librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Update deps and requirements

This commit is contained in:
TheophileDiot 2022-11-20 09:28:25 +01:00
parent c0efdf9c00
commit b7f60dbdc7
1484 changed files with 41058 additions and 20160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/bw/Dockerfile
View File

@ -1,4 +1,4 @@
FROM nginx:1.20.2-alpine AS builder
FROM nginx:1.22.1-alpine AS builder
# Copy dependencies sources folder
COPY src/deps /tmp/bunkerweb/deps
@ -21,7 +21,7 @@ RUN apk add --no-cache --virtual build py3-pip && \
pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
apk del build
FROM nginx:1.20.2-alpine
FROM nginx:1.22.1-alpine
# Copy dependencies
COPY --from=builder /usr/share/bunkerweb /usr/share/bunkerweb
@ -43,7 +43,7 @@ COPY src/common/utils /usr/share/bunkerweb/utils
COPY src/VERSION /usr/share/bunkerweb/VERSION
# Install runtime dependencies, pypi packages, move bwcli, create data folders and set permissions
RUN apk add --no-cache bash python3 && \
RUN apk add --no-cache pcre bash python3 && \
cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
echo "Docker" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /var/tmp/bunkerweb && \

4
src/common/db/requirements.in
View File

@ -1,4 +1,4 @@
sqlalchemy==1.4.43
sqlalchemy==1.4.44
psycopg2-binary==2.9.5
PyMySQL==1.0.2
oracledb==1.1.1
oracledb==1.2.0

137
src/common/db/requirements.txt
View File

@ -160,30 +160,35 @@ greenlet==2.0.1 \
--hash=sha256:f6327b6907b4cb72f650a5b7b1be23a2aab395017aa6f1adb13069d66360eb3f \
--hash=sha256:fb412b7db83fe56847df9c47b6fe3f13911b06339c2aa02dcc09dce8bbf582cd
# via sqlalchemy
oracledb==1.1.1 \
--hash=sha256:07846a86f481f9105dbf53390e1cb6b422ac929717949fbe9f2251a11a8f4332 \
--hash=sha256:0f731830519aef5b8c90c051ac631bdb9458a960a95945532dcf91c2cb66edf2 \
--hash=sha256:0f7ab47b95b5c7dad464fbcdad0731ee2e99defdecaf2d05808bceb7038d2489 \
--hash=sha256:24296ff54bca75c3b26df7b988a3b49ccd51d6070fc15d4e1cafafb277361f97 \
--hash=sha256:36d767d2e2a6abbb3f52ea76625f040bdaf32a141a4aa64942952e7e99051e0b \
--hash=sha256:393245177e3a0fcddbbc4f738fe8bdff92d19f7656f0baf87aaef8c12ee0fe62 \
--hash=sha256:39bf05208ada7c99ff85cd879f2a9f64c8f8fe73d4ce11d037f2bbedab0c4020 \
--hash=sha256:6a0ddb1f248912d1b5bbbef191f60d9e9b00700085004de068fa1986e0755295 \
--hash=sha256:6c643aa1826129af55688dc0a4a78a0525c991e17da26390e9f676067f92ddfe \
--hash=sha256:6cf4f9031b8c6262d75aac1af3c8246a73697ebcf91fd33eb0c82f6cd2100716 \
--hash=sha256:73f98552bb283baf385dba06a75d1de77f14d5870334c25ea5054e9d32fb6d1e \
--hash=sha256:7c5bd39b08c8adbf7a92385cb3a3689976301249364003929f71d4559fbf95c5 \
--hash=sha256:878cd5e18e0ad5885d1a74fd9a5f2e38eb320b6902ba63ad0a51aebd4bb4d68a \
--hash=sha256:88319c122f190b02ddf99cd278c1a7942c361b0037f8d9cf83142b4019c09602 \
--hash=sha256:8e0525c23b9a349a0ca63d6c2ef8e0fc6c526f2fffae8087ca5b43cef9969d6a \
--hash=sha256:90e01f66a1251da02f2dea4ac42a591e22b1c0b67ba2a6964fd01ef09a014b82 \
--hash=sha256:9be9d00b3f3118bacdffef8a9173a2ea3188552083d93129b1ab8c7907b3eea4 \
--hash=sha256:da65ea1b598de23ef9453cf6dfa3c7cc0f1645c9c63058098b1a92ed0d0619fb \
--hash=sha256:df25a33c00cd294cfee7b1112243a3b0d8d17982d1be301ba7c0b4c82eb8bc88 \
--hash=sha256:dffcc7fe4292b2382c3e8c0c81b83f409ad8d7ddcfaee090dc2d9e3b4f4ca2c9 \
--hash=sha256:f1aba62d17b2d2c91c410f384e05fdc94c1b36cb82ebb136842c82a37b7f981e \
--hash=sha256:f233a4d374379e5ecd86e776f2061308f5c2655ff62c2bdb43d8d7b9969cbc88 \
--hash=sha256:f35f8368dcd3adc33d1a695434fd994f78bb56a258136a6812b244e4ada24585
oracledb==1.2.0 \
--hash=sha256:1086bb446fdfaf3571d61ea0c3000afe2b2326aa27c9b75252a281e5d09c5aa9 \
--hash=sha256:171b932eba53782500123047b23984c01c5d7d997d567108931e96538cbafd26 \
--hash=sha256:1d5aff76c2bb2e6ca0ce7377381bb1d5869977deeaea6f8e675762d7ffffb0ad \
--hash=sha256:2e0636c5b26d30b047f5acd60de20f6226936f9a4d30dec6f3b35edee08b6bbd \
--hash=sha256:393c12c7f7adbd05e7650ca871e20485680305add0f76ae87247af9055d97153 \
--hash=sha256:3b9adac2f87113c573582d4b48c1b28adb0e67115aa9f8db721a9c0a172048ee \
--hash=sha256:43c856aacadb786d234e7508f28fcaf1b8888da052c6b9f1284702ca6509d7d5 \
--hash=sha256:45a6ab3a7fdc2142fce95930d90bdef7dde1e344ab897b4381b5e381d11ba5e3 \
--hash=sha256:4dad11f14d2cfa6276ea52f033bdd6ac98cc809c731acee2d23ecbefac76a7b8 \
--hash=sha256:551ac2acde38a72380f5a3e93128262ece4e27aa5acb13d058e5aa10362031a5 \
--hash=sha256:59bb3f3f66f4affe347ef138f85548c5cb919309e74a73d09a8f03f35af436b7 \
--hash=sha256:6f7b7608c674b09527edb3a8fb6d4a688ecdbba6ad51d32930ddbfea7a9b389e \
--hash=sha256:74f5c2f13dbebcaeac810ae72bfa19c115d7749959833ebaaae4b497695a625f \
--hash=sha256:7b2fb0aacebde75d667e21cbb53e65ebc5d4110bd6b263c4d8a3798d2e0c889f \
--hash=sha256:8043124a55b3946bffd9ebb83953141f62f9d14fb30fa4b9cfcb09bdd7e2fae5 \
--hash=sha256:86fa01c9aa20edb533ec1dfde33fa097631e8fcc044a74ffba5e892313774d5a \
--hash=sha256:8d12a9cd1d64dffcc442c405d84d23af79cde5d855831b2ae43cc8e1b39b9163 \
--hash=sha256:989524ea2e54269b9119340d3ad690f0aacafa50f028d9ea9dad96b0b8ac8b4a \
--hash=sha256:a48772323ce560fd85d5474bd9c9c858f79621eba85b766cb5e16f5a9d4a48dc \
--hash=sha256:a69ad4a65872e323a64fd7348eafcc9a1ae7725ddb3918ceb78037f98d6becde \
--hash=sha256:c03ffd713a2ca5551ae44d103e72b3ecf440a5041b99b2bf8462d5e54a8c01c5 \
--hash=sha256:c4fcb54bc7910193760ea5a210310a88d22e06647f973a3951516c6533b8faa6 \
--hash=sha256:d8b04167bb490895f924e43387b69dcf12aabef651becc245c38de40822e2c93 \
--hash=sha256:dbe550e2fbd8ebdd5dcc1426ae5137f0ab3da435109e2a4947372eb8d73190b2 \
--hash=sha256:dfee7490715a29db9fa11758c3732516dfec731511cea1cfe606c411250c6681 \
--hash=sha256:e50fa0ef531df0b57cdf5b31bee6bc86fdcc27f5b5635e6ab057a46605db72e0 \
--hash=sha256:ed037b902ed0b90067a71d2a38abb967692a9d82b100386159e1d693f8228b52 \
--hash=sha256:f3c9a78b623696448834dc0ab49a18f985acb3cebb6fb96f4cdfbee17f9d2aa9
# via -r requirements.in
psycopg2-binary==2.9.5 \
--hash=sha256:00475004e5ed3e3bf5e056d66e5dcdf41a0dc62efcd57997acd9135c40a08a50 \
@ -266,46 +271,46 @@ pymysql==1.0.2 \
--hash=sha256:41fc3a0c5013d5f039639442321185532e3e2c8924687abe6537de157d403641 \
--hash=sha256:816927a350f38d56072aeca5dfb10221fe1dc653745853d30a216637f5d7ad36
# via -r requirements.in
sqlalchemy==1.4.43 \
--hash=sha256:0c8a174f23bc021aac97bcb27fbe2ae3d4652d3d23e5768bc2ec3d44e386c7eb \
--hash=sha256:13ce4f3a068ec4ef7598d2a77f42adc3d90c76981f5a7c198756b25c4f4a22ea \
--hash=sha256:1d16aca30fad4753aeb4ebde564bbd4a248b9673e4f879b940f4e806a17be87f \
--hash=sha256:23a4569d3db1ce44370d05c5ad79be4f37915fcc97387aef9da232b95db7b695 \
--hash=sha256:27479b5a1e110e64c56b18ffbf8cf99e101572a3d1a43943ea02158f1304108e \
--hash=sha256:2fef01240d32ada9007387afd8e0b2230f99efdc4b57ca6f1d1192fca4fcf6a5 \
--hash=sha256:35dc0a5e934c41e282e019c889069b01ff4cd356b2ea452c9985e1542734cfb1 \
--hash=sha256:41df873cdae1d56fde97a1b4f6ffa118f40e4b2d6a6aa8c25c50eea31ecbeb08 \
--hash=sha256:42bff29eaecbb284f614f4bb265bb0c268625f5b93ce6268f8017811e0afbdde \
--hash=sha256:491d94879f9ec0dea7e1cb053cd9cc65a28d2467960cf99f7b3c286590406060 \
--hash=sha256:4a791e7a1e5ac33f70a3598f8f34fdd3b60c68593bbb038baf58bc50e02d7468 \
--hash=sha256:4abda3e693d24169221ffc7aa0444ccef3dc43dfeab6ad8665d3836751cd6af7 \
--hash=sha256:529e2cc8af75811114e5ab2eb116fd71b6e252c6bdb32adbfcd5e0c5f6d5ab06 \
--hash=sha256:59bd0ae166253f7fed8c3f4f6265d2637f25d2f6614d00df34d7ee0d95d29c91 \
--hash=sha256:5d5937e1bf7921e4d1acdfad72dd98d9e7f9ea5c52aeb12b3b05b534b527692d \
--hash=sha256:6b462c070769f0ef06ea5fe65206b970bcf2b59cb3fda2bec2f4729e1be89c13 \
--hash=sha256:736d4e706adb3c95a0a7e660073a5213dfae78ff2df6addf8ff2918c83fbeebe \
--hash=sha256:7d6293010aa0af8bd3b0c9993259f8979db2422d6abf85a31d70ec69cb2ee4dc \
--hash=sha256:962c7c80c54a42836c47cb0d8a53016986c8584e8d98e90e2ea723a4ed0ba85b \
--hash=sha256:a22f46440e61d90100e0f378faac40335fb5bbf278472df0d83dc15b653b9896 \
--hash=sha256:a7fa3e57a7b0476fbcba72b231150503d53dbcbdd23f4a86be5152912a923b6e \
--hash=sha256:aa12e27cb465b4b006ffb777624fc6023363e01cfed2d3f89d33fb6da80f6de2 \
--hash=sha256:b6fd58e25e6cdd2a131d7e97f9713f8f2142360cd40c75af8aa5b83d535f811c \
--hash=sha256:bd80300d81d92661e2488a4bf4383f0c5dc6e7b05fa46d2823e231af4e30539a \
--hash=sha256:c1ced2fae7a1177a36cf94d0a5567452d195d3b4d7d932dd61f123fb15ddf87b \
--hash=sha256:c1f5bfffc3227d05d90c557b10604962f655b4a83c9f3ad507a81ac8d6847679 \
--hash=sha256:c3dde668edea70dc8d55a74d933d5446e5a97786cdd1c67c8e4971c73bd087ad \
--hash=sha256:c628697aad7a141da8fc3fd81b4874a711cc84af172e1b1e7bbfadf760446496 \
--hash=sha256:c6de20de7c19b965c007c9da240268dde1451865099ca10f0f593c347041b845 \
--hash=sha256:c9a6e878e63286392b262d86d21fe16e6eec12b95ccb0a92c392f2b1e0acca03 \
--hash=sha256:c9b59863e2b1f1e1ebf9ee517f86cdfa82d7049c8d81ad71ab58d442b137bbe9 \
--hash=sha256:cde363fb5412ab178f1cc1e596e9cfc396464da8a4fe8e733cc6d6b4e2c23aa9 \
--hash=sha256:d05d7365c2d1df03a69d90157a3e9b3e7b62088cca8ee6686aed2598659a6e14 \
--hash=sha256:dc1e005d490c101d27657481a05765851ab795cc8aedeb8d9425595088b20736 \
--hash=sha256:ed1c950aba723b7a5b702b88f05d883607c587de918d7d8c2014fe7f55cf67e0 \
--hash=sha256:ee9613b0460dce970414cfc990ca40afe518bc139e697243fcdf890285fb30ac \
--hash=sha256:eeb55a555eef1a9607c1635bbdddd0b8a2bb9713bcb5bc8da1e8fae8ee46d1d8 \
--hash=sha256:f5438f6c768b7e928f0463777b545965648ba0d55877afd14a4e96d2a99702e7 \
--hash=sha256:f6e036714a586f757a3e12ff0798ce9a90aa04a60cff392d8bcacc5ecf79c95e \
--hash=sha256:fa46d86a17cccd48c6762df1a60aecf5aaa2e0c0973efacf146c637694b62ffd \
--hash=sha256:fb9a44e7124f72b79023ab04e1c8fcd8f392939ef0d7a75beae8634e15605d30
sqlalchemy==1.4.44 \
--hash=sha256:0be9b479c5806cece01f1581726573a8d6515f8404e082c375b922c45cfc2a7b \
--hash=sha256:17aee7bfcef7bf0dea92f10e5dfdd67418dcf6fe0759f520e168b605855c003e \
--hash=sha256:21f3df74a0ab39e1255e94613556e33c1dc3b454059fe0b365ec3bbb9ed82e4a \
--hash=sha256:237067ba0ef45a518b64606e1807f7229969ad568288b110ed5f0ca714a3ed3a \
--hash=sha256:2dda5f96719ae89b3ec0f1b79698d86eb9aecb1d54e990abb3fdd92c04b46a90 \
--hash=sha256:393f51a09778e8984d735b59a810731394308b4038acdb1635397c2865dae2b6 \
--hash=sha256:3ca21b35b714ce36f4b8d1ee8d15f149db8eb43a472cf71600bf18dae32286e7 \
--hash=sha256:3cbdbed8cdcae0f83640a9c44fa02b45a6c61e149c58d45a63c9581aba62850f \
--hash=sha256:3eba07f740488c3a125f17c092a81eeae24a6c7ec32ac9dbc52bf7afaf0c4f16 \
--hash=sha256:3f68eab46649504eb95be36ca529aea16cd199f080726c28cbdbcbf23d20b2a2 \
--hash=sha256:4c56e6899fa6e767e4be5d106941804a4201c5cb9620a409c0b80448ec70b656 \
--hash=sha256:53f90a2374f60e703c94118d21533765412da8225ba98659de7dd7998641ab17 \
--hash=sha256:595b185041a4dc5c685283ea98c2f67bbfa47bb28e4a4f5b27ebf40684e7a9f8 \
--hash=sha256:65a0ad931944fcb0be12a8e0ac322dbd3ecf17c53f088bc10b6da8f0caac287b \
--hash=sha256:68e0cd5d32a32c4395168d42f2fefbb03b817ead3a8f3704b8bd5697c0b26c24 \
--hash=sha256:6a06c2506c41926d2769f7968759995f2505e31c5b5a0821e43ca5a3ddb0e8ae \
--hash=sha256:6d7e1b28342b45f19e3dea7873a9479e4a57e15095a575afca902e517fb89652 \
--hash=sha256:6f0ea4d7348feb5e5d0bf317aace92e28398fa9a6e38b7be9ec1f31aad4a8039 \
--hash=sha256:7313e4acebb9ae88dbde14a8a177467a7625b7449306c03a3f9f309b30e163d0 \
--hash=sha256:7cf7c7adbf4417e3f46fc5a2dbf8395a5a69698217337086888f79700a12e93a \
--hash=sha256:80ead36fb1d676cc019586ffdc21c7e906ce4bf243fe4021e4973dae332b6038 \
--hash=sha256:9470633395e5f24d6741b4c8a6e905bce405a28cf417bba4ccbaadf3dab0111d \
--hash=sha256:94c0093678001f5d79f2dcbf3104c54d6c89e41ab50d619494c503a4d3f1aef2 \
--hash=sha256:95f4f8d62589755b507218f2e3189475a4c1f5cc9db2aec772071a7dc6cd5726 \
--hash=sha256:9c857676d810ca196be73c98eb839125d6fa849bfa3589be06201a6517f9961c \
--hash=sha256:a22208c1982f1fe2ae82e5e4c3d4a6f2445a7a0d65fb7983a3d7cbbe3983f5a4 \
--hash=sha256:ad5f966623905ee33694680dda1b735544c99c7638f216045d21546d3d8c6f5b \
--hash=sha256:ae1ed1ebc407d2f66c6f0ec44ef7d56e3f455859df5494680e2cf89dad8e3ae0 \
--hash=sha256:afd1ac99179d1864a68c06b31263a08ea25a49df94e272712eb2824ef151e294 \
--hash=sha256:b6a337a2643a41476fb6262059b8740f4b9a2ec29bf00ffb18c18c080f6e0aed \
--hash=sha256:b737fbeb2f78926d1f59964feb287bbbd050e7904766f87c8ce5cfb86e6d840c \
--hash=sha256:c46322354c58d4dc039a2c982d28284330f8919f31206894281f4b595b9d8dbe \
--hash=sha256:c7e3b9e01fdbe1ce3a165cc7e1ff52b24813ee79c6df6dee0d1e13888a97817e \
--hash=sha256:c9aa372b295a36771cffc226b6517df3011a7d146ac22d19fa6a75f1cdf9d7e6 \
--hash=sha256:d3b6d4588994da73567bb00af9d7224a16c8027865a8aab53ae9be83f9b7cbd1 \
--hash=sha256:d3b9ac11f36ab9a726097fba7c7f6384f0129aedb017f1d4d1d4fce9052a1320 \
--hash=sha256:d654870a66027af3a26df1372cf7f002e161c6768ebe4c9c6fdc0da331cb5173 \
--hash=sha256:d8080bc51a775627865e0f1dbfc0040ff4ace685f187f6036837e1727ba2ed10 \
--hash=sha256:da60b98b0f6f0df9fbf8b72d67d13b73aa8091923a48af79a951d4088530a239 \
--hash=sha256:f5e8ed9cde48b76318ab989deeddc48f833d2a6a7b7c393c49b704f67dedf01d \
--hash=sha256:f8e5443295b218b08bef8eb85d31b214d184b3690d99a33b7bd8e5591e2b0aa1
# via -r requirements.in

6
src/common/gen/requirements.txt
View File

@ -190,7 +190,7 @@ websocket-client==1.4.2 \
# kubernetes
# The following packages are considered to be unsafe in a requirements file:
setuptools==65.5.1 \
--hash=sha256:d0b9a8433464d5800cbe05094acf5c6d52a91bfac9b52bcfc4d41382be5d5d31 \
--hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f
setuptools==65.6.0 \
--hash=sha256:6211d2f5eddad8757bd0484923ca7c0a6302ebc4ab32ea5e94357176e0ca0840 \
--hash=sha256:d1eebf881c6114e51df1664bc2c9133d022f78d12d5f4f665b9191f084e2862d
# via kubernetes

141
src/deps/clone.sh
View File

@ -128,103 +128,103 @@ function do_and_check_cmd() {
return 0
}
# nginx 1.20.2
echo " Download nginx"
NGINX_VERSION="1.20.2"
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "8b65e881ea4ac6162cbf32e5e95cf47a6d5418819f8763ca4a781cffa38187dd7886d4bc195d000a7046111a27121ff25800f8645405174995247e6738b4279a"
# nginx 1.22.1
echo " Downloading nginx"
NGINX_VERSION="1.22.1"
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "1d468dcfa9bbd348b8a5dc514ac1428a789e73a92384c039b73a51ce376785f74bf942872c5594a9fcda6bbf44758bd727ce15ac2395f1aa989c507014647dcc"
if [ -f "deps/src/nginx-${NGINX_VERSION}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf deps/src/nginx-${NGINX_VERSION}.tar.gz -C deps/src
do_and_check_cmd rm -f deps/src/nginx-${NGINX_VERSION}.tar.gz
fi
# Lua 5.1.5
echo " Download Lua"
echo " Downloading Lua"
LUA_VERSION="5.1.5"
secure_download "https://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz" "lua-${LUA_VERSION}.tar.gz" "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
if [ -f "deps/src/lua-${LUA_VERSION}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf deps/src/lua-${LUA_VERSION}.tar.gz -C deps/src
do_and_check_cmd rm -f deps/src/lua-${LUA_VERSION}.tar.gz
do_and_check_cmd patch deps/src/lua-5.1.5/Makefile deps/misc/lua.patch1
do_and_check_cmd patch deps/src/lua-5.1.5/src/Makefile deps/misc/lua.patch2
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/Makefile deps/misc/lua.patch1
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/src/Makefile deps/misc/lua.patch2
fi
# LuaJIT 2.1-20220111
echo " Download LuaJIT"
git_secure_clone "https://github.com/openresty/luajit2.git" "f1491357fa1dbfa3480ba67513fee19a9c65ca6f"
# LuaJIT v2.1-20220915
echo " Downloading LuaJIT"
git_secure_clone "https://github.com/openresty/luajit2.git" "8384278b14988390cf030b787537aa916a9709bb"
# lua-nginx-module v0.10.20
echo " Download lua-nginx-module"
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "9007d673e28938f5dfa7720438991e22b794d225"
# lua-nginx-module v0.10.22
echo " Downloading lua-nginx-module"
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "8d9032298ef542aef058fa02940a6ecd9cf25423"
# lua-resty-core v0.1.22
echo " Download lua-resty-core"
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "12f26310a35e45c37157420f7e1f395a0e36e457"
# lua-resty-core v0.1.24
echo " Downloading lua-resty-core"
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "c48e90a8fc9d974d8a6a369e031940cedf473789"
# lua-resty-lrucache v0.11
echo " Download lua-resty-lrucache"
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "f20bb8ac9489ba87d90d78f929552c2eab153caa"
# lua-resty-lrucache v0.13
echo " Downloading lua-resty-lrucache"
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "2ab2624c841cbf04785cc6384c5e213933d3b5f2"
# lua-resty-dns v0.22
echo " Download lua-resty-dns"
echo " Downloading lua-resty-dns"
git_secure_clone "https://github.com/openresty/lua-resty-dns.git" "869d2fbb009b6ada93a5a10cb93acd1cc12bd53f"
# lua-resty-session v3.10
echo " Download lua-resty-session"
echo " Downloading lua-resty-session"
git_secure_clone "https://github.com/bungle/lua-resty-session.git" "e6bf2630c90df7b3db35e859f0aa7e096af3e918"
# lua-resty-random v?
echo " Download lua-resty-random"
echo " Downloading lua-resty-random"
git_secure_clone "https://github.com/bungle/lua-resty-random.git" "17b604f7f7dd217557ca548fc1a9a0d373386480"
# lua-resty-string v0.15
echo " Download lua-resty-string"
echo " Downloading lua-resty-string"
git_secure_clone "https://github.com/openresty/lua-resty-string.git" "b192878f6ed31b0af237935bbc5a8110a3c2256c"
# lua-cjson v2.1.0.8
echo " Download lua-cjson"
git_secure_clone "https://github.com/openresty/lua-cjson.git" "0df488874f52a881d14b5876babaa780bb6200ee"
# lua-cjson v2.1.0.9
echo " Downloading lua-cjson"
git_secure_clone "https://github.com/openresty/lua-cjson.git" "891962b11d6d3b1b7275550b5c109e16c73ac94f"
# lua-gd v?
echo " Download lua-gd"
# lua-gd v2.0.33r3+
echo " Downloading lua-gd"
git_secure_clone "https://github.com/ittner/lua-gd.git" "2ce8e478a8591afd71e607506bc8c64b161bbd30"
# lua-resty-http v1.16.1
echo " Download lua-resty-http"
# lua-resty-http v0.16.1
echo " Downloading lua-resty-http"
git_secure_clone "https://github.com/ledgetech/lua-resty-http.git" "9bf951dfe162dd9710a0e1f4525738d4902e9d20"
# lualogging v1.6.0
echo " Download lualogging"
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "0bc4415de03ff1a99c92c02a5bed14a45b078079"
# lualogging v1.8.0
echo " Downloading lualogging"
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "1c6fcf5f68e4d0324c5977f1a27083c06f4d1b8f"
# luasocket v?
echo " Download luasocket"
git_secure_clone "https://github.com/diegonehab/luasocket.git" "5b18e475f38fcf28429b1cc4b17baee3b9793a62"
# luasocket v3.1.0
echo " Downloading luasocket"
git_secure_clone "https://github.com/diegonehab/luasocket.git" "95b7efa9da506ef968c1347edf3fc56370f0deed"
# luasec v1.0.2
echo " Download luasec"
git_secure_clone "https://github.com/brunoos/luasec.git" "ef14b27a2c8e541cac071165048250e85a7216df"
# luasec v1.2.0
echo " Downloading luasec"
git_secure_clone "https://github.com/brunoos/luasec.git" "d9215ee00f6694a228daad50ee85827a4cd13583"
# lua-resty-ipmatcher v0.6.1 (1 commit after just in case)
echo " Download lua-resty-ipmatcher"
# lua-resty-ipmatcher v0.6.1 (3 commits after just in case)
echo " Downloading lua-resty-ipmatcher"
dopatch="no"
if [ ! -d "deps/src/lua-resty-ipmatcher" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "3948a92d2e168db14fa5ecd4bb10a7c0fe7ead70"
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "7fbb618f7221b1af1451027d3c64e51f3182761c"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua deps/misc/ipmatcher.patch
fi
# lua-resty-redis v0.29
echo " Download lua-resty-redis"
echo " Downloading lua-resty-redis"
git_secure_clone "https://github.com/openresty/lua-resty-redis.git" "053f989c7f43d8edc79d5151e73b79249c6b5d94"
# lua-resty-upload v0.10
echo " Download lua-resty-upload"
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "cae01f590456561bc8d95da3d2d9f937bef57bec"
# lua-resty-upload v0.10 (8 commits after just in case)
echo " Downloading lua-resty-upload"
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "73c89846e866bf5d0660ffa881df37fd63f04391"
# luajit-geoip v2.1.0
echo " Download luajit-geoip"
echo " Downloading luajit-geoip"
dopatch="no"
if [ ! -d "deps/src/luajit-geoip" ] ; then
dopatch="yes"
@ -235,59 +235,60 @@ if [ "$dopatch" = "yes" ] ; then
fi
# lbase64 v1.5.3
echo " Download lbase64"
echo " Downloading lbase64"
git_secure_clone "https://github.com/iskolbin/lbase64.git" "c261320edbdf82c16409d893a96c28c704aa0ab8"
# ModSecurity v3.0.4 (looks like v3.0.5 has a memleak on reload)
# TODO : test v3.0.6
echo " Download ModSecurity"
# ModSecurity v3.0.8 (19 commits after just in case)
echo " Downloading ModSecurity"
if [ ! -d "deps/src/ModSecurity" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "753145fbd1d6751a6b14fdd700921eb3cc3a1d35"
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "40f7a5067c695b1770920b881f30abc09a4e02b3"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/ModSecurity/configure.ac deps/misc/modsecurity.patch
fi
# libinjection v?
echo " Download libinjection"
# libinjection v3.10.0+
# TODO: check if the latest commit is fine
echo " Downloading libinjection"
git_secure_clone "https://github.com/libinjection/libinjection.git" "49904c42a6e68dc8f16c022c693e897e4010a06c"
do_and_check_cmd cp -r deps/src/libinjection deps/src/ModSecurity/others
# ModSecurity-nginx v1.0.2
echo " Download ModSecurity-nginx"
# ModSecurity-nginx v1.0.3
echo " Downloading ModSecurity-nginx"
dopatch="no"
if [ ! -d "deps/src/ModSecurity-nginx" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "2497e6ac654d0b117b9534aa735b757c6b11c84f"
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "d59e4ad121df702751940fd66bcc0b3ecb51a079"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c deps/misc/modsecurity-nginx.patch
fi
# libmaxminddb v1.6.0
echo " Download libmaxminddb"
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "2d0e6b7360b88f645e67ffc5a709b2327d361ac3"
# libmaxminddb v1.7.1
echo " Downloading libmaxminddb"
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "ac4d0d2480032a8664e251588e57d7b306ca630c"
# headers-more-nginx-module v?
echo " Download headers-more-nginx-module"
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "a4a0686605161a6777d7d612d5aef79b9e7c13e0"
# headers-more-nginx-module v0.34
echo " Downloading headers-more-nginx-module"
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0"
# ngx_http_geoip2_module v3.3
#echo " Download ngx_http_geoip2_module"
#echo " Downloading ngx_http_geoip2_module"
#dosed="no"
#if [ ! -d "deps/src/ngx_http_geoip2_module" ] ; then
# dosed="yes"
#fi
#git_secure_clone "https://github.com/leev/ngx_http_geoip2_module.git" "5a83b6f958c67ea88d2899d0b3c2a5db8e36b211"
#if [ "$dosed" = "yes" ] ; then
# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/usr/share/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/usr/share/bunkerweb/deps/lib -L/usr/share/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/opt/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/opt/bunkerweb/deps/lib -L/opt/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
#fi
# nginx_cookie_flag_module v1.1.0
echo " Download nginx_cookie_flag_module"
echo " Downloading nginx_cookie_flag_module"
git_secure_clone "https://github.com/AirisX/nginx_cookie_flag_module.git" "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
# ngx_brotli v?
echo " Download ngx_brotli"
git_secure_clone "https://github.com/google/ngx_brotli.git" "9aec15e2aa6feea2113119ba06460af70ab3ea62"
# ngx_brotli v1.0.0
echo " Downloading ngx_brotli"
git_secure_clone "https://github.com/google/ngx_brotli.git" "6e975bcb015f62e1f303054897783355e2a877dc"

85
src/deps/install.sh
View File

@ -17,13 +17,13 @@ function do_and_check_cmd() {
NTASK=$(nproc)
# Compile and install lua
echo " Compile and install lua-5.1.5"
# Compiling and installing lua
echo " Compiling and installing lua-5.1.5"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-5.1.5" do_and_check_cmd make -j $NTASK linux
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-5.1.5" do_and_check_cmd make INSTALL_TOP=/usr/share/bunkerweb/deps install
# Compile and install libmaxminddb
echo " Compile and install libmaxminddb"
# Compiling and installing libmaxminddb
echo " Compiling and installing libmaxminddb"
# TODO : temp fix run it twice...
cd /tmp/bunkerweb/deps/src/libmaxminddb && ./bootstrap > /dev/null 2>&1
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd ./bootstrap
@ -31,8 +31,8 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd ./configure -
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd make install
# Compile and install ModSecurity
echo " Compile and install ModSecurity"
# Compiling and installing ModSecurity
echo " Compiling and installing ModSecurity"
# temp fix : Debian run it twice
# TODO : patch it in clone.sh
cd /tmp/bunkerweb/deps/src/ModSecurity && ./build.sh > /dev/null 2>&1
@ -41,90 +41,91 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd ./configure --
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make install-strip
# Compile and install luajit2
echo " Compile and install luajit2"
# Compiling and installing luajit2
echo " Compiling and installing luajit2"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Install lua-resty-core
echo " Install openresty/lua-resty-core"
# Installing lua-resty-core
echo " Installing openresty/lua-resty-core"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-core" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Install lua-resty-lrucache
echo " Install lua-resty-lrucache"
# Installing lua-resty-lrucache
echo " Installing lua-resty-lrucache"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-lrucache" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Install lua-resty-dns
echo " Install lua-resty-dns"
# Installing lua-resty-dns
echo " Installing lua-resty-dns"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-dns" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Install lua-resty-session
echo " Install lua-resty-session"
# Installing lua-resty-session
echo " Installing lua-resty-session"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lua-resty-session/lib/resty/* /usr/share/bunkerweb/deps/lib/lua/resty
# Install lua-resty-random
echo " Install lua-resty-random"
# Installing lua-resty-random
echo " Installing lua-resty-random"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-random" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Install lua-resty-string
echo " Install lua-resty-string"
# Installing lua-resty-string
echo " Installing lua-resty-string"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-string" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Compile and install lua-cjson
echo " Compile and install lua-cjson"
# Compiling and installing lua-cjson
echo " Compiling and installing lua-cjson"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make LUA_INCLUDE_DIR=/usr/share/bunkerweb/deps/include -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_CMODULE_DIR=/usr/share/bunkerweb/deps/lib/lua LUA_MODULE_DIR=/usr/share/bunkerweb/deps/lib/lua install
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_CMODULE_DIR=/usr/share/bunkerweb/deps/lib/lua LUA_MODULE_DIR=/usr/share/bunkerweb/deps/lib/lua install-extra
# Compile and install lua-gd
echo " Compile and install lua-gd"
# Compiling and installing lua-gd
echo " Compiling and installing lua-gd"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-gd" do_and_check_cmd make "CFLAGS=-O3 -Wall -fPIC -fomit-frame-pointer -I/usr/share/bunkerweb/deps/include -DVERSION=\\\"2.0.33r3\\\"" "LFLAGS=-shared -L/usr/share/bunkerweb/deps/lib -llua -lgd -Wl,-rpath=/usr/share/bunkerweb/deps/lib" LUABIN=/usr/share/bunkerweb/deps/bin/lua -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/share/bunkerweb/deps/lib/lua install
# Download and install lua-resty-http
echo " Install lua-resty-http"
echo " Installing lua-resty-http"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-http" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Download and install lualogging
echo " Install lualogging"
echo " Installing lualogging"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lualogging/src/* /usr/share/bunkerweb/deps/lib/lua
# Compile and install luasocket
echo " Compile and install luasocket"
# Compiling and installing luasocket
echo " Compiling and installing luasocket"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasocket" do_and_check_cmd make LUAINC_linux=/usr/share/bunkerweb/deps/include -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasocket" do_and_check_cmd make prefix=/usr/share/bunkerweb/deps CDIR_linux=lib/lua LDIR_linux=lib/lua install
# Compile and install luasec
echo " Compile and install luasec"
# Compiling and installing luasec
echo " Compiling and installing luasec"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make INC_PATH=-I/usr/share/bunkerweb/deps/include linux -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make LUACPATH=/usr/share/bunkerweb/deps/lib/lua LUAPATH=/usr/share/bunkerweb/deps/lib/lua install
# Install lua-resty-ipmatcher
echo " Install lua-resty-ipmatcher"
# Installing lua-resty-ipmatcher
echo " Installing lua-resty-ipmatcher"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-ipmatcher" do_and_check_cmd make INST_PREFIX=/usr/share/bunkerweb/deps INST_LIBDIR=/usr/share/bunkerweb/deps/lib/lua INST_LUADIR=/usr/share/bunkerweb/deps/lib/lua install
# Install lua-resty-redis
echo " Install lua-resty-redis"
# Installing lua-resty-redis
echo " Installing lua-resty-redis"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-redis" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
# Install lua-resty-upload
echo " Install lua-resty-upload"
# Installing lua-resty-upload
echo " Installing lua-resty-upload"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-upload" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
# Install lujit-geoip
echo " Install luajit-geoip"
# Installing lujit-geoip
echo " Installing luajit-geoip"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/luajit-geoip/geoip /usr/share/bunkerweb/deps/lib/lua
# Install lbase64
echo " Install lbase64"
# Installing lbase64
echo " Installing lbase64"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lbase64/base64.lua /usr/share/bunkerweb/deps/lib/lua
# Compile dynamic modules
echo " Compile and install dynamic modules"
echo " Compiling and installing dynamic modules"
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt=-Wl/--with-ld-opt='-lpcre -Wl'/")"
if [ "$OS" = "fedora" ] ; then
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'//" | sed "s/--with-cc-opt='.*'//")"
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
fi
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli" >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"

8
src/deps/misc/ipmatcher.patch
View File

@ -1,11 +1,5 @@
--- ipmatcher.lua 2022-04-13 17:16:05.731322800 +0200
+++ ipmatcher.lua2 2022-04-13 17:17:15.801322800 +0200
@@ -123,7 +123,7 @@
@@ -129,3 +129,3 @@
local ngx_log = ngx.log
-local ngx_INFO = ngx.INFO
+local ngx_INFO = ngx.DEBUG
local function log_info(...)
if cur_level and ngx_INFO > cur_level then
return

8
src/deps/misc/mmdb.patch
View File

@ -1,11 +1,5 @@
--- mmdb.lua 2022-04-04 09:32:41.456286600 +0200
+++ mmdb2.lua 2022-04-04 09:33:25.016286600 +0200
@@ -166,7 +166,7 @@
MMDB_entry_data_s *const entry_data,
...);
@@ -168,3 +168,3 @@
]])
-local lib = ffi.load("libmaxminddb")
+local lib = ffi.load("/usr/share/bunkerweb/deps/lib/libmaxminddb.so")
local consume_map, consume_array
local consume_value
consume_value = function(current)

8
src/deps/misc/modsecurity-nginx.patch
View File

@ -1,11 +1,5 @@
--- ngx_http_modsecurity_log.c 2022-04-25 14:30:34.444469100 +0200
+++ ngx_http_modsecurity_log.c2 2022-04-25 14:31:25.714469100 +0200
@@ -30,7 +30,7 @@
}
msg = (const char *) data;
@@ -32,3 +32,3 @@
- ngx_log_error(NGX_LOG_INFO, (ngx_log_t *)log, 0, "%s", msg);
+ ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)log, 0, "%s", msg);
}

14
src/deps/misc/modsecurity.patch
View File

@ -1,8 +1,5 @@
--- before/configure.ac 2022-05-19 17:06:36.921274500 +0200
+++ after/configure.ac 2022-05-17 11:51:17.319667600 +0200
@@ -308,14 +308,14 @@
@@ -322,12 +322,12 @@
# Decide if we want to build the tests or not.
-buildTestUtilities=false
-if test "x$YAJL_FOUND" = "x1"; then
@ -12,10 +9,9 @@
# But we still have the unit tests.
# if test "$debugLogs" = "true"; then
- buildTestUtilities=true
+# buildTestUtilities=true
+# buildTestUtilities=true
# fi
-fi
+# fi
AM_CONDITIONAL([TEST_UTILITIES], [test $buildTestUtilities = true])

8
src/deps/src/ModSecurity-nginx/CHANGES
View File

@ -1,3 +1,11 @@
v1.0.3 - 2022-May-24
--------------------
- Support http protocol versions besides 0.9, 1.0, 1.1, 2.0
[Issue #224 - @HQuest, @martinhsv]
- Support for building with nginx configured with PCRE2
[Issue #260 - @defanator]
v1.0.2 - 2021-Jun-02
--------------------

7
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h
View File

@ -56,7 +56,7 @@
#define MODSECURITY_NGINX_MAJOR "1"
#define MODSECURITY_NGINX_MINOR "0"
#define MODSECURITY_NGINX_PATCHLEVEL "2"
#define MODSECURITY_NGINX_PATCHLEVEL "3"
#define MODSECURITY_NGINX_TAG ""
#define MODSECURITY_NGINX_TAG_NUM "100"
@ -140,8 +140,13 @@ extern ngx_module_t ngx_http_modsecurity_module;
int ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log);
ngx_http_modsecurity_ctx_t *ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p);
#if (NGX_PCRE2)
#define ngx_http_modsecurity_pcre_malloc_init(x) NULL
#define ngx_http_modsecurity_pcre_malloc_done(x) (void)x
#else
ngx_pool_t *ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool);
void ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool);
#endif
/* ngx_http_modsecurity_body_filter.c */
ngx_int_t ngx_http_modsecurity_body_filter_init(void);

2
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c
View File

@ -38,6 +38,7 @@ static void ngx_http_modsecurity_cleanup_rules(void *data);
* https://github.com/openresty/lua-nginx-module/blob/master/src/ngx_http_lua_pcrefix.c
*/
#if !(NGX_PCRE2)
static void *(*old_pcre_malloc)(size_t);
static void (*old_pcre_free)(void *ptr);
static ngx_pool_t *ngx_http_modsec_pcre_pool = NULL;
@ -103,6 +104,7 @@ ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool)
pcre_free = old_pcre_free;
}
}
#endif
/*
* ngx_string's are not null-terminated in common case, so we need to convert

10
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_rewrite.c
View File

@ -138,7 +138,15 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
break;
#endif
default :
http_version = "1.0";
http_version = ngx_str_to_char(r->http_protocol, r->pool);
if (http_version == (char*)-1) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
if ((http_version != NULL) && (strlen(http_version) > 5) && (!strncmp("HTTP/", http_version, 5))) {
http_version += 5;
} else {
http_version = "1.0";
}
break;
}

77
src/deps/src/ModSecurity/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,77 @@
name: Quality Assurance
on:
push:
pull_request:
jobs:
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
platform: [x32, x64]
compiler: [gcc, clang]
configure:
- {label: "with parser generation", opt: "--enable-parser-generation" }
- {label: "wo curl", opt: "--without-curl" }
- {label: "wo yajl", opt: "--without-yajl" }
- {label: "wo geoip", opt: "--without-geoip" }
- {label: "wo lmdb", opt: "--without-lmdb" }
- {label: "wo ssdeep", opt: "--without-ssdeep" }
- {label: "wo lua", opt: "--without-lua" }
- {label: "without maxmind", opt: "--without-maxmind" }
steps:
- name: Setup Dependencies
run: |
sudo add-apt-repository --yes ppa:maxmind/ppa
sudo apt-get update -y -qq
sudo apt-get install -y libfuzzy-dev libyajl-dev libgeoip-dev liblua5.2-dev liblmdb-dev cppcheck libmaxminddb-dev libcurl4-openssl-dev
- uses: actions/checkout@v2
with:
submodules: true
- name: build.sh
run: ./build.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }}
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `nproc`
- name: check
run: make check
- name: check-static
run: make check-static
build-macos:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-10.15]
compiler: [clang]
configure:
- {label: "with parser generation", opt: "--enable-parser-generation" }
- {label: "wo curl", opt: "--without-curl" }
- {label: "wo yajl", opt: "--without-yajl" }
- {label: "wo geoip", opt: "--without-geoip" }
- {label: "wo lmdb", opt: "--without-lmdb" }
- {label: "wo ssdeep", opt: "--without-ssdeep" }
- {label: "wo lua", opt: "--without-lua" }
- {label: "wo maxmind", opt: "--without-maxmind" }
steps:
- name: Setup Dependencies
run: |
brew install autoconf automake cppcheck lmdb libyaml lua ssdeep libmaxminddb bison
- uses: actions/checkout@v2
with:
submodules: true
- name: build.sh
run: ./build.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }}
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `sysctl -n hw.logicalcpu`
- name: check
run: make check
- name: check-static
run: make check-static

2
src/deps/src/ModSecurity/.gitmodules vendored
View File

@ -3,7 +3,7 @@
url = https://github.com/SpiderLabs/secrules-language-tests
[submodule "others/libinjection"]
path = others/libinjection
url = https://github.com/client9/libinjection.git
url = https://github.com/libinjection/libinjection.git
[submodule "bindings/python"]
path = bindings/python
url = https://github.com/SpiderLabs/ModSecurity-Python-bindings.git

60
src/deps/src/ModSecurity/.travis.yml
View File

@ -1,60 +0,0 @@
dist: trusty
sudo: true
addons:
apt:
packages:
- libfuzzy-dev
- libyajl-dev
- libgeoip-dev
- liblua5.2-dev
- liblmdb-dev
- cppcheck
language: cpp
compiler:
- clang
- gcc
os:
- linux
- osx
env:
- OPTS="--enable-parser-generation $OPTS"
- OPTS="--without-curl $OPTS"
- OPTS="--without-yajl $OPTS"
- OPTS="--without-geoip $OPTS"
- OPTS="--with-lmdb $OPTS"
- OPTS="--without-ssdeep $OPTS"
- OPTS="--without-lua $OPTS"
- OPTS="--without-maxmind $OPTS"
before_script:
- echo $TRAVIS_OS_NAME
- '[ "$TRAVIS_OS_NAME" != osx ] || brew update'
- '[ "$TRAVIS_OS_NAME" != osx ] || brew install cppcheck'
- '[ "$TRAVIS_OS_NAME" != osx ] || brew install libmaxminddb'
- '[ "$TRAVIS_OS_NAME" != osx ] || brew install lmdb'
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo add-apt-repository --yes ppa:maxmind/ppa'
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-get update'
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-cache search maxmind'
- '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-get install -y libmaxminddb-dev'
script:
- ./build.sh
- ./configure $OPTS
- make parser
- make
#
# Temporarily disabled.
# - make -j$(getconf _NPROCESSORS_ONLN)
# Leading build to crash with parser enabled.
# Not sure why.
#
- make check
- make check-static

125
src/deps/src/ModSecurity/CHANGES
View File

@ -1,3 +1,128 @@
v3.x.y - YYYY-MMM-DD (to be released)
-------------------------------------
- Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
[Issue #2806 - @hughmcmaster]
- During configure, do not check for pcre if pcre2 specified
[Issue #2750 - @dvershinin, @martinhsv]
- Use pkg-config to find libxml2 first
[Issue #2714 - @hughmcmaster]
- Fix two rule-reload memory leak issues
[Issue #2801 - @Abce, @martinhsv]
- Correct whitespace handling for Include directive
[Issue #2800 - @877509395, @martinhsv]
v3.0.8 - 2022-Sep-07
--------------------
- Adjust parser activation rules in modsecurity.conf-recommended
[Issue #2796 - @terjanq, @martinhsv]
- Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
[Issue #2795 - @terjanq, @martinhsv]
- Prevent LMDB related segfault
[Issue #2755, #2761 - @dvershinin]
- Fix msc_transaction_cleanup function comment typo
[Issue #2788 - @lookat23]
- Fix: MULTIPART_INVALID_PART connected to wrong internal variable
[Issue #2785 - @martinhsv]
- Restore Unique_id to include random portion after timestamp
[Issue #2752, #2758 - @datkps11, @martinhsv]
v3.0.7 - 2022-May-30
--------------------
- Move PCRE2 match block from member variable
[@martinhsv]
- Add SecArgumentsLimit, 200007 to modsecurity.conf-recommended
[Issue #2738 - @jleproust, @martinhsv]
- Fix memory leak when concurrent log includes REMOTE_USER
[Issue #2727 - @liudongmiao]
- Fix LMDB initialization issues
[Issue #2688 - @ziollek, @martinhsv]
- Fix initcol error message wording
[Issue #2732 - @877509395, @martinhsv]
- Tolerate other parameters after boundary in multipart C-T
[Issue #1900 - @martinhsv]
- Add DebugLog message for bad pattern in rx operator
[Issue #2723 - @martinhsv]
- Support PCRE2
[Issue #2668 - @martinhsv]
- Support SecRequestBodyNoFilesLimit
[Issue #2670 - @airween, @martinhsv]
- Fix misuses of LMDB API
[Issue #2601, #2602 - @hyc]
- Fix duplication typo in code comment
[Issue #2677 - @gleydsonsoares]
- Add ctl:auditEngine action support
[Issue #2606 - @alekravch, @martinhsv]
- Fix multiMatch msg, etc, population in audit log
[Issue #2573 - @Sachin-M-Desai, @martinhsv]
- Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.
[Issue #2627, #2648 - @lontchianicet, @victorserbu2709, @martinhsv]
- Adjust confusing variable name in setRequestBody method
[Issue #2635 - @Mesar-Ali, @martinhsv]
- Multipart names/filenames may include single quote if double-quote enclosed
[Issue #2352 - @martinhsv]
- Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
[Issue #2647 - @theMiddleBlue, @airween, @877509395 ,@martinhsv]
v3.0.6 - 2021-Nov-19
-------------------------------------
- Support configurable limit on depth of JSON parsing
[@theMiddleBlue, @martinhsv]
v3.0.5 - 2021-Jul-07
--------------------
- Handle URI received with uri-fragment
[@martinhsv]
- Having ARGS_NAMES, variables proxied
[@zimmerle, @martinhsv, @KaNikita]
- Use explicit path for cross-compile environments.
[Issue #2485 - @dtoubelis]
- Fix: FILES variable does not use multipart part name for key
[Issue #2377 - @martinhsv]
- Replaces put with setenv in SetEnv action
[Issue #2469 - @martinhsv, @WGH-, @zimmerle]
- Regression: Mark the test as failed in case of segfault.
[@zimmerle]
- Regex key selection should not be case-sensitive
[Issue #2296, #2107, #2297 - @michaelgranzow-avi, @victorhora,
@airween, @martinhsv, @zimmerle]
- Fix: Only delete Multipart tmp files after rules have run
[Issue #2427 - @martinhsv]
- Fixed MatchedVar on chained rules
[Issue #2423, #2435, #2436 - @michaelgranzow-avi]
- Add support for new operator rxGlobal
[@martinhsv]
- Fix maxminddb link on FreeBSD
[Issue #2131 - @granalberto, @zimmerle]
- Fix IP address logging in Section A
[Issue #2300 - @inaratech, @zavazingo, @martinhsv]
- Adds support to lua 5.4
[@zimmerle]
- GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
[Issues #2378, #2186 - @defanator]
- rx: exit after full match (remove /g emulation); ensure capture
groups occuring after unused groups still populate TX vars
[Issue #2336 - @martinhsv]
- Correct CHANGES file entry for #2234
- Add support to test framework for audit log content verification
and add regression tests for issues #2000, #2196
- Support configurable limit on number of arguments processed
[Issue #2234 - @jleproust, @martinhsv]
- Multipart Content-Dispostion should allow field: filename*=
[@martinhsv]
- Fix rule-update-target for non-regex
[Issue 2251 - @martinhsv]
- Fix configure script when packaging for Buildroot
[Issue 2235 - @frankvanbever]
- modsecurity.pc.in: add Libs.private
[Issue #1918, #2253 - @ffontaine, @Dridi, @victorhora]
v3.0.4 - 2020-Jan-13
--------------------

22
src/deps/src/ModSecurity/Makefile.am
View File

@ -56,13 +56,17 @@ parser:
cppcheck:
@cppcheck \
@cppcheck -U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \
-D MS_CPPCHECK_DISABLED_FOR_PARSER -U YY_USER_INIT \
--suppressions-list=./test/cppcheck_suppressions.txt \
--enable=all \
--enable=warning,style,performance,portability,unusedFunction,missingInclude \
--inconclusive \
--template="warning: {file},{line},{severity},{id},{message}" \
--std=posix . 2> cppcheck.txt
cat cppcheck.txt | grep -v "/ lalr1.cc"
-I headers -I . -I others -I src -I others/mbedtls -I src/parser \
--error-exitcode=1 \
-i "src/parser/seclang-parser.cc" -i "src/parser/seclang-scanner.cc" \
--force --verbose .
check-static: cppcheck
@ -92,6 +96,7 @@ TESTS+=test/test-cases/regression/action-ctl_request_body_access.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json
TESTS+=test/test-cases/regression/action-ctl_rule_engine.json
TESTS+=test/test-cases/regression/action-ctl_audit_engine.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
@ -151,7 +156,12 @@ TESTS+=test/test-cases/regression/issue-1943.json
TESTS+=test/test-cases/regression/issue-1956.json
TESTS+=test/test-cases/regression/issue-1960.json
TESTS+=test/test-cases/regression/issue-2099.json
TESTS+=test/test-cases/regression/issue-2000.json
TESTS+=test/test-cases/regression/issue-2111.json
TESTS+=test/test-cases/regression/issue-2196.json
TESTS+=test/test-cases/regression/issue-2423-msg-in-chain.json
TESTS+=test/test-cases/regression/issue-2427.json
TESTS+=test/test-cases/regression/issue-2296.json
TESTS+=test/test-cases/regression/issue-394.json
TESTS+=test/test-cases/regression/issue-849.json
TESTS+=test/test-cases/regression/issue-960.json
@ -165,6 +175,7 @@ TESTS+=test/test-cases/regression/operator-inpectFile.json
TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json
TESTS+=test/test-cases/regression/operator-pm.json
TESTS+=test/test-cases/regression/operator-rx.json
TESTS+=test/test-cases/regression/operator-rxGlobal.json
TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json
TESTS+=test/test-cases/regression/operator-validate-byte-range.json
TESTS+=test/test-cases/regression/operator-verifycc.json
@ -180,6 +191,7 @@ TESTS+=test/test-cases/regression/rule-920120.json
TESTS+=test/test-cases/regression/rule-920200.json
TESTS+=test/test-cases/regression/rule-920274.json
TESTS+=test/test-cases/regression/secaction.json
TESTS+=test/test-cases/regression/secargumentslimit.json
TESTS+=test/test-cases/regression/sec_component_signature.json
TESTS+=test/test-cases/regression/secmarker.json
TESTS+=test/test-cases/regression/secruleengine.json
@ -213,6 +225,7 @@ TESTS+=test/test-cases/regression/variable-MULTIPART_CRLF_LF_LINES.json
TESTS+=test/test-cases/regression/variable-MULTIPART_FILENAME.json
TESTS+=test/test-cases/regression/variable-MULTIPART_INVALID_HEADER_FOLDING.json
TESTS+=test/test-cases/regression/variable-MULTIPART_NAME.json
TESTS+=test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json
TESTS+=test/test-cases/regression/variable-MULTIPART_STRICT_ERROR.json
TESTS+=test/test-cases/regression/variable-MULTIPART_UNMATCHED_BOUNDARY.json
TESTS+=test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json
@ -283,6 +296,7 @@ TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json
TESTS+=test/test-cases/secrules-language-tests/operators/pm.json
TESTS+=test/test-cases/secrules-language-tests/operators/rx.json
TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json
TESTS+=test/test-cases/secrules-language-tests/operators/streq.json
TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json

31
src/deps/src/ModSecurity/README.md
View File

@ -1,8 +1,7 @@
<img src="https://github.com/SpiderLabs/ModSecurity/raw/v3/master/others/modsec.png" width="50%">
[![Build Status](https://travis-ci.org/SpiderLabs/ModSecurity.svg?branch=v3/master)](https://travis-ci.org/SpiderLabs/ModSecurity)
[![](https://raw.githubusercontent.com/ZenHubIO/support/master/zenhub-badge.png)](https://zenhub.com)
![Quality Assurance](https://github.com/SpiderLabs/ModSecurity/workflows/Quality%20Assurance/badge.svg)
[![Build Status](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=alert_status)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
[![](https://sonarcloud.io/api/project_badges/measure?project=USHvY32Uy62L&metric=sqale_rating
)](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
@ -21,26 +20,26 @@ and applying traditional ModSecurity processing. In general, it provides the
capability to load/interpret rules written in the ModSecurity SecRules format
and apply them to HTTP content provided by your application via Connectors.
If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenence and available:
If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenance and available:
[here](https://github.com/SpiderLabs/ModSecurity/tree/v2/master).
### What is the difference between this project and the old ModSecurity (v2.x.x)?
* All Apache dependences have been removed
* All Apache dependencies have been removed
* Higher performance
* New features
* New architecture
Libmodsecurity is a complete rewrite of the ModSecurity platform. When it was first devised the ModSecurity project started as just an Apache module. Over time the project has been extended, due to popular demand, to support other platforms including (but not limited to) Nginx and IIS. In order to provide for the growing demand for additional platform support, it has became necessary to remove the Apache dependencies underlying this project, making it more platform independent.
As a result of this goal we have rearchitechted Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opprotunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to nativly support auditlogs in the JSON format, along with a host of other functionality in future versions.
As a result of this goal we have rearchitected Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opportunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to natively support auditlogs in the JSON format, along with a host of other functionality in future versions.
### It is no longer just a module.
The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it undersands. Each of these connectors is maintained as a seperate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
Keeping these connectors seperated allows each project to be have different release cycles, issues and development trees. Addtionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
Keeping these connectors separated allows each project to have different release cycles, issues and development trees. Additionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
# Compilation
@ -78,7 +77,7 @@ Windows build is not ready yet.
## Dependencies
This library is written in C++ using the C++11 standards. It also uses Flex
and Yacc to produce the “Sec Rules Language” parser. Other, manditory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet manditory) for processing regular expressions in SecRules, and libXML2 (not yet manditory) which is used for parsing XML requests.
and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests.
All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows:
@ -97,7 +96,7 @@ The library provides a C++ and C interface. Some resources are currently only
available via the C++ interface, for instance, the capability to create custom logging
mechanism (see the regression test to check for how those logging mechanism works).
The objective is to have both APIs (C, C++) providing the same functionality,
if you find an aspect of the API that is missing via a perticular interface, please open an issue.
if you find an aspect of the API that is missing via a particular interface, please open an issue.
Inside the subfolder examples, there are simple examples on how to use the API.
Below some are illustrated:
@ -168,7 +167,7 @@ are willing to help with.
## Providing patches
We prefer to have your patch within the GtiHub infrastructure to facilitate our
We prefer to have your patch within the GitHub infrastructure to facilitate our
review work, and our Q.A. integration. GitHub provides excellent
documentation on how to perform “Pull Requests”, more information available
here: https://help.github.com/articles/using-pull-requests/
@ -199,7 +198,7 @@ A TODO list is also available as part of the Doxygen documentation.
Along with the manual testing, we strongly recommend you to use the our
regression tests and unit tests. If you have implemented an operator, dont
forget to create unit tests for it. If you impliment anything else, it is encouraged that you develop complimentary regression tests for it.
forget to create unit tests for it. If you implement anything else, it is encouraged that you develop complimentary regression tests for it.
The regression test and unit test utilities are native and do not demand any
external tool or script, although you need to fetch the test cases from other
@ -222,7 +221,7 @@ Before start the debugging process, make sure of where your bug is. The problem
could be on your connector or in libmodsecurity. In order to identify where the
bug is, it is recommended that you develop a regression test that mimics the
scenario where the bug is happening. If the bug is reproducible with the
regression-test utility, then it will be far simpliar to debug and ensure that it never occurs again. On Linux it is
regression-test utility, then it will be far simpler to debug and ensure that it never occurs again. On Linux it is
recommended that anyone undertaking debugging utilize gdb and/or valgrind as needed.
During the configuration/compilation time, you may want to disable the compiler
@ -263,15 +262,15 @@ new issue, please check if there is one already opened on the same topic.
## Bindings
The libModSecurity design allows the integration with bindings. There is an effort to avoid brake the API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
* Python - https://github.com/actions-security/pymodsecurity
* Varnish - https://github.com/xdecock/vmod-modsecurity
## Packing
## Packaging
Having our packages in distros on time is a desire that we have, so let us know
if there is anything we can do to facilitate your work as a packager.
## Sponsor Note
Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/

9
src/deps/src/ModSecurity/SECURITY.md Normal file
View File

@ -0,0 +1,9 @@
# Security Policy
## Supported Versions
The latest versions of both v2.9.x and v3.0.x are supported.
## Reporting a Vulnerability
For information on how to report a security issue, please see https://github.com/SpiderLabs/ModSecurity#security-issue

2
src/deps/src/ModSecurity/build/curl.m4
View File

@ -17,7 +17,7 @@ AC_DEFUN([CHECK_CURL], [
AC_ARG_WITH(
curl,
[AC_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
[AS_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
[test_paths="${with_curl}"],
[test_paths="/usr/local/libcurl /usr/local/curl /usr/local /opt/libcurl /opt/curl /opt /usr"])

5
src/deps/src/ModSecurity/build/libgeoip.m4
View File

@ -9,11 +9,6 @@ dnl GEOIP_VERSION
AC_DEFUN([PROG_GEOIP], [
# Needed if pkg-config will be used.
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# Possible names for the geoip library/package (pkg-config)
GEOIP_POSSIBLE_LIB_NAMES="geoip2 geoip GeoIP"

7
src/deps/src/ModSecurity/build/libmaxmind.m4
View File

@ -9,13 +9,8 @@ dnl MAXMIND_VERSION
AC_DEFUN([PROG_MAXMIND], [
# Needed if pkg-config will be used.
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# Possible names for the maxmind library/package (pkg-config)
MAXMIND_POSSIBLE_LIB_NAMES="libmaxminddb maxminddb maxmind"
MAXMIND_POSSIBLE_LIB_NAMES="maxminddb maxmind"
# Possible extensions for the library
MAXMIND_POSSIBLE_EXTENSIONS="so la sl dll dylib"

58
src/deps/src/ModSecurity/build/libxml.m4
View File

@ -4,20 +4,7 @@ dnl Sets:
dnl LIBXML2_CFLAGS
dnl LIBXML2_LIBS
LIBXML2_CONFIG=""
LIBXML2_VERSION=""
LIBXML2_CFLAGS=""
LIBXML2_CPPFLAGS=""
LIBXML2_LDADD=""
LIBXML2_LDFLAGS=""
AC_DEFUN([CHECK_LIBXML2], [
AC_ARG_WITH(
libxml,
[AC_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
[test_paths="${with_libxml}"],
[test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
AC_DEFUN([CHECK_XML2CONFIG], [
AC_MSG_CHECKING([for libxml2 config script])
@ -58,19 +45,56 @@ if test -n "${libxml2_path}"; then
LIBXML2_LDADD="`${LIBXML2_CONFIG} --libs`"
if test ! -z "${LIBXML2_LDADD}"; then AC_MSG_NOTICE(xml LDADD: $LIBXML2_LDADD); fi
AC_MSG_CHECKING([if libxml2 is at least v2.6.29])
libxml2_min_ver=`echo 2.6.29 | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
AC_MSG_CHECKING([if libxml2 is at least v${LIBXML2_MIN_VERSION}])
libxml2_min_ver=`echo ${LIBXML2_MIN_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
libxml2_ver=`echo ${LIBXML2_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
if test "$libxml2_ver" -ge "$libxml2_min_ver"; then
AC_MSG_RESULT([yes, $LIBXML2_VERSION])
else
AC_MSG_RESULT([no, $LIBXML2_VERSION])
AC_MSG_ERROR([NOTE: libxml2 library must be at least 2.6.29])
AC_MSG_ERROR([NOTE: libxml2 library must be at least ${LIBXML2_MIN_VERSION}])
fi
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_LIBXML2], [
AC_ARG_WITH(
libxml,
[AS_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
[test_paths="${with_libxml}"],
[test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
LIBXML2_MIN_VERSION="2.6.29"
LIBXML2_PKG_NAME="libxml-2.0"
LIBXML2_CONFIG=""
LIBXML2_VERSION=""
LIBXML2_CFLAGS=""
LIBXML2_CPPFLAGS=""
LIBXML2_LDADD=""
LIBXML2_LDFLAGS=""
if test "x${with_libxml}" != "xno"; then
if test -n "${PKG_CONFIG}"; then
AC_MSG_CHECKING([for libxml2 >= ${LIBXML2_MIN_VERSION} via pkg-config])
if `${PKG_CONFIG} --exists "${LIBXML2_PKG_NAME} >= ${LIBXML2_MIN_VERSION}"`; then
LIBXML2_VERSION="`${PKG_CONFIG} --modversion ${LIBXML2_PKG_NAME}`"
LIBXML2_CFLAGS="`${PKG_CONFIG} --cflags ${LIBXML2_PKG_NAME}` -DWITH_LIBXML2"
LIBXML2_LDADD="`${PKG_CONFIG} --libs-only-l ${LIBXML2_PKG_NAME}`"
LIBXML2_LDFLAGS="`${PKG_CONFIG} --libs-only-L --libs-only-other ${LIBXML2_PKG_NAME}`"
AC_MSG_RESULT([found version ${LIBXML2_VERSION}])
else
AC_MSG_RESULT([not found])
fi
fi
if test -z "${LIBXML2_VERSION}"; then
CHECK_XML2CONFIG
fi
fi
AC_SUBST(LIBXML2_CONFIG)
AC_SUBST(LIBXML2_VERSION)

9
src/deps/src/ModSecurity/build/lmdb.m4
View File

@ -3,10 +3,6 @@ dnl CHECK_LMDB(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_LMDB], [
# Needed if pkg-config will be used.LMDB
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# Possible names for the lmdb library/package (pkg-config)
LMDB_POSSIBLE_LIB_NAMES="lmdb"
@ -25,10 +21,7 @@ LMDB_LDFLAGS=""
AC_ARG_WITH(
lmdb,
AC_HELP_STRING(
[--with-lmdb=PATH],
[Path to lmdb prefix or config script]
)
[AS_HELP_STRING([--with-lmdb=PATH],[Path to lmdb prefix or config script])]
)
if test "x${with_lmdb}" == "xno"; then

31
src/deps/src/ModSecurity/build/lua.m4
View File

@ -6,13 +6,13 @@ AC_DEFUN([CHECK_LUA],
[dnl
# Possible names for the lua library/package (pkg-config)
LUA_POSSIBLE_LIB_NAMES="luajit luajit-5.1 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
LUA_POSSIBLE_LIB_NAMES="lua54 lua5.4 lua-5.4 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
# Possible extensions for the library
LUA_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
LUA_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local"
LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local /usr/lib/lua5.3/liblua /usr/lib/lua5.2/liblua"
# Variables to be set by this very own script.
LUA_CFLAGS=""
@ -22,10 +22,7 @@ LUA_DISPLAY=""
AC_ARG_WITH(
lua,
AC_HELP_STRING(
[--with-lua=PATH],
[Path to lua prefix]
)
[AS_HELP_STRING([--with-lua=PATH],[Path to lua prefix])]
)
@ -68,6 +65,8 @@ else
case $LUA_PKG_VERSION in
(5.1*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(5.2*) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
(5.3*) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
(5.4*) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
(2.0*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(2.1*) LUA_CFLAGS="-DWITH_LUA_5_1 -DWITH_LUA_JIT_2_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
esac
@ -162,6 +161,9 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
lua_inc_path="${path}"
elif test -e "${path}/include/lua/lua.h"; then
lua_inc_path="${path}/include/lua"
elif test -e "${path}/include/lua5.4/lua.h"; then
lua_inc_path="${path}/include/lua5.4"
LUA_VERSION=504
elif test -e "${path}/include/lua5.3/lua.h"; then
lua_inc_path="${path}/include/lua5.3"
LUA_VERSION=503
@ -207,6 +209,14 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
#endif ],
[ LUA_VERSION=502 ], [ lua_5_2=0 ]
)
AC_TRY_COMPILE([ #include <lua.h> ],
[ #if (LUA_VERSION_NUM == 504)
return 0;
#else
#error Lua 5.4 not detected
#endif ],
[ LUA_VERSION=504 ], [ lua_5_4=0 ]
)
if test -z "${LUA_VERSION}" ; then
# As a last resort, try to find LUA version from $lua_inc_path
@ -214,8 +224,9 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
do
case "$line" in
(\#define\ LUA_VERSION_NUM*501*) LUA_VERSION=501 ;;
(\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=501 ;;
(\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503
(\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=502 ;;
(\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503 ;;
(\#define\ LUA_VERSION_NUM*504*) LUA_VERSION=504
esac
done <"${lua_inc_path}/lua.h"
AC_MSG_NOTICE([LUA_VERSION is ${LUA_VERSION} found at: ${lua_inc_path}])
@ -226,6 +237,8 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
case $LUA_VERSION in
(501) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(502) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
(503) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
(504) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
esac
fi

156
src/deps/src/ModSecurity/build/pcre.m4
View File

@ -17,93 +17,97 @@ AC_DEFUN([CHECK_PCRE],
AC_ARG_WITH(
pcre,
[AC_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
[AS_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
[test_paths="${with_pcre}"],
[test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"])
AC_MSG_CHECKING([for libpcre config script])
if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then
AC_MSG_NOTICE([pcre2 specified; omitting check for pcre])
else
for x in ${test_paths}; do
dnl # Determine if the script was specified and use it directly
if test ! -d "$x" -a -e "$x"; then
PCRE_CONFIG=$x
pcre_path="no"
break
fi
AC_MSG_CHECKING([for libpcre config script])
dnl # Try known config script names/locations
for PCRE_CONFIG in pcre-config; do
if test -e "${x}/bin/${PCRE_CONFIG}"; then
pcre_path="${x}/bin"
for x in ${test_paths}; do
dnl # Determine if the script was specified and use it directly
if test ! -d "$x" -a -e "$x"; then
PCRE_CONFIG=$x
pcre_path="no"
break
elif test -e "${x}/${PCRE_CONFIG}"; then
pcre_path="${x}"
fi
dnl # Try known config script names/locations
for PCRE_CONFIG in pcre-config; do
if test -e "${x}/bin/${PCRE_CONFIG}"; then
pcre_path="${x}/bin"
break
elif test -e "${x}/${PCRE_CONFIG}"; then
pcre_path="${x}"
break
else
pcre_path=""
fi
done
if test -n "$pcre_path"; then
break
else
pcre_path=""
fi
done
if test -n "$pcre_path"; then
break
fi
done
if test -n "${pcre_path}"; then
if test "${pcre_path}" != "no"; then
PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
fi
AC_MSG_RESULT([${PCRE_CONFIG}])
PCRE_VERSION="`${PCRE_CONFIG} --version`"
if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
PCRE_LDADD="`${PCRE_CONFIG} --libs`"
if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
else
AC_MSG_RESULT([no])
fi
if test -n "${PCRE_VERSION}"; then
AC_MSG_CHECKING(for PCRE JIT)
save_CFLAGS=$CFLAGS
save_LDFLAGS=$LDFLAGS
CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
LDFLAGS="${LDFLAGS} ${PCRE_LDADD}"
AC_TRY_COMPILE([ #include <stdio.h>
#include <pcre.h> ],
[ int jit = 0;
pcre_free_study(NULL);
pcre_config(PCRE_CONFIG_JIT, &jit);
if (jit != 1) return 1; ],
[ pcre_jit_available=yes ], [:]
)
if test "x$pcre_jit_available" = "xyes"; then
AC_MSG_RESULT(yes)
PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
if test -n "${pcre_path}"; then
if test "${pcre_path}" != "no"; then
PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
fi
AC_MSG_RESULT([${PCRE_CONFIG}])
PCRE_VERSION="`${PCRE_CONFIG} --version`"
if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
PCRE_LDADD="`${PCRE_CONFIG} --libs`"
if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
else
AC_MSG_RESULT(no)
AC_MSG_RESULT([no])
fi
CFLAGS=$save_CFLAGS
LDFLAGS=$save_$LDFLAGS
if test -n "${PCRE_VERSION}"; then
AC_MSG_CHECKING(for PCRE JIT)
save_CFLAGS=$CFLAGS
save_LDFLAGS=$LDFLAGS
save_LIBS=$LIBS
CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
LDFLAGS="${PCRE_LDADD} ${LDFLAGS}"
LIBS="${PCRE_LDADD} ${LIBS}"
AC_TRY_LINK([ #include <pcre.h> ],
[ pcre_jit_exec(NULL, NULL, NULL, 0, 0, 0, NULL, 0, NULL); ],
[ pcre_jit_available=yes ], [:]
)
if test "x$pcre_jit_available" = "xyes"; then
AC_MSG_RESULT(yes)
PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
else
AC_MSG_RESULT(no)
fi
CFLAGS=$save_CFLAGS
LDFLAGS=$save_LDFLAGS
LIBS=$save_LIBS
fi
AC_SUBST(PCRE_CONFIG)
AC_SUBST(PCRE_VERSION)
AC_SUBST(PCRE_CPPFLAGS)
AC_SUBST(PCRE_CFLAGS)
AC_SUBST(PCRE_LDFLAGS)
AC_SUBST(PCRE_LDADD)
AC_SUBST(PCRE_LD_PATH)
if test -z "${PCRE_VERSION}"; then
AC_MSG_NOTICE([*** pcre library not found.])
ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
else
AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
ifelse([$1], , , $1)
PCRE_LDADD="${PCRE_LDADD} -lpcre"
fi
fi
AC_SUBST(PCRE_CONFIG)
AC_SUBST(PCRE_VERSION)
AC_SUBST(PCRE_CPPFLAGS)
AC_SUBST(PCRE_CFLAGS)
AC_SUBST(PCRE_LDFLAGS)
AC_SUBST(PCRE_LDADD)
AC_SUBST(PCRE_LD_PATH)
if test -z "${PCRE_VERSION}"; then
AC_MSG_NOTICE([*** pcre library not found.])
ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
else
AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
ifelse([$1], , , $1)
PCRE_LDADD="${PCRE_LDADD} -lpcre"
fi
])

180
src/deps/src/ModSecurity/build/pcre2.m4 Normal file
View File

@ -0,0 +1,180 @@
dnl Check for PCRE2 Libraries
dnl CHECK_PCRE2(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_PCRE2], [
# Possible names for the pcre2 library/package (pkg-config)
PCRE2_POSSIBLE_LIB_NAMES="pcre2 pcre2-8"
# Possible extensions for the library
PCRE2_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
PCRE2_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/libpcre2-8 /usr/local/pcre2 /usr/local /opt/libpcre2-8 /opt/pcre2 /opt /usr /usr/lib64 /opt/local"
# Variables to be set by this very own script.
PCRE2_VERSION=""
PCRE2_CFLAGS=""
PCRE2_CPPFLAGS=""
PCRE2_LDADD=""
PCRE2_LDFLAGS=""
AC_ARG_WITH(
pcre2,
[AS_HELP_STRING([--with-pcre2=PATH],[Path to pcre2 prefix or config script])]
)
if test "x${with_pcre2}" == "xno"; then
AC_DEFINE(HAVE_PCRE2, 0, [Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
PCRE2_DISABLED=yes
else
if test "x${with_pcre2}" == "xyes"; then
PCRE2_MANDATORY=yes
AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
fi
# for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_PCRE2_AT(${x})
# if test -n "${PCRE2_VERSION}"; then
# break
# fi
# done
# if test "x${with_pcre2}" != "xyes" or test "x${with_pcre2}" == "xyes"; then
if test "x${with_pcre2}" == "x" || test "x${with_pcre2}" == "xyes"; then
# Nothing about PCRE2 was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
PCRE2_PKG_NAME=""
for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
PCRE2_PKG_NAME="$x"
break
fi
done
fi
AC_MSG_NOTICE([Nothing about PCRE2 was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${PCRE2_PKG_NAME}"; then
# Package was found using the pkg-config scripts
PCRE2_VERSION="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --modversion`"
PCRE2_CFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --cflags`"
PCRE2_LDADD="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-l`"
PCRE2_LDFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-L --libs-only-other`"
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${PCRE2_POSSIBLE_PATHS}; do
CHECK_FOR_PCRE2_AT(${x})
if test -n "${PCRE2_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_pcre2}" != "x"; then
# An specific path was informed, lets check.
PCRE2_MANDATORY=yes
CHECK_FOR_PCRE2_AT(${with_pcre2})
fi
# fi
fi
if test -z "${PCRE2_LDADD}"; then
if test -z "${PCRE2_MANDATORY}"; then
if test -z "${PCRE2_DISABLED}"; then
AC_MSG_NOTICE([PCRE2 library was not found])
PCRE2_FOUND=0
else
PCRE2_FOUND=2
fi
else
AC_MSG_ERROR([PCRE2 was explicitly referenced but it was not found])
PCRE2_FOUND=-1
fi
else
if test -z "${PCRE2_MANDATORY}"; then
PCRE2_FOUND=2
AC_MSG_NOTICE([PCRE2 is disabled by default.])
else
PCRE2_FOUND=1
AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}])
PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}"
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
AC_SUBST(PCRE2_VERSION)
AC_SUBST(PCRE2_LDADD)
AC_SUBST(PCRE2_LIBS)
AC_SUBST(PCRE2_LDFLAGS)
AC_SUBST(PCRE2_CFLAGS)
AC_SUBST(PCRE2_DISPLAY)
fi
fi
AC_SUBST(PCRE2_FOUND)
]) # AC_DEFUN [PROG_PCRE2]
AC_DEFUN([CHECK_FOR_PCRE2_AT], [
path=$1
echo "*** LOOKING AT PATH: " ${path}
for y in ${PCRE2_POSSIBLE_EXTENSIONS}; do
for z in ${PCRE2_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
pcre2_lib_path="${path}/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
pcre2_lib_path="${path}/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
pcre2_lib_path="${path}/lib/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
pcre2_lib_path="${path}/lib/x86_64-linux-gnu/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
pcre2_lib_path="${path}/lib/i386-linux-gnu/"
pcre2_lib_name="${z}"
pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$pcre2_lib_path"; then
break
fi
done
if test -e "${path}/include/pcre2.h"; then
pcre2_inc_path="${path}/include"
elif test -e "${path}/pcre2.h"; then
pcre2_inc_path="${path}"
elif test -e "${path}/include/pcre2/pcre2.h"; then
pcre2_inc_path="${path}/include"
fi
if test -n "${pcre2_lib_path}"; then
AC_MSG_NOTICE([PCRE2 library found at: ${pcre2_lib_file}])
fi
if test -n "${pcre2_inc_path}"; then
AC_MSG_NOTICE([PCRE2 headers found at: ${pcre2_inc_path}])
fi
if test -n "${pcre2_lib_path}" -a -n "${pcre2_inc_path}"; then
# TODO: Compile a piece of code to check the version.
PCRE2_CFLAGS="-I${pcre2_inc_path}"
PCRE2_LDADD="-l${pcre2_lib_name}"
PCRE2_LDFLAGS="-L${pcre2_lib_path}"
PCRE2_DISPLAY="${pcre2_lib_file}, ${pcre2_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_PCRE2_AT]

5
src/deps/src/ModSecurity/build/ssdeep.m4
View File

@ -22,10 +22,7 @@ SSDEEP_DISPLAY=""
AC_ARG_WITH(
ssdeep,
AC_HELP_STRING(
[--with-ssdeep=PATH],
[Path to ssdeep prefix]
)
[AS_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])]
)

19
src/deps/src/ModSecurity/build/yajl.m4
View File

@ -3,10 +3,6 @@ dnl CHECK_YAJL(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_YAJL], [
# Needed if pkg-config will be used.
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# Possible names for the yajl library/package (pkg-config)
YAJL_POSSIBLE_LIB_NAMES="yajl2 yajl"
@ -25,20 +21,17 @@ YAJL_LDFLAGS=""
AC_ARG_WITH(
yajl,
AC_HELP_STRING(
[--with-yajl=PATH],
[Path to yajl prefix or config script]
)
[AS_HELP_STRING([--with-yajl=PATH],[Path to yajl prefix or config script])]
)
if test "x${with_yajl}" == "xno"; then
AC_DEFINE(HAVE_GEOIP, 0, [Support for GeoIP was disabled by the utilization of --without-yajl or --with-yajl=no])
AC_MSG_NOTICE([Support for GeoIP was disabled by the utilization of --without-yajl or --with-yajl=no])
AC_DEFINE(HAVE_YAJL, 0, [Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
AC_MSG_NOTICE([Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
YAJL_DISABLED=yes
else
if test "x${with_yajl}" == "xyes"; then
YAJL_MANDATORY=yes
AC_MSG_NOTICE([GeoIP support was marked as mandatory by the utilization of --with-yajl=yes])
AC_MSG_NOTICE([YAJL support was marked as mandatory by the utilization of --with-yajl=yes])
fi
# for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_YAJL_AT(${x})
@ -49,7 +42,7 @@ else
# if test "x${with_yajl}" != "xyes" or test "x${with_yajl}" == "xyes"; then
if test "x${with_yajl}" == "x" || test "x${with_yajl}" == "xyes"; then
# Nothing about GeoIP was informed, using the pkg-config to figure things out.
# Nothing about YAJL was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
YAJL_PKG_NAME=""
for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
@ -59,7 +52,7 @@ else
fi
done
fi
AC_MSG_NOTICE([Nothing about GeoIP was informed during the configure phase. Trying to detect it on the platform...])
AC_MSG_NOTICE([Nothing about YAJL was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${YAJL_PKG_NAME}"; then
# Package was found using the pkg-config scripts
YAJL_VERSION="`${PKG_CONFIG} ${YAJL_PKG_NAME} --modversion`"

48
src/deps/src/ModSecurity/configure.ac
View File

@ -49,13 +49,14 @@ AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
AC_PROG_CXX
AM_PROG_AR
AC_PROG_MAKE_SET
PKG_PROG_PKG_CONFIG
# Check if the compiler is c++11 compatible.
# AX_CXX_COMPILE_STDCXX_11(,mandatory)
# Check for libinjection
if ! test -f "others/libinjection/src/libinjection_html5.c"; then
if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then
AC_MSG_ERROR([\
@ -128,6 +129,13 @@ CHECK_LIBXML2
CHECK_PCRE
#
# Check for pcre2
#
PROG_PCRE2
AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([string])
@ -157,7 +165,7 @@ case $host in
AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
PLATFORM="MacOSX"
;;
*-*-linux*)
*-*-linux* | *-*uclinux*)
echo "Checking platform... Identified as Linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
PLATFORM="Linux"
@ -187,6 +195,11 @@ case $host in
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
PLATFORM="kFreeBSD"
;;
*-*-dragonfly*)
echo "Checking platform... Identified as DragonFlyBSD, treating as linux"
AC_DEFINE([DRAGONFLY], [1], [Define if the operating system is DRAGONFLY])
PLATFORM="DragonFly"
;;
*-*-gnu*.*)
echo "Checking platform... Identified as HURD, treating as linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
@ -194,7 +207,7 @@ case $host in
;;
*)
echo "Unknown CANONICAL_HOST $host"
exit
exit 1
;;
esac
@ -216,7 +229,7 @@ AC_SUBST([MSC_GIT_VERSION])
AC_ARG_ENABLE(debug-logs,
[AC_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
[case "${enableval}" in
yes) debugLogs=true ;;
@ -234,7 +247,7 @@ fi
# Fuzzer
AC_ARG_ENABLE(afl-fuzz,
[AC_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
[AS_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
[case "${enableval}" in
yes) aflFuzzer=true ;;
@ -247,7 +260,7 @@ AC_ARG_ENABLE(afl-fuzz,
# Examples
AC_ARG_ENABLE(examples,
[AC_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
[AS_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
[case "${enableval}" in
yes) buildExamples=true ;;
@ -260,7 +273,7 @@ AC_ARG_ENABLE(examples,
# Parser
AC_ARG_ENABLE(parser-generation,
[AC_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
[AS_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
[case "${enableval}" in
yes) buildParser=true ;;
@ -273,7 +286,7 @@ AC_ARG_ENABLE(parser-generation,
# Mutex
AC_ARG_ENABLE(mutex-on-pm,
[AC_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
[AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
[case "${enableval}" in
yes) mutexPm=true ;;
@ -313,7 +326,7 @@ fi
# Regression tests will not be able to run without the logging support.
# But we still have the unit tests.
# if test "$debugLogs" = "true"; then
# buildTestUtilities=true
# buildTestUtilities=true
# fi
# fi
@ -549,6 +562,23 @@ if test "x$LUA_FOUND" = "x2"; then
fi
## PCRE2
if test "x$PCRE2_FOUND" = "x0"; then
echo " + PCRE2 ....not found"
fi
if test "x$PCRE2_FOUND" = "x1"; then
echo -n " + PCRE2 ....found "
if ! test "x$PCRE2_VERSION" = "x"; then
echo "v${PCRE2_VERSION}"
else
echo ""
fi
echo " ${PCRE2_DISPLAY}"
fi
if test "x$PCRE2_FOUND" = "x2"; then
echo " + PCRE2 ....disabled"
fi
echo " "
echo " Other Options"
if test $buildTestUtilities = true; then

4
src/deps/src/ModSecurity/doc/doxygen.cfg
View File

@ -32,7 +32,7 @@ DOXYFILE_ENCODING = UTF-8
# title of most generated pages and in a few other places.
# The default value is: My Project.
PROJECT_NAME = ModSecurty
PROJECT_NAME = ModSecurity
# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
# could be handy for archiving the generated documentation or if some version
@ -51,7 +51,7 @@ PROJECT_BRIEF = "ModSecurity is an open source, cross platform web appl
# and the maximum width should not exceed 200 pixels. Doxygen will copy the logo
# to the output directory.
PROJECT_LOGO = doc/ms-doxygen-logo.png
PROJECT_LOGO = ../doc/ms-doxygen-logo.png
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
# into which the generated documentation will be written. If a relative path is

26
src/deps/src/ModSecurity/examples/multiprocess_c/multi.c
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -15,7 +15,7 @@
#include <modsecurity/modsecurity.h>
#include <modsecurity/transaction.h>
#include <modsecurity/rules.h>
#include <modsecurity/rules_set.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -24,12 +24,13 @@
#include <sys/wait.h>
#include <sys/time.h>
#define FORKS 5
#define REQUESTS_PER_PROCESS 100
char main_rule_uri[] = "basic_rules.conf";
Rules *rules = NULL;
RulesSet *rules = NULL;
ModSecurity *modsec = NULL;
@ -41,11 +42,14 @@ void process_special_request (int j) {
msc_process_uri(transaction,
"http://www.modsecurity.org/test?foo=herewego",
"GET", "1.1");
msc_add_request_header(transaction, "User-Agent",
"Basic ModSecurity example");
msc_add_request_header(transaction,
(const unsigned char *) "User-Agent",
(const unsigned char *) "Basic ModSecurity example");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
msc_add_response_header(transaction, "Content-type", "text/html");
msc_add_response_header(transaction,
(const unsigned char *) "Content-type",
(const unsigned char *) "text/html");
msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction);
msc_process_logging(transaction);
@ -69,11 +73,14 @@ void process_request (int j) {
msc_process_uri(transaction,
"http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3",
"GET", "1.1");
msc_add_request_header(transaction, "User-Agent",
"Basic ModSecurity example");
msc_add_request_header(transaction,
(const unsigned char *) "User-Agent",
(const unsigned char *) "Basic ModSecurity example");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
msc_add_response_header(transaction, "Content-type", "text/html");
msc_add_response_header(transaction,
(const unsigned char *) "Content-type",
(const unsigned char *) "text/html");
msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction);
msc_process_logging(transaction);
@ -90,7 +97,6 @@ int main (int argc, char **argv)
{
int ret;
const char *error = NULL;
int i = 0;
pid_t pid;
int f;

8
src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/Makefile.am
View File

@ -6,7 +6,6 @@ simple_request_SOURCES = \
simple_request.cc
simple_request_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(GLOBAL_LDADD) \
@ -19,9 +18,13 @@ simple_request_LDADD = \
$(YAJL_LDADD)
simple_request_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
$(LMDB_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@ -36,6 +39,7 @@ simple_request_CPPFLAGS = \
-I../others \
-fPIC \
-O3 \
$(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \

15
src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -69,14 +69,14 @@ char ip[] = "200.249.12.31";
struct data_ms {
modsecurity::ModSecurity *modsec;
modsecurity::Rules *rules;
modsecurity::RulesSet *rules;
};
static void *process_request(void *data) {
struct data_ms *a = (struct data_ms *)data;
modsecurity::ModSecurity *modsec = a->modsec;
modsecurity::Rules *rules = a->rules;
modsecurity::RulesSet *rules = a->rules;
int z = 0;
for (z = 0; z < 10000; z++) {
@ -115,7 +115,7 @@ class ReadingLogsViaRuleMessage {
char *response_headers,
char *response_body,
char *ip,
std::string rules) :
const std::string &rules) :
m_request_header(request_header),
m_request_uri(request_uri),
m_request_body(request_body),
@ -132,8 +132,7 @@ class ReadingLogsViaRuleMessage {
void *status;
modsecurity::ModSecurity *modsec;
modsecurity::Rules *rules;
modsecurity::ModSecurityIntervention it;
modsecurity::RulesSet *rules;
modsec = new modsecurity::ModSecurity();
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
@ -141,7 +140,7 @@ class ReadingLogsViaRuleMessage {
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
| modsecurity::IncludeFullHighlightLogProperty);
rules = new modsecurity::Rules();
rules = new modsecurity::RulesSet();
if (rules->loadFromUri(m_rules.c_str()) < 0) {
std::cout << "Problems loading the rules..." << std::endl;
std::cout << rules->m_parserError.str() << std::endl;
@ -168,8 +167,6 @@ class ReadingLogsViaRuleMessage {
delete modsec;
pthread_exit(NULL);
return 0;
end:
return -1;
}
static void logCb(void *data, const void *ruleMessagev) {

8
src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/simple_request.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -17,7 +17,7 @@
#include <string.h>
#include <modsecurity/modsecurity.h>
#include <modsecurity/rules.h>
#include <modsecurity/rules_set.h>
#include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
@ -29,8 +29,8 @@ int main(int argc, char **argv) {
return -1;
}
*(argv++);
std::string rules(*argv);
char *rule = *(++argv);
std::string rules(rule);
ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
response_headers, response_body, ip, rules);
rlvrm.process();

7
src/deps/src/ModSecurity/examples/reading_logs_with_offset/Makefile.am
View File

@ -6,7 +6,6 @@ read_SOURCES = \
read.cc
read_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
@ -19,7 +18,12 @@ read_LDADD = \
$(YAJL_LDADD)
read_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@ -35,6 +39,7 @@ read_CPPFLAGS = \
-I../others \
-fPIC \
-O3 \
$(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \

6
src/deps/src/ModSecurity/examples/simple_example_using_c/test.c
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -18,7 +18,7 @@
#include <stdlib.h>
#include "modsecurity/modsecurity.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
char main_rule_uri[] = "basic_rules.conf";
@ -29,7 +29,7 @@ int main (int argc, char **argv)
const char *error = NULL;
ModSecurity *modsec;
Transaction *transaction = NULL;
Rules *rules;
RulesSet *rules;
modsec = msc_init();

7
src/deps/src/ModSecurity/examples/using_bodies_in_chunks/Makefile.am
View File

@ -6,7 +6,6 @@ simple_request_SOURCES = \
simple_request.cc
simple_request_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
@ -19,7 +18,12 @@ simple_request_LDADD = \
$(YAJL_LDADD)
simple_request_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \
-lpthread \
@ -37,6 +41,7 @@ simple_request_CPPFLAGS = \
-fPIC \
-O3 \
$(GEOIP_CFLAGS) \
$(CURL_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \

15
src/deps/src/ModSecurity/examples/using_bodies_in_chunks/simple_request.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -19,7 +19,7 @@
#include <modsecurity/modsecurity.h>
#include <modsecurity/rules.h>
#include <modsecurity/rules_set.h>
#include <modsecurity/rule_message.h>
@ -28,6 +28,7 @@
char request_uri[] = "/test.pl?param1=test&para2=test2";
char request_body_first[] = "" \
@ -125,17 +126,15 @@ int process_intervention(modsecurity::Transaction *transaction) {
int main(int argc, char **argv) {
modsecurity::ModSecurity *modsec;
modsecurity::Rules *rules;
modsecurity::ModSecurityIntervention it;
modsecurity::RulesSet *rules;
if (argc < 2) {
std::cout << "Use " << *argv << " test-case-file.conf";
std::cout << std::endl << std::endl;
return -1;
}
*(argv++);
std::string rules_arg(*argv);
char *rule = *(++argv);
std::string rules_arg(rule);
/**
* ModSecurity initial setup
@ -151,7 +150,7 @@ int main(int argc, char **argv) {
* loading the rules....
*
*/
rules = new modsecurity::Rules();
rules = new modsecurity::RulesSet();
if (rules->loadFromUri(rules_arg.c_str()) < 0) {
std::cout << "Problems loading the rules..." << std::endl;
std::cout << rules->m_parserError.str() << std::endl;

61
src/deps/src/ModSecurity/headers/modsecurity/actions/action.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -23,6 +23,7 @@
#include "modsecurity/intervention.h"
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_actions.h"
#ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_
#define HEADERS_MODSECURITY_ACTIONS_ACTION_H_
@ -31,7 +32,7 @@
namespace modsecurity {
class Transaction;
class Rule;
class RuleWithOperator;
namespace actions {
@ -42,27 +43,41 @@ class Action {
: m_isNone(false),
temporaryAction(false),
action_kind(2),
m_name(""),
m_parser_payload(""),
m_referenceCount(1) {
m_name(nullptr),
m_parser_payload("") {
set_name_and_payload(_action);
}
explicit Action(const std::string& _action, int kind)
: m_isNone(false),
temporaryAction(false),
action_kind(kind),
m_name(""),
m_parser_payload(""),
m_referenceCount(1) {
m_name(nullptr),
m_parser_payload("") {
set_name_and_payload(_action);
}
Action(const Action &a)
: m_isNone(a.m_isNone),
temporaryAction(a.temporaryAction),
action_kind(a.action_kind),
m_name(a.m_name),
m_parser_payload(a.m_parser_payload) { }
Action &operator=(const Action& a) {
m_isNone = a.m_isNone;
temporaryAction = a.temporaryAction;
action_kind = a.action_kind;
m_name = a.m_name;
m_parser_payload = a.m_parser_payload;
return *this;
}
virtual ~Action() { }
virtual std::string evaluate(std::string exp,
virtual std::string evaluate(const std::string &exp,
Transaction *transaction);
virtual bool evaluate(Rule *rule, Transaction *transaction);
virtual bool evaluate(Rule *rule, Transaction *transaction,
virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> ruleMessage) {
return evaluate(rule, transaction);
}
@ -79,11 +94,11 @@ class Action {
}
if (pos == std::string::npos) {
m_name = data;
m_name = std::shared_ptr<std::string>(new std::string(data));
return;
}
m_name = std::string(data, 0, pos);
m_name = std::shared_ptr<std::string>(new std::string(data, 0, pos));
m_parser_payload = std::string(data, pos + 1, data.length());
if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) {
@ -92,23 +107,10 @@ class Action {
}
}
int refCountDecreaseAndCheck() {
this->m_referenceCount--;
if (this->m_referenceCount == 0) {
delete this;
return 1;
}
return 0;
}
void refCountIncrease() {
this->m_referenceCount++;
}
bool m_isNone;
bool temporaryAction;
int action_kind;
std::string m_name;
std::shared_ptr<std::string> m_name;
std::string m_parser_payload;
/**
@ -142,10 +144,7 @@ class Action {
*/
RunTimeOnlyIfMatchKind,
};
private:
int m_referenceCount;
};
};
} // namespace actions

4
src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -71,7 +71,7 @@ struct MyHash{
class AnchoredSetVariable : public std::unordered_multimap<std::string,
VariableValue *, MyHash, MyEqual> {
public:
AnchoredSetVariable(Transaction *t, std::string name);
AnchoredSetVariable(Transaction *t, const std::string &name);
~AnchoredSetVariable();
void unset();

126
src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h Normal file
View File

@ -0,0 +1,126 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#include <algorithm>
#include <memory>
#include <functional>
#include <iostream>
#endif
#include "modsecurity/variable_value.h"
#include "modsecurity/anchored_set_variable.h"
#ifndef HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
#define HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
#ifdef __cplusplus
namespace modsecurity {
class AnchoredSetVariableTranslationProxy {
public:
AnchoredSetVariableTranslationProxy(
const std::string &name,
AnchoredSetVariable *fount)
: m_name(name),
m_fount(fount)
{
m_translate = [](std::string *name, std::vector<const VariableValue *> *l) {
for (int i = 0; i < l->size(); ++i) {
VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey());
const VariableValue *oldVariableValue = l->at(i);
l->at(i) = newVariableValue;
for (auto &oldOrigin : oldVariableValue->getOrigin()) {
std::unique_ptr<VariableOrigin> newOrigin(new VariableOrigin);
newOrigin->m_length = oldVariableValue->getKey().size();
newOrigin->m_offset = oldOrigin->m_offset - oldVariableValue->getKey().size() - 1;
newVariableValue->addOrigin(std::move(newOrigin));
}
delete oldVariableValue;
}
};
}
virtual ~AnchoredSetVariableTranslationProxy()
{ }
void resolve(std::vector<const VariableValue *> *l) {
m_fount->resolve(l);
m_translate(&m_name, l);
}
void resolve(std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
m_fount->resolve(l, ke);
m_translate(&m_name, l);
}
void resolve(const std::string &key,
std::vector<const VariableValue *> *l) {
m_fount->resolve(key, l);
m_translate(&m_name, l);
};
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l) {
m_fount->resolveRegularExpression(r, l);
m_translate(&m_name, l);
};
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l,
variables::KeyExclusions &ke) {
m_fount->resolveRegularExpression(r, l, ke);
m_translate(&m_name, l);
};
std::unique_ptr<std::string> resolveFirst(const std::string &key) {
std::vector<const VariableValue *> l;
resolve(&l);
if (l.empty()) {
return nullptr;
}
std::unique_ptr<std::string> ret(new std::string(""));
ret->assign(l.at(0)->getValue());
while (!l.empty()) {
auto &a = l.back();
l.pop_back();
delete a;
}
return ret;
}
std::string m_name;
private:
AnchoredSetVariable *m_fount;
std::function<void(std::string *name, std::vector<const VariableValue *> *l)> m_translate;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_

16
src/deps/src/ModSecurity/headers/modsecurity/anchored_variable.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -42,7 +42,19 @@ class Transaction;
class AnchoredVariable {
public:
AnchoredVariable(Transaction* t, std::string name);
AnchoredVariable(Transaction* t, const std::string &name);
AnchoredVariable(const AnchoredVariable &a) = delete;
AnchoredVariable &operator= (const AnchoredVariable &a) = delete;
/*
: m_transaction(a.m_transaction),
m_offset(a.m_offset),
m_name(a.m_name),
m_value(a.m_value),
m_var(a.m_var) { }
*/
~AnchoredVariable();
void unset();

39
src/deps/src/ModSecurity/headers/modsecurity/audit_log.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -22,12 +22,11 @@
#ifndef HEADERS_MODSECURITY_AUDIT_LOG_H_
#define HEADERS_MODSECURITY_AUDIT_LOG_H_
#include "modsecurity/transaction.h"
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
namespace audit_log {
namespace writer {
class Writer;
@ -37,7 +36,9 @@ class Writer;
class AuditLog {
public:
AuditLog();
~AuditLog();
virtual ~AuditLog();
AuditLog(const AuditLog &a) = delete;
enum AuditLogType {
NotSetAuditLogType,
@ -158,22 +159,26 @@ class AuditLog {
bool setStorageDir(const std::basic_string<char>& path);
bool setFormat(AuditLogFormat fmt);
int getDirectoryPermission();
int getFilePermission();
int getParts();
int getDirectoryPermission() const;
int getFilePermission() const;
int getParts() const;
bool setParts(const std::basic_string<char>& new_parts);
bool setType(AuditLogType audit_type);
bool init(std::string *error);
bool close();
virtual bool close();
bool saveIfRelevant(Transaction *transaction);
bool saveIfRelevant(Transaction *transaction, int parts);
bool isRelevant(int status);
int addParts(int parts, const std::string& new_parts);
int removeParts(int parts, const std::string& new_parts);
static int addParts(int parts, const std::string& new_parts);
static int removeParts(int parts, const std::string& new_parts);
void setCtlAuditEngineActive() {
m_ctlAuditEngineActive = true;
}
bool merge(AuditLog *from, std::string *error);
@ -181,18 +186,6 @@ class AuditLog {
std::string m_path2;
std::string m_storage_dir;
void refCountIncrease() {
m_refereceCount++;
}
bool refCountDecreaseAndCheck() {
m_refereceCount--;
if (m_refereceCount == 0) {
delete this;
return true;
}
return false;
}
AuditLogFormat m_format;
protected:
@ -213,7 +206,7 @@ class AuditLog {
std::string m_relevant;
audit_log::writer::Writer *m_writer;
int m_refereceCount;
bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
};

4
src/deps/src/ModSecurity/headers/modsecurity/collection/collection.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -44,7 +44,7 @@ namespace collection {
class Collection {
public:
explicit Collection(std::string a) : m_name(a) { }
explicit Collection(const std::string &a) : m_name(a) { }
virtual ~Collection() { }
virtual void store(std::string key, std::string value) = 0;

5
src/deps/src/ModSecurity/headers/modsecurity/collection/collections.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -49,6 +49,9 @@ class Collections {
Collection *user, Collection *resource);
~Collections();
Collections(const Collections &c) = delete;
Collections& operator =(const Collections &c) = delete;
std::string m_global_collection_key;
std::string m_ip_collection_key;
std::string m_session_collection_key;

12
src/deps/src/ModSecurity/headers/modsecurity/debug_log.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -43,11 +43,11 @@ class DebugLog {
virtual void write(int level, const std::string &msg);
virtual void write(int level, const std::string &id,
const std::string &uri, const std::string &msg);
bool isLogFileSet();
bool isLogLevelSet();
void setDebugLogLevel(int level);
void setDebugLogFile(const std::string &fileName, std::string *error);
const std::string& getDebugLogFile();
virtual bool isLogFileSet();
virtual bool isLogLevelSet();
virtual void setDebugLogLevel(int level);
virtual void setDebugLogFile(const std::string &fileName, std::string *error);
virtual const std::string& getDebugLogFile();
virtual int getDebugLogLevel();
int m_debugLevel;

2
src/deps/src/ModSecurity/headers/modsecurity/intervention.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at

19
src/deps/src/ModSecurity/headers/modsecurity/modsecurity.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -190,7 +190,7 @@ namespace modsecurity {
#define MODSECURITY_MAJOR "3"
#define MODSECURITY_MINOR "0"
#define MODSECURITY_PATCHLEVEL "4"
#define MODSECURITY_PATCHLEVEL "8"
#define MODSECURITY_TAG ""
#define MODSECURITY_TAG_NUM "100"
@ -198,9 +198,9 @@ namespace modsecurity {
MODSECURITY_MINOR "." MODSECURITY_PATCHLEVEL \
MODSECURITY_TAG
#define MODSECURITY_VERSION_NUM MODSECURITY_MAJOR \
MODSECURITY_MINOR MODSECURITY_PATCHLEVEL MODSECURITY_TAG_NUM
#define MODSECURITY_VERSION_NUM 3080100
#define MODSECURITY_CHECK_VERSION(a) (MODSECURITY_VERSION_NUM <= a)
/*
* @name ModSecLogCb
@ -229,7 +229,7 @@ namespace modsecurity {
namespace actions {
class Action;
}
class Rule;
class RuleWithOperator;
#ifdef __cplusplus
extern "C" {
@ -278,8 +278,11 @@ class ModSecurity {
ModSecurity();
~ModSecurity();
ModSecurity(const ModSecurity &m) = delete;
ModSecurity& operator= (const ModSecurity &m) = delete;
const std::string& whoAmI();
void setConnectorInformation(std::string connector);
void setConnectorInformation(const std::string &connector);
void setServerLogCb(ModSecLogCb cb);
/**
*
@ -291,9 +294,9 @@ class ModSecurity {
void serverLog(void *data, std::shared_ptr<RuleMessage> rm);
const std::string& getConnectorInformation();
const std::string& getConnectorInformation() const;
int processContentOffset(const char *content, size_t len,
static int processContentOffset(const char *content, size_t len,
const char *matchString, std::string *json, const char **err);
collection::Collection *m_global_collection;

150
src/deps/src/ModSecurity/headers/modsecurity/rule.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -26,9 +26,9 @@
#define HEADERS_MODSECURITY_RULE_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#ifdef __cplusplus
namespace modsecurity {
@ -44,115 +44,81 @@ class Msg;
class Rev;
class SetVar;
class Tag;
namespace transformations {
class Transformation;
}
}
namespace operators {
class Operator;
}
using TransformationResult = std::pair<std::shared_ptr<std::string>,
std::shared_ptr<std::string>>;
using TransformationResults = std::list<TransformationResult>;
using Transformation = actions::transformations::Transformation;
using Transformations = std::vector<Transformation *>;
using Actions = std::vector<actions::Action *>;
using Tags = std::vector<actions::Tag *>;
using SetVars = std::vector<actions::SetVar *>;
using MatchActions = std::vector<actions::Action *>;
class Rule {
public:
Rule(operators::Operator *_op,
variables::Variables *_variables,
std::vector<actions::Action *> *_actions,
std::string fileName,
int lineNumber);
explicit Rule(std::string marker);
virtual ~Rule();
Rule(std::unique_ptr<std::string> fileName, int lineNumber)
: m_fileName(std::make_shared<std::string>(*fileName)),
m_lineNumber(lineNumber),
m_phase(modsecurity::Phases::RequestHeadersPhase) {
}
Rule(const Rule &other) :
m_fileName(other.m_fileName),
m_lineNumber(other.m_lineNumber),
m_phase(other.m_phase)
{ }
Rule &operator=(const Rule& other) {
m_fileName = other.m_fileName;
m_lineNumber = other.m_lineNumber;
m_phase = other.m_phase;
return *this;
}
virtual ~Rule() {}
virtual bool evaluate(Transaction *transaction) = 0;
virtual bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm);
std::shared_ptr<RuleMessage> rm) = 0;
void organizeActions(std::vector<actions::Action *> *actions);
void cleanUpActions();
void executeAction(Transaction *trans,
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
actions::Action *a, bool context);
std::shared_ptr<std::string> getFileName() const {
return m_fileName;
}
inline void executeTransformation(actions::Action *a,
std::shared_ptr<std::string> *value,
Transaction *trans,
std::list<std::pair<std::shared_ptr<std::string>,
std::shared_ptr<std::string>>> *ret,
std::string *path,
int *nth);
int getLineNumber() const {
return m_lineNumber;
}
void getVariablesExceptions(Transaction *t,
variables::Variables *exclusion, variables::Variables *addition);
inline void getFinalVars(variables::Variables *vars,
variables::Variables *eclusion, Transaction *trans);
void executeActionsAfterFullMatch(Transaction *trasn,
bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage);
int getPhase() const { return m_phase; }
void setPhase(int phase) { m_phase = phase; }
std::list<std::pair<std::shared_ptr<std::string>,
std::shared_ptr<std::string>>> executeDefaultTransformations(
Transaction *trasn, const std::string &value);
bool executeOperatorAt(Transaction *trasn, std::string key,
std::string value, std::shared_ptr<RuleMessage> rm);
void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
bool *b, std::shared_ptr<RuleMessage> ruleMessage);
inline void updateMatchedVars(Transaction *trasn, const std::string &key,
const std::string &value);
inline void cleanMatchedVars(Transaction *trasn);
std::vector<actions::Action *> getActionsByName(const std::string& name,
Transaction *t);
bool containsTag(const std::string& name, Transaction *t);
bool containsMsg(const std::string& name, Transaction *t);
int refCountDecreaseAndCheck() {
m_referenceCount--;
if (m_referenceCount == 0) {
delete this;
return 1;
virtual std::string getReference() {
if (m_fileName) {
return *m_fileName + ":" + std::to_string(m_lineNumber);
}
return 0;
return "<<no file>>:" + std::to_string(m_lineNumber);
}
void refCountIncrease() {
m_referenceCount++;
}
virtual bool isMarker() { return false; }
void executeTransformations(
actions::Action *a,
std::shared_ptr<std::string> newValue,
std::shared_ptr<std::string> value,
Transaction *trans,
std::list<std::pair<std::shared_ptr<std::string>,
std::shared_ptr<std::string>>> *ret,
std::shared_ptr<std::string> transStr,
int nth);
actions::Action *m_theDisruptiveAction;
actions::LogData *m_logData;
actions::Msg *m_msg;
actions::Severity *m_severity;
bool m_chained;
bool m_containsCaptureAction;
bool m_containsMultiMatchAction;
bool m_containsStaticBlockAction;
bool m_secMarker;
int64_t m_ruleId;
int m_accuracy;
int m_lineNumber;
int m_maturity;
int m_phase;
modsecurity::variables::Variables *m_variables;
operators::Operator *m_op;
Rule *m_chainedRuleChild;
Rule *m_chainedRuleParent;
std::string m_fileName;
std::string m_marker;
std::string m_rev;
std::string m_ver;
std::vector<actions::Action *> m_actionsRuntimePos;
std::vector<actions::Action *> m_actionsRuntimePre;
std::vector<actions::SetVar *> m_actionsSetVar;
std::vector<actions::Tag *> m_actionsTag;
private:
bool m_unconditional;
int m_referenceCount;
std::shared_ptr<std::string> m_fileName;
int m_lineNumber;
// FIXME: phase may not be neede to SecMarker.
int m_phase;
};

91
src/deps/src/ModSecurity/headers/modsecurity/rule_marker.h Normal file
View File

@ -0,0 +1,91 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_MARKER_H_
#define HEADERS_MODSECURITY_RULE_MARKER_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleMarker : public Rule {
public:
RuleMarker(
const std::string &name,
std::unique_ptr<std::string> fileName,
int lineNumber)
: Rule(std::move(fileName), lineNumber),
m_name(std::make_shared<std::string>(name)) { }
RuleMarker(const RuleMarker& r) :
Rule(r),
m_name(r.m_name)
{ }
RuleMarker &operator =(const RuleMarker& r) {
Rule::operator = (r);
m_name = r.m_name;
return *this;
}
virtual bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override {
return evaluate(transaction);
}
virtual bool evaluate(Transaction *transaction) override {
if (transaction->isInsideAMarker()) {
if (*transaction->getCurrentMarker() == *m_name) {
transaction->removeMarker();
// FIXME: Move this to .cc
// ms_dbg_a(transaction, 4, "Out of a SecMarker " + *m_name);
}
}
return true;
};
std::shared_ptr<std::string> getName() {
return m_name;
}
bool isMarker() override { return true; }
private:
std::shared_ptr<std::string> m_name;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_MARKER_H_

128
src/deps/src/ModSecurity/headers/modsecurity/rule_message.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -26,6 +26,7 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_operator.h"
#ifdef __cplusplus
@ -41,7 +42,13 @@ class RuleMessage {
ClientLogMessageInfo = 4
};
explicit RuleMessage(Rule *rule, Transaction *trans) :
/**
*
* FIXME: RuleMessage is currently too big, doing a lot of
* unnecessary data duplication. Needs to be shrink down.
*
*/
RuleMessage(RuleWithActions *rule, Transaction *trans) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(trans->m_clientIpAddress),
m_data(""),
@ -51,50 +58,135 @@ class RuleMessage {
m_maturity(rule->m_maturity),
m_message(""),
m_noAuditLog(false),
m_phase(rule->m_phase - 1),
m_phase(rule->getPhase() - 1),
m_reference(""),
m_rev(rule->m_rev),
m_rule(rule),
m_ruleFile(rule->m_fileName),
m_ruleFile(rule->getFileName()),
m_ruleId(rule->m_ruleId),
m_ruleLine(rule->m_lineNumber),
m_ruleLine(rule->getLineNumber()),
m_saveMessage(true),
m_serverIpAddress(trans->m_serverIpAddress),
m_severity(0),
m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded),
m_ver(rule->m_ver)
m_ver(rule->m_ver),
m_tags()
{ }
explicit RuleMessage(RuleMessage *rule) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(rule->m_clientIpAddress),
m_data(rule->m_data),
m_id(rule->m_id),
m_isDisruptive(rule->m_isDisruptive),
m_match(rule->m_match),
m_maturity(rule->m_maturity),
m_message(rule->m_message),
m_noAuditLog(rule->m_noAuditLog),
m_phase(rule->m_phase),
m_reference(rule->m_reference),
m_rev(rule->m_rev),
m_rule(rule->m_rule),
m_ruleFile(rule->m_ruleFile),
m_ruleId(rule->m_ruleId),
m_ruleLine(rule->m_ruleLine),
m_saveMessage(rule->m_saveMessage),
m_serverIpAddress(rule->m_serverIpAddress),
m_severity(rule->m_severity),
m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
m_ver(rule->m_ver),
m_tags(rule->m_tags)
{ }
RuleMessage(const RuleMessage& ruleMessage)
: m_accuracy(ruleMessage.m_accuracy),
m_clientIpAddress(ruleMessage.m_clientIpAddress),
m_data(ruleMessage.m_data),
m_id(ruleMessage.m_id),
m_isDisruptive(ruleMessage.m_isDisruptive),
m_match(ruleMessage.m_match),
m_maturity(ruleMessage.m_maturity),
m_message(ruleMessage.m_message),
m_noAuditLog(ruleMessage.m_noAuditLog),
m_phase(ruleMessage.m_phase),
m_reference(ruleMessage.m_reference),
m_rev(ruleMessage.m_rev),
m_rule(ruleMessage.m_rule),
m_ruleFile(ruleMessage.m_ruleFile),
m_ruleId(ruleMessage.m_ruleId),
m_ruleLine(ruleMessage.m_ruleLine),
m_saveMessage(ruleMessage.m_saveMessage),
m_serverIpAddress(ruleMessage.m_serverIpAddress),
m_severity(ruleMessage.m_severity),
m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded),
m_ver(ruleMessage.m_ver),
m_tags(ruleMessage.m_tags)
{ }
RuleMessage &operator=(const RuleMessage& ruleMessage) {
m_accuracy = ruleMessage.m_accuracy;
m_clientIpAddress = ruleMessage.m_clientIpAddress;
m_data = ruleMessage.m_data;
m_id = ruleMessage.m_id;
m_isDisruptive = ruleMessage.m_isDisruptive;
m_match = ruleMessage.m_match;
m_maturity = ruleMessage.m_maturity;
m_message = ruleMessage.m_message;
m_noAuditLog = ruleMessage.m_noAuditLog;
m_phase = ruleMessage.m_phase;
m_reference = ruleMessage.m_reference;
m_rev = ruleMessage.m_rev;
m_rule = ruleMessage.m_rule;
m_ruleFile = ruleMessage.m_ruleFile;
m_ruleId = ruleMessage.m_ruleId;
m_ruleLine = ruleMessage.m_ruleLine;
m_saveMessage = ruleMessage.m_saveMessage;
m_serverIpAddress = ruleMessage.m_serverIpAddress;
m_severity = ruleMessage.m_severity;
m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded;
m_ver = ruleMessage.m_ver;
m_tags = ruleMessage.m_tags;
return *this;
}
void clean() {
m_data = "";
m_match = "";
m_isDisruptive = false;
m_reference = "";
m_severity = 0;
m_ver = "";
}
std::string log() {
return RuleMessage::log(this, 0);
return log(this, 0);
}
std::string log(int props) {
return RuleMessage::log(this, props);
return log(this, props);
}
std::string log(int props, int responseCode) {
return RuleMessage::log(this, props, responseCode);
return log(this, props, responseCode);
}
std::string errorLog() {
return RuleMessage::log(this,
return log(this,
ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
}
static std::string log(const RuleMessage *rm, int props, int code);
static std::string log(const RuleMessage *rm, int props) {
return RuleMessage::log(rm, props, -1);
return log(rm, props, -1);
}
static std::string log(const RuleMessage *rm) {
return RuleMessage::log(rm, 0);
return log(rm, 0);
}
static std::string _details(const RuleMessage *rm);
static std::string _errorLogTail(const RuleMessage *rm);
int m_accuracy;
std::string m_clientIpAddress;
std::shared_ptr<std::string> m_clientIpAddress;
std::string m_data;
std::string m_id;
std::shared_ptr<std::string> m_id;
bool m_isDisruptive;
std::string m_match;
int m_maturity;
@ -103,14 +195,14 @@ class RuleMessage {
int m_phase;
std::string m_reference;
std::string m_rev;
Rule *m_rule;
std::string m_ruleFile;
RuleWithActions *m_rule;
std::shared_ptr<std::string> m_ruleFile;
int m_ruleId;
int m_ruleLine;
bool m_saveMessage;
std::string m_serverIpAddress;
std::shared_ptr<std::string> m_serverIpAddress;
int m_severity;
std::string m_uriNoQueryStringDecoded;
std::shared_ptr<std::string> m_uriNoQueryStringDecoded;
std::string m_ver;
std::list<std::string> m_tags;

68
src/deps/src/ModSecurity/headers/modsecurity/rule_unconditional.h Normal file
View File

@ -0,0 +1,68 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
#define HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/rule_with_actions.h"
#include "modsecurity/actions/action.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleUnconditional : public RuleWithActions {
public:
RuleUnconditional(
std::vector<actions::Action *> *actions,
Transformations *transformations,
std::unique_ptr<std::string> fileName,
int lineNumber)
: RuleWithActions(actions, transformations, std::move(fileName), lineNumber) { }
RuleUnconditional(const RuleUnconditional& r)
: RuleWithActions(r)
{ }
RuleUnconditional &operator=(const RuleUnconditional& r) {
RuleWithActions::operator = (r);
return *this;
}
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
private:
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_

191
src/deps/src/ModSecurity/headers/modsecurity/rule_with_actions.h Normal file
View File

@ -0,0 +1,191 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
#define HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithActions : public Rule {
public:
RuleWithActions(
Actions *a,
Transformations *t,
std::unique_ptr<std::string> fileName,
int lineNumber);
~RuleWithActions();
RuleWithActions(const RuleWithActions& r)
: Rule(r),
m_rev(r.m_rev),
m_ver(r.m_ver),
m_accuracy(r.m_accuracy),
m_maturity(r.m_maturity),
m_ruleId(r.m_ruleId),
m_chainedRuleChild(r.m_chainedRuleChild),
m_chainedRuleParent(r.m_chainedRuleParent),
m_disruptiveAction(r.m_disruptiveAction),
m_logData(r.m_logData),
m_msg(r.m_msg),
m_severity(r.m_severity),
m_actionsRuntimePos(r.m_actionsRuntimePos),
m_actionsSetVar(r.m_actionsSetVar),
m_actionsTag(r.m_actionsTag),
m_transformations(r.m_transformations),
m_containsCaptureAction(r.m_containsCaptureAction),
m_containsMultiMatchAction(r.m_containsMultiMatchAction),
m_containsStaticBlockAction(r.m_containsStaticBlockAction),
m_isChained(r.m_isChained)
{ }
RuleWithActions &operator=(const RuleWithActions& r) {
Rule::operator = (r);
m_rev = r.m_rev;
m_ver = r.m_ver;
m_accuracy = r.m_accuracy;
m_maturity = r.m_maturity;
m_ruleId = r.m_ruleId;
m_chainedRuleChild = r.m_chainedRuleChild;
m_chainedRuleParent = r.m_chainedRuleParent;
m_disruptiveAction = r.m_disruptiveAction;
m_logData = r.m_logData;
m_msg = r.m_msg;
m_severity = r.m_severity;
m_actionsRuntimePos = r.m_actionsRuntimePos;
m_actionsSetVar = r.m_actionsSetVar;
m_actionsTag = r.m_actionsTag;
m_transformations = r.m_transformations;
m_containsCaptureAction = r.m_containsCaptureAction;
m_containsMultiMatchAction = r.m_containsMultiMatchAction;
m_containsStaticBlockAction = r.m_containsStaticBlockAction;
m_isChained = r.m_isChained;
return *this;
}
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
virtual bool evaluate(Transaction *transaction) override;
void executeActionsIndependentOfChainedRuleResult(
Transaction *trasn,
bool *containsDisruptive,
std::shared_ptr<RuleMessage> ruleMessage);
void executeActionsAfterFullMatch(
Transaction *trasn,
bool containsDisruptive,
std::shared_ptr<RuleMessage> ruleMessage);
void executeAction(Transaction *trans,
bool containsBlock,
std::shared_ptr<RuleMessage> ruleMessage,
actions::Action *a,
bool context);
void executeTransformations(
Transaction *trasn, const std::string &value, TransformationResults &ret);
inline void executeTransformation(
actions::transformations::Transformation *a,
std::shared_ptr<std::string> *value,
Transaction *trans,
TransformationResults *ret,
std::string *path,
int *nth) const;
void performLogging(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage,
bool lastLog = true,
bool chainedParentNull = false);
std::vector<actions::Action *> getActionsByName(const std::string& name,
Transaction *t);
bool containsTag(const std::string& name, Transaction *t);
bool containsMsg(const std::string& name, Transaction *t);
inline bool isChained() const { return m_isChained == true; }
inline bool hasCaptureAction() const { return m_containsCaptureAction == true; }
inline void setChained(bool b) { m_isChained = b; }
inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; }
inline bool hasBlockAction() const { return m_containsStaticBlockAction == true; }
inline bool hasMultimatch() const { return m_containsMultiMatchAction == true; }
inline bool hasLogData() const { return m_logData != NULL; }
std::string logData(Transaction *t);
inline bool hasMsg() const { return m_msg != NULL; }
std::string msg(Transaction *t);
inline bool hasSeverity() const { return m_severity != NULL; }
int severity() const;
std::string m_rev;
std::string m_ver;
int m_accuracy;
int m_maturity;
int64_t m_ruleId;
std::shared_ptr<RuleWithActions> m_chainedRuleChild;
RuleWithActions *m_chainedRuleParent;
private:
/* actions */
actions::Action *m_disruptiveAction;
actions::LogData *m_logData;
actions::Msg *m_msg;
actions::Severity *m_severity;
MatchActions m_actionsRuntimePos;
SetVars m_actionsSetVar;
Tags m_actionsTag;
/* actions > transformations */
Transformations m_transformations;
bool m_containsCaptureAction:1;
bool m_containsMultiMatchAction:1;
bool m_containsStaticBlockAction:1;
bool m_isChained:1;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_

82
src/deps/src/ModSecurity/headers/modsecurity/rule_with_operator.h Normal file
View File

@ -0,0 +1,82 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <stack>
#include <vector>
#include <string>
#include <list>
#include <memory>
#include <utility>
#endif
#ifndef HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
#define HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
#include "modsecurity/transaction.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_actions.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithOperator : public RuleWithActions {
public:
RuleWithOperator(operators::Operator *op,
variables::Variables *variables,
std::vector<actions::Action *> *actions,
Transformations *transformations,
std::unique_ptr<std::string> fileName,
int lineNumber);
virtual ~RuleWithOperator();
bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
void getVariablesExceptions(Transaction *t,
variables::Variables *exclusion, variables::Variables *addition);
inline void getFinalVars(variables::Variables *vars,
variables::Variables *eclusion, Transaction *trans);
bool executeOperatorAt(Transaction *trasn, const std::string &key,
const std::string &value, std::shared_ptr<RuleMessage> rm);
static void updateMatchedVars(Transaction *trasn, const std::string &key,
const std::string &value);
static void cleanMatchedVars(Transaction *trasn);
std::string getOperatorName() const;
virtual std::string getReference() override {
return std::to_string(m_ruleId);
}
private:
modsecurity::variables::Variables *m_variables;
operators::Operator *m_operator;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_

115
src/deps/src/ModSecurity/headers/modsecurity/rules.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -13,6 +13,7 @@
*
*/
#include <stdio.h>
#include <string.h>
@ -22,92 +23,74 @@
#include <string>
#include <vector>
#include <list>
#include <memory>
#endif
#include "modsecurity/rule.h"
#include "modsecurity/rule_with_operator.h"
#include "modsecurity/rule_with_actions.h"
#ifndef HEADERS_MODSECURITY_RULES_H_
#define HEADERS_MODSECURITY_RULES_H_
#include "modsecurity/rules_properties.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#ifdef __cplusplus
namespace modsecurity {
class Rule;
namespace Parser {
class Driver;
}
/** @ingroup ModSecurity_CPP_API */
class Rules : public RulesProperties {
class Rules {
public:
Rules()
: RulesProperties(new DebugLog()),
unicode_codepage(0),
#ifndef NO_LOGS
m_secmarker_skipped(0),
#endif
m_referenceCount(0) { }
void dump() const {
for (int j = 0; j < m_rules.size(); j++) {
std::cout << " Rule ID: " << m_rules.at(j)->getReference();
std::cout << "--" << m_rules.at(j) << std::endl;
}
}
explicit Rules(DebugLog *customLog)
: RulesProperties(customLog),
unicode_codepage(0),
#ifndef NO_LOGS
m_secmarker_skipped(0),
#endif
m_referenceCount(0) { }
int append(Rules *from, const std::vector<int64_t> &ids, std::ostringstream *err) {
size_t j = 0;
for (; j < from->size(); j++) {
RuleWithOperator *rule = dynamic_cast<RuleWithOperator *>(from->at(j).get());
if (rule && std::binary_search(ids.begin(), ids.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
}
m_rules.insert(m_rules.end(), from->m_rules.begin(), from->m_rules.end());
return j;
}
~Rules() { }
bool insert(const std::shared_ptr<Rule> &rule) {
return insert(rule, nullptr, nullptr);
}
void incrementReferenceCount(void);
void decrementReferenceCount(void);
bool insert(std::shared_ptr<Rule> rule, const std::vector<int64_t> *ids, std::ostringstream *err) {
RuleWithOperator *r = dynamic_cast<RuleWithOperator *>(rule.get());
if (r && ids != nullptr && std::binary_search(ids->begin(), ids->end(), r->m_ruleId)) {
if (err != nullptr) {
*err << "Rule id: " << std::to_string(r->m_ruleId) \
<< " is duplicated" << std::endl;
}
return false;
}
m_rules.push_back(rule);
return true;
}
int loadFromUri(const char *uri);
int loadRemote(const char *key, const char *uri);
int load(const char *rules);
int load(const char *rules, const std::string &ref);
size_t size() const { return m_rules.size(); }
std::shared_ptr<Rule> operator[](int index) const { return m_rules[index]; }
std::shared_ptr<Rule> at(int index) const { return m_rules[index]; }
void dump();
int merge(Parser::Driver *driver);
int merge(Rules *rules);
int evaluate(int phase, Transaction *transaction);
std::string getParserError();
void debug(int level, const std::string &id, const std::string &uri,
const std::string &msg);
int64_t unicode_codepage;
private:
int m_referenceCount;
#ifndef NO_LOGS
uint8_t m_secmarker_skipped;
#endif
std::vector<std::shared_ptr<Rule> > m_rules;
};
#endif
#ifdef __cplusplus
extern "C" {
#endif
Rules *msc_create_rules_set(void);
void msc_rules_dump(Rules *rules);
int msc_rules_merge(Rules *rules_dst, Rules *rules_from, const char **error);
int msc_rules_add_remote(Rules *rules, const char *key, const char *uri,
const char **error);
int msc_rules_add_file(Rules *rules, const char *file, const char **error);
int msc_rules_add(Rules *rules, const char *plain_rules, const char **error);
int msc_rules_cleanup(Rules *rules);
#ifdef __cplusplus
}
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_H_

2
src/deps/src/ModSecurity/headers/modsecurity/rules_exceptions.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at

547
src/deps/src/ModSecurity/headers/modsecurity/rules_properties.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -13,549 +13,6 @@
*
*/
#include <modsecurity/rules_set_properties.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <set>
#include <cstring>
#endif
#ifndef HEADERS_MODSECURITY_RULES_PROPERTIES_H_
#define HEADERS_MODSECURITY_RULES_PROPERTIES_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_exceptions.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#define CODEPAGE_SEPARATORS " \t\n\r"
#define merge_boolean_value(to, from, default) \
if (to == PropertyNotSetConfigBoolean) { \
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
}
#define merge_ruleengine_value(to, from, default) \
if (to == PropertyNotSetRuleEngine) { \
to = (from == PropertyNotSetRuleEngine) ? default : from; \
}
#define merge_bodylimitaction_value(to, from, default) \
if (to == PropertyNotSetBodyLimitAction) { \
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
}
#ifdef __cplusplus
namespace modsecurity {
class RulesExceptions;
namespace Parser {
class Driver;
}
using modsecurity::debug_log::DebugLog;
using modsecurity::audit_log::AuditLog;
/** @ingroup ModSecurity_CPP_API */
class ConfigInt {
public:
ConfigInt() : m_set(false), m_value(0) { }
bool m_set;
int m_value;
void merge(ConfigInt *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigDouble {
public:
ConfigDouble() : m_set(false), m_value(0) { }
bool m_set;
double m_value;
void merge(ConfigDouble *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigString {
public:
ConfigString() : m_set(false), m_value("") { }
bool m_set;
std::string m_value;
void merge(ConfigString *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigSet {
public:
ConfigSet() : m_set(false), m_clear(false) { }
bool m_set;
bool m_clear;
std::set<std::string> m_value;
};
class UnicodeMapHolder {
public:
UnicodeMapHolder() {
memset(m_data, -1, (sizeof(int)*65536));
};
int& operator[](int index) { return m_data[index]; }
int operator[](int index) const { return m_data[index]; }
int at(int index) const { return m_data[index]; }
void change(int i, int a) { m_data[i] = a; }
int m_data[65536];
};
class RulesProperties;
class ConfigUnicodeMap {
public:
ConfigUnicodeMap() : m_set(false),
m_unicodeCodePage(0),
m_unicodeMapTable(NULL) { }
static void loadConfig(std::string f, double codePage,
RulesProperties *driver, std::string *errg);
void merge(ConfigUnicodeMap *from) {
if (from->m_set == false) {
return;
}
m_set = true;
m_unicodeCodePage = from->m_unicodeCodePage;
m_unicodeMapTable = from->m_unicodeMapTable;
return;
}
bool m_set;
double m_unicodeCodePage;
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
};
class RulesProperties {
public:
RulesProperties() :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(new DebugLog()),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
explicit RulesProperties(DebugLog *debugLog) :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(debugLog),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
~RulesProperties() {
int i = 0;
/** Cleanup the rules */
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<Rule *> rules = m_rules[i];
while (rules.empty() == false) {
Rule *rule = rules.back();
rules.pop_back();
if (rule->refCountDecreaseAndCheck()) {
rule = NULL;
}
}
}
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<actions::Action *> *tmp = &m_defaultActions[i];
while (tmp->empty() == false) {
actions::Action *a = tmp->back();
tmp->pop_back();
if (a->refCountDecreaseAndCheck()) {
a = NULL;
}
}
}
delete m_debugLog;
delete m_auditLog;
}
/**
*
*
*/
enum ConfigBoolean {
TrueConfigBoolean,
FalseConfigBoolean,
PropertyNotSetConfigBoolean
};
/**
*
* The RuleEngine enumerator consists in mapping the different states
* of the rule engine.
*
*/
enum RuleEngine {
/**
*
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
*
*/
DisabledRuleEngine,
/**
*
* Rules will be evaluated and disturb actions will take place if needed.
*
*/
EnabledRuleEngine,
/**
* Rules will be evaluated but it won't generate any disruptive action.
*
*/
DetectionOnlyRuleEngine,
/**
*
*/
PropertyNotSetRuleEngine
};
/**
*
* Defines what actions should be taken in case the body (response or
* request) is bigger than the expected size.
*
*/
enum BodyLimitAction {
/**
*
* Process partial
*
*/
ProcessPartialBodyLimitAction,
/**
*
* Reject the request
*
*/
RejectBodyLimitAction,
/**
*
*/
PropertyNotSetBodyLimitAction
};
/**
*
* Defines what actions should be taken in case the remote rules failed to
* be downloaded (independent of the circumstances)
*
*
*/
enum OnFailedRemoteRulesAction {
/**
*
* Abort
*
*/
AbortOnFailedRemoteRulesAction,
/**
*
* Warn on logging
*
*/
WarnOnFailedRemoteRulesAction,
/**
*
*/
PropertyNotSetRemoteRulesAction
};
static const char *ruleEngineStateString(RuleEngine i) {
switch (i) {
case DisabledRuleEngine:
return "Disabled";
case EnabledRuleEngine:
return "Enabled";
case DetectionOnlyRuleEngine:
return "DetectionOnly";
case PropertyNotSetRuleEngine:
return "PropertyNotSet/DetectionOnly";
}
return NULL;
}
static std::string configBooleanString(ConfigBoolean i) {
switch (i) {
case TrueConfigBoolean:
return "True";
case FalseConfigBoolean:
return "False";
case PropertyNotSetConfigBoolean:
return "Not set";
}
return NULL;
}
static int mergeProperties(RulesProperties *from, RulesProperties *to,
std::ostringstream *err) {
int amount_of_rules = 0;
amount_of_rules = appendRules(from->m_rules, to->m_rules, err);
if (amount_of_rules < 0) {
return amount_of_rules;
}
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
PropertyNotSetRuleEngine);
merge_boolean_value(to->m_secRequestBodyAccess,
from->m_secRequestBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secResponseBodyAccess,
from->m_secResponseBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secXMLExternalEntity,
from->m_secXMLExternalEntity,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_uploadKeepFiles,
from->m_uploadKeepFiles,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_tmpSaveUploadedFiles,
from->m_tmpSaveUploadedFiles,
PropertyNotSetConfigBoolean);
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
from->m_requestBodyLimitAction,
PropertyNotSetBodyLimitAction);
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
from->m_responseBodyLimitAction,
PropertyNotSetBodyLimitAction);
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
to->m_secWebAppId.merge(&from->m_secWebAppId);
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
to->m_httpblKey.merge(&from->m_httpblKey);
to->m_exceptions.merge(&from->m_exceptions);
to->m_components.insert(to->m_components.end(),
from->m_components.begin(), from->m_components.end());
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
to->m_responseBodyTypeToBeInspected.m_value.clear();
from->m_responseBodyTypeToBeInspected.m_value.clear();
} else {
for (std::set<std::string>::iterator
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end();
++it) {
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
}
}
to->m_responseBodyTypeToBeInspected.m_set = true;
}
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<actions::Action *> *actions_from = \
from->m_defaultActions+i;
std::vector<actions::Action *> *actions_to = to->m_defaultActions+i;
for (size_t j = 0; j < actions_from->size(); j++) {
actions::Action *action = actions_from->at(j);
action->refCountIncrease();
actions_to->push_back(action);
}
}
if (to->m_auditLog) {
std::string error;
to->m_auditLog->merge(from->m_auditLog, &error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogFileSet()) {
if (to->m_debugLog->isLogFileSet() == false) {
std::string error;
to->m_debugLog->setDebugLogFile(
from->m_debugLog->getDebugLogFile(),
&error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogLevelSet()) {
if (to->m_debugLog->isLogLevelSet() == false) {
to->m_debugLog->setDebugLogLevel(
from->m_debugLog->getDebugLogLevel());
}
}
return amount_of_rules;
}
static int appendRules(
std::vector<modsecurity::Rule *> *from,
std::vector<modsecurity::Rule *> *to,
std::ostringstream *err) {
int amount_of_rules = 0;
// TODO: std::vector could be replaced with something more efficient.
std::vector<int64_t> v;
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_to = to+i;
v.reserve(rules_to->size());
for (size_t z = 0; z < rules_to->size(); z++) {
Rule *rule_ckc = rules_to->at(z);
if (rule_ckc->m_secMarker == true) {
continue;
}
v.push_back(rule_ckc->m_ruleId);
}
}
std::sort (v.begin(), v.end());
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_from = from+i;
std::vector<modsecurity::Rule *> *rules_to = to+i;
for (size_t j = 0; j < rules_from->size(); j++) {
Rule *rule = rules_from->at(j);
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
amount_of_rules++;
rule->refCountIncrease();
rules_to->push_back(rule);
}
}
return amount_of_rules;
}
std::vector<modsecurity::Rule *> *getRulesForPhase(int phase) {
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
return NULL;
}
return &m_rules[phase];
}
audit_log::AuditLog *m_auditLog;
BodyLimitAction m_requestBodyLimitAction;
BodyLimitAction m_responseBodyLimitAction;
ConfigBoolean m_secRequestBodyAccess;
ConfigBoolean m_secResponseBodyAccess;
ConfigBoolean m_secXMLExternalEntity;
ConfigBoolean m_tmpSaveUploadedFiles;
ConfigBoolean m_uploadKeepFiles;
ConfigDouble m_requestBodyLimit;
ConfigDouble m_requestBodyNoFilesLimit;
ConfigDouble m_responseBodyLimit;
ConfigInt m_uploadFileLimit;
ConfigInt m_uploadFileMode;
DebugLog *m_debugLog;
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
RuleEngine m_secRuleEngine;
RulesExceptions m_exceptions;
std::list<std::string> m_components;
std::ostringstream m_parserError;
ConfigSet m_responseBodyTypeToBeInspected;
ConfigString m_httpblKey;
ConfigString m_uploadDirectory;
ConfigString m_uploadTmpDirectory;
ConfigString m_secArgumentSeparator;
ConfigString m_secWebAppId;
std::vector<actions::Action *> m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
std::vector<modsecurity::Rule *> m_rules[modsecurity::Phases::NUMBER_OF_PHASES];
ConfigUnicodeMap m_unicodeMapTable;
};
#endif
#ifdef __cplusplus
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_PROPERTIES_H_

109
src/deps/src/ModSecurity/headers/modsecurity/rules_set.h Normal file
View File

@ -0,0 +1,109 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <string.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_H_
#define HEADERS_MODSECURITY_RULES_SET_H_
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_set_phases.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithOperator;
namespace Parser {
class Driver;
}
/** @ingroup ModSecurity_CPP_API */
class RulesSet : public RulesSetProperties {
public:
RulesSet()
: RulesSetProperties(new DebugLog())
#ifndef NO_LOGS
,m_secmarker_skipped(0)
#endif
{ }
explicit RulesSet(DebugLog *customLog)
: RulesSetProperties(customLog)
#ifndef NO_LOGS
,m_secmarker_skipped(0)
#endif
{ }
~RulesSet() { }
int loadFromUri(const char *uri);
int loadRemote(const char *key, const char *uri);
int load(const char *rules);
int load(const char *rules, const std::string &ref);
void dump() const;
int merge(Parser::Driver *driver);
int merge(RulesSet *rules);
int evaluate(int phase, Transaction *transaction);
std::string getParserError();
void debug(int level, const std::string &id, const std::string &uri,
const std::string &msg);
RulesSetPhases m_rulesSetPhases;
private:
#ifndef NO_LOGS
uint8_t m_secmarker_skipped;
#endif
};
#endif
#ifdef __cplusplus
extern "C" {
#endif
RulesSet *msc_create_rules_set(void);
void msc_rules_dump(RulesSet *rules);
int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error);
int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri,
const char **error);
int msc_rules_add_file(RulesSet *rules, const char *file, const char **error);
int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error);
int msc_rules_cleanup(RulesSet *rules);
#ifdef __cplusplus
}
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_H_

63
src/deps/src/ModSecurity/headers/modsecurity/rules_set_phases.h Normal file
View File

@ -0,0 +1,63 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <stdio.h>
#include <string.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_PHASES_H_
#define HEADERS_MODSECURITY_RULES_SET_PHASES_H_
#include "modsecurity/rules.h"
#ifdef __cplusplus
namespace modsecurity {
class RuleWithOperator;
namespace Parser {
class Driver;
}
/** @ingroup ModSecurity_CPP_API */
class RulesSetPhases {
public:
bool insert(std::shared_ptr<Rule> rule);
int append(RulesSetPhases *from, std::ostringstream *err);
void dump() const;
Rules *operator[](int index) { return &m_rulesAtPhase[index]; }
Rules *at(int index) { return &m_rulesAtPhase[index]; }
private:
Rules m_rulesAtPhase[8];
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_PHASES_H_

499
src/deps/src/ModSecurity/headers/modsecurity/rules_set_properties.h Normal file
View File

@ -0,0 +1,499 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <set>
#include <cstring>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
#define HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_exceptions.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#define CODEPAGE_SEPARATORS " \t\n\r"
#define merge_boolean_value(to, from, default) \
if (to == PropertyNotSetConfigBoolean) { \
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
}
#define merge_ruleengine_value(to, from, default) \
if (to == PropertyNotSetRuleEngine) { \
to = (from == PropertyNotSetRuleEngine) ? default : from; \
}
#define merge_bodylimitaction_value(to, from, default) \
if (to == PropertyNotSetBodyLimitAction) { \
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
}
#ifdef __cplusplus
namespace modsecurity {
class RulesExceptions;
namespace Parser {
class Driver;
}
using modsecurity::debug_log::DebugLog;
using modsecurity::audit_log::AuditLog;
/** @ingroup ModSecurity_CPP_API */
class ConfigInt {
public:
ConfigInt() : m_set(false), m_value(0) { }
bool m_set;
int m_value;
void merge(ConfigInt *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigDouble {
public:
ConfigDouble() : m_set(false), m_value(0) { }
bool m_set;
double m_value;
void merge(ConfigDouble *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigString {
public:
ConfigString() : m_set(false), m_value("") { }
bool m_set;
std::string m_value;
void merge(ConfigString *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigSet {
public:
ConfigSet() : m_set(false), m_clear(false) { }
bool m_set;
bool m_clear;
std::set<std::string> m_value;
};
class UnicodeMapHolder {
public:
UnicodeMapHolder() {
memset(m_data, -1, (sizeof(int)*65536));
};
int& operator[](int index) { return m_data[index]; }
int operator[](int index) const { return m_data[index]; }
int at(int index) const { return m_data[index]; }
void change(int i, int a) { m_data[i] = a; }
int m_data[65536];
};
class RulesSetProperties;
class ConfigUnicodeMap {
public:
ConfigUnicodeMap() : m_set(false),
m_unicodeCodePage(0),
m_unicodeMapTable(NULL) { }
static void loadConfig(std::string f, double codePage,
RulesSetProperties *driver, std::string *errg);
void merge(ConfigUnicodeMap *from) {
if (from->m_set == false) {
return;
}
m_set = true;
m_unicodeCodePage = from->m_unicodeCodePage;
m_unicodeMapTable = from->m_unicodeMapTable;
return;
}
bool m_set;
double m_unicodeCodePage;
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
};
class RulesSetProperties {
public:
RulesSetProperties() :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(new DebugLog()),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
explicit RulesSetProperties(DebugLog *debugLog) :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(debugLog),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
RulesSetProperties(const RulesSetProperties &r) = delete;
RulesSetProperties &operator =(const RulesSetProperties &r) = delete;
~RulesSetProperties() {
int i = 0;
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<std::shared_ptr<actions::Action> > *tmp = \
&m_defaultActions[i];
while (tmp->empty() == false) {
tmp->pop_back();
}
}
delete m_debugLog;
delete m_auditLog;
}
/**
*
*
*/
enum ConfigBoolean {
TrueConfigBoolean,
FalseConfigBoolean,
PropertyNotSetConfigBoolean
};
/**
*
* The RuleEngine enumerator consists in mapping the different states
* of the rule engine.
*
*/
enum RuleEngine {
/**
*
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
*
*/
DisabledRuleEngine,
/**
*
* Rules will be evaluated and disturb actions will take place if needed.
*
*/
EnabledRuleEngine,
/**
* Rules will be evaluated but it won't generate any disruptive action.
*
*/
DetectionOnlyRuleEngine,
/**
*
*/
PropertyNotSetRuleEngine
};
/**
*
* Defines what actions should be taken in case the body (response or
* request) is bigger than the expected size.
*
*/
enum BodyLimitAction {
/**
*
* Process partial
*
*/
ProcessPartialBodyLimitAction,
/**
*
* Reject the request
*
*/
RejectBodyLimitAction,
/**
*
*/
PropertyNotSetBodyLimitAction
};
/**
*
* Defines what actions should be taken in case the remote rules failed to
* be downloaded (independent of the circumstances)
*
*
*/
enum OnFailedRemoteRulesAction {
/**
*
* Abort
*
*/
AbortOnFailedRemoteRulesAction,
/**
*
* Warn on logging
*
*/
WarnOnFailedRemoteRulesAction,
/**
*
*/
PropertyNotSetRemoteRulesAction
};
static const char *ruleEngineStateString(RuleEngine i) {
switch (i) {
case DisabledRuleEngine:
return "Disabled";
case EnabledRuleEngine:
return "Enabled";
case DetectionOnlyRuleEngine:
return "DetectionOnly";
case PropertyNotSetRuleEngine:
return "PropertyNotSet/DetectionOnly";
}
return NULL;
}
static std::string configBooleanString(ConfigBoolean i) {
switch (i) {
case TrueConfigBoolean:
return "True";
case FalseConfigBoolean:
return "False";
case PropertyNotSetConfigBoolean:
return "Not set";
}
return NULL;
}
static int mergeProperties(RulesSetProperties *from,
RulesSetProperties *to, std::ostringstream *err) {
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
PropertyNotSetRuleEngine);
merge_boolean_value(to->m_secRequestBodyAccess,
from->m_secRequestBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secResponseBodyAccess,
from->m_secResponseBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secXMLExternalEntity,
from->m_secXMLExternalEntity,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_uploadKeepFiles,
from->m_uploadKeepFiles,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_tmpSaveUploadedFiles,
from->m_tmpSaveUploadedFiles,
PropertyNotSetConfigBoolean);
to->m_argumentsLimit.merge(&from->m_argumentsLimit);
to->m_requestBodyJsonDepthLimit.merge(&from->m_requestBodyJsonDepthLimit);
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
to->m_requestBodyNoFilesLimit.merge(&from->m_requestBodyNoFilesLimit);
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
from->m_requestBodyLimitAction,
PropertyNotSetBodyLimitAction);
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
from->m_responseBodyLimitAction,
PropertyNotSetBodyLimitAction);
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
to->m_secWebAppId.merge(&from->m_secWebAppId);
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
to->m_httpblKey.merge(&from->m_httpblKey);
to->m_exceptions.merge(&from->m_exceptions);
to->m_components.insert(to->m_components.end(),
from->m_components.begin(), from->m_components.end());
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
to->m_responseBodyTypeToBeInspected.m_value.clear();
from->m_responseBodyTypeToBeInspected.m_value.clear();
} else {
for (std::set<std::string>::iterator
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end();
++it) {
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
}
}
to->m_responseBodyTypeToBeInspected.m_set = true;
}
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<std::shared_ptr<actions::Action> > *actions_from = \
&from->m_defaultActions[i];
std::vector<std::shared_ptr<actions::Action> > *actions_to = \
&to->m_defaultActions[i];
for (size_t j = 0; j < actions_from->size(); j++) {
actions_to->push_back(actions_from->at(j));
}
}
if (to->m_auditLog) {
std::string error;
to->m_auditLog->merge(from->m_auditLog, &error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogFileSet()) {
if (to->m_debugLog->isLogFileSet() == false) {
std::string error;
to->m_debugLog->setDebugLogFile(
from->m_debugLog->getDebugLogFile(),
&error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogLevelSet()) {
if (to->m_debugLog->isLogLevelSet() == false) {
to->m_debugLog->setDebugLogLevel(
from->m_debugLog->getDebugLogLevel());
}
}
return 1;
}
audit_log::AuditLog *m_auditLog;
BodyLimitAction m_requestBodyLimitAction;
BodyLimitAction m_responseBodyLimitAction;
ConfigBoolean m_secRequestBodyAccess;
ConfigBoolean m_secResponseBodyAccess;
ConfigBoolean m_secXMLExternalEntity;
ConfigBoolean m_tmpSaveUploadedFiles;
ConfigBoolean m_uploadKeepFiles;
ConfigDouble m_argumentsLimit;
ConfigDouble m_requestBodyJsonDepthLimit;
ConfigDouble m_requestBodyLimit;
ConfigDouble m_requestBodyNoFilesLimit;
ConfigDouble m_responseBodyLimit;
ConfigInt m_uploadFileLimit;
ConfigInt m_uploadFileMode;
DebugLog *m_debugLog;
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
RuleEngine m_secRuleEngine;
RulesExceptions m_exceptions;
std::list<std::string> m_components;
std::ostringstream m_parserError;
ConfigSet m_responseBodyTypeToBeInspected;
ConfigString m_httpblKey;
ConfigString m_uploadDirectory;
ConfigString m_uploadTmpDirectory;
ConfigString m_secArgumentSeparator;
ConfigString m_secWebAppId;
std::vector<std::shared_ptr<actions::Action> > \
m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
ConfigUnicodeMap m_unicodeMapTable;
};
#endif
#ifdef __cplusplus
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_

105
src/deps/src/ModSecurity/headers/modsecurity/transaction.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -26,6 +26,7 @@
#include <utility>
#include <vector>
#include <memory>
#include <stack>
#endif
#include <stdlib.h>
@ -37,7 +38,7 @@
#ifndef __cplusplus
typedef struct ModSecurity_t ModSecurity;
typedef struct Transaction_t Transaction;
typedef struct Rules_t Rules;
typedef struct Rules_t RulesSet;
#endif
#include "modsecurity/anchored_set_variable.h"
@ -47,12 +48,15 @@ typedef struct Rules_t Rules;
#include "modsecurity/variable_value.h"
#include "modsecurity/collection/collection.h"
#include "modsecurity/variable_origin.h"
#include "modsecurity/anchored_set_variable_translation_proxy.h"
#include "modsecurity/audit_log.h"
#ifndef NO_LOGS
#define ms_dbg(b, c) \
do { \
if (m_rules && m_rules->m_debugLog && m_rules->m_debugLog->m_debugLevel >= b) { \
m_rules->debug(b, m_id, m_uri, c); \
m_rules->debug(b, *m_id.get(), m_uri, c); \
} \
} while (0);
#else
@ -98,7 +102,7 @@ namespace modsecurity {
class ModSecurity;
class Transaction;
class Rules;
class RulesSet;
class RuleMessage;
namespace actions {
class Action;
@ -109,6 +113,7 @@ enum AllowType : int;
namespace RequestBodyProcessor {
class XML;
class JSON;
class MultipartPartTmpFile;
}
namespace operators {
class Operator;
@ -118,10 +123,7 @@ class Operator;
class TransactionAnchoredVariables {
public:
explicit TransactionAnchoredVariables(Transaction *t)
: m_variableArgsNames(t, "ARGS_NAMES"),
m_variableArgsGetNames(t, "ARGS_GET_NAMES"),
m_variableArgsPostNames(t, "ARGS_POST_NAMES"),
m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
: m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
m_variableARGScombinedSize(t, "ARGS_COMBINED_SIZE"),
@ -199,12 +201,13 @@ class TransactionAnchoredVariables {
m_variableGeo(t, "GEO"),
m_variableRequestCookiesNames(t, "REQUEST_COOKIES_NAMES"),
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
m_variableOffset(0)
m_variableMultipartPartHeaders(t, "MULTIPART_PART_HEADERS"),
m_variableOffset(0),
m_variableArgsNames("ARGS_NAMES", &m_variableArgs),
m_variableArgsGetNames("ARGS_GET_NAMES", &m_variableArgsGet),
m_variableArgsPostNames("ARGS_POST_NAMES", &m_variableArgsPost)
{ }
AnchoredSetVariable m_variableArgsNames;
AnchoredSetVariable m_variableArgsGetNames;
AnchoredSetVariable m_variableArgsPostNames;
AnchoredSetVariable m_variableRequestHeadersNames;
AnchoredVariable m_variableResponseContentType;
AnchoredSetVariable m_variableResponseHeadersNames;
@ -280,19 +283,57 @@ class TransactionAnchoredVariables {
AnchoredSetVariable m_variableGeo;
AnchoredSetVariable m_variableRequestCookiesNames;
AnchoredSetVariable m_variableFilesTmpNames;
AnchoredSetVariable m_variableMultipartPartHeaders;
int m_variableOffset;
AnchoredSetVariableTranslationProxy m_variableArgsNames;
AnchoredSetVariableTranslationProxy m_variableArgsGetNames;
AnchoredSetVariableTranslationProxy m_variableArgsPostNames;
};
class TransactionSecMarkerManagement {
public:
bool isInsideAMarker() const {
if (m_marker) {
return true;
}
return false;
}
std::shared_ptr<std::string> getCurrentMarker() const {
if (m_marker) {
return m_marker;
} else {
throw;
}
}
void removeMarker() {
m_marker.reset();
}
void addMarker(const std::shared_ptr<std::string> &name) {
m_marker = name;
}
private:
std::shared_ptr<std::string> m_marker;
};
/** @ingroup ModSecurity_CPP_API */
class Transaction : public TransactionAnchoredVariables {
class Transaction : public TransactionAnchoredVariables, public TransactionSecMarkerManagement {
public:
Transaction(ModSecurity *transaction, Rules *rules, void *logCbData);
Transaction(ModSecurity *transaction, Rules *rules, char *id,
Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData);
Transaction(ModSecurity *transaction, RulesSet *rules, char *id,
void *logCbData);
~Transaction();
Transaction ( const Transaction & ) = delete;
bool operator ==(const Transaction &b) const { return false; };
Transaction &operator =(const Transaction &b) const = delete;
/** TODO: Should be an structure that fits an IP address */
int processConnection(const char *client, int cPort,
const char *server, int sPort);
@ -355,16 +396,16 @@ class Transaction : public TransactionAnchoredVariables {
bool extractArguments(const std::string &orig, const std::string& buf,
size_t offset);
const char *getResponseBody();
const char *getResponseBody() const;
size_t getResponseBodyLength();
size_t getRequestBodyLength();
#ifndef NO_LOGS
void debug(int, std::string) const;
void debug(int, const std::string&) const;
#endif
void serverLog(std::shared_ptr<RuleMessage> rm);
int getRuleEngineState();
int getRuleEngineState() const;
std::string toJSON(int parts);
std::string toOldAuditLogFormat(int parts, const std::string &trailer);
@ -386,7 +427,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Holds the client IP address.
*/
std::string m_clientIpAddress;
std::shared_ptr<std::string> m_clientIpAddress;
/**
* Holds the HTTP version: 1.2, 2.0, 3.0 and so on....
@ -396,7 +437,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Holds the server IP Address
*/
std::string m_serverIpAddress;
std::shared_ptr<std::string> m_serverIpAddress;
/**
* Holds the raw URI that was requested.
@ -406,7 +447,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Holds the URI that was requests (without the query string).
*/
std::string m_uri_no_query_string_decoded;
std::shared_ptr<std::string> m_uri_no_query_string_decoded;
/**
* Holds the combined size of all arguments, later used to fill the
@ -455,7 +496,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Rules object utilized during this specific transaction.
*/
Rules *m_rules;
RulesSet *m_rules;
/**
*
@ -491,6 +532,12 @@ class Transaction : public TransactionAnchoredVariables {
*/
std::list< std::pair<int, std::string> > m_auditLogModifier;
/**
* This transaction's most recent action ctl:auditEngine
*
*/
audit_log::AuditLog::AuditLogStatus m_ctlAuditEngine;
/**
* This variable holds all the messages asked to be save by the utilization
* of the actions: `log_data' and `msg'. These should be included on the
@ -512,13 +559,7 @@ class Transaction : public TransactionAnchoredVariables {
* Contains the unique ID of the transaction. Use by the variable
* `UNIQUE_ID'. This unique id is also saved as part of the AuditLog.
*/
std::string m_id;
/**
* Holds the SecMarker name that this transaction should wait to perform
* rules evaluation again.
*/
std::string m_marker;
std::shared_ptr<std::string> m_id;
/**
* Holds the amount of rules that should be skipped. If bigger than 0 the
@ -583,6 +624,8 @@ class Transaction : public TransactionAnchoredVariables {
std::string m_variableTimeWDay;
std::string m_variableTimeYear;
std::vector<std::shared_ptr<RequestBodyProcessor::MultipartPartTmpFile>> m_multipartPartTmpFiles;
private:
/**
* Pointer to the callback function that will be called to fill
@ -600,11 +643,11 @@ extern "C" {
/** @ingroup ModSecurity_C_API */
Transaction *msc_new_transaction(ModSecurity *ms,
Rules *rules, void *logCbData);
RulesSet *rules, void *logCbData);
/** @ingroup ModSecurity_C_API */
Transaction *msc_new_transaction_with_id(ModSecurity *ms,
Rules *rules, char *id, void *logCbData);
RulesSet *rules, char *id, void *logCbData);
/** @ingroup ModSecurity_C_API */
int msc_process_connection(Transaction *transaction,

2
src/deps/src/ModSecurity/headers/modsecurity/variable_origin.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at

20
src/deps/src/ModSecurity/headers/modsecurity/variable_value.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -39,28 +39,28 @@ class VariableValue {
public:
using Origins = std::list<std::unique_ptr<VariableOrigin>>;
VariableValue(const std::string *key,
explicit VariableValue(const std::string *key,
const std::string *value = nullptr)
: m_key(*key),
: m_collection(""),
m_key(*key),
m_keyWithCollection(*key),
m_collection(""),
m_value(value != nullptr?*value:"")
{ }
VariableValue(const std::string *collection,
const std::string *key,
const std::string *value)
: m_key(*key),
: m_collection(*collection),
m_key(*key),
m_keyWithCollection(*collection + ":" + *key),
m_collection(*collection),
m_value(*value)
{ }
explicit VariableValue(const VariableValue *o) :
m_key(o->m_key),
m_value(o->m_value),
m_collection(o->m_collection),
m_keyWithCollection(o->m_keyWithCollection)
m_key(o->m_key),
m_keyWithCollection(o->m_keyWithCollection),
m_value(o->m_value)
{
for (auto &i : o->m_orign) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
@ -70,6 +70,8 @@ class VariableValue {
}
}
VariableValue(const VariableValue &v) = delete;
const std::string& getKey() const {
return m_key;

28
src/deps/src/ModSecurity/modsecurity.conf-recommended
View File

@ -19,16 +19,23 @@ SecRequestBodyAccess On
# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type
#
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Enable JSON request body parser.
# Initiate JSON Processor in case of JSON content-type; change accordingly
# if your application does not use 'application/json'
#
SecRule REQUEST_HEADERS:Content-Type "application/json" \
SecRule REQUEST_HEADERS:Content-Type "^application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Sample rule to enable JSON request body parser for more subtypes.
# Uncomment or adapt this rule if you want to engage the JSON
# Processor for "+json" subtypes
#
#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Maximum request body size we will accept for buffering. If you support
# file uploads then the value given on the first line has to be as large
# as the largest file you are willing to accept. The second value refers
@ -38,13 +45,28 @@ SecRule REQUEST_HEADERS:Content-Type "application/json" \
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
# What do do if the request body size is above our configured limit.
# What to do if the request body size is above our configured limit.
# Keep in mind that this setting will automatically be set to ProcessPartial
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
# disruptions when initially deploying ModSecurity.
#
SecRequestBodyLimitAction Reject
# Maximum parsing depth allowed for JSON objects. You want to keep this
# value as low as practical.
#
SecRequestBodyJsonDepthLimit 512
# Maximum number of args allowed per request. You want to keep this
# value as low as practical. The value should match that in rule 200007.
SecArgumentsLimit 1000
# If SecArgumentsLimit has been set, you probably want to reject any
# request body that has only been partly parsed. The value used in this
# rule should match what was used with SecArgumentsLimit
SecRule &ARGS "@ge 1000" \
"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)

1
src/deps/src/ModSecurity/modsecurity.pc.in
View File

@ -8,3 +8,4 @@ Description: ModSecurity API
Version: @MSC_VERSION_WITH_PATCHLEVEL@
Cflags: -I@includedir@
Libs: -L@libdir@ -lmodsecurity
Libs.private: @CURL_LDADD@ @GEOIP_LDADD@ @MAXMIND_LDADD@ @GLOBAL_LDADD@ @LIBXML2_LDADD@ @LMDB_LDADD@ @LUA_LDADD@ @PCRE_LDADD@ @SSDEEP_LDADD@ @YAJL_LDADD@

25
src/deps/src/ModSecurity/src/Makefile.am
View File

@ -35,6 +35,7 @@ MAINTAINERCLEANFILES = \
pkginclude_HEADERS = \
../headers/modsecurity/anchored_set_variable_translation_proxy.h \
../headers/modsecurity/anchored_set_variable.h \
../headers/modsecurity/anchored_variable.h \
../headers/modsecurity/audit_log.h \
@ -42,10 +43,16 @@ pkginclude_HEADERS = \
../headers/modsecurity/intervention.h \
../headers/modsecurity/modsecurity.h \
../headers/modsecurity/rule.h \
../headers/modsecurity/rule_message.h \
../headers/modsecurity/rule_marker.h \
../headers/modsecurity/rule_unconditional.h \
../headers/modsecurity/rule_with_actions.h \
../headers/modsecurity/rule_with_operator.h \
../headers/modsecurity/rules.h \
../headers/modsecurity/rule_message.h \
../headers/modsecurity/rules_set.h \
../headers/modsecurity/rules_set_phases.h \
../headers/modsecurity/rules_set_properties.h \
../headers/modsecurity/rules_exceptions.h \
../headers/modsecurity/rules_properties.h \
../headers/modsecurity/transaction.h \
../headers/modsecurity/variable_origin.h \
../headers/modsecurity/variable_value.h
@ -111,6 +118,7 @@ ACTIONS = \
actions/capture.cc \
actions/chain.cc \
actions/ctl/audit_log_parts.cc \
actions/ctl/audit_engine.cc \
actions/ctl/rule_engine.cc \
actions/ctl/request_body_processor_json.cc \
actions/ctl/request_body_processor_xml.cc \
@ -215,6 +223,7 @@ OPERATORS = \
operators/rbl.cc \
operators/rsub.cc \
operators/rx.cc \
operators/rx_global.cc \
operators/str_eq.cc \
operators/str_match.cc \
operators/validate_byte_range.cc \
@ -273,16 +282,20 @@ libmodsecurity_la_SOURCES = \
audit_log/writer/serial.cc \
audit_log/writer/parallel.cc \
modsecurity.cc \
rules.cc \
rules_set.cc \
rules_set_phases.cc \
rules_set_properties.cc \
debug_log/debug_log.cc \
debug_log/debug_log_writer.cc \
run_time_string.cc \
rule.cc \
rule_unconditional.cc \
rule_with_actions.cc \
rule_with_operator.cc \
rule_message.cc \
rule_script.cc \
unique_id.cc \
rules_exceptions.cc \
rules_properties.cc \
${BODY_PROCESSORS} \
${ACTIONS} \
${ENGINES} \
@ -303,6 +316,7 @@ libmodsecurity_la_CPPFLAGS = \
-fPIC \
-O3 \
-I../headers \
$(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
@ -310,6 +324,7 @@ libmodsecurity_la_CPPFLAGS = \
$(YAJL_CFLAGS) \
$(LMDB_CFLAGS) \
$(PCRE_CFLAGS) \
$(PCRE2_CFLAGS) \
$(SSDEEP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(LUA_CFLAGS) \
@ -325,6 +340,7 @@ libmodsecurity_la_LDFLAGS = \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(PCRE_LDFLAGS) \
$(PCRE2_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \
@ -341,6 +357,7 @@ libmodsecurity_la_LIBADD = \
../others/libinjection.la \
../others/libmbedtls.la \
$(PCRE_LDADD) \
$(PCRE2_LDADD) \
$(MAXMIND_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

4
src/deps/src/ModSecurity/src/actions/accuracy.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -39,7 +39,7 @@ bool Accuracy::init(std::string *error) {
}
bool Accuracy::evaluate(Rule *rule, Transaction *transaction) {
bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_accuracy = m_accuracy;
return true;
}

6
src/deps/src/ModSecurity/src/actions/accuracy.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -29,11 +29,11 @@ namespace actions {
class Accuracy : public Action {
public:
explicit Accuracy(std::string action)
explicit Accuracy(const std::string &action)
: Action(action, ConfigurationKind),
m_accuracy(0) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:

6
src/deps/src/ModSecurity/src/actions/action.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -45,13 +45,13 @@ namespace modsecurity {
namespace actions {
std::string Action::evaluate(std::string value,
std::string Action::evaluate(const std::string &value,
Transaction *transaction) {
return value;
}
bool Action::evaluate(Rule *rule, Transaction *transaction) {
bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) {
return true;
}

6
src/deps/src/ModSecurity/src/actions/audit_log.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -21,13 +21,13 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule_message.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
namespace modsecurity {
namespace actions {
bool AuditLog::evaluate(Rule *rule, Transaction *transaction,
bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
rm->m_noAuditLog = false;
ms_dbg_a(transaction, 9, "Saving transaction to logs");

6
src/deps/src/ModSecurity/src/actions/audit_log.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -32,10 +32,10 @@ namespace actions {
class AuditLog : public Action {
public:
explicit AuditLog(std::string action)
explicit AuditLog(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction,
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
};

8
src/deps/src/ModSecurity/src/actions/block.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -19,9 +19,9 @@
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "modsecurity/intervention.h"
#include "src/actions/data/status.h"
@ -29,11 +29,11 @@ namespace modsecurity {
namespace actions {
bool Block::evaluate(Rule *rule, Transaction *transaction,
bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
ms_dbg_a(transaction, 8, "Marking request as disruptive.");
for (Action *a : transaction->m_rules->m_defaultActions[rule->m_phase]) {
for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
if (a->isDisruptive() == false) {
continue;
}

6
src/deps/src/ModSecurity/src/actions/block.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -33,9 +33,9 @@ namespace actions {
class Block : public Action {
public:
explicit Block(std::string action) : Action(action) { }
explicit Block(const std::string &action) : Action(action) { }
bool evaluate(Rule *rule, Transaction *transaction,
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
};

4
src/deps/src/ModSecurity/src/actions/capture.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -32,7 +32,7 @@ namespace modsecurity {
namespace actions {
bool Capture::evaluate(Rule *rule, Transaction *transaction) {
bool Capture::evaluate(RuleWithActions *rule, Transaction *transaction) {
return true;
}

8
src/deps/src/ModSecurity/src/actions/capture.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -22,16 +22,16 @@
namespace modsecurity {
class Rule;
class RuleWithOperator;
namespace actions {
class Capture : public Action {
public:
explicit Capture(std::string action)
explicit Capture(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};

6
src/deps/src/ModSecurity/src/actions/chain.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -25,8 +25,8 @@ namespace modsecurity {
namespace actions {
bool Chain::evaluate(Rule *rule, Transaction *transaction) {
rule->m_chained = true;
bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->setChained(true);
return true;
}

8
src/deps/src/ModSecurity/src/actions/chain.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -25,17 +25,17 @@ class Transaction;
namespace modsecurity {
class Transaction;
class Rule;
class RuleWithOperator;
namespace actions {
class Chain : public Action {
public:
explicit Chain(std::string action)
explicit Chain(const std::string &action)
: Action(action, ConfigurationKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};
} // namespace actions

63
src/deps/src/ModSecurity/src/actions/ctl/audit_engine.cc Normal file
View File

@ -0,0 +1,63 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/actions/ctl/audit_engine.h"
#include <string>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
namespace modsecurity {
namespace actions {
namespace ctl {
bool AuditEngine::init(std::string *error) {
std::string what(m_parser_payload, 12, m_parser_payload.size() - 12);
if (what == "on") {
m_auditEngine = audit_log::AuditLog::AuditLogStatus::OnAuditLogStatus;
} else if (what == "off") {
m_auditEngine = audit_log::AuditLog::AuditLogStatus::OffAuditLogStatus;
} else if (what == "relevantonly") {
m_auditEngine = audit_log::AuditLog::AuditLogStatus::RelevantOnlyAuditLogStatus;
} else {
error->assign("Internal error. Expected: On, Off or RelevantOnly; " \
"got: " + m_parser_payload);
return false;
}
return true;
}
bool AuditEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
std::stringstream a;
a << "Setting SecAuditEngine to ";
a << std::to_string(m_auditEngine);
a << " as requested by a ctl:auditEngine action";
ms_dbg_a(transaction, 8, a.str());
transaction->m_ctlAuditEngine = m_auditEngine;
return true;
}
} // namespace ctl
} // namespace actions
} // namespace modsecurity

51
src/deps/src/ModSecurity/src/actions/ctl/audit_engine.h Normal file
View File

@ -0,0 +1,51 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#ifndef SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
#define SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
namespace modsecurity {
class Transaction;
namespace actions {
namespace ctl {
class AuditEngine : public Action {
public:
explicit AuditEngine(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_auditEngine(audit_log::AuditLog::AuditLogStatus::NotSetLogStatus) { }
bool init(std::string *error) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
audit_log::AuditLog::AuditLogStatus m_auditEngine;
};
} // namespace ctl
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_CTL_AUDIT_ENGINE_H_

4
src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -38,7 +38,7 @@ bool AuditLogParts::init(std::string *error) {
return true;
}
bool AuditLogParts::evaluate(Rule *rule, Transaction *transaction) {
bool AuditLogParts::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_auditLogModifier.push_back(
std::make_pair(mPartsAction, mParts));
return true;

6
src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -28,12 +28,12 @@ namespace ctl {
class AuditLogParts : public Action {
public:
explicit AuditLogParts(std::string action)
explicit AuditLogParts(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
mPartsAction(0),
mParts("") { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
protected:

10
src/deps/src/ModSecurity/src/actions/ctl/request_body_access.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -18,7 +18,7 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_properties.h"
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/transaction.h"
namespace modsecurity {
@ -42,11 +42,11 @@ bool RequestBodyAccess::init(std::string *error) {
return true;
}
bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) {
bool RequestBodyAccess::evaluate(RuleWithActions *rule, Transaction *transaction) {
if (m_request_body_access) {
transaction->m_requestBodyAccess = RulesProperties::TrueConfigBoolean;
transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean;
} else {
transaction->m_requestBodyAccess = RulesProperties::FalseConfigBoolean;
transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean;
}
return true;

6
src/deps/src/ModSecurity/src/actions/ctl/request_body_access.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -29,12 +29,12 @@ namespace ctl {
class RequestBodyAccess : public Action {
public:
explicit RequestBodyAccess(std::string action)
explicit RequestBodyAccess(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_request_body_access(false) { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool m_request_body_access;
};

4
src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -25,7 +25,7 @@ namespace actions {
namespace ctl {
bool RequestBodyProcessorJSON::evaluate(Rule *rule,
bool RequestBodyProcessorJSON::evaluate(RuleWithActions *rule,
Transaction *transaction) {
transaction->m_requestBodyProcessor = Transaction::JSONRequestBody;
transaction->m_variableReqbodyProcessor.set("JSON",

6
src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -28,10 +28,10 @@ namespace ctl {
class RequestBodyProcessorJSON : public Action {
public:
explicit RequestBodyProcessorJSON(std::string action)
explicit RequestBodyProcessorJSON(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};

4
src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -25,7 +25,7 @@ namespace actions {
namespace ctl {
bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule,
bool RequestBodyProcessorURLENCODED::evaluate(RuleWithActions *rule,
Transaction *transaction) {
transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded;
transaction->m_variableReqbodyProcessor.set("URLENCODED",

6
src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -28,10 +28,10 @@ namespace ctl {
class RequestBodyProcessorURLENCODED : public Action {
public:
explicit RequestBodyProcessorURLENCODED(std::string action)
explicit RequestBodyProcessorURLENCODED(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};

4
src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -25,7 +25,7 @@ namespace actions {
namespace ctl {
bool RequestBodyProcessorXML::evaluate(Rule *rule,
bool RequestBodyProcessorXML::evaluate(RuleWithActions *rule,
Transaction *transaction) {
transaction->m_requestBodyProcessor = Transaction::XMLRequestBody;
transaction->m_variableReqbodyProcessor.set("XML",

6
src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -28,10 +28,10 @@ namespace ctl {
class RequestBodyProcessorXML : public Action {
public:
explicit RequestBodyProcessorXML(std::string action)
explicit RequestBodyProcessorXML(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};

16
src/deps/src/ModSecurity/src/actions/ctl/rule_engine.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -18,8 +18,8 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_properties.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
namespace modsecurity {
@ -31,11 +31,11 @@ bool RuleEngine::init(std::string *error) {
std::string what(m_parser_payload, 11, m_parser_payload.size() - 11);
if (what == "on") {
m_ruleEngine = RulesProperties::EnabledRuleEngine;
m_ruleEngine = RulesSetProperties::EnabledRuleEngine;
} else if (what == "off") {
m_ruleEngine = RulesProperties::DisabledRuleEngine;
m_ruleEngine = RulesSetProperties::DisabledRuleEngine;
} else if (what == "detectiononly") {
m_ruleEngine = RulesProperties::DetectionOnlyRuleEngine;
m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine;
} else {
error->assign("Internal error. Expected: On, Off or DetectionOnly; " \
"got: " + m_parser_payload);
@ -45,10 +45,10 @@ bool RuleEngine::init(std::string *error) {
return true;
}
bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) {
bool RuleEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
std::stringstream a;
a << "Setting SecRuleEngine to ";
a << modsecurity::RulesProperties::ruleEngineStateString(m_ruleEngine);
a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine);
a << " as requested by a ctl:ruleEngine action";
ms_dbg_a(transaction, 8, a.str());

12
src/deps/src/ModSecurity/src/actions/ctl/rule_engine.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -15,9 +15,9 @@
#include <string>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules_properties.h"
#ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_
@ -30,14 +30,14 @@ namespace ctl {
class RuleEngine : public Action {
public:
explicit RuleEngine(std::string action)
explicit RuleEngine(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_ruleEngine(RulesProperties::PropertyNotSetRuleEngine) { }
m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
RulesProperties::RuleEngine m_ruleEngine;
RulesSetProperties::RuleEngine m_ruleEngine;
};

4
src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -83,7 +83,7 @@ bool RuleRemoveById::init(std::string *error) {
return false;
}
bool RuleRemoveById::evaluate(Rule *rule, Transaction *transaction) {
bool RuleRemoveById::evaluate(RuleWithActions *rule, Transaction *transaction) {
for (auto &i : m_ids) {
transaction->m_ruleRemoveById.push_back(i);
}

6
src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -29,11 +29,11 @@ namespace ctl {
class RuleRemoveById : public Action {
public:
explicit RuleRemoveById(std::string action)
explicit RuleRemoveById(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
std::list<std::pair<int, int> > m_ranges;
std::list<int> m_ids;

4
src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -32,7 +32,7 @@ bool RuleRemoveByTag::init(std::string *error) {
return true;
}
bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) {
bool RuleRemoveByTag::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_ruleRemoveByTag.push_back(m_tag);
return true;
}

6
src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -29,12 +29,12 @@ namespace ctl {
class RuleRemoveByTag : public Action {
public:
explicit RuleRemoveByTag(std::string action)
explicit RuleRemoveByTag(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_tag("") { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
std::string m_tag;
};

4
src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.cc
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -51,7 +51,7 @@ bool RuleRemoveTargetById::init(std::string *error) {
return true;
}
bool RuleRemoveTargetById::evaluate(Rule *rule, Transaction *transaction) {
bool RuleRemoveTargetById::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_ruleRemoveTargetById.push_back(
std::make_pair(m_id, m_target));
return true;

6
src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.h
View File

@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@ -29,13 +29,13 @@ namespace ctl {
class RuleRemoveTargetById : public Action {
public:
explicit RuleRemoveTargetById(std::string action)
explicit RuleRemoveTargetById(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_id(0),
m_target("") { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
int m_id;
std::string m_target;

Some files were not shown because too many files have changed in this diff Show More