diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile
index d79d870af..cf406d753 100644
--- a/src/bw/Dockerfile
+++ b/src/bw/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.20.2-alpine AS builder
+FROM nginx:1.22.1-alpine AS builder
# Copy dependencies sources folder
COPY src/deps /tmp/bunkerweb/deps
@@ -21,7 +21,7 @@ RUN apk add --no-cache --virtual build py3-pip && \
pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
apk del build
-FROM nginx:1.20.2-alpine
+FROM nginx:1.22.1-alpine
# Copy dependencies
COPY --from=builder /usr/share/bunkerweb /usr/share/bunkerweb
@@ -43,7 +43,7 @@ COPY src/common/utils /usr/share/bunkerweb/utils
COPY src/VERSION /usr/share/bunkerweb/VERSION
# Install runtime dependencies, pypi packages, move bwcli, create data folders and set permissions
-RUN apk add --no-cache bash python3 && \
+RUN apk add --no-cache pcre bash python3 && \
cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
echo "Docker" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /var/tmp/bunkerweb && \
diff --git a/src/common/db/requirements.in b/src/common/db/requirements.in
index c34ca6e68..08794418f 100644
--- a/src/common/db/requirements.in
+++ b/src/common/db/requirements.in
@@ -1,4 +1,4 @@
-sqlalchemy==1.4.43
+sqlalchemy==1.4.44
psycopg2-binary==2.9.5
PyMySQL==1.0.2
-oracledb==1.1.1
+oracledb==1.2.0
diff --git a/src/common/db/requirements.txt b/src/common/db/requirements.txt
index 6b6bf01f3..680a12887 100644
--- a/src/common/db/requirements.txt
+++ b/src/common/db/requirements.txt
@@ -160,30 +160,35 @@ greenlet==2.0.1 \
--hash=sha256:f6327b6907b4cb72f650a5b7b1be23a2aab395017aa6f1adb13069d66360eb3f \
--hash=sha256:fb412b7db83fe56847df9c47b6fe3f13911b06339c2aa02dcc09dce8bbf582cd
# via sqlalchemy
-oracledb==1.1.1 \
- --hash=sha256:07846a86f481f9105dbf53390e1cb6b422ac929717949fbe9f2251a11a8f4332 \
- --hash=sha256:0f731830519aef5b8c90c051ac631bdb9458a960a95945532dcf91c2cb66edf2 \
- --hash=sha256:0f7ab47b95b5c7dad464fbcdad0731ee2e99defdecaf2d05808bceb7038d2489 \
- --hash=sha256:24296ff54bca75c3b26df7b988a3b49ccd51d6070fc15d4e1cafafb277361f97 \
- --hash=sha256:36d767d2e2a6abbb3f52ea76625f040bdaf32a141a4aa64942952e7e99051e0b \
- --hash=sha256:393245177e3a0fcddbbc4f738fe8bdff92d19f7656f0baf87aaef8c12ee0fe62 \
- --hash=sha256:39bf05208ada7c99ff85cd879f2a9f64c8f8fe73d4ce11d037f2bbedab0c4020 \
- --hash=sha256:6a0ddb1f248912d1b5bbbef191f60d9e9b00700085004de068fa1986e0755295 \
- --hash=sha256:6c643aa1826129af55688dc0a4a78a0525c991e17da26390e9f676067f92ddfe \
- --hash=sha256:6cf4f9031b8c6262d75aac1af3c8246a73697ebcf91fd33eb0c82f6cd2100716 \
- --hash=sha256:73f98552bb283baf385dba06a75d1de77f14d5870334c25ea5054e9d32fb6d1e \
- --hash=sha256:7c5bd39b08c8adbf7a92385cb3a3689976301249364003929f71d4559fbf95c5 \
- --hash=sha256:878cd5e18e0ad5885d1a74fd9a5f2e38eb320b6902ba63ad0a51aebd4bb4d68a \
- --hash=sha256:88319c122f190b02ddf99cd278c1a7942c361b0037f8d9cf83142b4019c09602 \
- --hash=sha256:8e0525c23b9a349a0ca63d6c2ef8e0fc6c526f2fffae8087ca5b43cef9969d6a \
- --hash=sha256:90e01f66a1251da02f2dea4ac42a591e22b1c0b67ba2a6964fd01ef09a014b82 \
- --hash=sha256:9be9d00b3f3118bacdffef8a9173a2ea3188552083d93129b1ab8c7907b3eea4 \
- --hash=sha256:da65ea1b598de23ef9453cf6dfa3c7cc0f1645c9c63058098b1a92ed0d0619fb \
- --hash=sha256:df25a33c00cd294cfee7b1112243a3b0d8d17982d1be301ba7c0b4c82eb8bc88 \
- --hash=sha256:dffcc7fe4292b2382c3e8c0c81b83f409ad8d7ddcfaee090dc2d9e3b4f4ca2c9 \
- --hash=sha256:f1aba62d17b2d2c91c410f384e05fdc94c1b36cb82ebb136842c82a37b7f981e \
- --hash=sha256:f233a4d374379e5ecd86e776f2061308f5c2655ff62c2bdb43d8d7b9969cbc88 \
- --hash=sha256:f35f8368dcd3adc33d1a695434fd994f78bb56a258136a6812b244e4ada24585
+oracledb==1.2.0 \
+ --hash=sha256:1086bb446fdfaf3571d61ea0c3000afe2b2326aa27c9b75252a281e5d09c5aa9 \
+ --hash=sha256:171b932eba53782500123047b23984c01c5d7d997d567108931e96538cbafd26 \
+ --hash=sha256:1d5aff76c2bb2e6ca0ce7377381bb1d5869977deeaea6f8e675762d7ffffb0ad \
+ --hash=sha256:2e0636c5b26d30b047f5acd60de20f6226936f9a4d30dec6f3b35edee08b6bbd \
+ --hash=sha256:393c12c7f7adbd05e7650ca871e20485680305add0f76ae87247af9055d97153 \
+ --hash=sha256:3b9adac2f87113c573582d4b48c1b28adb0e67115aa9f8db721a9c0a172048ee \
+ --hash=sha256:43c856aacadb786d234e7508f28fcaf1b8888da052c6b9f1284702ca6509d7d5 \
+ --hash=sha256:45a6ab3a7fdc2142fce95930d90bdef7dde1e344ab897b4381b5e381d11ba5e3 \
+ --hash=sha256:4dad11f14d2cfa6276ea52f033bdd6ac98cc809c731acee2d23ecbefac76a7b8 \
+ --hash=sha256:551ac2acde38a72380f5a3e93128262ece4e27aa5acb13d058e5aa10362031a5 \
+ --hash=sha256:59bb3f3f66f4affe347ef138f85548c5cb919309e74a73d09a8f03f35af436b7 \
+ --hash=sha256:6f7b7608c674b09527edb3a8fb6d4a688ecdbba6ad51d32930ddbfea7a9b389e \
+ --hash=sha256:74f5c2f13dbebcaeac810ae72bfa19c115d7749959833ebaaae4b497695a625f \
+ --hash=sha256:7b2fb0aacebde75d667e21cbb53e65ebc5d4110bd6b263c4d8a3798d2e0c889f \
+ --hash=sha256:8043124a55b3946bffd9ebb83953141f62f9d14fb30fa4b9cfcb09bdd7e2fae5 \
+ --hash=sha256:86fa01c9aa20edb533ec1dfde33fa097631e8fcc044a74ffba5e892313774d5a \
+ --hash=sha256:8d12a9cd1d64dffcc442c405d84d23af79cde5d855831b2ae43cc8e1b39b9163 \
+ --hash=sha256:989524ea2e54269b9119340d3ad690f0aacafa50f028d9ea9dad96b0b8ac8b4a \
+ --hash=sha256:a48772323ce560fd85d5474bd9c9c858f79621eba85b766cb5e16f5a9d4a48dc \
+ --hash=sha256:a69ad4a65872e323a64fd7348eafcc9a1ae7725ddb3918ceb78037f98d6becde \
+ --hash=sha256:c03ffd713a2ca5551ae44d103e72b3ecf440a5041b99b2bf8462d5e54a8c01c5 \
+ --hash=sha256:c4fcb54bc7910193760ea5a210310a88d22e06647f973a3951516c6533b8faa6 \
+ --hash=sha256:d8b04167bb490895f924e43387b69dcf12aabef651becc245c38de40822e2c93 \
+ --hash=sha256:dbe550e2fbd8ebdd5dcc1426ae5137f0ab3da435109e2a4947372eb8d73190b2 \
+ --hash=sha256:dfee7490715a29db9fa11758c3732516dfec731511cea1cfe606c411250c6681 \
+ --hash=sha256:e50fa0ef531df0b57cdf5b31bee6bc86fdcc27f5b5635e6ab057a46605db72e0 \
+ --hash=sha256:ed037b902ed0b90067a71d2a38abb967692a9d82b100386159e1d693f8228b52 \
+ --hash=sha256:f3c9a78b623696448834dc0ab49a18f985acb3cebb6fb96f4cdfbee17f9d2aa9
# via -r requirements.in
psycopg2-binary==2.9.5 \
--hash=sha256:00475004e5ed3e3bf5e056d66e5dcdf41a0dc62efcd57997acd9135c40a08a50 \
@@ -266,46 +271,46 @@ pymysql==1.0.2 \
--hash=sha256:41fc3a0c5013d5f039639442321185532e3e2c8924687abe6537de157d403641 \
--hash=sha256:816927a350f38d56072aeca5dfb10221fe1dc653745853d30a216637f5d7ad36
# via -r requirements.in
-sqlalchemy==1.4.43 \
- --hash=sha256:0c8a174f23bc021aac97bcb27fbe2ae3d4652d3d23e5768bc2ec3d44e386c7eb \
- --hash=sha256:13ce4f3a068ec4ef7598d2a77f42adc3d90c76981f5a7c198756b25c4f4a22ea \
- --hash=sha256:1d16aca30fad4753aeb4ebde564bbd4a248b9673e4f879b940f4e806a17be87f \
- --hash=sha256:23a4569d3db1ce44370d05c5ad79be4f37915fcc97387aef9da232b95db7b695 \
- --hash=sha256:27479b5a1e110e64c56b18ffbf8cf99e101572a3d1a43943ea02158f1304108e \
- --hash=sha256:2fef01240d32ada9007387afd8e0b2230f99efdc4b57ca6f1d1192fca4fcf6a5 \
- --hash=sha256:35dc0a5e934c41e282e019c889069b01ff4cd356b2ea452c9985e1542734cfb1 \
- --hash=sha256:41df873cdae1d56fde97a1b4f6ffa118f40e4b2d6a6aa8c25c50eea31ecbeb08 \
- --hash=sha256:42bff29eaecbb284f614f4bb265bb0c268625f5b93ce6268f8017811e0afbdde \
- --hash=sha256:491d94879f9ec0dea7e1cb053cd9cc65a28d2467960cf99f7b3c286590406060 \
- --hash=sha256:4a791e7a1e5ac33f70a3598f8f34fdd3b60c68593bbb038baf58bc50e02d7468 \
- --hash=sha256:4abda3e693d24169221ffc7aa0444ccef3dc43dfeab6ad8665d3836751cd6af7 \
- --hash=sha256:529e2cc8af75811114e5ab2eb116fd71b6e252c6bdb32adbfcd5e0c5f6d5ab06 \
- --hash=sha256:59bd0ae166253f7fed8c3f4f6265d2637f25d2f6614d00df34d7ee0d95d29c91 \
- --hash=sha256:5d5937e1bf7921e4d1acdfad72dd98d9e7f9ea5c52aeb12b3b05b534b527692d \
- --hash=sha256:6b462c070769f0ef06ea5fe65206b970bcf2b59cb3fda2bec2f4729e1be89c13 \
- --hash=sha256:736d4e706adb3c95a0a7e660073a5213dfae78ff2df6addf8ff2918c83fbeebe \
- --hash=sha256:7d6293010aa0af8bd3b0c9993259f8979db2422d6abf85a31d70ec69cb2ee4dc \
- --hash=sha256:962c7c80c54a42836c47cb0d8a53016986c8584e8d98e90e2ea723a4ed0ba85b \
- --hash=sha256:a22f46440e61d90100e0f378faac40335fb5bbf278472df0d83dc15b653b9896 \
- --hash=sha256:a7fa3e57a7b0476fbcba72b231150503d53dbcbdd23f4a86be5152912a923b6e \
- --hash=sha256:aa12e27cb465b4b006ffb777624fc6023363e01cfed2d3f89d33fb6da80f6de2 \
- --hash=sha256:b6fd58e25e6cdd2a131d7e97f9713f8f2142360cd40c75af8aa5b83d535f811c \
- --hash=sha256:bd80300d81d92661e2488a4bf4383f0c5dc6e7b05fa46d2823e231af4e30539a \
- --hash=sha256:c1ced2fae7a1177a36cf94d0a5567452d195d3b4d7d932dd61f123fb15ddf87b \
- --hash=sha256:c1f5bfffc3227d05d90c557b10604962f655b4a83c9f3ad507a81ac8d6847679 \
- --hash=sha256:c3dde668edea70dc8d55a74d933d5446e5a97786cdd1c67c8e4971c73bd087ad \
- --hash=sha256:c628697aad7a141da8fc3fd81b4874a711cc84af172e1b1e7bbfadf760446496 \
- --hash=sha256:c6de20de7c19b965c007c9da240268dde1451865099ca10f0f593c347041b845 \
- --hash=sha256:c9a6e878e63286392b262d86d21fe16e6eec12b95ccb0a92c392f2b1e0acca03 \
- --hash=sha256:c9b59863e2b1f1e1ebf9ee517f86cdfa82d7049c8d81ad71ab58d442b137bbe9 \
- --hash=sha256:cde363fb5412ab178f1cc1e596e9cfc396464da8a4fe8e733cc6d6b4e2c23aa9 \
- --hash=sha256:d05d7365c2d1df03a69d90157a3e9b3e7b62088cca8ee6686aed2598659a6e14 \
- --hash=sha256:dc1e005d490c101d27657481a05765851ab795cc8aedeb8d9425595088b20736 \
- --hash=sha256:ed1c950aba723b7a5b702b88f05d883607c587de918d7d8c2014fe7f55cf67e0 \
- --hash=sha256:ee9613b0460dce970414cfc990ca40afe518bc139e697243fcdf890285fb30ac \
- --hash=sha256:eeb55a555eef1a9607c1635bbdddd0b8a2bb9713bcb5bc8da1e8fae8ee46d1d8 \
- --hash=sha256:f5438f6c768b7e928f0463777b545965648ba0d55877afd14a4e96d2a99702e7 \
- --hash=sha256:f6e036714a586f757a3e12ff0798ce9a90aa04a60cff392d8bcacc5ecf79c95e \
- --hash=sha256:fa46d86a17cccd48c6762df1a60aecf5aaa2e0c0973efacf146c637694b62ffd \
- --hash=sha256:fb9a44e7124f72b79023ab04e1c8fcd8f392939ef0d7a75beae8634e15605d30
+sqlalchemy==1.4.44 \
+ --hash=sha256:0be9b479c5806cece01f1581726573a8d6515f8404e082c375b922c45cfc2a7b \
+ --hash=sha256:17aee7bfcef7bf0dea92f10e5dfdd67418dcf6fe0759f520e168b605855c003e \
+ --hash=sha256:21f3df74a0ab39e1255e94613556e33c1dc3b454059fe0b365ec3bbb9ed82e4a \
+ --hash=sha256:237067ba0ef45a518b64606e1807f7229969ad568288b110ed5f0ca714a3ed3a \
+ --hash=sha256:2dda5f96719ae89b3ec0f1b79698d86eb9aecb1d54e990abb3fdd92c04b46a90 \
+ --hash=sha256:393f51a09778e8984d735b59a810731394308b4038acdb1635397c2865dae2b6 \
+ --hash=sha256:3ca21b35b714ce36f4b8d1ee8d15f149db8eb43a472cf71600bf18dae32286e7 \
+ --hash=sha256:3cbdbed8cdcae0f83640a9c44fa02b45a6c61e149c58d45a63c9581aba62850f \
+ --hash=sha256:3eba07f740488c3a125f17c092a81eeae24a6c7ec32ac9dbc52bf7afaf0c4f16 \
+ --hash=sha256:3f68eab46649504eb95be36ca529aea16cd199f080726c28cbdbcbf23d20b2a2 \
+ --hash=sha256:4c56e6899fa6e767e4be5d106941804a4201c5cb9620a409c0b80448ec70b656 \
+ --hash=sha256:53f90a2374f60e703c94118d21533765412da8225ba98659de7dd7998641ab17 \
+ --hash=sha256:595b185041a4dc5c685283ea98c2f67bbfa47bb28e4a4f5b27ebf40684e7a9f8 \
+ --hash=sha256:65a0ad931944fcb0be12a8e0ac322dbd3ecf17c53f088bc10b6da8f0caac287b \
+ --hash=sha256:68e0cd5d32a32c4395168d42f2fefbb03b817ead3a8f3704b8bd5697c0b26c24 \
+ --hash=sha256:6a06c2506c41926d2769f7968759995f2505e31c5b5a0821e43ca5a3ddb0e8ae \
+ --hash=sha256:6d7e1b28342b45f19e3dea7873a9479e4a57e15095a575afca902e517fb89652 \
+ --hash=sha256:6f0ea4d7348feb5e5d0bf317aace92e28398fa9a6e38b7be9ec1f31aad4a8039 \
+ --hash=sha256:7313e4acebb9ae88dbde14a8a177467a7625b7449306c03a3f9f309b30e163d0 \
+ --hash=sha256:7cf7c7adbf4417e3f46fc5a2dbf8395a5a69698217337086888f79700a12e93a \
+ --hash=sha256:80ead36fb1d676cc019586ffdc21c7e906ce4bf243fe4021e4973dae332b6038 \
+ --hash=sha256:9470633395e5f24d6741b4c8a6e905bce405a28cf417bba4ccbaadf3dab0111d \
+ --hash=sha256:94c0093678001f5d79f2dcbf3104c54d6c89e41ab50d619494c503a4d3f1aef2 \
+ --hash=sha256:95f4f8d62589755b507218f2e3189475a4c1f5cc9db2aec772071a7dc6cd5726 \
+ --hash=sha256:9c857676d810ca196be73c98eb839125d6fa849bfa3589be06201a6517f9961c \
+ --hash=sha256:a22208c1982f1fe2ae82e5e4c3d4a6f2445a7a0d65fb7983a3d7cbbe3983f5a4 \
+ --hash=sha256:ad5f966623905ee33694680dda1b735544c99c7638f216045d21546d3d8c6f5b \
+ --hash=sha256:ae1ed1ebc407d2f66c6f0ec44ef7d56e3f455859df5494680e2cf89dad8e3ae0 \
+ --hash=sha256:afd1ac99179d1864a68c06b31263a08ea25a49df94e272712eb2824ef151e294 \
+ --hash=sha256:b6a337a2643a41476fb6262059b8740f4b9a2ec29bf00ffb18c18c080f6e0aed \
+ --hash=sha256:b737fbeb2f78926d1f59964feb287bbbd050e7904766f87c8ce5cfb86e6d840c \
+ --hash=sha256:c46322354c58d4dc039a2c982d28284330f8919f31206894281f4b595b9d8dbe \
+ --hash=sha256:c7e3b9e01fdbe1ce3a165cc7e1ff52b24813ee79c6df6dee0d1e13888a97817e \
+ --hash=sha256:c9aa372b295a36771cffc226b6517df3011a7d146ac22d19fa6a75f1cdf9d7e6 \
+ --hash=sha256:d3b6d4588994da73567bb00af9d7224a16c8027865a8aab53ae9be83f9b7cbd1 \
+ --hash=sha256:d3b9ac11f36ab9a726097fba7c7f6384f0129aedb017f1d4d1d4fce9052a1320 \
+ --hash=sha256:d654870a66027af3a26df1372cf7f002e161c6768ebe4c9c6fdc0da331cb5173 \
+ --hash=sha256:d8080bc51a775627865e0f1dbfc0040ff4ace685f187f6036837e1727ba2ed10 \
+ --hash=sha256:da60b98b0f6f0df9fbf8b72d67d13b73aa8091923a48af79a951d4088530a239 \
+ --hash=sha256:f5e8ed9cde48b76318ab989deeddc48f833d2a6a7b7c393c49b704f67dedf01d \
+ --hash=sha256:f8e5443295b218b08bef8eb85d31b214d184b3690d99a33b7bd8e5591e2b0aa1
# via -r requirements.in
diff --git a/src/common/gen/requirements.txt b/src/common/gen/requirements.txt
index cba2de775..bc2845cbf 100644
--- a/src/common/gen/requirements.txt
+++ b/src/common/gen/requirements.txt
@@ -190,7 +190,7 @@ websocket-client==1.4.2 \
# kubernetes
# The following packages are considered to be unsafe in a requirements file:
-setuptools==65.5.1 \
- --hash=sha256:d0b9a8433464d5800cbe05094acf5c6d52a91bfac9b52bcfc4d41382be5d5d31 \
- --hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f
+setuptools==65.6.0 \
+ --hash=sha256:6211d2f5eddad8757bd0484923ca7c0a6302ebc4ab32ea5e94357176e0ca0840 \
+ --hash=sha256:d1eebf881c6114e51df1664bc2c9133d022f78d12d5f4f665b9191f084e2862d
# via kubernetes
diff --git a/src/deps/clone.sh b/src/deps/clone.sh
index dee041b83..606905689 100755
--- a/src/deps/clone.sh
+++ b/src/deps/clone.sh
@@ -128,103 +128,103 @@ function do_and_check_cmd() {
return 0
}
-# nginx 1.20.2
-echo "ℹ️ Download nginx"
-NGINX_VERSION="1.20.2"
-secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "8b65e881ea4ac6162cbf32e5e95cf47a6d5418819f8763ca4a781cffa38187dd7886d4bc195d000a7046111a27121ff25800f8645405174995247e6738b4279a"
+# nginx 1.22.1
+echo "ℹ️ Downloading nginx"
+NGINX_VERSION="1.22.1"
+secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "1d468dcfa9bbd348b8a5dc514ac1428a789e73a92384c039b73a51ce376785f74bf942872c5594a9fcda6bbf44758bd727ce15ac2395f1aa989c507014647dcc"
if [ -f "deps/src/nginx-${NGINX_VERSION}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf deps/src/nginx-${NGINX_VERSION}.tar.gz -C deps/src
do_and_check_cmd rm -f deps/src/nginx-${NGINX_VERSION}.tar.gz
fi
# Lua 5.1.5
-echo "ℹ️ Download Lua"
+echo "ℹ️ Downloading Lua"
LUA_VERSION="5.1.5"
secure_download "https://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz" "lua-${LUA_VERSION}.tar.gz" "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
if [ -f "deps/src/lua-${LUA_VERSION}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf deps/src/lua-${LUA_VERSION}.tar.gz -C deps/src
do_and_check_cmd rm -f deps/src/lua-${LUA_VERSION}.tar.gz
- do_and_check_cmd patch deps/src/lua-5.1.5/Makefile deps/misc/lua.patch1
- do_and_check_cmd patch deps/src/lua-5.1.5/src/Makefile deps/misc/lua.patch2
+ do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/Makefile deps/misc/lua.patch1
+ do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/src/Makefile deps/misc/lua.patch2
fi
-# LuaJIT 2.1-20220111
-echo "ℹ️ Download LuaJIT"
-git_secure_clone "https://github.com/openresty/luajit2.git" "f1491357fa1dbfa3480ba67513fee19a9c65ca6f"
+# LuaJIT v2.1-20220915
+echo "ℹ️ Downloading LuaJIT"
+git_secure_clone "https://github.com/openresty/luajit2.git" "8384278b14988390cf030b787537aa916a9709bb"
-# lua-nginx-module v0.10.20
-echo "ℹ️ Download lua-nginx-module"
-git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "9007d673e28938f5dfa7720438991e22b794d225"
+# lua-nginx-module v0.10.22
+echo "ℹ️ Downloading lua-nginx-module"
+git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "8d9032298ef542aef058fa02940a6ecd9cf25423"
-# lua-resty-core v0.1.22
-echo "ℹ️ Download lua-resty-core"
-git_secure_clone "https://github.com/openresty/lua-resty-core.git" "12f26310a35e45c37157420f7e1f395a0e36e457"
+# lua-resty-core v0.1.24
+echo "ℹ️ Downloading lua-resty-core"
+git_secure_clone "https://github.com/openresty/lua-resty-core.git" "c48e90a8fc9d974d8a6a369e031940cedf473789"
-# lua-resty-lrucache v0.11
-echo "ℹ️ Download lua-resty-lrucache"
-git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "f20bb8ac9489ba87d90d78f929552c2eab153caa"
+# lua-resty-lrucache v0.13
+echo "ℹ️ Downloading lua-resty-lrucache"
+git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "2ab2624c841cbf04785cc6384c5e213933d3b5f2"
# lua-resty-dns v0.22
-echo "ℹ️ Download lua-resty-dns"
+echo "ℹ️ Downloading lua-resty-dns"
git_secure_clone "https://github.com/openresty/lua-resty-dns.git" "869d2fbb009b6ada93a5a10cb93acd1cc12bd53f"
# lua-resty-session v3.10
-echo "ℹ️ Download lua-resty-session"
+echo "ℹ️ Downloading lua-resty-session"
git_secure_clone "https://github.com/bungle/lua-resty-session.git" "e6bf2630c90df7b3db35e859f0aa7e096af3e918"
# lua-resty-random v?
-echo "ℹ️ Download lua-resty-random"
+echo "ℹ️ Downloading lua-resty-random"
git_secure_clone "https://github.com/bungle/lua-resty-random.git" "17b604f7f7dd217557ca548fc1a9a0d373386480"
# lua-resty-string v0.15
-echo "ℹ️ Download lua-resty-string"
+echo "ℹ️ Downloading lua-resty-string"
git_secure_clone "https://github.com/openresty/lua-resty-string.git" "b192878f6ed31b0af237935bbc5a8110a3c2256c"
-# lua-cjson v2.1.0.8
-echo "ℹ️ Download lua-cjson"
-git_secure_clone "https://github.com/openresty/lua-cjson.git" "0df488874f52a881d14b5876babaa780bb6200ee"
+# lua-cjson v2.1.0.9
+echo "ℹ️ Downloading lua-cjson"
+git_secure_clone "https://github.com/openresty/lua-cjson.git" "891962b11d6d3b1b7275550b5c109e16c73ac94f"
-# lua-gd v?
-echo "ℹ️ Download lua-gd"
+# lua-gd v2.0.33r3+
+echo "ℹ️ Downloading lua-gd"
git_secure_clone "https://github.com/ittner/lua-gd.git" "2ce8e478a8591afd71e607506bc8c64b161bbd30"
-# lua-resty-http v1.16.1
-echo "ℹ️ Download lua-resty-http"
+# lua-resty-http v0.16.1
+echo "ℹ️ Downloading lua-resty-http"
git_secure_clone "https://github.com/ledgetech/lua-resty-http.git" "9bf951dfe162dd9710a0e1f4525738d4902e9d20"
-# lualogging v1.6.0
-echo "ℹ️ Download lualogging"
-git_secure_clone "https://github.com/lunarmodules/lualogging.git" "0bc4415de03ff1a99c92c02a5bed14a45b078079"
+# lualogging v1.8.0
+echo "ℹ️ Downloading lualogging"
+git_secure_clone "https://github.com/lunarmodules/lualogging.git" "1c6fcf5f68e4d0324c5977f1a27083c06f4d1b8f"
-# luasocket v?
-echo "ℹ️ Download luasocket"
-git_secure_clone "https://github.com/diegonehab/luasocket.git" "5b18e475f38fcf28429b1cc4b17baee3b9793a62"
+# luasocket v3.1.0
+echo "ℹ️ Downloading luasocket"
+git_secure_clone "https://github.com/diegonehab/luasocket.git" "95b7efa9da506ef968c1347edf3fc56370f0deed"
-# luasec v1.0.2
-echo "ℹ️ Download luasec"
-git_secure_clone "https://github.com/brunoos/luasec.git" "ef14b27a2c8e541cac071165048250e85a7216df"
+# luasec v1.2.0
+echo "ℹ️ Downloading luasec"
+git_secure_clone "https://github.com/brunoos/luasec.git" "d9215ee00f6694a228daad50ee85827a4cd13583"
-# lua-resty-ipmatcher v0.6.1 (1 commit after just in case)
-echo "ℹ️ Download lua-resty-ipmatcher"
+# lua-resty-ipmatcher v0.6.1 (3 commits after just in case)
+echo "ℹ️ Downloading lua-resty-ipmatcher"
dopatch="no"
if [ ! -d "deps/src/lua-resty-ipmatcher" ] ; then
dopatch="yes"
fi
-git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "3948a92d2e168db14fa5ecd4bb10a7c0fe7ead70"
+git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "7fbb618f7221b1af1451027d3c64e51f3182761c"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua deps/misc/ipmatcher.patch
fi
# lua-resty-redis v0.29
-echo "ℹ️ Download lua-resty-redis"
+echo "ℹ️ Downloading lua-resty-redis"
git_secure_clone "https://github.com/openresty/lua-resty-redis.git" "053f989c7f43d8edc79d5151e73b79249c6b5d94"
-# lua-resty-upload v0.10
-echo "ℹ️ Download lua-resty-upload"
-git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "cae01f590456561bc8d95da3d2d9f937bef57bec"
+# lua-resty-upload v0.10 (8 commits after just in case)
+echo "ℹ️ Downloading lua-resty-upload"
+git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "73c89846e866bf5d0660ffa881df37fd63f04391"
# luajit-geoip v2.1.0
-echo "ℹ️ Download luajit-geoip"
+echo "ℹ️ Downloading luajit-geoip"
dopatch="no"
if [ ! -d "deps/src/luajit-geoip" ] ; then
dopatch="yes"
@@ -235,59 +235,60 @@ if [ "$dopatch" = "yes" ] ; then
fi
# lbase64 v1.5.3
-echo "ℹ️ Download lbase64"
+echo "ℹ️ Downloading lbase64"
git_secure_clone "https://github.com/iskolbin/lbase64.git" "c261320edbdf82c16409d893a96c28c704aa0ab8"
-# ModSecurity v3.0.4 (looks like v3.0.5 has a memleak on reload)
-# TODO : test v3.0.6
-echo "ℹ️ Download ModSecurity"
+# ModSecurity v3.0.8 (19 commits after just in case)
+echo "ℹ️ Downloading ModSecurity"
if [ ! -d "deps/src/ModSecurity" ] ; then
dopatch="yes"
fi
-git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "753145fbd1d6751a6b14fdd700921eb3cc3a1d35"
+git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "40f7a5067c695b1770920b881f30abc09a4e02b3"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/ModSecurity/configure.ac deps/misc/modsecurity.patch
fi
-# libinjection v?
-echo "ℹ️ Download libinjection"
+
+# libinjection v3.10.0+
+# TODO: check if the latest commit is fine
+echo "ℹ️ Downloading libinjection"
git_secure_clone "https://github.com/libinjection/libinjection.git" "49904c42a6e68dc8f16c022c693e897e4010a06c"
do_and_check_cmd cp -r deps/src/libinjection deps/src/ModSecurity/others
-# ModSecurity-nginx v1.0.2
-echo "ℹ️ Download ModSecurity-nginx"
+# ModSecurity-nginx v1.0.3
+echo "ℹ️ Downloading ModSecurity-nginx"
dopatch="no"
if [ ! -d "deps/src/ModSecurity-nginx" ] ; then
dopatch="yes"
fi
-git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "2497e6ac654d0b117b9534aa735b757c6b11c84f"
+git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "d59e4ad121df702751940fd66bcc0b3ecb51a079"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c deps/misc/modsecurity-nginx.patch
fi
-# libmaxminddb v1.6.0
-echo "ℹ️ Download libmaxminddb"
-git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "2d0e6b7360b88f645e67ffc5a709b2327d361ac3"
+# libmaxminddb v1.7.1
+echo "ℹ️ Downloading libmaxminddb"
+git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "ac4d0d2480032a8664e251588e57d7b306ca630c"
-# headers-more-nginx-module v?
-echo "ℹ️ Download headers-more-nginx-module"
-git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "a4a0686605161a6777d7d612d5aef79b9e7c13e0"
+# headers-more-nginx-module v0.34
+echo "ℹ️ Downloading headers-more-nginx-module"
+git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0"
# ngx_http_geoip2_module v3.3
-#echo "ℹ️ Download ngx_http_geoip2_module"
+#echo "ℹ️ Downloading ngx_http_geoip2_module"
#dosed="no"
#if [ ! -d "deps/src/ngx_http_geoip2_module" ] ; then
# dosed="yes"
#fi
#git_secure_clone "https://github.com/leev/ngx_http_geoip2_module.git" "5a83b6f958c67ea88d2899d0b3c2a5db8e36b211"
#if [ "$dosed" = "yes" ] ; then
-# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/usr/share/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
-# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/usr/share/bunkerweb/deps/lib -L/usr/share/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
+# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/opt/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
+# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/opt/bunkerweb/deps/lib -L/opt/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
#fi
# nginx_cookie_flag_module v1.1.0
-echo "ℹ️ Download nginx_cookie_flag_module"
+echo "ℹ️ Downloading nginx_cookie_flag_module"
git_secure_clone "https://github.com/AirisX/nginx_cookie_flag_module.git" "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
-# ngx_brotli v?
-echo "ℹ️ Download ngx_brotli"
-git_secure_clone "https://github.com/google/ngx_brotli.git" "9aec15e2aa6feea2113119ba06460af70ab3ea62"
+# ngx_brotli v1.0.0
+echo "ℹ️ Downloading ngx_brotli"
+git_secure_clone "https://github.com/google/ngx_brotli.git" "6e975bcb015f62e1f303054897783355e2a877dc"
diff --git a/src/deps/install.sh b/src/deps/install.sh
index e61c2c767..156dcb17a 100755
--- a/src/deps/install.sh
+++ b/src/deps/install.sh
@@ -17,13 +17,13 @@ function do_and_check_cmd() {
NTASK=$(nproc)
-# Compile and install lua
-echo "ℹ️ Compile and install lua-5.1.5"
+# Compiling and installing lua
+echo "ℹ️ Compiling and installing lua-5.1.5"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-5.1.5" do_and_check_cmd make -j $NTASK linux
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-5.1.5" do_and_check_cmd make INSTALL_TOP=/usr/share/bunkerweb/deps install
-# Compile and install libmaxminddb
-echo "ℹ️ Compile and install libmaxminddb"
+# Compiling and installing libmaxminddb
+echo "ℹ️ Compiling and installing libmaxminddb"
# TODO : temp fix run it twice...
cd /tmp/bunkerweb/deps/src/libmaxminddb && ./bootstrap > /dev/null 2>&1
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd ./bootstrap
@@ -31,8 +31,8 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd ./configure -
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb" do_and_check_cmd make install
-# Compile and install ModSecurity
-echo "ℹ️ Compile and install ModSecurity"
+# Compiling and installing ModSecurity
+echo "ℹ️ Compiling and installing ModSecurity"
# temp fix : Debian run it twice
# TODO : patch it in clone.sh
cd /tmp/bunkerweb/deps/src/ModSecurity && ./build.sh > /dev/null 2>&1
@@ -41,90 +41,91 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd ./configure --
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make install-strip
-# Compile and install luajit2
-echo "ℹ️ Compile and install luajit2"
+# Compiling and installing luajit2
+echo "ℹ️ Compiling and installing luajit2"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
-# Install lua-resty-core
-echo "ℹ️ Install openresty/lua-resty-core"
+# Installing lua-resty-core
+echo "ℹ️ Installing openresty/lua-resty-core"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-core" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
-# Install lua-resty-lrucache
-echo "ℹ️ Install lua-resty-lrucache"
+# Installing lua-resty-lrucache
+echo "ℹ️ Installing lua-resty-lrucache"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-lrucache" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
-# Install lua-resty-dns
-echo "ℹ️ Install lua-resty-dns"
+# Installing lua-resty-dns
+echo "ℹ️ Installing lua-resty-dns"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-dns" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
-# Install lua-resty-session
-echo "ℹ️ Install lua-resty-session"
+# Installing lua-resty-session
+echo "ℹ️ Installing lua-resty-session"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lua-resty-session/lib/resty/* /usr/share/bunkerweb/deps/lib/lua/resty
-# Install lua-resty-random
-echo "ℹ️ Install lua-resty-random"
+# Installing lua-resty-random
+echo "ℹ️ Installing lua-resty-random"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-random" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
-# Install lua-resty-string
-echo "ℹ️ Install lua-resty-string"
+# Installing lua-resty-string
+echo "ℹ️ Installing lua-resty-string"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-string" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
-# Compile and install lua-cjson
-echo "ℹ️ Compile and install lua-cjson"
+# Compiling and installing lua-cjson
+echo "ℹ️ Compiling and installing lua-cjson"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make LUA_INCLUDE_DIR=/usr/share/bunkerweb/deps/include -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_CMODULE_DIR=/usr/share/bunkerweb/deps/lib/lua LUA_MODULE_DIR=/usr/share/bunkerweb/deps/lib/lua install
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-cjson" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_CMODULE_DIR=/usr/share/bunkerweb/deps/lib/lua LUA_MODULE_DIR=/usr/share/bunkerweb/deps/lib/lua install-extra
-# Compile and install lua-gd
-echo "ℹ️ Compile and install lua-gd"
+# Compiling and installing lua-gd
+echo "ℹ️ Compiling and installing lua-gd"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-gd" do_and_check_cmd make "CFLAGS=-O3 -Wall -fPIC -fomit-frame-pointer -I/usr/share/bunkerweb/deps/include -DVERSION=\\\"2.0.33r3\\\"" "LFLAGS=-shared -L/usr/share/bunkerweb/deps/lib -llua -lgd -Wl,-rpath=/usr/share/bunkerweb/deps/lib" LUABIN=/usr/share/bunkerweb/deps/bin/lua -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/share/bunkerweb/deps/lib/lua install
# Download and install lua-resty-http
-echo "ℹ️ Install lua-resty-http"
+echo "ℹ️ Installing lua-resty-http"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-http" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Download and install lualogging
-echo "ℹ️ Install lualogging"
+echo "ℹ️ Installing lualogging"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lualogging/src/* /usr/share/bunkerweb/deps/lib/lua
-# Compile and install luasocket
-echo "ℹ️ Compile and install luasocket"
+# Compiling and installing luasocket
+echo "ℹ️ Compiling and installing luasocket"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasocket" do_and_check_cmd make LUAINC_linux=/usr/share/bunkerweb/deps/include -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasocket" do_and_check_cmd make prefix=/usr/share/bunkerweb/deps CDIR_linux=lib/lua LDIR_linux=lib/lua install
-# Compile and install luasec
-echo "ℹ️ Compile and install luasec"
+# Compiling and installing luasec
+echo "ℹ️ Compiling and installing luasec"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make INC_PATH=-I/usr/share/bunkerweb/deps/include linux -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make LUACPATH=/usr/share/bunkerweb/deps/lib/lua LUAPATH=/usr/share/bunkerweb/deps/lib/lua install
-# Install lua-resty-ipmatcher
-echo "ℹ️ Install lua-resty-ipmatcher"
+# Installing lua-resty-ipmatcher
+echo "ℹ️ Installing lua-resty-ipmatcher"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-ipmatcher" do_and_check_cmd make INST_PREFIX=/usr/share/bunkerweb/deps INST_LIBDIR=/usr/share/bunkerweb/deps/lib/lua INST_LUADIR=/usr/share/bunkerweb/deps/lib/lua install
-# Install lua-resty-redis
-echo "ℹ️ Install lua-resty-redis"
+# Installing lua-resty-redis
+echo "ℹ️ Installing lua-resty-redis"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-redis" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
-# Install lua-resty-upload
-echo "ℹ️ Install lua-resty-upload"
+# Installing lua-resty-upload
+echo "ℹ️ Installing lua-resty-upload"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-upload" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
-# Install lujit-geoip
-echo "ℹ️ Install luajit-geoip"
+# Installing lujit-geoip
+echo "ℹ️ Installing luajit-geoip"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/luajit-geoip/geoip /usr/share/bunkerweb/deps/lib/lua
-# Install lbase64
-echo "ℹ️ Install lbase64"
+# Installing lbase64
+echo "ℹ️ Installing lbase64"
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lbase64/base64.lua /usr/share/bunkerweb/deps/lib/lua
# Compile dynamic modules
-echo "ℹ️ Compile and install dynamic modules"
+echo "ℹ️ Compiling and installing dynamic modules"
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
+CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt=-Wl/--with-ld-opt='-lpcre -Wl'/")"
if [ "$OS" = "fedora" ] ; then
- CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'//" | sed "s/--with-cc-opt='.*'//")"
+ CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
fi
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli" >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
diff --git a/src/deps/misc/ipmatcher.patch b/src/deps/misc/ipmatcher.patch
index 938104d09..e6e3ff51e 100644
--- a/src/deps/misc/ipmatcher.patch
+++ b/src/deps/misc/ipmatcher.patch
@@ -1,11 +1,5 @@
---- ipmatcher.lua 2022-04-13 17:16:05.731322800 +0200
-+++ ipmatcher.lua2 2022-04-13 17:17:15.801322800 +0200
-@@ -123,7 +123,7 @@
-
-
+@@ -129,3 +129,3 @@
local ngx_log = ngx.log
-local ngx_INFO = ngx.INFO
+local ngx_INFO = ngx.DEBUG
local function log_info(...)
- if cur_level and ngx_INFO > cur_level then
- return
diff --git a/src/deps/misc/mmdb.patch b/src/deps/misc/mmdb.patch
index 84dcc0757..f8c7980cc 100644
--- a/src/deps/misc/mmdb.patch
+++ b/src/deps/misc/mmdb.patch
@@ -1,11 +1,5 @@
---- mmdb.lua 2022-04-04 09:32:41.456286600 +0200
-+++ mmdb2.lua 2022-04-04 09:33:25.016286600 +0200
-@@ -166,7 +166,7 @@
- MMDB_entry_data_s *const entry_data,
- ...);
+@@ -168,3 +168,3 @@
]])
-local lib = ffi.load("libmaxminddb")
+local lib = ffi.load("/usr/share/bunkerweb/deps/lib/libmaxminddb.so")
local consume_map, consume_array
- local consume_value
- consume_value = function(current)
diff --git a/src/deps/misc/modsecurity-nginx.patch b/src/deps/misc/modsecurity-nginx.patch
index 96d031d8a..af8c2c242 100644
--- a/src/deps/misc/modsecurity-nginx.patch
+++ b/src/deps/misc/modsecurity-nginx.patch
@@ -1,11 +1,5 @@
---- ngx_http_modsecurity_log.c 2022-04-25 14:30:34.444469100 +0200
-+++ ngx_http_modsecurity_log.c2 2022-04-25 14:31:25.714469100 +0200
-@@ -30,7 +30,7 @@
- }
- msg = (const char *) data;
+@@ -32,3 +32,3 @@
- ngx_log_error(NGX_LOG_INFO, (ngx_log_t *)log, 0, "%s", msg);
+ ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)log, 0, "%s", msg);
}
-
-
diff --git a/src/deps/misc/modsecurity.patch b/src/deps/misc/modsecurity.patch
index 19c490a03..052f89f89 100644
--- a/src/deps/misc/modsecurity.patch
+++ b/src/deps/misc/modsecurity.patch
@@ -1,8 +1,5 @@
---- before/configure.ac 2022-05-19 17:06:36.921274500 +0200
-+++ after/configure.ac 2022-05-17 11:51:17.319667600 +0200
-@@ -308,14 +308,14 @@
-
-
+@@ -322,12 +322,12 @@
+
# Decide if we want to build the tests or not.
-buildTestUtilities=false
-if test "x$YAJL_FOUND" = "x1"; then
@@ -12,10 +9,9 @@
# But we still have the unit tests.
# if test "$debugLogs" = "true"; then
- buildTestUtilities=true
-+# buildTestUtilities=true
++# buildTestUtilities=true
# fi
-fi
+# fi
-
-
- AM_CONDITIONAL([TEST_UTILITIES], [test $buildTestUtilities = true])
+
+
diff --git a/src/deps/src/ModSecurity-nginx/CHANGES b/src/deps/src/ModSecurity-nginx/CHANGES
index 560c5895a..f4a6377f1 100644
--- a/src/deps/src/ModSecurity-nginx/CHANGES
+++ b/src/deps/src/ModSecurity-nginx/CHANGES
@@ -1,3 +1,11 @@
+v1.0.3 - 2022-May-24
+--------------------
+
+ - Support http protocol versions besides 0.9, 1.0, 1.1, 2.0
+ [Issue #224 - @HQuest, @martinhsv]
+ - Support for building with nginx configured with PCRE2
+ [Issue #260 - @defanator]
+
v1.0.2 - 2021-Jun-02
--------------------
diff --git a/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h b/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h
index 60218c4b4..11fdc2d7e 100644
--- a/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h
+++ b/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h
@@ -56,7 +56,7 @@
#define MODSECURITY_NGINX_MAJOR "1"
#define MODSECURITY_NGINX_MINOR "0"
-#define MODSECURITY_NGINX_PATCHLEVEL "2"
+#define MODSECURITY_NGINX_PATCHLEVEL "3"
#define MODSECURITY_NGINX_TAG ""
#define MODSECURITY_NGINX_TAG_NUM "100"
@@ -140,8 +140,13 @@ extern ngx_module_t ngx_http_modsecurity_module;
int ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log);
ngx_http_modsecurity_ctx_t *ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p);
+#if (NGX_PCRE2)
+#define ngx_http_modsecurity_pcre_malloc_init(x) NULL
+#define ngx_http_modsecurity_pcre_malloc_done(x) (void)x
+#else
ngx_pool_t *ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool);
void ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool);
+#endif
/* ngx_http_modsecurity_body_filter.c */
ngx_int_t ngx_http_modsecurity_body_filter_init(void);
diff --git a/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c b/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c
index b6f33f56b..5c341e2a5 100644
--- a/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c
+++ b/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c
@@ -38,6 +38,7 @@ static void ngx_http_modsecurity_cleanup_rules(void *data);
* https://github.com/openresty/lua-nginx-module/blob/master/src/ngx_http_lua_pcrefix.c
*/
+#if !(NGX_PCRE2)
static void *(*old_pcre_malloc)(size_t);
static void (*old_pcre_free)(void *ptr);
static ngx_pool_t *ngx_http_modsec_pcre_pool = NULL;
@@ -103,6 +104,7 @@ ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool)
pcre_free = old_pcre_free;
}
}
+#endif
/*
* ngx_string's are not null-terminated in common case, so we need to convert
diff --git a/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_rewrite.c b/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_rewrite.c
index f6f8d4139..ebf115ea8 100644
--- a/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_rewrite.c
+++ b/src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_rewrite.c
@@ -138,7 +138,15 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
break;
#endif
default :
- http_version = "1.0";
+ http_version = ngx_str_to_char(r->http_protocol, r->pool);
+ if (http_version == (char*)-1) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+ if ((http_version != NULL) && (strlen(http_version) > 5) && (!strncmp("HTTP/", http_version, 5))) {
+ http_version += 5;
+ } else {
+ http_version = "1.0";
+ }
break;
}
diff --git a/src/deps/src/ModSecurity/.github/workflows/ci.yml b/src/deps/src/ModSecurity/.github/workflows/ci.yml
new file mode 100644
index 000000000..63c754a53
--- /dev/null
+++ b/src/deps/src/ModSecurity/.github/workflows/ci.yml
@@ -0,0 +1,77 @@
+name: Quality Assurance
+
+on:
+ push:
+ pull_request:
+
+jobs:
+ build-linux:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ matrix:
+ os: [ubuntu-20.04]
+ platform: [x32, x64]
+ compiler: [gcc, clang]
+ configure:
+ - {label: "with parser generation", opt: "--enable-parser-generation" }
+ - {label: "wo curl", opt: "--without-curl" }
+ - {label: "wo yajl", opt: "--without-yajl" }
+ - {label: "wo geoip", opt: "--without-geoip" }
+ - {label: "wo lmdb", opt: "--without-lmdb" }
+ - {label: "wo ssdeep", opt: "--without-ssdeep" }
+ - {label: "wo lua", opt: "--without-lua" }
+ - {label: "without maxmind", opt: "--without-maxmind" }
+ steps:
+ - name: Setup Dependencies
+ run: |
+ sudo add-apt-repository --yes ppa:maxmind/ppa
+ sudo apt-get update -y -qq
+ sudo apt-get install -y libfuzzy-dev libyajl-dev libgeoip-dev liblua5.2-dev liblmdb-dev cppcheck libmaxminddb-dev libcurl4-openssl-dev
+ - uses: actions/checkout@v2
+ with:
+ submodules: true
+ - name: build.sh
+ run: ./build.sh
+ - name: configure ${{ matrix.configure.label }}
+ run: ./configure ${{ matrix.configure.opt }}
+ - uses: ammaraskar/gcc-problem-matcher@master
+ - name: make
+ run: make -j `nproc`
+ - name: check
+ run: make check
+ - name: check-static
+ run: make check-static
+
+ build-macos:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ matrix:
+ os: [macos-10.15]
+ compiler: [clang]
+ configure:
+ - {label: "with parser generation", opt: "--enable-parser-generation" }
+ - {label: "wo curl", opt: "--without-curl" }
+ - {label: "wo yajl", opt: "--without-yajl" }
+ - {label: "wo geoip", opt: "--without-geoip" }
+ - {label: "wo lmdb", opt: "--without-lmdb" }
+ - {label: "wo ssdeep", opt: "--without-ssdeep" }
+ - {label: "wo lua", opt: "--without-lua" }
+ - {label: "wo maxmind", opt: "--without-maxmind" }
+ steps:
+ - name: Setup Dependencies
+ run: |
+ brew install autoconf automake cppcheck lmdb libyaml lua ssdeep libmaxminddb bison
+ - uses: actions/checkout@v2
+ with:
+ submodules: true
+ - name: build.sh
+ run: ./build.sh
+ - name: configure ${{ matrix.configure.label }}
+ run: ./configure ${{ matrix.configure.opt }}
+ - uses: ammaraskar/gcc-problem-matcher@master
+ - name: make
+ run: make -j `sysctl -n hw.logicalcpu`
+ - name: check
+ run: make check
+ - name: check-static
+ run: make check-static
diff --git a/src/deps/src/ModSecurity/.gitmodules b/src/deps/src/ModSecurity/.gitmodules
index acee72d16..e4cf1b8da 100644
--- a/src/deps/src/ModSecurity/.gitmodules
+++ b/src/deps/src/ModSecurity/.gitmodules
@@ -3,7 +3,7 @@
url = https://github.com/SpiderLabs/secrules-language-tests
[submodule "others/libinjection"]
path = others/libinjection
- url = https://github.com/client9/libinjection.git
+ url = https://github.com/libinjection/libinjection.git
[submodule "bindings/python"]
path = bindings/python
url = https://github.com/SpiderLabs/ModSecurity-Python-bindings.git
diff --git a/src/deps/src/ModSecurity/.travis.yml b/src/deps/src/ModSecurity/.travis.yml
deleted file mode 100644
index 0f7e924b3..000000000
--- a/src/deps/src/ModSecurity/.travis.yml
+++ /dev/null
@@ -1,60 +0,0 @@
-dist: trusty
-sudo: true
-
-addons:
- apt:
- packages:
- - libfuzzy-dev
- - libyajl-dev
- - libgeoip-dev
- - liblua5.2-dev
- - liblmdb-dev
- - cppcheck
-
-language: cpp
-
-compiler:
- - clang
- - gcc
-
-os:
- - linux
- - osx
-
-env:
- - OPTS="--enable-parser-generation $OPTS"
- - OPTS="--without-curl $OPTS"
- - OPTS="--without-yajl $OPTS"
- - OPTS="--without-geoip $OPTS"
- - OPTS="--with-lmdb $OPTS"
- - OPTS="--without-ssdeep $OPTS"
- - OPTS="--without-lua $OPTS"
- - OPTS="--without-maxmind $OPTS"
-
-before_script:
- - echo $TRAVIS_OS_NAME
- - '[ "$TRAVIS_OS_NAME" != osx ] || brew update'
- - '[ "$TRAVIS_OS_NAME" != osx ] || brew install cppcheck'
- - '[ "$TRAVIS_OS_NAME" != osx ] || brew install libmaxminddb'
- - '[ "$TRAVIS_OS_NAME" != osx ] || brew install lmdb'
- - '[ "$TRAVIS_OS_NAME" != linux ] || sudo add-apt-repository --yes ppa:maxmind/ppa'
- - '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-get update'
- - '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-cache search maxmind'
- - '[ "$TRAVIS_OS_NAME" != linux ] || sudo apt-get install -y libmaxminddb-dev'
-
-script:
- - ./build.sh
- - ./configure $OPTS
- - make parser
- - make
-#
-# Temporarily disabled.
-# - make -j$(getconf _NPROCESSORS_ONLN)
-# Leading build to crash with parser enabled.
-# Not sure why.
-#
- - make check
- - make check-static
-
-
-
diff --git a/src/deps/src/ModSecurity/CHANGES b/src/deps/src/ModSecurity/CHANGES
index 9c0fa77c9..91ef9bddb 100644
--- a/src/deps/src/ModSecurity/CHANGES
+++ b/src/deps/src/ModSecurity/CHANGES
@@ -1,3 +1,128 @@
+v3.x.y - YYYY-MMM-DD (to be released)
+-------------------------------------
+
+ - Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
+ [Issue #2806 - @hughmcmaster]
+ - During configure, do not check for pcre if pcre2 specified
+ [Issue #2750 - @dvershinin, @martinhsv]
+ - Use pkg-config to find libxml2 first
+ [Issue #2714 - @hughmcmaster]
+ - Fix two rule-reload memory leak issues
+ [Issue #2801 - @Abce, @martinhsv]
+ - Correct whitespace handling for Include directive
+ [Issue #2800 - @877509395, @martinhsv]
+
+
+v3.0.8 - 2022-Sep-07
+--------------------
+
+ - Adjust parser activation rules in modsecurity.conf-recommended
+ [Issue #2796 - @terjanq, @martinhsv]
+ - Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
+ [Issue #2795 - @terjanq, @martinhsv]
+ - Prevent LMDB related segfault
+ [Issue #2755, #2761 - @dvershinin]
+ - Fix msc_transaction_cleanup function comment typo
+ [Issue #2788 - @lookat23]
+ - Fix: MULTIPART_INVALID_PART connected to wrong internal variable
+ [Issue #2785 - @martinhsv]
+ - Restore Unique_id to include random portion after timestamp
+ [Issue #2752, #2758 - @datkps11, @martinhsv]
+
+v3.0.7 - 2022-May-30
+--------------------
+
+ - Move PCRE2 match block from member variable
+ [@martinhsv]
+ - Add SecArgumentsLimit, 200007 to modsecurity.conf-recommended
+ [Issue #2738 - @jleproust, @martinhsv]
+ - Fix memory leak when concurrent log includes REMOTE_USER
+ [Issue #2727 - @liudongmiao]
+ - Fix LMDB initialization issues
+ [Issue #2688 - @ziollek, @martinhsv]
+ - Fix initcol error message wording
+ [Issue #2732 - @877509395, @martinhsv]
+ - Tolerate other parameters after boundary in multipart C-T
+ [Issue #1900 - @martinhsv]
+ - Add DebugLog message for bad pattern in rx operator
+ [Issue #2723 - @martinhsv]
+ - Support PCRE2
+ [Issue #2668 - @martinhsv]
+ - Support SecRequestBodyNoFilesLimit
+ [Issue #2670 - @airween, @martinhsv]
+ - Fix misuses of LMDB API
+ [Issue #2601, #2602 - @hyc]
+ - Fix duplication typo in code comment
+ [Issue #2677 - @gleydsonsoares]
+ - Add ctl:auditEngine action support
+ [Issue #2606 - @alekravch, @martinhsv]
+ - Fix multiMatch msg, etc, population in audit log
+ [Issue #2573 - @Sachin-M-Desai, @martinhsv]
+ - Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.
+ [Issue #2627, #2648 - @lontchianicet, @victorserbu2709, @martinhsv]
+ - Adjust confusing variable name in setRequestBody method
+ [Issue #2635 - @Mesar-Ali, @martinhsv]
+ - Multipart names/filenames may include single quote if double-quote enclosed
+ [Issue #2352 - @martinhsv]
+ - Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
+ [Issue #2647 - @theMiddleBlue, @airween, @877509395 ,@martinhsv]
+
+
+v3.0.6 - 2021-Nov-19
+-------------------------------------
+
+ - Support configurable limit on depth of JSON parsing
+ [@theMiddleBlue, @martinhsv]
+
+v3.0.5 - 2021-Jul-07
+--------------------
+
+ - Handle URI received with uri-fragment
+ [@martinhsv]
+ - Having ARGS_NAMES, variables proxied
+ [@zimmerle, @martinhsv, @KaNikita]
+ - Use explicit path for cross-compile environments.
+ [Issue #2485 - @dtoubelis]
+ - Fix: FILES variable does not use multipart part name for key
+ [Issue #2377 - @martinhsv]
+ - Replaces put with setenv in SetEnv action
+ [Issue #2469 - @martinhsv, @WGH-, @zimmerle]
+ - Regression: Mark the test as failed in case of segfault.
+ [@zimmerle]
+ - Regex key selection should not be case-sensitive
+ [Issue #2296, #2107, #2297 - @michaelgranzow-avi, @victorhora,
+ @airween, @martinhsv, @zimmerle]
+ - Fix: Only delete Multipart tmp files after rules have run
+ [Issue #2427 - @martinhsv]
+ - Fixed MatchedVar on chained rules
+ [Issue #2423, #2435, #2436 - @michaelgranzow-avi]
+ - Add support for new operator rxGlobal
+ [@martinhsv]
+ - Fix maxminddb link on FreeBSD
+ [Issue #2131 - @granalberto, @zimmerle]
+ - Fix IP address logging in Section A
+ [Issue #2300 - @inaratech, @zavazingo, @martinhsv]
+ - Adds support to lua 5.4
+ [@zimmerle]
+ - GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
+ [Issues #2378, #2186 - @defanator]
+ - rx: exit after full match (remove /g emulation); ensure capture
+ groups occuring after unused groups still populate TX vars
+ [Issue #2336 - @martinhsv]
+ - Correct CHANGES file entry for #2234
+ - Add support to test framework for audit log content verification
+ and add regression tests for issues #2000, #2196
+ - Support configurable limit on number of arguments processed
+ [Issue #2234 - @jleproust, @martinhsv]
+ - Multipart Content-Dispostion should allow field: filename*=
+ [@martinhsv]
+ - Fix rule-update-target for non-regex
+ [Issue 2251 - @martinhsv]
+ - Fix configure script when packaging for Buildroot
+ [Issue 2235 - @frankvanbever]
+ - modsecurity.pc.in: add Libs.private
+ [Issue #1918, #2253 - @ffontaine, @Dridi, @victorhora]
+
v3.0.4 - 2020-Jan-13
--------------------
diff --git a/src/deps/src/ModSecurity/Makefile.am b/src/deps/src/ModSecurity/Makefile.am
index 83973cb64..17eb62b08 100644
--- a/src/deps/src/ModSecurity/Makefile.am
+++ b/src/deps/src/ModSecurity/Makefile.am
@@ -56,13 +56,17 @@ parser:
cppcheck:
- @cppcheck \
+ @cppcheck -U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \
+ -D MS_CPPCHECK_DISABLED_FOR_PARSER -U YY_USER_INIT \
--suppressions-list=./test/cppcheck_suppressions.txt \
- --enable=all \
+ --enable=warning,style,performance,portability,unusedFunction,missingInclude \
--inconclusive \
--template="warning: {file},{line},{severity},{id},{message}" \
- --std=posix . 2> cppcheck.txt
- cat cppcheck.txt | grep -v "/ lalr1.cc"
+ -I headers -I . -I others -I src -I others/mbedtls -I src/parser \
+ --error-exitcode=1 \
+ -i "src/parser/seclang-parser.cc" -i "src/parser/seclang-scanner.cc" \
+ --force --verbose .
+
check-static: cppcheck
@@ -92,6 +96,7 @@ TESTS+=test/test-cases/regression/action-ctl_request_body_access.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json
TESTS+=test/test-cases/regression/action-ctl_rule_engine.json
+TESTS+=test/test-cases/regression/action-ctl_audit_engine.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json
TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
@@ -151,7 +156,12 @@ TESTS+=test/test-cases/regression/issue-1943.json
TESTS+=test/test-cases/regression/issue-1956.json
TESTS+=test/test-cases/regression/issue-1960.json
TESTS+=test/test-cases/regression/issue-2099.json
+TESTS+=test/test-cases/regression/issue-2000.json
TESTS+=test/test-cases/regression/issue-2111.json
+TESTS+=test/test-cases/regression/issue-2196.json
+TESTS+=test/test-cases/regression/issue-2423-msg-in-chain.json
+TESTS+=test/test-cases/regression/issue-2427.json
+TESTS+=test/test-cases/regression/issue-2296.json
TESTS+=test/test-cases/regression/issue-394.json
TESTS+=test/test-cases/regression/issue-849.json
TESTS+=test/test-cases/regression/issue-960.json
@@ -165,6 +175,7 @@ TESTS+=test/test-cases/regression/operator-inpectFile.json
TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json
TESTS+=test/test-cases/regression/operator-pm.json
TESTS+=test/test-cases/regression/operator-rx.json
+TESTS+=test/test-cases/regression/operator-rxGlobal.json
TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json
TESTS+=test/test-cases/regression/operator-validate-byte-range.json
TESTS+=test/test-cases/regression/operator-verifycc.json
@@ -180,6 +191,7 @@ TESTS+=test/test-cases/regression/rule-920120.json
TESTS+=test/test-cases/regression/rule-920200.json
TESTS+=test/test-cases/regression/rule-920274.json
TESTS+=test/test-cases/regression/secaction.json
+TESTS+=test/test-cases/regression/secargumentslimit.json
TESTS+=test/test-cases/regression/sec_component_signature.json
TESTS+=test/test-cases/regression/secmarker.json
TESTS+=test/test-cases/regression/secruleengine.json
@@ -213,6 +225,7 @@ TESTS+=test/test-cases/regression/variable-MULTIPART_CRLF_LF_LINES.json
TESTS+=test/test-cases/regression/variable-MULTIPART_FILENAME.json
TESTS+=test/test-cases/regression/variable-MULTIPART_INVALID_HEADER_FOLDING.json
TESTS+=test/test-cases/regression/variable-MULTIPART_NAME.json
+TESTS+=test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json
TESTS+=test/test-cases/regression/variable-MULTIPART_STRICT_ERROR.json
TESTS+=test/test-cases/regression/variable-MULTIPART_UNMATCHED_BOUNDARY.json
TESTS+=test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json
@@ -283,6 +296,7 @@ TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json
TESTS+=test/test-cases/secrules-language-tests/operators/pm.json
TESTS+=test/test-cases/secrules-language-tests/operators/rx.json
+TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json
TESTS+=test/test-cases/secrules-language-tests/operators/streq.json
TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json
TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json
diff --git a/src/deps/src/ModSecurity/README.md b/src/deps/src/ModSecurity/README.md
index b90e12ffa..416e73984 100644
--- a/src/deps/src/ModSecurity/README.md
+++ b/src/deps/src/ModSecurity/README.md
@@ -1,8 +1,7 @@
-[](https://travis-ci.org/SpiderLabs/ModSecurity)
-[](https://zenhub.com)
+
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
@@ -21,26 +20,26 @@ and applying traditional ModSecurity processing. In general, it provides the
capability to load/interpret rules written in the ModSecurity SecRules format
and apply them to HTTP content provided by your application via Connectors.
-If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenence and available:
+If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenance and available:
[here](https://github.com/SpiderLabs/ModSecurity/tree/v2/master).
### What is the difference between this project and the old ModSecurity (v2.x.x)?
-* All Apache dependences have been removed
+* All Apache dependencies have been removed
* Higher performance
* New features
* New architecture
Libmodsecurity is a complete rewrite of the ModSecurity platform. When it was first devised the ModSecurity project started as just an Apache module. Over time the project has been extended, due to popular demand, to support other platforms including (but not limited to) Nginx and IIS. In order to provide for the growing demand for additional platform support, it has became necessary to remove the Apache dependencies underlying this project, making it more platform independent.
-As a result of this goal we have rearchitechted Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opprotunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to nativly support auditlogs in the JSON format, along with a host of other functionality in future versions.
+As a result of this goal we have rearchitected Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opportunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to natively support auditlogs in the JSON format, along with a host of other functionality in future versions.
### It is no longer just a module.
-The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it undersands. Each of these connectors is maintained as a seperate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
+The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
-Keeping these connectors seperated allows each project to be have different release cycles, issues and development trees. Addtionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
+Keeping these connectors separated allows each project to have different release cycles, issues and development trees. Additionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
# Compilation
@@ -78,7 +77,7 @@ Windows build is not ready yet.
## Dependencies
This library is written in C++ using the C++11 standards. It also uses Flex
-and Yacc to produce the “Sec Rules Language” parser. Other, manditory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet manditory) for processing regular expressions in SecRules, and libXML2 (not yet manditory) which is used for parsing XML requests.
+and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests.
All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows:
@@ -97,7 +96,7 @@ The library provides a C++ and C interface. Some resources are currently only
available via the C++ interface, for instance, the capability to create custom logging
mechanism (see the regression test to check for how those logging mechanism works).
The objective is to have both APIs (C, C++) providing the same functionality,
-if you find an aspect of the API that is missing via a perticular interface, please open an issue.
+if you find an aspect of the API that is missing via a particular interface, please open an issue.
Inside the subfolder examples, there are simple examples on how to use the API.
Below some are illustrated:
@@ -168,7 +167,7 @@ are willing to help with.
## Providing patches
-We prefer to have your patch within the GtiHub infrastructure to facilitate our
+We prefer to have your patch within the GitHub infrastructure to facilitate our
review work, and our Q.A. integration. GitHub provides excellent
documentation on how to perform “Pull Requests”, more information available
here: https://help.github.com/articles/using-pull-requests/
@@ -199,7 +198,7 @@ A TODO list is also available as part of the Doxygen documentation.
Along with the manual testing, we strongly recommend you to use the our
regression tests and unit tests. If you have implemented an operator, don’t
-forget to create unit tests for it. If you impliment anything else, it is encouraged that you develop complimentary regression tests for it.
+forget to create unit tests for it. If you implement anything else, it is encouraged that you develop complimentary regression tests for it.
The regression test and unit test utilities are native and do not demand any
external tool or script, although you need to fetch the test cases from other
@@ -222,7 +221,7 @@ Before start the debugging process, make sure of where your bug is. The problem
could be on your connector or in libmodsecurity. In order to identify where the
bug is, it is recommended that you develop a regression test that mimics the
scenario where the bug is happening. If the bug is reproducible with the
-regression-test utility, then it will be far simpliar to debug and ensure that it never occurs again. On Linux it is
+regression-test utility, then it will be far simpler to debug and ensure that it never occurs again. On Linux it is
recommended that anyone undertaking debugging utilize gdb and/or valgrind as needed.
During the configuration/compilation time, you may want to disable the compiler
@@ -263,15 +262,15 @@ new issue, please check if there is one already opened on the same topic.
## Bindings
-The libModSecurity design allows the integration with bindings. There is an effort to avoid brake the API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
+The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
* Python - https://github.com/actions-security/pymodsecurity
* Varnish - https://github.com/xdecock/vmod-modsecurity
-## Packing
+## Packaging
Having our packages in distros on time is a desire that we have, so let us know
if there is anything we can do to facilitate your work as a packager.
+## Sponsor Note
-
-
+Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
diff --git a/src/deps/src/ModSecurity/SECURITY.md b/src/deps/src/ModSecurity/SECURITY.md
new file mode 100644
index 000000000..394d05b5f
--- /dev/null
+++ b/src/deps/src/ModSecurity/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+The latest versions of both v2.9.x and v3.0.x are supported.
+
+## Reporting a Vulnerability
+
+For information on how to report a security issue, please see https://github.com/SpiderLabs/ModSecurity#security-issue
diff --git a/src/deps/src/ModSecurity/build/curl.m4 b/src/deps/src/ModSecurity/build/curl.m4
index 66126ece7..747d21fe6 100644
--- a/src/deps/src/ModSecurity/build/curl.m4
+++ b/src/deps/src/ModSecurity/build/curl.m4
@@ -17,7 +17,7 @@ AC_DEFUN([CHECK_CURL], [
AC_ARG_WITH(
curl,
- [AC_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
+ [AS_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
[test_paths="${with_curl}"],
[test_paths="/usr/local/libcurl /usr/local/curl /usr/local /opt/libcurl /opt/curl /opt /usr"])
diff --git a/src/deps/src/ModSecurity/build/libgeoip.m4 b/src/deps/src/ModSecurity/build/libgeoip.m4
index 74fb076da..c382d241d 100644
--- a/src/deps/src/ModSecurity/build/libgeoip.m4
+++ b/src/deps/src/ModSecurity/build/libgeoip.m4
@@ -9,11 +9,6 @@ dnl GEOIP_VERSION
AC_DEFUN([PROG_GEOIP], [
-
-# Needed if pkg-config will be used.
-AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-
-
# Possible names for the geoip library/package (pkg-config)
GEOIP_POSSIBLE_LIB_NAMES="geoip2 geoip GeoIP"
diff --git a/src/deps/src/ModSecurity/build/libmaxmind.m4 b/src/deps/src/ModSecurity/build/libmaxmind.m4
index c674ca57b..656fc2506 100644
--- a/src/deps/src/ModSecurity/build/libmaxmind.m4
+++ b/src/deps/src/ModSecurity/build/libmaxmind.m4
@@ -9,13 +9,8 @@ dnl MAXMIND_VERSION
AC_DEFUN([PROG_MAXMIND], [
-
-# Needed if pkg-config will be used.
-AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-
-
# Possible names for the maxmind library/package (pkg-config)
-MAXMIND_POSSIBLE_LIB_NAMES="libmaxminddb maxminddb maxmind"
+MAXMIND_POSSIBLE_LIB_NAMES="maxminddb maxmind"
# Possible extensions for the library
MAXMIND_POSSIBLE_EXTENSIONS="so la sl dll dylib"
diff --git a/src/deps/src/ModSecurity/build/libxml.m4 b/src/deps/src/ModSecurity/build/libxml.m4
index ba8c50acb..f10fd1f8d 100644
--- a/src/deps/src/ModSecurity/build/libxml.m4
+++ b/src/deps/src/ModSecurity/build/libxml.m4
@@ -4,20 +4,7 @@ dnl Sets:
dnl LIBXML2_CFLAGS
dnl LIBXML2_LIBS
-LIBXML2_CONFIG=""
-LIBXML2_VERSION=""
-LIBXML2_CFLAGS=""
-LIBXML2_CPPFLAGS=""
-LIBXML2_LDADD=""
-LIBXML2_LDFLAGS=""
-
-AC_DEFUN([CHECK_LIBXML2], [
-
-AC_ARG_WITH(
- libxml,
- [AC_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
- [test_paths="${with_libxml}"],
- [test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
+AC_DEFUN([CHECK_XML2CONFIG], [
AC_MSG_CHECKING([for libxml2 config script])
@@ -58,19 +45,56 @@ if test -n "${libxml2_path}"; then
LIBXML2_LDADD="`${LIBXML2_CONFIG} --libs`"
if test ! -z "${LIBXML2_LDADD}"; then AC_MSG_NOTICE(xml LDADD: $LIBXML2_LDADD); fi
- AC_MSG_CHECKING([if libxml2 is at least v2.6.29])
- libxml2_min_ver=`echo 2.6.29 | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
+ AC_MSG_CHECKING([if libxml2 is at least v${LIBXML2_MIN_VERSION}])
+ libxml2_min_ver=`echo ${LIBXML2_MIN_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
libxml2_ver=`echo ${LIBXML2_VERSION} | awk -F. '{print (\$ 1 * 1000000) + (\$ 2 * 1000) + \$ 3}'`
if test "$libxml2_ver" -ge "$libxml2_min_ver"; then
AC_MSG_RESULT([yes, $LIBXML2_VERSION])
else
AC_MSG_RESULT([no, $LIBXML2_VERSION])
- AC_MSG_ERROR([NOTE: libxml2 library must be at least 2.6.29])
+ AC_MSG_ERROR([NOTE: libxml2 library must be at least ${LIBXML2_MIN_VERSION}])
fi
else
AC_MSG_RESULT([no])
fi
+])
+
+AC_DEFUN([CHECK_LIBXML2], [
+
+AC_ARG_WITH(
+ libxml,
+ [AS_HELP_STRING([--with-libxml=PATH],[Path to libxml2 prefix or config script])],
+ [test_paths="${with_libxml}"],
+ [test_paths="/usr/local/libxml2 /usr/local/xml2 /usr/local/xml /usr/local /opt/libxml2 /opt/libxml /opt/xml2 /opt/xml /opt /usr"])
+
+LIBXML2_MIN_VERSION="2.6.29"
+LIBXML2_PKG_NAME="libxml-2.0"
+LIBXML2_CONFIG=""
+LIBXML2_VERSION=""
+LIBXML2_CFLAGS=""
+LIBXML2_CPPFLAGS=""
+LIBXML2_LDADD=""
+LIBXML2_LDFLAGS=""
+
+if test "x${with_libxml}" != "xno"; then
+ if test -n "${PKG_CONFIG}"; then
+ AC_MSG_CHECKING([for libxml2 >= ${LIBXML2_MIN_VERSION} via pkg-config])
+ if `${PKG_CONFIG} --exists "${LIBXML2_PKG_NAME} >= ${LIBXML2_MIN_VERSION}"`; then
+ LIBXML2_VERSION="`${PKG_CONFIG} --modversion ${LIBXML2_PKG_NAME}`"
+ LIBXML2_CFLAGS="`${PKG_CONFIG} --cflags ${LIBXML2_PKG_NAME}` -DWITH_LIBXML2"
+ LIBXML2_LDADD="`${PKG_CONFIG} --libs-only-l ${LIBXML2_PKG_NAME}`"
+ LIBXML2_LDFLAGS="`${PKG_CONFIG} --libs-only-L --libs-only-other ${LIBXML2_PKG_NAME}`"
+ AC_MSG_RESULT([found version ${LIBXML2_VERSION}])
+ else
+ AC_MSG_RESULT([not found])
+ fi
+ fi
+
+ if test -z "${LIBXML2_VERSION}"; then
+ CHECK_XML2CONFIG
+ fi
+fi
AC_SUBST(LIBXML2_CONFIG)
AC_SUBST(LIBXML2_VERSION)
diff --git a/src/deps/src/ModSecurity/build/lmdb.m4 b/src/deps/src/ModSecurity/build/lmdb.m4
index f413226c8..1488617e3 100644
--- a/src/deps/src/ModSecurity/build/lmdb.m4
+++ b/src/deps/src/ModSecurity/build/lmdb.m4
@@ -3,10 +3,6 @@ dnl CHECK_LMDB(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_LMDB], [
-# Needed if pkg-config will be used.LMDB
-AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-
-
# Possible names for the lmdb library/package (pkg-config)
LMDB_POSSIBLE_LIB_NAMES="lmdb"
@@ -25,10 +21,7 @@ LMDB_LDFLAGS=""
AC_ARG_WITH(
lmdb,
- AC_HELP_STRING(
- [--with-lmdb=PATH],
- [Path to lmdb prefix or config script]
- )
+ [AS_HELP_STRING([--with-lmdb=PATH],[Path to lmdb prefix or config script])]
)
if test "x${with_lmdb}" == "xno"; then
diff --git a/src/deps/src/ModSecurity/build/lua.m4 b/src/deps/src/ModSecurity/build/lua.m4
index 49a54b485..4780d32fc 100644
--- a/src/deps/src/ModSecurity/build/lua.m4
+++ b/src/deps/src/ModSecurity/build/lua.m4
@@ -6,13 +6,13 @@ AC_DEFUN([CHECK_LUA],
[dnl
# Possible names for the lua library/package (pkg-config)
-LUA_POSSIBLE_LIB_NAMES="luajit luajit-5.1 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
+LUA_POSSIBLE_LIB_NAMES="lua54 lua5.4 lua-5.4 lua53 lua5.3 lua-5.3 lua52 lua5.2 lua-5.2 lua51 lua5.1 lua-5.1 lua"
# Possible extensions for the library
-LUA_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
+LUA_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
-LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local"
+LUA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/lib64 /usr/local/lua /usr/local/liblua /usr/local /opt /usr /usr/lib64 /opt/local /usr/lib/lua5.3/liblua /usr/lib/lua5.2/liblua"
# Variables to be set by this very own script.
LUA_CFLAGS=""
@@ -22,10 +22,7 @@ LUA_DISPLAY=""
AC_ARG_WITH(
lua,
- AC_HELP_STRING(
- [--with-lua=PATH],
- [Path to lua prefix]
- )
+ [AS_HELP_STRING([--with-lua=PATH],[Path to lua prefix])]
)
@@ -68,6 +65,8 @@ else
case $LUA_PKG_VERSION in
(5.1*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(5.2*) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
+ (5.3*) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
+ (5.4*) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
(2.0*) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(2.1*) LUA_CFLAGS="-DWITH_LUA_5_1 -DWITH_LUA_JIT_2_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
esac
@@ -162,6 +161,9 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
lua_inc_path="${path}"
elif test -e "${path}/include/lua/lua.h"; then
lua_inc_path="${path}/include/lua"
+ elif test -e "${path}/include/lua5.4/lua.h"; then
+ lua_inc_path="${path}/include/lua5.4"
+ LUA_VERSION=504
elif test -e "${path}/include/lua5.3/lua.h"; then
lua_inc_path="${path}/include/lua5.3"
LUA_VERSION=503
@@ -207,6 +209,14 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
#endif ],
[ LUA_VERSION=502 ], [ lua_5_2=0 ]
)
+ AC_TRY_COMPILE([ #include ],
+ [ #if (LUA_VERSION_NUM == 504)
+ return 0;
+ #else
+ #error Lua 5.4 not detected
+ #endif ],
+ [ LUA_VERSION=504 ], [ lua_5_4=0 ]
+ )
if test -z "${LUA_VERSION}" ; then
# As a last resort, try to find LUA version from $lua_inc_path
@@ -214,8 +224,9 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
do
case "$line" in
(\#define\ LUA_VERSION_NUM*501*) LUA_VERSION=501 ;;
- (\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=501 ;;
- (\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503
+ (\#define\ LUA_VERSION_NUM*502*) LUA_VERSION=502 ;;
+ (\#define\ LUA_VERSION_NUM*503*) LUA_VERSION=503 ;;
+ (\#define\ LUA_VERSION_NUM*504*) LUA_VERSION=504
esac
done <"${lua_inc_path}/lua.h"
AC_MSG_NOTICE([LUA_VERSION is ${LUA_VERSION} found at: ${lua_inc_path}])
@@ -226,6 +237,8 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [
case $LUA_VERSION in
(501) LUA_CFLAGS="-DWITH_LUA_5_1 ${LUA_CFLAGS}" ; lua_5_1=1 ;;
(502) LUA_CFLAGS="-DWITH_LUA_5_2 ${LUA_CFLAGS}" ; lua_5_2=1 ;;
+ (503) LUA_CFLAGS="-DWITH_LUA_5_3 ${LUA_CFLAGS}" ; lua_5_3=1 ;;
+ (504) LUA_CFLAGS="-DWITH_LUA_5_4 ${LUA_CFLAGS}" ; lua_5_4=1 ;;
esac
fi
diff --git a/src/deps/src/ModSecurity/build/pcre.m4 b/src/deps/src/ModSecurity/build/pcre.m4
index 0de3c9c99..f338aa502 100644
--- a/src/deps/src/ModSecurity/build/pcre.m4
+++ b/src/deps/src/ModSecurity/build/pcre.m4
@@ -17,93 +17,97 @@ AC_DEFUN([CHECK_PCRE],
AC_ARG_WITH(
pcre,
- [AC_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
+ [AS_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
[test_paths="${with_pcre}"],
[test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"])
-AC_MSG_CHECKING([for libpcre config script])
+if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then
+ AC_MSG_NOTICE([pcre2 specified; omitting check for pcre])
+else
-for x in ${test_paths}; do
- dnl # Determine if the script was specified and use it directly
- if test ! -d "$x" -a -e "$x"; then
- PCRE_CONFIG=$x
- pcre_path="no"
- break
- fi
+ AC_MSG_CHECKING([for libpcre config script])
- dnl # Try known config script names/locations
- for PCRE_CONFIG in pcre-config; do
- if test -e "${x}/bin/${PCRE_CONFIG}"; then
- pcre_path="${x}/bin"
+ for x in ${test_paths}; do
+ dnl # Determine if the script was specified and use it directly
+ if test ! -d "$x" -a -e "$x"; then
+ PCRE_CONFIG=$x
+ pcre_path="no"
break
- elif test -e "${x}/${PCRE_CONFIG}"; then
- pcre_path="${x}"
+ fi
+
+ dnl # Try known config script names/locations
+ for PCRE_CONFIG in pcre-config; do
+ if test -e "${x}/bin/${PCRE_CONFIG}"; then
+ pcre_path="${x}/bin"
+ break
+ elif test -e "${x}/${PCRE_CONFIG}"; then
+ pcre_path="${x}"
+ break
+ else
+ pcre_path=""
+ fi
+ done
+ if test -n "$pcre_path"; then
break
- else
- pcre_path=""
fi
done
- if test -n "$pcre_path"; then
- break
- fi
-done
-if test -n "${pcre_path}"; then
- if test "${pcre_path}" != "no"; then
- PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
- fi
- AC_MSG_RESULT([${PCRE_CONFIG}])
- PCRE_VERSION="`${PCRE_CONFIG} --version`"
- if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
- PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
- if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
- PCRE_LDADD="`${PCRE_CONFIG} --libs`"
- if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
- PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
- if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
-else
- AC_MSG_RESULT([no])
-fi
-
-if test -n "${PCRE_VERSION}"; then
- AC_MSG_CHECKING(for PCRE JIT)
- save_CFLAGS=$CFLAGS
- save_LDFLAGS=$LDFLAGS
- CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
- LDFLAGS="${LDFLAGS} ${PCRE_LDADD}"
- AC_TRY_COMPILE([ #include
- #include ],
- [ int jit = 0;
- pcre_free_study(NULL);
- pcre_config(PCRE_CONFIG_JIT, &jit);
- if (jit != 1) return 1; ],
- [ pcre_jit_available=yes ], [:]
- )
-
- if test "x$pcre_jit_available" = "xyes"; then
- AC_MSG_RESULT(yes)
- PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
+ if test -n "${pcre_path}"; then
+ if test "${pcre_path}" != "no"; then
+ PCRE_CONFIG="${pcre_path}/${PCRE_CONFIG}"
+ fi
+ AC_MSG_RESULT([${PCRE_CONFIG}])
+ PCRE_VERSION="`${PCRE_CONFIG} --version`"
+ if test ! -z "${PCRE_VERSION}"; then AC_MSG_NOTICE(pcre VERSION: $PCRE_VERSION); fi
+ PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
+ if test ! -z "${PCRE_CFLAGS}"; then AC_MSG_NOTICE(pcre CFLAGS: $PCRE_CFLAGS); fi
+ PCRE_LDADD="`${PCRE_CONFIG} --libs`"
+ if test ! -z "${PCRE_LDADD}"; then AC_MSG_NOTICE(pcre LDADD: $PCRE_LDADD); fi
+ PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
+ if test ! -z "${PCRE_LD_PATH}"; then AC_MSG_NOTICE(pcre PCRE_LD_PATH: $PCRE_LD_PATH); fi
else
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
fi
- CFLAGS=$save_CFLAGS
- LDFLAGS=$save_$LDFLAGS
+
+ if test -n "${PCRE_VERSION}"; then
+ AC_MSG_CHECKING(for PCRE JIT)
+ save_CFLAGS=$CFLAGS
+ save_LDFLAGS=$LDFLAGS
+ save_LIBS=$LIBS
+ CFLAGS="${PCRE_CFLAGS} ${CFLAGS}"
+ LDFLAGS="${PCRE_LDADD} ${LDFLAGS}"
+ LIBS="${PCRE_LDADD} ${LIBS}"
+ AC_TRY_LINK([ #include ],
+ [ pcre_jit_exec(NULL, NULL, NULL, 0, 0, 0, NULL, 0, NULL); ],
+ [ pcre_jit_available=yes ], [:]
+ )
+
+ if test "x$pcre_jit_available" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ PCRE_CFLAGS="${PCRE_CFLAGS} -DPCRE_HAVE_JIT"
+ else
+ AC_MSG_RESULT(no)
+ fi
+ CFLAGS=$save_CFLAGS
+ LDFLAGS=$save_LDFLAGS
+ LIBS=$save_LIBS
+ fi
+
+ AC_SUBST(PCRE_CONFIG)
+ AC_SUBST(PCRE_VERSION)
+ AC_SUBST(PCRE_CPPFLAGS)
+ AC_SUBST(PCRE_CFLAGS)
+ AC_SUBST(PCRE_LDFLAGS)
+ AC_SUBST(PCRE_LDADD)
+ AC_SUBST(PCRE_LD_PATH)
+
+ if test -z "${PCRE_VERSION}"; then
+ AC_MSG_NOTICE([*** pcre library not found.])
+ ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
+ else
+ AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
+ ifelse([$1], , , $1)
+ PCRE_LDADD="${PCRE_LDADD} -lpcre"
+ fi
fi
-
-AC_SUBST(PCRE_CONFIG)
-AC_SUBST(PCRE_VERSION)
-AC_SUBST(PCRE_CPPFLAGS)
-AC_SUBST(PCRE_CFLAGS)
-AC_SUBST(PCRE_LDFLAGS)
-AC_SUBST(PCRE_LDADD)
-AC_SUBST(PCRE_LD_PATH)
-
-if test -z "${PCRE_VERSION}"; then
- AC_MSG_NOTICE([*** pcre library not found.])
- ifelse([$2], , AC_MSG_ERROR([pcre library is required]), $2)
-else
- AC_MSG_NOTICE([using pcre v${PCRE_VERSION}])
- ifelse([$1], , , $1)
- PCRE_LDADD="${PCRE_LDADD} -lpcre"
-fi
])
diff --git a/src/deps/src/ModSecurity/build/pcre2.m4 b/src/deps/src/ModSecurity/build/pcre2.m4
new file mode 100644
index 000000000..0303bc29f
--- /dev/null
+++ b/src/deps/src/ModSecurity/build/pcre2.m4
@@ -0,0 +1,180 @@
+dnl Check for PCRE2 Libraries
+dnl CHECK_PCRE2(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
+
+AC_DEFUN([PROG_PCRE2], [
+
+# Possible names for the pcre2 library/package (pkg-config)
+PCRE2_POSSIBLE_LIB_NAMES="pcre2 pcre2-8"
+
+# Possible extensions for the library
+PCRE2_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0"
+
+# Possible paths (if pkg-config was not found, proceed with the file lookup)
+PCRE2_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/libpcre2-8 /usr/local/pcre2 /usr/local /opt/libpcre2-8 /opt/pcre2 /opt /usr /usr/lib64 /opt/local"
+
+# Variables to be set by this very own script.
+PCRE2_VERSION=""
+PCRE2_CFLAGS=""
+PCRE2_CPPFLAGS=""
+PCRE2_LDADD=""
+PCRE2_LDFLAGS=""
+
+AC_ARG_WITH(
+ pcre2,
+ [AS_HELP_STRING([--with-pcre2=PATH],[Path to pcre2 prefix or config script])]
+)
+
+if test "x${with_pcre2}" == "xno"; then
+ AC_DEFINE(HAVE_PCRE2, 0, [Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
+ AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
+ PCRE2_DISABLED=yes
+else
+ if test "x${with_pcre2}" == "xyes"; then
+ PCRE2_MANDATORY=yes
+ AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
+ fi
+# for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
+# CHECK_FOR_PCRE2_AT(${x})
+# if test -n "${PCRE2_VERSION}"; then
+# break
+# fi
+# done
+
+# if test "x${with_pcre2}" != "xyes" or test "x${with_pcre2}" == "xyes"; then
+ if test "x${with_pcre2}" == "x" || test "x${with_pcre2}" == "xyes"; then
+ # Nothing about PCRE2 was informed, using the pkg-config to figure things out.
+ if test -n "${PKG_CONFIG}"; then
+ PCRE2_PKG_NAME=""
+ for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
+ if ${PKG_CONFIG} --exists ${x}; then
+ PCRE2_PKG_NAME="$x"
+ break
+ fi
+ done
+ fi
+ AC_MSG_NOTICE([Nothing about PCRE2 was informed during the configure phase. Trying to detect it on the platform...])
+ if test -n "${PCRE2_PKG_NAME}"; then
+ # Package was found using the pkg-config scripts
+ PCRE2_VERSION="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --modversion`"
+ PCRE2_CFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --cflags`"
+ PCRE2_LDADD="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-l`"
+ PCRE2_LDFLAGS="`${PKG_CONFIG} ${PCRE2_PKG_NAME} --libs-only-L --libs-only-other`"
+ PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
+ else
+ # If pkg-config did not find anything useful, go over file lookup.
+ for x in ${PCRE2_POSSIBLE_PATHS}; do
+ CHECK_FOR_PCRE2_AT(${x})
+ if test -n "${PCRE2_VERSION}"; then
+ break
+ fi
+ done
+ fi
+ fi
+ if test "x${with_pcre2}" != "x"; then
+ # An specific path was informed, lets check.
+ PCRE2_MANDATORY=yes
+ CHECK_FOR_PCRE2_AT(${with_pcre2})
+ fi
+# fi
+fi
+
+if test -z "${PCRE2_LDADD}"; then
+ if test -z "${PCRE2_MANDATORY}"; then
+ if test -z "${PCRE2_DISABLED}"; then
+ AC_MSG_NOTICE([PCRE2 library was not found])
+ PCRE2_FOUND=0
+ else
+ PCRE2_FOUND=2
+ fi
+ else
+ AC_MSG_ERROR([PCRE2 was explicitly referenced but it was not found])
+ PCRE2_FOUND=-1
+ fi
+else
+ if test -z "${PCRE2_MANDATORY}"; then
+ PCRE2_FOUND=2
+ AC_MSG_NOTICE([PCRE2 is disabled by default.])
+ else
+ PCRE2_FOUND=1
+ AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}])
+ PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}"
+ PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
+ AC_SUBST(PCRE2_VERSION)
+ AC_SUBST(PCRE2_LDADD)
+ AC_SUBST(PCRE2_LIBS)
+ AC_SUBST(PCRE2_LDFLAGS)
+ AC_SUBST(PCRE2_CFLAGS)
+ AC_SUBST(PCRE2_DISPLAY)
+ fi
+fi
+
+
+AC_SUBST(PCRE2_FOUND)
+
+]) # AC_DEFUN [PROG_PCRE2]
+
+
+AC_DEFUN([CHECK_FOR_PCRE2_AT], [
+ path=$1
+ echo "*** LOOKING AT PATH: " ${path}
+ for y in ${PCRE2_POSSIBLE_EXTENSIONS}; do
+ for z in ${PCRE2_POSSIBLE_LIB_NAMES}; do
+ if test -e "${path}/${z}.${y}"; then
+ pcre2_lib_path="${path}/"
+ pcre2_lib_name="${z}"
+ pcre2_lib_file="${pcre2_lib_path}/${z}.${y}"
+ break
+ fi
+ if test -e "${path}/lib${z}.${y}"; then
+ pcre2_lib_path="${path}/"
+ pcre2_lib_name="${z}"
+ pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
+ break
+ fi
+ if test -e "${path}/lib/lib${z}.${y}"; then
+ pcre2_lib_path="${path}/lib/"
+ pcre2_lib_name="${z}"
+ pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
+ break
+ fi
+ if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
+ pcre2_lib_path="${path}/lib/x86_64-linux-gnu/"
+ pcre2_lib_name="${z}"
+ pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
+ break
+ fi
+ if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then
+ pcre2_lib_path="${path}/lib/i386-linux-gnu/"
+ pcre2_lib_name="${z}"
+ pcre2_lib_file="${pcre2_lib_path}/lib${z}.${y}"
+ break
+ fi
+ done
+ if test -n "$pcre2_lib_path"; then
+ break
+ fi
+ done
+ if test -e "${path}/include/pcre2.h"; then
+ pcre2_inc_path="${path}/include"
+ elif test -e "${path}/pcre2.h"; then
+ pcre2_inc_path="${path}"
+ elif test -e "${path}/include/pcre2/pcre2.h"; then
+ pcre2_inc_path="${path}/include"
+ fi
+
+ if test -n "${pcre2_lib_path}"; then
+ AC_MSG_NOTICE([PCRE2 library found at: ${pcre2_lib_file}])
+ fi
+
+ if test -n "${pcre2_inc_path}"; then
+ AC_MSG_NOTICE([PCRE2 headers found at: ${pcre2_inc_path}])
+ fi
+
+ if test -n "${pcre2_lib_path}" -a -n "${pcre2_inc_path}"; then
+ # TODO: Compile a piece of code to check the version.
+ PCRE2_CFLAGS="-I${pcre2_inc_path}"
+ PCRE2_LDADD="-l${pcre2_lib_name}"
+ PCRE2_LDFLAGS="-L${pcre2_lib_path}"
+ PCRE2_DISPLAY="${pcre2_lib_file}, ${pcre2_inc_path}"
+ fi
+]) # AC_DEFUN [CHECK_FOR_PCRE2_AT]
diff --git a/src/deps/src/ModSecurity/build/ssdeep.m4 b/src/deps/src/ModSecurity/build/ssdeep.m4
index ec9747fbc..44e783271 100644
--- a/src/deps/src/ModSecurity/build/ssdeep.m4
+++ b/src/deps/src/ModSecurity/build/ssdeep.m4
@@ -22,10 +22,7 @@ SSDEEP_DISPLAY=""
AC_ARG_WITH(
ssdeep,
- AC_HELP_STRING(
- [--with-ssdeep=PATH],
- [Path to ssdeep prefix]
- )
+ [AS_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])]
)
diff --git a/src/deps/src/ModSecurity/build/yajl.m4 b/src/deps/src/ModSecurity/build/yajl.m4
index 7bd9a0beb..dd6957156 100644
--- a/src/deps/src/ModSecurity/build/yajl.m4
+++ b/src/deps/src/ModSecurity/build/yajl.m4
@@ -3,10 +3,6 @@ dnl CHECK_YAJL(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
AC_DEFUN([PROG_YAJL], [
-# Needed if pkg-config will be used.
-AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-
-
# Possible names for the yajl library/package (pkg-config)
YAJL_POSSIBLE_LIB_NAMES="yajl2 yajl"
@@ -25,20 +21,17 @@ YAJL_LDFLAGS=""
AC_ARG_WITH(
yajl,
- AC_HELP_STRING(
- [--with-yajl=PATH],
- [Path to yajl prefix or config script]
- )
+ [AS_HELP_STRING([--with-yajl=PATH],[Path to yajl prefix or config script])]
)
if test "x${with_yajl}" == "xno"; then
- AC_DEFINE(HAVE_GEOIP, 0, [Support for GeoIP was disabled by the utilization of --without-yajl or --with-yajl=no])
- AC_MSG_NOTICE([Support for GeoIP was disabled by the utilization of --without-yajl or --with-yajl=no])
+ AC_DEFINE(HAVE_YAJL, 0, [Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
+ AC_MSG_NOTICE([Support for YAJL was disabled by the utilization of --without-yajl or --with-yajl=no])
YAJL_DISABLED=yes
else
if test "x${with_yajl}" == "xyes"; then
YAJL_MANDATORY=yes
- AC_MSG_NOTICE([GeoIP support was marked as mandatory by the utilization of --with-yajl=yes])
+ AC_MSG_NOTICE([YAJL support was marked as mandatory by the utilization of --with-yajl=yes])
fi
# for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_YAJL_AT(${x})
@@ -49,7 +42,7 @@ else
# if test "x${with_yajl}" != "xyes" or test "x${with_yajl}" == "xyes"; then
if test "x${with_yajl}" == "x" || test "x${with_yajl}" == "xyes"; then
- # Nothing about GeoIP was informed, using the pkg-config to figure things out.
+ # Nothing about YAJL was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
YAJL_PKG_NAME=""
for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
@@ -59,7 +52,7 @@ else
fi
done
fi
- AC_MSG_NOTICE([Nothing about GeoIP was informed during the configure phase. Trying to detect it on the platform...])
+ AC_MSG_NOTICE([Nothing about YAJL was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${YAJL_PKG_NAME}"; then
# Package was found using the pkg-config scripts
YAJL_VERSION="`${PKG_CONFIG} ${YAJL_PKG_NAME} --modversion`"
diff --git a/src/deps/src/ModSecurity/configure.ac b/src/deps/src/ModSecurity/configure.ac
index bd606aa68..1483a3592 100644
--- a/src/deps/src/ModSecurity/configure.ac
+++ b/src/deps/src/ModSecurity/configure.ac
@@ -49,13 +49,14 @@ AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
AC_PROG_CXX
AM_PROG_AR
AC_PROG_MAKE_SET
+PKG_PROG_PKG_CONFIG
# Check if the compiler is c++11 compatible.
# AX_CXX_COMPILE_STDCXX_11(,mandatory)
# Check for libinjection
-if ! test -f "others/libinjection/src/libinjection_html5.c"; then
+if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then
AC_MSG_ERROR([\
@@ -128,6 +129,13 @@ CHECK_LIBXML2
CHECK_PCRE
+#
+# Check for pcre2
+#
+PROG_PCRE2
+AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
+
+
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([string])
@@ -157,7 +165,7 @@ case $host in
AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
PLATFORM="MacOSX"
;;
- *-*-linux*)
+ *-*-linux* | *-*uclinux*)
echo "Checking platform... Identified as Linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
PLATFORM="Linux"
@@ -187,6 +195,11 @@ case $host in
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
PLATFORM="kFreeBSD"
;;
+ *-*-dragonfly*)
+ echo "Checking platform... Identified as DragonFlyBSD, treating as linux"
+ AC_DEFINE([DRAGONFLY], [1], [Define if the operating system is DRAGONFLY])
+ PLATFORM="DragonFly"
+ ;;
*-*-gnu*.*)
echo "Checking platform... Identified as HURD, treating as linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
@@ -194,7 +207,7 @@ case $host in
;;
*)
echo "Unknown CANONICAL_HOST $host"
- exit
+ exit 1
;;
esac
@@ -216,7 +229,7 @@ AC_SUBST([MSC_GIT_VERSION])
AC_ARG_ENABLE(debug-logs,
- [AC_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
+ [AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
[case "${enableval}" in
yes) debugLogs=true ;;
@@ -234,7 +247,7 @@ fi
# Fuzzer
AC_ARG_ENABLE(afl-fuzz,
- [AC_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
+ [AS_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
[case "${enableval}" in
yes) aflFuzzer=true ;;
@@ -247,7 +260,7 @@ AC_ARG_ENABLE(afl-fuzz,
# Examples
AC_ARG_ENABLE(examples,
- [AC_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
+ [AS_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
[case "${enableval}" in
yes) buildExamples=true ;;
@@ -260,7 +273,7 @@ AC_ARG_ENABLE(examples,
# Parser
AC_ARG_ENABLE(parser-generation,
- [AC_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
+ [AS_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
[case "${enableval}" in
yes) buildParser=true ;;
@@ -273,7 +286,7 @@ AC_ARG_ENABLE(parser-generation,
# Mutex
AC_ARG_ENABLE(mutex-on-pm,
- [AC_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
+ [AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
[case "${enableval}" in
yes) mutexPm=true ;;
@@ -313,7 +326,7 @@ fi
# Regression tests will not be able to run without the logging support.
# But we still have the unit tests.
# if test "$debugLogs" = "true"; then
-# buildTestUtilities=true
+# buildTestUtilities=true
# fi
# fi
@@ -549,6 +562,23 @@ if test "x$LUA_FOUND" = "x2"; then
fi
+## PCRE2
+if test "x$PCRE2_FOUND" = "x0"; then
+ echo " + PCRE2 ....not found"
+fi
+if test "x$PCRE2_FOUND" = "x1"; then
+ echo -n " + PCRE2 ....found "
+ if ! test "x$PCRE2_VERSION" = "x"; then
+ echo "v${PCRE2_VERSION}"
+ else
+ echo ""
+ fi
+ echo " ${PCRE2_DISPLAY}"
+fi
+if test "x$PCRE2_FOUND" = "x2"; then
+ echo " + PCRE2 ....disabled"
+fi
+
echo " "
echo " Other Options"
if test $buildTestUtilities = true; then
diff --git a/src/deps/src/ModSecurity/doc/doxygen.cfg b/src/deps/src/ModSecurity/doc/doxygen.cfg
index 44326e01d..648da83f8 100644
--- a/src/deps/src/ModSecurity/doc/doxygen.cfg
+++ b/src/deps/src/ModSecurity/doc/doxygen.cfg
@@ -32,7 +32,7 @@ DOXYFILE_ENCODING = UTF-8
# title of most generated pages and in a few other places.
# The default value is: My Project.
-PROJECT_NAME = ModSecurty
+PROJECT_NAME = ModSecurity
# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
# could be handy for archiving the generated documentation or if some version
@@ -51,7 +51,7 @@ PROJECT_BRIEF = "ModSecurity is an open source, cross platform web appl
# and the maximum width should not exceed 200 pixels. Doxygen will copy the logo
# to the output directory.
-PROJECT_LOGO = doc/ms-doxygen-logo.png
+PROJECT_LOGO = ../doc/ms-doxygen-logo.png
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
# into which the generated documentation will be written. If a relative path is
diff --git a/src/deps/src/ModSecurity/examples/multiprocess_c/multi.c b/src/deps/src/ModSecurity/examples/multiprocess_c/multi.c
index caff92b5d..6c2ae5218 100644
--- a/src/deps/src/ModSecurity/examples/multiprocess_c/multi.c
+++ b/src/deps/src/ModSecurity/examples/multiprocess_c/multi.c
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -15,7 +15,7 @@
#include
#include
-#include
+#include
#include
#include
#include
@@ -24,12 +24,13 @@
#include
#include
+
#define FORKS 5
#define REQUESTS_PER_PROCESS 100
char main_rule_uri[] = "basic_rules.conf";
-Rules *rules = NULL;
+RulesSet *rules = NULL;
ModSecurity *modsec = NULL;
@@ -41,11 +42,14 @@ void process_special_request (int j) {
msc_process_uri(transaction,
"http://www.modsecurity.org/test?foo=herewego",
"GET", "1.1");
- msc_add_request_header(transaction, "User-Agent",
- "Basic ModSecurity example");
+ msc_add_request_header(transaction,
+ (const unsigned char *) "User-Agent",
+ (const unsigned char *) "Basic ModSecurity example");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
- msc_add_response_header(transaction, "Content-type", "text/html");
+ msc_add_response_header(transaction,
+ (const unsigned char *) "Content-type",
+ (const unsigned char *) "text/html");
msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction);
msc_process_logging(transaction);
@@ -69,11 +73,14 @@ void process_request (int j) {
msc_process_uri(transaction,
"http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3",
"GET", "1.1");
- msc_add_request_header(transaction, "User-Agent",
- "Basic ModSecurity example");
+ msc_add_request_header(transaction,
+ (const unsigned char *) "User-Agent",
+ (const unsigned char *) "Basic ModSecurity example");
msc_process_request_headers(transaction);
msc_process_request_body(transaction);
- msc_add_response_header(transaction, "Content-type", "text/html");
+ msc_add_response_header(transaction,
+ (const unsigned char *) "Content-type",
+ (const unsigned char *) "text/html");
msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction);
msc_process_logging(transaction);
@@ -90,7 +97,6 @@ int main (int argc, char **argv)
{
int ret;
const char *error = NULL;
- int i = 0;
pid_t pid;
int f;
diff --git a/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/Makefile.am b/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/Makefile.am
index 48e884930..797ac752b 100644
--- a/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/Makefile.am
+++ b/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/Makefile.am
@@ -6,7 +6,6 @@ simple_request_SOURCES = \
simple_request.cc
simple_request_LDADD = \
- $(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(GLOBAL_LDADD) \
@@ -19,9 +18,13 @@ simple_request_LDADD = \
$(YAJL_LDADD)
simple_request_LDFLAGS = \
+ -L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
- $(LMDB_LDFLAGS) \
+ -lmodsecurity \
-lpthread \
+ -lm \
+ -lstdc++ \
+ $(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@@ -36,6 +39,7 @@ simple_request_CPPFLAGS = \
-I../others \
-fPIC \
-O3 \
+ $(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
diff --git a/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
index 52ce11eda..58cbba8b2 100644
--- a/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -69,14 +69,14 @@ char ip[] = "200.249.12.31";
struct data_ms {
modsecurity::ModSecurity *modsec;
- modsecurity::Rules *rules;
+ modsecurity::RulesSet *rules;
};
static void *process_request(void *data) {
struct data_ms *a = (struct data_ms *)data;
modsecurity::ModSecurity *modsec = a->modsec;
- modsecurity::Rules *rules = a->rules;
+ modsecurity::RulesSet *rules = a->rules;
int z = 0;
for (z = 0; z < 10000; z++) {
@@ -115,7 +115,7 @@ class ReadingLogsViaRuleMessage {
char *response_headers,
char *response_body,
char *ip,
- std::string rules) :
+ const std::string &rules) :
m_request_header(request_header),
m_request_uri(request_uri),
m_request_body(request_body),
@@ -132,8 +132,7 @@ class ReadingLogsViaRuleMessage {
void *status;
modsecurity::ModSecurity *modsec;
- modsecurity::Rules *rules;
- modsecurity::ModSecurityIntervention it;
+ modsecurity::RulesSet *rules;
modsec = new modsecurity::ModSecurity();
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
@@ -141,7 +140,7 @@ class ReadingLogsViaRuleMessage {
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
| modsecurity::IncludeFullHighlightLogProperty);
- rules = new modsecurity::Rules();
+ rules = new modsecurity::RulesSet();
if (rules->loadFromUri(m_rules.c_str()) < 0) {
std::cout << "Problems loading the rules..." << std::endl;
std::cout << rules->m_parserError.str() << std::endl;
@@ -168,8 +167,6 @@ class ReadingLogsViaRuleMessage {
delete modsec;
pthread_exit(NULL);
return 0;
-end:
- return -1;
}
static void logCb(void *data, const void *ruleMessagev) {
diff --git a/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/simple_request.cc b/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/simple_request.cc
index 0487abc77..1d3b1deb2 100644
--- a/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/simple_request.cc
+++ b/src/deps/src/ModSecurity/examples/reading_logs_via_rule_message/simple_request.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -17,7 +17,7 @@
#include
#include
-#include
+#include
#include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
@@ -29,8 +29,8 @@ int main(int argc, char **argv) {
return -1;
}
- *(argv++);
- std::string rules(*argv);
+ char *rule = *(++argv);
+ std::string rules(rule);
ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
response_headers, response_body, ip, rules);
rlvrm.process();
diff --git a/src/deps/src/ModSecurity/examples/reading_logs_with_offset/Makefile.am b/src/deps/src/ModSecurity/examples/reading_logs_with_offset/Makefile.am
index d3ff13451..b798c8c54 100644
--- a/src/deps/src/ModSecurity/examples/reading_logs_with_offset/Makefile.am
+++ b/src/deps/src/ModSecurity/examples/reading_logs_with_offset/Makefile.am
@@ -6,7 +6,6 @@ read_SOURCES = \
read.cc
read_LDADD = \
- $(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
@@ -19,7 +18,12 @@ read_LDADD = \
$(YAJL_LDADD)
read_LDFLAGS = \
+ -L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
+ -lmodsecurity \
+ -lpthread \
+ -lm \
+ -lstdc++ \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@@ -35,6 +39,7 @@ read_CPPFLAGS = \
-I../others \
-fPIC \
-O3 \
+ $(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
diff --git a/src/deps/src/ModSecurity/examples/simple_example_using_c/test.c b/src/deps/src/ModSecurity/examples/simple_example_using_c/test.c
index 4a6358303..c7ed91b28 100644
--- a/src/deps/src/ModSecurity/examples/simple_example_using_c/test.c
+++ b/src/deps/src/ModSecurity/examples/simple_example_using_c/test.c
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -18,7 +18,7 @@
#include
#include "modsecurity/modsecurity.h"
-#include "modsecurity/rules.h"
+#include "modsecurity/rules_set.h"
char main_rule_uri[] = "basic_rules.conf";
@@ -29,7 +29,7 @@ int main (int argc, char **argv)
const char *error = NULL;
ModSecurity *modsec;
Transaction *transaction = NULL;
- Rules *rules;
+ RulesSet *rules;
modsec = msc_init();
diff --git a/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/Makefile.am b/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/Makefile.am
index 160e7ae90..799efe781 100644
--- a/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/Makefile.am
+++ b/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/Makefile.am
@@ -6,7 +6,6 @@ simple_request_SOURCES = \
simple_request.cc
simple_request_LDADD = \
- $(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
@@ -19,7 +18,12 @@ simple_request_LDADD = \
$(YAJL_LDADD)
simple_request_LDFLAGS = \
+ -L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
+ -lmodsecurity \
+ -lpthread \
+ -lm \
+ -lstdc++ \
$(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \
-lpthread \
@@ -37,6 +41,7 @@ simple_request_CPPFLAGS = \
-fPIC \
-O3 \
$(GEOIP_CFLAGS) \
+ $(CURL_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
diff --git a/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/simple_request.cc b/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/simple_request.cc
index 0a766bc27..ec8795fe8 100644
--- a/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/simple_request.cc
+++ b/src/deps/src/ModSecurity/examples/using_bodies_in_chunks/simple_request.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -19,7 +19,7 @@
#include
-#include
+#include
#include
@@ -28,6 +28,7 @@
+
char request_uri[] = "/test.pl?param1=test¶2=test2";
char request_body_first[] = "" \
@@ -125,17 +126,15 @@ int process_intervention(modsecurity::Transaction *transaction) {
int main(int argc, char **argv) {
modsecurity::ModSecurity *modsec;
- modsecurity::Rules *rules;
- modsecurity::ModSecurityIntervention it;
+ modsecurity::RulesSet *rules;
if (argc < 2) {
std::cout << "Use " << *argv << " test-case-file.conf";
std::cout << std::endl << std::endl;
return -1;
}
- *(argv++);
-
- std::string rules_arg(*argv);
+ char *rule = *(++argv);
+ std::string rules_arg(rule);
/**
* ModSecurity initial setup
@@ -151,7 +150,7 @@ int main(int argc, char **argv) {
* loading the rules....
*
*/
- rules = new modsecurity::Rules();
+ rules = new modsecurity::RulesSet();
if (rules->loadFromUri(rules_arg.c_str()) < 0) {
std::cout << "Problems loading the rules..." << std::endl;
std::cout << rules->m_parserError.str() << std::endl;
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/actions/action.h b/src/deps/src/ModSecurity/headers/modsecurity/actions/action.h
index b1e0efc76..374b77d6c 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/actions/action.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/actions/action.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -23,6 +23,7 @@
#include "modsecurity/intervention.h"
#include "modsecurity/rule.h"
+#include "modsecurity/rule_with_actions.h"
#ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_
#define HEADERS_MODSECURITY_ACTIONS_ACTION_H_
@@ -31,7 +32,7 @@
namespace modsecurity {
class Transaction;
-class Rule;
+class RuleWithOperator;
namespace actions {
@@ -42,27 +43,41 @@ class Action {
: m_isNone(false),
temporaryAction(false),
action_kind(2),
- m_name(""),
- m_parser_payload(""),
- m_referenceCount(1) {
+ m_name(nullptr),
+ m_parser_payload("") {
set_name_and_payload(_action);
}
explicit Action(const std::string& _action, int kind)
: m_isNone(false),
temporaryAction(false),
action_kind(kind),
- m_name(""),
- m_parser_payload(""),
- m_referenceCount(1) {
+ m_name(nullptr),
+ m_parser_payload("") {
set_name_and_payload(_action);
}
+ Action(const Action &a)
+ : m_isNone(a.m_isNone),
+ temporaryAction(a.temporaryAction),
+ action_kind(a.action_kind),
+ m_name(a.m_name),
+ m_parser_payload(a.m_parser_payload) { }
+
+ Action &operator=(const Action& a) {
+ m_isNone = a.m_isNone;
+ temporaryAction = a.temporaryAction;
+ action_kind = a.action_kind;
+ m_name = a.m_name;
+ m_parser_payload = a.m_parser_payload;
+ return *this;
+ }
+
virtual ~Action() { }
- virtual std::string evaluate(std::string exp,
+ virtual std::string evaluate(const std::string &exp,
Transaction *transaction);
- virtual bool evaluate(Rule *rule, Transaction *transaction);
- virtual bool evaluate(Rule *rule, Transaction *transaction,
+ virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
+ virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr ruleMessage) {
return evaluate(rule, transaction);
}
@@ -79,11 +94,11 @@ class Action {
}
if (pos == std::string::npos) {
- m_name = data;
+ m_name = std::shared_ptr(new std::string(data));
return;
}
- m_name = std::string(data, 0, pos);
+ m_name = std::shared_ptr(new std::string(data, 0, pos));
m_parser_payload = std::string(data, pos + 1, data.length());
if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) {
@@ -92,23 +107,10 @@ class Action {
}
}
- int refCountDecreaseAndCheck() {
- this->m_referenceCount--;
- if (this->m_referenceCount == 0) {
- delete this;
- return 1;
- }
- return 0;
- }
-
- void refCountIncrease() {
- this->m_referenceCount++;
- }
-
bool m_isNone;
bool temporaryAction;
int action_kind;
- std::string m_name;
+ std::shared_ptr m_name;
std::string m_parser_payload;
/**
@@ -142,10 +144,7 @@ class Action {
*/
RunTimeOnlyIfMatchKind,
};
-
- private:
- int m_referenceCount;
-};
+ };
} // namespace actions
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable.h b/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable.h
index f20204948..5b41e8502 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -71,7 +71,7 @@ struct MyHash{
class AnchoredSetVariable : public std::unordered_multimap {
public:
- AnchoredSetVariable(Transaction *t, std::string name);
+ AnchoredSetVariable(Transaction *t, const std::string &name);
~AnchoredSetVariable();
void unset();
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h b/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h
new file mode 100644
index 000000000..da0601bf6
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h
@@ -0,0 +1,126 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#endif
+
+#include "modsecurity/variable_value.h"
+#include "modsecurity/anchored_set_variable.h"
+
+
+#ifndef HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
+#define HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+
+
+class AnchoredSetVariableTranslationProxy {
+ public:
+ AnchoredSetVariableTranslationProxy(
+ const std::string &name,
+ AnchoredSetVariable *fount)
+ : m_name(name),
+ m_fount(fount)
+ {
+ m_translate = [](std::string *name, std::vector *l) {
+ for (int i = 0; i < l->size(); ++i) {
+ VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey());
+ const VariableValue *oldVariableValue = l->at(i);
+ l->at(i) = newVariableValue;
+ for (auto &oldOrigin : oldVariableValue->getOrigin()) {
+ std::unique_ptr newOrigin(new VariableOrigin);
+ newOrigin->m_length = oldVariableValue->getKey().size();
+ newOrigin->m_offset = oldOrigin->m_offset - oldVariableValue->getKey().size() - 1;
+ newVariableValue->addOrigin(std::move(newOrigin));
+ }
+ delete oldVariableValue;
+ }
+ };
+ }
+
+ virtual ~AnchoredSetVariableTranslationProxy()
+ { }
+
+ void resolve(std::vector *l) {
+ m_fount->resolve(l);
+ m_translate(&m_name, l);
+ }
+
+ void resolve(std::vector *l,
+ variables::KeyExclusions &ke) {
+ m_fount->resolve(l, ke);
+ m_translate(&m_name, l);
+ }
+
+ void resolve(const std::string &key,
+ std::vector *l) {
+ m_fount->resolve(key, l);
+ m_translate(&m_name, l);
+ };
+
+ void resolveRegularExpression(Utils::Regex *r,
+ std::vector *l) {
+ m_fount->resolveRegularExpression(r, l);
+ m_translate(&m_name, l);
+ };
+
+ void resolveRegularExpression(Utils::Regex *r,
+ std::vector *l,
+ variables::KeyExclusions &ke) {
+ m_fount->resolveRegularExpression(r, l, ke);
+ m_translate(&m_name, l);
+ };
+
+ std::unique_ptr resolveFirst(const std::string &key) {
+ std::vector l;
+ resolve(&l);
+
+ if (l.empty()) {
+ return nullptr;
+ }
+
+ std::unique_ptr ret(new std::string(""));
+
+ ret->assign(l.at(0)->getValue());
+
+ while (!l.empty()) {
+ auto &a = l.back();
+ l.pop_back();
+ delete a;
+ }
+
+ return ret;
+ }
+
+ std::string m_name;
+ private:
+ AnchoredSetVariable *m_fount;
+ std::function *l)> m_translate;
+};
+
+} // namespace modsecurity
+
+#endif
+
+
+#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_TRANSLATION_PROXY_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/anchored_variable.h b/src/deps/src/ModSecurity/headers/modsecurity/anchored_variable.h
index 03ccef49a..703a4f9d1 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/anchored_variable.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/anchored_variable.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -42,7 +42,19 @@ class Transaction;
class AnchoredVariable {
public:
- AnchoredVariable(Transaction* t, std::string name);
+ AnchoredVariable(Transaction* t, const std::string &name);
+
+ AnchoredVariable(const AnchoredVariable &a) = delete;
+ AnchoredVariable &operator= (const AnchoredVariable &a) = delete;
+
+ /*
+ : m_transaction(a.m_transaction),
+ m_offset(a.m_offset),
+ m_name(a.m_name),
+ m_value(a.m_value),
+ m_var(a.m_var) { }
+ */
+
~AnchoredVariable();
void unset();
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/audit_log.h b/src/deps/src/ModSecurity/headers/modsecurity/audit_log.h
index 924739dd8..e379faade 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/audit_log.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/audit_log.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -22,12 +22,11 @@
#ifndef HEADERS_MODSECURITY_AUDIT_LOG_H_
#define HEADERS_MODSECURITY_AUDIT_LOG_H_
-#include "modsecurity/transaction.h"
-
#ifdef __cplusplus
namespace modsecurity {
+class Transaction;
namespace audit_log {
namespace writer {
class Writer;
@@ -37,7 +36,9 @@ class Writer;
class AuditLog {
public:
AuditLog();
- ~AuditLog();
+ virtual ~AuditLog();
+
+ AuditLog(const AuditLog &a) = delete;
enum AuditLogType {
NotSetAuditLogType,
@@ -158,22 +159,26 @@ class AuditLog {
bool setStorageDir(const std::basic_string& path);
bool setFormat(AuditLogFormat fmt);
- int getDirectoryPermission();
- int getFilePermission();
- int getParts();
+ int getDirectoryPermission() const;
+ int getFilePermission() const;
+ int getParts() const;
bool setParts(const std::basic_string& new_parts);
bool setType(AuditLogType audit_type);
bool init(std::string *error);
- bool close();
+ virtual bool close();
bool saveIfRelevant(Transaction *transaction);
bool saveIfRelevant(Transaction *transaction, int parts);
bool isRelevant(int status);
- int addParts(int parts, const std::string& new_parts);
- int removeParts(int parts, const std::string& new_parts);
+ static int addParts(int parts, const std::string& new_parts);
+ static int removeParts(int parts, const std::string& new_parts);
+
+ void setCtlAuditEngineActive() {
+ m_ctlAuditEngineActive = true;
+ }
bool merge(AuditLog *from, std::string *error);
@@ -181,18 +186,6 @@ class AuditLog {
std::string m_path2;
std::string m_storage_dir;
- void refCountIncrease() {
- m_refereceCount++;
- }
-
- bool refCountDecreaseAndCheck() {
- m_refereceCount--;
- if (m_refereceCount == 0) {
- delete this;
- return true;
- }
- return false;
- }
AuditLogFormat m_format;
protected:
@@ -213,7 +206,7 @@ class AuditLog {
std::string m_relevant;
audit_log::writer::Writer *m_writer;
- int m_refereceCount;
+ bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
};
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/collection/collection.h b/src/deps/src/ModSecurity/headers/modsecurity/collection/collection.h
index 4c93495cc..1ca7b0d46 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/collection/collection.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/collection/collection.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -44,7 +44,7 @@ namespace collection {
class Collection {
public:
- explicit Collection(std::string a) : m_name(a) { }
+ explicit Collection(const std::string &a) : m_name(a) { }
virtual ~Collection() { }
virtual void store(std::string key, std::string value) = 0;
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/collection/collections.h b/src/deps/src/ModSecurity/headers/modsecurity/collection/collections.h
index 9961a04fc..f04c37aa6 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/collection/collections.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/collection/collections.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -49,6 +49,9 @@ class Collections {
Collection *user, Collection *resource);
~Collections();
+ Collections(const Collections &c) = delete;
+ Collections& operator =(const Collections &c) = delete;
+
std::string m_global_collection_key;
std::string m_ip_collection_key;
std::string m_session_collection_key;
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/debug_log.h b/src/deps/src/ModSecurity/headers/modsecurity/debug_log.h
index c2501cf1d..f56bc4c69 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/debug_log.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/debug_log.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -43,11 +43,11 @@ class DebugLog {
virtual void write(int level, const std::string &msg);
virtual void write(int level, const std::string &id,
const std::string &uri, const std::string &msg);
- bool isLogFileSet();
- bool isLogLevelSet();
- void setDebugLogLevel(int level);
- void setDebugLogFile(const std::string &fileName, std::string *error);
- const std::string& getDebugLogFile();
+ virtual bool isLogFileSet();
+ virtual bool isLogLevelSet();
+ virtual void setDebugLogLevel(int level);
+ virtual void setDebugLogFile(const std::string &fileName, std::string *error);
+ virtual const std::string& getDebugLogFile();
virtual int getDebugLogLevel();
int m_debugLevel;
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/intervention.h b/src/deps/src/ModSecurity/headers/modsecurity/intervention.h
index daab95423..af88e8581 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/intervention.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/intervention.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/modsecurity.h b/src/deps/src/ModSecurity/headers/modsecurity/modsecurity.h
index 4e4055bee..b23500f45 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/modsecurity.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/modsecurity.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -190,7 +190,7 @@ namespace modsecurity {
#define MODSECURITY_MAJOR "3"
#define MODSECURITY_MINOR "0"
-#define MODSECURITY_PATCHLEVEL "4"
+#define MODSECURITY_PATCHLEVEL "8"
#define MODSECURITY_TAG ""
#define MODSECURITY_TAG_NUM "100"
@@ -198,9 +198,9 @@ namespace modsecurity {
MODSECURITY_MINOR "." MODSECURITY_PATCHLEVEL \
MODSECURITY_TAG
-#define MODSECURITY_VERSION_NUM MODSECURITY_MAJOR \
- MODSECURITY_MINOR MODSECURITY_PATCHLEVEL MODSECURITY_TAG_NUM
+#define MODSECURITY_VERSION_NUM 3080100
+#define MODSECURITY_CHECK_VERSION(a) (MODSECURITY_VERSION_NUM <= a)
/*
* @name ModSecLogCb
@@ -229,7 +229,7 @@ namespace modsecurity {
namespace actions {
class Action;
}
-class Rule;
+class RuleWithOperator;
#ifdef __cplusplus
extern "C" {
@@ -278,8 +278,11 @@ class ModSecurity {
ModSecurity();
~ModSecurity();
+ ModSecurity(const ModSecurity &m) = delete;
+ ModSecurity& operator= (const ModSecurity &m) = delete;
+
const std::string& whoAmI();
- void setConnectorInformation(std::string connector);
+ void setConnectorInformation(const std::string &connector);
void setServerLogCb(ModSecLogCb cb);
/**
*
@@ -291,9 +294,9 @@ class ModSecurity {
void serverLog(void *data, std::shared_ptr rm);
- const std::string& getConnectorInformation();
+ const std::string& getConnectorInformation() const;
- int processContentOffset(const char *content, size_t len,
+ static int processContentOffset(const char *content, size_t len,
const char *matchString, std::string *json, const char **err);
collection::Collection *m_global_collection;
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rule.h b/src/deps/src/ModSecurity/headers/modsecurity/rule.h
index 0660c6265..1d5570a8d 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/rule.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rule.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -26,9 +26,9 @@
#define HEADERS_MODSECURITY_RULE_H_
#include "modsecurity/transaction.h"
+#include "modsecurity/modsecurity.h"
#include "modsecurity/variable_value.h"
-
#ifdef __cplusplus
namespace modsecurity {
@@ -44,115 +44,81 @@ class Msg;
class Rev;
class SetVar;
class Tag;
+namespace transformations {
+class Transformation;
+}
}
namespace operators {
class Operator;
}
+using TransformationResult = std::pair,
+ std::shared_ptr>;
+using TransformationResults = std::list;
+
+using Transformation = actions::transformations::Transformation;
+using Transformations = std::vector;
+
+using Actions = std::vector;
+
+using Tags = std::vector;
+using SetVars = std::vector;
+using MatchActions = std::vector;
+
class Rule {
public:
- Rule(operators::Operator *_op,
- variables::Variables *_variables,
- std::vector *_actions,
- std::string fileName,
- int lineNumber);
- explicit Rule(std::string marker);
- virtual ~Rule();
+ Rule(std::unique_ptr fileName, int lineNumber)
+ : m_fileName(std::make_shared(*fileName)),
+ m_lineNumber(lineNumber),
+ m_phase(modsecurity::Phases::RequestHeadersPhase) {
+ }
+
+ Rule(const Rule &other) :
+ m_fileName(other.m_fileName),
+ m_lineNumber(other.m_lineNumber),
+ m_phase(other.m_phase)
+ { }
+
+ Rule &operator=(const Rule& other) {
+ m_fileName = other.m_fileName;
+ m_lineNumber = other.m_lineNumber;
+ m_phase = other.m_phase;
+ return *this;
+ }
+
+ virtual ~Rule() {}
+
+ virtual bool evaluate(Transaction *transaction) = 0;
virtual bool evaluate(Transaction *transaction,
- std::shared_ptr rm);
+ std::shared_ptr rm) = 0;
- void organizeActions(std::vector *actions);
- void cleanUpActions();
- void executeAction(Transaction *trans,
- bool containsBlock, std::shared_ptr ruleMessage,
- actions::Action *a, bool context);
+ std::shared_ptr getFileName() const {
+ return m_fileName;
+ }
- inline void executeTransformation(actions::Action *a,
- std::shared_ptr *value,
- Transaction *trans,
- std::list,
- std::shared_ptr>> *ret,
- std::string *path,
- int *nth);
+ int getLineNumber() const {
+ return m_lineNumber;
+ }
- void getVariablesExceptions(Transaction *t,
- variables::Variables *exclusion, variables::Variables *addition);
- inline void getFinalVars(variables::Variables *vars,
- variables::Variables *eclusion, Transaction *trans);
- void executeActionsAfterFullMatch(Transaction *trasn,
- bool containsDisruptive, std::shared_ptr ruleMessage);
+ int getPhase() const { return m_phase; }
+ void setPhase(int phase) { m_phase = phase; }
- std::list,
- std::shared_ptr>> executeDefaultTransformations(
- Transaction *trasn, const std::string &value);
-
- bool executeOperatorAt(Transaction *trasn, std::string key,
- std::string value, std::shared_ptr rm);
- void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
- bool *b, std::shared_ptr ruleMessage);
- inline void updateMatchedVars(Transaction *trasn, const std::string &key,
- const std::string &value);
- inline void cleanMatchedVars(Transaction *trasn);
-
- std::vector getActionsByName(const std::string& name,
- Transaction *t);
- bool containsTag(const std::string& name, Transaction *t);
- bool containsMsg(const std::string& name, Transaction *t);
-
- int refCountDecreaseAndCheck() {
- m_referenceCount--;
- if (m_referenceCount == 0) {
- delete this;
- return 1;
+ virtual std::string getReference() {
+ if (m_fileName) {
+ return *m_fileName + ":" + std::to_string(m_lineNumber);
}
- return 0;
+ return "<>:" + std::to_string(m_lineNumber);
}
- void refCountIncrease() {
- m_referenceCount++;
- }
+ virtual bool isMarker() { return false; }
- void executeTransformations(
- actions::Action *a,
- std::shared_ptr newValue,
- std::shared_ptr value,
- Transaction *trans,
- std::list,
- std::shared_ptr>> *ret,
- std::shared_ptr transStr,
- int nth);
-
- actions::Action *m_theDisruptiveAction;
- actions::LogData *m_logData;
- actions::Msg *m_msg;
- actions::Severity *m_severity;
- bool m_chained;
- bool m_containsCaptureAction;
- bool m_containsMultiMatchAction;
- bool m_containsStaticBlockAction;
- bool m_secMarker;
- int64_t m_ruleId;
- int m_accuracy;
- int m_lineNumber;
- int m_maturity;
- int m_phase;
- modsecurity::variables::Variables *m_variables;
- operators::Operator *m_op;
- Rule *m_chainedRuleChild;
- Rule *m_chainedRuleParent;
- std::string m_fileName;
- std::string m_marker;
- std::string m_rev;
- std::string m_ver;
- std::vector m_actionsRuntimePos;
- std::vector m_actionsRuntimePre;
- std::vector m_actionsSetVar;
- std::vector m_actionsTag;
private:
- bool m_unconditional;
- int m_referenceCount;
+ std::shared_ptr m_fileName;
+ int m_lineNumber;
+ // FIXME: phase may not be neede to SecMarker.
+ int m_phase;
};
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rule_marker.h b/src/deps/src/ModSecurity/headers/modsecurity/rule_marker.h
new file mode 100644
index 000000000..b8b835efd
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rule_marker.h
@@ -0,0 +1,91 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#include
+#endif
+
+#ifndef HEADERS_MODSECURITY_RULE_MARKER_H_
+#define HEADERS_MODSECURITY_RULE_MARKER_H_
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/variable_value.h"
+#include "modsecurity/rule.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+
+
+class RuleMarker : public Rule {
+ public:
+ RuleMarker(
+ const std::string &name,
+ std::unique_ptr fileName,
+ int lineNumber)
+ : Rule(std::move(fileName), lineNumber),
+ m_name(std::make_shared(name)) { }
+
+ RuleMarker(const RuleMarker& r) :
+ Rule(r),
+ m_name(r.m_name)
+ { }
+
+ RuleMarker &operator =(const RuleMarker& r) {
+ Rule::operator = (r);
+ m_name = r.m_name;
+ return *this;
+ }
+
+ virtual bool evaluate(Transaction *transaction,
+ std::shared_ptr rm) override {
+ return evaluate(transaction);
+ }
+
+ virtual bool evaluate(Transaction *transaction) override {
+ if (transaction->isInsideAMarker()) {
+ if (*transaction->getCurrentMarker() == *m_name) {
+ transaction->removeMarker();
+ // FIXME: Move this to .cc
+ // ms_dbg_a(transaction, 4, "Out of a SecMarker " + *m_name);
+ }
+ }
+
+ return true;
+ };
+
+
+ std::shared_ptr getName() {
+ return m_name;
+ }
+
+ bool isMarker() override { return true; }
+
+ private:
+ std::shared_ptr m_name;
+};
+
+
+} // namespace modsecurity
+
+#endif
+
+#endif // HEADERS_MODSECURITY_RULE_MARKER_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rule_message.h b/src/deps/src/ModSecurity/headers/modsecurity/rule_message.h
index 2362a6070..51eca0e8e 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/rule_message.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rule_message.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -26,6 +26,7 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
+#include "modsecurity/rule_with_operator.h"
#ifdef __cplusplus
@@ -41,7 +42,13 @@ class RuleMessage {
ClientLogMessageInfo = 4
};
- explicit RuleMessage(Rule *rule, Transaction *trans) :
+ /**
+ *
+ * FIXME: RuleMessage is currently too big, doing a lot of
+ * unnecessary data duplication. Needs to be shrink down.
+ *
+ */
+ RuleMessage(RuleWithActions *rule, Transaction *trans) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(trans->m_clientIpAddress),
m_data(""),
@@ -51,50 +58,135 @@ class RuleMessage {
m_maturity(rule->m_maturity),
m_message(""),
m_noAuditLog(false),
- m_phase(rule->m_phase - 1),
+ m_phase(rule->getPhase() - 1),
m_reference(""),
m_rev(rule->m_rev),
m_rule(rule),
- m_ruleFile(rule->m_fileName),
+ m_ruleFile(rule->getFileName()),
m_ruleId(rule->m_ruleId),
- m_ruleLine(rule->m_lineNumber),
+ m_ruleLine(rule->getLineNumber()),
m_saveMessage(true),
m_serverIpAddress(trans->m_serverIpAddress),
m_severity(0),
m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded),
- m_ver(rule->m_ver)
+ m_ver(rule->m_ver),
+ m_tags()
{ }
+ explicit RuleMessage(RuleMessage *rule) :
+ m_accuracy(rule->m_accuracy),
+ m_clientIpAddress(rule->m_clientIpAddress),
+ m_data(rule->m_data),
+ m_id(rule->m_id),
+ m_isDisruptive(rule->m_isDisruptive),
+ m_match(rule->m_match),
+ m_maturity(rule->m_maturity),
+ m_message(rule->m_message),
+ m_noAuditLog(rule->m_noAuditLog),
+ m_phase(rule->m_phase),
+ m_reference(rule->m_reference),
+ m_rev(rule->m_rev),
+ m_rule(rule->m_rule),
+ m_ruleFile(rule->m_ruleFile),
+ m_ruleId(rule->m_ruleId),
+ m_ruleLine(rule->m_ruleLine),
+ m_saveMessage(rule->m_saveMessage),
+ m_serverIpAddress(rule->m_serverIpAddress),
+ m_severity(rule->m_severity),
+ m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
+ m_ver(rule->m_ver),
+ m_tags(rule->m_tags)
+ { }
+
+ RuleMessage(const RuleMessage& ruleMessage)
+ : m_accuracy(ruleMessage.m_accuracy),
+ m_clientIpAddress(ruleMessage.m_clientIpAddress),
+ m_data(ruleMessage.m_data),
+ m_id(ruleMessage.m_id),
+ m_isDisruptive(ruleMessage.m_isDisruptive),
+ m_match(ruleMessage.m_match),
+ m_maturity(ruleMessage.m_maturity),
+ m_message(ruleMessage.m_message),
+ m_noAuditLog(ruleMessage.m_noAuditLog),
+ m_phase(ruleMessage.m_phase),
+ m_reference(ruleMessage.m_reference),
+ m_rev(ruleMessage.m_rev),
+ m_rule(ruleMessage.m_rule),
+ m_ruleFile(ruleMessage.m_ruleFile),
+ m_ruleId(ruleMessage.m_ruleId),
+ m_ruleLine(ruleMessage.m_ruleLine),
+ m_saveMessage(ruleMessage.m_saveMessage),
+ m_serverIpAddress(ruleMessage.m_serverIpAddress),
+ m_severity(ruleMessage.m_severity),
+ m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded),
+ m_ver(ruleMessage.m_ver),
+ m_tags(ruleMessage.m_tags)
+ { }
+
+ RuleMessage &operator=(const RuleMessage& ruleMessage) {
+ m_accuracy = ruleMessage.m_accuracy;
+ m_clientIpAddress = ruleMessage.m_clientIpAddress;
+ m_data = ruleMessage.m_data;
+ m_id = ruleMessage.m_id;
+ m_isDisruptive = ruleMessage.m_isDisruptive;
+ m_match = ruleMessage.m_match;
+ m_maturity = ruleMessage.m_maturity;
+ m_message = ruleMessage.m_message;
+ m_noAuditLog = ruleMessage.m_noAuditLog;
+ m_phase = ruleMessage.m_phase;
+ m_reference = ruleMessage.m_reference;
+ m_rev = ruleMessage.m_rev;
+ m_rule = ruleMessage.m_rule;
+ m_ruleFile = ruleMessage.m_ruleFile;
+ m_ruleId = ruleMessage.m_ruleId;
+ m_ruleLine = ruleMessage.m_ruleLine;
+ m_saveMessage = ruleMessage.m_saveMessage;
+ m_serverIpAddress = ruleMessage.m_serverIpAddress;
+ m_severity = ruleMessage.m_severity;
+ m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded;
+ m_ver = ruleMessage.m_ver;
+ m_tags = ruleMessage.m_tags;
+ return *this;
+ }
+
+ void clean() {
+ m_data = "";
+ m_match = "";
+ m_isDisruptive = false;
+ m_reference = "";
+ m_severity = 0;
+ m_ver = "";
+ }
std::string log() {
- return RuleMessage::log(this, 0);
+ return log(this, 0);
}
std::string log(int props) {
- return RuleMessage::log(this, props);
+ return log(this, props);
}
std::string log(int props, int responseCode) {
- return RuleMessage::log(this, props, responseCode);
+ return log(this, props, responseCode);
}
std::string errorLog() {
- return RuleMessage::log(this,
+ return log(this,
ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
}
static std::string log(const RuleMessage *rm, int props, int code);
static std::string log(const RuleMessage *rm, int props) {
- return RuleMessage::log(rm, props, -1);
+ return log(rm, props, -1);
}
static std::string log(const RuleMessage *rm) {
- return RuleMessage::log(rm, 0);
+ return log(rm, 0);
}
static std::string _details(const RuleMessage *rm);
static std::string _errorLogTail(const RuleMessage *rm);
int m_accuracy;
- std::string m_clientIpAddress;
+ std::shared_ptr m_clientIpAddress;
std::string m_data;
- std::string m_id;
+ std::shared_ptr m_id;
bool m_isDisruptive;
std::string m_match;
int m_maturity;
@@ -103,14 +195,14 @@ class RuleMessage {
int m_phase;
std::string m_reference;
std::string m_rev;
- Rule *m_rule;
- std::string m_ruleFile;
+ RuleWithActions *m_rule;
+ std::shared_ptr m_ruleFile;
int m_ruleId;
int m_ruleLine;
bool m_saveMessage;
- std::string m_serverIpAddress;
+ std::shared_ptr m_serverIpAddress;
int m_severity;
- std::string m_uriNoQueryStringDecoded;
+ std::shared_ptr m_uriNoQueryStringDecoded;
std::string m_ver;
std::list m_tags;
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rule_unconditional.h b/src/deps/src/ModSecurity/headers/modsecurity/rule_unconditional.h
new file mode 100644
index 000000000..c66fa7c1e
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rule_unconditional.h
@@ -0,0 +1,68 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#include
+#endif
+
+#ifndef HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
+#define HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
+
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/variable_value.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rules_set.h"
+#include "modsecurity/rule_with_actions.h"
+#include "modsecurity/actions/action.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+
+
+class RuleUnconditional : public RuleWithActions {
+ public:
+ RuleUnconditional(
+ std::vector *actions,
+ Transformations *transformations,
+ std::unique_ptr fileName,
+ int lineNumber)
+ : RuleWithActions(actions, transformations, std::move(fileName), lineNumber) { }
+
+ RuleUnconditional(const RuleUnconditional& r)
+ : RuleWithActions(r)
+ { }
+
+ RuleUnconditional &operator=(const RuleUnconditional& r) {
+ RuleWithActions::operator = (r);
+ return *this;
+ }
+
+ virtual bool evaluate(Transaction *transaction, std::shared_ptr ruleMessage) override;
+
+ private:
+};
+
+
+} // namespace modsecurity
+
+#endif
+
+#endif // HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rule_with_actions.h b/src/deps/src/ModSecurity/headers/modsecurity/rule_with_actions.h
new file mode 100644
index 000000000..4b7db43f7
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rule_with_actions.h
@@ -0,0 +1,191 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#include
+#endif
+
+#ifndef HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
+#define HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/variable_value.h"
+#include "modsecurity/rule.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+
+
+class RuleWithActions : public Rule {
+ public:
+ RuleWithActions(
+ Actions *a,
+ Transformations *t,
+ std::unique_ptr fileName,
+ int lineNumber);
+
+ ~RuleWithActions();
+
+ RuleWithActions(const RuleWithActions& r)
+ : Rule(r),
+ m_rev(r.m_rev),
+ m_ver(r.m_ver),
+ m_accuracy(r.m_accuracy),
+ m_maturity(r.m_maturity),
+ m_ruleId(r.m_ruleId),
+ m_chainedRuleChild(r.m_chainedRuleChild),
+ m_chainedRuleParent(r.m_chainedRuleParent),
+ m_disruptiveAction(r.m_disruptiveAction),
+ m_logData(r.m_logData),
+ m_msg(r.m_msg),
+ m_severity(r.m_severity),
+ m_actionsRuntimePos(r.m_actionsRuntimePos),
+ m_actionsSetVar(r.m_actionsSetVar),
+ m_actionsTag(r.m_actionsTag),
+ m_transformations(r.m_transformations),
+ m_containsCaptureAction(r.m_containsCaptureAction),
+ m_containsMultiMatchAction(r.m_containsMultiMatchAction),
+ m_containsStaticBlockAction(r.m_containsStaticBlockAction),
+ m_isChained(r.m_isChained)
+ { }
+
+ RuleWithActions &operator=(const RuleWithActions& r) {
+ Rule::operator = (r);
+ m_rev = r.m_rev;
+ m_ver = r.m_ver;
+ m_accuracy = r.m_accuracy;
+ m_maturity = r.m_maturity;
+ m_ruleId = r.m_ruleId;
+ m_chainedRuleChild = r.m_chainedRuleChild;
+ m_chainedRuleParent = r.m_chainedRuleParent;
+
+ m_disruptiveAction = r.m_disruptiveAction;
+ m_logData = r.m_logData;
+ m_msg = r.m_msg;
+ m_severity = r.m_severity;
+ m_actionsRuntimePos = r.m_actionsRuntimePos;
+ m_actionsSetVar = r.m_actionsSetVar;
+ m_actionsTag = r.m_actionsTag;
+
+ m_transformations = r.m_transformations;
+
+ m_containsCaptureAction = r.m_containsCaptureAction;
+ m_containsMultiMatchAction = r.m_containsMultiMatchAction;
+ m_containsStaticBlockAction = r.m_containsStaticBlockAction;
+ m_isChained = r.m_isChained;
+
+ return *this;
+ }
+
+ virtual bool evaluate(Transaction *transaction, std::shared_ptr ruleMessage) override;
+
+ virtual bool evaluate(Transaction *transaction) override;
+
+
+ void executeActionsIndependentOfChainedRuleResult(
+ Transaction *trasn,
+ bool *containsDisruptive,
+ std::shared_ptr ruleMessage);
+
+ void executeActionsAfterFullMatch(
+ Transaction *trasn,
+ bool containsDisruptive,
+ std::shared_ptr ruleMessage);
+
+ void executeAction(Transaction *trans,
+ bool containsBlock,
+ std::shared_ptr ruleMessage,
+ actions::Action *a,
+ bool context);
+
+
+ void executeTransformations(
+ Transaction *trasn, const std::string &value, TransformationResults &ret);
+
+ inline void executeTransformation(
+ actions::transformations::Transformation *a,
+ std::shared_ptr *value,
+ Transaction *trans,
+ TransformationResults *ret,
+ std::string *path,
+ int *nth) const;
+
+
+ void performLogging(Transaction *trans,
+ std::shared_ptr ruleMessage,
+ bool lastLog = true,
+ bool chainedParentNull = false);
+
+ std::vector getActionsByName(const std::string& name,
+ Transaction *t);
+ bool containsTag(const std::string& name, Transaction *t);
+ bool containsMsg(const std::string& name, Transaction *t);
+
+ inline bool isChained() const { return m_isChained == true; }
+ inline bool hasCaptureAction() const { return m_containsCaptureAction == true; }
+ inline void setChained(bool b) { m_isChained = b; }
+ inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; }
+ inline bool hasBlockAction() const { return m_containsStaticBlockAction == true; }
+ inline bool hasMultimatch() const { return m_containsMultiMatchAction == true; }
+
+ inline bool hasLogData() const { return m_logData != NULL; }
+ std::string logData(Transaction *t);
+ inline bool hasMsg() const { return m_msg != NULL; }
+ std::string msg(Transaction *t);
+ inline bool hasSeverity() const { return m_severity != NULL; }
+ int severity() const;
+
+ std::string m_rev;
+ std::string m_ver;
+ int m_accuracy;
+ int m_maturity;
+
+
+ int64_t m_ruleId;
+
+ std::shared_ptr m_chainedRuleChild;
+ RuleWithActions *m_chainedRuleParent;
+
+ private:
+ /* actions */
+ actions::Action *m_disruptiveAction;
+ actions::LogData *m_logData;
+ actions::Msg *m_msg;
+ actions::Severity *m_severity;
+ MatchActions m_actionsRuntimePos;
+ SetVars m_actionsSetVar;
+ Tags m_actionsTag;
+
+ /* actions > transformations */
+ Transformations m_transformations;
+
+ bool m_containsCaptureAction:1;
+ bool m_containsMultiMatchAction:1;
+ bool m_containsStaticBlockAction:1;
+ bool m_isChained:1;
+};
+
+} // namespace modsecurity
+#endif
+
+
+#endif // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
\ No newline at end of file
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rule_with_operator.h b/src/deps/src/ModSecurity/headers/modsecurity/rule_with_operator.h
new file mode 100644
index 000000000..e2fea4e6a
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rule_with_operator.h
@@ -0,0 +1,82 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#include
+#endif
+
+#ifndef HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
+#define HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/variable_value.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rule_with_actions.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+
+
+class RuleWithOperator : public RuleWithActions {
+ public:
+ RuleWithOperator(operators::Operator *op,
+ variables::Variables *variables,
+ std::vector *actions,
+ Transformations *transformations,
+ std::unique_ptr fileName,
+ int lineNumber);
+
+ virtual ~RuleWithOperator();
+
+ bool evaluate(Transaction *transaction,
+ std::shared_ptr rm) override;
+
+ void getVariablesExceptions(Transaction *t,
+ variables::Variables *exclusion, variables::Variables *addition);
+ inline void getFinalVars(variables::Variables *vars,
+ variables::Variables *eclusion, Transaction *trans);
+
+ bool executeOperatorAt(Transaction *trasn, const std::string &key,
+ const std::string &value, std::shared_ptr rm);
+
+ static void updateMatchedVars(Transaction *trasn, const std::string &key,
+ const std::string &value);
+ static void cleanMatchedVars(Transaction *trasn);
+
+
+ std::string getOperatorName() const;
+
+ virtual std::string getReference() override {
+ return std::to_string(m_ruleId);
+ }
+
+ private:
+ modsecurity::variables::Variables *m_variables;
+ operators::Operator *m_operator;
+};
+
+
+} // namespace modsecurity
+#endif
+
+
+#endif // HEADERS_MODSECURITY_RULE_WITH_OPERATOR_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rules.h b/src/deps/src/ModSecurity/headers/modsecurity/rules.h
index d78b77087..1aaa65b54 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/rules.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rules.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -13,6 +13,7 @@
*
*/
+
#include
#include
@@ -22,92 +23,74 @@
#include
#include
#include
+#include
#endif
+#include "modsecurity/rule.h"
+#include "modsecurity/rule_with_operator.h"
+#include "modsecurity/rule_with_actions.h"
#ifndef HEADERS_MODSECURITY_RULES_H_
#define HEADERS_MODSECURITY_RULES_H_
-#include "modsecurity/rules_properties.h"
-#include "modsecurity/modsecurity.h"
-#include "modsecurity/transaction.h"
#ifdef __cplusplus
-
namespace modsecurity {
-class Rule;
-namespace Parser {
-class Driver;
-}
-/** @ingroup ModSecurity_CPP_API */
-class Rules : public RulesProperties {
+class Rules {
public:
- Rules()
- : RulesProperties(new DebugLog()),
- unicode_codepage(0),
-#ifndef NO_LOGS
- m_secmarker_skipped(0),
-#endif
- m_referenceCount(0) { }
+ void dump() const {
+ for (int j = 0; j < m_rules.size(); j++) {
+ std::cout << " Rule ID: " << m_rules.at(j)->getReference();
+ std::cout << "--" << m_rules.at(j) << std::endl;
+ }
+ }
- explicit Rules(DebugLog *customLog)
- : RulesProperties(customLog),
- unicode_codepage(0),
-#ifndef NO_LOGS
- m_secmarker_skipped(0),
-#endif
- m_referenceCount(0) { }
+ int append(Rules *from, const std::vector &ids, std::ostringstream *err) {
+ size_t j = 0;
+ for (; j < from->size(); j++) {
+ RuleWithOperator *rule = dynamic_cast(from->at(j).get());
+ if (rule && std::binary_search(ids.begin(), ids.end(), rule->m_ruleId)) {
+ if (err != NULL) {
+ *err << "Rule id: " << std::to_string(rule->m_ruleId) \
+ << " is duplicated" << std::endl;
+ }
+ return -1;
+ }
+ }
+ m_rules.insert(m_rules.end(), from->m_rules.begin(), from->m_rules.end());
+ return j;
+ }
- ~Rules() { }
+ bool insert(const std::shared_ptr &rule) {
+ return insert(rule, nullptr, nullptr);
+ }
- void incrementReferenceCount(void);
- void decrementReferenceCount(void);
+ bool insert(std::shared_ptr rule, const std::vector *ids, std::ostringstream *err) {
+ RuleWithOperator *r = dynamic_cast(rule.get());
+ if (r && ids != nullptr && std::binary_search(ids->begin(), ids->end(), r->m_ruleId)) {
+ if (err != nullptr) {
+ *err << "Rule id: " << std::to_string(r->m_ruleId) \
+ << " is duplicated" << std::endl;
+ }
+ return false;
+ }
+ m_rules.push_back(rule);
+ return true;
+ }
- int loadFromUri(const char *uri);
- int loadRemote(const char *key, const char *uri);
- int load(const char *rules);
- int load(const char *rules, const std::string &ref);
+ size_t size() const { return m_rules.size(); }
+ std::shared_ptr operator[](int index) const { return m_rules[index]; }
+ std::shared_ptr at(int index) const { return m_rules[index]; }
- void dump();
-
- int merge(Parser::Driver *driver);
- int merge(Rules *rules);
-
- int evaluate(int phase, Transaction *transaction);
- std::string getParserError();
-
- void debug(int level, const std::string &id, const std::string &uri,
- const std::string &msg);
-
- int64_t unicode_codepage;
-
- private:
- int m_referenceCount;
-#ifndef NO_LOGS
- uint8_t m_secmarker_skipped;
-#endif
+ std::vector > m_rules;
};
-#endif
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-Rules *msc_create_rules_set(void);
-void msc_rules_dump(Rules *rules);
-int msc_rules_merge(Rules *rules_dst, Rules *rules_from, const char **error);
-int msc_rules_add_remote(Rules *rules, const char *key, const char *uri,
- const char **error);
-int msc_rules_add_file(Rules *rules, const char *file, const char **error);
-int msc_rules_add(Rules *rules, const char *plain_rules, const char **error);
-int msc_rules_cleanup(Rules *rules);
-
-#ifdef __cplusplus
-}
} // namespace modsecurity
#endif
+
#endif // HEADERS_MODSECURITY_RULES_H_
+
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rules_exceptions.h b/src/deps/src/ModSecurity/headers/modsecurity/rules_exceptions.h
index 2df2fef34..8d513e76d 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/rules_exceptions.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rules_exceptions.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rules_properties.h b/src/deps/src/ModSecurity/headers/modsecurity/rules_properties.h
index c43578faa..fbde08d2f 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/rules_properties.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rules_properties.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -13,549 +13,6 @@
*
*/
+#include
-#ifdef __cplusplus
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#endif
-
-#ifndef HEADERS_MODSECURITY_RULES_PROPERTIES_H_
-#define HEADERS_MODSECURITY_RULES_PROPERTIES_H_
-
-
-#include "modsecurity/modsecurity.h"
-#include "modsecurity/rule.h"
-#include "modsecurity/rules_exceptions.h"
-#include "modsecurity/actions/action.h"
-#include "modsecurity/audit_log.h"
-
-#define CODEPAGE_SEPARATORS " \t\n\r"
-
-#define merge_boolean_value(to, from, default) \
- if (to == PropertyNotSetConfigBoolean) { \
- to = (from == PropertyNotSetConfigBoolean) ? default : from; \
- }
-
-#define merge_ruleengine_value(to, from, default) \
- if (to == PropertyNotSetRuleEngine) { \
- to = (from == PropertyNotSetRuleEngine) ? default : from; \
- }
-
-#define merge_bodylimitaction_value(to, from, default) \
- if (to == PropertyNotSetBodyLimitAction) { \
- to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
- }
-
-#ifdef __cplusplus
-
-namespace modsecurity {
-class RulesExceptions;
-namespace Parser {
-class Driver;
-}
-
-using modsecurity::debug_log::DebugLog;
-using modsecurity::audit_log::AuditLog;
-
-/** @ingroup ModSecurity_CPP_API */
-class ConfigInt {
- public:
- ConfigInt() : m_set(false), m_value(0) { }
- bool m_set;
- int m_value;
-
- void merge(ConfigInt *from) {
- if (m_set == true || from->m_set == false) {
- return;
- }
- m_set = true;
- m_value = from->m_value;
- return;
- }
-};
-
-
-class ConfigDouble {
- public:
- ConfigDouble() : m_set(false), m_value(0) { }
- bool m_set;
- double m_value;
-
- void merge(ConfigDouble *from) {
- if (m_set == true || from->m_set == false) {
- return;
- }
- m_set = true;
- m_value = from->m_value;
- return;
- }
-};
-
-
-class ConfigString {
- public:
- ConfigString() : m_set(false), m_value("") { }
- bool m_set;
- std::string m_value;
-
- void merge(ConfigString *from) {
- if (m_set == true || from->m_set == false) {
- return;
- }
- m_set = true;
- m_value = from->m_value;
- return;
- }
-};
-
-
-class ConfigSet {
- public:
- ConfigSet() : m_set(false), m_clear(false) { }
- bool m_set;
- bool m_clear;
- std::set m_value;
-};
-
-
-class UnicodeMapHolder {
- public:
- UnicodeMapHolder() {
- memset(m_data, -1, (sizeof(int)*65536));
- };
-
- int& operator[](int index) { return m_data[index]; }
- int operator[](int index) const { return m_data[index]; }
-
- int at(int index) const { return m_data[index]; }
- void change(int i, int a) { m_data[i] = a; }
-
- int m_data[65536];
-};
-
-
-class RulesProperties;
-class ConfigUnicodeMap {
- public:
- ConfigUnicodeMap() : m_set(false),
- m_unicodeCodePage(0),
- m_unicodeMapTable(NULL) { }
-
- static void loadConfig(std::string f, double codePage,
- RulesProperties *driver, std::string *errg);
-
- void merge(ConfigUnicodeMap *from) {
- if (from->m_set == false) {
- return;
- }
-
- m_set = true;
- m_unicodeCodePage = from->m_unicodeCodePage;
- m_unicodeMapTable = from->m_unicodeMapTable;
-
- return;
- }
-
- bool m_set;
- double m_unicodeCodePage;
- std::shared_ptr m_unicodeMapTable;
-};
-
-
-class RulesProperties {
- public:
- RulesProperties() :
- m_auditLog(new AuditLog()),
- m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
- m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
- m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
- m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
- m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
- m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
- m_uploadKeepFiles(PropertyNotSetConfigBoolean),
- m_debugLog(new DebugLog()),
- m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
- m_secRuleEngine(PropertyNotSetRuleEngine) { }
-
-
- explicit RulesProperties(DebugLog *debugLog) :
- m_auditLog(new AuditLog()),
- m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
- m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
- m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
- m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
- m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
- m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
- m_uploadKeepFiles(PropertyNotSetConfigBoolean),
- m_debugLog(debugLog),
- m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
- m_secRuleEngine(PropertyNotSetRuleEngine) { }
-
-
- ~RulesProperties() {
- int i = 0;
- /** Cleanup the rules */
- for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
- std::vector rules = m_rules[i];
- while (rules.empty() == false) {
- Rule *rule = rules.back();
- rules.pop_back();
- if (rule->refCountDecreaseAndCheck()) {
- rule = NULL;
- }
- }
- }
- for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
- std::vector *tmp = &m_defaultActions[i];
- while (tmp->empty() == false) {
- actions::Action *a = tmp->back();
- tmp->pop_back();
- if (a->refCountDecreaseAndCheck()) {
- a = NULL;
- }
- }
- }
-
- delete m_debugLog;
- delete m_auditLog;
- }
-
-
- /**
- *
- *
- */
- enum ConfigBoolean {
- TrueConfigBoolean,
- FalseConfigBoolean,
- PropertyNotSetConfigBoolean
- };
-
-
- /**
- *
- * The RuleEngine enumerator consists in mapping the different states
- * of the rule engine.
- *
- */
- enum RuleEngine {
- /**
- *
- * Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
- *
- */
- DisabledRuleEngine,
- /**
- *
- * Rules will be evaluated and disturb actions will take place if needed.
- *
- */
- EnabledRuleEngine,
- /**
- * Rules will be evaluated but it won't generate any disruptive action.
- *
- */
- DetectionOnlyRuleEngine,
- /**
- *
- */
- PropertyNotSetRuleEngine
- };
-
-
- /**
- *
- * Defines what actions should be taken in case the body (response or
- * request) is bigger than the expected size.
- *
- */
- enum BodyLimitAction {
- /**
- *
- * Process partial
- *
- */
- ProcessPartialBodyLimitAction,
- /**
- *
- * Reject the request
- *
- */
- RejectBodyLimitAction,
- /**
- *
- */
- PropertyNotSetBodyLimitAction
- };
-
-
- /**
- *
- * Defines what actions should be taken in case the remote rules failed to
- * be downloaded (independent of the circumstances)
- *
- *
- */
- enum OnFailedRemoteRulesAction {
- /**
- *
- * Abort
- *
- */
- AbortOnFailedRemoteRulesAction,
- /**
- *
- * Warn on logging
- *
- */
- WarnOnFailedRemoteRulesAction,
- /**
- *
- */
- PropertyNotSetRemoteRulesAction
- };
-
-
- static const char *ruleEngineStateString(RuleEngine i) {
- switch (i) {
- case DisabledRuleEngine:
- return "Disabled";
- case EnabledRuleEngine:
- return "Enabled";
- case DetectionOnlyRuleEngine:
- return "DetectionOnly";
- case PropertyNotSetRuleEngine:
- return "PropertyNotSet/DetectionOnly";
- }
- return NULL;
- }
-
-
- static std::string configBooleanString(ConfigBoolean i) {
- switch (i) {
- case TrueConfigBoolean:
- return "True";
- case FalseConfigBoolean:
- return "False";
- case PropertyNotSetConfigBoolean:
- return "Not set";
- }
- return NULL;
- }
-
-
- static int mergeProperties(RulesProperties *from, RulesProperties *to,
- std::ostringstream *err) {
- int amount_of_rules = 0;
-
- amount_of_rules = appendRules(from->m_rules, to->m_rules, err);
- if (amount_of_rules < 0) {
- return amount_of_rules;
- }
-
- merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
- PropertyNotSetRuleEngine);
-
- merge_boolean_value(to->m_secRequestBodyAccess,
- from->m_secRequestBodyAccess,
- PropertyNotSetConfigBoolean);
-
- merge_boolean_value(to->m_secResponseBodyAccess,
- from->m_secResponseBodyAccess,
- PropertyNotSetConfigBoolean);
-
- merge_boolean_value(to->m_secXMLExternalEntity,
- from->m_secXMLExternalEntity,
- PropertyNotSetConfigBoolean);
-
- merge_boolean_value(to->m_uploadKeepFiles,
- from->m_uploadKeepFiles,
- PropertyNotSetConfigBoolean);
-
- merge_boolean_value(to->m_tmpSaveUploadedFiles,
- from->m_tmpSaveUploadedFiles,
- PropertyNotSetConfigBoolean);
-
- to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
- to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
-
- merge_bodylimitaction_value(to->m_requestBodyLimitAction,
- from->m_requestBodyLimitAction,
- PropertyNotSetBodyLimitAction);
-
- merge_bodylimitaction_value(to->m_responseBodyLimitAction,
- from->m_responseBodyLimitAction,
- PropertyNotSetBodyLimitAction);
-
- to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
- to->m_uploadFileMode.merge(&from->m_uploadFileMode);
- to->m_uploadDirectory.merge(&from->m_uploadDirectory);
- to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
-
- to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
-
- to->m_secWebAppId.merge(&from->m_secWebAppId);
-
- to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
-
- to->m_httpblKey.merge(&from->m_httpblKey);
-
- to->m_exceptions.merge(&from->m_exceptions);
-
- to->m_components.insert(to->m_components.end(),
- from->m_components.begin(), from->m_components.end());
-
- if (from->m_responseBodyTypeToBeInspected.m_set == true) {
- if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
- to->m_responseBodyTypeToBeInspected.m_value.clear();
- from->m_responseBodyTypeToBeInspected.m_value.clear();
- } else {
- for (std::set::iterator
- it = from->m_responseBodyTypeToBeInspected.m_value.begin();
- it != from->m_responseBodyTypeToBeInspected.m_value.end();
- ++it) {
- to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
- }
- }
- to->m_responseBodyTypeToBeInspected.m_set = true;
- }
-
- for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
- std::vector *actions_from = \
- from->m_defaultActions+i;
- std::vector *actions_to = to->m_defaultActions+i;
- for (size_t j = 0; j < actions_from->size(); j++) {
- actions::Action *action = actions_from->at(j);
- action->refCountIncrease();
- actions_to->push_back(action);
- }
- }
-
- if (to->m_auditLog) {
- std::string error;
- to->m_auditLog->merge(from->m_auditLog, &error);
- if (error.size() > 0) {
- *err << error;
- return -1;
- }
- }
-
- if (from->m_debugLog && to->m_debugLog &&
- from->m_debugLog->isLogFileSet()) {
- if (to->m_debugLog->isLogFileSet() == false) {
- std::string error;
- to->m_debugLog->setDebugLogFile(
- from->m_debugLog->getDebugLogFile(),
- &error);
- if (error.size() > 0) {
- *err << error;
- return -1;
- }
- }
- }
-
- if (from->m_debugLog && to->m_debugLog &&
- from->m_debugLog->isLogLevelSet()) {
- if (to->m_debugLog->isLogLevelSet() == false) {
- to->m_debugLog->setDebugLogLevel(
- from->m_debugLog->getDebugLogLevel());
- }
- }
-
- return amount_of_rules;
- }
-
-
- static int appendRules(
- std::vector *from,
- std::vector *to,
- std::ostringstream *err) {
- int amount_of_rules = 0;
- // TODO: std::vector could be replaced with something more efficient.
- std::vector v;
- for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
- std::vector *rules_to = to+i;
- v.reserve(rules_to->size());
- for (size_t z = 0; z < rules_to->size(); z++) {
- Rule *rule_ckc = rules_to->at(z);
- if (rule_ckc->m_secMarker == true) {
- continue;
- }
- v.push_back(rule_ckc->m_ruleId);
- }
- }
- std::sort (v.begin(), v.end());
-
- for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
- std::vector *rules_from = from+i;
- std::vector *rules_to = to+i;
- for (size_t j = 0; j < rules_from->size(); j++) {
- Rule *rule = rules_from->at(j);
- if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
- if (err != NULL) {
- *err << "Rule id: " << std::to_string(rule->m_ruleId) \
- << " is duplicated" << std::endl;
- }
- return -1;
- }
- amount_of_rules++;
- rule->refCountIncrease();
- rules_to->push_back(rule);
- }
- }
- return amount_of_rules;
- }
-
-
- std::vector *getRulesForPhase(int phase) {
- if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
- return NULL;
- }
- return &m_rules[phase];
- }
-
-
- audit_log::AuditLog *m_auditLog;
- BodyLimitAction m_requestBodyLimitAction;
- BodyLimitAction m_responseBodyLimitAction;
- ConfigBoolean m_secRequestBodyAccess;
- ConfigBoolean m_secResponseBodyAccess;
- ConfigBoolean m_secXMLExternalEntity;
- ConfigBoolean m_tmpSaveUploadedFiles;
- ConfigBoolean m_uploadKeepFiles;
- ConfigDouble m_requestBodyLimit;
- ConfigDouble m_requestBodyNoFilesLimit;
- ConfigDouble m_responseBodyLimit;
- ConfigInt m_uploadFileLimit;
- ConfigInt m_uploadFileMode;
- DebugLog *m_debugLog;
- OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
- RuleEngine m_secRuleEngine;
- RulesExceptions m_exceptions;
- std::list m_components;
- std::ostringstream m_parserError;
- ConfigSet m_responseBodyTypeToBeInspected;
- ConfigString m_httpblKey;
- ConfigString m_uploadDirectory;
- ConfigString m_uploadTmpDirectory;
- ConfigString m_secArgumentSeparator;
- ConfigString m_secWebAppId;
- std::vector m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
- std::vector m_rules[modsecurity::Phases::NUMBER_OF_PHASES];
- ConfigUnicodeMap m_unicodeMapTable;
-};
-
-
-#endif
-
-#ifdef __cplusplus
-} // namespace modsecurity
-#endif
-
-#endif // HEADERS_MODSECURITY_RULES_PROPERTIES_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rules_set.h b/src/deps/src/ModSecurity/headers/modsecurity/rules_set.h
new file mode 100644
index 000000000..4af55f405
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rules_set.h
@@ -0,0 +1,109 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include
+#include
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#endif
+
+
+#ifndef HEADERS_MODSECURITY_RULES_SET_H_
+#define HEADERS_MODSECURITY_RULES_SET_H_
+
+#include "modsecurity/rules_set_properties.h"
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rules_set_phases.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+class RuleWithOperator;
+namespace Parser {
+class Driver;
+}
+
+
+
+/** @ingroup ModSecurity_CPP_API */
+class RulesSet : public RulesSetProperties {
+ public:
+ RulesSet()
+ : RulesSetProperties(new DebugLog())
+#ifndef NO_LOGS
+ ,m_secmarker_skipped(0)
+#endif
+ { }
+
+ explicit RulesSet(DebugLog *customLog)
+ : RulesSetProperties(customLog)
+#ifndef NO_LOGS
+ ,m_secmarker_skipped(0)
+#endif
+ { }
+
+ ~RulesSet() { }
+
+ int loadFromUri(const char *uri);
+ int loadRemote(const char *key, const char *uri);
+ int load(const char *rules);
+ int load(const char *rules, const std::string &ref);
+
+ void dump() const;
+
+ int merge(Parser::Driver *driver);
+ int merge(RulesSet *rules);
+
+ int evaluate(int phase, Transaction *transaction);
+ std::string getParserError();
+
+ void debug(int level, const std::string &id, const std::string &uri,
+ const std::string &msg);
+
+ RulesSetPhases m_rulesSetPhases;
+ private:
+#ifndef NO_LOGS
+ uint8_t m_secmarker_skipped;
+#endif
+};
+
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+RulesSet *msc_create_rules_set(void);
+void msc_rules_dump(RulesSet *rules);
+int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error);
+int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri,
+ const char **error);
+int msc_rules_add_file(RulesSet *rules, const char *file, const char **error);
+int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error);
+int msc_rules_cleanup(RulesSet *rules);
+
+#ifdef __cplusplus
+}
+} // namespace modsecurity
+#endif
+
+#endif // HEADERS_MODSECURITY_RULES_SET_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rules_set_phases.h b/src/deps/src/ModSecurity/headers/modsecurity/rules_set_phases.h
new file mode 100644
index 000000000..849d8ec1b
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rules_set_phases.h
@@ -0,0 +1,63 @@
+
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include
+#include
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#endif
+
+
+#ifndef HEADERS_MODSECURITY_RULES_SET_PHASES_H_
+#define HEADERS_MODSECURITY_RULES_SET_PHASES_H_
+
+#include "modsecurity/rules.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+class RuleWithOperator;
+namespace Parser {
+class Driver;
+}
+
+/** @ingroup ModSecurity_CPP_API */
+class RulesSetPhases {
+ public:
+
+ bool insert(std::shared_ptr rule);
+
+ int append(RulesSetPhases *from, std::ostringstream *err);
+ void dump() const;
+
+ Rules *operator[](int index) { return &m_rulesAtPhase[index]; }
+ Rules *at(int index) { return &m_rulesAtPhase[index]; }
+
+ private:
+ Rules m_rulesAtPhase[8];
+
+};
+
+
+} // namespace modsecurity
+#endif
+
+#endif // HEADERS_MODSECURITY_RULES_SET_PHASES_H_
\ No newline at end of file
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/rules_set_properties.h b/src/deps/src/ModSecurity/headers/modsecurity/rules_set_properties.h
new file mode 100644
index 000000000..00cf9ee3c
--- /dev/null
+++ b/src/deps/src/ModSecurity/headers/modsecurity/rules_set_properties.h
@@ -0,0 +1,499 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+
+#ifdef __cplusplus
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#endif
+
+
+#ifndef HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
+#define HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
+
+
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rules_exceptions.h"
+#include "modsecurity/actions/action.h"
+#include "modsecurity/audit_log.h"
+
+#define CODEPAGE_SEPARATORS " \t\n\r"
+
+#define merge_boolean_value(to, from, default) \
+ if (to == PropertyNotSetConfigBoolean) { \
+ to = (from == PropertyNotSetConfigBoolean) ? default : from; \
+ }
+
+#define merge_ruleengine_value(to, from, default) \
+ if (to == PropertyNotSetRuleEngine) { \
+ to = (from == PropertyNotSetRuleEngine) ? default : from; \
+ }
+
+#define merge_bodylimitaction_value(to, from, default) \
+ if (to == PropertyNotSetBodyLimitAction) { \
+ to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
+ }
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+class RulesExceptions;
+namespace Parser {
+class Driver;
+}
+
+using modsecurity::debug_log::DebugLog;
+using modsecurity::audit_log::AuditLog;
+
+/** @ingroup ModSecurity_CPP_API */
+class ConfigInt {
+ public:
+ ConfigInt() : m_set(false), m_value(0) { }
+ bool m_set;
+ int m_value;
+
+ void merge(ConfigInt *from) {
+ if (m_set == true || from->m_set == false) {
+ return;
+ }
+ m_set = true;
+ m_value = from->m_value;
+ return;
+ }
+};
+
+
+class ConfigDouble {
+ public:
+ ConfigDouble() : m_set(false), m_value(0) { }
+ bool m_set;
+ double m_value;
+
+ void merge(ConfigDouble *from) {
+ if (m_set == true || from->m_set == false) {
+ return;
+ }
+ m_set = true;
+ m_value = from->m_value;
+ return;
+ }
+};
+
+
+class ConfigString {
+ public:
+ ConfigString() : m_set(false), m_value("") { }
+ bool m_set;
+ std::string m_value;
+
+ void merge(ConfigString *from) {
+ if (m_set == true || from->m_set == false) {
+ return;
+ }
+ m_set = true;
+ m_value = from->m_value;
+ return;
+ }
+};
+
+
+class ConfigSet {
+ public:
+ ConfigSet() : m_set(false), m_clear(false) { }
+ bool m_set;
+ bool m_clear;
+ std::set m_value;
+};
+
+
+class UnicodeMapHolder {
+ public:
+ UnicodeMapHolder() {
+ memset(m_data, -1, (sizeof(int)*65536));
+ };
+
+ int& operator[](int index) { return m_data[index]; }
+ int operator[](int index) const { return m_data[index]; }
+
+ int at(int index) const { return m_data[index]; }
+ void change(int i, int a) { m_data[i] = a; }
+
+ int m_data[65536];
+};
+
+
+class RulesSetProperties;
+class ConfigUnicodeMap {
+ public:
+ ConfigUnicodeMap() : m_set(false),
+ m_unicodeCodePage(0),
+ m_unicodeMapTable(NULL) { }
+
+ static void loadConfig(std::string f, double codePage,
+ RulesSetProperties *driver, std::string *errg);
+
+ void merge(ConfigUnicodeMap *from) {
+ if (from->m_set == false) {
+ return;
+ }
+
+ m_set = true;
+ m_unicodeCodePage = from->m_unicodeCodePage;
+ m_unicodeMapTable = from->m_unicodeMapTable;
+
+ return;
+ }
+
+ bool m_set;
+ double m_unicodeCodePage;
+ std::shared_ptr m_unicodeMapTable;
+};
+
+
+class RulesSetProperties {
+ public:
+ RulesSetProperties() :
+ m_auditLog(new AuditLog()),
+ m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
+ m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
+ m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
+ m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
+ m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
+ m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
+ m_uploadKeepFiles(PropertyNotSetConfigBoolean),
+ m_debugLog(new DebugLog()),
+ m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
+ m_secRuleEngine(PropertyNotSetRuleEngine) { }
+
+
+ explicit RulesSetProperties(DebugLog *debugLog) :
+ m_auditLog(new AuditLog()),
+ m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
+ m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
+ m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
+ m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
+ m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
+ m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
+ m_uploadKeepFiles(PropertyNotSetConfigBoolean),
+ m_debugLog(debugLog),
+ m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
+ m_secRuleEngine(PropertyNotSetRuleEngine) { }
+
+ RulesSetProperties(const RulesSetProperties &r) = delete;
+ RulesSetProperties &operator =(const RulesSetProperties &r) = delete;
+
+ ~RulesSetProperties() {
+ int i = 0;
+
+ for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
+ std::vector > *tmp = \
+ &m_defaultActions[i];
+ while (tmp->empty() == false) {
+ tmp->pop_back();
+ }
+ }
+
+ delete m_debugLog;
+ delete m_auditLog;
+ }
+
+
+ /**
+ *
+ *
+ */
+ enum ConfigBoolean {
+ TrueConfigBoolean,
+ FalseConfigBoolean,
+ PropertyNotSetConfigBoolean
+ };
+
+
+ /**
+ *
+ * The RuleEngine enumerator consists in mapping the different states
+ * of the rule engine.
+ *
+ */
+ enum RuleEngine {
+ /**
+ *
+ * Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
+ *
+ */
+ DisabledRuleEngine,
+ /**
+ *
+ * Rules will be evaluated and disturb actions will take place if needed.
+ *
+ */
+ EnabledRuleEngine,
+ /**
+ * Rules will be evaluated but it won't generate any disruptive action.
+ *
+ */
+ DetectionOnlyRuleEngine,
+ /**
+ *
+ */
+ PropertyNotSetRuleEngine
+ };
+
+
+ /**
+ *
+ * Defines what actions should be taken in case the body (response or
+ * request) is bigger than the expected size.
+ *
+ */
+ enum BodyLimitAction {
+ /**
+ *
+ * Process partial
+ *
+ */
+ ProcessPartialBodyLimitAction,
+ /**
+ *
+ * Reject the request
+ *
+ */
+ RejectBodyLimitAction,
+ /**
+ *
+ */
+ PropertyNotSetBodyLimitAction
+ };
+
+
+ /**
+ *
+ * Defines what actions should be taken in case the remote rules failed to
+ * be downloaded (independent of the circumstances)
+ *
+ *
+ */
+ enum OnFailedRemoteRulesAction {
+ /**
+ *
+ * Abort
+ *
+ */
+ AbortOnFailedRemoteRulesAction,
+ /**
+ *
+ * Warn on logging
+ *
+ */
+ WarnOnFailedRemoteRulesAction,
+ /**
+ *
+ */
+ PropertyNotSetRemoteRulesAction
+ };
+
+
+ static const char *ruleEngineStateString(RuleEngine i) {
+ switch (i) {
+ case DisabledRuleEngine:
+ return "Disabled";
+ case EnabledRuleEngine:
+ return "Enabled";
+ case DetectionOnlyRuleEngine:
+ return "DetectionOnly";
+ case PropertyNotSetRuleEngine:
+ return "PropertyNotSet/DetectionOnly";
+ }
+ return NULL;
+ }
+
+
+ static std::string configBooleanString(ConfigBoolean i) {
+ switch (i) {
+ case TrueConfigBoolean:
+ return "True";
+ case FalseConfigBoolean:
+ return "False";
+ case PropertyNotSetConfigBoolean:
+ return "Not set";
+ }
+ return NULL;
+ }
+
+
+ static int mergeProperties(RulesSetProperties *from,
+ RulesSetProperties *to, std::ostringstream *err) {
+
+ merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
+ PropertyNotSetRuleEngine);
+
+ merge_boolean_value(to->m_secRequestBodyAccess,
+ from->m_secRequestBodyAccess,
+ PropertyNotSetConfigBoolean);
+
+ merge_boolean_value(to->m_secResponseBodyAccess,
+ from->m_secResponseBodyAccess,
+ PropertyNotSetConfigBoolean);
+
+ merge_boolean_value(to->m_secXMLExternalEntity,
+ from->m_secXMLExternalEntity,
+ PropertyNotSetConfigBoolean);
+
+ merge_boolean_value(to->m_uploadKeepFiles,
+ from->m_uploadKeepFiles,
+ PropertyNotSetConfigBoolean);
+
+ merge_boolean_value(to->m_tmpSaveUploadedFiles,
+ from->m_tmpSaveUploadedFiles,
+ PropertyNotSetConfigBoolean);
+
+ to->m_argumentsLimit.merge(&from->m_argumentsLimit);
+ to->m_requestBodyJsonDepthLimit.merge(&from->m_requestBodyJsonDepthLimit);
+ to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
+ to->m_requestBodyNoFilesLimit.merge(&from->m_requestBodyNoFilesLimit);
+ to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
+
+ merge_bodylimitaction_value(to->m_requestBodyLimitAction,
+ from->m_requestBodyLimitAction,
+ PropertyNotSetBodyLimitAction);
+
+ merge_bodylimitaction_value(to->m_responseBodyLimitAction,
+ from->m_responseBodyLimitAction,
+ PropertyNotSetBodyLimitAction);
+
+ to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
+ to->m_uploadFileMode.merge(&from->m_uploadFileMode);
+ to->m_uploadDirectory.merge(&from->m_uploadDirectory);
+ to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
+
+ to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
+
+ to->m_secWebAppId.merge(&from->m_secWebAppId);
+
+ to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
+
+ to->m_httpblKey.merge(&from->m_httpblKey);
+
+ to->m_exceptions.merge(&from->m_exceptions);
+
+ to->m_components.insert(to->m_components.end(),
+ from->m_components.begin(), from->m_components.end());
+
+ if (from->m_responseBodyTypeToBeInspected.m_set == true) {
+ if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
+ to->m_responseBodyTypeToBeInspected.m_value.clear();
+ from->m_responseBodyTypeToBeInspected.m_value.clear();
+ } else {
+ for (std::set::iterator
+ it = from->m_responseBodyTypeToBeInspected.m_value.begin();
+ it != from->m_responseBodyTypeToBeInspected.m_value.end();
+ ++it) {
+ to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
+ }
+ }
+ to->m_responseBodyTypeToBeInspected.m_set = true;
+ }
+
+ for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
+ std::vector > *actions_from = \
+ &from->m_defaultActions[i];
+ std::vector > *actions_to = \
+ &to->m_defaultActions[i];
+ for (size_t j = 0; j < actions_from->size(); j++) {
+ actions_to->push_back(actions_from->at(j));
+ }
+ }
+
+ if (to->m_auditLog) {
+ std::string error;
+ to->m_auditLog->merge(from->m_auditLog, &error);
+ if (error.size() > 0) {
+ *err << error;
+ return -1;
+ }
+ }
+
+ if (from->m_debugLog && to->m_debugLog &&
+ from->m_debugLog->isLogFileSet()) {
+ if (to->m_debugLog->isLogFileSet() == false) {
+ std::string error;
+ to->m_debugLog->setDebugLogFile(
+ from->m_debugLog->getDebugLogFile(),
+ &error);
+ if (error.size() > 0) {
+ *err << error;
+ return -1;
+ }
+ }
+ }
+
+ if (from->m_debugLog && to->m_debugLog &&
+ from->m_debugLog->isLogLevelSet()) {
+ if (to->m_debugLog->isLogLevelSet() == false) {
+ to->m_debugLog->setDebugLogLevel(
+ from->m_debugLog->getDebugLogLevel());
+ }
+ }
+
+ return 1;
+ }
+
+
+ audit_log::AuditLog *m_auditLog;
+ BodyLimitAction m_requestBodyLimitAction;
+ BodyLimitAction m_responseBodyLimitAction;
+ ConfigBoolean m_secRequestBodyAccess;
+ ConfigBoolean m_secResponseBodyAccess;
+ ConfigBoolean m_secXMLExternalEntity;
+ ConfigBoolean m_tmpSaveUploadedFiles;
+ ConfigBoolean m_uploadKeepFiles;
+ ConfigDouble m_argumentsLimit;
+ ConfigDouble m_requestBodyJsonDepthLimit;
+ ConfigDouble m_requestBodyLimit;
+ ConfigDouble m_requestBodyNoFilesLimit;
+ ConfigDouble m_responseBodyLimit;
+ ConfigInt m_uploadFileLimit;
+ ConfigInt m_uploadFileMode;
+ DebugLog *m_debugLog;
+ OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
+ RuleEngine m_secRuleEngine;
+ RulesExceptions m_exceptions;
+ std::list m_components;
+ std::ostringstream m_parserError;
+ ConfigSet m_responseBodyTypeToBeInspected;
+ ConfigString m_httpblKey;
+ ConfigString m_uploadDirectory;
+ ConfigString m_uploadTmpDirectory;
+ ConfigString m_secArgumentSeparator;
+ ConfigString m_secWebAppId;
+ std::vector > \
+ m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
+ ConfigUnicodeMap m_unicodeMapTable;
+};
+
+
+#endif
+
+#ifdef __cplusplus
+} // namespace modsecurity
+#endif
+
+#endif // HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/transaction.h b/src/deps/src/ModSecurity/headers/modsecurity/transaction.h
index dd2e9cf83..4244ddd35 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/transaction.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/transaction.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -26,6 +26,7 @@
#include
#include
#include
+#include
#endif
#include
@@ -37,7 +38,7 @@
#ifndef __cplusplus
typedef struct ModSecurity_t ModSecurity;
typedef struct Transaction_t Transaction;
-typedef struct Rules_t Rules;
+typedef struct Rules_t RulesSet;
#endif
#include "modsecurity/anchored_set_variable.h"
@@ -47,12 +48,15 @@ typedef struct Rules_t Rules;
#include "modsecurity/variable_value.h"
#include "modsecurity/collection/collection.h"
#include "modsecurity/variable_origin.h"
+#include "modsecurity/anchored_set_variable_translation_proxy.h"
+#include "modsecurity/audit_log.h"
+
#ifndef NO_LOGS
#define ms_dbg(b, c) \
do { \
if (m_rules && m_rules->m_debugLog && m_rules->m_debugLog->m_debugLevel >= b) { \
- m_rules->debug(b, m_id, m_uri, c); \
+ m_rules->debug(b, *m_id.get(), m_uri, c); \
} \
} while (0);
#else
@@ -98,7 +102,7 @@ namespace modsecurity {
class ModSecurity;
class Transaction;
-class Rules;
+class RulesSet;
class RuleMessage;
namespace actions {
class Action;
@@ -109,6 +113,7 @@ enum AllowType : int;
namespace RequestBodyProcessor {
class XML;
class JSON;
+class MultipartPartTmpFile;
}
namespace operators {
class Operator;
@@ -118,10 +123,7 @@ class Operator;
class TransactionAnchoredVariables {
public:
explicit TransactionAnchoredVariables(Transaction *t)
- : m_variableArgsNames(t, "ARGS_NAMES"),
- m_variableArgsGetNames(t, "ARGS_GET_NAMES"),
- m_variableArgsPostNames(t, "ARGS_POST_NAMES"),
- m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
+ : m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
m_variableARGScombinedSize(t, "ARGS_COMBINED_SIZE"),
@@ -199,12 +201,13 @@ class TransactionAnchoredVariables {
m_variableGeo(t, "GEO"),
m_variableRequestCookiesNames(t, "REQUEST_COOKIES_NAMES"),
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
- m_variableOffset(0)
+ m_variableMultipartPartHeaders(t, "MULTIPART_PART_HEADERS"),
+ m_variableOffset(0),
+ m_variableArgsNames("ARGS_NAMES", &m_variableArgs),
+ m_variableArgsGetNames("ARGS_GET_NAMES", &m_variableArgsGet),
+ m_variableArgsPostNames("ARGS_POST_NAMES", &m_variableArgsPost)
{ }
- AnchoredSetVariable m_variableArgsNames;
- AnchoredSetVariable m_variableArgsGetNames;
- AnchoredSetVariable m_variableArgsPostNames;
AnchoredSetVariable m_variableRequestHeadersNames;
AnchoredVariable m_variableResponseContentType;
AnchoredSetVariable m_variableResponseHeadersNames;
@@ -280,19 +283,57 @@ class TransactionAnchoredVariables {
AnchoredSetVariable m_variableGeo;
AnchoredSetVariable m_variableRequestCookiesNames;
AnchoredSetVariable m_variableFilesTmpNames;
+ AnchoredSetVariable m_variableMultipartPartHeaders;
int m_variableOffset;
+
+ AnchoredSetVariableTranslationProxy m_variableArgsNames;
+ AnchoredSetVariableTranslationProxy m_variableArgsGetNames;
+ AnchoredSetVariableTranslationProxy m_variableArgsPostNames;
};
+class TransactionSecMarkerManagement {
+ public:
+ bool isInsideAMarker() const {
+ if (m_marker) {
+ return true;
+ }
+
+ return false;
+ }
+
+ std::shared_ptr getCurrentMarker() const {
+ if (m_marker) {
+ return m_marker;
+ } else {
+ throw;
+ }
+ }
+
+ void removeMarker() {
+ m_marker.reset();
+ }
+
+ void addMarker(const std::shared_ptr &name) {
+ m_marker = name;
+ }
+
+ private:
+ std::shared_ptr m_marker;
+};
/** @ingroup ModSecurity_CPP_API */
-class Transaction : public TransactionAnchoredVariables {
+class Transaction : public TransactionAnchoredVariables, public TransactionSecMarkerManagement {
public:
- Transaction(ModSecurity *transaction, Rules *rules, void *logCbData);
- Transaction(ModSecurity *transaction, Rules *rules, char *id,
+ Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData);
+ Transaction(ModSecurity *transaction, RulesSet *rules, char *id,
void *logCbData);
~Transaction();
+ Transaction ( const Transaction & ) = delete;
+ bool operator ==(const Transaction &b) const { return false; };
+ Transaction &operator =(const Transaction &b) const = delete;
+
/** TODO: Should be an structure that fits an IP address */
int processConnection(const char *client, int cPort,
const char *server, int sPort);
@@ -355,16 +396,16 @@ class Transaction : public TransactionAnchoredVariables {
bool extractArguments(const std::string &orig, const std::string& buf,
size_t offset);
- const char *getResponseBody();
+ const char *getResponseBody() const;
size_t getResponseBodyLength();
size_t getRequestBodyLength();
#ifndef NO_LOGS
- void debug(int, std::string) const;
+ void debug(int, const std::string&) const;
#endif
void serverLog(std::shared_ptr rm);
- int getRuleEngineState();
+ int getRuleEngineState() const;
std::string toJSON(int parts);
std::string toOldAuditLogFormat(int parts, const std::string &trailer);
@@ -386,7 +427,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Holds the client IP address.
*/
- std::string m_clientIpAddress;
+ std::shared_ptr m_clientIpAddress;
/**
* Holds the HTTP version: 1.2, 2.0, 3.0 and so on....
@@ -396,7 +437,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Holds the server IP Address
*/
- std::string m_serverIpAddress;
+ std::shared_ptr m_serverIpAddress;
/**
* Holds the raw URI that was requested.
@@ -406,7 +447,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Holds the URI that was requests (without the query string).
*/
- std::string m_uri_no_query_string_decoded;
+ std::shared_ptr m_uri_no_query_string_decoded;
/**
* Holds the combined size of all arguments, later used to fill the
@@ -455,7 +496,7 @@ class Transaction : public TransactionAnchoredVariables {
/**
* Rules object utilized during this specific transaction.
*/
- Rules *m_rules;
+ RulesSet *m_rules;
/**
*
@@ -491,6 +532,12 @@ class Transaction : public TransactionAnchoredVariables {
*/
std::list< std::pair > m_auditLogModifier;
+ /**
+ * This transaction's most recent action ctl:auditEngine
+ *
+ */
+ audit_log::AuditLog::AuditLogStatus m_ctlAuditEngine;
+
/**
* This variable holds all the messages asked to be save by the utilization
* of the actions: `log_data' and `msg'. These should be included on the
@@ -512,13 +559,7 @@ class Transaction : public TransactionAnchoredVariables {
* Contains the unique ID of the transaction. Use by the variable
* `UNIQUE_ID'. This unique id is also saved as part of the AuditLog.
*/
- std::string m_id;
-
- /**
- * Holds the SecMarker name that this transaction should wait to perform
- * rules evaluation again.
- */
- std::string m_marker;
+ std::shared_ptr m_id;
/**
* Holds the amount of rules that should be skipped. If bigger than 0 the
@@ -583,6 +624,8 @@ class Transaction : public TransactionAnchoredVariables {
std::string m_variableTimeWDay;
std::string m_variableTimeYear;
+ std::vector> m_multipartPartTmpFiles;
+
private:
/**
* Pointer to the callback function that will be called to fill
@@ -600,11 +643,11 @@ extern "C" {
/** @ingroup ModSecurity_C_API */
Transaction *msc_new_transaction(ModSecurity *ms,
- Rules *rules, void *logCbData);
+ RulesSet *rules, void *logCbData);
/** @ingroup ModSecurity_C_API */
Transaction *msc_new_transaction_with_id(ModSecurity *ms,
- Rules *rules, char *id, void *logCbData);
+ RulesSet *rules, char *id, void *logCbData);
/** @ingroup ModSecurity_C_API */
int msc_process_connection(Transaction *transaction,
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/variable_origin.h b/src/deps/src/ModSecurity/headers/modsecurity/variable_origin.h
index 37e1f8ef6..80ec177b9 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/variable_origin.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/variable_origin.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
diff --git a/src/deps/src/ModSecurity/headers/modsecurity/variable_value.h b/src/deps/src/ModSecurity/headers/modsecurity/variable_value.h
index 7c36170b5..f78717762 100644
--- a/src/deps/src/ModSecurity/headers/modsecurity/variable_value.h
+++ b/src/deps/src/ModSecurity/headers/modsecurity/variable_value.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -39,28 +39,28 @@ class VariableValue {
public:
using Origins = std::list>;
- VariableValue(const std::string *key,
+ explicit VariableValue(const std::string *key,
const std::string *value = nullptr)
- : m_key(*key),
+ : m_collection(""),
+ m_key(*key),
m_keyWithCollection(*key),
- m_collection(""),
m_value(value != nullptr?*value:"")
{ }
VariableValue(const std::string *collection,
const std::string *key,
const std::string *value)
- : m_key(*key),
+ : m_collection(*collection),
+ m_key(*key),
m_keyWithCollection(*collection + ":" + *key),
- m_collection(*collection),
m_value(*value)
{ }
explicit VariableValue(const VariableValue *o) :
- m_key(o->m_key),
- m_value(o->m_value),
m_collection(o->m_collection),
- m_keyWithCollection(o->m_keyWithCollection)
+ m_key(o->m_key),
+ m_keyWithCollection(o->m_keyWithCollection),
+ m_value(o->m_value)
{
for (auto &i : o->m_orign) {
std::unique_ptr origin(new VariableOrigin());
@@ -70,6 +70,8 @@ class VariableValue {
}
}
+ VariableValue(const VariableValue &v) = delete;
+
const std::string& getKey() const {
return m_key;
diff --git a/src/deps/src/ModSecurity/modsecurity.conf-recommended b/src/deps/src/ModSecurity/modsecurity.conf-recommended
index 50743891b..395d82ced 100644
--- a/src/deps/src/ModSecurity/modsecurity.conf-recommended
+++ b/src/deps/src/ModSecurity/modsecurity.conf-recommended
@@ -19,16 +19,23 @@ SecRequestBodyAccess On
# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type
#
-SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
+SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Enable JSON request body parser.
# Initiate JSON Processor in case of JSON content-type; change accordingly
# if your application does not use 'application/json'
#
-SecRule REQUEST_HEADERS:Content-Type "application/json" \
+SecRule REQUEST_HEADERS:Content-Type "^application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+# Sample rule to enable JSON request body parser for more subtypes.
+# Uncomment or adapt this rule if you want to engage the JSON
+# Processor for "+json" subtypes
+#
+#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
+# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+
# Maximum request body size we will accept for buffering. If you support
# file uploads then the value given on the first line has to be as large
# as the largest file you are willing to accept. The second value refers
@@ -38,13 +45,28 @@ SecRule REQUEST_HEADERS:Content-Type "application/json" \
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
-# What do do if the request body size is above our configured limit.
+# What to do if the request body size is above our configured limit.
# Keep in mind that this setting will automatically be set to ProcessPartial
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
# disruptions when initially deploying ModSecurity.
#
SecRequestBodyLimitAction Reject
+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
+# Maximum number of args allowed per request. You want to keep this
+# value as low as practical. The value should match that in rule 200007.
+SecArgumentsLimit 1000
+
+# If SecArgumentsLimit has been set, you probably want to reject any
+# request body that has only been partly parsed. The value used in this
+# rule should match what was used with SecArgumentsLimit
+SecRule &ARGS "@ge 1000" \
+"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
+
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
diff --git a/src/deps/src/ModSecurity/modsecurity.pc.in b/src/deps/src/ModSecurity/modsecurity.pc.in
index e753d86a7..96cdf5ca7 100644
--- a/src/deps/src/ModSecurity/modsecurity.pc.in
+++ b/src/deps/src/ModSecurity/modsecurity.pc.in
@@ -8,3 +8,4 @@ Description: ModSecurity API
Version: @MSC_VERSION_WITH_PATCHLEVEL@
Cflags: -I@includedir@
Libs: -L@libdir@ -lmodsecurity
+Libs.private: @CURL_LDADD@ @GEOIP_LDADD@ @MAXMIND_LDADD@ @GLOBAL_LDADD@ @LIBXML2_LDADD@ @LMDB_LDADD@ @LUA_LDADD@ @PCRE_LDADD@ @SSDEEP_LDADD@ @YAJL_LDADD@
diff --git a/src/deps/src/ModSecurity/src/Makefile.am b/src/deps/src/ModSecurity/src/Makefile.am
index 54c54fb32..605f22dbc 100644
--- a/src/deps/src/ModSecurity/src/Makefile.am
+++ b/src/deps/src/ModSecurity/src/Makefile.am
@@ -35,6 +35,7 @@ MAINTAINERCLEANFILES = \
pkginclude_HEADERS = \
+ ../headers/modsecurity/anchored_set_variable_translation_proxy.h \
../headers/modsecurity/anchored_set_variable.h \
../headers/modsecurity/anchored_variable.h \
../headers/modsecurity/audit_log.h \
@@ -42,10 +43,16 @@ pkginclude_HEADERS = \
../headers/modsecurity/intervention.h \
../headers/modsecurity/modsecurity.h \
../headers/modsecurity/rule.h \
- ../headers/modsecurity/rule_message.h \
+ ../headers/modsecurity/rule_marker.h \
+ ../headers/modsecurity/rule_unconditional.h \
+ ../headers/modsecurity/rule_with_actions.h \
+ ../headers/modsecurity/rule_with_operator.h \
../headers/modsecurity/rules.h \
+ ../headers/modsecurity/rule_message.h \
+ ../headers/modsecurity/rules_set.h \
+ ../headers/modsecurity/rules_set_phases.h \
+ ../headers/modsecurity/rules_set_properties.h \
../headers/modsecurity/rules_exceptions.h \
- ../headers/modsecurity/rules_properties.h \
../headers/modsecurity/transaction.h \
../headers/modsecurity/variable_origin.h \
../headers/modsecurity/variable_value.h
@@ -111,6 +118,7 @@ ACTIONS = \
actions/capture.cc \
actions/chain.cc \
actions/ctl/audit_log_parts.cc \
+ actions/ctl/audit_engine.cc \
actions/ctl/rule_engine.cc \
actions/ctl/request_body_processor_json.cc \
actions/ctl/request_body_processor_xml.cc \
@@ -215,6 +223,7 @@ OPERATORS = \
operators/rbl.cc \
operators/rsub.cc \
operators/rx.cc \
+ operators/rx_global.cc \
operators/str_eq.cc \
operators/str_match.cc \
operators/validate_byte_range.cc \
@@ -273,16 +282,20 @@ libmodsecurity_la_SOURCES = \
audit_log/writer/serial.cc \
audit_log/writer/parallel.cc \
modsecurity.cc \
- rules.cc \
+ rules_set.cc \
+ rules_set_phases.cc \
+ rules_set_properties.cc \
debug_log/debug_log.cc \
debug_log/debug_log_writer.cc \
run_time_string.cc \
rule.cc \
+ rule_unconditional.cc \
+ rule_with_actions.cc \
+ rule_with_operator.cc \
rule_message.cc \
rule_script.cc \
unique_id.cc \
rules_exceptions.cc \
- rules_properties.cc \
${BODY_PROCESSORS} \
${ACTIONS} \
${ENGINES} \
@@ -303,6 +316,7 @@ libmodsecurity_la_CPPFLAGS = \
-fPIC \
-O3 \
-I../headers \
+ $(CURL_CFLAGS) \
$(GEOIP_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
@@ -310,6 +324,7 @@ libmodsecurity_la_CPPFLAGS = \
$(YAJL_CFLAGS) \
$(LMDB_CFLAGS) \
$(PCRE_CFLAGS) \
+ $(PCRE2_CFLAGS) \
$(SSDEEP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(LUA_CFLAGS) \
@@ -325,6 +340,7 @@ libmodsecurity_la_LDFLAGS = \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(PCRE_LDFLAGS) \
+ $(PCRE2_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \
@@ -341,6 +357,7 @@ libmodsecurity_la_LIBADD = \
../others/libinjection.la \
../others/libmbedtls.la \
$(PCRE_LDADD) \
+ $(PCRE2_LDADD) \
$(MAXMIND_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)
diff --git a/src/deps/src/ModSecurity/src/actions/accuracy.cc b/src/deps/src/ModSecurity/src/actions/accuracy.cc
index c94ef39f7..c8cfca72a 100644
--- a/src/deps/src/ModSecurity/src/actions/accuracy.cc
+++ b/src/deps/src/ModSecurity/src/actions/accuracy.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -39,7 +39,7 @@ bool Accuracy::init(std::string *error) {
}
-bool Accuracy::evaluate(Rule *rule, Transaction *transaction) {
+bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_accuracy = m_accuracy;
return true;
}
diff --git a/src/deps/src/ModSecurity/src/actions/accuracy.h b/src/deps/src/ModSecurity/src/actions/accuracy.h
index 6e78a4227..f787af190 100644
--- a/src/deps/src/ModSecurity/src/actions/accuracy.h
+++ b/src/deps/src/ModSecurity/src/actions/accuracy.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,11 +29,11 @@ namespace actions {
class Accuracy : public Action {
public:
- explicit Accuracy(std::string action)
+ explicit Accuracy(const std::string &action)
: Action(action, ConfigurationKind),
m_accuracy(0) { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
diff --git a/src/deps/src/ModSecurity/src/actions/action.cc b/src/deps/src/ModSecurity/src/actions/action.cc
index 505b82769..e58e2067e 100644
--- a/src/deps/src/ModSecurity/src/actions/action.cc
+++ b/src/deps/src/ModSecurity/src/actions/action.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -45,13 +45,13 @@ namespace modsecurity {
namespace actions {
-std::string Action::evaluate(std::string value,
+std::string Action::evaluate(const std::string &value,
Transaction *transaction) {
return value;
}
-bool Action::evaluate(Rule *rule, Transaction *transaction) {
+bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) {
return true;
}
diff --git a/src/deps/src/ModSecurity/src/actions/audit_log.cc b/src/deps/src/ModSecurity/src/actions/audit_log.cc
index 258591cc4..c628ac236 100644
--- a/src/deps/src/ModSecurity/src/actions/audit_log.cc
+++ b/src/deps/src/ModSecurity/src/actions/audit_log.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -21,13 +21,13 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule_message.h"
-#include "modsecurity/rules.h"
+#include "modsecurity/rules_set.h"
namespace modsecurity {
namespace actions {
-bool AuditLog::evaluate(Rule *rule, Transaction *transaction,
+bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
rm->m_noAuditLog = false;
ms_dbg_a(transaction, 9, "Saving transaction to logs");
diff --git a/src/deps/src/ModSecurity/src/actions/audit_log.h b/src/deps/src/ModSecurity/src/actions/audit_log.h
index f63198f03..d870de2ac 100644
--- a/src/deps/src/ModSecurity/src/actions/audit_log.h
+++ b/src/deps/src/ModSecurity/src/actions/audit_log.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -32,10 +32,10 @@ namespace actions {
class AuditLog : public Action {
public:
- explicit AuditLog(std::string action)
+ explicit AuditLog(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) override;
};
diff --git a/src/deps/src/ModSecurity/src/actions/block.cc b/src/deps/src/ModSecurity/src/actions/block.cc
index 7227846e7..bde5e6346 100644
--- a/src/deps/src/ModSecurity/src/actions/block.cc
+++ b/src/deps/src/ModSecurity/src/actions/block.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -19,9 +19,9 @@
#include
#include
+#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
-#include "modsecurity/rules.h"
#include "modsecurity/intervention.h"
#include "src/actions/data/status.h"
@@ -29,11 +29,11 @@ namespace modsecurity {
namespace actions {
-bool Block::evaluate(Rule *rule, Transaction *transaction,
+bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
ms_dbg_a(transaction, 8, "Marking request as disruptive.");
- for (Action *a : transaction->m_rules->m_defaultActions[rule->m_phase]) {
+ for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
if (a->isDisruptive() == false) {
continue;
}
diff --git a/src/deps/src/ModSecurity/src/actions/block.h b/src/deps/src/ModSecurity/src/actions/block.h
index ecd73d8cd..7c40bbd83 100644
--- a/src/deps/src/ModSecurity/src/actions/block.h
+++ b/src/deps/src/ModSecurity/src/actions/block.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -33,9 +33,9 @@ namespace actions {
class Block : public Action {
public:
- explicit Block(std::string action) : Action(action) { }
+ explicit Block(const std::string &action) : Action(action) { }
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) override;
};
diff --git a/src/deps/src/ModSecurity/src/actions/capture.cc b/src/deps/src/ModSecurity/src/actions/capture.cc
index a02c2c785..62b86fc97 100644
--- a/src/deps/src/ModSecurity/src/actions/capture.cc
+++ b/src/deps/src/ModSecurity/src/actions/capture.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -32,7 +32,7 @@ namespace modsecurity {
namespace actions {
-bool Capture::evaluate(Rule *rule, Transaction *transaction) {
+bool Capture::evaluate(RuleWithActions *rule, Transaction *transaction) {
return true;
}
diff --git a/src/deps/src/ModSecurity/src/actions/capture.h b/src/deps/src/ModSecurity/src/actions/capture.h
index be3cbae18..33207439c 100644
--- a/src/deps/src/ModSecurity/src/actions/capture.h
+++ b/src/deps/src/ModSecurity/src/actions/capture.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -22,16 +22,16 @@
namespace modsecurity {
-class Rule;
+class RuleWithOperator;
namespace actions {
class Capture : public Action {
public:
- explicit Capture(std::string action)
+ explicit Capture(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};
diff --git a/src/deps/src/ModSecurity/src/actions/chain.cc b/src/deps/src/ModSecurity/src/actions/chain.cc
index d5642674f..197f861ff 100644
--- a/src/deps/src/ModSecurity/src/actions/chain.cc
+++ b/src/deps/src/ModSecurity/src/actions/chain.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -25,8 +25,8 @@ namespace modsecurity {
namespace actions {
-bool Chain::evaluate(Rule *rule, Transaction *transaction) {
- rule->m_chained = true;
+bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
+ rule->setChained(true);
return true;
}
diff --git a/src/deps/src/ModSecurity/src/actions/chain.h b/src/deps/src/ModSecurity/src/actions/chain.h
index 649625189..c5642baa6 100644
--- a/src/deps/src/ModSecurity/src/actions/chain.h
+++ b/src/deps/src/ModSecurity/src/actions/chain.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -25,17 +25,17 @@ class Transaction;
namespace modsecurity {
class Transaction;
-class Rule;
+class RuleWithOperator;
namespace actions {
class Chain : public Action {
public:
- explicit Chain(std::string action)
+ explicit Chain(const std::string &action)
: Action(action, ConfigurationKind) { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};
} // namespace actions
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/audit_engine.cc b/src/deps/src/ModSecurity/src/actions/ctl/audit_engine.cc
new file mode 100644
index 000000000..d3d6650d3
--- /dev/null
+++ b/src/deps/src/ModSecurity/src/actions/ctl/audit_engine.cc
@@ -0,0 +1,63 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/ctl/audit_engine.h"
+
+#include
+
+#include "modsecurity/rules_set_properties.h"
+#include "modsecurity/rules_set.h"
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+namespace ctl {
+
+
+bool AuditEngine::init(std::string *error) {
+
+ std::string what(m_parser_payload, 12, m_parser_payload.size() - 12);
+
+ if (what == "on") {
+ m_auditEngine = audit_log::AuditLog::AuditLogStatus::OnAuditLogStatus;
+ } else if (what == "off") {
+ m_auditEngine = audit_log::AuditLog::AuditLogStatus::OffAuditLogStatus;
+ } else if (what == "relevantonly") {
+ m_auditEngine = audit_log::AuditLog::AuditLogStatus::RelevantOnlyAuditLogStatus;
+ } else {
+ error->assign("Internal error. Expected: On, Off or RelevantOnly; " \
+ "got: " + m_parser_payload);
+ return false;
+ }
+
+ return true;
+}
+
+bool AuditEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
+ std::stringstream a;
+ a << "Setting SecAuditEngine to ";
+ a << std::to_string(m_auditEngine);
+ a << " as requested by a ctl:auditEngine action";
+
+ ms_dbg_a(transaction, 8, a.str());
+
+ transaction->m_ctlAuditEngine = m_auditEngine;
+ return true;
+}
+
+
+} // namespace ctl
+} // namespace actions
+} // namespace modsecurity
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/audit_engine.h b/src/deps/src/ModSecurity/src/actions/ctl/audit_engine.h
new file mode 100644
index 000000000..03e0cb4cc
--- /dev/null
+++ b/src/deps/src/ModSecurity/src/actions/ctl/audit_engine.h
@@ -0,0 +1,51 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include
+
+#include "modsecurity/rules_set_properties.h"
+#include "modsecurity/actions/action.h"
+
+#include "modsecurity/audit_log.h"
+
+
+#ifndef SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
+#define SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
+
+namespace modsecurity {
+class Transaction;
+
+namespace actions {
+namespace ctl {
+
+
+class AuditEngine : public Action {
+ public:
+ explicit AuditEngine(const std::string &action)
+ : Action(action, RunTimeOnlyIfMatchKind),
+ m_auditEngine(audit_log::AuditLog::AuditLogStatus::NotSetLogStatus) { }
+
+ bool init(std::string *error) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
+
+ audit_log::AuditLog::AuditLogStatus m_auditEngine;
+};
+
+
+} // namespace ctl
+} // namespace actions
+} // namespace modsecurity
+
+#endif // SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.cc b/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.cc
index 522dd6131..8420b4925 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -38,7 +38,7 @@ bool AuditLogParts::init(std::string *error) {
return true;
}
-bool AuditLogParts::evaluate(Rule *rule, Transaction *transaction) {
+bool AuditLogParts::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_auditLogModifier.push_back(
std::make_pair(mPartsAction, mParts));
return true;
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.h b/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.h
index e1d3546ca..f4980780e 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/audit_log_parts.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -28,12 +28,12 @@ namespace ctl {
class AuditLogParts : public Action {
public:
- explicit AuditLogParts(std::string action)
+ explicit AuditLogParts(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
mPartsAction(0),
mParts("") { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
protected:
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.cc b/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.cc
index f811e9416..0d3415551 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -18,7 +18,7 @@
#include
#include
-#include "modsecurity/rules_properties.h"
+#include "modsecurity/rules_set_properties.h"
#include "modsecurity/transaction.h"
namespace modsecurity {
@@ -42,11 +42,11 @@ bool RequestBodyAccess::init(std::string *error) {
return true;
}
-bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) {
+bool RequestBodyAccess::evaluate(RuleWithActions *rule, Transaction *transaction) {
if (m_request_body_access) {
- transaction->m_requestBodyAccess = RulesProperties::TrueConfigBoolean;
+ transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean;
} else {
- transaction->m_requestBodyAccess = RulesProperties::FalseConfigBoolean;
+ transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean;
}
return true;
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.h b/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.h
index 8f2f05e93..afe3b3d48 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_access.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,12 +29,12 @@ namespace ctl {
class RequestBodyAccess : public Action {
public:
- explicit RequestBodyAccess(std::string action)
+ explicit RequestBodyAccess(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_request_body_access(false) { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool m_request_body_access;
};
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.cc b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.cc
index 38f9a6e1e..5a9593a35 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -25,7 +25,7 @@ namespace actions {
namespace ctl {
-bool RequestBodyProcessorJSON::evaluate(Rule *rule,
+bool RequestBodyProcessorJSON::evaluate(RuleWithActions *rule,
Transaction *transaction) {
transaction->m_requestBodyProcessor = Transaction::JSONRequestBody;
transaction->m_variableReqbodyProcessor.set("JSON",
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.h b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.h
index dca4d608f..48125597e 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_json.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -28,10 +28,10 @@ namespace ctl {
class RequestBodyProcessorJSON : public Action {
public:
- explicit RequestBodyProcessorJSON(std::string action)
+ explicit RequestBodyProcessorJSON(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.cc b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.cc
index ce8886fdf..2fecee79c 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -25,7 +25,7 @@ namespace actions {
namespace ctl {
-bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule,
+bool RequestBodyProcessorURLENCODED::evaluate(RuleWithActions *rule,
Transaction *transaction) {
transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded;
transaction->m_variableReqbodyProcessor.set("URLENCODED",
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.h b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.h
index 920b05532..5b5557d43 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_urlencoded.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -28,10 +28,10 @@ namespace ctl {
class RequestBodyProcessorURLENCODED : public Action {
public:
- explicit RequestBodyProcessorURLENCODED(std::string action)
+ explicit RequestBodyProcessorURLENCODED(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.cc b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.cc
index 77288b40e..02c41bb2b 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -25,7 +25,7 @@ namespace actions {
namespace ctl {
-bool RequestBodyProcessorXML::evaluate(Rule *rule,
+bool RequestBodyProcessorXML::evaluate(RuleWithActions *rule,
Transaction *transaction) {
transaction->m_requestBodyProcessor = Transaction::XMLRequestBody;
transaction->m_variableReqbodyProcessor.set("XML",
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.h b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.h
index 449eec125..9084d1d98 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/request_body_processor_xml.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -28,10 +28,10 @@ namespace ctl {
class RequestBodyProcessorXML : public Action {
public:
- explicit RequestBodyProcessorXML(std::string action)
+ explicit RequestBodyProcessorXML(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
};
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.cc b/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.cc
index 34250269c..66809f4b1 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -18,8 +18,8 @@
#include
#include
-#include "modsecurity/rules_properties.h"
-#include "modsecurity/rules.h"
+#include "modsecurity/rules_set_properties.h"
+#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
namespace modsecurity {
@@ -31,11 +31,11 @@ bool RuleEngine::init(std::string *error) {
std::string what(m_parser_payload, 11, m_parser_payload.size() - 11);
if (what == "on") {
- m_ruleEngine = RulesProperties::EnabledRuleEngine;
+ m_ruleEngine = RulesSetProperties::EnabledRuleEngine;
} else if (what == "off") {
- m_ruleEngine = RulesProperties::DisabledRuleEngine;
+ m_ruleEngine = RulesSetProperties::DisabledRuleEngine;
} else if (what == "detectiononly") {
- m_ruleEngine = RulesProperties::DetectionOnlyRuleEngine;
+ m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine;
} else {
error->assign("Internal error. Expected: On, Off or DetectionOnly; " \
"got: " + m_parser_payload);
@@ -45,10 +45,10 @@ bool RuleEngine::init(std::string *error) {
return true;
}
-bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) {
+bool RuleEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
std::stringstream a;
a << "Setting SecRuleEngine to ";
- a << modsecurity::RulesProperties::ruleEngineStateString(m_ruleEngine);
+ a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine);
a << " as requested by a ctl:ruleEngine action";
ms_dbg_a(transaction, 8, a.str());
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.h b/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.h
index 93ef894ca..fca5d39b1 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_engine.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -15,9 +15,9 @@
#include
+#include "modsecurity/rules_set_properties.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
-#include "modsecurity/rules_properties.h"
#ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_
@@ -30,14 +30,14 @@ namespace ctl {
class RuleEngine : public Action {
public:
- explicit RuleEngine(std::string action)
+ explicit RuleEngine(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
- m_ruleEngine(RulesProperties::PropertyNotSetRuleEngine) { }
+ m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
- RulesProperties::RuleEngine m_ruleEngine;
+ RulesSetProperties::RuleEngine m_ruleEngine;
};
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.cc b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.cc
index c1f602854..e76a3119d 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -83,7 +83,7 @@ bool RuleRemoveById::init(std::string *error) {
return false;
}
-bool RuleRemoveById::evaluate(Rule *rule, Transaction *transaction) {
+bool RuleRemoveById::evaluate(RuleWithActions *rule, Transaction *transaction) {
for (auto &i : m_ids) {
transaction->m_ruleRemoveById.push_back(i);
}
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.h b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.h
index efb0dc851..e0f0902b8 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_id.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,11 +29,11 @@ namespace ctl {
class RuleRemoveById : public Action {
public:
- explicit RuleRemoveById(std::string action)
+ explicit RuleRemoveById(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
std::list > m_ranges;
std::list m_ids;
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.cc b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.cc
index 22377ebc6..76e7406fc 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -32,7 +32,7 @@ bool RuleRemoveByTag::init(std::string *error) {
return true;
}
-bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) {
+bool RuleRemoveByTag::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_ruleRemoveByTag.push_back(m_tag);
return true;
}
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.h b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.h
index 6f9778835..5689b7b16 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_by_tag.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,12 +29,12 @@ namespace ctl {
class RuleRemoveByTag : public Action {
public:
- explicit RuleRemoveByTag(std::string action)
+ explicit RuleRemoveByTag(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_tag("") { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
std::string m_tag;
};
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.cc b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.cc
index 2dada6a87..0776e3448 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -51,7 +51,7 @@ bool RuleRemoveTargetById::init(std::string *error) {
return true;
}
-bool RuleRemoveTargetById::evaluate(Rule *rule, Transaction *transaction) {
+bool RuleRemoveTargetById::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_ruleRemoveTargetById.push_back(
std::make_pair(m_id, m_target));
return true;
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.h b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.h
index 03941f4a1..d71e4fc21 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_id.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,13 +29,13 @@ namespace ctl {
class RuleRemoveTargetById : public Action {
public:
- explicit RuleRemoveTargetById(std::string action)
+ explicit RuleRemoveTargetById(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_id(0),
m_target("") { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
int m_id;
std::string m_target;
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.cc b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.cc
index e0e792faf..1be6603fd 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.cc
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -44,7 +44,7 @@ bool RuleRemoveTargetByTag::init(std::string *error) {
return true;
}
-bool RuleRemoveTargetByTag::evaluate(Rule *rule, Transaction *transaction) {
+bool RuleRemoveTargetByTag::evaluate(RuleWithActions *rule, Transaction *transaction) {
transaction->m_ruleRemoveTargetByTag.push_back(
std::make_pair(m_tag, m_target));
return true;
diff --git a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.h b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.h
index 3acf4c8be..7863e5a52 100644
--- a/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.h
+++ b/src/deps/src/ModSecurity/src/actions/ctl/rule_remove_target_by_tag.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,11 +29,11 @@ namespace ctl {
class RuleRemoveTargetByTag : public Action {
public:
- explicit RuleRemoveTargetByTag(std::string action)
+ explicit RuleRemoveTargetByTag(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
std::string m_tag;
std::string m_target;
diff --git a/src/deps/src/ModSecurity/src/actions/data/status.cc b/src/deps/src/ModSecurity/src/actions/data/status.cc
index 65764c38a..942997385 100644
--- a/src/deps/src/ModSecurity/src/actions/data/status.cc
+++ b/src/deps/src/ModSecurity/src/actions/data/status.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -38,7 +38,7 @@ bool Status::init(std::string *error) {
}
-bool Status::evaluate(Rule *rule, Transaction *transaction,
+bool Status::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
transaction->m_it.status = m_status;
return true;
diff --git a/src/deps/src/ModSecurity/src/actions/data/status.h b/src/deps/src/ModSecurity/src/actions/data/status.h
index 8a0232fdc..d792247d6 100644
--- a/src/deps/src/ModSecurity/src/actions/data/status.h
+++ b/src/deps/src/ModSecurity/src/actions/data/status.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -33,11 +33,11 @@ namespace data {
class Status : public Action {
public:
- explicit Status(std::string action) : Action(action, 2),
+ explicit Status(const std::string &action) : Action(action, 2),
m_status(0) { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) override;
int m_status;
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/allow.cc b/src/deps/src/ModSecurity/src/actions/disruptive/allow.cc
index bc2c614e0..59e17374a 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/allow.cc
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/allow.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -18,9 +18,9 @@
#include
#include
+#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
-#include "modsecurity/rules.h"
#include "src/utils/string.h"
#include "modsecurity/modsecurity.h"
@@ -49,7 +49,7 @@ bool Allow::init(std::string *error) {
}
-bool Allow::evaluate(Rule *rule, Transaction *transaction) {
+bool Allow::evaluate(RuleWithActions *rule, Transaction *transaction) {
ms_dbg_a(transaction, 4, "Dropping the evaluation of upcoming rules " \
"in favor of an `allow' action of type: " \
+ allowTypeToName(m_allowType));
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/allow.h b/src/deps/src/ModSecurity/src/actions/disruptive/allow.h
index 220f94faa..d9a716cec 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/allow.h
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/allow.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -25,7 +25,7 @@ class Transaction;
namespace modsecurity {
class Transaction;
-class Rule;
+class RuleWithOperator;
namespace actions {
namespace disruptive {
@@ -53,13 +53,13 @@ enum AllowType : int {
class Allow : public Action {
public:
- explicit Allow(std::string action)
+ explicit Allow(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
m_allowType(NoneAllowType) { }
bool init(std::string *error) override;
- bool evaluate(Rule *rule, Transaction *transaction) override;
+ bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool isDisruptive() override { return true; }
AllowType m_allowType;
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/deny.cc b/src/deps/src/ModSecurity/src/actions/disruptive/deny.cc
index 44dfd9951..e105d6512 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/deny.cc
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/deny.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -28,7 +28,7 @@ namespace actions {
namespace disruptive {
-bool Deny::evaluate(Rule *rule, Transaction *transaction,
+bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
ms_dbg_a(transaction, 8, "Running action deny");
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/deny.h b/src/deps/src/ModSecurity/src/actions/disruptive/deny.h
index 0d8871ec6..fb841a49a 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/deny.h
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/deny.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -16,9 +16,9 @@
#include
#include
+#include "modsecurity/rules_set.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
-#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_
@@ -31,9 +31,9 @@ namespace disruptive {
class Deny : public Action {
public:
- explicit Deny(std::string action) : Action(action) { }
+ explicit Deny(const std::string &action) : Action(action) { }
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) override;
bool isDisruptive() override { return true; }
};
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/drop.cc b/src/deps/src/ModSecurity/src/actions/disruptive/drop.cc
index 4af751b93..18a3b5528 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/drop.cc
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/drop.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -21,14 +21,18 @@
#include
#include
+#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "src/utils/string.h"
+#include "modsecurity/modsecurity.h"
namespace modsecurity {
namespace actions {
namespace disruptive {
-bool Drop::evaluate(Rule *rule, Transaction *transaction,
+bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
ms_dbg_a(transaction, 8, "Running action drop " \
"[executing deny instead of drop.]");
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/drop.h b/src/deps/src/ModSecurity/src/actions/disruptive/drop.h
index fc96aeeb7..f60eddfa6 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/drop.h
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/drop.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -18,7 +18,6 @@
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
-#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_
@@ -31,9 +30,9 @@ namespace disruptive {
class Drop : public Action {
public:
- explicit Drop(std::string action) : Action(action) { }
+ explicit Drop(const std::string &action) : Action(action) { }
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) override;
bool isDisruptive() override { return true; }
};
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/pass.cc b/src/deps/src/ModSecurity/src/actions/disruptive/pass.cc
index d07763ab1..e0f038c4c 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/pass.cc
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/pass.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -19,9 +19,9 @@
#include
#include
+#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
-#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
namespace modsecurity {
@@ -29,7 +29,7 @@ namespace actions {
namespace disruptive {
-bool Pass::evaluate(Rule *rule, Transaction *transaction,
+bool Pass::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
intervention::free(&transaction->m_it);
intervention::reset(&transaction->m_it);
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/pass.h b/src/deps/src/ModSecurity/src/actions/disruptive/pass.h
index 50f8fd53b..0c09d2874 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/pass.h
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/pass.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -29,9 +29,9 @@ namespace disruptive {
class Pass : public Action {
public:
- explicit Pass(std::string action) : Action(action) { }
+ explicit Pass(const std::string &action) : Action(action) { }
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) override;
bool isDisruptive() override { return true; }
};
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/redirect.cc b/src/deps/src/ModSecurity/src/actions/disruptive/redirect.cc
index 0b9b8eb8f..ac2993b4c 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/redirect.cc
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/redirect.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -34,7 +34,7 @@ bool Redirect::init(std::string *error) {
}
-bool Redirect::evaluate(Rule *rule, Transaction *transaction,
+bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr rm) {
std::string m_urlExpanded(m_string->evaluate(transaction));
/* if it was changed before, lets keep it. */
diff --git a/src/deps/src/ModSecurity/src/actions/disruptive/redirect.h b/src/deps/src/ModSecurity/src/actions/disruptive/redirect.h
index b982a86b5..46b5d51a9 100644
--- a/src/deps/src/ModSecurity/src/actions/disruptive/redirect.h
+++ b/src/deps/src/ModSecurity/src/actions/disruptive/redirect.h
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -38,13 +38,15 @@ class Redirect : public Action {
public:
explicit Redirect(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind),
- m_status(0) { }
+ m_status(0),
+ m_string(nullptr) { }
explicit Redirect(std::unique_ptr z)
: Action("redirert", RunTimeOnlyIfMatchKind),
+ m_status(0),
m_string(std::move(z)) { }
- bool evaluate(Rule *rule, Transaction *transaction,
+ bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr