Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: owasp-modsecurity/ModSecurity
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.0.14
Choose a base ref
...
head repository: owasp-modsecurity/ModSecurity
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3/master
Choose a head ref
  • 20 commits
  • 24 files changed
  • 4 contributors

Commits on Dec 10, 2024

  1. Cleanup: Remove useless/nonfunctional AM_CONDITIONAL macros 

    - Deleted AM_CONDITIONAL macros from configure.ac that had no functional
  impact on the build system.
    Gabor Berkes committed Dec 10, 2024
    Copy the full SHA
    4fb2246 View commit details

  2. Refactor build system to use libpcre2 as the default 

    Updated the build system and related source files to use libpcre2 as the
default regex library instead of the deprecated libpcre. This change
ensures future compatibility and aligns with the library's maintenance status.

To build with the old libpcre, the `--with-pcre` configuration parameter
can be specified.
    Gabor Berkes committed Dec 10, 2024
    Copy the full SHA
    c6433df View commit details

  3. Fix typo in pcre.m4: corrected PCRE_CFLAGS assignment

    Gabor Berkes committed Dec 10, 2024
    Copy the full SHA
    106ed22 View commit details

  4. Fix missing libpcre2 dependency on macOS GitHub runner 

    Identified an issue where the macOS GitHub runner no longer includes the libpcre2 library by default. Updated the workflow configuration to explicitly add libpcre2 as a dependency, ensuring successful builds and compatibility with the updated build system.

This change prevents build failures on macOS environments and aligns the runner's setup with project requirements.
    Gabor Berkes committed Dec 10, 2024
    Copy the full SHA
    a07d0c7 View commit details

Commits on Dec 11, 2024

  1. Debug: increase verbosity in pcre2.m4 for macOS GitHub Actions 

    Added AC_MSG_NOTICE macros to pcre2.m4 to enhance debugging output. This change aims to identify the cause of build failures on macOS runners in GitHub Actions, which do not occur locally or on other platforms (Linux, Windows).

The added verbosity will help trace the build process and inspect variable values for inconsistencies in the macOS runner environment.
    Gabor Berkes committed Dec 11, 2024
    Copy the full SHA
    784cf0b View commit details

  2. Fix macOS GitHub Actions build: add PCRE2_CFLAGS/LDADD/LDFLAGS 

    Introduced PCRE2_CFLAGS, PCRE2_LDADD, and PCRE2_LDFLAGS in all relevant Makefile.am files to align with the existing PCRE_* variable usage. This change addresses potential issues with linking and configuration for builds on macOS GitHub runners.

These modifications aim to resolve the build failure observed exclusively in the macOS environment while maintaining compatibility across other platforms. Testing will confirm if this adjustment corrects the issue.
    Gabor Berkes committed Dec 11, 2024
    Copy the full SHA
    e925078 View commit details

Commits on Dec 20, 2024

  1. Refactor: improve PCRE settings output in configure.ac 

    Enhanced the `configure.ac` script to provide clearer and more readable output for PCRE and PCRE2 settings during configuration. This change improves usability by ensuring that the configuration process displays relevant details in a structured and user-friendly format.

This update aligns with the broader PCRE to PCRE2 migration effort, making the build configuration process more transparent and consistent.
    Gabor Berkes committed Dec 20, 2024
    Copy the full SHA
    10d1c2b View commit details

Commits on Jan 6, 2025

  1. Merge branch 'owasp-modsecurity:v3/master' into refactor/default-pcre2

    @gberkes
    gberkes authored Jan 6, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6a2eee6 View commit details

Commits on Feb 20, 2025

  1. Merge branch 'owasp-modsecurity:v3/master' into refactor/default-pcre2

    @gberkes
    gberkes authored Feb 20, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b97b61b View commit details

  2. refactor: improve maintainability for SonarCloud compliance 

    - Marked the conversion operator in `Pcre2MatchContextPtr` as `explicit`
  to improve type safety and prevent unintended implicit conversions.
- Ensured consistent use of `nullptr` instead of `NULL` for better readability and modern C++ compliance.

These changes enhance code clarity, maintainability, and adherence to modern C++ best practices.
    Gabor Berkes committed Feb 20, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    d68aef3 View commit details

Commits on Mar 12, 2025

  1. Merge pull request #3321 from gberkes/refactor/default-pcre2 

    Refactor/default pcre2
    @airween
    airween authored Mar 12, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    1a2b139 View commit details

  2. Fix cppcheck error in example multi.c

    @airween
    airween committed Mar 12, 2025

    Verified

    This commit was signed with the committer’s verified signature.
    airween Ervin Hegedus
    GPG key ID: 5FA5BC3F5EC41F61
    Verified
    Learn about vigilant mode
    Copy the full SHA
    dc40880 View commit details

  3. Make utf variable const pointer

    @airween
    airween committed Mar 12, 2025

    Verified

    This commit was signed with the committer’s verified signature.
    airween Ervin Hegedus
    GPG key ID: 5FA5BC3F5EC41F61
    Verified
    Learn about vigilant mode
    Copy the full SHA
    d3c1ad7 View commit details

  4. Replace C pointers by shared pointer in fuzzy_hash op code

    @airween
    airween committed Mar 12, 2025

    Verified

    This commit was signed with the committer’s verified signature.
    airween Ervin Hegedus
    GPG key ID: 5FA5BC3F5EC41F61
    Verified
    Learn about vigilant mode
    Copy the full SHA
    dbdd631 View commit details

  5. Make variable const pointer

    @airween
    airween committed Mar 12, 2025

    Verified

    This commit was signed with the committer’s verified signature.
    airween Ervin Hegedus
    GPG key ID: 5FA5BC3F5EC41F61
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c3c2c6f View commit details

  6. Make function argument const pointer

    @airween
    airween committed Mar 12, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    airween Ervin Hegedus
    GPG key ID: 5FA5BC3F5EC41F61
    Verified
    Learn about vigilant mode
    Copy the full SHA
    42280d2 View commit details

  7. Make destructor default; remove impmelentation

    @airween
    airween committed Mar 12, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    airween Ervin Hegedus
    GPG key ID: 5FA5BC3F5EC41F61
    Verified
    Learn about vigilant mode
    Copy the full SHA
    8f00f47 View commit details

Commits on Mar 14, 2025

  1. Merge pull request #3350 from airween/v3/cppcheckfix 

    fix: align code to fix cppcheck errors
    @airween
    airween authored Mar 14, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7a986c7 View commit details

Commits on Mar 23, 2025

  1. doc: update testing section of README 

    The regression_tests and unit_tests scripts appear to
be named with underscores instead of hyphens. This
commit updates the README to reflect this.
    @cjihrig
    cjihrig authored Mar 23, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    80019da View commit details

  2. Merge pull request #3354 from cjihrig/patch-1 

    doc: update testing section of README
    @airween
    airween authored Mar 23, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    01a0615 View commit details
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -26,7 +26,7 @@ jobs:
- {label: "wo geoip", opt: "--without-geoip" }
- {label: "wo ssdeep", opt: "--without-ssdeep" }
- {label: "with lmdb", opt: "--with-lmdb" }
- {label: "with pcre2", opt: "--with-pcre2" }
- {label: "with pcre", opt: "--with-pcre" }
exclude:
- platform: {label: "x32"}
configure: {label: "wo geoip"}
@@ -88,7 +88,7 @@ jobs:
- {label: "wo geoip", opt: "--without-geoip" }
- {label: "wo ssdeep", opt: "--without-ssdeep" }
- {label: "with lmdb", opt: "--with-lmdb" }
- {label: "with pcre2", opt: "--with-pcre2" }
- {label: "with pcre", opt: "--with-pcre" }
steps:
- name: Setup Dependencies
# curl, pcre2 not installed because they're already
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -219,8 +219,8 @@ the utilities, follow the commands listed below:
$ cd /path/to/your/ModSecurity
$ git submodule foreach git pull
$ cd test
$ ./regression-tests
$ ./unit-tests
$ ./regression_tests
$ ./unit_tests
```

### Debugging
5 changes: 3 additions & 2 deletions build/pcre.m4
View file
Original file line number Diff line number Diff line change
@@ -21,8 +21,8 @@ AC_ARG_WITH(
[test_paths="${with_pcre}"],
[test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"])
if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then
AC_MSG_NOTICE([pcre2 specified; omitting check for pcre])
if test "x${with_pcre}" == "x" && test "x${with_pcre}" != "xno"; then
AC_MSG_NOTICE([Support for pcre not requested; omitting check for pcre])
else
AC_MSG_CHECKING([for libpcre config script])
@@ -106,6 +106,7 @@ else
LIBS=$save_LIBS
fi
PCRE_CFLAGS="-DWITH_PCRE ${PCRE_CFLAGS}"
AC_SUBST(PCRE_CONFIG)
AC_SUBST(PCRE_VERSION)
AC_SUBST(PCRE_CPPFLAGS)
19 changes: 13 additions & 6 deletions build/pcre2.m4
View file
Original file line number Diff line number Diff line change
@@ -29,10 +29,12 @@ if test "x${with_pcre2}" == "xno"; then
AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
PCRE2_DISABLED=yes
else
if test "x${with_pcre2}" == "xyes"; then
PCRE2_MANDATORY=yes
AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
fi
PCRE2_MANDATORY=yes
AC_MSG_NOTICE([PCRE2 is enabled by default.])
# if test "x${with_pcre2}" == "xyes"; then
# PCRE2_MANDATORY=yes
# AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
# fi
# for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_PCRE2_AT(${x})
# if test -n "${PCRE2_VERSION}"; then
@@ -96,9 +98,14 @@ else
AC_MSG_NOTICE([PCRE2 is disabled by default.])
else
PCRE2_FOUND=1
AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}])
PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}"
PCRE2_CFLAGS="${PCRE2_CFLAGS}"
PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
AC_MSG_NOTICE([using PCRE2_VERSION ${PCRE2_VERSION}])
AC_MSG_NOTICE([using PCRE2_LDADD ${PCRE2_LDADD}])
AC_MSG_NOTICE([using PCRE2_LIBS ${PCRE2_LIBS}])
AC_MSG_NOTICE([using PCRE2_LDFLAGS ${PCRE2_LDFLAGS}])
AC_MSG_NOTICE([using PCRE2_CFLAGS ${PCRE2_CFLAGS}])
AC_MSG_NOTICE([using PCRE2_DISPLAY ${PCRE2_DISPLAY}])
AC_SUBST(PCRE2_VERSION)
AC_SUBST(PCRE2_LDADD)
AC_SUBST(PCRE2_LIBS)
34 changes: 20 additions & 14 deletions configure.ac
View file
Original file line number Diff line number Diff line change
@@ -109,24 +109,19 @@ AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""])

# Check for LibGeoIP
PROG_GEOIP
AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""])

# Check for MaxMind
PROG_MAXMIND
AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""])


# Check for LMDB
PROG_LMDB
AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""])

# Check for SSDEEP
CHECK_SSDEEP
AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""])

# Check for LUA
CHECK_LUA
AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""])


#
@@ -146,16 +141,16 @@ CHECK_LIBXML2


#
# Check for libpcre
# Check for libpcre only if explicitly requested
#
CHECK_PCRE


#
# Check for pcre2
#
PROG_PCRE2
AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
if test "x${with_pcre}" != "x" && test "x${with_pcre}" != "xno"; then
CHECK_PCRE
else
#
# Check for pcre2
#
PROG_PCRE2
fi


# Checks for header files.
@@ -587,6 +582,17 @@ if test "x$LUA_FOUND" = "x2"; then
echo " + LUA ....disabled"
fi

##PCRE
if test "x${with_pcre}" != "x" \
&& test "x${with_pcre}" != "xno" \
&& test "x${PCRE_VERSION}" == "x"; then
AC_MSG_NOTICE([*** pcre library not found.])
else
echo " + PCRE ....found "
echo " using pcre v${PCRE_VERSION}"
echo " ${PCRE_LDADD}, ${PCRE_CFLAGS}"
fi


## PCRE2
if test "x$PCRE2_FOUND" = "x0"; then
4 changes: 2 additions & 2 deletions examples/multiprocess_c/multi.c
View file
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@ RulesSet *rules = NULL;
ModSecurity *modsec = NULL;


void process_special_request (int j) {
static void process_special_request (int j) {
Transaction *transaction;
transaction = msc_new_transaction(modsec, rules, NULL);

@@ -60,7 +60,7 @@ void process_special_request (int j) {
msc_transaction_cleanup(transaction);
}

void process_request (int j) {
static void process_request (int j) {
int i;

for (i = 0; i < REQUESTS_PER_PROCESS; i++) {
2 changes: 2 additions & 0 deletions examples/multithread/Makefile.am
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ multithread_LDADD = \
$(MAXMIND_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(PCRE2_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

@@ -46,6 +47,7 @@ multithread_CPPFLAGS = \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(PCRE2_CFLAGS) \
$(LIBXML2_CFLAGS)


2 changes: 2 additions & 0 deletions examples/reading_logs_via_rule_message/Makefile.am
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ simple_request_LDADD = \
$(MAXMIND_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(PCRE2_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

@@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(PCRE2_CFLAGS) \
$(LIBXML2_CFLAGS)


2 changes: 2 additions & 0 deletions examples/reading_logs_with_offset/Makefile.am
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ read_LDADD = \
$(LMDB_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(PCRE2_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

@@ -46,6 +47,7 @@ read_CPPFLAGS = \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(PCRE2_CFLAGS) \
$(LIBXML2_CFLAGS)


2 changes: 2 additions & 0 deletions examples/using_bodies_in_chunks/Makefile.am
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ simple_request_LDADD = \
$(LMDB_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(PCRE2_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

@@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
$(PCRE_CFLAGS) \
$(PCRE2_CFLAGS) \
$(LIBXML2_CFLAGS)

MAINTAINERCLEANFILES = \
4 changes: 2 additions & 2 deletions headers/modsecurity/rules_exceptions.h
View file
Original file line number Diff line number Diff line change
@@ -53,8 +53,8 @@ class RulesExceptions {
bool contains(int a);
bool merge(RulesExceptions *from);

bool loadRemoveRuleByMsg(const std::string &msg, std::string *error);
bool loadRemoveRuleByTag(const std::string &msg, std::string *error);
bool loadRemoveRuleByMsg(const std::string &msg, const std::string *error);
bool loadRemoveRuleByTag(const std::string &msg, const std::string *error);

bool loadUpdateTargetByMsg(const std::string &msg,
std::unique_ptr<std::vector<std::unique_ptr<variables::Variable> > > v,
2 changes: 1 addition & 1 deletion src/actions/transformations/utf8_to_unicode.cc
View file
Original file line number Diff line number Diff line change
@@ -46,7 +46,7 @@ static inline bool encode(std::string &value) {
int unicode_len = 0;
unsigned int d = 0;
unsigned char c;
auto utf = &input[i];
const auto* utf = &input[i];

c = *utf;

27 changes: 7 additions & 20 deletions src/operators/fuzzy_hash.cc
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
std::string digit;
std::string file;
std::istream *iss;
struct fuzzy_hash_chunk *chunk, *t;
std::shared_ptr<fuzzy_hash_chunk> chunk, t;
std::string err;

auto pos = m_param.find_last_of(' ');
@@ -55,11 +55,10 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
}

for (std::string line; std::getline(*iss, line); ) {
chunk = (struct fuzzy_hash_chunk *)calloc(1,
sizeof(struct fuzzy_hash_chunk));
chunk = std::make_shared<fuzzy_hash_chunk>();

chunk->data = strdup(line.c_str());
chunk->next = NULL;
chunk->data = std::shared_ptr<char>(strdup(line.c_str()), free);
chunk->next = nullptr;

if (m_head == NULL) {
m_head = chunk;
@@ -83,23 +82,11 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
#endif
}

FuzzyHash::~FuzzyHash() {
struct fuzzy_hash_chunk *c = m_head;
while (c) {
struct fuzzy_hash_chunk *t = c;
free(c->data);
c->data = NULL;
c = c->next;
free(t);
}
m_head = NULL;
}


bool FuzzyHash::evaluate(Transaction *t, const std::string &str) {
#ifdef WITH_SSDEEP
char result[FUZZY_MAX_RESULT];
struct fuzzy_hash_chunk *chunk = m_head;
std::shared_ptr<fuzzy_hash_chunk> chunk = m_head;


if (fuzzy_hash_buf((const unsigned char*)str.c_str(),
str.size(), result)) {
@@ -108,7 +95,7 @@ bool FuzzyHash::evaluate(Transaction *t, const std::string &str) {
}

while (chunk != NULL) {
int i = fuzzy_compare(chunk->data, result);
int i = fuzzy_compare(chunk->data.get(), result);
if (i >= m_threshold) {
ms_dbg_a(t, 4, "Fuzzy hash: matched " \
"with score: " + std::to_string(i) + ".");
8 changes: 4 additions & 4 deletions src/operators/fuzzy_hash.h
View file
Original file line number Diff line number Diff line change
@@ -31,8 +31,8 @@ namespace operators {


struct fuzzy_hash_chunk {
char *data;
struct fuzzy_hash_chunk *next;
std::shared_ptr<char> data;
std::shared_ptr<fuzzy_hash_chunk> next;
};

class FuzzyHash : public Operator {
@@ -42,14 +42,14 @@ class FuzzyHash : public Operator {
: Operator("FuzzyHash", std::move(param)),
m_threshold(0),
m_head(NULL) { }
~FuzzyHash() override;
~FuzzyHash() override = default;

bool evaluate(Transaction *transaction, const std::string &std) override;

bool init(const std::string &param, std::string *error) override;
private:
int m_threshold;
struct fuzzy_hash_chunk *m_head;
std::shared_ptr<fuzzy_hash_chunk> m_head;
};

} // namespace operators
Loading