diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 60b6db913f..d6895b825d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } exclude: - platform: {label: "x32"} configure: {label: "wo geoip"} @@ -88,7 +88,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } steps: - name: Setup Dependencies # curl, pcre2 not installed because they're already diff --git a/README.md b/README.md index cf3841c2a1..a60ed923b8 100644 --- a/README.md +++ b/README.md @@ -219,8 +219,8 @@ the utilities, follow the commands listed below: $ cd /path/to/your/ModSecurity $ git submodule foreach git pull $ cd test -$ ./regression-tests -$ ./unit-tests +$ ./regression_tests +$ ./unit_tests ``` ### Debugging diff --git a/build/pcre.m4 b/build/pcre.m4 index 4d9912327b..de28e8b889 100644 --- a/build/pcre.m4 +++ b/build/pcre.m4 @@ -21,8 +21,8 @@ AC_ARG_WITH( [test_paths="${with_pcre}"], [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"]) -if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then - AC_MSG_NOTICE([pcre2 specified; omitting check for pcre]) +if test "x${with_pcre}" == "x" && test "x${with_pcre}" != "xno"; then + AC_MSG_NOTICE([Support for pcre not requested; omitting check for pcre]) else AC_MSG_CHECKING([for libpcre config script]) @@ -106,6 +106,7 @@ else LIBS=$save_LIBS fi + PCRE_CFLAGS="-DWITH_PCRE ${PCRE_CFLAGS}" AC_SUBST(PCRE_CONFIG) AC_SUBST(PCRE_VERSION) AC_SUBST(PCRE_CPPFLAGS) diff --git a/build/pcre2.m4 b/build/pcre2.m4 index 2d0814ace7..aaa4f8a1d2 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -29,10 +29,12 @@ if test "x${with_pcre2}" == "xno"; then AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no]) PCRE2_DISABLED=yes else - if test "x${with_pcre2}" == "xyes"; then - PCRE2_MANDATORY=yes - AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) - fi + PCRE2_MANDATORY=yes + AC_MSG_NOTICE([PCRE2 is enabled by default.]) +# if test "x${with_pcre2}" == "xyes"; then +# PCRE2_MANDATORY=yes +# AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) +# fi # for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do # CHECK_FOR_PCRE2_AT(${x}) # if test -n "${PCRE2_VERSION}"; then @@ -96,9 +98,14 @@ else AC_MSG_NOTICE([PCRE2 is disabled by default.]) else PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) - PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}" + PCRE2_CFLAGS="${PCRE2_CFLAGS}" PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_MSG_NOTICE([using PCRE2_VERSION ${PCRE2_VERSION}]) + AC_MSG_NOTICE([using PCRE2_LDADD ${PCRE2_LDADD}]) + AC_MSG_NOTICE([using PCRE2_LIBS ${PCRE2_LIBS}]) + AC_MSG_NOTICE([using PCRE2_LDFLAGS ${PCRE2_LDFLAGS}]) + AC_MSG_NOTICE([using PCRE2_CFLAGS ${PCRE2_CFLAGS}]) + AC_MSG_NOTICE([using PCRE2_DISPLAY ${PCRE2_DISPLAY}]) AC_SUBST(PCRE2_VERSION) AC_SUBST(PCRE2_LDADD) AC_SUBST(PCRE2_LIBS) diff --git a/configure.ac b/configure.ac index 11cef0b67e..93addd7083 100644 --- a/configure.ac +++ b/configure.ac @@ -109,24 +109,19 @@ AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""]) # Check for LibGeoIP PROG_GEOIP -AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""]) # Check for MaxMind PROG_MAXMIND -AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""]) # Check for LMDB PROG_LMDB -AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""]) # Check for SSDEEP CHECK_SSDEEP -AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""]) # Check for LUA CHECK_LUA -AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""]) # @@ -146,16 +141,16 @@ CHECK_LIBXML2 # -# Check for libpcre +# Check for libpcre only if explicitly requested # -CHECK_PCRE - - -# -# Check for pcre2 -# -PROG_PCRE2 -AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""]) +if test "x${with_pcre}" != "x" && test "x${with_pcre}" != "xno"; then + CHECK_PCRE +else + # + # Check for pcre2 + # + PROG_PCRE2 +fi # Checks for header files. @@ -587,6 +582,17 @@ if test "x$LUA_FOUND" = "x2"; then echo " + LUA ....disabled" fi +##PCRE +if test "x${with_pcre}" != "x" \ + && test "x${with_pcre}" != "xno" \ + && test "x${PCRE_VERSION}" == "x"; then + AC_MSG_NOTICE([*** pcre library not found.]) +else + echo " + PCRE ....found " + echo " using pcre v${PCRE_VERSION}" + echo " ${PCRE_LDADD}, ${PCRE_CFLAGS}" +fi + ## PCRE2 if test "x$PCRE2_FOUND" = "x0"; then diff --git a/examples/multiprocess_c/multi.c b/examples/multiprocess_c/multi.c index 2481db4e56..6fb0cbf54e 100644 --- a/examples/multiprocess_c/multi.c +++ b/examples/multiprocess_c/multi.c @@ -38,7 +38,7 @@ RulesSet *rules = NULL; ModSecurity *modsec = NULL; -void process_special_request (int j) { +static void process_special_request (int j) { Transaction *transaction; transaction = msc_new_transaction(modsec, rules, NULL); @@ -60,7 +60,7 @@ void process_special_request (int j) { msc_transaction_cleanup(transaction); } -void process_request (int j) { +static void process_request (int j) { int i; for (i = 0; i < REQUESTS_PER_PROCESS; i++) { diff --git a/examples/multithread/Makefile.am b/examples/multithread/Makefile.am index c17b431a35..0871efa1e1 100644 --- a/examples/multithread/Makefile.am +++ b/examples/multithread/Makefile.am @@ -14,6 +14,7 @@ multithread_LDADD = \ $(MAXMIND_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ multithread_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/reading_logs_via_rule_message/Makefile.am b/examples/reading_logs_via_rule_message/Makefile.am index 210edef3bc..5a6ba74b2a 100644 --- a/examples/reading_logs_via_rule_message/Makefile.am +++ b/examples/reading_logs_via_rule_message/Makefile.am @@ -14,6 +14,7 @@ simple_request_LDADD = \ $(MAXMIND_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/reading_logs_with_offset/Makefile.am b/examples/reading_logs_with_offset/Makefile.am index 3ecda10cbb..a98ed48d0e 100644 --- a/examples/reading_logs_with_offset/Makefile.am +++ b/examples/reading_logs_with_offset/Makefile.am @@ -14,6 +14,7 @@ read_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ read_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am index 5d64537992..9eb438f368 100644 --- a/examples/using_bodies_in_chunks/Makefile.am +++ b/examples/using_bodies_in_chunks/Makefile.am @@ -14,6 +14,7 @@ simple_request_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) MAINTAINERCLEANFILES = \ diff --git a/headers/modsecurity/rules_exceptions.h b/headers/modsecurity/rules_exceptions.h index 8d513e76d6..8395048d69 100644 --- a/headers/modsecurity/rules_exceptions.h +++ b/headers/modsecurity/rules_exceptions.h @@ -53,8 +53,8 @@ class RulesExceptions { bool contains(int a); bool merge(RulesExceptions *from); - bool loadRemoveRuleByMsg(const std::string &msg, std::string *error); - bool loadRemoveRuleByTag(const std::string &msg, std::string *error); + bool loadRemoveRuleByMsg(const std::string &msg, const std::string *error); + bool loadRemoveRuleByTag(const std::string &msg, const std::string *error); bool loadUpdateTargetByMsg(const std::string &msg, std::unique_ptr > > v, diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc index 4b01583e7c..263c782bf6 100644 --- a/src/actions/transformations/utf8_to_unicode.cc +++ b/src/actions/transformations/utf8_to_unicode.cc @@ -46,7 +46,7 @@ static inline bool encode(std::string &value) { int unicode_len = 0; unsigned int d = 0; unsigned char c; - auto utf = &input[i]; + const auto* utf = &input[i]; c = *utf; diff --git a/src/operators/fuzzy_hash.cc b/src/operators/fuzzy_hash.cc index df31a98c2b..61ea2821e5 100644 --- a/src/operators/fuzzy_hash.cc +++ b/src/operators/fuzzy_hash.cc @@ -28,7 +28,7 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { std::string digit; std::string file; std::istream *iss; - struct fuzzy_hash_chunk *chunk, *t; + std::shared_ptr chunk, t; std::string err; auto pos = m_param.find_last_of(' '); @@ -55,11 +55,10 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { } for (std::string line; std::getline(*iss, line); ) { - chunk = (struct fuzzy_hash_chunk *)calloc(1, - sizeof(struct fuzzy_hash_chunk)); + chunk = std::make_shared(); - chunk->data = strdup(line.c_str()); - chunk->next = NULL; + chunk->data = std::shared_ptr(strdup(line.c_str()), free); + chunk->next = nullptr; if (m_head == NULL) { m_head = chunk; @@ -83,23 +82,11 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { #endif } -FuzzyHash::~FuzzyHash() { - struct fuzzy_hash_chunk *c = m_head; - while (c) { - struct fuzzy_hash_chunk *t = c; - free(c->data); - c->data = NULL; - c = c->next; - free(t); - } - m_head = NULL; -} - - bool FuzzyHash::evaluate(Transaction *t, const std::string &str) { #ifdef WITH_SSDEEP char result[FUZZY_MAX_RESULT]; - struct fuzzy_hash_chunk *chunk = m_head; + std::shared_ptr chunk = m_head; + if (fuzzy_hash_buf((const unsigned char*)str.c_str(), str.size(), result)) { @@ -108,7 +95,7 @@ bool FuzzyHash::evaluate(Transaction *t, const std::string &str) { } while (chunk != NULL) { - int i = fuzzy_compare(chunk->data, result); + int i = fuzzy_compare(chunk->data.get(), result); if (i >= m_threshold) { ms_dbg_a(t, 4, "Fuzzy hash: matched " \ "with score: " + std::to_string(i) + "."); diff --git a/src/operators/fuzzy_hash.h b/src/operators/fuzzy_hash.h index 10a0ca6dc0..b78054f5f8 100644 --- a/src/operators/fuzzy_hash.h +++ b/src/operators/fuzzy_hash.h @@ -31,8 +31,8 @@ namespace operators { struct fuzzy_hash_chunk { - char *data; - struct fuzzy_hash_chunk *next; + std::shared_ptr data; + std::shared_ptr next; }; class FuzzyHash : public Operator { @@ -42,14 +42,14 @@ class FuzzyHash : public Operator { : Operator("FuzzyHash", std::move(param)), m_threshold(0), m_head(NULL) { } - ~FuzzyHash() override; + ~FuzzyHash() override = default; bool evaluate(Transaction *transaction, const std::string &std) override; bool init(const std::string ¶m, std::string *error) override; private: int m_threshold; - struct fuzzy_hash_chunk *m_head; + std::shared_ptr m_head; }; } // namespace operators diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 66f2e91178..1ddbf4f494 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -21,11 +21,11 @@ #include "src/operators/operator.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT #define pcre_study_opt PCRE_STUDY_JIT_COMPILE #else -#define pcre_study_opt 0 +constexpr int pcre_study_opt = 0; #endif #endif @@ -34,20 +34,20 @@ namespace modsecurity { namespace operators { VerifyCC::~VerifyCC() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else - if (m_pc != NULL) { + if (m_pc != nullptr) { pcre_free(m_pc); - m_pc = NULL; + m_pc = nullptr; } - if (m_pce != NULL) { + if (m_pce != nullptr) { #if PCRE_HAVE_JIT pcre_free_study(m_pce); #else pcre_free(m_pce); #endif - m_pce = NULL; + m_pce = nullptr; } #endif } @@ -94,33 +94,33 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { bool VerifyCC::init(const std::string ¶m2, std::string *error) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(m_param.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); int errornumber = 0; PCRE2_SIZE erroroffset = 0; m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED, - pcre2_options, &errornumber, &erroroffset, NULL); - if (m_pc == NULL) { + pcre2_options, &errornumber, &erroroffset, nullptr); + if (m_pc == nullptr) { return false; } m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE); #else - const char *errptr = NULL; + const char *errptr = nullptr; int erroffset = 0; m_pc = pcre_compile(m_param.c_str(), PCRE_DOTALL|PCRE_MULTILINE, - &errptr, &erroffset, NULL); - if (m_pc == NULL) { + &errptr, &erroffset, nullptr); + if (m_pc == nullptr) { error->assign(errptr); return false; } m_pce = pcre_study(m_pc, pcre_study_opt, &errptr); - if (m_pce == NULL) { - if (errptr == NULL) { + if (m_pce == nullptr) { + if (errptr == nullptr) { /* - * Per pcre_study(3) m_pce == NULL && errptr == NULL means + * Per pcre_study(3) m_pce == nullptr && errptr == nullptr means * that no addional information is found, so no need to study */ return true; @@ -136,21 +136,21 @@ bool VerifyCC::init(const std::string ¶m2, std::string *error) { bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, const std::string& i, RuleMessage &ruleMessage) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SIZE offset = 0; size_t target_length = i.length(); PCRE2_SPTR pcre2_i = reinterpret_cast(i.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int ret; for (offset = 0; offset < target_length; offset++) { if (m_pcje == 0) { - ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, NULL); + ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, nullptr); } if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) { - ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, NULL); + ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, nullptr); } /* If there was no match, then we are done. */ @@ -192,7 +192,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, "\" at " + i + ". [offset " + std::to_string(offset) + "]"); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return true; @@ -200,7 +200,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index 05d4cdec7e..7e7e158bc9 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -16,7 +16,7 @@ #ifndef SRC_OPERATORS_VERIFY_CC_H_ #define SRC_OPERATORS_VERIFY_CC_H_ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -38,12 +38,12 @@ class VerifyCC : public Operator { /** @ingroup ModSecurity_Operator */ explicit VerifyCC(std::unique_ptr param) : Operator("VerifyCC", std::move(param)), -#if WITH_PCRE2 - m_pc(NULL), +#ifndef WITH_PCRE + m_pc(nullptr), m_pcje(PCRE2_ERROR_JIT_BADOPTION) { } #else - m_pc(NULL), - m_pce(NULL) { } + m_pc(nullptr), + m_pce(nullptr) { } #endif ~VerifyCC() override; @@ -52,7 +52,7 @@ class VerifyCC : public Operator { RuleMessage &ruleMessage) override; bool init(const std::string ¶m, std::string *error) override; private: -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else diff --git a/src/parser/Makefile.am b/src/parser/Makefile.am index cded626179..685675819f 100644 --- a/src/parser/Makefile.am +++ b/src/parser/Makefile.am @@ -25,6 +25,7 @@ libmodsec_parser_la_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) test.cc: seclang-parser.hh diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index fd140329b8..cde76a5f2e 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -1638,7 +1638,7 @@ bool Multipart::process(const std::string& data, std::string *error, } } else { /* It looks like a boundary but */ /* we couldn't match it. */ - char *p = NULL; + const char *p = NULL; /* Check if an attempt to use quotes around the * boundary was made. */ diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 1545571c18..2fb0cf857f 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -58,7 +58,7 @@ bool RulesExceptions::loadUpdateActionById(double id, bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg, - std::string *error) { + const std::string *error) { m_remove_rule_by_msg.push_back(msg); return true; @@ -66,7 +66,7 @@ bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg, bool RulesExceptions::loadRemoveRuleByTag(const std::string &msg, - std::string *error) { + const std::string *error) { m_remove_rule_by_tag.push_back(msg); return true; diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 731ffc9795..3002503743 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -23,7 +23,7 @@ #include "src/utils/geo_lookup.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT // NOTE: Add PCRE_STUDY_EXTRA_NEEDED so studying always yields a pcre_extra strucure // and we can selectively override match limits using a copy of that structure at runtime. @@ -35,11 +35,11 @@ #endif #endif -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE class Pcre2MatchContextPtr { public: Pcre2MatchContextPtr() - : m_match_context(pcre2_match_context_create(NULL)) {} + : m_match_context(pcre2_match_context_create(nullptr)) {} Pcre2MatchContextPtr(const Pcre2MatchContextPtr&) = delete; Pcre2MatchContextPtr& operator=(const Pcre2MatchContextPtr&) = delete; @@ -48,7 +48,7 @@ class Pcre2MatchContextPtr { pcre2_match_context_free(m_match_context); } - operator pcre2_match_context*() const { + explicit operator pcre2_match_context*() const { return m_match_context; } @@ -62,7 +62,7 @@ namespace Utils { // Helper function to tell us if the current config indicates CRLF is a valid newline sequence bool crlfIsNewline() { -#if WITH_PCRE2 +#ifndef WITH_PCRE uint32_t newline = 0; pcre2_config(PCRE2_CONFIG_NEWLINE, &newline); bool crlf_is_newline = @@ -89,7 +89,7 @@ bool crlfIsNewline() { Regex::Regex(const std::string& pattern_, bool ignoreCase) : pattern(pattern_.empty() ? ".*" : pattern_) { -#if WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(pattern.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); if (ignoreCase) { @@ -98,10 +98,10 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) int errornumber = 0; PCRE2_SIZE erroroffset = 0; m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED, - pcre2_options, &errornumber, &erroroffset, NULL); + pcre2_options, &errornumber, &erroroffset, nullptr); m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE); #else - const char *errptr = NULL; + const char *errptr = nullptr; int erroffset; int flags = (PCRE_DOTALL|PCRE_MULTILINE); @@ -109,7 +109,7 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) flags |= PCRE_CASELESS; } m_pc = pcre_compile(pattern.c_str(), flags, - &errptr, &erroffset, NULL); + &errptr, &erroffset, nullptr); m_pce = pcre_study(m_pc, pcre_study_opt, &errptr); #endif @@ -117,20 +117,20 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) Regex::~Regex() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else - if (m_pc != NULL) { + if (m_pc != nullptr) { pcre_free(m_pc); - m_pc = NULL; + m_pc = nullptr; } - if (m_pce != NULL) { + if (m_pce != nullptr) { #if PCRE_HAVE_JIT pcre_free_study(m_pce); #else pcre_free(m_pce); #endif - m_pce = NULL; + m_pce = nullptr; } #endif } @@ -139,20 +139,20 @@ Regex::~Regex() { std::list Regex::searchAll(const std::string& s) const { std::list retList; int rc = 0; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE offset = 0; - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); do { if (m_pcje == 0) { rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), - offset, 0, match_data, NULL); + offset, 0, match_data, nullptr); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { rc = pcre2_match(m_pc, pcre2_s, s.length(), - offset, PCRE2_NO_JIT, match_data, NULL); + offset, PCRE2_NO_JIT, match_data, nullptr); } const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -183,29 +183,29 @@ std::list Regex::searchAll(const std::string& s) const { } } while (rc > 0); -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return retList; } RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? - pcre2_set_match_limit(match_context, match_limit); + pcre2_set_match_limit(static_cast(match_context), match_limit); } PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int rc = 0; if (m_pcje == 0) { - rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, match_context); + rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, static_cast(match_context)); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { - rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, match_context); + rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, static_cast(match_context)); } const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -214,7 +214,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector 0) { + if (m_pce != nullptr && match_limit > 0) { local_pce = *m_pce; local_pce.match_limit = match_limit; local_pce.flags |= PCRE_EXTRA_MATCH_LIMIT; @@ -235,7 +235,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { bool prev_match_zero_length = false; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? - pcre2_set_match_limit(match_context, match_limit); + pcre2_set_match_limit(static_cast(match_context), match_limit); } PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE startOffset = 0; - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); while (startOffset <= s.length()) { uint32_t pcre2_options = 0; if (prev_match_zero_length) { pcre2_options = PCRE2_NOTEMPTY_ATSTART | PCRE2_ANCHORED; } int rc = pcre2_match(m_pc, pcre2_s, s.length(), - startOffset, pcre2_options, match_data, match_context); + startOffset, pcre2_options, match_data, static_cast(match_context)); const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -268,7 +268,7 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector pcre_extra local_pce; pcre_extra *pce = m_pce; - if (m_pce != NULL && match_limit > 0) { + if (m_pce != nullptr && match_limit > 0) { local_pce = *m_pce; local_pce.match_limit = match_limit; local_pce.flags |= PCRE_EXTRA_MATCH_LIMIT; @@ -337,25 +337,25 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return RegexResult::Ok; } int Regex::search(const std::string& s, SMatch *match) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int ret = 0; if (m_pcje == 0) { ret = pcre2_match(m_pc, pcre2_s, s.length(), - 0, 0, match_data, NULL) > 0; + 0, 0, match_data, nullptr) > 0; } if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) { ret = pcre2_match(m_pc, pcre2_s, s.length(), - 0, PCRE2_NO_JIT, match_data, NULL) > 0; + 0, PCRE2_NO_JIT, match_data, nullptr) > 0; } if (ret > 0) { // match PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); @@ -371,23 +371,23 @@ int Regex::search(const std::string& s, SMatch *match) const { 0); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return ret; } int Regex::search(const std::string& s) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int rc = 0; if (m_pcje == 0) { - rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, NULL); + rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, nullptr); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { - rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, NULL); + rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, nullptr); } pcre2_match_data_free(match_data); if (rc > 0) { @@ -405,7 +405,7 @@ int Regex::search(const std::string& s) const { RegexResult Regex::to_regex_result(int pcre_exec_result) const { if ( pcre_exec_result > 0 || -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_NOMATCH #else pcre_exec_result == PCRE_ERROR_NOMATCH @@ -413,7 +413,7 @@ RegexResult Regex::to_regex_result(int pcre_exec_result) const { ) { return RegexResult::Ok; } else if( -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_MATCHLIMIT #else pcre_exec_result == PCRE_ERROR_MATCHLIMIT diff --git a/src/utils/regex.h b/src/utils/regex.h index f27cdd2536..863ce560b6 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -12,7 +12,7 @@ * directly using the email address security@modsecurity.org. * */ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -79,7 +79,7 @@ class Regex { Regex& operator=(const Regex&) = delete; bool hasError() const { - return (m_pc == NULL); + return (m_pc == nullptr); } std::list searchAll(const std::string& s) const; RegexResult searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit = 0) const; @@ -91,12 +91,12 @@ class Regex { private: RegexResult to_regex_result(int pcre_exec_result) const; -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else - pcre *m_pc = NULL; - pcre_extra *m_pce = NULL; + pcre *m_pc = nullptr; + pcre_extra *m_pce = nullptr; #endif }; diff --git a/test/benchmark/Makefile.am b/test/benchmark/Makefile.am index 88da53e86a..2ac9d92111 100644 --- a/test/benchmark/Makefile.am +++ b/test/benchmark/Makefile.am @@ -10,6 +10,7 @@ benchmark_LDADD = \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(YAJL_LDADD) \ $(LMDB_LDADD) \ $(SSDEEP_LDADD) \ @@ -35,6 +36,7 @@ benchmark_CPPFLAGS = \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LMDB_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/test/fuzzer/Makefile.am b/test/fuzzer/Makefile.am index ea21024059..eee3a94e23 100644 --- a/test/fuzzer/Makefile.am +++ b/test/fuzzer/Makefile.am @@ -18,6 +18,7 @@ afl_fuzzer_LDADD = \ $(CURL_LDADD) \ $(GEOIP_LDFLAGS) $(GEOIP_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(YAJL_LDFLAGS) $(YAJL_LDADD) \ $(LMDB_LDFLAGS) $(LMDB_LDADD) \ $(MAXMIND_LDFLAGS) $(MAXMIND_LDADD) \ @@ -44,4 +45,5 @@ afl_fuzzer_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/tools/rules-check/Makefile.am b/tools/rules-check/Makefile.am index 6f398fb222..c79a625671 100644 --- a/tools/rules-check/Makefile.am +++ b/tools/rules-check/Makefile.am @@ -15,6 +15,7 @@ modsec_rules_check_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -31,6 +32,7 @@ modsec_rules_check_CPPFLAGS = \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LMDB_CFLAGS) \ $(MAXMIND_CFLAGS) \ $(LIBXML2_CFLAGS)