;
|
||||
|
||||
/**
|
||||
|
@ -142,10 +144,7 @@ class Action {
|
|||
*/
|
||||
RunTimeOnlyIfMatchKind,
|
||||
};
|
||||
|
||||
private:
|
||||
int m_referenceCount;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
} // namespace actions
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -71,7 +71,7 @@ struct MyHash{
|
|||
class AnchoredSetVariable : public std::unordered_multimap<std::string,
|
||||
VariableValue *, MyHash, MyEqual> {
|
||||
public:
|
||||
AnchoredSetVariable(Transaction *t, std::string name);
|
||||
AnchoredSetVariable(Transaction *t, const std::string &name);
|
||||
~AnchoredSetVariable();
|
||||
|
||||
void unset();
|
||||
|
|
|
@ -0,0 +1,126 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <string>
|
||||
#include <algorithm>
|
||||
#include <memory>
|
||||
#include <functional>
|
||||
#include <iostream>
|
||||
#endif
|
||||
|
||||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/anchored_set_variable.h"
|
||||
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
|
||||
#define HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
|
||||
class AnchoredSetVariableTranslationProxy {
|
||||
public:
|
||||
AnchoredSetVariableTranslationProxy(
|
||||
const std::string &name,
|
||||
AnchoredSetVariable *fount)
|
||||
: m_name(name),
|
||||
m_fount(fount)
|
||||
{
|
||||
m_translate = [](std::string *name, std::vector<const VariableValue *> *l) {
|
||||
for (int i = 0; i < l->size(); ++i) {
|
||||
VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey());
|
||||
const VariableValue *oldVariableValue = l->at(i);
|
||||
l->at(i) = newVariableValue;
|
||||
for (auto &oldOrigin : oldVariableValue->getOrigin()) {
|
||||
std::unique_ptr<VariableOrigin> newOrigin(new VariableOrigin);
|
||||
newOrigin->m_length = oldVariableValue->getKey().size();
|
||||
newOrigin->m_offset = oldOrigin->m_offset - oldVariableValue->getKey().size() - 1;
|
||||
newVariableValue->addOrigin(std::move(newOrigin));
|
||||
}
|
||||
delete oldVariableValue;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
virtual ~AnchoredSetVariableTranslationProxy()
|
||||
{ }
|
||||
|
||||
void resolve(std::vector<const VariableValue *> *l) {
|
||||
m_fount->resolve(l);
|
||||
m_translate(&m_name, l);
|
||||
}
|
||||
|
||||
void resolve(std::vector<const VariableValue *> *l,
|
||||
variables::KeyExclusions &ke) {
|
||||
m_fount->resolve(l, ke);
|
||||
m_translate(&m_name, l);
|
||||
}
|
||||
|
||||
void resolve(const std::string &key,
|
||||
std::vector<const VariableValue *> *l) {
|
||||
m_fount->resolve(key, l);
|
||||
m_translate(&m_name, l);
|
||||
};
|
||||
|
||||
void resolveRegularExpression(Utils::Regex *r,
|
||||
std::vector<const VariableValue *> *l) {
|
||||
m_fount->resolveRegularExpression(r, l);
|
||||
m_translate(&m_name, l);
|
||||
};
|
||||
|
||||
void resolveRegularExpression(Utils::Regex *r,
|
||||
std::vector<const VariableValue *> *l,
|
||||
variables::KeyExclusions &ke) {
|
||||
m_fount->resolveRegularExpression(r, l, ke);
|
||||
m_translate(&m_name, l);
|
||||
};
|
||||
|
||||
std::unique_ptr<std::string> resolveFirst(const std::string &key) {
|
||||
std::vector<const VariableValue *> l;
|
||||
resolve(&l);
|
||||
|
||||
if (l.empty()) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
std::unique_ptr<std::string> ret(new std::string(""));
|
||||
|
||||
ret->assign(l.at(0)->getValue());
|
||||
|
||||
while (!l.empty()) {
|
||||
auto &a = l.back();
|
||||
l.pop_back();
|
||||
delete a;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
std::string m_name;
|
||||
private:
|
||||
AnchoredSetVariable *m_fount;
|
||||
std::function<void(std::string *name, std::vector<const VariableValue *> *l)> m_translate;
|
||||
};
|
||||
|
||||
} // namespace modsecurity
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -42,7 +42,19 @@ class Transaction;
|
|||
|
||||
class AnchoredVariable {
|
||||
public:
|
||||
AnchoredVariable(Transaction* t, std::string name);
|
||||
AnchoredVariable(Transaction* t, const std::string &name);
|
||||
|
||||
AnchoredVariable(const AnchoredVariable &a) = delete;
|
||||
AnchoredVariable &operator= (const AnchoredVariable &a) = delete;
|
||||
|
||||
/*
|
||||
: m_transaction(a.m_transaction),
|
||||
m_offset(a.m_offset),
|
||||
m_name(a.m_name),
|
||||
m_value(a.m_value),
|
||||
m_var(a.m_var) { }
|
||||
*/
|
||||
|
||||
~AnchoredVariable();
|
||||
|
||||
void unset();
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -22,12 +22,11 @@
|
|||
#ifndef HEADERS_MODSECURITY_AUDIT_LOG_H_
|
||||
#define HEADERS_MODSECURITY_AUDIT_LOG_H_
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
class Transaction;
|
||||
namespace audit_log {
|
||||
namespace writer {
|
||||
class Writer;
|
||||
|
@ -37,7 +36,9 @@ class Writer;
|
|||
class AuditLog {
|
||||
public:
|
||||
AuditLog();
|
||||
~AuditLog();
|
||||
virtual ~AuditLog();
|
||||
|
||||
AuditLog(const AuditLog &a) = delete;
|
||||
|
||||
enum AuditLogType {
|
||||
NotSetAuditLogType,
|
||||
|
@ -158,22 +159,26 @@ class AuditLog {
|
|||
bool setStorageDir(const std::basic_string<char>& path);
|
||||
bool setFormat(AuditLogFormat fmt);
|
||||
|
||||
int getDirectoryPermission();
|
||||
int getFilePermission();
|
||||
int getParts();
|
||||
int getDirectoryPermission() const;
|
||||
int getFilePermission() const;
|
||||
int getParts() const;
|
||||
|
||||
bool setParts(const std::basic_string<char>& new_parts);
|
||||
bool setType(AuditLogType audit_type);
|
||||
|
||||
bool init(std::string *error);
|
||||
bool close();
|
||||
virtual bool close();
|
||||
|
||||
bool saveIfRelevant(Transaction *transaction);
|
||||
bool saveIfRelevant(Transaction *transaction, int parts);
|
||||
bool isRelevant(int status);
|
||||
|
||||
int addParts(int parts, const std::string& new_parts);
|
||||
int removeParts(int parts, const std::string& new_parts);
|
||||
static int addParts(int parts, const std::string& new_parts);
|
||||
static int removeParts(int parts, const std::string& new_parts);
|
||||
|
||||
void setCtlAuditEngineActive() {
|
||||
m_ctlAuditEngineActive = true;
|
||||
}
|
||||
|
||||
bool merge(AuditLog *from, std::string *error);
|
||||
|
||||
|
@ -181,18 +186,6 @@ class AuditLog {
|
|||
std::string m_path2;
|
||||
std::string m_storage_dir;
|
||||
|
||||
void refCountIncrease() {
|
||||
m_refereceCount++;
|
||||
}
|
||||
|
||||
bool refCountDecreaseAndCheck() {
|
||||
m_refereceCount--;
|
||||
if (m_refereceCount == 0) {
|
||||
delete this;
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
AuditLogFormat m_format;
|
||||
|
||||
protected:
|
||||
|
@ -213,7 +206,7 @@ class AuditLog {
|
|||
std::string m_relevant;
|
||||
|
||||
audit_log::writer::Writer *m_writer;
|
||||
int m_refereceCount;
|
||||
bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -44,7 +44,7 @@ namespace collection {
|
|||
|
||||
class Collection {
|
||||
public:
|
||||
explicit Collection(std::string a) : m_name(a) { }
|
||||
explicit Collection(const std::string &a) : m_name(a) { }
|
||||
virtual ~Collection() { }
|
||||
virtual void store(std::string key, std::string value) = 0;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -49,6 +49,9 @@ class Collections {
|
|||
Collection *user, Collection *resource);
|
||||
~Collections();
|
||||
|
||||
Collections(const Collections &c) = delete;
|
||||
Collections& operator =(const Collections &c) = delete;
|
||||
|
||||
std::string m_global_collection_key;
|
||||
std::string m_ip_collection_key;
|
||||
std::string m_session_collection_key;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -43,11 +43,11 @@ class DebugLog {
|
|||
virtual void write(int level, const std::string &msg);
|
||||
virtual void write(int level, const std::string &id,
|
||||
const std::string &uri, const std::string &msg);
|
||||
bool isLogFileSet();
|
||||
bool isLogLevelSet();
|
||||
void setDebugLogLevel(int level);
|
||||
void setDebugLogFile(const std::string &fileName, std::string *error);
|
||||
const std::string& getDebugLogFile();
|
||||
virtual bool isLogFileSet();
|
||||
virtual bool isLogLevelSet();
|
||||
virtual void setDebugLogLevel(int level);
|
||||
virtual void setDebugLogFile(const std::string &fileName, std::string *error);
|
||||
virtual const std::string& getDebugLogFile();
|
||||
virtual int getDebugLogLevel();
|
||||
|
||||
int m_debugLevel;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -190,7 +190,7 @@ namespace modsecurity {
|
|||
|
||||
#define MODSECURITY_MAJOR "3"
|
||||
#define MODSECURITY_MINOR "0"
|
||||
#define MODSECURITY_PATCHLEVEL "4"
|
||||
#define MODSECURITY_PATCHLEVEL "8"
|
||||
#define MODSECURITY_TAG ""
|
||||
#define MODSECURITY_TAG_NUM "100"
|
||||
|
||||
|
@ -198,9 +198,9 @@ namespace modsecurity {
|
|||
MODSECURITY_MINOR "." MODSECURITY_PATCHLEVEL \
|
||||
MODSECURITY_TAG
|
||||
|
||||
#define MODSECURITY_VERSION_NUM MODSECURITY_MAJOR \
|
||||
MODSECURITY_MINOR MODSECURITY_PATCHLEVEL MODSECURITY_TAG_NUM
|
||||
#define MODSECURITY_VERSION_NUM 3080100
|
||||
|
||||
#define MODSECURITY_CHECK_VERSION(a) (MODSECURITY_VERSION_NUM <= a)
|
||||
|
||||
/*
|
||||
* @name ModSecLogCb
|
||||
|
@ -229,7 +229,7 @@ namespace modsecurity {
|
|||
namespace actions {
|
||||
class Action;
|
||||
}
|
||||
class Rule;
|
||||
class RuleWithOperator;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -278,8 +278,11 @@ class ModSecurity {
|
|||
ModSecurity();
|
||||
~ModSecurity();
|
||||
|
||||
ModSecurity(const ModSecurity &m) = delete;
|
||||
ModSecurity& operator= (const ModSecurity &m) = delete;
|
||||
|
||||
const std::string& whoAmI();
|
||||
void setConnectorInformation(std::string connector);
|
||||
void setConnectorInformation(const std::string &connector);
|
||||
void setServerLogCb(ModSecLogCb cb);
|
||||
/**
|
||||
*
|
||||
|
@ -291,9 +294,9 @@ class ModSecurity {
|
|||
|
||||
void serverLog(void *data, std::shared_ptr<RuleMessage> rm);
|
||||
|
||||
const std::string& getConnectorInformation();
|
||||
const std::string& getConnectorInformation() const;
|
||||
|
||||
int processContentOffset(const char *content, size_t len,
|
||||
static int processContentOffset(const char *content, size_t len,
|
||||
const char *matchString, std::string *json, const char **err);
|
||||
|
||||
collection::Collection *m_global_collection;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -26,9 +26,9 @@
|
|||
#define HEADERS_MODSECURITY_RULE_H_
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/variable_value.h"
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
@ -44,115 +44,81 @@ class Msg;
|
|||
class Rev;
|
||||
class SetVar;
|
||||
class Tag;
|
||||
namespace transformations {
|
||||
class Transformation;
|
||||
}
|
||||
}
|
||||
namespace operators {
|
||||
class Operator;
|
||||
}
|
||||
|
||||
using TransformationResult = std::pair<std::shared_ptr<std::string>,
|
||||
std::shared_ptr<std::string>>;
|
||||
using TransformationResults = std::list<TransformationResult>;
|
||||
|
||||
using Transformation = actions::transformations::Transformation;
|
||||
using Transformations = std::vector<Transformation *>;
|
||||
|
||||
using Actions = std::vector<actions::Action *>;
|
||||
|
||||
using Tags = std::vector<actions::Tag *>;
|
||||
using SetVars = std::vector<actions::SetVar *>;
|
||||
using MatchActions = std::vector<actions::Action *>;
|
||||
|
||||
class Rule {
|
||||
public:
|
||||
Rule(operators::Operator *_op,
|
||||
variables::Variables *_variables,
|
||||
std::vector<actions::Action *> *_actions,
|
||||
std::string fileName,
|
||||
int lineNumber);
|
||||
explicit Rule(std::string marker);
|
||||
virtual ~Rule();
|
||||
Rule(std::unique_ptr<std::string> fileName, int lineNumber)
|
||||
: m_fileName(std::make_shared<std::string>(*fileName)),
|
||||
m_lineNumber(lineNumber),
|
||||
m_phase(modsecurity::Phases::RequestHeadersPhase) {
|
||||
}
|
||||
|
||||
Rule(const Rule &other) :
|
||||
m_fileName(other.m_fileName),
|
||||
m_lineNumber(other.m_lineNumber),
|
||||
m_phase(other.m_phase)
|
||||
{ }
|
||||
|
||||
Rule &operator=(const Rule& other) {
|
||||
m_fileName = other.m_fileName;
|
||||
m_lineNumber = other.m_lineNumber;
|
||||
m_phase = other.m_phase;
|
||||
return *this;
|
||||
}
|
||||
|
||||
virtual ~Rule() {}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction) = 0;
|
||||
|
||||
virtual bool evaluate(Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm);
|
||||
std::shared_ptr<RuleMessage> rm) = 0;
|
||||
|
||||
void organizeActions(std::vector<actions::Action *> *actions);
|
||||
void cleanUpActions();
|
||||
void executeAction(Transaction *trans,
|
||||
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
|
||||
actions::Action *a, bool context);
|
||||
std::shared_ptr<std::string> getFileName() const {
|
||||
return m_fileName;
|
||||
}
|
||||
|
||||
inline void executeTransformation(actions::Action *a,
|
||||
std::shared_ptr<std::string> *value,
|
||||
Transaction *trans,
|
||||
std::list<std::pair<std::shared_ptr<std::string>,
|
||||
std::shared_ptr<std::string>>> *ret,
|
||||
std::string *path,
|
||||
int *nth);
|
||||
int getLineNumber() const {
|
||||
return m_lineNumber;
|
||||
}
|
||||
|
||||
void getVariablesExceptions(Transaction *t,
|
||||
variables::Variables *exclusion, variables::Variables *addition);
|
||||
inline void getFinalVars(variables::Variables *vars,
|
||||
variables::Variables *eclusion, Transaction *trans);
|
||||
void executeActionsAfterFullMatch(Transaction *trasn,
|
||||
bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage);
|
||||
int getPhase() const { return m_phase; }
|
||||
void setPhase(int phase) { m_phase = phase; }
|
||||
|
||||
std::list<std::pair<std::shared_ptr<std::string>,
|
||||
std::shared_ptr<std::string>>> executeDefaultTransformations(
|
||||
Transaction *trasn, const std::string &value);
|
||||
|
||||
bool executeOperatorAt(Transaction *trasn, std::string key,
|
||||
std::string value, std::shared_ptr<RuleMessage> rm);
|
||||
void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
|
||||
bool *b, std::shared_ptr<RuleMessage> ruleMessage);
|
||||
inline void updateMatchedVars(Transaction *trasn, const std::string &key,
|
||||
const std::string &value);
|
||||
inline void cleanMatchedVars(Transaction *trasn);
|
||||
|
||||
std::vector<actions::Action *> getActionsByName(const std::string& name,
|
||||
Transaction *t);
|
||||
bool containsTag(const std::string& name, Transaction *t);
|
||||
bool containsMsg(const std::string& name, Transaction *t);
|
||||
|
||||
int refCountDecreaseAndCheck() {
|
||||
m_referenceCount--;
|
||||
if (m_referenceCount == 0) {
|
||||
delete this;
|
||||
return 1;
|
||||
virtual std::string getReference() {
|
||||
if (m_fileName) {
|
||||
return *m_fileName + ":" + std::to_string(m_lineNumber);
|
||||
}
|
||||
return 0;
|
||||
return "<<no file>>:" + std::to_string(m_lineNumber);
|
||||
}
|
||||
|
||||
|
||||
void refCountIncrease() {
|
||||
m_referenceCount++;
|
||||
}
|
||||
virtual bool isMarker() { return false; }
|
||||
|
||||
void executeTransformations(
|
||||
actions::Action *a,
|
||||
std::shared_ptr<std::string> newValue,
|
||||
std::shared_ptr<std::string> value,
|
||||
Transaction *trans,
|
||||
std::list<std::pair<std::shared_ptr<std::string>,
|
||||
std::shared_ptr<std::string>>> *ret,
|
||||
std::shared_ptr<std::string> transStr,
|
||||
int nth);
|
||||
|
||||
actions::Action *m_theDisruptiveAction;
|
||||
actions::LogData *m_logData;
|
||||
actions::Msg *m_msg;
|
||||
actions::Severity *m_severity;
|
||||
bool m_chained;
|
||||
bool m_containsCaptureAction;
|
||||
bool m_containsMultiMatchAction;
|
||||
bool m_containsStaticBlockAction;
|
||||
bool m_secMarker;
|
||||
int64_t m_ruleId;
|
||||
int m_accuracy;
|
||||
int m_lineNumber;
|
||||
int m_maturity;
|
||||
int m_phase;
|
||||
modsecurity::variables::Variables *m_variables;
|
||||
operators::Operator *m_op;
|
||||
Rule *m_chainedRuleChild;
|
||||
Rule *m_chainedRuleParent;
|
||||
std::string m_fileName;
|
||||
std::string m_marker;
|
||||
std::string m_rev;
|
||||
std::string m_ver;
|
||||
std::vector<actions::Action *> m_actionsRuntimePos;
|
||||
std::vector<actions::Action *> m_actionsRuntimePre;
|
||||
std::vector<actions::SetVar *> m_actionsSetVar;
|
||||
std::vector<actions::Tag *> m_actionsTag;
|
||||
private:
|
||||
bool m_unconditional;
|
||||
int m_referenceCount;
|
||||
std::shared_ptr<std::string> m_fileName;
|
||||
int m_lineNumber;
|
||||
// FIXME: phase may not be neede to SecMarker.
|
||||
int m_phase;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,91 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <stack>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <utility>
|
||||
#endif
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULE_MARKER_H_
|
||||
#define HEADERS_MODSECURITY_RULE_MARKER_H_
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/rule.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
|
||||
class RuleMarker : public Rule {
|
||||
public:
|
||||
RuleMarker(
|
||||
const std::string &name,
|
||||
std::unique_ptr<std::string> fileName,
|
||||
int lineNumber)
|
||||
: Rule(std::move(fileName), lineNumber),
|
||||
m_name(std::make_shared<std::string>(name)) { }
|
||||
|
||||
RuleMarker(const RuleMarker& r) :
|
||||
Rule(r),
|
||||
m_name(r.m_name)
|
||||
{ }
|
||||
|
||||
RuleMarker &operator =(const RuleMarker& r) {
|
||||
Rule::operator = (r);
|
||||
m_name = r.m_name;
|
||||
return *this;
|
||||
}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override {
|
||||
return evaluate(transaction);
|
||||
}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction) override {
|
||||
if (transaction->isInsideAMarker()) {
|
||||
if (*transaction->getCurrentMarker() == *m_name) {
|
||||
transaction->removeMarker();
|
||||
// FIXME: Move this to .cc
|
||||
// ms_dbg_a(transaction, 4, "Out of a SecMarker " + *m_name);
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
};
|
||||
|
||||
|
||||
std::shared_ptr<std::string> getName() {
|
||||
return m_name;
|
||||
}
|
||||
|
||||
bool isMarker() override { return true; }
|
||||
|
||||
private:
|
||||
std::shared_ptr<std::string> m_name;
|
||||
};
|
||||
|
||||
|
||||
} // namespace modsecurity
|
||||
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULE_MARKER_H_
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -26,6 +26,7 @@
|
|||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rule_with_operator.h"
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -41,7 +42,13 @@ class RuleMessage {
|
|||
ClientLogMessageInfo = 4
|
||||
};
|
||||
|
||||
explicit RuleMessage(Rule *rule, Transaction *trans) :
|
||||
/**
|
||||
*
|
||||
* FIXME: RuleMessage is currently too big, doing a lot of
|
||||
* unnecessary data duplication. Needs to be shrink down.
|
||||
*
|
||||
*/
|
||||
RuleMessage(RuleWithActions *rule, Transaction *trans) :
|
||||
m_accuracy(rule->m_accuracy),
|
||||
m_clientIpAddress(trans->m_clientIpAddress),
|
||||
m_data(""),
|
||||
|
@ -51,50 +58,135 @@ class RuleMessage {
|
|||
m_maturity(rule->m_maturity),
|
||||
m_message(""),
|
||||
m_noAuditLog(false),
|
||||
m_phase(rule->m_phase - 1),
|
||||
m_phase(rule->getPhase() - 1),
|
||||
m_reference(""),
|
||||
m_rev(rule->m_rev),
|
||||
m_rule(rule),
|
||||
m_ruleFile(rule->m_fileName),
|
||||
m_ruleFile(rule->getFileName()),
|
||||
m_ruleId(rule->m_ruleId),
|
||||
m_ruleLine(rule->m_lineNumber),
|
||||
m_ruleLine(rule->getLineNumber()),
|
||||
m_saveMessage(true),
|
||||
m_serverIpAddress(trans->m_serverIpAddress),
|
||||
m_severity(0),
|
||||
m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded),
|
||||
m_ver(rule->m_ver)
|
||||
m_ver(rule->m_ver),
|
||||
m_tags()
|
||||
{ }
|
||||
|
||||
explicit RuleMessage(RuleMessage *rule) :
|
||||
m_accuracy(rule->m_accuracy),
|
||||
m_clientIpAddress(rule->m_clientIpAddress),
|
||||
m_data(rule->m_data),
|
||||
m_id(rule->m_id),
|
||||
m_isDisruptive(rule->m_isDisruptive),
|
||||
m_match(rule->m_match),
|
||||
m_maturity(rule->m_maturity),
|
||||
m_message(rule->m_message),
|
||||
m_noAuditLog(rule->m_noAuditLog),
|
||||
m_phase(rule->m_phase),
|
||||
m_reference(rule->m_reference),
|
||||
m_rev(rule->m_rev),
|
||||
m_rule(rule->m_rule),
|
||||
m_ruleFile(rule->m_ruleFile),
|
||||
m_ruleId(rule->m_ruleId),
|
||||
m_ruleLine(rule->m_ruleLine),
|
||||
m_saveMessage(rule->m_saveMessage),
|
||||
m_serverIpAddress(rule->m_serverIpAddress),
|
||||
m_severity(rule->m_severity),
|
||||
m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
|
||||
m_ver(rule->m_ver),
|
||||
m_tags(rule->m_tags)
|
||||
{ }
|
||||
|
||||
RuleMessage(const RuleMessage& ruleMessage)
|
||||
: m_accuracy(ruleMessage.m_accuracy),
|
||||
m_clientIpAddress(ruleMessage.m_clientIpAddress),
|
||||
m_data(ruleMessage.m_data),
|
||||
m_id(ruleMessage.m_id),
|
||||
m_isDisruptive(ruleMessage.m_isDisruptive),
|
||||
m_match(ruleMessage.m_match),
|
||||
m_maturity(ruleMessage.m_maturity),
|
||||
m_message(ruleMessage.m_message),
|
||||
m_noAuditLog(ruleMessage.m_noAuditLog),
|
||||
m_phase(ruleMessage.m_phase),
|
||||
m_reference(ruleMessage.m_reference),
|
||||
m_rev(ruleMessage.m_rev),
|
||||
m_rule(ruleMessage.m_rule),
|
||||
m_ruleFile(ruleMessage.m_ruleFile),
|
||||
m_ruleId(ruleMessage.m_ruleId),
|
||||
m_ruleLine(ruleMessage.m_ruleLine),
|
||||
m_saveMessage(ruleMessage.m_saveMessage),
|
||||
m_serverIpAddress(ruleMessage.m_serverIpAddress),
|
||||
m_severity(ruleMessage.m_severity),
|
||||
m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded),
|
||||
m_ver(ruleMessage.m_ver),
|
||||
m_tags(ruleMessage.m_tags)
|
||||
{ }
|
||||
|
||||
RuleMessage &operator=(const RuleMessage& ruleMessage) {
|
||||
m_accuracy = ruleMessage.m_accuracy;
|
||||
m_clientIpAddress = ruleMessage.m_clientIpAddress;
|
||||
m_data = ruleMessage.m_data;
|
||||
m_id = ruleMessage.m_id;
|
||||
m_isDisruptive = ruleMessage.m_isDisruptive;
|
||||
m_match = ruleMessage.m_match;
|
||||
m_maturity = ruleMessage.m_maturity;
|
||||
m_message = ruleMessage.m_message;
|
||||
m_noAuditLog = ruleMessage.m_noAuditLog;
|
||||
m_phase = ruleMessage.m_phase;
|
||||
m_reference = ruleMessage.m_reference;
|
||||
m_rev = ruleMessage.m_rev;
|
||||
m_rule = ruleMessage.m_rule;
|
||||
m_ruleFile = ruleMessage.m_ruleFile;
|
||||
m_ruleId = ruleMessage.m_ruleId;
|
||||
m_ruleLine = ruleMessage.m_ruleLine;
|
||||
m_saveMessage = ruleMessage.m_saveMessage;
|
||||
m_serverIpAddress = ruleMessage.m_serverIpAddress;
|
||||
m_severity = ruleMessage.m_severity;
|
||||
m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded;
|
||||
m_ver = ruleMessage.m_ver;
|
||||
m_tags = ruleMessage.m_tags;
|
||||
return *this;
|
||||
}
|
||||
|
||||
void clean() {
|
||||
m_data = "";
|
||||
m_match = "";
|
||||
m_isDisruptive = false;
|
||||
m_reference = "";
|
||||
m_severity = 0;
|
||||
m_ver = "";
|
||||
}
|
||||
|
||||
std::string log() {
|
||||
return RuleMessage::log(this, 0);
|
||||
return log(this, 0);
|
||||
}
|
||||
std::string log(int props) {
|
||||
return RuleMessage::log(this, props);
|
||||
return log(this, props);
|
||||
}
|
||||
std::string log(int props, int responseCode) {
|
||||
return RuleMessage::log(this, props, responseCode);
|
||||
return log(this, props, responseCode);
|
||||
}
|
||||
std::string errorLog() {
|
||||
return RuleMessage::log(this,
|
||||
return log(this,
|
||||
ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
|
||||
}
|
||||
|
||||
static std::string log(const RuleMessage *rm, int props, int code);
|
||||
static std::string log(const RuleMessage *rm, int props) {
|
||||
return RuleMessage::log(rm, props, -1);
|
||||
return log(rm, props, -1);
|
||||
}
|
||||
static std::string log(const RuleMessage *rm) {
|
||||
return RuleMessage::log(rm, 0);
|
||||
return log(rm, 0);
|
||||
}
|
||||
|
||||
static std::string _details(const RuleMessage *rm);
|
||||
static std::string _errorLogTail(const RuleMessage *rm);
|
||||
|
||||
int m_accuracy;
|
||||
std::string m_clientIpAddress;
|
||||
std::shared_ptr<std::string> m_clientIpAddress;
|
||||
std::string m_data;
|
||||
std::string m_id;
|
||||
std::shared_ptr<std::string> m_id;
|
||||
bool m_isDisruptive;
|
||||
std::string m_match;
|
||||
int m_maturity;
|
||||
|
@ -103,14 +195,14 @@ class RuleMessage {
|
|||
int m_phase;
|
||||
std::string m_reference;
|
||||
std::string m_rev;
|
||||
Rule *m_rule;
|
||||
std::string m_ruleFile;
|
||||
RuleWithActions *m_rule;
|
||||
std::shared_ptr<std::string> m_ruleFile;
|
||||
int m_ruleId;
|
||||
int m_ruleLine;
|
||||
bool m_saveMessage;
|
||||
std::string m_serverIpAddress;
|
||||
std::shared_ptr<std::string> m_serverIpAddress;
|
||||
int m_severity;
|
||||
std::string m_uriNoQueryStringDecoded;
|
||||
std::shared_ptr<std::string> m_uriNoQueryStringDecoded;
|
||||
std::string m_ver;
|
||||
|
||||
std::list<std::string> m_tags;
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <stack>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <utility>
|
||||
#endif
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
|
||||
#define HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
|
||||
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rules_set.h"
|
||||
#include "modsecurity/rule_with_actions.h"
|
||||
#include "modsecurity/actions/action.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
|
||||
class RuleUnconditional : public RuleWithActions {
|
||||
public:
|
||||
RuleUnconditional(
|
||||
std::vector<actions::Action *> *actions,
|
||||
Transformations *transformations,
|
||||
std::unique_ptr<std::string> fileName,
|
||||
int lineNumber)
|
||||
: RuleWithActions(actions, transformations, std::move(fileName), lineNumber) { }
|
||||
|
||||
RuleUnconditional(const RuleUnconditional& r)
|
||||
: RuleWithActions(r)
|
||||
{ }
|
||||
|
||||
RuleUnconditional &operator=(const RuleUnconditional& r) {
|
||||
RuleWithActions::operator = (r);
|
||||
return *this;
|
||||
}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
|
||||
|
||||
private:
|
||||
};
|
||||
|
||||
|
||||
} // namespace modsecurity
|
||||
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
|
|
@ -0,0 +1,191 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <stack>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <utility>
|
||||
#endif
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
|
||||
#define HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/rule.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
|
||||
class RuleWithActions : public Rule {
|
||||
public:
|
||||
RuleWithActions(
|
||||
Actions *a,
|
||||
Transformations *t,
|
||||
std::unique_ptr<std::string> fileName,
|
||||
int lineNumber);
|
||||
|
||||
~RuleWithActions();
|
||||
|
||||
RuleWithActions(const RuleWithActions& r)
|
||||
: Rule(r),
|
||||
m_rev(r.m_rev),
|
||||
m_ver(r.m_ver),
|
||||
m_accuracy(r.m_accuracy),
|
||||
m_maturity(r.m_maturity),
|
||||
m_ruleId(r.m_ruleId),
|
||||
m_chainedRuleChild(r.m_chainedRuleChild),
|
||||
m_chainedRuleParent(r.m_chainedRuleParent),
|
||||
m_disruptiveAction(r.m_disruptiveAction),
|
||||
m_logData(r.m_logData),
|
||||
m_msg(r.m_msg),
|
||||
m_severity(r.m_severity),
|
||||
m_actionsRuntimePos(r.m_actionsRuntimePos),
|
||||
m_actionsSetVar(r.m_actionsSetVar),
|
||||
m_actionsTag(r.m_actionsTag),
|
||||
m_transformations(r.m_transformations),
|
||||
m_containsCaptureAction(r.m_containsCaptureAction),
|
||||
m_containsMultiMatchAction(r.m_containsMultiMatchAction),
|
||||
m_containsStaticBlockAction(r.m_containsStaticBlockAction),
|
||||
m_isChained(r.m_isChained)
|
||||
{ }
|
||||
|
||||
RuleWithActions &operator=(const RuleWithActions& r) {
|
||||
Rule::operator = (r);
|
||||
m_rev = r.m_rev;
|
||||
m_ver = r.m_ver;
|
||||
m_accuracy = r.m_accuracy;
|
||||
m_maturity = r.m_maturity;
|
||||
m_ruleId = r.m_ruleId;
|
||||
m_chainedRuleChild = r.m_chainedRuleChild;
|
||||
m_chainedRuleParent = r.m_chainedRuleParent;
|
||||
|
||||
m_disruptiveAction = r.m_disruptiveAction;
|
||||
m_logData = r.m_logData;
|
||||
m_msg = r.m_msg;
|
||||
m_severity = r.m_severity;
|
||||
m_actionsRuntimePos = r.m_actionsRuntimePos;
|
||||
m_actionsSetVar = r.m_actionsSetVar;
|
||||
m_actionsTag = r.m_actionsTag;
|
||||
|
||||
m_transformations = r.m_transformations;
|
||||
|
||||
m_containsCaptureAction = r.m_containsCaptureAction;
|
||||
m_containsMultiMatchAction = r.m_containsMultiMatchAction;
|
||||
m_containsStaticBlockAction = r.m_containsStaticBlockAction;
|
||||
m_isChained = r.m_isChained;
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
|
||||
|
||||
virtual bool evaluate(Transaction *transaction) override;
|
||||
|
||||
|
||||
void executeActionsIndependentOfChainedRuleResult(
|
||||
Transaction *trasn,
|
||||
bool *containsDisruptive,
|
||||
std::shared_ptr<RuleMessage> ruleMessage);
|
||||
|
||||
void executeActionsAfterFullMatch(
|
||||
Transaction *trasn,
|
||||
bool containsDisruptive,
|
||||
std::shared_ptr<RuleMessage> ruleMessage);
|
||||
|
||||
void executeAction(Transaction *trans,
|
||||
bool containsBlock,
|
||||
std::shared_ptr<RuleMessage> ruleMessage,
|
||||
actions::Action *a,
|
||||
bool context);
|
||||
|
||||
|
||||
void executeTransformations(
|
||||
Transaction *trasn, const std::string &value, TransformationResults &ret);
|
||||
|
||||
inline void executeTransformation(
|
||||
actions::transformations::Transformation *a,
|
||||
std::shared_ptr<std::string> *value,
|
||||
Transaction *trans,
|
||||
TransformationResults *ret,
|
||||
std::string *path,
|
||||
int *nth) const;
|
||||
|
||||
|
||||
void performLogging(Transaction *trans,
|
||||
std::shared_ptr<RuleMessage> ruleMessage,
|
||||
bool lastLog = true,
|
||||
bool chainedParentNull = false);
|
||||
|
||||
std::vector<actions::Action *> getActionsByName(const std::string& name,
|
||||
Transaction *t);
|
||||
bool containsTag(const std::string& name, Transaction *t);
|
||||
bool containsMsg(const std::string& name, Transaction *t);
|
||||
|
||||
inline bool isChained() const { return m_isChained == true; }
|
||||
inline bool hasCaptureAction() const { return m_containsCaptureAction == true; }
|
||||
inline void setChained(bool b) { m_isChained = b; }
|
||||
inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; }
|
||||
inline bool hasBlockAction() const { return m_containsStaticBlockAction == true; }
|
||||
inline bool hasMultimatch() const { return m_containsMultiMatchAction == true; }
|
||||
|
||||
inline bool hasLogData() const { return m_logData != NULL; }
|
||||
std::string logData(Transaction *t);
|
||||
inline bool hasMsg() const { return m_msg != NULL; }
|
||||
std::string msg(Transaction *t);
|
||||
inline bool hasSeverity() const { return m_severity != NULL; }
|
||||
int severity() const;
|
||||
|
||||
std::string m_rev;
|
||||
std::string m_ver;
|
||||
int m_accuracy;
|
||||
int m_maturity;
|
||||
|
||||
|
||||
int64_t m_ruleId;
|
||||
|
||||
std::shared_ptr<RuleWithActions> m_chainedRuleChild;
|
||||
RuleWithActions *m_chainedRuleParent;
|
||||
|
||||
private:
|
||||
/* actions */
|
||||
actions::Action *m_disruptiveAction;
|
||||
actions::LogData *m_logData;
|
||||
actions::Msg *m_msg;
|
||||
actions::Severity *m_severity;
|
||||
MatchActions m_actionsRuntimePos;
|
||||
SetVars m_actionsSetVar;
|
||||
Tags m_actionsTag;
|
||||
|
||||
/* actions > transformations */
|
||||
Transformations m_transformations;
|
||||
|
||||
bool m_containsCaptureAction:1;
|
||||
bool m_containsMultiMatchAction:1;
|
||||
bool m_containsStaticBlockAction:1;
|
||||
bool m_isChained:1;
|
||||
};
|
||||
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
|
|
@ -0,0 +1,82 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <stack>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <utility>
|
||||
#endif
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
|
||||
#define HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rule_with_actions.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
|
||||
class RuleWithOperator : public RuleWithActions {
|
||||
public:
|
||||
RuleWithOperator(operators::Operator *op,
|
||||
variables::Variables *variables,
|
||||
std::vector<actions::Action *> *actions,
|
||||
Transformations *transformations,
|
||||
std::unique_ptr<std::string> fileName,
|
||||
int lineNumber);
|
||||
|
||||
virtual ~RuleWithOperator();
|
||||
|
||||
bool evaluate(Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
|
||||
void getVariablesExceptions(Transaction *t,
|
||||
variables::Variables *exclusion, variables::Variables *addition);
|
||||
inline void getFinalVars(variables::Variables *vars,
|
||||
variables::Variables *eclusion, Transaction *trans);
|
||||
|
||||
bool executeOperatorAt(Transaction *trasn, const std::string &key,
|
||||
const std::string &value, std::shared_ptr<RuleMessage> rm);
|
||||
|
||||
static void updateMatchedVars(Transaction *trasn, const std::string &key,
|
||||
const std::string &value);
|
||||
static void cleanMatchedVars(Transaction *trasn);
|
||||
|
||||
|
||||
std::string getOperatorName() const;
|
||||
|
||||
virtual std::string getReference() override {
|
||||
return std::to_string(m_ruleId);
|
||||
}
|
||||
|
||||
private:
|
||||
modsecurity::variables::Variables *m_variables;
|
||||
operators::Operator *m_operator;
|
||||
};
|
||||
|
||||
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -13,6 +13,7 @@
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
|
@ -22,92 +23,74 @@
|
|||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#endif
|
||||
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rule_with_operator.h"
|
||||
#include "modsecurity/rule_with_actions.h"
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULES_H_
|
||||
#define HEADERS_MODSECURITY_RULES_H_
|
||||
|
||||
#include "modsecurity/rules_properties.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
class Rule;
|
||||
namespace Parser {
|
||||
class Driver;
|
||||
}
|
||||
|
||||
|
||||
/** @ingroup ModSecurity_CPP_API */
|
||||
class Rules : public RulesProperties {
|
||||
class Rules {
|
||||
public:
|
||||
Rules()
|
||||
: RulesProperties(new DebugLog()),
|
||||
unicode_codepage(0),
|
||||
#ifndef NO_LOGS
|
||||
m_secmarker_skipped(0),
|
||||
#endif
|
||||
m_referenceCount(0) { }
|
||||
void dump() const {
|
||||
for (int j = 0; j < m_rules.size(); j++) {
|
||||
std::cout << " Rule ID: " << m_rules.at(j)->getReference();
|
||||
std::cout << "--" << m_rules.at(j) << std::endl;
|
||||
}
|
||||
}
|
||||
|
||||
explicit Rules(DebugLog *customLog)
|
||||
: RulesProperties(customLog),
|
||||
unicode_codepage(0),
|
||||
#ifndef NO_LOGS
|
||||
m_secmarker_skipped(0),
|
||||
#endif
|
||||
m_referenceCount(0) { }
|
||||
int append(Rules *from, const std::vector<int64_t> &ids, std::ostringstream *err) {
|
||||
size_t j = 0;
|
||||
for (; j < from->size(); j++) {
|
||||
RuleWithOperator *rule = dynamic_cast<RuleWithOperator *>(from->at(j).get());
|
||||
if (rule && std::binary_search(ids.begin(), ids.end(), rule->m_ruleId)) {
|
||||
if (err != NULL) {
|
||||
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
|
||||
<< " is duplicated" << std::endl;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
m_rules.insert(m_rules.end(), from->m_rules.begin(), from->m_rules.end());
|
||||
return j;
|
||||
}
|
||||
|
||||
~Rules() { }
|
||||
bool insert(const std::shared_ptr<Rule> &rule) {
|
||||
return insert(rule, nullptr, nullptr);
|
||||
}
|
||||
|
||||
void incrementReferenceCount(void);
|
||||
void decrementReferenceCount(void);
|
||||
bool insert(std::shared_ptr<Rule> rule, const std::vector<int64_t> *ids, std::ostringstream *err) {
|
||||
RuleWithOperator *r = dynamic_cast<RuleWithOperator *>(rule.get());
|
||||
if (r && ids != nullptr && std::binary_search(ids->begin(), ids->end(), r->m_ruleId)) {
|
||||
if (err != nullptr) {
|
||||
*err << "Rule id: " << std::to_string(r->m_ruleId) \
|
||||
<< " is duplicated" << std::endl;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
m_rules.push_back(rule);
|
||||
return true;
|
||||
}
|
||||
|
||||
int loadFromUri(const char *uri);
|
||||
int loadRemote(const char *key, const char *uri);
|
||||
int load(const char *rules);
|
||||
int load(const char *rules, const std::string &ref);
|
||||
size_t size() const { return m_rules.size(); }
|
||||
std::shared_ptr<Rule> operator[](int index) const { return m_rules[index]; }
|
||||
std::shared_ptr<Rule> at(int index) const { return m_rules[index]; }
|
||||
|
||||
void dump();
|
||||
|
||||
int merge(Parser::Driver *driver);
|
||||
int merge(Rules *rules);
|
||||
|
||||
int evaluate(int phase, Transaction *transaction);
|
||||
std::string getParserError();
|
||||
|
||||
void debug(int level, const std::string &id, const std::string &uri,
|
||||
const std::string &msg);
|
||||
|
||||
int64_t unicode_codepage;
|
||||
|
||||
private:
|
||||
int m_referenceCount;
|
||||
#ifndef NO_LOGS
|
||||
uint8_t m_secmarker_skipped;
|
||||
#endif
|
||||
std::vector<std::shared_ptr<Rule> > m_rules;
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
Rules *msc_create_rules_set(void);
|
||||
void msc_rules_dump(Rules *rules);
|
||||
int msc_rules_merge(Rules *rules_dst, Rules *rules_from, const char **error);
|
||||
int msc_rules_add_remote(Rules *rules, const char *key, const char *uri,
|
||||
const char **error);
|
||||
int msc_rules_add_file(Rules *rules, const char *file, const char **error);
|
||||
int msc_rules_add(Rules *rules, const char *plain_rules, const char **error);
|
||||
int msc_rules_cleanup(Rules *rules);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULES_H_
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -13,549 +13,6 @@
|
|||
*
|
||||
*/
|
||||
|
||||
#include <modsecurity/rules_set_properties.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <ctime>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <set>
|
||||
#include <cstring>
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULES_PROPERTIES_H_
|
||||
#define HEADERS_MODSECURITY_RULES_PROPERTIES_H_
|
||||
|
||||
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rules_exceptions.h"
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "modsecurity/audit_log.h"
|
||||
|
||||
#define CODEPAGE_SEPARATORS " \t\n\r"
|
||||
|
||||
#define merge_boolean_value(to, from, default) \
|
||||
if (to == PropertyNotSetConfigBoolean) { \
|
||||
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
|
||||
}
|
||||
|
||||
#define merge_ruleengine_value(to, from, default) \
|
||||
if (to == PropertyNotSetRuleEngine) { \
|
||||
to = (from == PropertyNotSetRuleEngine) ? default : from; \
|
||||
}
|
||||
|
||||
#define merge_bodylimitaction_value(to, from, default) \
|
||||
if (to == PropertyNotSetBodyLimitAction) { \
|
||||
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
|
||||
}
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
class RulesExceptions;
|
||||
namespace Parser {
|
||||
class Driver;
|
||||
}
|
||||
|
||||
using modsecurity::debug_log::DebugLog;
|
||||
using modsecurity::audit_log::AuditLog;
|
||||
|
||||
/** @ingroup ModSecurity_CPP_API */
|
||||
class ConfigInt {
|
||||
public:
|
||||
ConfigInt() : m_set(false), m_value(0) { }
|
||||
bool m_set;
|
||||
int m_value;
|
||||
|
||||
void merge(ConfigInt *from) {
|
||||
if (m_set == true || from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
m_set = true;
|
||||
m_value = from->m_value;
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class ConfigDouble {
|
||||
public:
|
||||
ConfigDouble() : m_set(false), m_value(0) { }
|
||||
bool m_set;
|
||||
double m_value;
|
||||
|
||||
void merge(ConfigDouble *from) {
|
||||
if (m_set == true || from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
m_set = true;
|
||||
m_value = from->m_value;
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class ConfigString {
|
||||
public:
|
||||
ConfigString() : m_set(false), m_value("") { }
|
||||
bool m_set;
|
||||
std::string m_value;
|
||||
|
||||
void merge(ConfigString *from) {
|
||||
if (m_set == true || from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
m_set = true;
|
||||
m_value = from->m_value;
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class ConfigSet {
|
||||
public:
|
||||
ConfigSet() : m_set(false), m_clear(false) { }
|
||||
bool m_set;
|
||||
bool m_clear;
|
||||
std::set<std::string> m_value;
|
||||
};
|
||||
|
||||
|
||||
class UnicodeMapHolder {
|
||||
public:
|
||||
UnicodeMapHolder() {
|
||||
memset(m_data, -1, (sizeof(int)*65536));
|
||||
};
|
||||
|
||||
int& operator[](int index) { return m_data[index]; }
|
||||
int operator[](int index) const { return m_data[index]; }
|
||||
|
||||
int at(int index) const { return m_data[index]; }
|
||||
void change(int i, int a) { m_data[i] = a; }
|
||||
|
||||
int m_data[65536];
|
||||
};
|
||||
|
||||
|
||||
class RulesProperties;
|
||||
class ConfigUnicodeMap {
|
||||
public:
|
||||
ConfigUnicodeMap() : m_set(false),
|
||||
m_unicodeCodePage(0),
|
||||
m_unicodeMapTable(NULL) { }
|
||||
|
||||
static void loadConfig(std::string f, double codePage,
|
||||
RulesProperties *driver, std::string *errg);
|
||||
|
||||
void merge(ConfigUnicodeMap *from) {
|
||||
if (from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
|
||||
m_set = true;
|
||||
m_unicodeCodePage = from->m_unicodeCodePage;
|
||||
m_unicodeMapTable = from->m_unicodeMapTable;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
bool m_set;
|
||||
double m_unicodeCodePage;
|
||||
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
|
||||
};
|
||||
|
||||
|
||||
class RulesProperties {
|
||||
public:
|
||||
RulesProperties() :
|
||||
m_auditLog(new AuditLog()),
|
||||
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
|
||||
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
|
||||
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
|
||||
m_debugLog(new DebugLog()),
|
||||
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
|
||||
m_secRuleEngine(PropertyNotSetRuleEngine) { }
|
||||
|
||||
|
||||
explicit RulesProperties(DebugLog *debugLog) :
|
||||
m_auditLog(new AuditLog()),
|
||||
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
|
||||
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
|
||||
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
|
||||
m_debugLog(debugLog),
|
||||
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
|
||||
m_secRuleEngine(PropertyNotSetRuleEngine) { }
|
||||
|
||||
|
||||
~RulesProperties() {
|
||||
int i = 0;
|
||||
/** Cleanup the rules */
|
||||
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<Rule *> rules = m_rules[i];
|
||||
while (rules.empty() == false) {
|
||||
Rule *rule = rules.back();
|
||||
rules.pop_back();
|
||||
if (rule->refCountDecreaseAndCheck()) {
|
||||
rule = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<actions::Action *> *tmp = &m_defaultActions[i];
|
||||
while (tmp->empty() == false) {
|
||||
actions::Action *a = tmp->back();
|
||||
tmp->pop_back();
|
||||
if (a->refCountDecreaseAndCheck()) {
|
||||
a = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
delete m_debugLog;
|
||||
delete m_auditLog;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
enum ConfigBoolean {
|
||||
TrueConfigBoolean,
|
||||
FalseConfigBoolean,
|
||||
PropertyNotSetConfigBoolean
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* The RuleEngine enumerator consists in mapping the different states
|
||||
* of the rule engine.
|
||||
*
|
||||
*/
|
||||
enum RuleEngine {
|
||||
/**
|
||||
*
|
||||
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
|
||||
*
|
||||
*/
|
||||
DisabledRuleEngine,
|
||||
/**
|
||||
*
|
||||
* Rules will be evaluated and disturb actions will take place if needed.
|
||||
*
|
||||
*/
|
||||
EnabledRuleEngine,
|
||||
/**
|
||||
* Rules will be evaluated but it won't generate any disruptive action.
|
||||
*
|
||||
*/
|
||||
DetectionOnlyRuleEngine,
|
||||
/**
|
||||
*
|
||||
*/
|
||||
PropertyNotSetRuleEngine
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* Defines what actions should be taken in case the body (response or
|
||||
* request) is bigger than the expected size.
|
||||
*
|
||||
*/
|
||||
enum BodyLimitAction {
|
||||
/**
|
||||
*
|
||||
* Process partial
|
||||
*
|
||||
*/
|
||||
ProcessPartialBodyLimitAction,
|
||||
/**
|
||||
*
|
||||
* Reject the request
|
||||
*
|
||||
*/
|
||||
RejectBodyLimitAction,
|
||||
/**
|
||||
*
|
||||
*/
|
||||
PropertyNotSetBodyLimitAction
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* Defines what actions should be taken in case the remote rules failed to
|
||||
* be downloaded (independent of the circumstances)
|
||||
*
|
||||
*
|
||||
*/
|
||||
enum OnFailedRemoteRulesAction {
|
||||
/**
|
||||
*
|
||||
* Abort
|
||||
*
|
||||
*/
|
||||
AbortOnFailedRemoteRulesAction,
|
||||
/**
|
||||
*
|
||||
* Warn on logging
|
||||
*
|
||||
*/
|
||||
WarnOnFailedRemoteRulesAction,
|
||||
/**
|
||||
*
|
||||
*/
|
||||
PropertyNotSetRemoteRulesAction
|
||||
};
|
||||
|
||||
|
||||
static const char *ruleEngineStateString(RuleEngine i) {
|
||||
switch (i) {
|
||||
case DisabledRuleEngine:
|
||||
return "Disabled";
|
||||
case EnabledRuleEngine:
|
||||
return "Enabled";
|
||||
case DetectionOnlyRuleEngine:
|
||||
return "DetectionOnly";
|
||||
case PropertyNotSetRuleEngine:
|
||||
return "PropertyNotSet/DetectionOnly";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static std::string configBooleanString(ConfigBoolean i) {
|
||||
switch (i) {
|
||||
case TrueConfigBoolean:
|
||||
return "True";
|
||||
case FalseConfigBoolean:
|
||||
return "False";
|
||||
case PropertyNotSetConfigBoolean:
|
||||
return "Not set";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static int mergeProperties(RulesProperties *from, RulesProperties *to,
|
||||
std::ostringstream *err) {
|
||||
int amount_of_rules = 0;
|
||||
|
||||
amount_of_rules = appendRules(from->m_rules, to->m_rules, err);
|
||||
if (amount_of_rules < 0) {
|
||||
return amount_of_rules;
|
||||
}
|
||||
|
||||
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
|
||||
PropertyNotSetRuleEngine);
|
||||
|
||||
merge_boolean_value(to->m_secRequestBodyAccess,
|
||||
from->m_secRequestBodyAccess,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_secResponseBodyAccess,
|
||||
from->m_secResponseBodyAccess,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_secXMLExternalEntity,
|
||||
from->m_secXMLExternalEntity,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_uploadKeepFiles,
|
||||
from->m_uploadKeepFiles,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_tmpSaveUploadedFiles,
|
||||
from->m_tmpSaveUploadedFiles,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
|
||||
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
|
||||
|
||||
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
|
||||
from->m_requestBodyLimitAction,
|
||||
PropertyNotSetBodyLimitAction);
|
||||
|
||||
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
|
||||
from->m_responseBodyLimitAction,
|
||||
PropertyNotSetBodyLimitAction);
|
||||
|
||||
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
|
||||
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
|
||||
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
|
||||
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
|
||||
|
||||
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
|
||||
|
||||
to->m_secWebAppId.merge(&from->m_secWebAppId);
|
||||
|
||||
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
|
||||
|
||||
to->m_httpblKey.merge(&from->m_httpblKey);
|
||||
|
||||
to->m_exceptions.merge(&from->m_exceptions);
|
||||
|
||||
to->m_components.insert(to->m_components.end(),
|
||||
from->m_components.begin(), from->m_components.end());
|
||||
|
||||
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
|
||||
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
|
||||
to->m_responseBodyTypeToBeInspected.m_value.clear();
|
||||
from->m_responseBodyTypeToBeInspected.m_value.clear();
|
||||
} else {
|
||||
for (std::set<std::string>::iterator
|
||||
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
|
||||
it != from->m_responseBodyTypeToBeInspected.m_value.end();
|
||||
++it) {
|
||||
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
|
||||
}
|
||||
}
|
||||
to->m_responseBodyTypeToBeInspected.m_set = true;
|
||||
}
|
||||
|
||||
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<actions::Action *> *actions_from = \
|
||||
from->m_defaultActions+i;
|
||||
std::vector<actions::Action *> *actions_to = to->m_defaultActions+i;
|
||||
for (size_t j = 0; j < actions_from->size(); j++) {
|
||||
actions::Action *action = actions_from->at(j);
|
||||
action->refCountIncrease();
|
||||
actions_to->push_back(action);
|
||||
}
|
||||
}
|
||||
|
||||
if (to->m_auditLog) {
|
||||
std::string error;
|
||||
to->m_auditLog->merge(from->m_auditLog, &error);
|
||||
if (error.size() > 0) {
|
||||
*err << error;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (from->m_debugLog && to->m_debugLog &&
|
||||
from->m_debugLog->isLogFileSet()) {
|
||||
if (to->m_debugLog->isLogFileSet() == false) {
|
||||
std::string error;
|
||||
to->m_debugLog->setDebugLogFile(
|
||||
from->m_debugLog->getDebugLogFile(),
|
||||
&error);
|
||||
if (error.size() > 0) {
|
||||
*err << error;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (from->m_debugLog && to->m_debugLog &&
|
||||
from->m_debugLog->isLogLevelSet()) {
|
||||
if (to->m_debugLog->isLogLevelSet() == false) {
|
||||
to->m_debugLog->setDebugLogLevel(
|
||||
from->m_debugLog->getDebugLogLevel());
|
||||
}
|
||||
}
|
||||
|
||||
return amount_of_rules;
|
||||
}
|
||||
|
||||
|
||||
static int appendRules(
|
||||
std::vector<modsecurity::Rule *> *from,
|
||||
std::vector<modsecurity::Rule *> *to,
|
||||
std::ostringstream *err) {
|
||||
int amount_of_rules = 0;
|
||||
// TODO: std::vector could be replaced with something more efficient.
|
||||
std::vector<int64_t> v;
|
||||
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<modsecurity::Rule *> *rules_to = to+i;
|
||||
v.reserve(rules_to->size());
|
||||
for (size_t z = 0; z < rules_to->size(); z++) {
|
||||
Rule *rule_ckc = rules_to->at(z);
|
||||
if (rule_ckc->m_secMarker == true) {
|
||||
continue;
|
||||
}
|
||||
v.push_back(rule_ckc->m_ruleId);
|
||||
}
|
||||
}
|
||||
std::sort (v.begin(), v.end());
|
||||
|
||||
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<modsecurity::Rule *> *rules_from = from+i;
|
||||
std::vector<modsecurity::Rule *> *rules_to = to+i;
|
||||
for (size_t j = 0; j < rules_from->size(); j++) {
|
||||
Rule *rule = rules_from->at(j);
|
||||
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
|
||||
if (err != NULL) {
|
||||
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
|
||||
<< " is duplicated" << std::endl;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
amount_of_rules++;
|
||||
rule->refCountIncrease();
|
||||
rules_to->push_back(rule);
|
||||
}
|
||||
}
|
||||
return amount_of_rules;
|
||||
}
|
||||
|
||||
|
||||
std::vector<modsecurity::Rule *> *getRulesForPhase(int phase) {
|
||||
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
|
||||
return NULL;
|
||||
}
|
||||
return &m_rules[phase];
|
||||
}
|
||||
|
||||
|
||||
audit_log::AuditLog *m_auditLog;
|
||||
BodyLimitAction m_requestBodyLimitAction;
|
||||
BodyLimitAction m_responseBodyLimitAction;
|
||||
ConfigBoolean m_secRequestBodyAccess;
|
||||
ConfigBoolean m_secResponseBodyAccess;
|
||||
ConfigBoolean m_secXMLExternalEntity;
|
||||
ConfigBoolean m_tmpSaveUploadedFiles;
|
||||
ConfigBoolean m_uploadKeepFiles;
|
||||
ConfigDouble m_requestBodyLimit;
|
||||
ConfigDouble m_requestBodyNoFilesLimit;
|
||||
ConfigDouble m_responseBodyLimit;
|
||||
ConfigInt m_uploadFileLimit;
|
||||
ConfigInt m_uploadFileMode;
|
||||
DebugLog *m_debugLog;
|
||||
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
|
||||
RuleEngine m_secRuleEngine;
|
||||
RulesExceptions m_exceptions;
|
||||
std::list<std::string> m_components;
|
||||
std::ostringstream m_parserError;
|
||||
ConfigSet m_responseBodyTypeToBeInspected;
|
||||
ConfigString m_httpblKey;
|
||||
ConfigString m_uploadDirectory;
|
||||
ConfigString m_uploadTmpDirectory;
|
||||
ConfigString m_secArgumentSeparator;
|
||||
ConfigString m_secWebAppId;
|
||||
std::vector<actions::Action *> m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
|
||||
std::vector<modsecurity::Rule *> m_rules[modsecurity::Phases::NUMBER_OF_PHASES];
|
||||
ConfigUnicodeMap m_unicodeMapTable;
|
||||
};
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULES_PROPERTIES_H_
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <ctime>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULES_SET_H_
|
||||
#define HEADERS_MODSECURITY_RULES_SET_H_
|
||||
|
||||
#include "modsecurity/rules_set_properties.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rules_set_phases.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
class RuleWithOperator;
|
||||
namespace Parser {
|
||||
class Driver;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/** @ingroup ModSecurity_CPP_API */
|
||||
class RulesSet : public RulesSetProperties {
|
||||
public:
|
||||
RulesSet()
|
||||
: RulesSetProperties(new DebugLog())
|
||||
#ifndef NO_LOGS
|
||||
,m_secmarker_skipped(0)
|
||||
#endif
|
||||
{ }
|
||||
|
||||
explicit RulesSet(DebugLog *customLog)
|
||||
: RulesSetProperties(customLog)
|
||||
#ifndef NO_LOGS
|
||||
,m_secmarker_skipped(0)
|
||||
#endif
|
||||
{ }
|
||||
|
||||
~RulesSet() { }
|
||||
|
||||
int loadFromUri(const char *uri);
|
||||
int loadRemote(const char *key, const char *uri);
|
||||
int load(const char *rules);
|
||||
int load(const char *rules, const std::string &ref);
|
||||
|
||||
void dump() const;
|
||||
|
||||
int merge(Parser::Driver *driver);
|
||||
int merge(RulesSet *rules);
|
||||
|
||||
int evaluate(int phase, Transaction *transaction);
|
||||
std::string getParserError();
|
||||
|
||||
void debug(int level, const std::string &id, const std::string &uri,
|
||||
const std::string &msg);
|
||||
|
||||
RulesSetPhases m_rulesSetPhases;
|
||||
private:
|
||||
#ifndef NO_LOGS
|
||||
uint8_t m_secmarker_skipped;
|
||||
#endif
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
RulesSet *msc_create_rules_set(void);
|
||||
void msc_rules_dump(RulesSet *rules);
|
||||
int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error);
|
||||
int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri,
|
||||
const char **error);
|
||||
int msc_rules_add_file(RulesSet *rules, const char *file, const char **error);
|
||||
int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error);
|
||||
int msc_rules_cleanup(RulesSet *rules);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULES_SET_H_
|
|
@ -0,0 +1,63 @@
|
|||
|
||||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <ctime>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULES_SET_PHASES_H_
|
||||
#define HEADERS_MODSECURITY_RULES_SET_PHASES_H_
|
||||
|
||||
#include "modsecurity/rules.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
class RuleWithOperator;
|
||||
namespace Parser {
|
||||
class Driver;
|
||||
}
|
||||
|
||||
/** @ingroup ModSecurity_CPP_API */
|
||||
class RulesSetPhases {
|
||||
public:
|
||||
|
||||
bool insert(std::shared_ptr<Rule> rule);
|
||||
|
||||
int append(RulesSetPhases *from, std::ostringstream *err);
|
||||
void dump() const;
|
||||
|
||||
Rules *operator[](int index) { return &m_rulesAtPhase[index]; }
|
||||
Rules *at(int index) { return &m_rulesAtPhase[index]; }
|
||||
|
||||
private:
|
||||
Rules m_rulesAtPhase[8];
|
||||
|
||||
};
|
||||
|
||||
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULES_SET_PHASES_H_
|
|
@ -0,0 +1,499 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <ctime>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <set>
|
||||
#include <cstring>
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
|
||||
#define HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
|
||||
|
||||
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rules_exceptions.h"
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "modsecurity/audit_log.h"
|
||||
|
||||
#define CODEPAGE_SEPARATORS " \t\n\r"
|
||||
|
||||
#define merge_boolean_value(to, from, default) \
|
||||
if (to == PropertyNotSetConfigBoolean) { \
|
||||
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
|
||||
}
|
||||
|
||||
#define merge_ruleengine_value(to, from, default) \
|
||||
if (to == PropertyNotSetRuleEngine) { \
|
||||
to = (from == PropertyNotSetRuleEngine) ? default : from; \
|
||||
}
|
||||
|
||||
#define merge_bodylimitaction_value(to, from, default) \
|
||||
if (to == PropertyNotSetBodyLimitAction) { \
|
||||
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
|
||||
}
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
class RulesExceptions;
|
||||
namespace Parser {
|
||||
class Driver;
|
||||
}
|
||||
|
||||
using modsecurity::debug_log::DebugLog;
|
||||
using modsecurity::audit_log::AuditLog;
|
||||
|
||||
/** @ingroup ModSecurity_CPP_API */
|
||||
class ConfigInt {
|
||||
public:
|
||||
ConfigInt() : m_set(false), m_value(0) { }
|
||||
bool m_set;
|
||||
int m_value;
|
||||
|
||||
void merge(ConfigInt *from) {
|
||||
if (m_set == true || from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
m_set = true;
|
||||
m_value = from->m_value;
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class ConfigDouble {
|
||||
public:
|
||||
ConfigDouble() : m_set(false), m_value(0) { }
|
||||
bool m_set;
|
||||
double m_value;
|
||||
|
||||
void merge(ConfigDouble *from) {
|
||||
if (m_set == true || from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
m_set = true;
|
||||
m_value = from->m_value;
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class ConfigString {
|
||||
public:
|
||||
ConfigString() : m_set(false), m_value("") { }
|
||||
bool m_set;
|
||||
std::string m_value;
|
||||
|
||||
void merge(ConfigString *from) {
|
||||
if (m_set == true || from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
m_set = true;
|
||||
m_value = from->m_value;
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class ConfigSet {
|
||||
public:
|
||||
ConfigSet() : m_set(false), m_clear(false) { }
|
||||
bool m_set;
|
||||
bool m_clear;
|
||||
std::set<std::string> m_value;
|
||||
};
|
||||
|
||||
|
||||
class UnicodeMapHolder {
|
||||
public:
|
||||
UnicodeMapHolder() {
|
||||
memset(m_data, -1, (sizeof(int)*65536));
|
||||
};
|
||||
|
||||
int& operator[](int index) { return m_data[index]; }
|
||||
int operator[](int index) const { return m_data[index]; }
|
||||
|
||||
int at(int index) const { return m_data[index]; }
|
||||
void change(int i, int a) { m_data[i] = a; }
|
||||
|
||||
int m_data[65536];
|
||||
};
|
||||
|
||||
|
||||
class RulesSetProperties;
|
||||
class ConfigUnicodeMap {
|
||||
public:
|
||||
ConfigUnicodeMap() : m_set(false),
|
||||
m_unicodeCodePage(0),
|
||||
m_unicodeMapTable(NULL) { }
|
||||
|
||||
static void loadConfig(std::string f, double codePage,
|
||||
RulesSetProperties *driver, std::string *errg);
|
||||
|
||||
void merge(ConfigUnicodeMap *from) {
|
||||
if (from->m_set == false) {
|
||||
return;
|
||||
}
|
||||
|
||||
m_set = true;
|
||||
m_unicodeCodePage = from->m_unicodeCodePage;
|
||||
m_unicodeMapTable = from->m_unicodeMapTable;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
bool m_set;
|
||||
double m_unicodeCodePage;
|
||||
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
|
||||
};
|
||||
|
||||
|
||||
class RulesSetProperties {
|
||||
public:
|
||||
RulesSetProperties() :
|
||||
m_auditLog(new AuditLog()),
|
||||
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
|
||||
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
|
||||
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
|
||||
m_debugLog(new DebugLog()),
|
||||
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
|
||||
m_secRuleEngine(PropertyNotSetRuleEngine) { }
|
||||
|
||||
|
||||
explicit RulesSetProperties(DebugLog *debugLog) :
|
||||
m_auditLog(new AuditLog()),
|
||||
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
|
||||
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
|
||||
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
|
||||
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
|
||||
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
|
||||
m_debugLog(debugLog),
|
||||
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
|
||||
m_secRuleEngine(PropertyNotSetRuleEngine) { }
|
||||
|
||||
RulesSetProperties(const RulesSetProperties &r) = delete;
|
||||
RulesSetProperties &operator =(const RulesSetProperties &r) = delete;
|
||||
|
||||
~RulesSetProperties() {
|
||||
int i = 0;
|
||||
|
||||
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<std::shared_ptr<actions::Action> > *tmp = \
|
||||
&m_defaultActions[i];
|
||||
while (tmp->empty() == false) {
|
||||
tmp->pop_back();
|
||||
}
|
||||
}
|
||||
|
||||
delete m_debugLog;
|
||||
delete m_auditLog;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
enum ConfigBoolean {
|
||||
TrueConfigBoolean,
|
||||
FalseConfigBoolean,
|
||||
PropertyNotSetConfigBoolean
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* The RuleEngine enumerator consists in mapping the different states
|
||||
* of the rule engine.
|
||||
*
|
||||
*/
|
||||
enum RuleEngine {
|
||||
/**
|
||||
*
|
||||
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
|
||||
*
|
||||
*/
|
||||
DisabledRuleEngine,
|
||||
/**
|
||||
*
|
||||
* Rules will be evaluated and disturb actions will take place if needed.
|
||||
*
|
||||
*/
|
||||
EnabledRuleEngine,
|
||||
/**
|
||||
* Rules will be evaluated but it won't generate any disruptive action.
|
||||
*
|
||||
*/
|
||||
DetectionOnlyRuleEngine,
|
||||
/**
|
||||
*
|
||||
*/
|
||||
PropertyNotSetRuleEngine
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* Defines what actions should be taken in case the body (response or
|
||||
* request) is bigger than the expected size.
|
||||
*
|
||||
*/
|
||||
enum BodyLimitAction {
|
||||
/**
|
||||
*
|
||||
* Process partial
|
||||
*
|
||||
*/
|
||||
ProcessPartialBodyLimitAction,
|
||||
/**
|
||||
*
|
||||
* Reject the request
|
||||
*
|
||||
*/
|
||||
RejectBodyLimitAction,
|
||||
/**
|
||||
*
|
||||
*/
|
||||
PropertyNotSetBodyLimitAction
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* Defines what actions should be taken in case the remote rules failed to
|
||||
* be downloaded (independent of the circumstances)
|
||||
*
|
||||
*
|
||||
*/
|
||||
enum OnFailedRemoteRulesAction {
|
||||
/**
|
||||
*
|
||||
* Abort
|
||||
*
|
||||
*/
|
||||
AbortOnFailedRemoteRulesAction,
|
||||
/**
|
||||
*
|
||||
* Warn on logging
|
||||
*
|
||||
*/
|
||||
WarnOnFailedRemoteRulesAction,
|
||||
/**
|
||||
*
|
||||
*/
|
||||
PropertyNotSetRemoteRulesAction
|
||||
};
|
||||
|
||||
|
||||
static const char *ruleEngineStateString(RuleEngine i) {
|
||||
switch (i) {
|
||||
case DisabledRuleEngine:
|
||||
return "Disabled";
|
||||
case EnabledRuleEngine:
|
||||
return "Enabled";
|
||||
case DetectionOnlyRuleEngine:
|
||||
return "DetectionOnly";
|
||||
case PropertyNotSetRuleEngine:
|
||||
return "PropertyNotSet/DetectionOnly";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static std::string configBooleanString(ConfigBoolean i) {
|
||||
switch (i) {
|
||||
case TrueConfigBoolean:
|
||||
return "True";
|
||||
case FalseConfigBoolean:
|
||||
return "False";
|
||||
case PropertyNotSetConfigBoolean:
|
||||
return "Not set";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static int mergeProperties(RulesSetProperties *from,
|
||||
RulesSetProperties *to, std::ostringstream *err) {
|
||||
|
||||
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
|
||||
PropertyNotSetRuleEngine);
|
||||
|
||||
merge_boolean_value(to->m_secRequestBodyAccess,
|
||||
from->m_secRequestBodyAccess,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_secResponseBodyAccess,
|
||||
from->m_secResponseBodyAccess,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_secXMLExternalEntity,
|
||||
from->m_secXMLExternalEntity,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_uploadKeepFiles,
|
||||
from->m_uploadKeepFiles,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
merge_boolean_value(to->m_tmpSaveUploadedFiles,
|
||||
from->m_tmpSaveUploadedFiles,
|
||||
PropertyNotSetConfigBoolean);
|
||||
|
||||
to->m_argumentsLimit.merge(&from->m_argumentsLimit);
|
||||
to->m_requestBodyJsonDepthLimit.merge(&from->m_requestBodyJsonDepthLimit);
|
||||
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
|
||||
to->m_requestBodyNoFilesLimit.merge(&from->m_requestBodyNoFilesLimit);
|
||||
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
|
||||
|
||||
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
|
||||
from->m_requestBodyLimitAction,
|
||||
PropertyNotSetBodyLimitAction);
|
||||
|
||||
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
|
||||
from->m_responseBodyLimitAction,
|
||||
PropertyNotSetBodyLimitAction);
|
||||
|
||||
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
|
||||
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
|
||||
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
|
||||
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
|
||||
|
||||
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
|
||||
|
||||
to->m_secWebAppId.merge(&from->m_secWebAppId);
|
||||
|
||||
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
|
||||
|
||||
to->m_httpblKey.merge(&from->m_httpblKey);
|
||||
|
||||
to->m_exceptions.merge(&from->m_exceptions);
|
||||
|
||||
to->m_components.insert(to->m_components.end(),
|
||||
from->m_components.begin(), from->m_components.end());
|
||||
|
||||
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
|
||||
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
|
||||
to->m_responseBodyTypeToBeInspected.m_value.clear();
|
||||
from->m_responseBodyTypeToBeInspected.m_value.clear();
|
||||
} else {
|
||||
for (std::set<std::string>::iterator
|
||||
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
|
||||
it != from->m_responseBodyTypeToBeInspected.m_value.end();
|
||||
++it) {
|
||||
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
|
||||
}
|
||||
}
|
||||
to->m_responseBodyTypeToBeInspected.m_set = true;
|
||||
}
|
||||
|
||||
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||
std::vector<std::shared_ptr<actions::Action> > *actions_from = \
|
||||
&from->m_defaultActions[i];
|
||||
std::vector<std::shared_ptr<actions::Action> > *actions_to = \
|
||||
&to->m_defaultActions[i];
|
||||
for (size_t j = 0; j < actions_from->size(); j++) {
|
||||
actions_to->push_back(actions_from->at(j));
|
||||
}
|
||||
}
|
||||
|
||||
if (to->m_auditLog) {
|
||||
std::string error;
|
||||
to->m_auditLog->merge(from->m_auditLog, &error);
|
||||
if (error.size() > 0) {
|
||||
*err << error;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (from->m_debugLog && to->m_debugLog &&
|
||||
from->m_debugLog->isLogFileSet()) {
|
||||
if (to->m_debugLog->isLogFileSet() == false) {
|
||||
std::string error;
|
||||
to->m_debugLog->setDebugLogFile(
|
||||
from->m_debugLog->getDebugLogFile(),
|
||||
&error);
|
||||
if (error.size() > 0) {
|
||||
*err << error;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (from->m_debugLog && to->m_debugLog &&
|
||||
from->m_debugLog->isLogLevelSet()) {
|
||||
if (to->m_debugLog->isLogLevelSet() == false) {
|
||||
to->m_debugLog->setDebugLogLevel(
|
||||
from->m_debugLog->getDebugLogLevel());
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
audit_log::AuditLog *m_auditLog;
|
||||
BodyLimitAction m_requestBodyLimitAction;
|
||||
BodyLimitAction m_responseBodyLimitAction;
|
||||
ConfigBoolean m_secRequestBodyAccess;
|
||||
ConfigBoolean m_secResponseBodyAccess;
|
||||
ConfigBoolean m_secXMLExternalEntity;
|
||||
ConfigBoolean m_tmpSaveUploadedFiles;
|
||||
ConfigBoolean m_uploadKeepFiles;
|
||||
ConfigDouble m_argumentsLimit;
|
||||
ConfigDouble m_requestBodyJsonDepthLimit;
|
||||
ConfigDouble m_requestBodyLimit;
|
||||
ConfigDouble m_requestBodyNoFilesLimit;
|
||||
ConfigDouble m_responseBodyLimit;
|
||||
ConfigInt m_uploadFileLimit;
|
||||
ConfigInt m_uploadFileMode;
|
||||
DebugLog *m_debugLog;
|
||||
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
|
||||
RuleEngine m_secRuleEngine;
|
||||
RulesExceptions m_exceptions;
|
||||
std::list<std::string> m_components;
|
||||
std::ostringstream m_parserError;
|
||||
ConfigSet m_responseBodyTypeToBeInspected;
|
||||
ConfigString m_httpblKey;
|
||||
ConfigString m_uploadDirectory;
|
||||
ConfigString m_uploadTmpDirectory;
|
||||
ConfigString m_secArgumentSeparator;
|
||||
ConfigString m_secWebAppId;
|
||||
std::vector<std::shared_ptr<actions::Action> > \
|
||||
m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
|
||||
ConfigUnicodeMap m_unicodeMapTable;
|
||||
};
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // namespace modsecurity
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -26,6 +26,7 @@
|
|||
#include <utility>
|
||||
#include <vector>
|
||||
#include <memory>
|
||||
#include <stack>
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
@ -37,7 +38,7 @@
|
|||
#ifndef __cplusplus
|
||||
typedef struct ModSecurity_t ModSecurity;
|
||||
typedef struct Transaction_t Transaction;
|
||||
typedef struct Rules_t Rules;
|
||||
typedef struct Rules_t RulesSet;
|
||||
#endif
|
||||
|
||||
#include "modsecurity/anchored_set_variable.h"
|
||||
|
@ -47,12 +48,15 @@ typedef struct Rules_t Rules;
|
|||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/collection/collection.h"
|
||||
#include "modsecurity/variable_origin.h"
|
||||
#include "modsecurity/anchored_set_variable_translation_proxy.h"
|
||||
#include "modsecurity/audit_log.h"
|
||||
|
||||
|
||||
#ifndef NO_LOGS
|
||||
#define ms_dbg(b, c) \
|
||||
do { \
|
||||
if (m_rules && m_rules->m_debugLog && m_rules->m_debugLog->m_debugLevel >= b) { \
|
||||
m_rules->debug(b, m_id, m_uri, c); \
|
||||
m_rules->debug(b, *m_id.get(), m_uri, c); \
|
||||
} \
|
||||
} while (0);
|
||||
#else
|
||||
|
@ -98,7 +102,7 @@ namespace modsecurity {
|
|||
|
||||
class ModSecurity;
|
||||
class Transaction;
|
||||
class Rules;
|
||||
class RulesSet;
|
||||
class RuleMessage;
|
||||
namespace actions {
|
||||
class Action;
|
||||
|
@ -109,6 +113,7 @@ enum AllowType : int;
|
|||
namespace RequestBodyProcessor {
|
||||
class XML;
|
||||
class JSON;
|
||||
class MultipartPartTmpFile;
|
||||
}
|
||||
namespace operators {
|
||||
class Operator;
|
||||
|
@ -118,10 +123,7 @@ class Operator;
|
|||
class TransactionAnchoredVariables {
|
||||
public:
|
||||
explicit TransactionAnchoredVariables(Transaction *t)
|
||||
: m_variableArgsNames(t, "ARGS_NAMES"),
|
||||
m_variableArgsGetNames(t, "ARGS_GET_NAMES"),
|
||||
m_variableArgsPostNames(t, "ARGS_POST_NAMES"),
|
||||
m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
|
||||
: m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
|
||||
m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
|
||||
m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
|
||||
m_variableARGScombinedSize(t, "ARGS_COMBINED_SIZE"),
|
||||
|
@ -199,12 +201,13 @@ class TransactionAnchoredVariables {
|
|||
m_variableGeo(t, "GEO"),
|
||||
m_variableRequestCookiesNames(t, "REQUEST_COOKIES_NAMES"),
|
||||
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
|
||||
m_variableOffset(0)
|
||||
m_variableMultipartPartHeaders(t, "MULTIPART_PART_HEADERS"),
|
||||
m_variableOffset(0),
|
||||
m_variableArgsNames("ARGS_NAMES", &m_variableArgs),
|
||||
m_variableArgsGetNames("ARGS_GET_NAMES", &m_variableArgsGet),
|
||||
m_variableArgsPostNames("ARGS_POST_NAMES", &m_variableArgsPost)
|
||||
{ }
|
||||
|
||||
AnchoredSetVariable m_variableArgsNames;
|
||||
AnchoredSetVariable m_variableArgsGetNames;
|
||||
AnchoredSetVariable m_variableArgsPostNames;
|
||||
AnchoredSetVariable m_variableRequestHeadersNames;
|
||||
AnchoredVariable m_variableResponseContentType;
|
||||
AnchoredSetVariable m_variableResponseHeadersNames;
|
||||
|
@ -280,19 +283,57 @@ class TransactionAnchoredVariables {
|
|||
AnchoredSetVariable m_variableGeo;
|
||||
AnchoredSetVariable m_variableRequestCookiesNames;
|
||||
AnchoredSetVariable m_variableFilesTmpNames;
|
||||
AnchoredSetVariable m_variableMultipartPartHeaders;
|
||||
|
||||
int m_variableOffset;
|
||||
|
||||
AnchoredSetVariableTranslationProxy m_variableArgsNames;
|
||||
AnchoredSetVariableTranslationProxy m_variableArgsGetNames;
|
||||
AnchoredSetVariableTranslationProxy m_variableArgsPostNames;
|
||||
};
|
||||
|
||||
class TransactionSecMarkerManagement {
|
||||
public:
|
||||
bool isInsideAMarker() const {
|
||||
if (m_marker) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
std::shared_ptr<std::string> getCurrentMarker() const {
|
||||
if (m_marker) {
|
||||
return m_marker;
|
||||
} else {
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
void removeMarker() {
|
||||
m_marker.reset();
|
||||
}
|
||||
|
||||
void addMarker(const std::shared_ptr<std::string> &name) {
|
||||
m_marker = name;
|
||||
}
|
||||
|
||||
private:
|
||||
std::shared_ptr<std::string> m_marker;
|
||||
};
|
||||
|
||||
/** @ingroup ModSecurity_CPP_API */
|
||||
class Transaction : public TransactionAnchoredVariables {
|
||||
class Transaction : public TransactionAnchoredVariables, public TransactionSecMarkerManagement {
|
||||
public:
|
||||
Transaction(ModSecurity *transaction, Rules *rules, void *logCbData);
|
||||
Transaction(ModSecurity *transaction, Rules *rules, char *id,
|
||||
Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData);
|
||||
Transaction(ModSecurity *transaction, RulesSet *rules, char *id,
|
||||
void *logCbData);
|
||||
~Transaction();
|
||||
|
||||
Transaction ( const Transaction & ) = delete;
|
||||
bool operator ==(const Transaction &b) const { return false; };
|
||||
Transaction &operator =(const Transaction &b) const = delete;
|
||||
|
||||
/** TODO: Should be an structure that fits an IP address */
|
||||
int processConnection(const char *client, int cPort,
|
||||
const char *server, int sPort);
|
||||
|
@ -355,16 +396,16 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
bool extractArguments(const std::string &orig, const std::string& buf,
|
||||
size_t offset);
|
||||
|
||||
const char *getResponseBody();
|
||||
const char *getResponseBody() const;
|
||||
size_t getResponseBodyLength();
|
||||
size_t getRequestBodyLength();
|
||||
|
||||
#ifndef NO_LOGS
|
||||
void debug(int, std::string) const;
|
||||
void debug(int, const std::string&) const;
|
||||
#endif
|
||||
void serverLog(std::shared_ptr<RuleMessage> rm);
|
||||
|
||||
int getRuleEngineState();
|
||||
int getRuleEngineState() const;
|
||||
|
||||
std::string toJSON(int parts);
|
||||
std::string toOldAuditLogFormat(int parts, const std::string &trailer);
|
||||
|
@ -386,7 +427,7 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
/**
|
||||
* Holds the client IP address.
|
||||
*/
|
||||
std::string m_clientIpAddress;
|
||||
std::shared_ptr<std::string> m_clientIpAddress;
|
||||
|
||||
/**
|
||||
* Holds the HTTP version: 1.2, 2.0, 3.0 and so on....
|
||||
|
@ -396,7 +437,7 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
/**
|
||||
* Holds the server IP Address
|
||||
*/
|
||||
std::string m_serverIpAddress;
|
||||
std::shared_ptr<std::string> m_serverIpAddress;
|
||||
|
||||
/**
|
||||
* Holds the raw URI that was requested.
|
||||
|
@ -406,7 +447,7 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
/**
|
||||
* Holds the URI that was requests (without the query string).
|
||||
*/
|
||||
std::string m_uri_no_query_string_decoded;
|
||||
std::shared_ptr<std::string> m_uri_no_query_string_decoded;
|
||||
|
||||
/**
|
||||
* Holds the combined size of all arguments, later used to fill the
|
||||
|
@ -455,7 +496,7 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
/**
|
||||
* Rules object utilized during this specific transaction.
|
||||
*/
|
||||
Rules *m_rules;
|
||||
RulesSet *m_rules;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -491,6 +532,12 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
*/
|
||||
std::list< std::pair<int, std::string> > m_auditLogModifier;
|
||||
|
||||
/**
|
||||
* This transaction's most recent action ctl:auditEngine
|
||||
*
|
||||
*/
|
||||
audit_log::AuditLog::AuditLogStatus m_ctlAuditEngine;
|
||||
|
||||
/**
|
||||
* This variable holds all the messages asked to be save by the utilization
|
||||
* of the actions: `log_data' and `msg'. These should be included on the
|
||||
|
@ -512,13 +559,7 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
* Contains the unique ID of the transaction. Use by the variable
|
||||
* `UNIQUE_ID'. This unique id is also saved as part of the AuditLog.
|
||||
*/
|
||||
std::string m_id;
|
||||
|
||||
/**
|
||||
* Holds the SecMarker name that this transaction should wait to perform
|
||||
* rules evaluation again.
|
||||
*/
|
||||
std::string m_marker;
|
||||
std::shared_ptr<std::string> m_id;
|
||||
|
||||
/**
|
||||
* Holds the amount of rules that should be skipped. If bigger than 0 the
|
||||
|
@ -583,6 +624,8 @@ class Transaction : public TransactionAnchoredVariables {
|
|||
std::string m_variableTimeWDay;
|
||||
std::string m_variableTimeYear;
|
||||
|
||||
std::vector<std::shared_ptr<RequestBodyProcessor::MultipartPartTmpFile>> m_multipartPartTmpFiles;
|
||||
|
||||
private:
|
||||
/**
|
||||
* Pointer to the callback function that will be called to fill
|
||||
|
@ -600,11 +643,11 @@ extern "C" {
|
|||
|
||||
/** @ingroup ModSecurity_C_API */
|
||||
Transaction *msc_new_transaction(ModSecurity *ms,
|
||||
Rules *rules, void *logCbData);
|
||||
RulesSet *rules, void *logCbData);
|
||||
|
||||
/** @ingroup ModSecurity_C_API */
|
||||
Transaction *msc_new_transaction_with_id(ModSecurity *ms,
|
||||
Rules *rules, char *id, void *logCbData);
|
||||
RulesSet *rules, char *id, void *logCbData);
|
||||
|
||||
/** @ingroup ModSecurity_C_API */
|
||||
int msc_process_connection(Transaction *transaction,
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -39,28 +39,28 @@ class VariableValue {
|
|||
public:
|
||||
using Origins = std::list<std::unique_ptr<VariableOrigin>>;
|
||||
|
||||
VariableValue(const std::string *key,
|
||||
explicit VariableValue(const std::string *key,
|
||||
const std::string *value = nullptr)
|
||||
: m_key(*key),
|
||||
: m_collection(""),
|
||||
m_key(*key),
|
||||
m_keyWithCollection(*key),
|
||||
m_collection(""),
|
||||
m_value(value != nullptr?*value:"")
|
||||
{ }
|
||||
|
||||
VariableValue(const std::string *collection,
|
||||
const std::string *key,
|
||||
const std::string *value)
|
||||
: m_key(*key),
|
||||
: m_collection(*collection),
|
||||
m_key(*key),
|
||||
m_keyWithCollection(*collection + ":" + *key),
|
||||
m_collection(*collection),
|
||||
m_value(*value)
|
||||
{ }
|
||||
|
||||
explicit VariableValue(const VariableValue *o) :
|
||||
m_key(o->m_key),
|
||||
m_value(o->m_value),
|
||||
m_collection(o->m_collection),
|
||||
m_keyWithCollection(o->m_keyWithCollection)
|
||||
m_key(o->m_key),
|
||||
m_keyWithCollection(o->m_keyWithCollection),
|
||||
m_value(o->m_value)
|
||||
{
|
||||
for (auto &i : o->m_orign) {
|
||||
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
|
||||
|
@ -70,6 +70,8 @@ class VariableValue {
|
|||
}
|
||||
}
|
||||
|
||||
VariableValue(const VariableValue &v) = delete;
|
||||
|
||||
|
||||
const std::string& getKey() const {
|
||||
return m_key;
|
||||
|
|
|
@ -19,16 +19,23 @@ SecRequestBodyAccess On
|
|||
# Enable XML request body parser.
|
||||
# Initiate XML Processor in case of xml content-type
|
||||
#
|
||||
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
|
||||
SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
|
||||
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
|
||||
|
||||
# Enable JSON request body parser.
|
||||
# Initiate JSON Processor in case of JSON content-type; change accordingly
|
||||
# if your application does not use 'application/json'
|
||||
#
|
||||
SecRule REQUEST_HEADERS:Content-Type "application/json" \
|
||||
SecRule REQUEST_HEADERS:Content-Type "^application/json" \
|
||||
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
|
||||
|
||||
# Sample rule to enable JSON request body parser for more subtypes.
|
||||
# Uncomment or adapt this rule if you want to engage the JSON
|
||||
# Processor for "+json" subtypes
|
||||
#
|
||||
#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
|
||||
# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
|
||||
|
||||
# Maximum request body size we will accept for buffering. If you support
|
||||
# file uploads then the value given on the first line has to be as large
|
||||
# as the largest file you are willing to accept. The second value refers
|
||||
|
@ -38,13 +45,28 @@ SecRule REQUEST_HEADERS:Content-Type "application/json" \
|
|||
SecRequestBodyLimit 13107200
|
||||
SecRequestBodyNoFilesLimit 131072
|
||||
|
||||
# What do do if the request body size is above our configured limit.
|
||||
# What to do if the request body size is above our configured limit.
|
||||
# Keep in mind that this setting will automatically be set to ProcessPartial
|
||||
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
|
||||
# disruptions when initially deploying ModSecurity.
|
||||
#
|
||||
SecRequestBodyLimitAction Reject
|
||||
|
||||
# Maximum parsing depth allowed for JSON objects. You want to keep this
|
||||
# value as low as practical.
|
||||
#
|
||||
SecRequestBodyJsonDepthLimit 512
|
||||
|
||||
# Maximum number of args allowed per request. You want to keep this
|
||||
# value as low as practical. The value should match that in rule 200007.
|
||||
SecArgumentsLimit 1000
|
||||
|
||||
# If SecArgumentsLimit has been set, you probably want to reject any
|
||||
# request body that has only been partly parsed. The value used in this
|
||||
# rule should match what was used with SecArgumentsLimit
|
||||
SecRule &ARGS "@ge 1000" \
|
||||
"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
|
||||
|
||||
# Verify that we've correctly processed the request body.
|
||||
# As a rule of thumb, when failing to process a request body
|
||||
# you should reject the request (when deployed in blocking mode)
|
||||
|
|
|
@ -8,3 +8,4 @@ Description: ModSecurity API
|
|||
Version: @MSC_VERSION_WITH_PATCHLEVEL@
|
||||
Cflags: -I@includedir@
|
||||
Libs: -L@libdir@ -lmodsecurity
|
||||
Libs.private: @CURL_LDADD@ @GEOIP_LDADD@ @MAXMIND_LDADD@ @GLOBAL_LDADD@ @LIBXML2_LDADD@ @LMDB_LDADD@ @LUA_LDADD@ @PCRE_LDADD@ @SSDEEP_LDADD@ @YAJL_LDADD@
|
||||
|
|
|
@ -35,6 +35,7 @@ MAINTAINERCLEANFILES = \
|
|||
|
||||
|
||||
pkginclude_HEADERS = \
|
||||
../headers/modsecurity/anchored_set_variable_translation_proxy.h \
|
||||
../headers/modsecurity/anchored_set_variable.h \
|
||||
../headers/modsecurity/anchored_variable.h \
|
||||
../headers/modsecurity/audit_log.h \
|
||||
|
@ -42,10 +43,16 @@ pkginclude_HEADERS = \
|
|||
../headers/modsecurity/intervention.h \
|
||||
../headers/modsecurity/modsecurity.h \
|
||||
../headers/modsecurity/rule.h \
|
||||
../headers/modsecurity/rule_message.h \
|
||||
../headers/modsecurity/rule_marker.h \
|
||||
../headers/modsecurity/rule_unconditional.h \
|
||||
../headers/modsecurity/rule_with_actions.h \
|
||||
../headers/modsecurity/rule_with_operator.h \
|
||||
../headers/modsecurity/rules.h \
|
||||
../headers/modsecurity/rule_message.h \
|
||||
../headers/modsecurity/rules_set.h \
|
||||
../headers/modsecurity/rules_set_phases.h \
|
||||
../headers/modsecurity/rules_set_properties.h \
|
||||
../headers/modsecurity/rules_exceptions.h \
|
||||
../headers/modsecurity/rules_properties.h \
|
||||
../headers/modsecurity/transaction.h \
|
||||
../headers/modsecurity/variable_origin.h \
|
||||
../headers/modsecurity/variable_value.h
|
||||
|
@ -111,6 +118,7 @@ ACTIONS = \
|
|||
actions/capture.cc \
|
||||
actions/chain.cc \
|
||||
actions/ctl/audit_log_parts.cc \
|
||||
actions/ctl/audit_engine.cc \
|
||||
actions/ctl/rule_engine.cc \
|
||||
actions/ctl/request_body_processor_json.cc \
|
||||
actions/ctl/request_body_processor_xml.cc \
|
||||
|
@ -215,6 +223,7 @@ OPERATORS = \
|
|||
operators/rbl.cc \
|
||||
operators/rsub.cc \
|
||||
operators/rx.cc \
|
||||
operators/rx_global.cc \
|
||||
operators/str_eq.cc \
|
||||
operators/str_match.cc \
|
||||
operators/validate_byte_range.cc \
|
||||
|
@ -273,16 +282,20 @@ libmodsecurity_la_SOURCES = \
|
|||
audit_log/writer/serial.cc \
|
||||
audit_log/writer/parallel.cc \
|
||||
modsecurity.cc \
|
||||
rules.cc \
|
||||
rules_set.cc \
|
||||
rules_set_phases.cc \
|
||||
rules_set_properties.cc \
|
||||
debug_log/debug_log.cc \
|
||||
debug_log/debug_log_writer.cc \
|
||||
run_time_string.cc \
|
||||
rule.cc \
|
||||
rule_unconditional.cc \
|
||||
rule_with_actions.cc \
|
||||
rule_with_operator.cc \
|
||||
rule_message.cc \
|
||||
rule_script.cc \
|
||||
unique_id.cc \
|
||||
rules_exceptions.cc \
|
||||
rules_properties.cc \
|
||||
${BODY_PROCESSORS} \
|
||||
${ACTIONS} \
|
||||
${ENGINES} \
|
||||
|
@ -303,6 +316,7 @@ libmodsecurity_la_CPPFLAGS = \
|
|||
-fPIC \
|
||||
-O3 \
|
||||
-I../headers \
|
||||
$(CURL_CFLAGS) \
|
||||
$(GEOIP_CFLAGS) \
|
||||
$(GLOBAL_CPPFLAGS) \
|
||||
$(MODSEC_NO_LOGS) \
|
||||
|
@ -310,6 +324,7 @@ libmodsecurity_la_CPPFLAGS = \
|
|||
$(YAJL_CFLAGS) \
|
||||
$(LMDB_CFLAGS) \
|
||||
$(PCRE_CFLAGS) \
|
||||
$(PCRE2_CFLAGS) \
|
||||
$(SSDEEP_CFLAGS) \
|
||||
$(MAXMIND_CFLAGS) \
|
||||
$(LUA_CFLAGS) \
|
||||
|
@ -325,6 +340,7 @@ libmodsecurity_la_LDFLAGS = \
|
|||
$(LMDB_LDFLAGS) \
|
||||
$(LUA_LDFLAGS) \
|
||||
$(PCRE_LDFLAGS) \
|
||||
$(PCRE2_LDFLAGS) \
|
||||
$(SSDEEP_LDFLAGS) \
|
||||
$(MAXMIND_LDFLAGS) \
|
||||
$(YAJL_LDFLAGS) \
|
||||
|
@ -341,6 +357,7 @@ libmodsecurity_la_LIBADD = \
|
|||
../others/libinjection.la \
|
||||
../others/libmbedtls.la \
|
||||
$(PCRE_LDADD) \
|
||||
$(PCRE2_LDADD) \
|
||||
$(MAXMIND_LDADD) \
|
||||
$(SSDEEP_LDADD) \
|
||||
$(YAJL_LDADD)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -39,7 +39,7 @@ bool Accuracy::init(std::string *error) {
|
|||
}
|
||||
|
||||
|
||||
bool Accuracy::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
rule->m_accuracy = m_accuracy;
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -29,11 +29,11 @@ namespace actions {
|
|||
|
||||
class Accuracy : public Action {
|
||||
public:
|
||||
explicit Accuracy(std::string action)
|
||||
explicit Accuracy(const std::string &action)
|
||||
: Action(action, ConfigurationKind),
|
||||
m_accuracy(0) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
|
||||
private:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -45,13 +45,13 @@ namespace modsecurity {
|
|||
namespace actions {
|
||||
|
||||
|
||||
std::string Action::evaluate(std::string value,
|
||||
std::string Action::evaluate(const std::string &value,
|
||||
Transaction *transaction) {
|
||||
return value;
|
||||
}
|
||||
|
||||
|
||||
bool Action::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -21,13 +21,13 @@
|
|||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rule_message.h"
|
||||
#include "modsecurity/rules.h"
|
||||
#include "modsecurity/rules_set.h"
|
||||
|
||||
namespace modsecurity {
|
||||
namespace actions {
|
||||
|
||||
|
||||
bool AuditLog::evaluate(Rule *rule, Transaction *transaction,
|
||||
bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) {
|
||||
rm->m_noAuditLog = false;
|
||||
ms_dbg_a(transaction, 9, "Saving transaction to logs");
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -32,10 +32,10 @@ namespace actions {
|
|||
|
||||
class AuditLog : public Action {
|
||||
public:
|
||||
explicit AuditLog(std::string action)
|
||||
explicit AuditLog(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction,
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -19,9 +19,9 @@
|
|||
#include <string>
|
||||
#include <memory>
|
||||
|
||||
#include "modsecurity/rules_set.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rules.h"
|
||||
#include "modsecurity/intervention.h"
|
||||
#include "src/actions/data/status.h"
|
||||
|
||||
|
@ -29,11 +29,11 @@ namespace modsecurity {
|
|||
namespace actions {
|
||||
|
||||
|
||||
bool Block::evaluate(Rule *rule, Transaction *transaction,
|
||||
bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) {
|
||||
ms_dbg_a(transaction, 8, "Marking request as disruptive.");
|
||||
|
||||
for (Action *a : transaction->m_rules->m_defaultActions[rule->m_phase]) {
|
||||
for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
|
||||
if (a->isDisruptive() == false) {
|
||||
continue;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -33,9 +33,9 @@ namespace actions {
|
|||
|
||||
class Block : public Action {
|
||||
public:
|
||||
explicit Block(std::string action) : Action(action) { }
|
||||
explicit Block(const std::string &action) : Action(action) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction,
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -32,7 +32,7 @@ namespace modsecurity {
|
|||
namespace actions {
|
||||
|
||||
|
||||
bool Capture::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool Capture::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -22,16 +22,16 @@
|
|||
|
||||
|
||||
namespace modsecurity {
|
||||
class Rule;
|
||||
class RuleWithOperator;
|
||||
namespace actions {
|
||||
|
||||
|
||||
class Capture : public Action {
|
||||
public:
|
||||
explicit Capture(std::string action)
|
||||
explicit Capture(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -25,8 +25,8 @@ namespace modsecurity {
|
|||
namespace actions {
|
||||
|
||||
|
||||
bool Chain::evaluate(Rule *rule, Transaction *transaction) {
|
||||
rule->m_chained = true;
|
||||
bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
rule->setChained(true);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -25,17 +25,17 @@ class Transaction;
|
|||
|
||||
namespace modsecurity {
|
||||
class Transaction;
|
||||
class Rule;
|
||||
class RuleWithOperator;
|
||||
|
||||
namespace actions {
|
||||
|
||||
|
||||
class Chain : public Action {
|
||||
public:
|
||||
explicit Chain(std::string action)
|
||||
explicit Chain(const std::string &action)
|
||||
: Action(action, ConfigurationKind) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
};
|
||||
|
||||
} // namespace actions
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "src/actions/ctl/audit_engine.h"
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/rules_set_properties.h"
|
||||
#include "modsecurity/rules_set.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
|
||||
namespace modsecurity {
|
||||
namespace actions {
|
||||
namespace ctl {
|
||||
|
||||
|
||||
bool AuditEngine::init(std::string *error) {
|
||||
|
||||
std::string what(m_parser_payload, 12, m_parser_payload.size() - 12);
|
||||
|
||||
if (what == "on") {
|
||||
m_auditEngine = audit_log::AuditLog::AuditLogStatus::OnAuditLogStatus;
|
||||
} else if (what == "off") {
|
||||
m_auditEngine = audit_log::AuditLog::AuditLogStatus::OffAuditLogStatus;
|
||||
} else if (what == "relevantonly") {
|
||||
m_auditEngine = audit_log::AuditLog::AuditLogStatus::RelevantOnlyAuditLogStatus;
|
||||
} else {
|
||||
error->assign("Internal error. Expected: On, Off or RelevantOnly; " \
|
||||
"got: " + m_parser_payload);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuditEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
std::stringstream a;
|
||||
a << "Setting SecAuditEngine to ";
|
||||
a << std::to_string(m_auditEngine);
|
||||
a << " as requested by a ctl:auditEngine action";
|
||||
|
||||
ms_dbg_a(transaction, 8, a.str());
|
||||
|
||||
transaction->m_ctlAuditEngine = m_auditEngine;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
} // namespace ctl
|
||||
} // namespace actions
|
||||
} // namespace modsecurity
|
|
@ -0,0 +1,51 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/rules_set_properties.h"
|
||||
#include "modsecurity/actions/action.h"
|
||||
|
||||
#include "modsecurity/audit_log.h"
|
||||
|
||||
|
||||
#ifndef SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
|
||||
#define SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
|
||||
|
||||
namespace modsecurity {
|
||||
class Transaction;
|
||||
|
||||
namespace actions {
|
||||
namespace ctl {
|
||||
|
||||
|
||||
class AuditEngine : public Action {
|
||||
public:
|
||||
explicit AuditEngine(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_auditEngine(audit_log::AuditLog::AuditLogStatus::NotSetLogStatus) { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
|
||||
audit_log::AuditLog::AuditLogStatus m_auditEngine;
|
||||
};
|
||||
|
||||
|
||||
} // namespace ctl
|
||||
} // namespace actions
|
||||
} // namespace modsecurity
|
||||
|
||||
#endif // SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -38,7 +38,7 @@ bool AuditLogParts::init(std::string *error) {
|
|||
return true;
|
||||
}
|
||||
|
||||
bool AuditLogParts::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool AuditLogParts::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
transaction->m_auditLogModifier.push_back(
|
||||
std::make_pair(mPartsAction, mParts));
|
||||
return true;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -28,12 +28,12 @@ namespace ctl {
|
|||
|
||||
class AuditLogParts : public Action {
|
||||
public:
|
||||
explicit AuditLogParts(std::string action)
|
||||
explicit AuditLogParts(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
mPartsAction(0),
|
||||
mParts("") { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
|
||||
protected:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -18,7 +18,7 @@
|
|||
#include <iostream>
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/rules_properties.h"
|
||||
#include "modsecurity/rules_set_properties.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
|
||||
namespace modsecurity {
|
||||
|
@ -42,11 +42,11 @@ bool RequestBodyAccess::init(std::string *error) {
|
|||
return true;
|
||||
}
|
||||
|
||||
bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool RequestBodyAccess::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
if (m_request_body_access) {
|
||||
transaction->m_requestBodyAccess = RulesProperties::TrueConfigBoolean;
|
||||
transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean;
|
||||
} else {
|
||||
transaction->m_requestBodyAccess = RulesProperties::FalseConfigBoolean;
|
||||
transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean;
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -29,12 +29,12 @@ namespace ctl {
|
|||
|
||||
class RequestBodyAccess : public Action {
|
||||
public:
|
||||
explicit RequestBodyAccess(std::string action)
|
||||
explicit RequestBodyAccess(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_request_body_access(false) { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
|
||||
bool m_request_body_access;
|
||||
};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -25,7 +25,7 @@ namespace actions {
|
|||
namespace ctl {
|
||||
|
||||
|
||||
bool RequestBodyProcessorJSON::evaluate(Rule *rule,
|
||||
bool RequestBodyProcessorJSON::evaluate(RuleWithActions *rule,
|
||||
Transaction *transaction) {
|
||||
transaction->m_requestBodyProcessor = Transaction::JSONRequestBody;
|
||||
transaction->m_variableReqbodyProcessor.set("JSON",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -28,10 +28,10 @@ namespace ctl {
|
|||
|
||||
class RequestBodyProcessorJSON : public Action {
|
||||
public:
|
||||
explicit RequestBodyProcessorJSON(std::string action)
|
||||
explicit RequestBodyProcessorJSON(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -25,7 +25,7 @@ namespace actions {
|
|||
namespace ctl {
|
||||
|
||||
|
||||
bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule,
|
||||
bool RequestBodyProcessorURLENCODED::evaluate(RuleWithActions *rule,
|
||||
Transaction *transaction) {
|
||||
transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded;
|
||||
transaction->m_variableReqbodyProcessor.set("URLENCODED",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -28,10 +28,10 @@ namespace ctl {
|
|||
|
||||
class RequestBodyProcessorURLENCODED : public Action {
|
||||
public:
|
||||
explicit RequestBodyProcessorURLENCODED(std::string action)
|
||||
explicit RequestBodyProcessorURLENCODED(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -25,7 +25,7 @@ namespace actions {
|
|||
namespace ctl {
|
||||
|
||||
|
||||
bool RequestBodyProcessorXML::evaluate(Rule *rule,
|
||||
bool RequestBodyProcessorXML::evaluate(RuleWithActions *rule,
|
||||
Transaction *transaction) {
|
||||
transaction->m_requestBodyProcessor = Transaction::XMLRequestBody;
|
||||
transaction->m_variableReqbodyProcessor.set("XML",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -28,10 +28,10 @@ namespace ctl {
|
|||
|
||||
class RequestBodyProcessorXML : public Action {
|
||||
public:
|
||||
explicit RequestBodyProcessorXML(std::string action)
|
||||
explicit RequestBodyProcessorXML(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -18,8 +18,8 @@
|
|||
#include <iostream>
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/rules_properties.h"
|
||||
#include "modsecurity/rules.h"
|
||||
#include "modsecurity/rules_set_properties.h"
|
||||
#include "modsecurity/rules_set.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
|
||||
namespace modsecurity {
|
||||
|
@ -31,11 +31,11 @@ bool RuleEngine::init(std::string *error) {
|
|||
std::string what(m_parser_payload, 11, m_parser_payload.size() - 11);
|
||||
|
||||
if (what == "on") {
|
||||
m_ruleEngine = RulesProperties::EnabledRuleEngine;
|
||||
m_ruleEngine = RulesSetProperties::EnabledRuleEngine;
|
||||
} else if (what == "off") {
|
||||
m_ruleEngine = RulesProperties::DisabledRuleEngine;
|
||||
m_ruleEngine = RulesSetProperties::DisabledRuleEngine;
|
||||
} else if (what == "detectiononly") {
|
||||
m_ruleEngine = RulesProperties::DetectionOnlyRuleEngine;
|
||||
m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine;
|
||||
} else {
|
||||
error->assign("Internal error. Expected: On, Off or DetectionOnly; " \
|
||||
"got: " + m_parser_payload);
|
||||
|
@ -45,10 +45,10 @@ bool RuleEngine::init(std::string *error) {
|
|||
return true;
|
||||
}
|
||||
|
||||
bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool RuleEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
std::stringstream a;
|
||||
a << "Setting SecRuleEngine to ";
|
||||
a << modsecurity::RulesProperties::ruleEngineStateString(m_ruleEngine);
|
||||
a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine);
|
||||
a << " as requested by a ctl:ruleEngine action";
|
||||
|
||||
ms_dbg_a(transaction, 8, a.str());
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -15,9 +15,9 @@
|
|||
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/rules_set_properties.h"
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rules_properties.h"
|
||||
|
||||
|
||||
#ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_
|
||||
|
@ -30,14 +30,14 @@ namespace ctl {
|
|||
|
||||
class RuleEngine : public Action {
|
||||
public:
|
||||
explicit RuleEngine(std::string action)
|
||||
explicit RuleEngine(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_ruleEngine(RulesProperties::PropertyNotSetRuleEngine) { }
|
||||
m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
|
||||
RulesProperties::RuleEngine m_ruleEngine;
|
||||
RulesSetProperties::RuleEngine m_ruleEngine;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -83,7 +83,7 @@ bool RuleRemoveById::init(std::string *error) {
|
|||
return false;
|
||||
}
|
||||
|
||||
bool RuleRemoveById::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool RuleRemoveById::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
for (auto &i : m_ids) {
|
||||
transaction->m_ruleRemoveById.push_back(i);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -29,11 +29,11 @@ namespace ctl {
|
|||
|
||||
class RuleRemoveById : public Action {
|
||||
public:
|
||||
explicit RuleRemoveById(std::string action)
|
||||
explicit RuleRemoveById(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
|
||||
std::list<std::pair<int, int> > m_ranges;
|
||||
std::list<int> m_ids;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -32,7 +32,7 @@ bool RuleRemoveByTag::init(std::string *error) {
|
|||
return true;
|
||||
}
|
||||
|
||||
bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool RuleRemoveByTag::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
transaction->m_ruleRemoveByTag.push_back(m_tag);
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -29,12 +29,12 @@ namespace ctl {
|
|||
|
||||
class RuleRemoveByTag : public Action {
|
||||
public:
|
||||
explicit RuleRemoveByTag(std::string action)
|
||||
explicit RuleRemoveByTag(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_tag("") { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
|
||||
std::string m_tag;
|
||||
};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -51,7 +51,7 @@ bool RuleRemoveTargetById::init(std::string *error) {
|
|||
return true;
|
||||
}
|
||||
|
||||
bool RuleRemoveTargetById::evaluate(Rule *rule, Transaction *transaction) {
|
||||
bool RuleRemoveTargetById::evaluate(RuleWithActions *rule, Transaction *transaction) {
|
||||
transaction->m_ruleRemoveTargetById.push_back(
|
||||
std::make_pair(m_id, m_target));
|
||||
return true;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
|
@ -29,13 +29,13 @@ namespace ctl {
|
|||
|
||||
class RuleRemoveTargetById : public Action {
|
||||
public:
|
||||
explicit RuleRemoveTargetById(std::string action)
|
||||
explicit RuleRemoveTargetById(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_id(0),
|
||||
m_target("") { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
|
||||
|
||||
int m_id;
|
||||
std::string m_target;
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue