diff --git a/src/deps/src/modsecurity/.editorconfig b/src/deps/src/modsecurity/.editorconfig new file mode 100644 index 0000000000..f6e08d349e --- /dev/null +++ b/src/deps/src/modsecurity/.editorconfig @@ -0,0 +1,26 @@ +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +indent_style = space +# Scripts without suffixes in the project root tend to indent by two spaces +indent_size = 2 + +# Most of the project files indent by four spaces +[*/**] +indent_size = 4 + +# Test files indent by two spaces +[test/**] +indent_size = 2 + +# The config parser file indents by both two and four spaces, +# so we choose to indent by two spaces as a common denominator. +[*.yy] +indent_size = 2 + +[{Makefile,Makefile.am}] +indent_style = tab + diff --git a/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-2-x.md b/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-2-x.md index 1d3e399d26..3698347696 100644 --- a/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-2-x.md +++ b/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-2-x.md @@ -2,7 +2,7 @@ name: Bug report for version 2.x about: Create a report to help us improve title: '' -labels: '' +labels: '2.x' assignees: '' --- diff --git a/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-3-x.md b/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-3-x.md index 24badfb84a..299334e6b8 100644 --- a/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-3-x.md +++ b/src/deps/src/modsecurity/.github/ISSUE_TEMPLATE/bug-report-for-version-3-x.md @@ -3,7 +3,7 @@ name: Bug report for version 3.x about: Create a report to help us improve. If you don't know a specific detail or piece of information leave it blank, if necessary we will help you to figure out. title: '' -labels: '' +labels: '3.x' assignees: '' --- diff --git a/src/deps/src/modsecurity/.github/PULL_REQUEST_TEMPLATE.md b/src/deps/src/modsecurity/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000000..4d274644a4 --- /dev/null +++ b/src/deps/src/modsecurity/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,24 @@ + + + +## what + + + +## why + + + +## references + + diff --git a/src/deps/src/modsecurity/.github/workflows/ci.yml b/src/deps/src/modsecurity/.github/workflows/ci.yml index 3350743b16..71ca3c7c57 100644 --- a/src/deps/src/modsecurity/.github/workflows/ci.yml +++ b/src/deps/src/modsecurity/.github/workflows/ci.yml @@ -6,69 +6,192 @@ on: jobs: build-linux: + name: Linux (${{ matrix.platform.label }}, ${{ matrix.compiler.label }}, ${{ matrix.configure.label }}) runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-22.04] - platform: [x32, x64] - compiler: [gcc, clang] + platform: + - {label: "x64", arch: "amd64", configure: ""} + - {label: "x32", arch: "i386", configure: "PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32"} + compiler: + - {label: "gcc", cc: "gcc", cxx: "g++"} + - {label: "clang", cc: "clang", cxx: "clang++"} configure: - {label: "with parser generation", opt: "--enable-parser-generation" } - {label: "wo curl", opt: "--without-curl" } - - {label: "wo yajl", opt: "--without-yajl" } - - {label: "wo geoip", opt: "--without-geoip" } - - {label: "wo lmdb", opt: "--without-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } - {label: "wo lua", opt: "--without-lua" } - - {label: "without maxmind", opt: "--without-maxmind" } + - {label: "wo maxmind", opt: "--without-maxmind" } + - {label: "wo libxml", opt: "--without-libxml" } + - {label: "wo geoip", opt: "--without-geoip" } + - {label: "wo ssdeep", opt: "--without-ssdeep" } + - {label: "with lmdb", opt: "--with-lmdb" } + - {label: "with pcre2", opt: "--with-pcre2" } + exclude: + - platform: {label: "x32"} + configure: {label: "wo geoip"} + - platform: {label: "x32"} + configure: {label: "wo ssdeep"} steps: - - name: Setup Dependencies + - name: Setup Dependencies (common) run: | + sudo dpkg --add-architecture ${{ matrix.platform.arch }} sudo apt-get update -y -qq - sudo apt-get install -y libfuzzy-dev libyajl-dev libgeoip-dev liblua5.2-dev liblmdb-dev cppcheck libmaxminddb-dev libcurl4-openssl-dev libpcre2-dev pcre2-utils - - uses: actions/checkout@v2 + sudo apt-get install -y libyajl-dev:${{ matrix.platform.arch }} \ + libcurl4-openssl-dev:${{ matrix.platform.arch }} \ + liblmdb-dev:${{ matrix.platform.arch }} \ + liblua5.2-dev:${{ matrix.platform.arch }} \ + libmaxminddb-dev:${{ matrix.platform.arch }} \ + libpcre2-dev:${{ matrix.platform.arch }} \ + pcre2-utils:${{ matrix.platform.arch }} \ + bison flex + - name: Setup Dependencies (x32) + if: ${{ matrix.platform.label == 'x32' }} + run: | + sudo apt-get install g++-multilib + sudo apt-get install -y libxml2-dev:${{ matrix.platform.arch }} \ + libpcre3-dev:${{ matrix.platform.arch }} + - name: Setup Dependencies (x64) + if: ${{ matrix.platform.label == 'x64' }} + run: | + sudo apt-get install -y libgeoip-dev:${{ matrix.platform.arch }} \ + libfuzzy-dev:${{ matrix.platform.arch }} + - uses: actions/checkout@v4 with: submodules: true + fetch-depth: 0 - name: build.sh run: ./build.sh - - name: configure ${{ matrix.configure.label }} - run: ./configure ${{ matrix.configure.opt }} + - name: configure + env: + CC: ${{ matrix.compiler.cc }} + CXX: ${{ matrix.compiler.cxx }} + run: ./configure ${{ matrix.platform.configure }} ${{ matrix.configure.opt }} --enable-assertions=yes - uses: ammaraskar/gcc-problem-matcher@master - name: make run: make -j `nproc` - name: check run: make check - - name: check-static - run: make check-static build-macos: + name: macOS (${{ matrix.configure.label }}) runs-on: ${{ matrix.os }} strategy: matrix: - os: [macos-12] - compiler: [clang] + os: [macos-14] configure: - {label: "with parser generation", opt: "--enable-parser-generation" } - {label: "wo curl", opt: "--without-curl" } - - {label: "wo yajl", opt: "--without-yajl" } - - {label: "wo geoip", opt: "--without-geoip" } - - {label: "wo lmdb", opt: "--without-lmdb" } - - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "wo lua", opt: "--without-lua" } - {label: "wo maxmind", opt: "--without-maxmind" } + - {label: "wo libxml", opt: "--without-libxml" } + - {label: "wo geoip", opt: "--without-geoip" } + - {label: "wo ssdeep", opt: "--without-ssdeep" } + - {label: "with lmdb", opt: "--with-lmdb" } + - {label: "with pcre2", opt: "--with-pcre2" } steps: - name: Setup Dependencies + # curl, pcre2 not installed because they're already + # included in the image run: | - brew install autoconf automake cppcheck lmdb libyaml lua ssdeep libmaxminddb bison - - uses: actions/checkout@v2 + brew install autoconf \ + automake \ + libtool \ + yajl \ + lmdb \ + lua \ + libmaxminddb \ + libxml2 \ + geoip \ + ssdeep \ + pcre \ + bison \ + flex + - uses: actions/checkout@v4 with: submodules: true + fetch-depth: 0 - name: build.sh run: ./build.sh - - name: configure ${{ matrix.configure.label }} - run: ./configure ${{ matrix.configure.opt }} + - name: configure + run: ./configure ${{ matrix.configure.opt }} --enable-assertions=yes - uses: ammaraskar/gcc-problem-matcher@master - name: make run: make -j `sysctl -n hw.logicalcpu` - name: check run: make check + + build-windows: + name: Windows (${{ matrix.platform.label }}, ${{ matrix.configure.label }}) + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [windows-2022] + platform: + - {label: "x64", arch: "x86_64"} + configuration: [Release] + configure: + - {label: "full", opt: "" } + - {label: "wo curl", opt: "-DWITH_CURL=OFF" } + - {label: "wo lua", opt: "-DWITH_LUA=OFF" } + - {label: "wo maxmind", opt: "-DWITH_MAXMIND=OFF" } + - {label: "wo libxml", opt: "-DWITH_LIBXML2=OFF" } + - {label: "with lmdb", opt: "-DWITH_LMDB=ON" } + steps: + - uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + - name: Install Conan + run: | + pip3 install conan --upgrade + conan profile detect + - uses: ammaraskar/msvc-problem-matcher@master + - name: Build ${{ matrix.configuration }} ${{ matrix.platform.arch }} ${{ matrix.configure.label }} + shell: cmd + run: vcbuild.bat ${{ matrix.configuration }} ${{ matrix.platform.arch }} NO_ASAN "${{ matrix.configure.opt }}" + - name: Set up test environment + working-directory: build\win32\build\${{ matrix.configuration }} + env: + BASE_DIR: ..\..\..\.. + shell: cmd + run: | + copy unit_tests.exe %BASE_DIR%\test + copy regression_tests.exe %BASE_DIR%\test + copy libModSecurity.dll %BASE_DIR%\test + copy %BASE_DIR%\unicode.mapping %BASE_DIR%\test + md \tmp + md \bin + copy "C:\Program Files\Git\usr\bin\echo.exe" \bin + copy "C:\Program Files\Git\usr\bin\echo.exe" \bin\echo + - name: Disable tests that don't work on Windows + working-directory: test\test-cases\regression + shell: cmd + run: | + jq "map(if .title == \"Test match variable (1/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json + jq "map(if .title == \"Test match variable (2/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json + jq "map(if .title == \"Test match variable (3/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json + jq "map(if .title == \"Variable offset - FILES_NAMES\" then .enabled = 0 else . end)" offset-variable.json > tmp.json && move /Y tmp.json offset-variable.json + - name: Run tests + working-directory: build\win32\build + run: | + ctest -C ${{ matrix.configuration }} --output-on-failure + + cppcheck: + runs-on: [ubuntu-22.04] + steps: + - name: Setup Dependencies + run: | + sudo apt-get update -y -qq + sudo apt-get install -y cppcheck + - name: Checkout source + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + - name: Configure libModSecurity + run: | + ./build.sh + ./configure + - name: Run cppcheck on libModSecurity + run: make check-static diff --git a/src/deps/src/modsecurity/.gitignore b/src/deps/src/modsecurity/.gitignore index 390c0e6066..9515fb56ec 100644 --- a/src/deps/src/modsecurity/.gitignore +++ b/src/deps/src/modsecurity/.gitignore @@ -11,13 +11,18 @@ build/ltoptions.m4 build/ltsugar.m4 build/ltversion.m4 build/lt~obsolete.m4 +build/win32/build +build/win32/CMakeUserPresets.json compile config.guess config.log config.status config.sub +config.h.in~ configure +configure~ depcomp +modsecurity.pc .deps .libs .dirstamp @@ -45,6 +50,7 @@ ltmain.sh examples/simple_example_using_c/test /tools/rules-check/modsec-rules-check examples/multiprocess_c/multi +examples/multithread/multithread examples/reading_logs_via_rule_message/simple_request examples/reading_logs_with_offset/read examples/using_bodies_in_chunks/simple_request diff --git a/src/deps/src/modsecurity/.gitmodules b/src/deps/src/modsecurity/.gitmodules index e4cf1b8da8..05927d49d1 100644 --- a/src/deps/src/modsecurity/.gitmodules +++ b/src/deps/src/modsecurity/.gitmodules @@ -1,9 +1,12 @@ [submodule "test/test-cases/secrules-language-tests"] path = test/test-cases/secrules-language-tests - url = https://github.com/SpiderLabs/secrules-language-tests + url = https://github.com/owasp-modsecurity/secrules-language-tests [submodule "others/libinjection"] path = others/libinjection url = https://github.com/libinjection/libinjection.git [submodule "bindings/python"] path = bindings/python - url = https://github.com/SpiderLabs/ModSecurity-Python-bindings.git + url = https://github.com/owasp-modsecurity/ModSecurity-Python-bindings.git +[submodule "others/mbedtls"] + path = others/mbedtls + url = https://github.com/Mbed-TLS/mbedtls.git diff --git a/src/deps/src/modsecurity/CHANGES b/src/deps/src/modsecurity/CHANGES index 9c28712715..82c7e1b10a 100644 --- a/src/deps/src/modsecurity/CHANGES +++ b/src/deps/src/modsecurity/CHANGES @@ -1,3 +1,110 @@ +v3.0.13 - 2024-Sep-03 +--------------------- + + - Adjust reference to modsecurity::utils::string::VALID_HEX + [PR #3243 - @eduar-hte] + - Lua::run: Move logging of str parameter to higher log level. + [PR #3240 - @frozenice] + - Remove unnecessary heap allocated copies in Transformation actions + [PR #3231 - @eduar-hte] + - Removed multiple heap-allocated copies in Pm::init & parse_pm_content + [PR #3233 - @eduar-hte] + - Unit tests results should not be displayed in 'automake output' mode + [PR #3232 - @eduar-hte] + - Replace usage of std::ctime, which is not safe in + multithread contexts + [PR #3228 - @eduar-hte] + - Removed unnecessary lock to call acmp_process_quick in Pm::evaluate + [PR #3227 - @eduar-hte] + - feat: Check if the MP header contains invalid character + [PR #3225 - @airween] + - Prevent concurrent access to data in InMemoryPerProcess' + resolveXXX methods + [PR #3216 - @eduar-hte] + - Remove several string copies and unnecessary heap allocations + [PR #3222 - @eduar-hte] + - Creating a std::string with a null pointer + is undefined behaviour + [PR #3220 - @eduar-hte] + - Simplifiy configuration to build using std C++17 + [PR #3219 - @eduar-hte] + - Remove unnecessary dynamic casts + [PR #3218 - @eduar-hte] + - fix: Sonarcloud reported memleak fixes + [PR #3114 - @airween] + - V3/sonarcloud replace this declaration by a structured + binding declaration + [PR #3217 - @gberkes] + - Do not assume ModSecurityIntervention argument to + transaction::intervention has been initialized/cleaned + [PR #3212 - @eduar-hte] + - Refactor: used the init-statement to declare "pos" inside the + if statement + [PR #3214 - @gberkes] + - Refactor: moved 3 #include directives to the top of the file. + [PR #3213 - @gberkes] + - Fix SecRemoteRules regression test not to depend on a + specific error message + [PR #3211 - @eduar-hte] + - Fixed shared files deadlock in a multi-threaded Windows application + [PR #3210 - @eduar-hte] + - Add cleanup methods to complete C based ABI + [PR #3209 - @eduar-hte] + - Build on macOS with Apple silicon (arm64) + [PR #3208 - @eduar-hte] + - remove 'this throw' call in transaction + [PR #3207 - @gberkes] + - New API function: set hostname for log + [PR #3203 - @airween] + - Fixing typo in Dockerfile + [PR #3189 - @bitbehz] + - Simplify checkout of submodules in GitHub workflows (with support for git describe) + [PR #3185 - @eduar-hte] + - Update README.md: use submodule and use benchmark tool + [PR #3182 - @airween] + - Improve performance of VariableOrigin instances + [PR #3164 - @eduar-hte] + - Update libinjection & Mbed TLS + [PR #3161 - @eduar-hte] + - chore: add PR template (v3) + [PR #3160 - @fzipi] + - Update to seclang-scanner changes introduced by Windows support + [PR #3146 - @eduar-hte] + - GitHub build & quality assurance workflow updates + [PR #3144 - @eduar-hte] + - Add link to Rust bindings in README + [PR #3141 - @rkrishn7] + - Remove cppcheck suppressions with line numbers in test/cppcheck_suppressions.txt + [PR #3134 - @eduar-hte] + - Add support to build libModSecurity v3 on Windows + [PR #3132 - @eduar-hte] + - fix: update submodule url + [PR #3128 - @fzipi] + - fix(rbl): typo in rbl check selector + [PR #3127 - @fzipi] + - fix: Changed 'equal_range()' + loop by 'find()' in resolveFirst() methods + [PR #3117 - @airween] + - Deleted redundant code in 'ModSecurity::serverLog(...)'. + [PR #3116 - @gberkes] + - doc: Update CHANGES + [PR #3101 - @airween] + - Reduce the scope of variables in a for loop + [PR #3098 - @devzero2000] + - Clean up 'return' never will be executed. + [PR #3096 - @gberkes] + - fix: Replace obsolete macros + [PR #3095 - @airween] + - fix: Change 'SecEngineStatus' to Off by default + [PR #3092 - @airween] + - chore: update bug-report-for-version-3-x.md + [PR #3086 - @fzipi] + - test: Logical, syntax and cosmetic fixes on test cases + [PR #3080 - @MirkoDziadzka, @airween] + - Bump the C++ version from C++11 to C++17 + [PR #3079 - @MirkoDziadzka] + - fix: makes uri decode platform independent + [PR #3016 - @M4tteoP] + v3.0.12 - 2024-Jan-30 --------------------- diff --git a/src/deps/src/modsecurity/Makefile.am b/src/deps/src/modsecurity/Makefile.am index 3a6b23e553..ab22102dcd 100644 --- a/src/deps/src/modsecurity/Makefile.am +++ b/src/deps/src/modsecurity/Makefile.am @@ -59,10 +59,11 @@ cppcheck: @cppcheck -U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \ -D MS_CPPCHECK_DISABLED_FOR_PARSER -U YY_USER_INIT \ --suppressions-list=./test/cppcheck_suppressions.txt \ + --inline-suppr \ --enable=warning,style,performance,portability,unusedFunction,missingInclude \ --inconclusive \ --template="warning: {file},{line},{severity},{id},{message}" \ - -I headers -I . -I others -I src -I others/mbedtls -I src/parser \ + -I headers -I . -I others -I src -I others/mbedtls/include -I src/parser \ --error-exitcode=1 \ -i "src/parser/seclang-parser.cc" -i "src/parser/seclang-scanner.cc" \ --force --verbose . @@ -88,263 +89,8 @@ LOG_DRIVER = env $(SHELL) $(top_srcdir)/test/custom-test-driver AM_TESTS_ENVIRONMENT=AUTOMAKE_TESTS=true; export AUTOMAKE_TESTS; LOG_COMPILER=test/test-suite.sh -# for i in `find test/test-cases -iname *.json`; do echo TESTS+=$i; done TESTS= -TESTS+=test/test-cases/regression/action-allow.json -TESTS+=test/test-cases/regression/action-block.json -TESTS+=test/test-cases/regression/action-ctl_request_body_access.json -TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json -TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json -TESTS+=test/test-cases/regression/action-ctl_rule_engine.json -TESTS+=test/test-cases/regression/action-ctl_audit_engine.json -TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json -TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json -TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json -TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json -TESTS+=test/test-cases/regression/action-disruptive.json -TESTS+=test/test-cases/regression/action-exec.json -TESTS+=test/test-cases/regression/action-expirevar.json -TESTS+=test/test-cases/regression/action-id.json -TESTS+=test/test-cases/regression/action-initcol.json -TESTS+=test/test-cases/regression/action-msg.json -TESTS+=test/test-cases/regression/action-setenv.json -TESTS+=test/test-cases/regression/action-setrsc.json -TESTS+=test/test-cases/regression/action-setsid.json -TESTS+=test/test-cases/regression/action-setuid.json -TESTS+=test/test-cases/regression/actions.json -TESTS+=test/test-cases/regression/action-skip.json -TESTS+=test/test-cases/regression/action-tag.json -TESTS+=test/test-cases/regression/action-tnf-base64.json -TESTS+=test/test-cases/regression/action-xmlns.json -TESTS+=test/test-cases/regression/auditlog.json -TESTS+=test/test-cases/regression/collection-case-insensitive.json -TESTS+=test/test-cases/regression/collection-lua.json -TESTS+=test/test-cases/regression/collection-regular_expression_selection.json -TESTS+=test/test-cases/regression/collection-resource.json -TESTS+=test/test-cases/regression/collection-tx.json -TESTS+=test/test-cases/regression/collection-tx-with-macro.json -TESTS+=test/test-cases/regression/config-body_limits.json -TESTS+=test/test-cases/regression/config-calling_phases_by_name.json -TESTS+=test/test-cases/regression/config-include-bad.json -TESTS+=test/test-cases/regression/config-include.json -TESTS+=test/test-cases/regression/config-remove_by_id.json -TESTS+=test/test-cases/regression/config-remove_by_msg.json -TESTS+=test/test-cases/regression/config-remove_by_tag.json -TESTS+=test/test-cases/regression/config-response_type.json -TESTS+=test/test-cases/regression/config-secdefaultaction.json -TESTS+=test/test-cases/regression/config-secremoterules.json -TESTS+=test/test-cases/regression/config-update-action-by-id.json -TESTS+=test/test-cases/regression/config-update-target-by-id.json -TESTS+=test/test-cases/regression/config-update-target-by-msg.json -TESTS+=test/test-cases/regression/config-update-target-by-tag.json -TESTS+=test/test-cases/regression/config-xml_external_entity.json -TESTS+=test/test-cases/regression/debug_log.json -TESTS+=test/test-cases/regression/directive-sec_rule_script.json -TESTS+=test/test-cases/regression/issue-1152.json -TESTS+=test/test-cases/regression/issue-1528.json -TESTS+=test/test-cases/regression/issue-1565.json -TESTS+=test/test-cases/regression/issue-1576.json -TESTS+=test/test-cases/regression/issue-1591.json -TESTS+=test/test-cases/regression/issue-1725.json -TESTS+=test/test-cases/regression/issue-1743.json -TESTS+=test/test-cases/regression/issue-1785.json -TESTS+=test/test-cases/regression/issue-1812.json -TESTS+=test/test-cases/regression/issue-1831.json -TESTS+=test/test-cases/regression/issue-1844.json -TESTS+=test/test-cases/regression/issue-1850.json -TESTS+=test/test-cases/regression/issue-1941.json -TESTS+=test/test-cases/regression/issue-1943.json -TESTS+=test/test-cases/regression/issue-1956.json -TESTS+=test/test-cases/regression/issue-1960.json -TESTS+=test/test-cases/regression/issue-2099.json -TESTS+=test/test-cases/regression/issue-2000.json -TESTS+=test/test-cases/regression/issue-2111.json -TESTS+=test/test-cases/regression/issue-2196.json -TESTS+=test/test-cases/regression/issue-2423-msg-in-chain.json -TESTS+=test/test-cases/regression/issue-2427.json -TESTS+=test/test-cases/regression/issue-2296.json -TESTS+=test/test-cases/regression/issue-394.json -TESTS+=test/test-cases/regression/issue-849.json -TESTS+=test/test-cases/regression/issue-960.json -TESTS+=test/test-cases/regression/misc.json -TESTS+=test/test-cases/regression/misc-variable-under-quotes.json -TESTS+=test/test-cases/regression/offset-variable.json -TESTS+=test/test-cases/regression/operator-detectsqli.json -TESTS+=test/test-cases/regression/operator-detectxss.json -TESTS+=test/test-cases/regression/operator-fuzzyhash.json -TESTS+=test/test-cases/regression/operator-inpectFile.json -TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json -TESTS+=test/test-cases/regression/operator-pm.json -TESTS+=test/test-cases/regression/operator-rx.json -TESTS+=test/test-cases/regression/operator-rxGlobal.json -TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json -TESTS+=test/test-cases/regression/operator-validate-byte-range.json -TESTS+=test/test-cases/regression/operator-verifycc.json -TESTS+=test/test-cases/regression/operator-verifycpf.json -TESTS+=test/test-cases/regression/operator-verifyssn.json -TESTS+=test/test-cases/regression/operator-verifysvnr.json -TESTS+=test/test-cases/regression/request-body-parser-json.json -TESTS+=test/test-cases/regression/request-body-parser-multipart-crlf.json -TESTS+=test/test-cases/regression/request-body-parser-multipart.json -TESTS+=test/test-cases/regression/request-body-parser-xml.json -TESTS+=test/test-cases/regression/request-body-parser-xml-validade-dtd.json -TESTS+=test/test-cases/regression/rule-920120.json -TESTS+=test/test-cases/regression/rule-920200.json -TESTS+=test/test-cases/regression/rule-920274.json -TESTS+=test/test-cases/regression/secaction.json -TESTS+=test/test-cases/regression/secargumentslimit.json -TESTS+=test/test-cases/regression/sec_component_signature.json -TESTS+=test/test-cases/regression/secmarker.json -TESTS+=test/test-cases/regression/secruleengine.json -TESTS+=test/test-cases/regression/transformation-none.json -TESTS+=test/test-cases/regression/transformations.json -TESTS+=test/test-cases/regression/variable-ARGS_COMBINED_SIZE.json -TESTS+=test/test-cases/regression/variable-ARGS_GET.json -TESTS+=test/test-cases/regression/variable-ARGS_GET_NAMES.json -TESTS+=test/test-cases/regression/variable-ARGS.json -TESTS+=test/test-cases/regression/variable-ARGS_NAMES.json -TESTS+=test/test-cases/regression/variable-ARGS_POST.json -TESTS+=test/test-cases/regression/variable-ARGS_POST_NAMES.json -TESTS+=test/test-cases/regression/variable-AUTH_TYPE.json -TESTS+=test/test-cases/regression/variable-DURATION.json -TESTS+=test/test-cases/regression/variable-ENV.json -TESTS+=test/test-cases/regression/variable-FILES_COMBINED_SIZE.json -TESTS+=test/test-cases/regression/variable-FILES.json -TESTS+=test/test-cases/regression/variable-FILES_NAMES.json -TESTS+=test/test-cases/regression/variable-FILES_SIZES.json -TESTS+=test/test-cases/regression/variable-FULL_REQUEST.json -TESTS+=test/test-cases/regression/variable-FULL_REQUEST_LENGTH.json -TESTS+=test/test-cases/regression/variable-GEO.json -TESTS+=test/test-cases/regression/variable-HIGHEST_SEVERITY.json -TESTS+=test/test-cases/regression/variable-INBOUND_DATA_ERROR.json -TESTS+=test/test-cases/regression/variable-MATCHED_VAR.json -TESTS+=test/test-cases/regression/variable-MATCHED_VAR_NAME.json -TESTS+=test/test-cases/regression/variable-MATCHED_VARS.json -TESTS+=test/test-cases/regression/variable-MATCHED_VARS_NAMES.json -TESTS+=test/test-cases/regression/variable-MODSEC_BUILD.json -TESTS+=test/test-cases/regression/variable-MULTIPART_CRLF_LF_LINES.json -TESTS+=test/test-cases/regression/variable-MULTIPART_FILENAME.json -TESTS+=test/test-cases/regression/variable-MULTIPART_INVALID_HEADER_FOLDING.json -TESTS+=test/test-cases/regression/variable-MULTIPART_NAME.json -TESTS+=test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json -TESTS+=test/test-cases/regression/variable-MULTIPART_STRICT_ERROR.json -TESTS+=test/test-cases/regression/variable-MULTIPART_UNMATCHED_BOUNDARY.json -TESTS+=test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json -TESTS+=test/test-cases/regression/variable-PATH_INFO.json -TESTS+=test/test-cases/regression/variable-QUERY_STRING.json -TESTS+=test/test-cases/regression/variable-REMOTE_ADDR.json -TESTS+=test/test-cases/regression/variable-REMOTE_HOST.json -TESTS+=test/test-cases/regression/variable-REMOTE_PORT.json -TESTS+=test/test-cases/regression/variable-REMOTE_USER.json -TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json -TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR.json -TESTS+=test/test-cases/regression/variable-REQUEST_BASENAME.json -TESTS+=test/test-cases/regression/variable-REQUEST_BODY.json -TESTS+=test/test-cases/regression/variable-REQUEST_BODY_LENGTH.json -TESTS+=test/test-cases/regression/variable-REQUEST_COOKIES.json -TESTS+=test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json -TESTS+=test/test-cases/regression/variable-REQUEST_FILENAME.json -TESTS+=test/test-cases/regression/variable-REQUEST_HEADERS.json -TESTS+=test/test-cases/regression/variable-REQUEST_HEADERS_NAMES.json -TESTS+=test/test-cases/regression/variable-REQUEST_LINE.json -TESTS+=test/test-cases/regression/variable-REQUEST_METHOD.json -TESTS+=test/test-cases/regression/variable-REQUEST_PROTOCOL.json -TESTS+=test/test-cases/regression/variable-REQUEST_URI.json -TESTS+=test/test-cases/regression/variable-REQUEST_URI_RAW.json -TESTS+=test/test-cases/regression/variable-RESPONSE_BODY.json -TESTS+=test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json -TESTS+=test/test-cases/regression/variable-RESPONSE_CONTENT_TYPE.json -TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json -TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS_NAMES.json -TESTS+=test/test-cases/regression/variable-RESPONSE_PROTOCOL.json -TESTS+=test/test-cases/regression/variable-RULE.json -TESTS+=test/test-cases/regression/variable-SERVER_ADDR.json -TESTS+=test/test-cases/regression/variable-SERVER_NAME.json -TESTS+=test/test-cases/regression/variable-SERVER_PORT.json -TESTS+=test/test-cases/regression/variable-SESSIONID.json -TESTS+=test/test-cases/regression/variable-STATUS.json -TESTS+=test/test-cases/regression/variable-TIME_DAY.json -TESTS+=test/test-cases/regression/variable-TIME_EPOCH.json -TESTS+=test/test-cases/regression/variable-TIME_HOUR.json -TESTS+=test/test-cases/regression/variable-TIME.json -TESTS+=test/test-cases/regression/variable-TIME_MIN.json -TESTS+=test/test-cases/regression/variable-TIME_MON.json -TESTS+=test/test-cases/regression/variable-TIME_SEC.json -TESTS+=test/test-cases/regression/variable-TIME_WDAY.json -TESTS+=test/test-cases/regression/variable-TIME_YEAR.json -TESTS+=test/test-cases/regression/variable-TX.json -TESTS+=test/test-cases/regression/variable-UNIQUE_ID.json -TESTS+=test/test-cases/regression/variable-URLENCODED_ERROR.json -TESTS+=test/test-cases/regression/variable-USERID.json -TESTS+=test/test-cases/regression/variable-variation-count.json -TESTS+=test/test-cases/regression/variable-variation-exclusion.json -TESTS+=test/test-cases/regression/variable-WEBAPPID.json -TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json -TESTS+=test/test-cases/regression/variable-XML.json -TESTS+=test/test-cases/secrules-language-tests/operators/beginsWith.json -TESTS+=test/test-cases/secrules-language-tests/operators/contains.json -TESTS+=test/test-cases/secrules-language-tests/operators/containsWord.json -TESTS+=test/test-cases/secrules-language-tests/operators/detectSQLi.json -TESTS+=test/test-cases/secrules-language-tests/operators/detectXSS.json -TESTS+=test/test-cases/secrules-language-tests/operators/endsWith.json -TESTS+=test/test-cases/secrules-language-tests/operators/eq.json -TESTS+=test/test-cases/secrules-language-tests/operators/ge.json -TESTS+=test/test-cases/secrules-language-tests/operators/geoLookup.json -TESTS+=test/test-cases/secrules-language-tests/operators/gt.json -TESTS+=test/test-cases/secrules-language-tests/operators/ipMatch.json -TESTS+=test/test-cases/secrules-language-tests/operators/le.json -TESTS+=test/test-cases/secrules-language-tests/operators/lt.json -TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json -TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json -TESTS+=test/test-cases/secrules-language-tests/operators/pm.json -TESTS+=test/test-cases/secrules-language-tests/operators/rx.json -TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json -TESTS+=test/test-cases/secrules-language-tests/operators/streq.json -TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json -TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json -TESTS+=test/test-cases/secrules-language-tests/operators/validateByteRange.json -TESTS+=test/test-cases/secrules-language-tests/operators/validateUrlEncoding.json -TESTS+=test/test-cases/secrules-language-tests/operators/validateUtf8Encoding.json -TESTS+=test/test-cases/secrules-language-tests/operators/verifyCC.json -TESTS+=test/test-cases/secrules-language-tests/operators/verifycpf.json -TESTS+=test/test-cases/secrules-language-tests/operators/verifyssn.json -TESTS+=test/test-cases/secrules-language-tests/operators/verifysvnr.json -TESTS+=test/test-cases/secrules-language-tests/operators/within.json -TESTS+=test/test-cases/secrules-language-tests/transformations/base64DecodeExt.json -TESTS+=test/test-cases/secrules-language-tests/transformations/base64Decode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/base64Encode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/cmdLine.json -TESTS+=test/test-cases/secrules-language-tests/transformations/compressWhitespace.json -TESTS+=test/test-cases/secrules-language-tests/transformations/cssDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/escapeSeqDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/hexDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/hexEncode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/htmlEntityDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/jsDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/length.json -TESTS+=test/test-cases/secrules-language-tests/transformations/lowercase.json -TESTS+=test/test-cases/secrules-language-tests/transformations/md5.json -TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePath.json -TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePathWin.json -TESTS+=test/test-cases/secrules-language-tests/transformations/parityEven7bit.json -TESTS+=test/test-cases/secrules-language-tests/transformations/parityOdd7bit.json -TESTS+=test/test-cases/secrules-language-tests/transformations/parityZero7bit.json -TESTS+=test/test-cases/secrules-language-tests/transformations/removeCommentsChar.json -TESTS+=test/test-cases/secrules-language-tests/transformations/removeComments.json -TESTS+=test/test-cases/secrules-language-tests/transformations/removeNulls.json -TESTS+=test/test-cases/secrules-language-tests/transformations/removeWhitespace.json -TESTS+=test/test-cases/secrules-language-tests/transformations/replaceComments.json -TESTS+=test/test-cases/secrules-language-tests/transformations/replaceNulls.json -TESTS+=test/test-cases/secrules-language-tests/transformations/sha1.json -TESTS+=test/test-cases/secrules-language-tests/transformations/sqlHexDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/trim.json -TESTS+=test/test-cases/secrules-language-tests/transformations/trimLeft.json -TESTS+=test/test-cases/secrules-language-tests/transformations/trimRight.json -TESTS+=test/test-cases/secrules-language-tests/transformations/urlDecode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/urlDecodeUni.json -TESTS+=test/test-cases/secrules-language-tests/transformations/urlEncode.json -TESTS+=test/test-cases/secrules-language-tests/transformations/utf8toUnicode.json - +include test/test-suite.in pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = modsecurity.pc diff --git a/src/deps/src/modsecurity/README.md b/src/deps/src/modsecurity/README.md index 615cbf11c3..704967d6ed 100644 --- a/src/deps/src/modsecurity/README.md +++ b/src/deps/src/modsecurity/README.md @@ -57,7 +57,13 @@ As a dynamic library, don’t forget that libmodsecurity must be installed to a ### Unix (Linux, MacOS, FreeBSD, …) -On unix the project uses autotools to help the compilation process. +On unix the project uses autotools to help the compilation process. Please note that if you are working with `git`, don't forget to initialize and update the submodules. Here's a quick how-to: +```shell +$ git clone --recursive https://github.com/owasp-modsecurity/ModSecurity ModSecurity +$ cd ModSecurity +``` + +You can then start the build process: ```shell $ ./build.sh @@ -71,12 +77,11 @@ Details on distribution specific builds can be found in our Wiki: ### Windows -Windows build is not ready yet. - +Windows build information can be found [here](build/win32/README.md). ## Dependencies -This library is written in C++ using the C++11 standards. It also uses Flex +This library is written in C++ using the C++17 standards. It also uses Flex and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests. All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows: @@ -231,11 +236,90 @@ CFLAGS to disable the compilation optimization parameters: ```shell $ export CFLAGS="-g -O0" $ ./build.sh -$ ./configure +$ ./configure --enable-assertions=yes $ make $ sudo make install ``` +"Assertions allow us to document assumptions and to spot violations early in the +development process. What is more, assertions allow us to spot violations with a +minimum of effort." https://dl.acm.org/doi/pdf/10.1145/240964.240969 + +It is recommended to use assertions where applicable, and to enable them with +'--enable-assertions=yes' during the testing and debugging workflow. + +### Benchmarking + +The source tree includes a Benchmark tool that can help measure library performance. The tool is located in the `test/benchmark/` directory. The build process also creates the binary here, so you will have the tool after the compilation is finished. + +To run, just type: + +```shell +cd test/benchmark +$ ./benchmark +Doing 1000000 transactions... + +``` + +You can also pass a lower value: + +```shell +$ ./benchmark 1000 +Doing 1000 transactions... +``` + +To measure the time: +```shell +$ time ./benchmark 1000 +Doing 1000 transactions... + +real 0m0.351s +user 0m0.337s +sys 0m0.022s +``` + +This is very fast because the benchmark uses the minimal `modsecurity.conf.default` configuration, which doesn't include too many rules: + +```shell +$ cat basic_rules.conf + +Include "../../modsecurity.conf-recommended" + +``` + +To measure with real rules, run one of the download scripts in the same directory: + +```shell +$ ./download-owasp-v3-rules.sh +Cloning into 'owasp-v3'... +remote: Enumerating objects: 33007, done. +remote: Counting objects: 100% (2581/2581), done. +remote: Compressing objects: 100% (907/907), done. +remote: Total 33007 (delta 2151), reused 2004 (delta 1638), pack-reused 30426 +Receiving objects: 100% (33007/33007), 9.02 MiB | 16.21 MiB/s, done. +Resolving deltas: 100% (25927/25927), done. +Switched to a new branch 'tag3.0.2' +/path/to/ModSecurity/test/benchmark +Done. + +$ cat basic_rules.conf + +Include "../../modsecurity.conf-recommended" + +Include "owasp-v3/crs-setup.conf.example" +Include "owasp-v3/rules/*.conf" +``` + +Now the command will give much higher value. + +#### How the benchmark works + +The tool is a straightforward wrapper application that utilizes the library. It creates a ModSecurity instance and a RuleSet instance, then runs a loop based on the specified number. Within this loop, it creates a Transaction object to emulate real HTTP transactions. + +Each transaction is an HTTP/1.1 GET request with some GET parameters. Common headers are added, followed by the response headers and an XML body. Between phases, the tool checks whether an intervention has occurred. All transactions are created with the same data. + +Note that the tool does not call the last phase (logging). +Please remember to reset `basic_rules.conf` if you want to try with a different ruleset. ## Reporting Issues @@ -262,8 +346,9 @@ new issue, please check if there is one already opened on the same topic. ## Bindings -The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community: +The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are a few notable projects maintained by the community: * Python - https://github.com/actions-security/pymodsecurity + * Rust - https://github.com/rkrishn7/rust-modsecurity * Varnish - https://github.com/xdecock/vmod-modsecurity ## Packaging diff --git a/src/deps/src/modsecurity/build/ax_cxx_compile_stdcxx.m4 b/src/deps/src/modsecurity/build/ax_cxx_compile_stdcxx.m4 new file mode 100644 index 0000000000..8edf5152ec --- /dev/null +++ b/src/deps/src/modsecurity/build/ax_cxx_compile_stdcxx.m4 @@ -0,0 +1,1018 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CXX_COMPILE_STDCXX(VERSION, [ext|noext], [mandatory|optional]) +# +# DESCRIPTION +# +# Check for baseline language coverage in the compiler for the specified +# version of the C++ standard. If necessary, add switches to CXX and +# CXXCPP to enable support. VERSION may be '11', '14', '17', or '20' for +# the respective C++ standard version. +# +# The second argument, if specified, indicates whether you insist on an +# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g. +# -std=c++11). If neither is specified, you get whatever works, with +# preference for no added switch, and then for an extended mode. +# +# The third argument, if specified 'mandatory' or if left unspecified, +# indicates that baseline support for the specified C++ standard is +# required and that the macro should error out if no mode with that +# support is found. If specified 'optional', then configuration proceeds +# regardless, after defining HAVE_CXX${VERSION} if and only if a +# supporting mode is found. +# +# LICENSE +# +# Copyright (c) 2008 Benjamin Kosnik +# Copyright (c) 2012 Zack Weinberg +# Copyright (c) 2013 Roy Stogner +# Copyright (c) 2014, 2015 Google Inc.; contributed by Alexey Sokolov +# Copyright (c) 2015 Paul Norman +# Copyright (c) 2015 Moritz Klammler +# Copyright (c) 2016, 2018 Krzesimir Nowak +# Copyright (c) 2019 Enji Cooper +# Copyright (c) 2020 Jason Merrill +# Copyright (c) 2021 Jörn Heusipp +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 18 + +dnl This macro is based on the code from the AX_CXX_COMPILE_STDCXX_11 macro +dnl (serial version number 13). + +AC_DEFUN([AX_CXX_COMPILE_STDCXX], [dnl + m4_if([$1], [11], [ax_cxx_compile_alternatives="11 0x"], + [$1], [14], [ax_cxx_compile_alternatives="14 1y"], + [$1], [17], [ax_cxx_compile_alternatives="17 1z"], + [$1], [20], [ax_cxx_compile_alternatives="20"], + [m4_fatal([invalid first argument `$1' to AX_CXX_COMPILE_STDCXX])])dnl + m4_if([$2], [], [], + [$2], [ext], [], + [$2], [noext], [], + [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX])])dnl + m4_if([$3], [], [ax_cxx_compile_cxx$1_required=true], + [$3], [mandatory], [ax_cxx_compile_cxx$1_required=true], + [$3], [optional], [ax_cxx_compile_cxx$1_required=false], + [m4_fatal([invalid third argument `$3' to AX_CXX_COMPILE_STDCXX])]) + AC_LANG_PUSH([C++])dnl + ac_success=no + + m4_if([$2], [], [dnl + AC_CACHE_CHECK(whether $CXX supports C++$1 features by default, + ax_cv_cxx_compile_cxx$1, + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])], + [ax_cv_cxx_compile_cxx$1=yes], + [ax_cv_cxx_compile_cxx$1=no])]) + if test x$ax_cv_cxx_compile_cxx$1 = xyes; then + ac_success=yes + fi]) + + m4_if([$2], [noext], [], [dnl + if test x$ac_success = xno; then + for alternative in ${ax_cxx_compile_alternatives}; do + switch="-std=gnu++${alternative}" + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch]) + AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch, + $cachevar, + [ac_save_CXX="$CXX" + CXX="$CXX $switch" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])], + [eval $cachevar=yes], + [eval $cachevar=no]) + CXX="$ac_save_CXX"]) + if eval test x\$$cachevar = xyes; then + CXX="$CXX $switch" + if test -n "$CXXCPP" ; then + CXXCPP="$CXXCPP $switch" + fi + ac_success=yes + break + fi + done + fi]) + + m4_if([$2], [ext], [], [dnl + if test x$ac_success = xno; then + dnl HP's aCC needs +std=c++11 according to: + dnl http://h21007.www2.hp.com/portal/download/files/unprot/aCxx/PDF_Release_Notes/769149-001.pdf + dnl Cray's crayCC needs "-h std=c++11" + dnl MSVC needs -std:c++NN for C++17 and later (default is C++14) + for alternative in ${ax_cxx_compile_alternatives}; do + for switch in -std=c++${alternative} +std=c++${alternative} "-h std=c++${alternative}" MSVC; do + if test x"$switch" = xMSVC; then + dnl AS_TR_SH maps both `:` and `=` to `_` so -std:c++17 would collide + dnl with -std=c++17. We suffix the cache variable name with _MSVC to + dnl avoid this. + switch=-std:c++${alternative} + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_${switch}_MSVC]) + else + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch]) + fi + AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch, + $cachevar, + [ac_save_CXX="$CXX" + CXX="$CXX $switch" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])], + [eval $cachevar=yes], + [eval $cachevar=no]) + CXX="$ac_save_CXX"]) + if eval test x\$$cachevar = xyes; then + CXX="$CXX $switch" + if test -n "$CXXCPP" ; then + CXXCPP="$CXXCPP $switch" + fi + ac_success=yes + break + fi + done + if test x$ac_success = xyes; then + break + fi + done + fi]) + AC_LANG_POP([C++]) + if test x$ax_cxx_compile_cxx$1_required = xtrue; then + if test x$ac_success = xno; then + AC_MSG_ERROR([*** A compiler with support for C++$1 language features is required.]) + fi + fi + if test x$ac_success = xno; then + HAVE_CXX$1=0 + AC_MSG_NOTICE([No compiler with C++$1 support was found]) + else + HAVE_CXX$1=1 + AC_DEFINE(HAVE_CXX$1,1, + [define if the compiler supports basic C++$1 syntax]) + fi + AC_SUBST(HAVE_CXX$1) +]) + + +dnl Test body for checking C++11 support + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_11], + _AX_CXX_COMPILE_STDCXX_testbody_new_in_11 +) + +dnl Test body for checking C++14 support + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_14], + _AX_CXX_COMPILE_STDCXX_testbody_new_in_11 + _AX_CXX_COMPILE_STDCXX_testbody_new_in_14 +) + +dnl Test body for checking C++17 support + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_17], + _AX_CXX_COMPILE_STDCXX_testbody_new_in_11 + _AX_CXX_COMPILE_STDCXX_testbody_new_in_14 + _AX_CXX_COMPILE_STDCXX_testbody_new_in_17 +) + +dnl Test body for checking C++20 support + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_20], + _AX_CXX_COMPILE_STDCXX_testbody_new_in_11 + _AX_CXX_COMPILE_STDCXX_testbody_new_in_14 + _AX_CXX_COMPILE_STDCXX_testbody_new_in_17 + _AX_CXX_COMPILE_STDCXX_testbody_new_in_20 +) + + +dnl Tests for new features in C++11 + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_11], [[ + +// If the compiler admits that it is not ready for C++11, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +// MSVC always sets __cplusplus to 199711L in older versions; newer versions +// only set it correctly if /Zc:__cplusplus is specified as well as a +// /std:c++NN switch: +// https://devblogs.microsoft.com/cppblog/msvc-now-correctly-reports-__cplusplus/ +#elif __cplusplus < 201103L && !defined _MSC_VER + +#error "This is not a C++11 compiler" + +#else + +namespace cxx11 +{ + + namespace test_static_assert + { + + template + struct check + { + static_assert(sizeof(int) <= sizeof(T), "not big enough"); + }; + + } + + namespace test_final_override + { + + struct Base + { + virtual ~Base() {} + virtual void f() {} + }; + + struct Derived : public Base + { + virtual ~Derived() override {} + virtual void f() override {} + }; + + } + + namespace test_double_right_angle_brackets + { + + template < typename T > + struct check {}; + + typedef check single_type; + typedef check> double_type; + typedef check>> triple_type; + typedef check>>> quadruple_type; + + } + + namespace test_decltype + { + + int + f() + { + int a = 1; + decltype(a) b = 2; + return a + b; + } + + } + + namespace test_type_deduction + { + + template < typename T1, typename T2 > + struct is_same + { + static const bool value = false; + }; + + template < typename T > + struct is_same + { + static const bool value = true; + }; + + template < typename T1, typename T2 > + auto + add(T1 a1, T2 a2) -> decltype(a1 + a2) + { + return a1 + a2; + } + + int + test(const int c, volatile int v) + { + static_assert(is_same::value == true, ""); + static_assert(is_same::value == false, ""); + static_assert(is_same::value == false, ""); + auto ac = c; + auto av = v; + auto sumi = ac + av + 'x'; + auto sumf = ac + av + 1.0; + static_assert(is_same::value == true, ""); + static_assert(is_same::value == true, ""); + static_assert(is_same::value == true, ""); + static_assert(is_same::value == false, ""); + static_assert(is_same::value == true, ""); + return (sumf > 0.0) ? sumi : add(c, v); + } + + } + + namespace test_noexcept + { + + int f() { return 0; } + int g() noexcept { return 0; } + + static_assert(noexcept(f()) == false, ""); + static_assert(noexcept(g()) == true, ""); + + } + + namespace test_constexpr + { + + template < typename CharT > + unsigned long constexpr + strlen_c_r(const CharT *const s, const unsigned long acc) noexcept + { + return *s ? strlen_c_r(s + 1, acc + 1) : acc; + } + + template < typename CharT > + unsigned long constexpr + strlen_c(const CharT *const s) noexcept + { + return strlen_c_r(s, 0UL); + } + + static_assert(strlen_c("") == 0UL, ""); + static_assert(strlen_c("1") == 1UL, ""); + static_assert(strlen_c("example") == 7UL, ""); + static_assert(strlen_c("another\0example") == 7UL, ""); + + } + + namespace test_rvalue_references + { + + template < int N > + struct answer + { + static constexpr int value = N; + }; + + answer<1> f(int&) { return answer<1>(); } + answer<2> f(const int&) { return answer<2>(); } + answer<3> f(int&&) { return answer<3>(); } + + void + test() + { + int i = 0; + const int c = 0; + static_assert(decltype(f(i))::value == 1, ""); + static_assert(decltype(f(c))::value == 2, ""); + static_assert(decltype(f(0))::value == 3, ""); + } + + } + + namespace test_uniform_initialization + { + + struct test + { + static const int zero {}; + static const int one {1}; + }; + + static_assert(test::zero == 0, ""); + static_assert(test::one == 1, ""); + + } + + namespace test_lambdas + { + + void + test1() + { + auto lambda1 = [](){}; + auto lambda2 = lambda1; + lambda1(); + lambda2(); + } + + int + test2() + { + auto a = [](int i, int j){ return i + j; }(1, 2); + auto b = []() -> int { return '0'; }(); + auto c = [=](){ return a + b; }(); + auto d = [&](){ return c; }(); + auto e = [a, &b](int x) mutable { + const auto identity = [](int y){ return y; }; + for (auto i = 0; i < a; ++i) + a += b--; + return x + identity(a + b); + }(0); + return a + b + c + d + e; + } + + int + test3() + { + const auto nullary = [](){ return 0; }; + const auto unary = [](int x){ return x; }; + using nullary_t = decltype(nullary); + using unary_t = decltype(unary); + const auto higher1st = [](nullary_t f){ return f(); }; + const auto higher2nd = [unary](nullary_t f1){ + return [unary, f1](unary_t f2){ return f2(unary(f1())); }; + }; + return higher1st(nullary) + higher2nd(nullary)(unary); + } + + } + + namespace test_variadic_templates + { + + template + struct sum; + + template + struct sum + { + static constexpr auto value = N0 + sum::value; + }; + + template <> + struct sum<> + { + static constexpr auto value = 0; + }; + + static_assert(sum<>::value == 0, ""); + static_assert(sum<1>::value == 1, ""); + static_assert(sum<23>::value == 23, ""); + static_assert(sum<1, 2>::value == 3, ""); + static_assert(sum<5, 5, 11>::value == 21, ""); + static_assert(sum<2, 3, 5, 7, 11, 13>::value == 41, ""); + + } + + // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae + // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function + // because of this. + namespace test_template_alias_sfinae + { + + struct foo {}; + + template + using member = typename T::member_type; + + template + void func(...) {} + + template + void func(member*) {} + + void test(); + + void test() { func(0); } + + } + +} // namespace cxx11 + +#endif // __cplusplus >= 201103L + +]]) + + +dnl Tests for new features in C++14 + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_14], [[ + +// If the compiler admits that it is not ready for C++14, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 201402L && !defined _MSC_VER + +#error "This is not a C++14 compiler" + +#else + +namespace cxx14 +{ + + namespace test_polymorphic_lambdas + { + + int + test() + { + const auto lambda = [](auto&&... args){ + const auto istiny = [](auto x){ + return (sizeof(x) == 1UL) ? 1 : 0; + }; + const int aretiny[] = { istiny(args)... }; + return aretiny[0]; + }; + return lambda(1, 1L, 1.0f, '1'); + } + + } + + namespace test_binary_literals + { + + constexpr auto ivii = 0b0000000000101010; + static_assert(ivii == 42, "wrong value"); + + } + + namespace test_generalized_constexpr + { + + template < typename CharT > + constexpr unsigned long + strlen_c(const CharT *const s) noexcept + { + auto length = 0UL; + for (auto p = s; *p; ++p) + ++length; + return length; + } + + static_assert(strlen_c("") == 0UL, ""); + static_assert(strlen_c("x") == 1UL, ""); + static_assert(strlen_c("test") == 4UL, ""); + static_assert(strlen_c("another\0test") == 7UL, ""); + + } + + namespace test_lambda_init_capture + { + + int + test() + { + auto x = 0; + const auto lambda1 = [a = x](int b){ return a + b; }; + const auto lambda2 = [a = lambda1(x)](){ return a; }; + return lambda2(); + } + + } + + namespace test_digit_separators + { + + constexpr auto ten_million = 100'000'000; + static_assert(ten_million == 100000000, ""); + + } + + namespace test_return_type_deduction + { + + auto f(int& x) { return x; } + decltype(auto) g(int& x) { return x; } + + template < typename T1, typename T2 > + struct is_same + { + static constexpr auto value = false; + }; + + template < typename T > + struct is_same + { + static constexpr auto value = true; + }; + + int + test() + { + auto x = 0; + static_assert(is_same::value, ""); + static_assert(is_same::value, ""); + return x; + } + + } + +} // namespace cxx14 + +#endif // __cplusplus >= 201402L + +]]) + + +dnl Tests for new features in C++17 + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_17], [[ + +// If the compiler admits that it is not ready for C++17, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 201703L && !defined _MSC_VER + +#error "This is not a C++17 compiler" + +#else + +#include +#include +#include + +namespace cxx17 +{ + + namespace test_constexpr_lambdas + { + + constexpr int foo = [](){return 42;}(); + + } + + namespace test::nested_namespace::definitions + { + + } + + namespace test_fold_expression + { + + template + int multiply(Args... args) + { + return (args * ... * 1); + } + + template + bool all(Args... args) + { + return (args && ...); + } + + } + + namespace test_extended_static_assert + { + + static_assert (true); + + } + + namespace test_auto_brace_init_list + { + + auto foo = {5}; + auto bar {5}; + + static_assert(std::is_same, decltype(foo)>::value); + static_assert(std::is_same::value); + } + + namespace test_typename_in_template_template_parameter + { + + template typename X> struct D; + + } + + namespace test_fallthrough_nodiscard_maybe_unused_attributes + { + + int f1() + { + return 42; + } + + [[nodiscard]] int f2() + { + [[maybe_unused]] auto unused = f1(); + + switch (f1()) + { + case 17: + f1(); + [[fallthrough]]; + case 42: + f1(); + } + return f1(); + } + + } + + namespace test_extended_aggregate_initialization + { + + struct base1 + { + int b1, b2 = 42; + }; + + struct base2 + { + base2() { + b3 = 42; + } + int b3; + }; + + struct derived : base1, base2 + { + int d; + }; + + derived d1 {{1, 2}, {}, 4}; // full initialization + derived d2 {{}, {}, 4}; // value-initialized bases + + } + + namespace test_general_range_based_for_loop + { + + struct iter + { + int i; + + int& operator* () + { + return i; + } + + const int& operator* () const + { + return i; + } + + iter& operator++() + { + ++i; + return *this; + } + }; + + struct sentinel + { + int i; + }; + + bool operator== (const iter& i, const sentinel& s) + { + return i.i == s.i; + } + + bool operator!= (const iter& i, const sentinel& s) + { + return !(i == s); + } + + struct range + { + iter begin() const + { + return {0}; + } + + sentinel end() const + { + return {5}; + } + }; + + void f() + { + range r {}; + + for (auto i : r) + { + [[maybe_unused]] auto v = i; + } + } + + } + + namespace test_lambda_capture_asterisk_this_by_value + { + + struct t + { + int i; + int foo() + { + return [*this]() + { + return i; + }(); + } + }; + + } + + namespace test_enum_class_construction + { + + enum class byte : unsigned char + {}; + + byte foo {42}; + + } + + namespace test_constexpr_if + { + + template + int f () + { + if constexpr(cond) + { + return 13; + } + else + { + return 42; + } + } + + } + + namespace test_selection_statement_with_initializer + { + + int f() + { + return 13; + } + + int f2() + { + if (auto i = f(); i > 0) + { + return 3; + } + + switch (auto i = f(); i + 4) + { + case 17: + return 2; + + default: + return 1; + } + } + + } + + namespace test_template_argument_deduction_for_class_templates + { + + template + struct pair + { + pair (T1 p1, T2 p2) + : m1 {p1}, + m2 {p2} + {} + + T1 m1; + T2 m2; + }; + + void f() + { + [[maybe_unused]] auto p = pair{13, 42u}; + } + + } + + namespace test_non_type_auto_template_parameters + { + + template + struct B + {}; + + B<5> b1; + B<'a'> b2; + + } + + namespace test_structured_bindings + { + + int arr[2] = { 1, 2 }; + std::pair pr = { 1, 2 }; + + auto f1() -> int(&)[2] + { + return arr; + } + + auto f2() -> std::pair& + { + return pr; + } + + struct S + { + int x1 : 2; + volatile double y1; + }; + + S f3() + { + return {}; + } + + auto [ x1, y1 ] = f1(); + auto& [ xr1, yr1 ] = f1(); + auto [ x2, y2 ] = f2(); + auto& [ xr2, yr2 ] = f2(); + const auto [ x3, y3 ] = f3(); + + } + + namespace test_exception_spec_type_system + { + + struct Good {}; + struct Bad {}; + + void g1() noexcept; + void g2(); + + template + Bad + f(T*, T*); + + template + Good + f(T1*, T2*); + + static_assert (std::is_same_v); + + } + + namespace test_inline_variables + { + + template void f(T) + {} + + template inline T g(T) + { + return T{}; + } + + template<> inline void f<>(int) + {} + + template<> int g<>(int) + { + return 5; + } + + } + +} // namespace cxx17 + +#endif // __cplusplus < 201703L && !defined _MSC_VER + +]]) + + +dnl Tests for new features in C++20 + +m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_20], [[ + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 202002L && !defined _MSC_VER + +#error "This is not a C++20 compiler" + +#else + +#include + +namespace cxx20 +{ + +// As C++20 supports feature test macros in the standard, there is no +// immediate need to actually test for feature availability on the +// Autoconf side. + +} // namespace cxx20 + +#endif // __cplusplus < 202002L && !defined _MSC_VER + +]]) diff --git a/src/deps/src/modsecurity/build/ax_cxx_compile_stdcxx_11.m4 b/src/deps/src/modsecurity/build/ax_cxx_compile_stdcxx_11.m4 deleted file mode 100644 index e76fd6053d..0000000000 --- a/src/deps/src/modsecurity/build/ax_cxx_compile_stdcxx_11.m4 +++ /dev/null @@ -1,171 +0,0 @@ -# ============================================================================ -# http://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx_11.html -# ============================================================================ -# -# SYNOPSIS -# -# AX_CXX_COMPILE_STDCXX_11([ext|noext],[mandatory|optional]) -# -# DESCRIPTION -# -# Check for baseline language coverage in the compiler for the C++11 -# standard; if necessary, add switches to CXXFLAGS to enable support. -# -# The first argument, if specified, indicates whether you insist on an -# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g. -# -std=c++11). If neither is specified, you get whatever works, with -# preference for an extended mode. -# -# The second argument, if specified 'mandatory' or if left unspecified, -# indicates that baseline C++11 support is required and that the macro -# should error out if no mode with that support is found. If specified -# 'optional', then configuration proceeds regardless, after defining -# HAVE_CXX11 if and only if a supporting mode is found. -# -# LICENSE -# -# Copyright (c) 2008 Benjamin Kosnik -# Copyright (c) 2012 Zack Weinberg -# Copyright (c) 2013 Roy Stogner -# Copyright (c) 2014, 2015 Google Inc.; contributed by Alexey Sokolov -# Copyright (c) 2015 Paul Norman -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 12 - -m4_define([_AX_CXX_COMPILE_STDCXX_11_testbody], [[ - template - struct check - { - static_assert(sizeof(int) <= sizeof(T), "not big enough"); - }; - - struct Base { - virtual void f() {} - }; - struct Child : public Base { - virtual void f() override {} - }; - - typedef check> right_angle_brackets; - - int a; - decltype(a) b; - - typedef check check_type; - check_type c; - check_type&& cr = static_cast(c); - - auto d = a; - auto l = [](){}; - // Prevent Clang error: unused variable 'l' [-Werror,-Wunused-variable] - struct use_l { use_l() { l(); } }; - - // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae - // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function because of this - namespace test_template_alias_sfinae { - struct foo {}; - - template - using member = typename T::member_type; - - template - void func(...) {} - - template - void func(member*) {} - - void test(); - - void test() { - func(0); - } - } - - // Check for C++11 attribute support - void noret [[noreturn]] () { throw 0; } -]]) - -AC_DEFUN([AX_CXX_COMPILE_STDCXX_11], [dnl - m4_if([$1], [], [], - [$1], [ext], [], - [$1], [noext], [], - [m4_fatal([invalid argument `$1' to AX_CXX_COMPILE_STDCXX_11])])dnl - m4_if([$2], [], [ax_cxx_compile_cxx11_required=true], - [$2], [mandatory], [ax_cxx_compile_cxx11_required=true], - [$2], [optional], [ax_cxx_compile_cxx11_required=false], - [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX_11])]) - AC_LANG_PUSH([C++])dnl - ac_success=no - AC_CACHE_CHECK(whether $CXX supports C++11 features by default, - ax_cv_cxx_compile_cxx11, - [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], - [ax_cv_cxx_compile_cxx11=yes], - [ax_cv_cxx_compile_cxx11=no])]) - if test x$ax_cv_cxx_compile_cxx11 = xyes; then - ac_success=yes - fi - - m4_if([$1], [noext], [], [dnl - if test x$ac_success = xno; then - for switch in -std=gnu++11 -std=gnu++0x; do - cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch]) - AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch, - $cachevar, - [ac_save_CXXFLAGS="$CXXFLAGS" - CXXFLAGS="$CXXFLAGS $switch" - AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], - [eval $cachevar=yes], - [eval $cachevar=no]) - CXXFLAGS="$ac_save_CXXFLAGS"]) - if eval test x\$$cachevar = xyes; then - CXXFLAGS="$CXXFLAGS $switch" - ac_success=yes - break - fi - done - fi]) - - m4_if([$1], [ext], [], [dnl - if test x$ac_success = xno; then - dnl HP's aCC needs +std=c++11 according to: - dnl http://h21007.www2.hp.com/portal/download/files/unprot/aCxx/PDF_Release_Notes/769149-001.pdf - for switch in -std=c++11 -std=c++0x +std=c++11; do - cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch]) - AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch, - $cachevar, - [ac_save_CXXFLAGS="$CXXFLAGS" - CXXFLAGS="$CXXFLAGS $switch" - AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], - [eval $cachevar=yes], - [eval $cachevar=no]) - CXXFLAGS="$ac_save_CXXFLAGS"]) - if eval test x\$$cachevar = xyes; then - CXXFLAGS="$CXXFLAGS $switch" - ac_success=yes - break - fi - done - fi]) - AC_LANG_POP([C++]) - if test x$ax_cxx_compile_cxx11_required = xtrue; then - if test x$ac_success = xno; then - AC_MSG_ERROR([*** A compiler with support for C++11 language features is required.]) - fi - else - if test x$ac_success = xno; then - HAVE_CXX11=0 - AC_MSG_NOTICE([No compiler with C++11 support was found]) - else - HAVE_CXX11=1 - AC_DEFINE(HAVE_CXX11,1, - [define if the compiler supports basic C++11 syntax]) - fi - - AC_SUBST(HAVE_CXX11) - fi -]) diff --git a/src/deps/src/modsecurity/build/lua.m4 b/src/deps/src/modsecurity/build/lua.m4 index 4780d32fc9..c644ff8af3 100644 --- a/src/deps/src/modsecurity/build/lua.m4 +++ b/src/deps/src/modsecurity/build/lua.m4 @@ -192,29 +192,30 @@ AC_DEFUN([CHECK_FOR_LUA_AT], [ LUA_DISPLAY="${lua_lib_file}, ${lua_inc_path}" # Double checking version from lua.h... - AC_TRY_COMPILE([ #include > ], - [ #if (LUA_VERSION_NUM < 502) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ], + [ #if (LUA_VERSION_NUM == 502) return 0; #else - #error Lua 5.1 not detected - #endif ], - [ LUA_VERSION=501 ], [ lua_5_1=0 ] + #error Lua 5.2 not detected + #endif ]])], + [ LUA_VERSION=502 ], [ lua_5_2=0 ] ) - AC_TRY_COMPILE([ #include ], - [ #if (LUA_VERSION_NUM == 502) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ], + [ #if (LUA_VERSION_NUM == 502) return 0; #else #error Lua 5.2 not detected - #endif ], + #endif ]])], [ LUA_VERSION=502 ], [ lua_5_2=0 ] ) - AC_TRY_COMPILE([ #include ], + + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ], [ #if (LUA_VERSION_NUM == 504) return 0; #else #error Lua 5.4 not detected - #endif ], + #endif ]])], [ LUA_VERSION=504 ], [ lua_5_4=0 ] ) diff --git a/src/deps/src/modsecurity/build/pcre.m4 b/src/deps/src/modsecurity/build/pcre.m4 index f338aa5022..4d9912327b 100644 --- a/src/deps/src/modsecurity/build/pcre.m4 +++ b/src/deps/src/modsecurity/build/pcre.m4 @@ -27,30 +27,41 @@ else AC_MSG_CHECKING([for libpcre config script]) - for x in ${test_paths}; do - dnl # Determine if the script was specified and use it directly - if test ! -d "$x" -a -e "$x"; then - PCRE_CONFIG=$x - pcre_path="no" - break - fi + AC_CHECK_PROG([PCRE_CONFIG_IN_ENV], [pcre-config], [yes], [no]) + + if test "$PCRE_CONFIG_IN_ENV" = "yes"; then + AC_MSG_NOTICE([pcre-config found in envinronment]) + + PCRE_CONFIG=pcre-config + pcre_path="no" + else + AC_MSG_NOTICE([pcre-config not found in environment. checking known paths]) - dnl # Try known config script names/locations - for PCRE_CONFIG in pcre-config; do - if test -e "${x}/bin/${PCRE_CONFIG}"; then - pcre_path="${x}/bin" + for x in ${test_paths}; do + dnl # Determine if the script was specified and use it directly + if test ! -d "$x" -a -e "$x"; then + PCRE_CONFIG=$x + pcre_path="no" break - elif test -e "${x}/${PCRE_CONFIG}"; then - pcre_path="${x}" + fi + + dnl # Try known config script names/locations + for PCRE_CONFIG in pcre-config; do + if test -e "${x}/bin/${PCRE_CONFIG}"; then + pcre_path="${x}/bin" + break + elif test -e "${x}/${PCRE_CONFIG}"; then + pcre_path="${x}" + break + else + pcre_path="" + fi + done + if test -n "$pcre_path"; then break - else - pcre_path="" fi done - if test -n "$pcre_path"; then - break - fi - done + fi if test -n "${pcre_path}"; then if test "${pcre_path}" != "no"; then @@ -77,9 +88,11 @@ else CFLAGS="${PCRE_CFLAGS} ${CFLAGS}" LDFLAGS="${PCRE_LDADD} ${LDFLAGS}" LIBS="${PCRE_LDADD} ${LIBS}" - AC_TRY_LINK([ #include ], - [ pcre_jit_exec(NULL, NULL, NULL, 0, 0, 0, NULL, 0, NULL); ], - [ pcre_jit_available=yes ], [:] + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[ pcre_jit_exec(NULL, NULL, NULL, 0, 0, 0, NULL, 0, NULL); ]])], + [ pcre_jit_available=yes ], + [:] ) if test "x$pcre_jit_available" = "xyes"; then diff --git a/src/deps/src/modsecurity/build/win32/CMakeLists.txt b/src/deps/src/modsecurity/build/win32/CMakeLists.txt new file mode 100644 index 0000000000..cebf4c9be2 --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/CMakeLists.txt @@ -0,0 +1,272 @@ +cmake_minimum_required(VERSION 3.24) + +set(BASE_DIR ${CMAKE_CURRENT_LIST_DIR}/../..) + +option(WITH_LMDB "Include LMDB support" OFF) +option(WITH_LUA "Include LUA support" ON) +option(WITH_LIBXML2 "Include LibXML2 support" ON) +option(WITH_MAXMIND "Include MaxMind support" ON) +option(WITH_CURL "Include CURL support" ON) + +option(USE_ASAN "Build with Address Sanitizer" OFF) + +# common compiler settings + +# NOTE: MBEDTLS_CONFIG_FILE is not only required to compile the mbedtls subset in others, but also +# when their headers are included while compiling libModSecurity +add_compile_definitions(WIN32 _CRT_SECURE_NO_WARNINGS MBEDTLS_CONFIG_FILE="mbedtls/mbedtls_config.h") + +# set standards conformance preprocessor & compiler to align with cross-compiled codebase +# NOTE: otherwise visual c++'s default compiler/preprocessor behaviour generates C4067 warnings +# (unexpected tokens following preprocessor directive - expected a newline) +add_compile_options(/Zc:preprocessor /permissive-) + +if(USE_ASAN) + add_compile_options(/fsanitize=address) + add_link_options(/INFERASANLIBS /INCREMENTAL:no) +endif() + +# libinjection + +project(libinjection C) + +set(LIBINJECTION_DIR ${BASE_DIR}/others/libinjection) + +add_library(libinjection STATIC ${LIBINJECTION_DIR}/src/libinjection_sqli.c ${LIBINJECTION_DIR}/src/libinjection_xss.c ${LIBINJECTION_DIR}/src/libinjection_html5.c) + +# get libinjection version with git describe +execute_process( + COMMAND git describe + WORKING_DIRECTORY ${LIBINJECTION_DIR} + OUTPUT_VARIABLE LIBINJECTION_VERSION + OUTPUT_STRIP_TRAILING_WHITESPACE +) + +message("-- Detecting libinjection version - ${LIBINJECTION_VERSION}") + +target_compile_definitions(libinjection PRIVATE LIBINJECTION_VERSION="${LIBINJECTION_VERSION}") + +# mbedtls (mbedcrypto) + +project(mbedcrypto C) + +set(MBEDTLS_DIR ${BASE_DIR}/others/mbedtls) + +add_library(mbedcrypto STATIC ${MBEDTLS_DIR}/library/base64.c ${MBEDTLS_DIR}/library/sha1.c ${MBEDTLS_DIR}/library/md5.c ${MBEDTLS_DIR}/library/platform_util.c ${MBEDTLS_DIR}/library/constant_time.c) + +target_include_directories(mbedcrypto PRIVATE ${MBEDTLS_DIR}/include) + +# get mbedtls version with git describe +execute_process( + COMMAND git describe + WORKING_DIRECTORY ${MBEDTLS_DIR} + OUTPUT_VARIABLE MBEDTLS_VERSION + OUTPUT_STRIP_TRAILING_WHITESPACE +) + +message("-- Detecting Mbed TLS version - ${MBEDTLS_VERSION}") + +# +# libModSecurity +# + +project(libModSecurity + VERSION + 3.0.12 + LANGUAGES + CXX +) + +set(CMAKE_CXX_STANDARD 17) +set(CMAKE_CXX_STANDARD_REQUIRED On) +set(CMAKE_CXX_EXTENSIONS Off) + +set(PACKAGE_BUGREPORT "security@modsecurity.org") +set(PACKAGE_NAME "modsecurity") +set(PACKAGE_VERSION "${PROJECT_VERSION}") +set(PACKAGE_STRING "${PACKAGE_NAME} ${PACKAGE_VERSION}") +set(PACKAGE_TARNAME "${PACKAGE_NAME}") + +set(HAVE_YAJL 1) # should always be one, mandatory dependency +set(HAVE_GEOIP 0) # should always be zero, no conan package available +set(HAVE_SSDEEP 0) # should always be zero, no conan package available + +macro(enable_feature flag option) + if(${option}) + set(${flag} 1) # ON + else() + set(${flag} 0) # OFF + endif() +endmacro() + +enable_feature(HAVE_LMDB ${WITH_LMDB}) +enable_feature(HAVE_LUA ${WITH_LUA}) +enable_feature(HAVE_LIBXML2 ${WITH_LIBXML2}) +enable_feature(HAVE_MAXMIND ${WITH_MAXMIND}) +enable_feature(HAVE_CURL ${WITH_CURL}) + +include(${CMAKE_CURRENT_LIST_DIR}/ConfigureChecks.cmake) + +configure_file(config.h.cmake ${BASE_DIR}/src/config.h) + +find_package(PCRE2 REQUIRED) +find_package(Poco REQUIRED) +find_package(dirent REQUIRED) # used only by tests (check dirent::dirent refernces) + +macro(include_package package flag) + if(${flag}) + find_package(${package} REQUIRED) + endif() +endmacro() + +include_package(yajl HAVE_YAJL) +include_package(libxml2 HAVE_LIBXML2) +include_package(lua HAVE_LUA) +include_package(CURL HAVE_CURL) +include_package(lmdb HAVE_LMDB) +include_package(maxminddb HAVE_MAXMIND) + +# library +# + +# NOTE: required to generate libModSecurity's import library (libModSecurity.lib), used by tests to link with shared library +set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON) + +file(GLOB_RECURSE libModSecuritySources ${BASE_DIR}/src/*.cc) + +add_library(libModSecurity SHARED ${libModSecuritySources}) + +target_compile_definitions(libModSecurity PRIVATE WITH_PCRE2) +target_include_directories(libModSecurity PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others ${MBEDTLS_DIR}/include) +target_link_libraries(libModSecurity PRIVATE pcre2::pcre2 libinjection mbedcrypto Poco::Poco Iphlpapi.lib) + +macro(add_package_dependency project compile_definition link_library flag) + if(${flag}) + target_compile_definitions(${project} PRIVATE ${compile_definition}) + target_link_libraries(${project} PRIVATE ${link_library}) + endif() +endmacro() + +add_package_dependency(libModSecurity WITH_YAJL yajl::yajl HAVE_YAJL) +add_package_dependency(libModSecurity WITH_LIBXML2 LibXml2::LibXml2 HAVE_LIBXML2) +add_package_dependency(libModSecurity WITH_LUA lua::lua HAVE_LUA) +if(HAVE_LUA) + target_compile_definitions(libModSecurity PRIVATE WITH_LUA_5_4) +endif() +add_package_dependency(libModSecurity MSC_WITH_CURL CURL::libcurl HAVE_CURL) +add_package_dependency(libModSecurity WITH_LMDB lmdb::lmdb HAVE_LMDB) +add_package_dependency(libModSecurity WITH_MAXMIND maxminddb::maxminddb HAVE_MAXMIND) + +# tests +# + +project(libModSecurityTests) + +function(setTestTargetProperties executable) + target_compile_definitions(${executable} PRIVATE WITH_PCRE2) + target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers) + target_link_libraries(${executable} PRIVATE libModSecurity pcre2::pcre2 dirent::dirent) + add_package_dependency(${executable} WITH_YAJL yajl::yajl HAVE_YAJL) +endfunction() + +# unit tests +file(GLOB unitTestSources ${BASE_DIR}/test/unit/*.cc) +add_executable(unit_tests ${unitTestSources}) +setTestTargetProperties(unit_tests) +target_compile_options(unit_tests PRIVATE /wd4805) + +# regression tests +file(GLOB regressionTestsSources ${BASE_DIR}/test/regression/*.cc) +add_executable(regression_tests ${regressionTestsSources}) +setTestTargetProperties(regression_tests) + +macro(add_regression_test_capability compile_definition flag) + if(${flag}) + target_compile_definitions(regression_tests PRIVATE ${compile_definition}) + endif() +endmacro() + +add_regression_test_capability(WITH_LUA HAVE_LUA) +add_regression_test_capability(WITH_CURL HAVE_CURL) +add_regression_test_capability(WITH_LMDB HAVE_LMDB) +add_regression_test_capability(WITH_MAXMIND HAVE_MAXMIND) + +enable_testing() + +file(READ ${BASE_DIR}/test/test-suite.in TEST_FILES_RAW) +string(REPLACE "\n" ";" TEST_FILES ${TEST_FILES_RAW}) + +foreach(TEST_FILE ${TEST_FILES}) + # ignore comment lines + string(FIND ${TEST_FILE} "#" is_comment) + if(NOT is_comment EQUAL 0) + string(FIND ${TEST_FILE} "TESTS+=" is_valid_prefix) + if(NOT is_valid_prefix EQUAL 0) + message(FATAL_ERROR "Invalid prefix in line: ${TEST_FILE}") + endif() + + # remove 'TESTS+=' prefix and 'test/' too because tests are launched + # from that directory + string(SUBSTRING ${TEST_FILE} 12 -1 TEST_FILE) + + # test name + get_filename_component(TEST_NAME ${TEST_FILE} NAME_WE) + + # determine test runner based on test path prefix + string(FIND ${TEST_FILE} "test-cases/regression/" is_regression_test) + if(is_regression_test EQUAL 0) + set(TEST_RUNNER "regression_tests") + else() + set(TEST_RUNNER "unit_tests") + endif() + + add_test(NAME ${TEST_NAME} COMMAND ${TEST_RUNNER} ${TEST_FILE} WORKING_DIRECTORY ${BASE_DIR}/test) + endif() +endforeach() + +# benchmark +add_executable(benchmark ${BASE_DIR}/test/benchmark/benchmark.cc) +setTestTargetProperties(benchmark) + +# rules_optimization +add_executable(rules_optimization ${BASE_DIR}/test/optimization/optimization.cc) +setTestTargetProperties(rules_optimization) + + +# examples +# + +project(libModSecurityExamples) + +function(setExampleTargetProperties executable) + target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers) + target_link_libraries(${executable} PRIVATE libModSecurity) +endfunction() + +# simple_example_using_c +add_executable(simple_example_using_c ${BASE_DIR}/examples/simple_example_using_c/test.c) +setExampleTargetProperties(simple_example_using_c) + +# using_bodies_in_chunks +add_executable(using_bodies_in_chunks ${BASE_DIR}/examples/using_bodies_in_chunks/simple_request.cc) +setExampleTargetProperties(using_bodies_in_chunks) + +# reading_logs_via_rule_message +add_executable(reading_logs_via_rule_message ${BASE_DIR}/examples/reading_logs_via_rule_message/simple_request.cc) +setExampleTargetProperties(reading_logs_via_rule_message) + +# reading_logs_with_offset +add_executable(reading_logs_with_offset ${BASE_DIR}/examples/reading_logs_with_offset/read.cc) +setExampleTargetProperties(reading_logs_with_offset) + +# multithread +add_executable(multithread ${BASE_DIR}/examples/multithread/multithread.cc) +setExampleTargetProperties(multithread) + +# tools +# + +# rules_check +add_executable(rules_check ${BASE_DIR}/tools/rules-check/rules-check.cc) +target_include_directories(rules_check PRIVATE ${BASE_DIR} ${BASE_DIR}/headers) +target_link_libraries(rules_check PRIVATE libModSecurity) diff --git a/src/deps/src/modsecurity/build/win32/ConfigureChecks.cmake b/src/deps/src/modsecurity/build/win32/ConfigureChecks.cmake new file mode 100644 index 0000000000..6322b69652 --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/ConfigureChecks.cmake @@ -0,0 +1,18 @@ +include(CheckIncludeFile) +include(CheckIncludeFiles) + +check_include_file("dlfcn.h" HAVE_DLFCN_H) +check_include_file("inttypes.h" HAVE_INTTYPES_H) +check_include_file("stdint.h" HAVE_STDINT_H) +check_include_file("stdio.h" HAVE_STDIO_H) +check_include_file("stdlib.h" HAVE_STDLIB_H) +check_include_file("string" HAVE_STRING) +check_include_file("strings.h" HAVE_STRINGS_H) +check_include_file("string.h" HAVE_STRING_H) +check_include_file("sys/stat.h" HAVE_SYS_STAT_H) +check_include_file("sys/types.h" HAVE_SYS_TYPES_H) +check_include_file("sys/utsname.h" HAVE_SYS_UTSNAME_H) +check_include_file("unistd.h" HAVE_UNISTD_H) + +#/* Define to 1 if you have the ANSI C header files. */ +check_include_files("stdlib.h;stdarg.h;string.h;float.h" STDC_HEADERS) diff --git a/src/deps/src/modsecurity/build/win32/README.md b/src/deps/src/modsecurity/build/win32/README.md new file mode 100644 index 0000000000..85fd868edb --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/README.md @@ -0,0 +1,112 @@ +# libModSecurity Windows build information + +The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for Visual C++ & CMake) and Conan package manager. + +## Contents + +- [Prerequisites](#prerequisites) +- [Build](#build) + - [Optional features](#optional-features) + - [Address Sanitizer](#address-sanitizer) + - [Docker container](#docker-container) + +## Prerequisites + + * [Build Tools for Visual Studio 2022](https://aka.ms/vs/17/release/vs_buildtools.exe) + * Install *Desktop development with C++* workload, which includes: + * MSVC C++ compiler + * Windows SDK + * CMake + * Address Sanitizer + * [Conan package manager 2.2.2](https://github.com/conan-io/conan/releases/download/2.2.2/conan-2.2.2-windows-x86_64-installer.exe) + * Install and then setup the default Conan profile to use the MSVC C++ compiler: + 1. Open a command-prompt and set the MSVC C++ compiler environment by executing: `C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat` + 2. Execute: `conan profile detect --force` + * [Git for Windows 2.44.0](https://github.com/git-for-windows/git/releases/download/v2.44.0.windows.1/Git-2.44.0-64-bit.exe) + * To clone the libModSecurity repository. + * NOTE: Make sure to initialize and update submodules (to get `libinjection` and regression tests) + * `git submodule init` + * `git submodule update` + +## Build + +Install the prerequisites listsed in the previous section, checkout libModSecurity and from the directory where it's located execute: + +``` +vcbuild.bat [build_configuration] [arch] [USE_ASAN] +``` + +where `[build_configuration]` can be: `Release` (default), `RelWithDebInfo`, `MinSizeRel` or `Debug`, and `[arch]` can be: `x86_64` (default) or `x86`. + +Built files will be located in the directory: `build\win32\build\[build_configuration]` and include: + + * `libModSecurity.dll` + * Executable files for test projects + * `unit_tests.exe` + * `regression_tests.exe` + * `benchmark.exe` + * `rules_optimization.exe` + * Executable files for examples + * `simple_example_using_c.exe` + * `using_bodies_in_chunks.exe` + * `reading_logs_via_rule_message.exe` + * `reading_logs_with_offset.exe` + * `multithread.exe` + * Executable files for tools + * `rules_check.exe` + +NOTE: When building a different configuration, it's recommended to reset: + + * the build directory: `build\win32\build` + * previously built conan packages executing the command: + * `conan remove * -c` + +### Optional features + +By default the following all the following features are enabled by including the associated third-party library through a Conan package: + + * libxml2 2.12.6 for XML processing support + * libcurl 8.6.0 to support http requests from rules + * libmaxminddb 1.9.1 to support reading MaxMind DB files. + * LUA 5.4.6 to enable rules to run scripts in this language for extensibility + * lmdb 0.9.31 in-memory database + +Each of these can be turned off by updating the associated `HAVE_xxx` variable (setting it to zero) in the beginning of the libModSecurity section of `CMakeLists.txt`. + +### Address Sanitizer + +[AddressSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) (aka ASan) is a memory error detector for C/C++. + +To generate a build with *Address Sanitizer*, add the `USE_ASAN` optional third argument to `vcbuild.bat`. For example: + * `vcbuild.bat Debug x86_64 USE_ASAN` + +NOTE: `USE_ASAN` does not work with `Release` & `MinSizeRel` configurations because they do not include debug info (it is only compatible with `Debug` & `RelWithDebInfo` builds). + + * References + * [AddressSanitizer | Microsoft Learn](https://learn.microsoft.com/en-us/cpp/sanitizers/asan?view=msvc-170) + * [AddressSanitizer for Windows: x64 and Debug Build Support - C++ Team Blog (microsoft.com)](https://devblogs.microsoft.com/cppblog/asan-for-windows-x64-and-debug-build-support/) + * [AddressSanitizer language, build, and debugging reference | Microsoft Learn](https://learn.microsoft.com/en-us/cpp/sanitizers/asan-building?view=msvc-170) + +### Docker container + +A `Dockerfile` configuration file is provided in the `docker` subdir that creates a Windows container image which installs the [prerequisites](#prerequisites) and builds libModSecurity and other binaries. + +NOTE: Windows containers are supported in Docker Desktop for Windows, using the *Switch to Windows containers...* option on the context menu of the system tray icon. + +To build the docker image, execute the following command (from the `build\win32\docker` directory): + + * `docker build -t libmodsecurity:latest -m 4GB .` + * Build type, architecture and build with Address Sanitizer can be configured through build arguments (`BUILD_TYPE`, `ARCH` & `USE_ASAN` respectively). For example, to generate a debug build, add the following argument: + * `--build-arg BUILD_TYPE=Debug` + +Once the image is generated, the library and associated binaries (tests & examples) are located in the `C:\src\ModSecurity\build\win32\build\[build_type]` directory. + +To extract the library (`libModSecurity.dll`) from the image, you can execute the following commands: + + * `docker container create --name [container_name] libmodsecurity` + * `docker cp [container_name]:C:\src\ModSecurity\build\win32\build\[build_type]\libModSecurity.dll .` + * NOTE: If you leave out the `libModSecurity.dll` filename out, you can copy all the built binaries (including examples & tests). + +Additionally, the image can be used interactively for additional development work by executing: + + * `docker run -it libmodsecurity` diff --git a/src/deps/src/modsecurity/build/win32/conanfile.txt b/src/deps/src/modsecurity/build/win32/conanfile.txt new file mode 100644 index 0000000000..b8f9721d0a --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/conanfile.txt @@ -0,0 +1,14 @@ +[requires] +yajl/2.1.0 +pcre2/10.42 +libxml2/2.12.6 +lua/5.4.6 +libcurl/8.6.0 +lmdb/0.9.31 +libmaxminddb/1.9.1 +dirent/1.24 +poco/1.13.3 + +[generators] +CMakeDeps +CMakeToolchain diff --git a/src/deps/src/modsecurity/build/win32/config.h.cmake b/src/deps/src/modsecurity/build/win32/config.h.cmake new file mode 100644 index 0000000000..2f6a73085e --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/config.h.cmake @@ -0,0 +1,92 @@ +/* config.h.cmake. Based upon generated config.h.in. */ + +#ifndef MODSECURITY_CONFIG_H +#define MODSECURITY_CONFIG_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_DLFCN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_INTTYPES_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_IOSTREAM + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDIO_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STRING + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_UTSNAME_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_UNISTD_H + +/* Define if GeoIP is available */ +#cmakedefine HAVE_GEOIP + +/* Define if LMDB is available */ +#cmakedefine HAVE_LMDB + +/* Define if LUA is available */ +#cmakedefine HAVE_LUA + +/* Define if MaxMind is available */ +#cmakedefine HAVE_MAXMIND + +/* Define if SSDEEP is available */ +#cmakedefine HAVE_SSDEEP + +/* Define if YAJL is available */ +#cmakedefine HAVE_YAJL + +/* Define if libcurl is available */ +#cmakedefine HAVE_CURL + +/* Name of package */ +#define PACKAGE "@PACKAGE_NAME@" + +/* Define to the address where bug reports for this package should be sent. */ +#cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" + +/* Define to the full name of this package. */ +#cmakedefine PACKAGE_NAME "@PACKAGE_NAME@" + +/* Define to the full name and version of this package. */ +#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@" + +/* Define to the one symbol short name of this package. */ +#cmakedefine PACKAGE_TARNAME "@PACKAGE_TARNAME@" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + +/* Define to the version of this package. */ +#cmakedefine PACKAGE_VERSION "@PACKAGE_VERSION@" + +/* Define to 1 if you have the ANSI C header files. */ +#ifndef STDC_HEADERS +#cmakedefine STDC_HEADERS +#endif + +#endif // ndef MODSECURITY_CONFIG_H \ No newline at end of file diff --git a/src/deps/src/modsecurity/build/win32/docker/Dockerfile b/src/deps/src/modsecurity/build/win32/docker/Dockerfile new file mode 100644 index 0000000000..a33d12f816 --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/docker/Dockerfile @@ -0,0 +1,115 @@ +# escape=` + +ARG FROM_IMAGE=mcr.microsoft.com/windows/servercore:ltsc2022 +FROM ${FROM_IMAGE} + +# reset the shell. +SHELL ["cmd", "/S", "/C"] + +# set up environment to collect install errors. +COPY InstallBuildTools.cmd C:\TEMP\ +ADD https://aka.ms/vscollect.exe C:\TEMP\collect.exe + +# download channel for fixed install. +ARG CHANNEL_URL=https://aka.ms/vs/17/release/channel +ADD ${CHANNEL_URL} C:\TEMP\VisualStudio.chman + +# download and install Build Tools for Visual Studio 2022 for native desktop workload. +ADD https://aka.ms/vs/17/release/vs_buildtools.exe C:\TEMP\vs_buildtools.exe +RUN C:\TEMP\InstallBuildTools.cmd C:\TEMP\vs_buildtools.exe --quiet --wait --norestart --nocache ` + --channelUri C:\TEMP\VisualStudio.chman ` + --installChannelUri C:\TEMP\VisualStudio.chman ` + --add Microsoft.VisualStudio.Workload.VCTools ` + --includeRecommended ` + --installPath C:\BuildTools + +# download & install GIT +ARG GIT_VERSION=2.44.0 +ARG GIT_BINARY=Git-${GIT_VERSION}-64-bit.exe +ARG GIT_URL=https://github.com/git-for-windows/git/releases/download/v${GIT_VERSION}.windows.1/${GIT_BINARY} + +COPY git.inf C:\TEMP\ +ARG INSTALLER=C:\TEMP\${GIT_BINARY} +ADD ${GIT_URL} ${INSTALLER} +RUN %INSTALLER% /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL ` + /NORESTART /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /LOADINF=git.inf + +# download & setup conan +ARG CONAN_VERSION=2.2.2 +ARG CONAN_BINARY=conan-${CONAN_VERSION}-windows-x86_64-installer.exe +ARG CONAN_URL=https://github.com/conan-io/conan/releases/download/${CONAN_VERSION}/${CONAN_BINARY} + +ARG INSTALLER=C:\TEMP\${CONAN_BINARY} +ADD ${CONAN_URL} ${INSTALLER} +RUN %INSTALLER% /SP- /VERYSILENT /SUPPRESSMSGBOXES + +# setup conan profile +RUN C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat && conan profile detect --force + +# download libModSecurity +# + +# create src dir +ARG SRC_DIR=C:\src + +WORKDIR C:\ +RUN cmd.exe /C md %SRC_DIR% + +# libModSecurity +WORKDIR ${SRC_DIR} + +ARG MOD_SECURITY_TAG=v3/master +RUN git clone -c advice.detachedHead=false --depth 1 --branch %MOD_SECURITY_TAG% https://github.com/owasp-modsecurity/ModSecurity.git + +ARG MOD_SECURITY_DIR=${SRC_DIR}\ModSecurity +WORKDIR ${MOD_SECURITY_DIR} + +# fetch submodules (bindings/python, others/libinjection, test/test-cases/secrules-language-tests) +RUN git submodule init +RUN git submodule update + +# build libraries +# + +ARG BUILD_TYPE=Release +ARG ARCH=x86_64 +ARG USE_ASAN= + +RUN C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat && vcbuild.bat %BUILD_TYPE% %ARCH% %USE_ASAN% + +# test suite +# + +# setup test environment +RUN cmd.exe /C md \tmp +RUN cmd.exe /C md \bin +RUN cmd.exe /C copy "C:\Program Files\GIT\usr\bin" \bin > NUL +RUN cmd.exe /C copy "C:\Program Files\GIT\usr\bin\echo.exe" \bin\echo > NUL + +# disable tests that don't work on windows +ARG JQ_VERSION=1.7.1 +ARG JQ_BINARY=jq-windows-amd64.exe +ARG JQ_URL=https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/${JQ_BINARY} + +ARG JQ_BIN=C:\TEMP\jq.exe +ADD ${JQ_URL} ${JQ_BIN} + +WORKDIR ${MOD_SECURITY_DIR}\test\test-cases\regression + +RUN %JQ_BIN% "map(if .title == \"Test match variable (1/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json +RUN %JQ_BIN% "map(if .title == \"Test match variable (2/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json +RUN %JQ_BIN% "map(if .title == \"Test match variable (3/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json +RUN %JQ_BIN% "map(if .title == \"Variable offset - FILES_NAMES\" then .enabled = 0 else . end)" offset-variable.json > tmp.json && move /Y tmp.json offset-variable.json + +# run tests +WORKDIR ${MOD_SECURITY_DIR}\build\win32\build + +RUN C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat && ctest -C %BUILD_TYPE% --output-on-failure + +# setup container's entrypoint +# + +WORKDIR C:\ + +# Use developer command prompt and start PowerShell if no other command specified. +ENTRYPOINT ["C:\\BuildTools\\VC\\Auxiliary\\Build\\vcvars64.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"] diff --git a/src/deps/src/modsecurity/build/win32/docker/InstallBuildTools.cmd b/src/deps/src/modsecurity/build/win32/docker/InstallBuildTools.cmd new file mode 100644 index 0000000000..a0c07c7815 --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/docker/InstallBuildTools.cmd @@ -0,0 +1,17 @@ +@rem Copyright (C) Microsoft Corporation. All rights reserved. +@rem Licensed under the MIT license. See LICENSE.txt in the project root for license information. + +@if not defined _echo echo off +setlocal enabledelayedexpansion + +call %* +if "%ERRORLEVEL%"=="3010" ( + exit /b 0 +) else ( + if not "%ERRORLEVEL%"=="0" ( + set ERR=%ERRORLEVEL% + call C:\TEMP\collect.exe -zip:C:\vslogs.zip + + exit /b !ERR! + ) +) diff --git a/src/deps/src/modsecurity/build/win32/docker/git.inf b/src/deps/src/modsecurity/build/win32/docker/git.inf new file mode 100644 index 0000000000..49781dd9a4 --- /dev/null +++ b/src/deps/src/modsecurity/build/win32/docker/git.inf @@ -0,0 +1,20 @@ +[Setup] +Lang=default +Dir=C:\Program Files\Git +Group=Git +NoIcons=0 +SetupType=default +Components=ext,ext\shellhere,ext\guihere,gitlfs,assoc,autoupdate +Tasks= +EditorOption=VIM +CustomEditorPath= +PathOption=Cmd +SSHOption=OpenSSH +TortoiseOption=false +CURLOption=WinSSL +CRLFOption=LFOnly +BashTerminalOption=ConHost +PerformanceTweaksFSCache=Enabled +UseCredentialManager=Enabled +EnableSymlinks=Disabled +EnableBuiltinInteractiveAdd=Disabled \ No newline at end of file diff --git a/src/deps/src/modsecurity/build/yajl.m4 b/src/deps/src/modsecurity/build/yajl.m4 index dd69571562..e050c084bd 100644 --- a/src/deps/src/modsecurity/build/yajl.m4 +++ b/src/deps/src/modsecurity/build/yajl.m4 @@ -78,6 +78,29 @@ else # fi fi +# FIX: if the include directory in CFLAGS ends with "include/yajl", +# remove the suffix "/yajl". the library header files are included +# using the prefix (for example, #include ), and +# this is even the case for the library itself (for example, +# yajl_tree.h includes yajl/yajl_common.h). + +new_cflags="" + +for flag in $YAJL_CFLAGS; do + case "$flag" in + -I*/include/yajl) + new_flag="${flag%/yajl}" + new_cflags="$new_cflags $new_flag" + ;; + *) + new_cflags="$new_cflags $flag" + ;; + esac +done + +YAJL_CFLAGS="$new_cflags" + + if test -z "${YAJL_LDADD}"; then if test -z "${YAJL_MANDATORY}"; then if test -z "${YAJL_DISABLED}"; then diff --git a/src/deps/src/modsecurity/configure.ac b/src/deps/src/modsecurity/configure.ac index e948968a66..60c1c89477 100644 --- a/src/deps/src/modsecurity/configure.ac +++ b/src/deps/src/modsecurity/configure.ac @@ -52,8 +52,8 @@ AC_PROG_MAKE_SET PKG_PROG_PKG_CONFIG -# Check if the compiler is c++11 compatible. -# AX_CXX_COMPILE_STDCXX_11(,mandatory) +# Set C++ standard version and check if compiler supports it. +AX_CXX_COMPILE_STDCXX(17, noext, mandatory) # Check for libinjection if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then @@ -75,6 +75,28 @@ AC_MSG_ERROR([\ fi # Libinjection version AC_DEFUN([LIBINJECTION_VERSION], m4_esyscmd_s(cd "others/libinjection" && git describe && cd ../..)) +AC_SUBST([LIBINJECTION_VERSION]) + +# Check for Mbed TLS +if ! test -f "${srcdir}/others/mbedtls/library/base64.c"; then +AC_MSG_ERROR([\ + + + Mbed TLS was not found within ModSecurity source directory. + + Mbed TLS code is available as part of ModSecurity source code in a format + of a git-submodule. git-submodule allow us to specify the correct version of + Mbed TLS and still uses the Mbed TLS repository to download it. + + You can download Mbed TLS using git: + + $ git submodule init + $ git submodule update + + ]) +fi +# Mbed TLS version +AC_DEFUN([MBEDTLS_VERSION], m4_esyscmd_s(cd "others/mbedtls" && git describe && cd ../..)) # SecLang test version AC_DEFUN([SECLANG_TEST_VERSION], m4_esyscmd_s(cd "test/test-cases/secrules-language-tests" && git log -1 --format="%h" --abbrev-commit && cd ../../..)) @@ -137,14 +159,13 @@ AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""]) # Checks for header files. -AC_HEADER_STDC AC_CHECK_HEADERS([string]) AC_CHECK_HEADERS([iostream]) AC_CHECK_HEADERS([sys/utsname.h]) -# ?? -LT_INIT([dlopen]) +# Initialize libtool +LT_INIT # Identify platform AC_CANONICAL_HOST @@ -227,6 +248,17 @@ AC_SUBST([MSC_VERSION]) MSC_GIT_VERSION=msc_version_git AC_SUBST([MSC_GIT_VERSION]) +AC_ARG_ENABLE(assertions, + [AS_HELP_STRING([--enable-assertions],[Turn on assertions feature: undefine NDEBUG])], + + [case "${enableval}" in + yes) assertions=true ;; + no) assertions=false ;; + *) AC_MSG_ERROR(bad value ${enableval} for --enable-assertions) ;; + esac], + + [assertions=false] + ) AC_ARG_ENABLE(debug-logs, [AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])], @@ -284,27 +316,10 @@ AC_ARG_ENABLE(parser-generation, [buildParser=false] ) -# Mutex -AC_ARG_ENABLE(mutex-on-pm, - [AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])], - - [case "${enableval}" in - yes) mutexPm=true ;; - no) mutexPm=false ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-mutex-on-pm) ;; - esac], - - [mutexPm=false] - ) -if test "$mutexPm" == "true"; then - MODSEC_MUTEX_ON_PM="-DMUTEX_ON_PM=1" - AC_SUBST(MODSEC_MUTEX_ON_PM) -fi - if test $buildParser = true; then AC_PROG_YACC - AC_PROG_LEX + AC_PROG_LEX(noyywrap) AC_PATH_PROG([FLEX], [flex]) test "x$FLEX" = "x" && AC_MSG_ERROR([flex is needed to build ModSecurity]) @@ -356,6 +371,14 @@ if test "$aflFuzzer" == "true"; then GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS" $buildExamples = false fi + +case $assertions in + false) ASSERTIONS_CPPCFLAGS="-DNDEBUG" ;; + true) ASSERTIONS_CPPCFLAGS="-UNDEBUG" ;; + *) AC_MSG_ERROR(bad value ${assertions} for assertions) ;; +esac +GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $ASSERTIONS_CPPCFLAGS" + AC_SUBST(GLOBAL_LDADD) AC_SUBST(GLOBAL_CPPFLAGS) @@ -383,6 +406,7 @@ AM_COND_IF([EXAMPLES], examples/Makefile \ examples/simple_example_using_c/Makefile \ examples/multiprocess_c/Makefile \ + examples/multithread/Makefile \ examples/reading_logs_with_offset/Makefile \ examples/reading_logs_via_rule_message/Makefile \ examples/using_bodies_in_chunks/Makefile \ @@ -426,6 +450,8 @@ echo " " echo " Mandatory dependencies" AS_ECHO_N(" + libInjection ....") echo LIBINJECTION_VERSION +AS_ECHO_N(" + Mbed TLS ....") +echo MBEDTLS_VERSION AS_ECHO_N(" + SecLang tests ....") echo SECLANG_TEST_VERSION @@ -590,6 +616,11 @@ if test $buildTestUtilities = true; then else echo " + Test Utilities ....disabled" fi +if test $assertions = true; then + echo " + Assertions ....enabled" +else + echo " + Assertions ....disabled" +fi if test $debugLogs = true; then echo " + SecDebugLog ....enabled" else diff --git a/src/deps/src/modsecurity/examples/Makefile.am b/src/deps/src/modsecurity/examples/Makefile.am index 609cb93ef0..2dbb21ace7 100644 --- a/src/deps/src/modsecurity/examples/Makefile.am +++ b/src/deps/src/modsecurity/examples/Makefile.am @@ -4,6 +4,7 @@ ACLOCAL_AMFLAGS = -I build SUBDIRS = \ multiprocess_c \ + multithread \ reading_logs_with_offset \ reading_logs_via_rule_message \ simple_example_using_c \ diff --git a/src/deps/src/modsecurity/examples/multiprocess_c/Makefile.am b/src/deps/src/modsecurity/examples/multiprocess_c/Makefile.am index 85c2648726..726d1d9057 100644 --- a/src/deps/src/modsecurity/examples/multiprocess_c/Makefile.am +++ b/src/deps/src/modsecurity/examples/multiprocess_c/Makefile.am @@ -15,7 +15,6 @@ multi_LDFLAGS = \ -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ -lmodsecurity \ - -lpthread \ -lm \ -lstdc++ \ $(LUA_LDFLAGS) \ diff --git a/src/deps/src/modsecurity/examples/multiprocess_c/multi.c b/src/deps/src/modsecurity/examples/multiprocess_c/multi.c index 6c2ae52182..2481db4e56 100644 --- a/src/deps/src/modsecurity/examples/multiprocess_c/multi.c +++ b/src/deps/src/modsecurity/examples/multiprocess_c/multi.c @@ -19,7 +19,11 @@ #include #include #include +#ifndef WIN32 #include +#else +#include +#endif #include #include #include diff --git a/src/deps/src/modsecurity/examples/multithread/Makefile.am b/src/deps/src/modsecurity/examples/multithread/Makefile.am new file mode 100644 index 0000000000..c17b431a35 --- /dev/null +++ b/src/deps/src/modsecurity/examples/multithread/Makefile.am @@ -0,0 +1,55 @@ + + +noinst_PROGRAMS = multithread + +multithread_SOURCES = \ + multithread.cc + +multithread_LDADD = \ + $(CURL_LDADD) \ + $(GEOIP_LDADD) \ + $(GLOBAL_LDADD) \ + $(LIBXML2_LDADD) \ + $(LMDB_LDADD) \ + $(MAXMIND_LDADD) \ + $(LUA_LDADD) \ + $(PCRE_LDADD) \ + $(SSDEEP_LDADD) \ + $(YAJL_LDADD) + +multithread_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ + $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ + $(LMDB_LDFLAGS) \ + $(LUA_LDFLAGS) \ + $(MAXMIND_LDFLAGS) \ + $(SSDEEP_LDFLAGS) \ + $(YAJL_LDFLAGS) + +multithread_CPPFLAGS = \ + $(GLOBAL_CFLAGS) \ + -I$(top_builddir)/headers \ + -I$(top_builddir) \ + -g \ + -I../others \ + -fPIC \ + -O3 \ + $(CURL_CFLAGS) \ + $(GEOIP_CFLAGS) \ + $(GLOBAL_CPPFLAGS) \ + $(MODSEC_NO_LOGS) \ + $(YAJL_CFLAGS) \ + $(LMDB_CFLAGS) \ + $(LUA_CFLAGS) \ + $(PCRE_CFLAGS) \ + $(LIBXML2_CFLAGS) + + +MAINTAINERCLEANFILES = \ + Makefile.in + + diff --git a/src/deps/src/modsecurity/examples/multithread/basic_rules.conf b/src/deps/src/modsecurity/examples/multithread/basic_rules.conf new file mode 100644 index 0000000000..cff1834261 --- /dev/null +++ b/src/deps/src/modsecurity/examples/multithread/basic_rules.conf @@ -0,0 +1,14 @@ +SecDebugLog debug.log +SecDebugLogLevel 9 + + +SecRule REQUEST_HEADERS:User-Agent ".*" "id:1,phase:1,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{MATCHED_VAR}" + +SecAction "id:2,phase:2,initcol:ip=%{REMOTE_ADDR}_%{tx.ua_hash}" + +SecRule REQUEST_HEADERS:User-Agent "@rx .*" "id:3,phase:2,setvar:ip.auth_attempt=+1" + +SecRule ARGS:foo "@rx herewego" "id:4,phase:2,setvar:ip.foo=bar,expirevar:ip.foo=2" +#SecRule ARGS:foo "@rx herewego" "id:4,phase:2,setvar:ip.foo=bar" +SecRule IP "@rx bar" "id:5,phase:2,pass" +SecRule IP:auth_attempt "@rx bar" "id:6,phase:2,pass" diff --git a/src/deps/src/modsecurity/examples/multithread/multithread.cc b/src/deps/src/modsecurity/examples/multithread/multithread.cc new file mode 100644 index 0000000000..4233bc71fa --- /dev/null +++ b/src/deps/src/modsecurity/examples/multithread/multithread.cc @@ -0,0 +1,68 @@ +#include +#include +#include + +#include +#include +#include + +static void process_request(modsecurity::ModSecurity *modsec, modsecurity::RulesSet *rules, int tid) { + std::cout << "Hello World! It's me, thread #" << tid << std::endl; + + for(int i = 0; i != 1'000; i++) { + auto modsecTransaction = std::make_unique(modsec, rules, nullptr); + + modsecTransaction->processConnection("127.0.0.1", 12345, "127.0.0.1", 80); + modsecTransaction->processURI( + "https://www.modsecurity.org/test?foo=herewego", + "GET", "1.1"); + + modsecTransaction->addRequestHeader("User-Agent", + "Basic ModSecurity example"); + modsecTransaction->processRequestHeaders(); + modsecTransaction->processRequestBody(); + + modsecTransaction->addResponseHeader("HTTP/1.1", + "200 OK"); + modsecTransaction->processResponseHeaders(200, "HTTP 1.2"); + modsecTransaction->processResponseBody(); + + modsecTransaction->processLogging(); + + std::this_thread::sleep_for(std::chrono::microseconds(100)); + } + + std::cout << "Thread #" << tid << " exits" << std::endl; +} + +int main (int argc, char *argv[]) { + auto modsec = std::make_unique(); + modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha (Simple " \ + "example on how to use ModSecurity API"); + + char main_rule_uri[] = "basic_rules.conf"; + auto rules = std::make_unique(); + if (rules->loadFromUri(main_rule_uri) < 0) { + std::cerr << "Problems loading the rules..." << std::endl; + std::cerr << rules->m_parserError.str() << std::endl; + return -1; + } + + constexpr auto NUM_THREADS = 100; + std::array threads; + + for (auto i = 0; i != threads.size(); ++i) { + threads[i] = std::thread( + [&modsec, &rules, i]() { + process_request(modsec.get(), rules.get(), i); + }); + } + + std::this_thread::sleep_for(std::chrono::microseconds(10000)); + + for (auto i = 0; i != threads.size(); ++i) { + threads[i].join(); + } + + return 0; +} \ No newline at end of file diff --git a/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/Makefile.am b/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/Makefile.am index 797ac752bd..210edef3bc 100644 --- a/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/Makefile.am +++ b/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/Makefile.am @@ -32,7 +32,6 @@ simple_request_LDFLAGS = \ simple_request_CPPFLAGS = \ $(GLOBAL_CFLAGS) \ - -std=c++11 \ -I$(top_builddir)/headers \ -I$(top_builddir) \ -g \ diff --git a/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h index 58cbba8b2f..33148cd7d0 100644 --- a/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h +++ b/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h @@ -13,13 +13,19 @@ * */ -#include +#ifndef EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_ +#define EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_ #include #include +#include +#include +#include +#include "modsecurity/rule_message.h" -#define NUM_THREADS 100 + +constexpr auto NUM_THREADS = 100; char request_header[] = "" \ @@ -61,35 +67,21 @@ char response_body[] = "" \ char ip[] = "200.249.12.31"; -#include "modsecurity/rule_message.h" - -#ifndef EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_ -#define EXAMPLES_READING_LOGS_VIA_RULE_MESSAGE_READING_LOGS_VIA_RULE_MESSAGE_H_ - - -struct data_ms { - modsecurity::ModSecurity *modsec; - modsecurity::RulesSet *rules; -}; - -static void *process_request(void *data) { - struct data_ms *a = (struct data_ms *)data; - modsecurity::ModSecurity *modsec = a->modsec; - modsecurity::RulesSet *rules = a->rules; - int z = 0; +static void process_request(modsecurity::ModSecurity *modsec, modsecurity::RulesSet *rules) { + for (auto z = 0; z < 10000; z++) { + auto modsecTransaction = std::make_unique(modsec, rules, nullptr); - for (z = 0; z < 10000; z++) { - modsecurity::Transaction *modsecTransaction = \ - new modsecurity::Transaction(modsec, rules, NULL); modsecTransaction->processConnection(ip, 12345, "127.0.0.1", 80); modsecTransaction->processURI(request_uri, "GET", "1.1"); - usleep(10); + std::this_thread::sleep_for(std::chrono::microseconds(10)); + modsecTransaction->addRequestHeader("Host", "net.tutsplus.com"); modsecTransaction->processRequestHeaders(); modsecTransaction->processRequestBody(); + modsecTransaction->addResponseHeader("HTTP/1.1", "200 OK"); modsecTransaction->processResponseHeaders(200, "HTTP 1.2"); @@ -97,16 +89,11 @@ static void *process_request(void *data) { (const unsigned char*)response_body, strlen((const char*)response_body)); modsecTransaction->processResponseBody(); - modsecTransaction->processLogging(); - delete modsecTransaction; + modsecTransaction->processLogging(); } - - pthread_exit(NULL); - return NULL; } - class ReadingLogsViaRuleMessage { public: ReadingLogsViaRuleMessage(char *request_header, @@ -125,47 +112,36 @@ class ReadingLogsViaRuleMessage { m_rules(rules) { } - int process() { - pthread_t threads[NUM_THREADS]; - int i; - struct data_ms dms; - void *status; - - modsecurity::ModSecurity *modsec; - modsecurity::RulesSet *rules; - - modsec = new modsecurity::ModSecurity(); + int process() const { + auto modsec = std::make_unique(); modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \ " (ModSecurity test)"); modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty | modsecurity::IncludeFullHighlightLogProperty); - rules = new modsecurity::RulesSet(); + auto rules = std::make_unique(); if (rules->loadFromUri(m_rules.c_str()) < 0) { std::cout << "Problems loading the rules..." << std::endl; std::cout << rules->m_parserError.str() << std::endl; return -1; } - dms.modsec = modsec; - dms.rules = rules; + std::array threads; - for (i = 0; i < NUM_THREADS; i++) { - pthread_create(&threads[i], NULL, process_request, - reinterpret_cast(&dms)); - // process_request((void *)&dms); + for (auto i = 0; i != threads.size(); ++i) { + threads[i] = std::thread( + [&modsec, &rules]() { + process_request(modsec.get(), rules.get()); + }); } - usleep(10000); + std::this_thread::sleep_for(std::chrono::microseconds(10000)); - for (i=0; i < NUM_THREADS; i++) { - pthread_join(threads[i], &status); + for (auto i = 0; i != threads.size(); ++i) { + threads[i].join(); std::cout << "Main: completed thread id :" << i << std::endl; } - delete rules; - delete modsec; - pthread_exit(NULL); return 0; } diff --git a/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/simple_request.cc b/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/simple_request.cc index 1d3b1deb23..571b574ec1 100644 --- a/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/simple_request.cc +++ b/src/deps/src/modsecurity/examples/reading_logs_via_rule_message/simple_request.cc @@ -35,8 +35,5 @@ int main(int argc, char **argv) { response_headers, response_body, ip, rules); rlvrm.process(); - - - pthread_exit(NULL); return 0; } diff --git a/src/deps/src/modsecurity/examples/reading_logs_with_offset/Makefile.am b/src/deps/src/modsecurity/examples/reading_logs_with_offset/Makefile.am index b798c8c54a..3ecda10cbb 100644 --- a/src/deps/src/modsecurity/examples/reading_logs_with_offset/Makefile.am +++ b/src/deps/src/modsecurity/examples/reading_logs_with_offset/Makefile.am @@ -21,7 +21,6 @@ read_LDFLAGS = \ -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ -lmodsecurity \ - -lpthread \ -lm \ -lstdc++ \ $(LMDB_LDFLAGS) \ @@ -32,7 +31,6 @@ read_LDFLAGS = \ read_CPPFLAGS = \ $(GLOBAL_CFLAGS) \ - -std=c++11 \ -I$(top_builddir)/headers \ -I$(top_builddir) \ -g \ diff --git a/src/deps/src/modsecurity/examples/simple_example_using_c/test.c b/src/deps/src/modsecurity/examples/simple_example_using_c/test.c index c7ed91b281..0c60ad5cd9 100644 --- a/src/deps/src/modsecurity/examples/simple_example_using_c/test.c +++ b/src/deps/src/modsecurity/examples/simple_example_using_c/test.c @@ -68,6 +68,8 @@ int main (int argc, char **argv) msc_process_response_body(transaction); msc_process_logging(transaction); end: + if(error != NULL) + msc_rules_error_cleanup(error); msc_rules_cleanup(rules); msc_cleanup(modsec); diff --git a/src/deps/src/modsecurity/examples/using_bodies_in_chunks/Makefile.am b/src/deps/src/modsecurity/examples/using_bodies_in_chunks/Makefile.am index 799efe7815..5d64537992 100644 --- a/src/deps/src/modsecurity/examples/using_bodies_in_chunks/Makefile.am +++ b/src/deps/src/modsecurity/examples/using_bodies_in_chunks/Makefile.am @@ -21,19 +21,16 @@ simple_request_LDFLAGS = \ -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ -lmodsecurity \ - -lpthread \ -lm \ -lstdc++ \ $(MAXMIND_LDFLAGS) \ $(LMDB_LDFLAGS) \ - -lpthread \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ $(YAJL_LDFLAGS) simple_request_CPPFLAGS = \ $(GLOBAL_CFLAGS) \ - -std=c++11 \ -I$(top_builddir)/headers \ -I$(top_builddir) \ -g \ diff --git a/src/deps/src/modsecurity/examples/using_bodies_in_chunks/simple_request.cc b/src/deps/src/modsecurity/examples/using_bodies_in_chunks/simple_request.cc index ec8795fe8f..783e639b2d 100644 --- a/src/deps/src/modsecurity/examples/using_bodies_in_chunks/simple_request.cc +++ b/src/deps/src/modsecurity/examples/using_bodies_in_chunks/simple_request.cc @@ -13,7 +13,11 @@ * */ +#ifndef WIN32 #include +#else +#include +#endif #include #include diff --git a/src/deps/src/modsecurity/headers/modsecurity/actions/action.h b/src/deps/src/modsecurity/headers/modsecurity/actions/action.h index 374b77d6c6..24f0da6dbe 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/actions/action.h +++ b/src/deps/src/modsecurity/headers/modsecurity/actions/action.h @@ -13,41 +13,66 @@ * */ -#ifdef __cplusplus - -#include -#include -#include - -#endif - -#include "modsecurity/intervention.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_with_actions.h" - #ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_ #define HEADERS_MODSECURITY_ACTIONS_ACTION_H_ #ifdef __cplusplus +#include +#include + namespace modsecurity { class Transaction; class RuleWithOperator; +class RuleWithActions; +class RuleMessage; namespace actions { class Action { public: + /** + * + * Define the action kind regarding to the execution time. + * + * + */ + enum class Kind { + /** + * + * Action that are executed while loading the configuration. For instance + * the rule ID or the rule phase. + * + */ + ConfigurationKind, + /** + * + * Those are actions that demands to be executed before call the operator. + * For instance the tranformations. + * + * + */ + RunTimeBeforeMatchAttemptKind, + /** + * + * Actions that are executed after the execution of the operator, only if + * the operator returned Match (or True). For instance the disruptive + * actions. + * + */ + RunTimeOnlyIfMatchKind, + }; + explicit Action(const std::string& _action) : m_isNone(false), temporaryAction(false), - action_kind(2), + action_kind(Kind::RunTimeOnlyIfMatchKind), m_name(nullptr), m_parser_payload("") { set_name_and_payload(_action); } - explicit Action(const std::string& _action, int kind) + explicit Action(const std::string& _action, Kind kind) : m_isNone(false), temporaryAction(false), action_kind(kind), @@ -74,8 +99,6 @@ class Action { virtual ~Action() { } - virtual std::string evaluate(const std::string &exp, - Transaction *transaction); virtual bool evaluate(RuleWithActions *rule, Transaction *transaction); virtual bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr ruleMessage) { @@ -87,9 +110,9 @@ class Action { void set_name_and_payload(const std::string& data) { size_t pos = data.find(":"); - std::string t = "t:"; + const char t[] = "t:"; - if (data.compare(0, t.length(), t) == 0) { + if (data.compare(0, std::size(t) - 1, t) == 0) { pos = data.find(":", 2); } @@ -109,41 +132,9 @@ class Action { bool m_isNone; bool temporaryAction; - int action_kind; + Kind action_kind; std::shared_ptr m_name; std::string m_parser_payload; - - /** - * - * Define the action kind regarding to the execution time. - * - * - */ - enum Kind { - /** - * - * Action that are executed while loading the configuration. For instance - * the rule ID or the rule phase. - * - */ - ConfigurationKind, - /** - * - * Those are actions that demands to be executed before call the operator. - * For instance the tranformations. - * - * - */ - RunTimeBeforeMatchAttemptKind, - /** - * - * Actions that are executed after the execution of the operator, only if - * the operator returned Match (or True). For instance the disruptive - * actions. - * - */ - RunTimeOnlyIfMatchKind, - }; }; diff --git a/src/deps/src/modsecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h b/src/deps/src/modsecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h index 165e3cad20..f36c69b167 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h +++ b/src/deps/src/modsecurity/headers/modsecurity/anchored_set_variable_translation_proxy.h @@ -47,11 +47,12 @@ class AnchoredSetVariableTranslationProxy { VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey()); const VariableValue *oldVariableValue = l->at(i); l->at(i) = newVariableValue; + newVariableValue->reserveOrigin(oldVariableValue->getOrigin().size()); for (const auto &oldOrigin : oldVariableValue->getOrigin()) { - std::unique_ptr newOrigin(new VariableOrigin); - newOrigin->m_length = oldVariableValue->getKey().size(); - newOrigin->m_offset = oldOrigin->m_offset - oldVariableValue->getKey().size() - 1; - newVariableValue->addOrigin(std::move(newOrigin)); + newVariableValue->addOrigin( + oldVariableValue->getKey().size(), + oldOrigin.m_offset - oldVariableValue->getKey().size() - 1 + ); } delete oldVariableValue; } diff --git a/src/deps/src/modsecurity/headers/modsecurity/anchored_variable.h b/src/deps/src/modsecurity/headers/modsecurity/anchored_variable.h index 703a4f9d10..b3cc101b35 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/anchored_variable.h +++ b/src/deps/src/modsecurity/headers/modsecurity/anchored_variable.h @@ -47,23 +47,11 @@ class AnchoredVariable { AnchoredVariable(const AnchoredVariable &a) = delete; AnchoredVariable &operator= (const AnchoredVariable &a) = delete; - /* - : m_transaction(a.m_transaction), - m_offset(a.m_offset), - m_name(a.m_name), - m_value(a.m_value), - m_var(a.m_var) { } - */ - - ~AnchoredVariable(); + ~AnchoredVariable() = default; void unset(); void set(const std::string &a, size_t offset); void set(const std::string &a, size_t offset, size_t offsetLen); - void append(const std::string &a, size_t offset, - bool spaceSeparator = false); - void append(const std::string &a, size_t offset, - bool spaceSeparator, int size); void evaluate(std::vector *l); std::string * evaluate(); @@ -75,7 +63,7 @@ class AnchoredVariable { std::string m_value; private: - VariableValue *m_var; + VariableValue m_var; }; } // namespace modsecurity diff --git a/src/deps/src/modsecurity/headers/modsecurity/modsecurity.h b/src/deps/src/modsecurity/headers/modsecurity/modsecurity.h index 91654d6094..a829a0e1ce 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/modsecurity.h +++ b/src/deps/src/modsecurity/headers/modsecurity/modsecurity.h @@ -38,10 +38,10 @@ * std::cout << "There is an intervention" << std::endl; * } * - * ... + * ... * * @endcode - * + * */ /** @@ -81,6 +81,11 @@ #endif +#include "modsecurity/intervention.h" +#include "modsecurity/transaction.h" +#include "modsecurity/debug_log.h" + + #ifndef HEADERS_MODSECURITY_MODSECURITY_H_ #define HEADERS_MODSECURITY_MODSECURITY_H_ @@ -160,7 +165,7 @@ namespace modsecurity { LoggingPhase, /** * Just a marking for the expected number of phases. - * + * */ NUMBER_OF_PHASES, }; @@ -170,11 +175,6 @@ namespace modsecurity { #endif - -#include "modsecurity/intervention.h" -#include "modsecurity/transaction.h" -#include "modsecurity/debug_log.h" - /** * TAG_NUM: * @@ -190,7 +190,7 @@ namespace modsecurity { #define MODSECURITY_MAJOR "3" #define MODSECURITY_MINOR "0" -#define MODSECURITY_PATCHLEVEL "12" +#define MODSECURITY_PATCHLEVEL "13" #define MODSECURITY_TAG "" #define MODSECURITY_TAG_NUM "100" @@ -198,7 +198,7 @@ namespace modsecurity { MODSECURITY_MINOR "." MODSECURITY_PATCHLEVEL \ MODSECURITY_TAG -#define MODSECURITY_VERSION_NUM 30120100 +#define MODSECURITY_VERSION_NUM 30130100 #define MODSECURITY_CHECK_VERSION(a) (MODSECURITY_VERSION_NUM <= a) @@ -286,7 +286,7 @@ class ModSecurity { void setServerLogCb(ModSecLogCb cb); /** * - * properties Properties to inform ModSecurity what kind of infornation + * properties Properties to inform ModSecurity what kind of information * is expected be returned. * */ diff --git a/src/deps/src/modsecurity/headers/modsecurity/rule.h b/src/deps/src/modsecurity/headers/modsecurity/rule.h index 1d5570a8df..18e64c0a93 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/rule.h +++ b/src/deps/src/modsecurity/headers/modsecurity/rule.h @@ -52,7 +52,7 @@ namespace operators { class Operator; } -using TransformationResult = std::pair, +using TransformationResult = std::pair>; using TransformationResults = std::list; diff --git a/src/deps/src/modsecurity/headers/modsecurity/rule_message.h b/src/deps/src/modsecurity/headers/modsecurity/rule_message.h index 51eca0e8ef..9e1ef556a6 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/rule_message.h +++ b/src/deps/src/modsecurity/headers/modsecurity/rule_message.h @@ -67,6 +67,7 @@ class RuleMessage { m_ruleLine(rule->getLineNumber()), m_saveMessage(true), m_serverIpAddress(trans->m_serverIpAddress), + m_requestHostName(trans->m_requestHostName), m_severity(0), m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded), m_ver(rule->m_ver), @@ -92,6 +93,7 @@ class RuleMessage { m_ruleLine(rule->m_ruleLine), m_saveMessage(rule->m_saveMessage), m_serverIpAddress(rule->m_serverIpAddress), + m_requestHostName(rule->m_requestHostName), m_severity(rule->m_severity), m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded), m_ver(rule->m_ver), @@ -117,6 +119,7 @@ class RuleMessage { m_ruleLine(ruleMessage.m_ruleLine), m_saveMessage(ruleMessage.m_saveMessage), m_serverIpAddress(ruleMessage.m_serverIpAddress), + m_requestHostName(ruleMessage.m_requestHostName), m_severity(ruleMessage.m_severity), m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded), m_ver(ruleMessage.m_ver), @@ -142,6 +145,7 @@ class RuleMessage { m_ruleLine = ruleMessage.m_ruleLine; m_saveMessage = ruleMessage.m_saveMessage; m_serverIpAddress = ruleMessage.m_serverIpAddress; + m_requestHostName = ruleMessage.m_requestHostName; m_severity = ruleMessage.m_severity; m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded; m_ver = ruleMessage.m_ver; @@ -201,6 +205,7 @@ class RuleMessage { int m_ruleLine; bool m_saveMessage; std::shared_ptr m_serverIpAddress; + std::shared_ptr m_requestHostName; int m_severity; std::shared_ptr m_uriNoQueryStringDecoded; std::string m_ver; diff --git a/src/deps/src/modsecurity/headers/modsecurity/rule_with_actions.h b/src/deps/src/modsecurity/headers/modsecurity/rule_with_actions.h index 4b7db43f73..26967f2aa6 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/rule_with_actions.h +++ b/src/deps/src/modsecurity/headers/modsecurity/rule_with_actions.h @@ -119,16 +119,7 @@ class RuleWithActions : public Rule { void executeTransformations( - Transaction *trasn, const std::string &value, TransformationResults &ret); - - inline void executeTransformation( - actions::transformations::Transformation *a, - std::shared_ptr *value, - Transaction *trans, - TransformationResults *ret, - std::string *path, - int *nth) const; - + const Transaction *trasn, const std::string &value, TransformationResults &ret); void performLogging(Transaction *trans, std::shared_ptr ruleMessage, @@ -166,6 +157,14 @@ class RuleWithActions : public Rule { RuleWithActions *m_chainedRuleParent; private: + inline void executeTransformation( + const actions::transformations::Transformation &a, + std::string &value, + const Transaction *trans, + TransformationResults &ret, + std::string &path, + int &nth) const; + /* actions */ actions::Action *m_disruptiveAction; actions::LogData *m_logData; diff --git a/src/deps/src/modsecurity/headers/modsecurity/rule_with_operator.h b/src/deps/src/modsecurity/headers/modsecurity/rule_with_operator.h index e2fea4e6ac..42fa0f9ecf 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/rule_with_operator.h +++ b/src/deps/src/modsecurity/headers/modsecurity/rule_with_operator.h @@ -50,7 +50,7 @@ class RuleWithOperator : public RuleWithActions { bool evaluate(Transaction *transaction, std::shared_ptr rm) override; - void getVariablesExceptions(Transaction *t, + void getVariablesExceptions(Transaction &t, variables::Variables *exclusion, variables::Variables *addition); inline void getFinalVars(variables::Variables *vars, variables::Variables *eclusion, Transaction *trans); diff --git a/src/deps/src/modsecurity/headers/modsecurity/rules_set.h b/src/deps/src/modsecurity/headers/modsecurity/rules_set.h index 4af55f405e..c5616cc426 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/rules_set.h +++ b/src/deps/src/modsecurity/headers/modsecurity/rules_set.h @@ -99,6 +99,7 @@ int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri, const char **error); int msc_rules_add_file(RulesSet *rules, const char *file, const char **error); int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error); +void msc_rules_error_cleanup(const char *error); int msc_rules_cleanup(RulesSet *rules); #ifdef __cplusplus diff --git a/src/deps/src/modsecurity/headers/modsecurity/rules_set_properties.h b/src/deps/src/modsecurity/headers/modsecurity/rules_set_properties.h index 77b112698c..643abce834 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/rules_set_properties.h +++ b/src/deps/src/modsecurity/headers/modsecurity/rules_set_properties.h @@ -333,9 +333,9 @@ class RulesSetProperties { case FalseConfigBoolean: return "False"; case PropertyNotSetConfigBoolean: + default: return "Not set"; } - return NULL; } diff --git a/src/deps/src/modsecurity/headers/modsecurity/transaction.h b/src/deps/src/modsecurity/headers/modsecurity/transaction.h index b0dc4b7145..c5e8881f10 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/transaction.h +++ b/src/deps/src/modsecurity/headers/modsecurity/transaction.h @@ -14,6 +14,7 @@ */ #ifdef __cplusplus +#include #include #include #include @@ -307,11 +308,8 @@ class TransactionSecMarkerManagement { } std::shared_ptr getCurrentMarker() const { - if (m_marker) { - return m_marker; - } else { - throw; - } + assert((m_marker != nullptr) && "You might have forgotten to call and evaluate isInsideAMarker() before calling getCurrentMarker()."); + return m_marker; } void removeMarker() { @@ -393,6 +391,8 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa int processLogging(); int updateStatusCode(int status); + int setRequestHostName(const std::string& hostname); + bool intervention(ModSecurityIntervention *it); bool addArgument(const std::string& orig, const std::string& key, @@ -405,7 +405,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa size_t getRequestBodyLength(); #ifndef NO_LOGS - void debug(int, const std::string&) const; + void debug(int, const std::string &) const; // cppcheck-suppress functionStatic #endif void serverLog(std::shared_ptr rm); @@ -443,6 +443,11 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa */ std::shared_ptr m_serverIpAddress; + /** + * Holds the request's hostname + */ + std::shared_ptr m_requestHostName; + /** * Holds the raw URI that was requested. */ @@ -718,12 +723,18 @@ void msc_transaction_cleanup(Transaction *transaction); /** @ingroup ModSecurity_C_API */ int msc_intervention(Transaction *transaction, ModSecurityIntervention *it); +/** @ingroup ModSecurity_C_API */ +void msc_intervention_cleanup(ModSecurityIntervention *it); + /** @ingroup ModSecurity_C_API */ int msc_process_logging(Transaction *transaction); /** @ingroup ModSecurity_C_API */ int msc_update_status_code(Transaction *transaction, int status); +/** @ingroup ModSecurity_C_API */ +int msc_set_request_hostname(Transaction *transaction, const unsigned char *hostname); + #ifdef __cplusplus } } // namespace modsecurity diff --git a/src/deps/src/modsecurity/headers/modsecurity/variable_origin.h b/src/deps/src/modsecurity/headers/modsecurity/variable_origin.h index 80ec177b98..4bcab143c8 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/variable_origin.h +++ b/src/deps/src/modsecurity/headers/modsecurity/variable_origin.h @@ -15,6 +15,7 @@ #ifdef __cplusplus #include +#include #endif #ifndef HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_ @@ -36,14 +37,17 @@ class VariableOrigin { VariableOrigin() : m_length(0), m_offset(0) { } + VariableOrigin(size_t length, size_t offset) + : m_length(length), + m_offset(offset) { } - std::string toText() { - std::string offset = std::to_string(m_offset); - std::string len = std::to_string(m_length); + std::string toText() const { + const auto offset = std::to_string(m_offset); + const auto len = std::to_string(m_length); return "v" + offset + "," + len; } - int m_length; + size_t m_length; size_t m_offset; }; diff --git a/src/deps/src/modsecurity/headers/modsecurity/variable_value.h b/src/deps/src/modsecurity/headers/modsecurity/variable_value.h index 06cf854a11..78f17217dd 100644 --- a/src/deps/src/modsecurity/headers/modsecurity/variable_value.h +++ b/src/deps/src/modsecurity/headers/modsecurity/variable_value.h @@ -18,7 +18,7 @@ #include #include #include -#include +#include #include #endif @@ -37,7 +37,7 @@ namespace modsecurity { class Collection; class VariableValue { public: - using Origins = std::list>; + using Origins = std::vector; explicit VariableValue(const std::string *key, const std::string *value = nullptr) @@ -62,11 +62,9 @@ class VariableValue { m_keyWithCollection(o->m_keyWithCollection), m_value(o->m_value) { + reserveOrigin(o->m_orign.size()); for (const auto &i : o->m_orign) { - std::unique_ptr origin(new VariableOrigin()); - origin->m_offset = i->m_offset; - origin->m_length = i->m_length; - m_orign.push_back(std::move(origin)); + addOrigin(i); } } @@ -98,8 +96,14 @@ class VariableValue { } - void addOrigin(std::unique_ptr origin) { - m_orign.push_back(std::move(origin)); + void addOrigin(const VariableOrigin &origin) { + m_orign.emplace_back(origin); + } + + + template + void addOrigin(Args&&... args) { + m_orign.emplace_back(args...); } @@ -107,6 +111,12 @@ class VariableValue { return m_orign; } + + void reserveOrigin(Origins::size_type additionalSize) { + m_orign.reserve(m_orign.size() + additionalSize); + } + + private: Origins m_orign; std::string m_collection; diff --git a/src/deps/src/modsecurity/modsecurity.conf-recommended b/src/deps/src/modsecurity/modsecurity.conf-recommended index 395d82cedc..4f5034fbbc 100644 --- a/src/deps/src/modsecurity/modsecurity.conf-recommended +++ b/src/deps/src/modsecurity/modsecurity.conf-recommended @@ -281,5 +281,7 @@ SecUnicodeMapFile unicode.mapping 20127 # The following information will be shared: ModSecurity version, # Web Server version, APR version, PCRE version, Lua version, Libxml2 # version, Anonymous unique id for host. -SecStatusEngine On +# NB: As of April 2022, there is no longer any advantage to turning this +# setting On, as there is no active receiver for the information. +SecStatusEngine Off diff --git a/src/deps/src/modsecurity/others/Makefile.am b/src/deps/src/modsecurity/others/Makefile.am index 7501d55899..956c8d901d 100644 --- a/src/deps/src/modsecurity/others/Makefile.am +++ b/src/deps/src/modsecurity/others/Makefile.am @@ -1,28 +1,33 @@ noinst_LTLIBRARIES = libinjection.la libmbedtls.la + libinjection_la_SOURCES = \ libinjection/src/libinjection_html5.c \ libinjection/src/libinjection_sqli.c \ libinjection/src/libinjection_xss.c +libinjection_la_CFLAGS = -D LIBINJECTION_VERSION=\"${LIBINJECTION_VERSION}\" +libinjection_la_LIBADD = + noinst_HEADERS = \ libinjection/src/libinjection.h \ libinjection/src/libinjection_html5.h \ libinjection/src/libinjection_sqli.h \ libinjection/src/libinjection_sqli_data.h \ libinjection/src/libinjection_xss.h \ - mbedtls/base64.h \ - mbedtls/check_config.h \ - mbedtls/mbed-tls-config.h \ - mbedtls/md5.h \ - mbedtls/platform.h \ - mbedtls/sha1.h + mbedtls/include/mbedtls/base64.h \ + mbedtls/include/mbedtls/check_config.h \ + mbedtls/include/mbedtls/mbedtls_config.h \ + mbedtls/include/mbedtls/md5.h \ + mbedtls/include/mbedtls/platform.h \ + mbedtls/include/mbedtls/sha1.h libmbedtls_la_SOURCES = \ - mbedtls/base64.c \ - mbedtls/md5.c \ - mbedtls/sha1.c + mbedtls/library/base64.c \ + mbedtls/library/md5.c \ + mbedtls/library/sha1.c \ + mbedtls/library/platform_util.c -libmbedtls_la_CFLAGS = -D MBEDTLS_CONFIG_FILE=\"mbed-tls-config.h\" -Iothers +libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -Imbedtls/include libmbedtls_la_CPPFLAGS = libmbedtls_la_LIBADD = diff --git a/src/deps/src/modsecurity/others/mbedtls b/src/deps/src/modsecurity/others/mbedtls new file mode 160000 index 0000000000..2ca6c285a0 --- /dev/null +++ b/src/deps/src/modsecurity/others/mbedtls @@ -0,0 +1 @@ +Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206 diff --git a/src/deps/src/modsecurity/others/mbedtls/base64.c b/src/deps/src/modsecurity/others/mbedtls/base64.c deleted file mode 100644 index db8c230766..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/base64.c +++ /dev/null @@ -1,289 +0,0 @@ -/* - * RFC 1521 base64 encoding/decoding - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_BASE64_C) - -#include "mbedtls/base64.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#include -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -static const unsigned char base64_enc_map[64] = -{ - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', - 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', - 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', - 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', '+', '/' -}; - -static const unsigned char base64_dec_map[128] = -{ - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 62, 127, 127, 127, 63, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 127, 127, - 127, 64, 127, 127, 127, 0, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 127, 127, 127, 127, 127, 127, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 127, 127, 127, 127, 127 -}; - -#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ - -/* - * Encode a buffer into base64 format - */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ) -{ - size_t i, n; - int C1, C2, C3; - unsigned char *p; - - if( slen == 0 ) - { - *olen = 0; - return( 0 ); - } - - n = slen / 3 + ( slen % 3 != 0 ); - - if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 ) - { - *olen = BASE64_SIZE_T_MAX; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); - } - - n *= 4; - - if( dlen < n + 1 ) - { - *olen = n + 1; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); - } - - n = ( slen / 3 ) * 3; - - for( i = 0, p = dst; i < n; i += 3 ) - { - C1 = *src++; - C2 = *src++; - C3 = *src++; - - *p++ = base64_enc_map[(C1 >> 2) & 0x3F]; - *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F]; - *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F]; - *p++ = base64_enc_map[C3 & 0x3F]; - } - - if( i < slen ) - { - C1 = *src++; - C2 = ( ( i + 1 ) < slen ) ? *src++ : 0; - - *p++ = base64_enc_map[(C1 >> 2) & 0x3F]; - *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F]; - - if( ( i + 1 ) < slen ) - *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F]; - else *p++ = '='; - - *p++ = '='; - } - - *olen = p - dst; - *p = 0; - - return( 0 ); -} - -/* - * Decode a base64-formatted buffer - */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ) -{ - size_t i, n; - uint32_t j, x; - unsigned char *p; - - /* First pass: check for validity and get output length */ - for( i = n = j = 0; i < slen; i++ ) - { - /* Skip spaces before checking for EOL */ - x = 0; - while( i < slen && src[i] == ' ' ) - { - ++i; - ++x; - } - - /* Spaces at end of buffer are OK */ - if( i == slen ) - break; - - if( ( slen - i ) >= 2 && - src[i] == '\r' && src[i + 1] == '\n' ) - continue; - - if( src[i] == '\n' ) - continue; - - /* Space inside a line is an error */ - if( x != 0 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - if( src[i] == '=' && ++j > 2 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - if( src[i] > 127 || base64_dec_map[src[i]] == 127 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - if( base64_dec_map[src[i]] < 64 && j != 0 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - n++; - } - - if( n == 0 ) - { - *olen = 0; - return( 0 ); - } - - n = ( ( n * 6 ) + 7 ) >> 3; - n -= j; - - if( dst == NULL || dlen < n ) - { - *olen = n; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); - } - - for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ ) - { - if( *src == '\r' || *src == '\n' || *src == ' ' ) - continue; - - j -= ( base64_dec_map[*src] == 64 ); - x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F ); - - if( ++n == 4 ) - { - n = 0; - if( j > 0 ) *p++ = (unsigned char)( x >> 16 ); - if( j > 1 ) *p++ = (unsigned char)( x >> 8 ); - if( j > 2 ) *p++ = (unsigned char)( x ); - } - } - - *olen = p - dst; - - return( 0 ); -} - -#if defined(MBEDTLS_SELF_TEST) - -static const unsigned char base64_test_dec[64] = -{ - 0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD, - 0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01, - 0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09, - 0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13, - 0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31, - 0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38, - 0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B, - 0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97 -}; - -static const unsigned char base64_test_enc[] = - "JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK" - "swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw=="; - -/* - * Checkup routine - */ -int mbedtls_base64_self_test( int verbose ) -{ - size_t len; - const unsigned char *src; - unsigned char buffer[128]; - - if( verbose != 0 ) - mbedtls_printf( " Base64 encoding test: " ); - - src = base64_test_dec; - - if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 || - memcmp( base64_test_enc, buffer, 88 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n Base64 decoding test: " ); - - src = base64_test_enc; - - if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 || - memcmp( base64_test_dec, buffer, 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n\n" ); - - return( 0 ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_BASE64_C */ \ No newline at end of file diff --git a/src/deps/src/modsecurity/others/mbedtls/base64.h b/src/deps/src/modsecurity/others/mbedtls/base64.h deleted file mode 100644 index ef227871b2..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/base64.h +++ /dev/null @@ -1,88 +0,0 @@ -/** - * \file base64.h - * - * \brief RFC 1521 base64 encoding/decoding - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_BASE64_H -#define MBEDTLS_BASE64_H - -#include - -#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ -#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Encode a buffer into base64 format - * - * \param dst destination buffer - * \param dlen size of the destination buffer - * \param olen number of bytes written - * \param src source buffer - * \param slen amount of data to be encoded - * - * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. - * *olen is always updated to reflect the amount - * of data that has (or would have) been written. - * If that length cannot be represented, then no data is - * written to the buffer and *olen is set to the maximum - * length representable as a size_t. - * - * \note Call this function with dlen = 0 to obtain the - * required buffer size in *olen - */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); - -/** - * \brief Decode a base64-formatted buffer - * - * \param dst destination buffer (can be NULL for checking size) - * \param dlen size of the destination buffer - * \param olen number of bytes written - * \param src source buffer - * \param slen amount of data to be decoded - * - * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or - * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is - * not correct. *olen is always updated to reflect the amount - * of data that has (or would have) been written. - * - * \note Call this function with *dst = NULL or dlen = 0 to obtain - * the required buffer size in *olen - */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_base64_self_test( int verbose ); - -#ifdef __cplusplus -} -#endif - -#endif /* base64.h */ \ No newline at end of file diff --git a/src/deps/src/modsecurity/others/mbedtls/check_config.h b/src/deps/src/modsecurity/others/mbedtls/check_config.h deleted file mode 100644 index b6448ecef9..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/check_config.h +++ /dev/null @@ -1,540 +0,0 @@ -/** - * \file check_config.h - * - * \brief Consistency checks for configuration options - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -/* - * It is recommended to include this file from your config.h - * in order to catch dependency issues early. - */ - -#ifndef MBEDTLS_CHECK_CONFIG_H -#define MBEDTLS_CHECK_CONFIG_H - -/* - * We assume CHAR_BIT is 8 in many places. In practice, this is true on our - * target platforms, so not an issue, but let's just be extra sure. - */ -#include -#if CHAR_BIT != 8 -#error "mbed TLS requires a platform with 8-bit chars" -#endif - -#if defined(_WIN32) -#if !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_C is required on Windows" -#endif - -/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as - * it would confuse config.pl. */ -#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_SNPRINTF_ALT -#endif -#endif /* _WIN32 */ - -#if defined(TARGET_LIKE_MBED) && \ - ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) ) -#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS" -#endif - -#if defined(MBEDTLS_DEPRECATED_WARNING) && \ - !defined(__GNUC__) && !defined(__clang__) -#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang" -#endif - -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME) -#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" -#endif - -#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_AESNI_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) -#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C) -#error "MBEDTLS_DHM_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) -#error "MBEDTLS_ECDH_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECDSA_C) && \ - ( !defined(MBEDTLS_ECP_C) || \ - !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_ASN1_WRITE_C) ) -#error "MBEDTLS_ECDSA_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECJPAKE_C) && \ - ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) ) -#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) -#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ - !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) ) -#error "MBEDTLS_ECP_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA256_C)) -#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64) -#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" -#endif -#if defined(MBEDTLS_ENTROPY_C) && \ - ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \ - && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) -#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" -#endif -#if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C) -#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_GCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) ) -#error "MBEDTLS_GCM_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C) -#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C) -#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C) -#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_ECDH_C) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) ) -#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C) -#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C) -#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_C) && \ - ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) ) -#error "MBEDTLS_PK_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C) -#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C) -#error "MBEDTLS_PKCS11_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\ - defined(MBEDTLS_PLATFORM_EXIT_ALT) ) -#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\ - defined(MBEDTLS_PLATFORM_FPRINTF_ALT) ) -#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) ) -#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\ - defined(MBEDTLS_PLATFORM_STD_FREE) -#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO) -#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is" -#endif - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) ) -#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\ - defined(MBEDTLS_PLATFORM_STD_CALLOC) -#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO) -#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is" -#endif - -#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\ - defined(MBEDTLS_PLATFORM_PRINTF_ALT) ) -#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\ - defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) ) -#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\ - !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) -#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY) -#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY) -#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY) -#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\ - !defined(MBEDTLS_PLATFORM_EXIT_ALT) -#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\ - !defined(MBEDTLS_PLATFORM_FPRINTF_ALT) -#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\ - !defined(MBEDTLS_PLATFORM_PRINTF_ALT) -#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\ - !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) -#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) ) -#error "MBEDTLS_RSA_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) -#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) || \ - !defined(MBEDTLS_SHA1_C) ) -#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \ - !defined(MBEDTLS_SHA1_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) || \ - !defined(MBEDTLS_SHA1_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \ - !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \ - !defined(MBEDTLS_MD_C) ) -#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2)) -#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1)) -#error "Illegal protocol selection" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1)) -#error "Illegal protocol selection" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \ - !defined(MBEDTLS_SSL_PROTO_TLS1_1))) -#error "Illegal protocol selection" -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS) -#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \ - !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites" -#endif - -#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C) -#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \ - !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1) -#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - !defined(MBEDTLS_X509_CRT_PARSE_C) -#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_THREADING_PTHREAD) -#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) -#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" -#endif -#define MBEDTLS_THREADING_IMPL -#endif - -#if defined(MBEDTLS_THREADING_ALT) -#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) -#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" -#endif -#define MBEDTLS_THREADING_IMPL -#endif - -#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL) -#error "MBEDTLS_THREADING_C defined, single threading implementation required" -#endif -#undef MBEDTLS_THREADING_IMPL - -#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C) -#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) ) -#error "MBEDTLS_X509_USE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) ) -#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" -#endif - -/* - * Avoid warning from -pedantic. This is a convenient place for this - * workaround since this is included by every single file before the - * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units. - */ -typedef int mbedtls_iso_c_forbids_empty_translation_units; - -#endif /* MBEDTLS_CHECK_CONFIG_H */ diff --git a/src/deps/src/modsecurity/others/mbedtls/mbed-tls-config.h b/src/deps/src/modsecurity/others/mbedtls/mbed-tls-config.h deleted file mode 100644 index ad564cfc71..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/mbed-tls-config.h +++ /dev/null @@ -1,2511 +0,0 @@ -/** - * \file config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/timing.c - * library/padlock.c - * include/mbedtls/bn_mul.h - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * \def MBEDTLS_HAVE_SSE2 - * - * CPU supports SSE2 instruction set. - * - * Uncomment if the CPU supports SSE2 (IA-32 specific). - */ -//#define MBEDTLS_HAVE_SSE2 - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Comment if your system does not support time functions - */ -#define MBEDTLS_HAVE_TIME - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h and time(), gmtime() and the clock is correct. - * The time needs to be correct (not necesarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - */ -#define MBEDTLS_HAVE_TIME_DATE - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -//#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -/** - * \def MBEDTLS_PLATFORM_EXIT_ALT - * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the - * function in the platform abstraction layer. - * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will - * provide a function "mbedtls_platform_set_printf()" that allows you to set an - * alternative printf function pointer. - * - * All these define require MBEDTLS_PLATFORM_C to be defined! - * - * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; - * it will be enabled automatically by check_config.h - * - * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as - * MBEDTLS_PLATFORM_XXX_MACRO! - * - * Uncomment a macro to enable alternate implementation of specific base - * platform function - */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT - -/** - * \def MBEDTLS_DEPRECATED_WARNING - * - * Mark deprecated functions so that they generate a warning if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * This only works with GCC and Clang. With other compilers, you may want to - * use MBEDTLS_DEPRECATED_REMOVED - * - * Uncomment to get warnings on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_WARNING - -/** - * \def MBEDTLS_DEPRECATED_REMOVED - * - * Remove deprecated functions so that they generate an error if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * Uncomment to get errors on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_REMOVED - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternate core implementation of a symmetric crypto or hash module (e.g. - * platform specific assembly optimized implementations). Keep in mind that - * the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base function - * declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - */ -//#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARC4_ALT -//#define MBEDTLS_BLOWFISH_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_XTEA_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT - -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Store the AES tables in ROM. - * - * Uncomment this macro to store the AES tables in ROM. - */ -//#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_CAMELLIA_SMALL_MEMORY - * - * Use less ROM for the Camellia implementation (saves about 768 bytes). - * - * Uncomment this macro to use less memory for Camellia. - */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_NULL_CIPHER - * - * Enable NULL cipher. - * Warning: Only do so when you know what you are doing. This allows for - * encryption or channels without any security! - * - * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable - * the following ciphersuites: - * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA - * - * Uncomment this macro to enable the NULL cipher and ciphersuites - */ -//#define MBEDTLS_CIPHER_NULL_CIPHER - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** - * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES - * - * Enable weak ciphersuites in SSL / TLS. - * Warning: Only do so when you know what you are doing. This allows for - * channels with virtually no security at all! - * - * This enables the following ciphersuites: - * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA - * - * Uncomment this macro to enable weak ciphersuites - */ -//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES - * - * Remove RC4 ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on RC4 from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to - * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them - * explicitly. - * - * Uncomment this macro to remove RC4 ciphersuites by default. - */ -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. - */ -#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - * Do not add default entropy sources. These are the platform specific, - * mbedtls_timing_hardclock and HAVEGE based poll functions. - * - * This is useful to have more control over the added entropy sources in an - * application. - * - * Uncomment this macro to prevent loading of default entropy functions. - */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -//#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_FORCE_SHA256 - * - * Force the entropy accumulator to use a SHA-256 accumulator instead of the - * default SHA-512 based one (if both are available). - * - * Requires: MBEDTLS_SHA256_C - * - * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option - * if you have performance concerns. - * - * This option is only useful if both MBEDTLS_SHA256_C and - * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. - */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/** - * \def MBEDTLS_MEMORY_DEBUG - * - * Enable debugging of buffer allocator memory issues. Automatically prints - * (to stderr) all (fatal) messages on memory allocation issues. Enables - * function for 'debug output' of allocated memory. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Uncomment this macro to let the buffer allocator print out error messages. - */ -//#define MBEDTLS_MEMORY_DEBUG - -/** - * \def MBEDTLS_MEMORY_BACKTRACE - * - * Include backtrace information with each allocated block. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support - * - * Uncomment this macro to include backtrace information - */ -//#define MBEDTLS_MEMORY_BACKTRACE - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** - * \def MBEDTLS_RSA_NO_CRT - * - * Do not use the Chinese Remainder Theorem for the RSA private operation. - * - * Uncomment this macro to disable the use of CRT in RSA. - * - */ -//#define MBEDTLS_RSA_NO_CRT - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -//#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonnable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -//#define MBEDTLS_SHA256_SMALLER - -/** - * \def MBEDTLS_SSL_AEAD_RANDOM_IV - * - * Generate a random IV rather than using the record sequence number as a - * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). - * - * Using the sequence number is generally recommended. - * - * Uncomment this macro to always use random IVs with AEAD ciphersuites. - */ -//#define MBEDTLS_SSL_AEAD_RANDOM_IV - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_FALLBACK_SCSV - * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). - * - * For servers, it is recommended to always enable this, unless you support - * only one version of TLS, or know for sure that none of your clients - * implements a fallback strategy. - * - * For clients, you only need this if you're using a fallback strategy, which - * is not recommended in the first place, unless you absolutely need it to - * interoperate with buggy (version-intolerant) servers. - * - * Comment this macro to disable support for FALLBACK_SCSV - */ -#define MBEDTLS_SSL_FALLBACK_SCSV - -/** - * \def MBEDTLS_SSL_HW_RECORD_ACCEL - * - * Enable hooking functions in SSL module for hardware acceleration of - * individual records. - * - * Uncomment this macro to enable hooking functions. - */ -//#define MBEDTLS_SSL_HW_RECORD_ACCEL - -/** - * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING - * - * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. - * - * This is a countermeasure to the BEAST attack, which also minimizes the risk - * of interoperability issues compared to sending 0-length records. - * - * Comment this macro to disable 1/n-1 record splitting. - */ -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Disable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - * - * Enable support for receiving and parsing SSLv2 Client Hello messages for the - * SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to enable support for SSLv2 Client Hello messages. - */ -//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - -/** - * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - * - * Pick the ciphersuite according to the client's preferences rather than ours - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to respect client's ciphersuite order - */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_SSL3 - * - * Enable support for SSL 3.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 - */ -#define MBEDTLS_SSL_PROTO_SSL3 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1 - * - * Enable support for TLS 1.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1_1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - -/** - * \def MBEDTLS_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. - */ -//#define MBEDTLS_THREADING_ALT - -/** - * \def MBEDTLS_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to enable pthread mutexes. - */ -//#define MBEDTLS_THREADING_PTHREAD - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_ZLIB_SUPPORT - * - * If set, the SSL/TLS module uses ZLIB to support compression and - * decompression of packet data. - * - * \warning TLS-level compression MAY REDUCE SECURITY! See for example the - * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. - * - * \note Currently compression can't be used with DTLS. - * - * Used in: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This feature requires zlib library and headers to be present. - * - * Uncomment to enable use of ZLIB - */ -//#define MBEDTLS_ZLIB_SUPPORT -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/ssl_tls.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_ARC4_C - * - * Enable the ARCFOUR stream cipher. - * - * Module: library/arc4.c - * Caller: library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_ARC4_C - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#define MBEDTLS_BLOWFISH_C - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_CAMELLIA_C - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#define MBEDTLS_CCM_C - -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-256-based random generator. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES-256 random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - */ -#define MBEDTLS_DES_C - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#define MBEDTLS_ECDH_C - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C - */ -#define MBEDTLS_ECDSA_C - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -//#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#define MBEDTLS_ECP_C - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM) for AES. - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#define MBEDTLS_GCM_C - -/** - * \def MBEDTLS_HAVEGE_C - * - * Enable the HAVEGE random generator. - * - * Warning: the HAVEGE random generator is not suitable for virtualized - * environments - * - * Warning: the HAVEGE random generator is dependent on timing and specific - * processor traits. It is therefore not advised to use HAVEGE as - * your applications primary random generator or primary entropy pool - * input. As a secondary input to your entropy pool, it IS able add - * the (limited) extra entropy it provides. - * - * Module: library/havege.c - * Caller: - * - * Requires: MBEDTLS_TIMING_C - * - * Uncomment to enable the HAVEGE random generator. - */ -//#define MBEDTLS_HAVEGE_C - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/mbedtls_md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD2_C - * - * Enable the MD2 hash algorithm. - * - * Module: library/mbedtls_md2.c - * Caller: - * - * Uncomment to enable support for (rare) MD2-signed X.509 certs. - */ -//#define MBEDTLS_MD2_C - -/** - * \def MBEDTLS_MD4_C - * - * Enable the MD4 hash algorithm. - * - * Module: library/mbedtls_md4.c - * Caller: - * - * Uncomment to enable support for (rare) MD4-signed X.509 certs. - */ -//#define MBEDTLS_MD4_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for SSL/TLS and X.509. - * PEM_PARSE uses MD5 for decrypting encrypted keys. - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP/IP networking routines. - * - * Module: library/net.c - * - * This module provides TCP/IP networking routines. - */ -#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#define MBEDTLS_PEM_PARSE_C - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#define MBEDTLS_PEM_WRITE_C - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c - * - */ -#define MBEDTLS_RIPEMD160_C - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for SSL/TLS and SHA1-signed certificates. - */ -#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. - * - * Module: library/mbedtls_sha256.c - * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. - * - * Module: library/mbedtls_sha512.c - * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This module adds support for SHA-384 and SHA-512. - */ -#define MBEDTLS_SHA512_C - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_THREADING_C - * - * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either MBEDTLS_THREADING_ALT or - * MBEDTLS_THREADING_PTHREAD. - * - * Enable this layer to allow use of mutexes within mbed TLS - */ -//#define MBEDTLS_THREADING_C - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the portable timing interface. - * - * Module: library/timing.c - * Caller: library/havege.c - * - * This module is used by the HAVEGE random number generator. - */ -#define MBEDTLS_TIMING_C - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/mbedtls_x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/mbedtls_x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#define MBEDTLS_XTEA_C - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ - -/* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ - -/* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ - -/* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ - -/* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ - -/* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -/* SSL options */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ -//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ - -/* \} name SECTION: Module configuration options */ - -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif - -/* - * Allow user to override any previous default. - * - * Use two macro names for that, as: - * - with yotta the prefix YOTTA_CFG_ is forced - * - without yotta is looks weird to have a YOTTA prefix. - */ -#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) -#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE -#elif defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#include "check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/src/deps/src/modsecurity/others/mbedtls/md5.c b/src/deps/src/modsecurity/others/mbedtls/md5.c deleted file mode 100644 index 3fb6531cfb..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/md5.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * RFC 1321 compliant MD5 implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -/* - * The MD5 algorithm was designed by Ron Rivest in 1991. - * - * http://www.ietf.org/rfc/rfc1321.txt - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_MD5_C) - -#include "mbedtls/md5.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if !defined(MBEDTLS_MD5_ALT) - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - -void mbedtls_md5_init( mbedtls_md5_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md5_context ) ); -} - -void mbedtls_md5_free( mbedtls_md5_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) ); -} - -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ) -{ - *dst = *src; -} - -/* - * MD5 context setup - */ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xEFCDAB89; - ctx->state[2] = 0x98BADCFE; - ctx->state[3] = 0x10325476; -} - -#if !defined(MBEDTLS_MD5_PROCESS_ALT) -void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) -{ - uint32_t X[16], A, B, C, D; - - GET_UINT32_LE( X[ 0], data, 0 ); - GET_UINT32_LE( X[ 1], data, 4 ); - GET_UINT32_LE( X[ 2], data, 8 ); - GET_UINT32_LE( X[ 3], data, 12 ); - GET_UINT32_LE( X[ 4], data, 16 ); - GET_UINT32_LE( X[ 5], data, 20 ); - GET_UINT32_LE( X[ 6], data, 24 ); - GET_UINT32_LE( X[ 7], data, 28 ); - GET_UINT32_LE( X[ 8], data, 32 ); - GET_UINT32_LE( X[ 9], data, 36 ); - GET_UINT32_LE( X[10], data, 40 ); - GET_UINT32_LE( X[11], data, 44 ); - GET_UINT32_LE( X[12], data, 48 ); - GET_UINT32_LE( X[13], data, 52 ); - GET_UINT32_LE( X[14], data, 56 ); - GET_UINT32_LE( X[15], data, 60 ); - -#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) - -#define P(a,b,c,d,k,s,t) \ -{ \ - a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \ -} - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - -#define F(x,y,z) (z ^ (x & (y ^ z))) - - P( A, B, C, D, 0, 7, 0xD76AA478 ); - P( D, A, B, C, 1, 12, 0xE8C7B756 ); - P( C, D, A, B, 2, 17, 0x242070DB ); - P( B, C, D, A, 3, 22, 0xC1BDCEEE ); - P( A, B, C, D, 4, 7, 0xF57C0FAF ); - P( D, A, B, C, 5, 12, 0x4787C62A ); - P( C, D, A, B, 6, 17, 0xA8304613 ); - P( B, C, D, A, 7, 22, 0xFD469501 ); - P( A, B, C, D, 8, 7, 0x698098D8 ); - P( D, A, B, C, 9, 12, 0x8B44F7AF ); - P( C, D, A, B, 10, 17, 0xFFFF5BB1 ); - P( B, C, D, A, 11, 22, 0x895CD7BE ); - P( A, B, C, D, 12, 7, 0x6B901122 ); - P( D, A, B, C, 13, 12, 0xFD987193 ); - P( C, D, A, B, 14, 17, 0xA679438E ); - P( B, C, D, A, 15, 22, 0x49B40821 ); - -#undef F - -#define F(x,y,z) (y ^ (z & (x ^ y))) - - P( A, B, C, D, 1, 5, 0xF61E2562 ); - P( D, A, B, C, 6, 9, 0xC040B340 ); - P( C, D, A, B, 11, 14, 0x265E5A51 ); - P( B, C, D, A, 0, 20, 0xE9B6C7AA ); - P( A, B, C, D, 5, 5, 0xD62F105D ); - P( D, A, B, C, 10, 9, 0x02441453 ); - P( C, D, A, B, 15, 14, 0xD8A1E681 ); - P( B, C, D, A, 4, 20, 0xE7D3FBC8 ); - P( A, B, C, D, 9, 5, 0x21E1CDE6 ); - P( D, A, B, C, 14, 9, 0xC33707D6 ); - P( C, D, A, B, 3, 14, 0xF4D50D87 ); - P( B, C, D, A, 8, 20, 0x455A14ED ); - P( A, B, C, D, 13, 5, 0xA9E3E905 ); - P( D, A, B, C, 2, 9, 0xFCEFA3F8 ); - P( C, D, A, B, 7, 14, 0x676F02D9 ); - P( B, C, D, A, 12, 20, 0x8D2A4C8A ); - -#undef F - -#define F(x,y,z) (x ^ y ^ z) - - P( A, B, C, D, 5, 4, 0xFFFA3942 ); - P( D, A, B, C, 8, 11, 0x8771F681 ); - P( C, D, A, B, 11, 16, 0x6D9D6122 ); - P( B, C, D, A, 14, 23, 0xFDE5380C ); - P( A, B, C, D, 1, 4, 0xA4BEEA44 ); - P( D, A, B, C, 4, 11, 0x4BDECFA9 ); - P( C, D, A, B, 7, 16, 0xF6BB4B60 ); - P( B, C, D, A, 10, 23, 0xBEBFBC70 ); - P( A, B, C, D, 13, 4, 0x289B7EC6 ); - P( D, A, B, C, 0, 11, 0xEAA127FA ); - P( C, D, A, B, 3, 16, 0xD4EF3085 ); - P( B, C, D, A, 6, 23, 0x04881D05 ); - P( A, B, C, D, 9, 4, 0xD9D4D039 ); - P( D, A, B, C, 12, 11, 0xE6DB99E5 ); - P( C, D, A, B, 15, 16, 0x1FA27CF8 ); - P( B, C, D, A, 2, 23, 0xC4AC5665 ); - -#undef F - -#define F(x,y,z) (y ^ (x | ~z)) - - P( A, B, C, D, 0, 6, 0xF4292244 ); - P( D, A, B, C, 7, 10, 0x432AFF97 ); - P( C, D, A, B, 14, 15, 0xAB9423A7 ); - P( B, C, D, A, 5, 21, 0xFC93A039 ); - P( A, B, C, D, 12, 6, 0x655B59C3 ); - P( D, A, B, C, 3, 10, 0x8F0CCC92 ); - P( C, D, A, B, 10, 15, 0xFFEFF47D ); - P( B, C, D, A, 1, 21, 0x85845DD1 ); - P( A, B, C, D, 8, 6, 0x6FA87E4F ); - P( D, A, B, C, 15, 10, 0xFE2CE6E0 ); - P( C, D, A, B, 6, 15, 0xA3014314 ); - P( B, C, D, A, 13, 21, 0x4E0811A1 ); - P( A, B, C, D, 4, 6, 0xF7537E82 ); - P( D, A, B, C, 11, 10, 0xBD3AF235 ); - P( C, D, A, B, 2, 15, 0x2AD7D2BB ); - P( B, C, D, A, 9, 21, 0xEB86D391 ); - -#undef F - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; -} -#endif /* !MBEDTLS_MD5_PROCESS_ALT */ - -/* - * MD5 process buffer - */ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) -{ - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_md5_process( ctx, ctx->buffer ); - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - mbedtls_md5_process( ctx, input ); - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), input, ilen ); - } -} - -static const unsigned char md5_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * MD5 final digest - */ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) -{ - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_LE( low, msglen, 0 ); - PUT_UINT32_LE( high, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - mbedtls_md5_update( ctx, md5_padding, padn ); - mbedtls_md5_update( ctx, msglen, 8 ); - - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); -} - -#endif /* !MBEDTLS_MD5_ALT */ - -/* - * output = MD5( input buffer ) - */ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) -{ - mbedtls_md5_context ctx; - - mbedtls_md5_init( &ctx ); - mbedtls_md5_starts( &ctx ); - mbedtls_md5_update( &ctx, input, ilen ); - mbedtls_md5_finish( &ctx, output ); - mbedtls_md5_free( &ctx ); -} - -#if defined(MBEDTLS_SELF_TEST) -/* - * RFC 1321 test vectors - */ -static const unsigned char md5_test_buf[7][81] = -{ - { "" }, - { "a" }, - { "abc" }, - { "message digest" }, - { "abcdefghijklmnopqrstuvwxyz" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ - "345678901234567890" } -}; - -static const int md5_test_buflen[7] = -{ - 0, 1, 3, 14, 26, 62, 80 -}; - -static const unsigned char md5_test_sum[7][16] = -{ - { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04, - 0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E }, - { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8, - 0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 }, - { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, - 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 }, - { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D, - 0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 }, - { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00, - 0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B }, - { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5, - 0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F }, - { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55, - 0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A } -}; - -/* - * Checkup routine - */ -int mbedtls_md5_self_test( int verbose ) -{ - int i; - unsigned char md5sum[16]; - - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD5 test #%d: ", i + 1 ); - - mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum ); - - if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_MD5_C */ \ No newline at end of file diff --git a/src/deps/src/modsecurity/others/mbedtls/md5.h b/src/deps/src/modsecurity/others/mbedtls/md5.h deleted file mode 100644 index f3ef80f8ec..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/md5.h +++ /dev/null @@ -1,136 +0,0 @@ -/** - * \file md5.h - * - * \brief MD5 message digest algorithm (hash function) - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_MD5_H -#define MBEDTLS_MD5_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include - -#if !defined(MBEDTLS_MD5_ALT) -// Regular implementation -// - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief MD5 context structure - */ -typedef struct -{ - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[4]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ -} -mbedtls_md5_context; - -/** - * \brief Initialize MD5 context - * - * \param ctx MD5 context to be initialized - */ -void mbedtls_md5_init( mbedtls_md5_context *ctx ); - -/** - * \brief Clear MD5 context - * - * \param ctx MD5 context to be cleared - */ -void mbedtls_md5_free( mbedtls_md5_context *ctx ); - -/** - * \brief Clone (the state of) an MD5 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ); - -/** - * \brief MD5 context setup - * - * \param ctx context to be initialized - */ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ); - -/** - * \brief MD5 process buffer - * - * \param ctx MD5 context - * \param input buffer holding the data - * \param ilen length of the input data - */ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief MD5 final digest - * - * \param ctx MD5 context - * \param output MD5 checksum result - */ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); - -/* Internal use */ -void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); - -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD5_ALT */ -#include "md5_alt.h" -#endif /* MBEDTLS_MD5_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Output = MD5( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output MD5 checksum result - */ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_md5_self_test( int verbose ); - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_md5.h */ \ No newline at end of file diff --git a/src/deps/src/modsecurity/others/mbedtls/platform.h b/src/deps/src/modsecurity/others/mbedtls/platform.h deleted file mode 100644 index f71f1b6494..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/platform.h +++ /dev/null @@ -1,214 +0,0 @@ -/** - * \file platform.h - * - * \brief mbed TLS Platform abstraction layer - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_PLATFORM_H -#define MBEDTLS_PLATFORM_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) -#include -#include -#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) -#if defined(_WIN32) -#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */ -#else -#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */ -#endif -#endif -#if !defined(MBEDTLS_PLATFORM_STD_PRINTF) -#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF) -#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_CALLOC) -#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_FREE) -#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_EXIT) -#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default free to use */ -#endif -#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ -#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) -#include MBEDTLS_PLATFORM_STD_MEM_HDR -#endif -#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ - -/* \} name SECTION: Module settings */ - -/* - * The function pointers for calloc and free - */ -#if defined(MBEDTLS_PLATFORM_MEMORY) -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \ - defined(MBEDTLS_PLATFORM_CALLOC_MACRO) -#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO -#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO -#else -/* For size_t */ -#include -extern void * (*mbedtls_calloc)( size_t n, size_t size ); -extern void (*mbedtls_free)( void *ptr ); - -/** - * \brief Set your own memory implementation function pointers - * - * \param calloc_func the calloc function implementation - * \param free_func the free function implementation - * - * \return 0 if successful - */ -int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), - void (*free_func)( void * ) ); -#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */ -#else /* !MBEDTLS_PLATFORM_MEMORY */ -#define mbedtls_free free -#define mbedtls_calloc calloc -#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */ - -/* - * The function pointers for fprintf - */ -#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) -/* We need FILE * */ -#include -extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); - -/** - * \brief Set your own fprintf function pointer - * - * \param fprintf_func the fprintf function implementation - * - * \return 0 - */ -int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, - ... ) ); -#else -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) -#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO -#else -#define mbedtls_fprintf fprintf -#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ - -/* - * The function pointers for printf - */ -#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) -extern int (*mbedtls_printf)( const char *format, ... ); - -/** - * \brief Set your own printf function pointer - * - * \param printf_func the printf function implementation - * - * \return 0 - */ -int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); -#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) -#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO -#else -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */ - -/* - * The function pointers for snprintf - * - * The snprintf implementation should conform to C99: - * - it *must* always correctly zero-terminate the buffer - * (except when n == 0, then it must leave the buffer untouched) - * - however it is acceptable to return -1 instead of the required length when - * the destination buffer is too short. - */ -#if defined(_WIN32) -/* For Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) -extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); - -/** - * \brief Set your own snprintf function pointer - * - * \param snprintf_func the snprintf function implementation - * - * \return 0 - */ -int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, - const char * format, ... ) ); -#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO -#else -#define mbedtls_snprintf snprintf -#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ - -/* - * The function pointers for exit - */ -#if defined(MBEDTLS_PLATFORM_EXIT_ALT) -extern void (*mbedtls_exit)( int status ); - -/** - * \brief Set your own exit function pointer - * - * \param exit_func the exit function implementation - * - * \return 0 - */ -int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); -#else -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) -#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO -#else -#define mbedtls_exit exit -#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */ -#endif /* MBEDTLS_PLATFORM_EXIT_ALT */ - -#ifdef __cplusplus -} -#endif - -#endif /* platform.h */ diff --git a/src/deps/src/modsecurity/others/mbedtls/sha1.c b/src/deps/src/modsecurity/others/mbedtls/sha1.c deleted file mode 100644 index 4fd83522f5..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/sha1.c +++ /dev/null @@ -1,448 +0,0 @@ -/* - * FIPS-180-1 compliant SHA-1 implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA1_C) - -#include "mbedtls/sha1.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if !defined(MBEDTLS_SHA1_ALT) - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) -{ - *dst = *src; -} - -/* - * SHA-1 context setup - */ -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xEFCDAB89; - ctx->state[2] = 0x98BADCFE; - ctx->state[3] = 0x10325476; - ctx->state[4] = 0xC3D2E1F0; -} - -#if !defined(MBEDTLS_SHA1_PROCESS_ALT) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) -{ - uint32_t temp, W[16], A, B, C, D, E; - - GET_UINT32_BE( W[ 0], data, 0 ); - GET_UINT32_BE( W[ 1], data, 4 ); - GET_UINT32_BE( W[ 2], data, 8 ); - GET_UINT32_BE( W[ 3], data, 12 ); - GET_UINT32_BE( W[ 4], data, 16 ); - GET_UINT32_BE( W[ 5], data, 20 ); - GET_UINT32_BE( W[ 6], data, 24 ); - GET_UINT32_BE( W[ 7], data, 28 ); - GET_UINT32_BE( W[ 8], data, 32 ); - GET_UINT32_BE( W[ 9], data, 36 ); - GET_UINT32_BE( W[10], data, 40 ); - GET_UINT32_BE( W[11], data, 44 ); - GET_UINT32_BE( W[12], data, 48 ); - GET_UINT32_BE( W[13], data, 52 ); - GET_UINT32_BE( W[14], data, 56 ); - GET_UINT32_BE( W[15], data, 60 ); - -#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) - -#define R(t) \ -( \ - temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ - W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ - ( W[t & 0x0F] = S(temp,1) ) \ -) - -#define P(a,b,c,d,e,x) \ -{ \ - e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ -} - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - -#define F(x,y,z) (z ^ (x & (y ^ z))) -#define K 0x5A827999 - - P( A, B, C, D, E, W[0] ); - P( E, A, B, C, D, W[1] ); - P( D, E, A, B, C, W[2] ); - P( C, D, E, A, B, W[3] ); - P( B, C, D, E, A, W[4] ); - P( A, B, C, D, E, W[5] ); - P( E, A, B, C, D, W[6] ); - P( D, E, A, B, C, W[7] ); - P( C, D, E, A, B, W[8] ); - P( B, C, D, E, A, W[9] ); - P( A, B, C, D, E, W[10] ); - P( E, A, B, C, D, W[11] ); - P( D, E, A, B, C, W[12] ); - P( C, D, E, A, B, W[13] ); - P( B, C, D, E, A, W[14] ); - P( A, B, C, D, E, W[15] ); - P( E, A, B, C, D, R(16) ); - P( D, E, A, B, C, R(17) ); - P( C, D, E, A, B, R(18) ); - P( B, C, D, E, A, R(19) ); - -#undef K -#undef F - -#define F(x,y,z) (x ^ y ^ z) -#define K 0x6ED9EBA1 - - P( A, B, C, D, E, R(20) ); - P( E, A, B, C, D, R(21) ); - P( D, E, A, B, C, R(22) ); - P( C, D, E, A, B, R(23) ); - P( B, C, D, E, A, R(24) ); - P( A, B, C, D, E, R(25) ); - P( E, A, B, C, D, R(26) ); - P( D, E, A, B, C, R(27) ); - P( C, D, E, A, B, R(28) ); - P( B, C, D, E, A, R(29) ); - P( A, B, C, D, E, R(30) ); - P( E, A, B, C, D, R(31) ); - P( D, E, A, B, C, R(32) ); - P( C, D, E, A, B, R(33) ); - P( B, C, D, E, A, R(34) ); - P( A, B, C, D, E, R(35) ); - P( E, A, B, C, D, R(36) ); - P( D, E, A, B, C, R(37) ); - P( C, D, E, A, B, R(38) ); - P( B, C, D, E, A, R(39) ); - -#undef K -#undef F - -#define F(x,y,z) ((x & y) | (z & (x | y))) -#define K 0x8F1BBCDC - - P( A, B, C, D, E, R(40) ); - P( E, A, B, C, D, R(41) ); - P( D, E, A, B, C, R(42) ); - P( C, D, E, A, B, R(43) ); - P( B, C, D, E, A, R(44) ); - P( A, B, C, D, E, R(45) ); - P( E, A, B, C, D, R(46) ); - P( D, E, A, B, C, R(47) ); - P( C, D, E, A, B, R(48) ); - P( B, C, D, E, A, R(49) ); - P( A, B, C, D, E, R(50) ); - P( E, A, B, C, D, R(51) ); - P( D, E, A, B, C, R(52) ); - P( C, D, E, A, B, R(53) ); - P( B, C, D, E, A, R(54) ); - P( A, B, C, D, E, R(55) ); - P( E, A, B, C, D, R(56) ); - P( D, E, A, B, C, R(57) ); - P( C, D, E, A, B, R(58) ); - P( B, C, D, E, A, R(59) ); - -#undef K -#undef F - -#define F(x,y,z) (x ^ y ^ z) -#define K 0xCA62C1D6 - - P( A, B, C, D, E, R(60) ); - P( E, A, B, C, D, R(61) ); - P( D, E, A, B, C, R(62) ); - P( C, D, E, A, B, R(63) ); - P( B, C, D, E, A, R(64) ); - P( A, B, C, D, E, R(65) ); - P( E, A, B, C, D, R(66) ); - P( D, E, A, B, C, R(67) ); - P( C, D, E, A, B, R(68) ); - P( B, C, D, E, A, R(69) ); - P( A, B, C, D, E, R(70) ); - P( E, A, B, C, D, R(71) ); - P( D, E, A, B, C, R(72) ); - P( C, D, E, A, B, R(73) ); - P( B, C, D, E, A, R(74) ); - P( A, B, C, D, E, R(75) ); - P( E, A, B, C, D, R(76) ); - P( D, E, A, B, C, R(77) ); - P( C, D, E, A, B, R(78) ); - P( B, C, D, E, A, R(79) ); - -#undef K -#undef F - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; -} -#endif /* !MBEDTLS_SHA1_PROCESS_ALT */ - -/* - * SHA-1 process buffer - */ -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) -{ - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha1_process( ctx, ctx->buffer ); - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - mbedtls_sha1_process( ctx, input ); - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); -} - -static const unsigned char sha1_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-1 final digest - */ -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) -{ - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - mbedtls_sha1_update( ctx, sha1_padding, padn ); - mbedtls_sha1_update( ctx, msglen, 8 ); - - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); -} - -#endif /* !MBEDTLS_SHA1_ALT */ - -/* - * output = SHA-1( input buffer ) - */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) -{ - mbedtls_sha1_context ctx; - - mbedtls_sha1_init( &ctx ); - mbedtls_sha1_starts( &ctx ); - mbedtls_sha1_update( &ctx, input, ilen ); - mbedtls_sha1_finish( &ctx, output ); - mbedtls_sha1_free( &ctx ); -} - -#if defined(MBEDTLS_SELF_TEST) -/* - * FIPS-180-1 test vectors - */ -static const unsigned char sha1_test_buf[3][57] = -{ - { "abc" }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, - { "" } -}; - -static const int sha1_test_buflen[3] = -{ - 3, 56, 1000 -}; - -static const unsigned char sha1_test_sum[3][20] = -{ - { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, - 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }, - { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, - 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }, - { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, - 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F } -}; - -/* - * Checkup routine - */ -int mbedtls_sha1_self_test( int verbose ) -{ - int i, j, buflen, ret = 0; - unsigned char buf[1024]; - unsigned char sha1sum[20]; - mbedtls_sha1_context ctx; - - mbedtls_sha1_init( &ctx ); - - /* - * SHA-1 - */ - for( i = 0; i < 3; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - - mbedtls_sha1_starts( &ctx ); - - if( i == 2 ) - { - memset( buf, 'a', buflen = 1000 ); - - for( j = 0; j < 1000; j++ ) - mbedtls_sha1_update( &ctx, buf, buflen ); - } - else - mbedtls_sha1_update( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ); - - mbedtls_sha1_finish( &ctx, sha1sum ); - - if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - -exit: - mbedtls_sha1_free( &ctx ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_SHA1_C */ \ No newline at end of file diff --git a/src/deps/src/modsecurity/others/mbedtls/sha1.h b/src/deps/src/modsecurity/others/mbedtls/sha1.h deleted file mode 100644 index 22a585976b..0000000000 --- a/src/deps/src/modsecurity/others/mbedtls/sha1.h +++ /dev/null @@ -1,136 +0,0 @@ -/** - * \file sha1.h - * - * \brief SHA-1 cryptographic hash function - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_SHA1_H -#define MBEDTLS_SHA1_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include - -#if !defined(MBEDTLS_SHA1_ALT) -// Regular implementation -// - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief SHA-1 context structure - */ -typedef struct -{ - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[5]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ -} -mbedtls_sha1_context; - -/** - * \brief Initialize SHA-1 context - * - * \param ctx SHA-1 context to be initialized - */ -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); - -/** - * \brief Clear SHA-1 context - * - * \param ctx SHA-1 context to be cleared - */ -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); - -/** - * \brief Clone (the state of) a SHA-1 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ); - -/** - * \brief SHA-1 context setup - * - * \param ctx context to be initialized - */ -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); - -/** - * \brief SHA-1 process buffer - * - * \param ctx SHA-1 context - * \param input buffer holding the data - * \param ilen length of the input data - */ -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief SHA-1 final digest - * - * \param ctx SHA-1 context - * \param output SHA-1 checksum result - */ -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); - -/* Internal use */ -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); - -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" -#endif /* MBEDTLS_SHA1_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Output = SHA-1( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-1 checksum result - */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_sha1_self_test( int verbose ); - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_sha1.h */ \ No newline at end of file diff --git a/src/deps/src/modsecurity/src/Makefile.am b/src/deps/src/modsecurity/src/Makefile.am index 5078c4c0c8..6153036cf0 100644 --- a/src/deps/src/modsecurity/src/Makefile.am +++ b/src/deps/src/modsecurity/src/Makefile.am @@ -219,7 +219,6 @@ OPERATORS = \ operators/no_match.cc \ operators/operator.cc \ operators/pm.cc \ - operators/pm_f.cc \ operators/pm_from_file.cc \ operators/rbl.cc \ operators/rsub.cc \ @@ -248,12 +247,9 @@ UTILS = \ utils/geo_lookup.cc \ utils/https_client.cc \ utils/ip_tree.cc \ - utils/md5.cc \ utils/msc_tree.cc \ utils/random.cc \ utils/regex.cc \ - utils/sha1.cc \ - utils/string.cc \ utils/system.cc \ utils/shared_files.cc @@ -311,10 +307,10 @@ libmodsecurity_la_CFLAGS = libmodsecurity_la_CPPFLAGS = \ - -std=c++11 \ -I.. \ -g \ -I../others \ + -I../others/mbedtls/include \ -fPIC \ -O3 \ -I../headers \ @@ -322,7 +318,6 @@ libmodsecurity_la_CPPFLAGS = \ $(GEOIP_CFLAGS) \ $(GLOBAL_CPPFLAGS) \ $(MODSEC_NO_LOGS) \ - $(MODSEC_MUTEX_ON_PM) \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ diff --git a/src/deps/src/modsecurity/src/actions/accuracy.cc b/src/deps/src/modsecurity/src/actions/accuracy.cc index c8cfca72aa..ace9f1c5c4 100644 --- a/src/deps/src/modsecurity/src/actions/accuracy.cc +++ b/src/deps/src/modsecurity/src/actions/accuracy.cc @@ -15,16 +15,10 @@ #include "src/actions/accuracy.h" -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" - -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { bool Accuracy::init(std::string *error) { @@ -45,5 +39,4 @@ bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) { } -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/accuracy.h b/src/deps/src/modsecurity/src/actions/accuracy.h index f787af190c..bbcdba5864 100644 --- a/src/deps/src/modsecurity/src/actions/accuracy.h +++ b/src/deps/src/modsecurity/src/actions/accuracy.h @@ -30,7 +30,7 @@ namespace actions { class Accuracy : public Action { public: explicit Accuracy(const std::string &action) - : Action(action, ConfigurationKind), + : Action(action, Kind::ConfigurationKind), m_accuracy(0) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/action.cc b/src/deps/src/modsecurity/src/actions/action.cc index e58e2067e7..dd329a509f 100644 --- a/src/deps/src/modsecurity/src/actions/action.cc +++ b/src/deps/src/modsecurity/src/actions/action.cc @@ -45,12 +45,6 @@ namespace modsecurity { namespace actions { -std::string Action::evaluate(const std::string &value, - Transaction *transaction) { - return value; -} - - bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) { return true; } diff --git a/src/deps/src/modsecurity/src/actions/audit_log.h b/src/deps/src/modsecurity/src/actions/audit_log.h index d870de2ac3..cde743870a 100644 --- a/src/deps/src/modsecurity/src/actions/audit_log.h +++ b/src/deps/src/modsecurity/src/actions/audit_log.h @@ -33,7 +33,7 @@ namespace actions { class AuditLog : public Action { public: explicit AuditLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; diff --git a/src/deps/src/modsecurity/src/actions/capture.h b/src/deps/src/modsecurity/src/actions/capture.h index 33207439c9..0b072ece0b 100644 --- a/src/deps/src/modsecurity/src/actions/capture.h +++ b/src/deps/src/modsecurity/src/actions/capture.h @@ -29,7 +29,7 @@ namespace actions { class Capture : public Action { public: explicit Capture(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/deps/src/modsecurity/src/actions/chain.cc b/src/deps/src/modsecurity/src/actions/chain.cc index 197f861ff2..62f0409c74 100644 --- a/src/deps/src/modsecurity/src/actions/chain.cc +++ b/src/deps/src/modsecurity/src/actions/chain.cc @@ -15,14 +15,9 @@ #include "src/actions/chain.h" -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" - -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) { @@ -31,5 +26,4 @@ bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) { } -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/chain.h b/src/deps/src/modsecurity/src/actions/chain.h index c5642baa6e..3b04f17e9b 100644 --- a/src/deps/src/modsecurity/src/actions/chain.h +++ b/src/deps/src/modsecurity/src/actions/chain.h @@ -33,7 +33,7 @@ namespace actions { class Chain : public Action { public: explicit Chain(const std::string &action) - : Action(action, ConfigurationKind) { } + : Action(action, Kind::ConfigurationKind) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/deps/src/modsecurity/src/actions/ctl/audit_engine.h b/src/deps/src/modsecurity/src/actions/ctl/audit_engine.h index 03e0cb4cc6..b822a6675e 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/audit_engine.h +++ b/src/deps/src/modsecurity/src/actions/ctl/audit_engine.h @@ -34,7 +34,7 @@ namespace ctl { class AuditEngine : public Action { public: explicit AuditEngine(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_auditEngine(audit_log::AuditLog::AuditLogStatus::NotSetLogStatus) { } bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/ctl/audit_log_parts.h b/src/deps/src/modsecurity/src/actions/ctl/audit_log_parts.h index f4980780ef..0eb7c6b2fd 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/audit_log_parts.h +++ b/src/deps/src/modsecurity/src/actions/ctl/audit_log_parts.h @@ -29,7 +29,7 @@ namespace ctl { class AuditLogParts : public Action { public: explicit AuditLogParts(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), mPartsAction(0), mParts("") { } diff --git a/src/deps/src/modsecurity/src/actions/ctl/request_body_access.h b/src/deps/src/modsecurity/src/actions/ctl/request_body_access.h index afe3b3d489..1dcc88c587 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/request_body_access.h +++ b/src/deps/src/modsecurity/src/actions/ctl/request_body_access.h @@ -30,7 +30,7 @@ namespace ctl { class RequestBodyAccess : public Action { public: explicit RequestBodyAccess(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_request_body_access(false) { } bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_json.h b/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_json.h index 48125597e0..9d726b1722 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_json.h +++ b/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_json.h @@ -29,7 +29,7 @@ namespace ctl { class RequestBodyProcessorJSON : public Action { public: explicit RequestBodyProcessorJSON(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_urlencoded.h b/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_urlencoded.h index 5b5557d431..0277664aff 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_urlencoded.h +++ b/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_urlencoded.h @@ -29,7 +29,7 @@ namespace ctl { class RequestBodyProcessorURLENCODED : public Action { public: explicit RequestBodyProcessorURLENCODED(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_xml.h b/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_xml.h index 9084d1d98a..5bd15edd8e 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_xml.h +++ b/src/deps/src/modsecurity/src/actions/ctl/request_body_processor_xml.h @@ -29,7 +29,7 @@ namespace ctl { class RequestBodyProcessorXML : public Action { public: explicit RequestBodyProcessorXML(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/deps/src/modsecurity/src/actions/ctl/rule_engine.h b/src/deps/src/modsecurity/src/actions/ctl/rule_engine.h index fca5d39b16..7aef4232dc 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/rule_engine.h +++ b/src/deps/src/modsecurity/src/actions/ctl/rule_engine.h @@ -31,7 +31,7 @@ namespace ctl { class RuleEngine : public Action { public: explicit RuleEngine(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { } bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_id.h b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_id.h index e0f0902b8a..f731db31cc 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_id.h +++ b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_id.h @@ -30,7 +30,7 @@ namespace ctl { class RuleRemoveById : public Action { public: explicit RuleRemoveById(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool init(std::string *error) override; bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_tag.h b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_tag.h index 5689b7b166..e85cdbfa78 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_tag.h +++ b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_by_tag.h @@ -30,7 +30,7 @@ namespace ctl { class RuleRemoveByTag : public Action { public: explicit RuleRemoveByTag(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_tag("") { } bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_id.h b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_id.h index d71e4fc215..92b7286dfb 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_id.h +++ b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_id.h @@ -30,7 +30,7 @@ namespace ctl { class RuleRemoveTargetById : public Action { public: explicit RuleRemoveTargetById(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_id(0), m_target("") { } diff --git a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_tag.h b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_tag.h index 7863e5a521..b4e212395c 100644 --- a/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_tag.h +++ b/src/deps/src/modsecurity/src/actions/ctl/rule_remove_target_by_tag.h @@ -30,7 +30,7 @@ namespace ctl { class RuleRemoveTargetByTag : public Action { public: explicit RuleRemoveTargetByTag(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool init(std::string *error) override; bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/data/status.h b/src/deps/src/modsecurity/src/actions/data/status.h index d792247d68..566a927ea3 100644 --- a/src/deps/src/modsecurity/src/actions/data/status.h +++ b/src/deps/src/modsecurity/src/actions/data/status.h @@ -33,8 +33,8 @@ namespace data { class Status : public Action { public: - explicit Status(const std::string &action) : Action(action, 2), - m_status(0) { } + explicit Status(const std::string &action) + : Action(action), m_status(0) { } bool init(std::string *error) override; bool evaluate(RuleWithActions *rule, Transaction *transaction, diff --git a/src/deps/src/modsecurity/src/actions/disruptive/allow.h b/src/deps/src/modsecurity/src/actions/disruptive/allow.h index d9a716cec7..a6d538a476 100644 --- a/src/deps/src/modsecurity/src/actions/disruptive/allow.h +++ b/src/deps/src/modsecurity/src/actions/disruptive/allow.h @@ -54,7 +54,7 @@ enum AllowType : int { class Allow : public Action { public: explicit Allow(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_allowType(NoneAllowType) { } diff --git a/src/deps/src/modsecurity/src/actions/disruptive/redirect.h b/src/deps/src/modsecurity/src/actions/disruptive/redirect.h index 46b5d51a96..72ecf98e4b 100644 --- a/src/deps/src/modsecurity/src/actions/disruptive/redirect.h +++ b/src/deps/src/modsecurity/src/actions/disruptive/redirect.h @@ -37,12 +37,12 @@ namespace disruptive { class Redirect : public Action { public: explicit Redirect(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_status(0), m_string(nullptr) { } explicit Redirect(std::unique_ptr z) - : Action("redirert", RunTimeOnlyIfMatchKind), + : Action("redirert"), m_status(0), m_string(std::move(z)) { } diff --git a/src/deps/src/modsecurity/src/actions/expire_var.h b/src/deps/src/modsecurity/src/actions/expire_var.h index 1b1537bb94..f0ca7496fe 100644 --- a/src/deps/src/modsecurity/src/actions/expire_var.h +++ b/src/deps/src/modsecurity/src/actions/expire_var.h @@ -36,7 +36,7 @@ class ExpireVar : public Action { explicit ExpireVar(const std::string &action) : Action(action) { } explicit ExpireVar(std::unique_ptr z) - : Action("expirevar", RunTimeOnlyIfMatchKind), + : Action("expirevar"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/init_col.h b/src/deps/src/modsecurity/src/actions/init_col.h index 16d7ace921..f5a9263b93 100644 --- a/src/deps/src/modsecurity/src/actions/init_col.h +++ b/src/deps/src/modsecurity/src/actions/init_col.h @@ -35,7 +35,7 @@ class InitCol : public Action { explicit InitCol(const std::string &action) : Action(action) { } InitCol(const std::string &action, std::unique_ptr z) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/log.h b/src/deps/src/modsecurity/src/actions/log.h index 736d4a1304..d2cb5cd26c 100644 --- a/src/deps/src/modsecurity/src/actions/log.h +++ b/src/deps/src/modsecurity/src/actions/log.h @@ -31,7 +31,7 @@ namespace actions { class Log : public Action { public: explicit Log(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; diff --git a/src/deps/src/modsecurity/src/actions/log_data.h b/src/deps/src/modsecurity/src/actions/log_data.h index da2fbf4df0..6e618f2a86 100644 --- a/src/deps/src/modsecurity/src/actions/log_data.h +++ b/src/deps/src/modsecurity/src/actions/log_data.h @@ -33,10 +33,10 @@ namespace actions { class LogData : public Action { public: explicit LogData(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } explicit LogData(std::unique_ptr z) - : Action("logdata", RunTimeOnlyIfMatchKind), + : Action("logdata"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction, diff --git a/src/deps/src/modsecurity/src/actions/maturity.cc b/src/deps/src/modsecurity/src/actions/maturity.cc index 131d2148bd..fca6aaa4aa 100644 --- a/src/deps/src/modsecurity/src/actions/maturity.cc +++ b/src/deps/src/modsecurity/src/actions/maturity.cc @@ -15,16 +15,10 @@ #include "src/actions/maturity.h" -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" - -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { bool Maturity::init(std::string *error) { @@ -45,5 +39,4 @@ bool Maturity::evaluate(RuleWithActions *rule, Transaction *transaction) { } -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/maturity.h b/src/deps/src/modsecurity/src/actions/maturity.h index dd185efaa2..3f873af404 100644 --- a/src/deps/src/modsecurity/src/actions/maturity.h +++ b/src/deps/src/modsecurity/src/actions/maturity.h @@ -30,7 +30,7 @@ namespace actions { class Maturity : public Action { public: explicit Maturity(const std::string &action) - : Action(action, ConfigurationKind), + : Action(action, Kind::ConfigurationKind), m_maturity(0) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/msg.h b/src/deps/src/modsecurity/src/actions/msg.h index 61661194ba..c75e6d6eb3 100644 --- a/src/deps/src/modsecurity/src/actions/msg.h +++ b/src/deps/src/modsecurity/src/actions/msg.h @@ -34,10 +34,10 @@ namespace actions { class Msg : public Action { public: explicit Msg(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } explicit Msg(std::unique_ptr z) - : Action("msg", RunTimeOnlyIfMatchKind), + : Action("msg"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction, diff --git a/src/deps/src/modsecurity/src/actions/multi_match.h b/src/deps/src/modsecurity/src/actions/multi_match.h index b0fd2c767e..71fe288fe9 100644 --- a/src/deps/src/modsecurity/src/actions/multi_match.h +++ b/src/deps/src/modsecurity/src/actions/multi_match.h @@ -33,7 +33,7 @@ namespace actions { class MultiMatch : public Action { public: explicit MultiMatch(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/deps/src/modsecurity/src/actions/no_audit_log.h b/src/deps/src/modsecurity/src/actions/no_audit_log.h index dbd5d098fb..6deb5e4a88 100644 --- a/src/deps/src/modsecurity/src/actions/no_audit_log.h +++ b/src/deps/src/modsecurity/src/actions/no_audit_log.h @@ -33,7 +33,7 @@ namespace actions { class NoAuditLog : public Action { public: explicit NoAuditLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; diff --git a/src/deps/src/modsecurity/src/actions/no_log.h b/src/deps/src/modsecurity/src/actions/no_log.h index 87d4e30593..193a64ea2e 100644 --- a/src/deps/src/modsecurity/src/actions/no_log.h +++ b/src/deps/src/modsecurity/src/actions/no_log.h @@ -31,7 +31,7 @@ namespace actions { class NoLog : public Action { public: explicit NoLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action) { } bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; diff --git a/src/deps/src/modsecurity/src/actions/phase.cc b/src/deps/src/modsecurity/src/actions/phase.cc index 2e9e727786..1d17ec33c8 100644 --- a/src/deps/src/modsecurity/src/actions/phase.cc +++ b/src/deps/src/modsecurity/src/actions/phase.cc @@ -15,20 +15,15 @@ #include "src/actions/phase.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/modsecurity.h" +#include "modsecurity/rule_with_actions.h" #include "src/utils/string.h" -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { + bool Phase::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + const auto a = utils::string::tolower(m_parser_payload); m_phase = -1; try { @@ -77,5 +72,5 @@ bool Phase::evaluate(RuleWithActions *rule, Transaction *transaction) { return true; } -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/phase.h b/src/deps/src/modsecurity/src/actions/phase.h index 0fada3c3c5..7c81458440 100644 --- a/src/deps/src/modsecurity/src/actions/phase.h +++ b/src/deps/src/modsecurity/src/actions/phase.h @@ -32,7 +32,7 @@ namespace actions { class Phase : public Action { public: - explicit Phase(const std::string &action) : Action(action, ConfigurationKind), + explicit Phase(const std::string &action) : Action(action, Kind::ConfigurationKind), m_phase(0), m_secRulesPhase(0) { } diff --git a/src/deps/src/modsecurity/src/actions/rev.cc b/src/deps/src/modsecurity/src/actions/rev.cc index 43d8d1be46..6543a5dab1 100644 --- a/src/deps/src/modsecurity/src/actions/rev.cc +++ b/src/deps/src/modsecurity/src/actions/rev.cc @@ -15,16 +15,10 @@ #include "src/actions/rev.h" -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" - -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { bool Rev::init(std::string *error) { @@ -39,5 +33,4 @@ bool Rev::evaluate(RuleWithActions *rule, Transaction *transaction) { } -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/rev.h b/src/deps/src/modsecurity/src/actions/rev.h index 9e3c1bfb64..a023b42521 100644 --- a/src/deps/src/modsecurity/src/actions/rev.h +++ b/src/deps/src/modsecurity/src/actions/rev.h @@ -29,7 +29,7 @@ namespace actions { class Rev : public Action { public: - explicit Rev(const std::string &action) : Action(action, ConfigurationKind) { } + explicit Rev(const std::string &action) : Action(action, Kind::ConfigurationKind) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/rule_id.cc b/src/deps/src/modsecurity/src/actions/rule_id.cc index d16bf63bec..c7864707b7 100644 --- a/src/deps/src/modsecurity/src/actions/rule_id.cc +++ b/src/deps/src/modsecurity/src/actions/rule_id.cc @@ -15,14 +15,10 @@ #include "src/actions/rule_id.h" -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { bool RuleId::init(std::string *error) { @@ -54,5 +50,4 @@ bool RuleId::evaluate(RuleWithActions *rule, Transaction *transaction) { } -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/rule_id.h b/src/deps/src/modsecurity/src/actions/rule_id.h index 2e26f87f52..8f16c95e17 100644 --- a/src/deps/src/modsecurity/src/actions/rule_id.h +++ b/src/deps/src/modsecurity/src/actions/rule_id.h @@ -33,7 +33,7 @@ namespace actions { class RuleId : public Action { public: explicit RuleId(const std::string &action) - : Action(action, ConfigurationKind), + : Action(action, Kind::ConfigurationKind), m_ruleId(0) { } bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/set_env.cc b/src/deps/src/modsecurity/src/actions/set_env.cc index e1c3afdba3..2929065313 100644 --- a/src/deps/src/modsecurity/src/actions/set_env.cc +++ b/src/deps/src/modsecurity/src/actions/set_env.cc @@ -37,7 +37,11 @@ bool SetENV::evaluate(RuleWithActions *rule, Transaction *t) { auto pair = utils::string::ssplit_pair(colNameExpanded, '='); ms_dbg_a(t, 8, "Setting environment variable: " + pair.first + " to " + pair.second); +#ifndef WIN32 setenv(pair.first.c_str(), pair.second.c_str(), /*overwrite*/ 1); +#else + _putenv_s(pair.first.c_str(), pair.second.c_str()); +#endif return true; } diff --git a/src/deps/src/modsecurity/src/actions/set_env.h b/src/deps/src/modsecurity/src/actions/set_env.h index 33ccfc3380..cc24c28508 100644 --- a/src/deps/src/modsecurity/src/actions/set_env.h +++ b/src/deps/src/modsecurity/src/actions/set_env.h @@ -36,7 +36,7 @@ class SetENV : public Action { : Action(_action) { } explicit SetENV(std::unique_ptr z) - : Action("setenv", RunTimeOnlyIfMatchKind), + : Action("setenv"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/set_rsc.h b/src/deps/src/modsecurity/src/actions/set_rsc.h index 5913b7c799..7830ee92c3 100644 --- a/src/deps/src/modsecurity/src/actions/set_rsc.h +++ b/src/deps/src/modsecurity/src/actions/set_rsc.h @@ -36,7 +36,7 @@ class SetRSC : public Action { : Action(_action) { } explicit SetRSC(std::unique_ptr z) - : Action("setsrc", RunTimeOnlyIfMatchKind), + : Action("setsrc"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/set_sid.h b/src/deps/src/modsecurity/src/actions/set_sid.h index 64f8f3cc78..dca45433d1 100644 --- a/src/deps/src/modsecurity/src/actions/set_sid.h +++ b/src/deps/src/modsecurity/src/actions/set_sid.h @@ -36,7 +36,7 @@ class SetSID : public Action { : Action(_action) { } explicit SetSID(std::unique_ptr z) - : Action("setsid", RunTimeOnlyIfMatchKind), + : Action("setsid"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/set_uid.h b/src/deps/src/modsecurity/src/actions/set_uid.h index b8c3a0db74..76893999fc 100644 --- a/src/deps/src/modsecurity/src/actions/set_uid.h +++ b/src/deps/src/modsecurity/src/actions/set_uid.h @@ -36,7 +36,7 @@ class SetUID : public Action { : Action(_action) { } explicit SetUID(std::unique_ptr z) - : Action("setuid", RunTimeOnlyIfMatchKind), + : Action("setuid"), m_string(std::move(z)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/set_var.cc b/src/deps/src/modsecurity/src/actions/set_var.cc index 6befdf0ccb..f30ae18864 100644 --- a/src/deps/src/modsecurity/src/actions/set_var.cc +++ b/src/deps/src/modsecurity/src/actions/set_var.cc @@ -51,18 +51,12 @@ bool SetVar::evaluate(RuleWithActions *rule, Transaction *t) { std::string m_variableNameExpanded; auto *v = m_variable.get(); - variables::Tx_DynamicElement *tx = dynamic_cast< - variables::Tx_DynamicElement *> (v); - variables::Session_DynamicElement *session = dynamic_cast< - variables::Session_DynamicElement *> (v); - variables::Ip_DynamicElement *ip = dynamic_cast< - variables::Ip_DynamicElement *> (v); - variables::Resource_DynamicElement *resource = dynamic_cast< - variables::Resource_DynamicElement *> (v); - variables::Global_DynamicElement *global = dynamic_cast< - variables::Global_DynamicElement *> (v); - variables::User_DynamicElement *user = dynamic_cast< - variables::User_DynamicElement *> (v); + auto tx = dynamic_cast (v); + auto session = dynamic_cast (v); + auto ip = dynamic_cast (v); + auto resource = dynamic_cast (v); + auto global = dynamic_cast (v); + auto user = dynamic_cast (v); if (tx) { m_variableNameExpanded = tx->m_string->evaluate(t, rule); } else if (session) { diff --git a/src/deps/src/modsecurity/src/actions/skip.h b/src/deps/src/modsecurity/src/actions/skip.h index 71e5d7aa05..ee24abe7be 100644 --- a/src/deps/src/modsecurity/src/actions/skip.h +++ b/src/deps/src/modsecurity/src/actions/skip.h @@ -30,7 +30,7 @@ namespace actions { class Skip : public Action { public: explicit Skip(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_skip_next(0) { } bool init(std::string *error) override; diff --git a/src/deps/src/modsecurity/src/actions/skip_after.h b/src/deps/src/modsecurity/src/actions/skip_after.h index f7e0680d72..39b2c26967 100644 --- a/src/deps/src/modsecurity/src/actions/skip_after.h +++ b/src/deps/src/modsecurity/src/actions/skip_after.h @@ -31,7 +31,7 @@ namespace actions { class SkipAfter : public Action { public: explicit SkipAfter(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + : Action(action), m_skipName(std::make_shared(m_parser_payload)) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/actions/tag.h b/src/deps/src/modsecurity/src/actions/tag.h index 75369f5f7c..bf3988b5bb 100644 --- a/src/deps/src/modsecurity/src/actions/tag.h +++ b/src/deps/src/modsecurity/src/actions/tag.h @@ -33,7 +33,7 @@ namespace actions { class Tag : public Action { public: explicit Tag(std::unique_ptr z) - : Action("tag", RunTimeOnlyIfMatchKind), + : Action("tag"), m_string(std::move(z)) { } std::string getName(Transaction *transaction); diff --git a/src/deps/src/modsecurity/src/actions/transformations/base64_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/base64_decode.cc index 8ddfe23525..fe910e5012 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/base64_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/base64_decode.cc @@ -13,33 +13,19 @@ * */ -#include "src/actions/transformations/base64_decode.h" +#include "base64_decode.h" -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" -namespace modsecurity { -namespace actions { -namespace transformations { - +namespace modsecurity::actions::transformations { -std::string Base64Decode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret = Utils::Base64::decode(value); - return ret; +bool Base64Decode::transform(std::string &value, const Transaction *trans) const { + if (value.empty()) return false; + value = Utils::Base64::decode(value); + return true; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/base64_decode.h b/src/deps/src/modsecurity/src/actions/transformations/base64_decode.h index a82276990b..8c97dbe87e 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/base64_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/base64_decode.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Base64Decode : public Transformation { public: - explicit Base64Decode(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.cc b/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.cc index ee8e4b5b2c..e6c13987f6 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.cc @@ -13,33 +13,19 @@ * */ -#include "src/actions/transformations/base64_decode_ext.h" +#include "base64_decode_ext.h" -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" -namespace modsecurity { -namespace actions { -namespace transformations { - +namespace modsecurity::actions::transformations { -std::string Base64DecodeExt::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret = Utils::Base64::decode_forgiven(value); - return ret; +bool Base64DecodeExt::transform(std::string &value, const Transaction *trans) const { + if (value.empty()) return false; + value = Utils::Base64::decode_forgiven(value); + return true; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.h b/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.h index ad0efbdc0e..66b0678fa5 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.h +++ b/src/deps/src/modsecurity/src/actions/transformations/base64_decode_ext.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Base64DecodeExt : public Transformation { public: - explicit Base64DecodeExt(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/base64_encode.cc b/src/deps/src/modsecurity/src/actions/transformations/base64_encode.cc index 8be748033c..bf802a1e8d 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/base64_encode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/base64_encode.cc @@ -13,33 +13,19 @@ * */ -#include "src/actions/transformations/base64_encode.h" +#include "base64_encode.h" -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" -namespace modsecurity { -namespace actions { -namespace transformations { - +namespace modsecurity::actions::transformations { -std::string Base64Encode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret = Utils::Base64::encode(value); - return ret; +bool Base64Encode::transform(std::string &value, const Transaction *trans) const { + if (value.empty()) return false; + value = Utils::Base64::encode(value); + return true; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/base64_encode.h b/src/deps/src/modsecurity/src/actions/transformations/base64_encode.h index 0f7fd1fe53..3c1d96f196 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/base64_encode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/base64_encode.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Base64Encode : public Transformation { public: - explicit Base64Encode(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/cmd_line.cc b/src/deps/src/modsecurity/src/actions/transformations/cmd_line.cc index 72087e36b9..8db1529dfb 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/cmd_line.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/cmd_line.cc @@ -13,30 +13,17 @@ * */ -#include "src/actions/transformations/cmd_line.h" +#include "cmd_line.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { +bool CmdLine::transform(std::string &value, const Transaction *trans) const { + char *d = value.data(); + bool space = false; - -std::string CmdLine::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - int space = 0; - - for (auto& a : value) { + for (const auto& a : value) { switch (a) { /* remove some characters */ case '"': @@ -52,9 +39,9 @@ std::string CmdLine::evaluate(const std::string &value, case '\t': case '\r': case '\n': - if (space == 0) { - ret.append(" "); - space++; + if (space == false) { + *d++ = ' '; + space = true; } break; @@ -62,26 +49,27 @@ std::string CmdLine::evaluate(const std::string &value, case '/': case '(': if (space) { - ret.pop_back(); + d--; } - space = 0; - ret.append(&a, 1); + space = false; + *d++ = a; break; /* copy normal characters */ default : char b = std::tolower(a); - ret.append(&b, 1); - space = 0; + *d++ = b; + space = false; break; } } - return ret; + const auto new_len = d - value.c_str(); + const auto changed = new_len != value.length(); + value.resize(new_len); + return changed; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/cmd_line.h b/src/deps/src/modsecurity/src/actions/transformations/cmd_line.h index 851f29385f..27672b604b 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/cmd_line.h +++ b/src/deps/src/modsecurity/src/actions/transformations/cmd_line.h @@ -13,35 +13,21 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class CmdLine : public Transformation { public: - explicit CmdLine(const std::string &action) - : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // modsecurity::namespace actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.cc b/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.cc index 506de2483d..a9b31c962b 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.cc @@ -13,54 +13,36 @@ * */ -#include "src/actions/transformations/compress_whitespace.h" +#include "compress_whitespace.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { +bool CompressWhitespace::transform(std::string &value, const Transaction *trans) const { + bool inWhiteSpace = false; -CompressWhitespace::CompressWhitespace(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string CompressWhitespace::evaluate(const std::string &value, - Transaction *transaction) { + auto d = value.data(); - std::string a; - int inWhiteSpace = 0; - int i = 0; - - while (i < value.size()) { - if (isspace(value[i])) { + for(const auto c : value) { + if (isspace(c)) { if (inWhiteSpace) { - i++; continue; } else { - inWhiteSpace = 1; - a.append(" ", 1); + inWhiteSpace = true; + *d++ = ' '; } } else { - inWhiteSpace = 0; - a.append(&value.at(i), 1); + inWhiteSpace = false; + *d++ = c; } - i++; } - return a; + const auto new_len = d - value.c_str(); + const auto changed = new_len != value.length(); + value.resize(new_len); + return changed; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.h b/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.h index 184ddcfab1..8f74a3c1c1 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.h +++ b/src/deps/src/modsecurity/src/actions/transformations/compress_whitespace.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class CompressWhitespace : public Transformation { public: + using Transformation::Transformation; - explicit CompressWhitespace(const std::string &action) ; - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/css_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/css_decode.cc index f808512385..41da9390ea 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/css_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/css_decode.cc @@ -13,42 +13,13 @@ * */ -#include "src/actions/transformations/css_decode.h" +#include "css_decode.h" -#include - -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" +using namespace modsecurity::utils::string; -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string CssDecode::evaluate(const std::string &value, - Transaction *transaction) { - - char *tmp = reinterpret_cast( - malloc(sizeof(char) * value.size() + 1)); - memcpy(tmp, value.c_str(), value.size() + 1); - tmp[value.size()] = '\0'; - - CssDecode::css_decode_inplace(reinterpret_cast(tmp), - value.size()); - - std::string ret(tmp, 0, value.size()); - free(tmp); - return ret; -} +namespace modsecurity::actions::transformations { /** @@ -58,15 +29,13 @@ std::string CssDecode::evaluate(const std::string &value, * http://www.w3.org/TR/REC-CSS2/syndata.html#q4 * http://www.unicode.org/roadmaps/ */ -int CssDecode::css_decode_inplace(unsigned char *input, int64_t input_len) { - unsigned char *d = (unsigned char *)input; - int64_t i, j, count; - - if (input == NULL) { - return -1; - } +static inline bool css_decode_inplace(std::string &val) { + const auto input_len = val.length(); + auto input = reinterpret_cast(val.data()); + auto d = input; + bool changed = false; - i = count = 0; + std::string::size_type i = 0; while (i < input_len) { /* Is the character a backslash? */ if (input[i] == '\\') { @@ -75,7 +44,7 @@ int CssDecode::css_decode_inplace(unsigned char *input, int64_t input_len) { i++; /* We are not going to need the backslash. */ /* Check for 1-6 hex characters following the backslash */ - j = 0; + std::string::size_type j = 0; while ((j < 6) && (i + j < input_len) && (VALID_HEX(input[i + j]))) { @@ -157,40 +126,45 @@ int CssDecode::css_decode_inplace(unsigned char *input, int64_t input_len) { } /* Move over. */ - count++; i += j; + + changed = true; } else if (input[i] == '\n') { /* No hexadecimal digits after backslash */ /* A newline character following backslash is ignored. */ i++; + changed = true; } else { /* The character after backslash is not a hexadecimal digit, * nor a newline. */ /* Use one character after backslash as is. */ *d++ = input[i++]; - count++; } } else { /* No characters after backslash. */ /* Do not include backslash in output *(continuation to nothing) */ i++; + changed = true; } } else { /* Character is not a backslash. */ /* Copy one normal character to output. */ *d++ = input[i++]; - count++; } } /* Terminate output string. */ *d = '\0'; - return count; + val.resize(d - input); + return changed; +} + + +bool CssDecode::transform(std::string &value, const Transaction *trans) const { + return css_decode_inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/css_decode.h b/src/deps/src/modsecurity/src/actions/transformations/css_decode.h index a6769bad39..c9b451f837 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/css_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/css_decode.h @@ -13,37 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; - -namespace actions { -namespace transformations { +#include "transformation.h" +namespace modsecurity::actions::transformations { class CssDecode : public Transformation { public: - explicit CssDecode(const std::string &action) - : Transformation(action) { } - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + using Transformation::Transformation; - static int css_decode_inplace(unsigned char *input, int64_t input_len); + bool transform(std::string &value, const Transaction *trans) const override; }; - -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.cc index 03303272ef..94df2269d5 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.cc @@ -13,36 +13,22 @@ * */ -#include "src/actions/transformations/escape_seq_decode.h" - -#include -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +#include "escape_seq_decode.h" + #include "src/utils/string.h" -namespace modsecurity { -namespace actions { -namespace transformations { +using namespace modsecurity::utils::string; -EscapeSeqDecode::EscapeSeqDecode(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} +namespace modsecurity::actions::transformations { -int EscapeSeqDecode::ansi_c_sequences_decode_inplace(unsigned char *input, - int input_len) { - unsigned char *d = input; - int i, count; +static inline int ansi_c_sequences_decode_inplace(std::string &value) { + auto d = reinterpret_cast(value.data()); + const unsigned char* input = d; + const auto input_len = value.length(); - i = count = 0; + bool changed = false; + std::string::size_type i = 0; while (i < input_len) { if ((input[i] == '\\') && (i + 1 < input_len)) { int c = -1; @@ -120,43 +106,29 @@ int EscapeSeqDecode::ansi_c_sequences_decode_inplace(unsigned char *input, if (c == -1) { /* Didn't recognise encoding, copy raw bytes. */ *d++ = input[i + 1]; - count++; i += 2; } else { /* Converted the encoding. */ *d++ = c; - count++; } + + changed = true; } else { /* Input character not a backslash, copy it. */ *d++ = input[i++]; - count++; } } *d = '\0'; - return count; + value.resize(d - input); + return changed; } -std::string EscapeSeqDecode::evaluate(const std::string &value, - Transaction *transaction) { - - unsigned char *tmp = (unsigned char *) malloc(sizeof(char) - * value.size() + 1); - memcpy(tmp, value.c_str(), value.size() + 1); - tmp[value.size()] = '\0'; - - int size = ansi_c_sequences_decode_inplace(tmp, value.size()); - - std::string ret(""); - ret.assign(reinterpret_cast(tmp), size); - free(tmp); - - return ret; +bool EscapeSeqDecode::transform(std::string &value, const Transaction *trans) const { + return ansi_c_sequences_decode_inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.h b/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.h index d68f33b56f..71976fe126 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/escape_seq_decode.h @@ -13,35 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class EscapeSeqDecode : public Transformation { public: + using Transformation::Transformation; - explicit EscapeSeqDecode(const std::string &action) ; - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - int ansi_c_sequences_decode_inplace(unsigned char *input, int input_len); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/hex_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/hex_decode.cc index e626bc5f35..1b43b6cdf2 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/hex_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/hex_decode.cc @@ -13,67 +13,35 @@ * */ -#include "src/actions/transformations/hex_decode.h" +#include "hex_decode.h" -#include -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" -namespace modsecurity { -namespace actions { -namespace transformations { - -std::string HexDecode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - int size = 0; +namespace modsecurity::actions::transformations { - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - if (input == NULL) { - return ""; - } +static inline int inplace(std::string &value) { + if (value.empty()) return false; - memcpy(input, value.c_str(), value.length()+1); + const auto len = value.length(); + auto d = reinterpret_cast(value.data()); + const auto data = d; - size = inplace(input, value.length()); + for (int i = 0; i <= len - 2; i += 2) { + *d++ = utils::string::x2c(&data[i]); + } - ret.assign(reinterpret_cast(input), size); - free(input); + *d = '\0'; - return ret; + value.resize(d - data); + return true; } -int HexDecode::inplace(unsigned char *data, int len) { - unsigned char *d = data; - int i, count = 0; - - if ((data == NULL) || (len == 0)) { - return 0; - } - - for (i = 0; i <= len - 2; i += 2) { - *d++ = utils::string::x2c(&data[i]); - count++; - } - *d = '\0'; - - return count; +bool HexDecode::transform(std::string &value, const Transaction *trans) const { + return inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/hex_decode.h b/src/deps/src/modsecurity/src/actions/transformations/hex_decode.h index a2f48c6d8f..1ee6a1b773 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/hex_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/hex_decode.h @@ -13,35 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class HexDecode : public Transformation { public: - explicit HexDecode(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - - static int inplace(unsigned char *data, int len); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/hex_encode.cc b/src/deps/src/modsecurity/src/actions/transformations/hex_encode.cc index 4e6121df60..689a132f76 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/hex_encode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/hex_encode.cc @@ -13,41 +13,25 @@ * */ -#include "src/actions/transformations/hex_encode.h" +#include "hex_encode.h" -#include -#include -#include -#include -#include -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { -HexEncode::HexEncode(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string HexEncode::evaluate(const std::string &value, - Transaction *transaction) { +bool HexEncode::transform(std::string &value, const Transaction *trans) const { + if (value.empty()) return false; std::stringstream result; - for (std::size_t i=0; i < value.length(); i++) { - unsigned int ii = (unsigned char)(value[i]); + for (const auto c : value) { + unsigned int ii = (unsigned char)c; result << std::setw(2) << std::setfill('0') << std::hex << ii; } - return result.str(); + value = result.str(); + return true; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/hex_encode.h b/src/deps/src/modsecurity/src/actions/transformations/hex_encode.h index 1ba39c56a1..9037a514fe 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/hex_encode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/hex_encode.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class HexEncode : public Transformation { public: + using Transformation::Transformation; - explicit HexEncode(const std::string &action); - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.cc index b9268df55c..8a0cc3e97d 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.cc @@ -13,66 +13,36 @@ * */ -#include "src/actions/transformations/html_entity_decode.h" +#include "html_entity_decode.h" -#include +#include -#include -#include -#include -#include -#include -#include +#include "src/utils/string.h" -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif +using namespace modsecurity::utils::string; -namespace modsecurity { -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { -std::string HtmlEntityDecode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; +static inline bool inplace(std::string &value) { + const auto input_len = value.length(); + auto d = reinterpret_cast(value.data()); + const unsigned char *input = d; + const unsigned char *end = input + input_len; - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - - memcpy(input, value.c_str(), value.length()+1); - - size_t i = inplace(input, value.length()); - - ret.assign(reinterpret_cast(input), i); - free(input); - - return ret; -} - - -int HtmlEntityDecode::inplace(unsigned char *input, uint64_t input_len) { - unsigned char *d = input; - int i, count; - - if ((input == NULL) || (input_len == 0)) { - return 0; - } - - i = count = 0; - while ((i < input_len) && (count < input_len)) { - int z, copy = 1; + std::string::size_type i = 0; + while (i < input_len) { + std::string::size_type copy = 1; /* Require an ampersand and at least one character to * start looking into the entity. */ if ((input[i] == '&') && (i + 1 < input_len)) { - int k, j = i + 1; + auto j = i + 1; if (input[j] == '#') { /* Numerical entity. */ @@ -92,19 +62,18 @@ int HtmlEntityDecode::inplace(unsigned char *input, uint64_t input_len) { } j++; /* j is the position of the first digit now. */ - k = j; - while ((j < input_len) && (isxdigit(input[j]))) { + constexpr int MAX_HEX_DIGITS = 2; // supports only bytes (max value 0xff) + auto k = j; + while ((j - k < MAX_HEX_DIGITS) && (j < input_len) && (isxdigit(input[j]))) { j++; } if (j > k) { /* Do we have at least one digit? */ /* Decode the entity. */ - char *x; - x = reinterpret_cast(calloc(sizeof(char), - ((j - k) + 1))); + char x[MAX_HEX_DIGITS + 1]; memcpy(x, (const char *)&input[k], j - k); - *d++ = (unsigned char)strtol(x, NULL, 16); - free(x); - count++; + x[j - k] = '\0'; + + *d++ = (unsigned char)strtol(x, nullptr, 16); /* Skip over the semicolon if it's there. */ if ((j < input_len) && (input[j] == ';')) { @@ -118,19 +87,18 @@ int HtmlEntityDecode::inplace(unsigned char *input, uint64_t input_len) { } } else { /* Decimal entity. */ - k = j; - while ((j < input_len) && (isdigit(input[j]))) { + constexpr int MAX_DEC_DIGITS = 3; // supports only bytes (max value 255) + auto k = j; + while ((j - k < MAX_DEC_DIGITS) && (j < input_len) && (isdigit(input[j]))) { j++; } if (j > k) { /* Do we have at least one digit? */ /* Decode the entity. */ - char *x; - x = reinterpret_cast(calloc(sizeof(char), - ((j - k) + 1))); + char x[MAX_DEC_DIGITS + 1]; memcpy(x, (const char *)&input[k], j - k); - *d++ = (unsigned char)strtol(x, NULL, 10); - free(x); - count++; + x[j - k] = '\0'; + + *d++ = (unsigned char)strtol(x, nullptr, 10); /* Skip over the semicolon if it's there. */ if ((j < input_len) && (input[j] == ';')) { @@ -145,38 +113,31 @@ int HtmlEntityDecode::inplace(unsigned char *input, uint64_t input_len) { } } else { /* Text entity. */ - k = j; + auto k = j; while ((j < input_len) && (isalnum(input[j]))) { j++; } if (j > k) { /* Do we have at least one digit? */ - char *x; - x = reinterpret_cast(calloc(sizeof(char), - ((j - k) + 1))); - memcpy(x, (const char *)&input[k], j - k); + const auto x = reinterpret_cast(&input[k]); /* Decode the entity. */ /* ENH What about others? */ - if (strcasecmp(x, "quot") == 0) { + if (strncasecmp(x, "quot", 4) == 0) { *d++ = '"'; - } else if (strcasecmp(x, "amp") == 0) { + } else if (strncasecmp(x, "amp", 3) == 0) { *d++ = '&'; - } else if (strcasecmp(x, "lt") == 0) { + } else if (strncasecmp(x, "lt", 2) == 0) { *d++ = '<'; - } else if (strcasecmp(x, "gt") == 0) { + } else if (strncasecmp(x, "gt", 2) == 0) { *d++ = '>'; - } else if (strcasecmp(x, "nbsp") == 0) { + } else if (strncasecmp(x, "nbsp", 4) == 0) { *d++ = NBSP; } else { /* We do no want to convert this entity, * copy the raw data over. */ copy = j - k + 1; - free(x); goto HTML_ENT_OUT; } - free(x); - - count++; /* Skip over the semicolon if it's there. */ if ((j < input_len) && (input[j] == ';')) { @@ -192,17 +153,21 @@ int HtmlEntityDecode::inplace(unsigned char *input, uint64_t input_len) { HTML_ENT_OUT: - for (z = 0; ((z < copy) && (count < input_len)); z++) { + for (auto z = 0; z < copy; z++) { *d++ = input[i++]; - count++; } } *d = '\0'; - return count; + value.resize(d - input); + return d != end; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +bool HtmlEntityDecode::transform(std::string &value, const Transaction *trans) const { + return inplace(value); +} + + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.h b/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.h index 44fcc32319..499f8f2ff8 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/html_entity_decode.h @@ -13,40 +13,20 @@ * */ -#include -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" -#include "src/utils/string.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; - -namespace actions { -namespace transformations { +#include "transformation.h" +namespace modsecurity::actions::transformations { class HtmlEntityDecode : public Transformation { public: - explicit HtmlEntityDecode(const std::string &action) - : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - - static int inplace(unsigned char *input, uint64_t input_len); + bool transform(std::string &value, const Transaction *trans) const override; }; - -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/js_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/js_decode.cc index 2f4cf8bb57..857125c746 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/js_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/js_decode.cc @@ -13,55 +13,22 @@ * */ -#include "src/actions/transformations/js_decode.h" +#include "js_decode.h" -#include - -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" +using namespace modsecurity::utils::string; -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string JsDecode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - - memcpy(input, value.c_str(), value.length()+1); - - size_t i = inplace(input, value.length()); - - ret.assign(reinterpret_cast(input), i); - free(input); - - return ret; -} +namespace modsecurity::actions::transformations { -int JsDecode::inplace(unsigned char *input, uint64_t input_len) { - unsigned char *d = (unsigned char *)input; - int64_t i, count; +static inline int inplace(std::string &value) { + auto d = reinterpret_cast(value.data()); + const unsigned char *input = d; + const auto input_len = value.length(); - i = count = 0; + bool changed = false; + std::string::size_type i = 0; while (i < input_len) { if (input[i] == '\\') { /* Character is an escape. */ @@ -82,14 +49,14 @@ int JsDecode::inplace(unsigned char *input, uint64_t input_len) { } d++; - count++; i += 6; + changed = true; } else if ((i + 3 < input_len) && (input[i + 1] == 'x') && VALID_HEX(input[i + 2]) && VALID_HEX(input[i + 3])) { /* \xHH */ *d++ = utils::string::x2c(&input[i + 2]); - count++; i += 4; + changed = true; } else if ((i + 1 < input_len) && ISODIGIT(input[i + 1])) { /* \OOO (only one byte, \000 - \377) */ char buf[4]; @@ -110,7 +77,7 @@ int JsDecode::inplace(unsigned char *input, uint64_t input_len) { } *d++ = (unsigned char)strtol(buf, NULL, 8); i += 1 + j; - count++; + changed = true; } } else if (i + 1 < input_len) { /* \C */ @@ -144,25 +111,28 @@ int JsDecode::inplace(unsigned char *input, uint64_t input_len) { *d++ = c; i += 2; - count++; + changed = true; } else { /* Not enough bytes */ while (i < input_len) { *d++ = input[i++]; - count++; } } } else { *d++ = input[i++]; - count++; } } *d = '\0'; - return count; + value.resize(d - input); + return changed; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +bool JsDecode::transform(std::string &value, const Transaction *trans) const { + return inplace(value); +} + + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/js_decode.h b/src/deps/src/modsecurity/src/actions/transformations/js_decode.h index 60d6617b35..840577cb6c 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/js_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/js_decode.h @@ -13,35 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class JsDecode : public Transformation { public: - explicit JsDecode(const std::string &action) - : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - static int inplace(unsigned char *input, uint64_t input_len); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/length.cc b/src/deps/src/modsecurity/src/actions/transformations/length.cc index 61015b82bf..ac98914c6e 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/length.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/length.cc @@ -13,34 +13,16 @@ * */ -#include "src/actions/transformations/length.h" +#include "length.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - -Length::Length(const std::string &action) - : Transformation(action) { - this->action_kind = 1; +bool Length::transform(std::string &value, const Transaction *trans) const { + value = std::to_string(value.size()); + return true; } -std::string Length::evaluate(const std::string &value, - Transaction *transaction) { - - return std::to_string(value.size()); -} -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/length.h b/src/deps/src/modsecurity/src/actions/transformations/length.h index 8892a9dcd2..39465238f4 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/length.h +++ b/src/deps/src/modsecurity/src/actions/transformations/length.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ #define SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Length : public Transformation { public: + using Transformation::Transformation; - explicit Length(const std::string &action); - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/lower_case.cc b/src/deps/src/modsecurity/src/actions/transformations/lower_case.cc index d00ab40cb6..0238b5a457 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/lower_case.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/lower_case.cc @@ -13,36 +13,19 @@ * */ -#include "src/actions/transformations/lower_case.h" -#include -#include +#include "lower_case.h" -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" +#include -namespace modsecurity { -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { -LowerCase::LowerCase(const std::string &a) - : Transformation(a) { -} - -std::string LowerCase::evaluate(const std::string &val, - Transaction *transaction) { - std::locale loc; - std::string value(val); - for (std::string::size_type i=0; i < value.length(); ++i) { - value[i] = std::tolower(value[i], loc); - } - - return value; +bool LowerCase::transform(std::string &value, const Transaction *trans) const { + return convert(value, [](auto c) { + return std::tolower(c); }); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/lower_case.h b/src/deps/src/modsecurity/src/actions/transformations/lower_case.h index 590498405b..192b2aa3fc 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/lower_case.h +++ b/src/deps/src/modsecurity/src/actions/transformations/lower_case.h @@ -13,34 +13,35 @@ * */ -#include -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ -#ifdef __cplusplus +#include "transformation.h" -namespace modsecurity { -class Transaction; -namespace actions { -namespace transformations { +#include +namespace modsecurity::actions::transformations { class LowerCase : public Transformation { public: - explicit LowerCase(const std::string &action); - std::string evaluate(const std::string &exp, - Transaction *transaction) override; -}; + using Transformation::Transformation; + + bool transform(std::string &value, const Transaction *trans) const override; -} // namespace transformations -} // namespace actions -} // namespace modsecurity + template + static bool convert(std::string &val, Operation op) { + bool changed = false; + + std::transform(val.begin(), val.end(), val.data(), + [&](auto c) { + const auto nc = op(c); + if(nc != c) changed = true; + return nc; }); + + return changed; + } +}; -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/md5.cc b/src/deps/src/modsecurity/src/actions/transformations/md5.cc index 71c36bc300..b1cdc93ece 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/md5.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/md5.cc @@ -13,32 +13,17 @@ * */ -#include "src/actions/transformations/md5.h" +#include "md5.h" -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/md5.h" -namespace modsecurity { -namespace actions { -namespace transformations { - +namespace modsecurity::actions::transformations { -std::string Md5::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret = Utils::Md5::digest(value); - return ret; +bool Md5::transform(std::string &value, const Transaction *trans) const { + value = Utils::Md5::digest(value); + return true; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/md5.h b/src/deps/src/modsecurity/src/actions/transformations/md5.h index 37f22473fa..d1813c5ff3 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/md5.h +++ b/src/deps/src/modsecurity/src/actions/transformations/md5.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ #define SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Md5 : public Transformation { public: - explicit Md5(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/none.cc b/src/deps/src/modsecurity/src/actions/transformations/none.cc index f122bf035c..adbf32a606 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/none.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/none.cc @@ -13,30 +13,15 @@ * */ -#include "src/actions/transformations/none.h" +#include "none.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string None::evaluate(const std::string &value, - Transaction *transaction) { - return value; +bool None::transform(std::string &value, const Transaction *trans) const { + return false; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/none.h b/src/deps/src/modsecurity/src/actions/transformations/none.h index e8a0e9d956..2fe428bb00 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/none.h +++ b/src/deps/src/modsecurity/src/actions/transformations/none.h @@ -13,20 +13,12 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class None : public Transformation { public: @@ -34,14 +26,9 @@ class None : public Transformation { : Transformation(action) { m_isNone = true; } - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/normalise_path.cc b/src/deps/src/modsecurity/src/actions/transformations/normalise_path.cc index e75b984986..91c0402729 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/normalise_path.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/normalise_path.cc @@ -13,47 +13,14 @@ * */ -#include "src/actions/transformations/normalise_path.h" +#include "normalise_path.h" -#include -#include -#include -#include -#include -#include -#include +namespace modsecurity::actions::transformations { -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" - -namespace modsecurity { -namespace actions { -namespace transformations { - -NormalisePath::NormalisePath(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string NormalisePath::evaluate(const std::string &value, - Transaction *transaction) { - int changed = 0; - - char *tmp = reinterpret_cast( - malloc(sizeof(char) * value.size() + 1)); - memcpy(tmp, value.c_str(), value.size() + 1); - tmp[value.size()] = '\0'; - - int i = normalize_path_inplace((unsigned char *)tmp, - value.size(), 0, &changed); - - std::string ret(""); - ret.assign(tmp, i); - free(tmp); - - return ret; +bool NormalisePath::transform(std::string &value, const Transaction *trans) const { + return normalize_path_inplace(value, false); } @@ -61,21 +28,22 @@ std::string NormalisePath::evaluate(const std::string &value, * * IMP1 Assumes NUL-terminated */ -int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, - int win, int *changed) { +bool NormalisePath::normalize_path_inplace(std::string &val, const bool win) { unsigned char *src; unsigned char *dst; unsigned char *end; - int ldst = 0; int hitroot = 0; int done = 0; int relative; int trailing; - *changed = 0; + bool changed = false; /* Need at least one byte to normalize */ - if (input_len <= 0) return 0; + if(val.empty()) return false; + + auto input = reinterpret_cast(val.data()); + const auto input_len = val.length(); /* * ENH: Deal with UNC and drive letters? @@ -83,7 +51,6 @@ int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, src = dst = input; end = input + (input_len - 1); - ldst = 1; relative = ((*input == '/') || (win && (*input == '\\'))) ? 0 : 1; trailing = ((*end == '/') || (win && (*end == '\\'))) ? 1 : 0; @@ -94,11 +61,11 @@ int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, if (win) { if (*src == '\\') { *src = '/'; - *changed = 1; + changed = true; } if ((src < end) && (*(src + 1) == '\\')) { *(src + 1) = '/'; - *changed = 1; + changed = true; } } @@ -116,7 +83,7 @@ int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, /* Could it be an empty path segment? */ if ((src != end) && *src == '/') { /* Ignore */ - *changed = 1; + changed = true; goto copy; /* Copy will take care of this. */ } else if (*src == '.') { /* Could it be a back or self reference? */ @@ -153,25 +120,25 @@ int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, } } - if (done) goto length; /* Skip the copy. */ + if (done) goto skip_copy; /* Skip the copy. */ src++; - *changed = 1; + changed = true; } else if (dst == input) { /* Relative Self-reference? */ - *changed = 1; + changed = true; /* Ignore. */ - if (done) goto length; /* Skip the copy. */ + if (done) goto skip_copy; /* Skip the copy. */ src++; } else if (*(dst - 1) == '/') { /* Self-reference? */ - *changed = 1; + changed = true; /* Ignore. */ - if (done) goto length; /* Skip the copy. */ + if (done) goto skip_copy; /* Skip the copy. */ dst--; src++; } @@ -191,7 +158,7 @@ int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, && ((*(src + 1) == '/') || (win && (*(src + 1) == '\\'))) ) { src++; } - if (oldsrc != src) *changed = 1; + if (oldsrc != src) changed = true; /* Do not copy the forward slash to the root * if it is not a relative path. Instead @@ -199,30 +166,28 @@ int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len, */ if (relative && (dst == input)) { src++; - goto length; /* Skip the copy */ + goto skip_copy; /* Skip the copy */ } } *(dst++) = *(src++); -length: - ldst = (dst - input); +skip_copy: + ; // nop for the goto label to work } /* Make sure that there is not a trailing slash in the * normalized form if there was not one in the original form. */ if (!trailing && (dst > input) && *(dst - 1) == '/') { - ldst--; dst--; } /* Always NUL terminate */ *dst = '\0'; - return ldst; + val.resize(dst - input); + return changed; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/normalise_path.h b/src/deps/src/modsecurity/src/actions/transformations/normalise_path.h index b3869bea04..a1ef89189a 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/normalise_path.h +++ b/src/deps/src/modsecurity/src/actions/transformations/normalise_path.h @@ -13,37 +13,22 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class NormalisePath : public Transformation { public: + using Transformation::Transformation; - explicit NormalisePath(const std::string &action); + bool transform(std::string &value, const Transaction *trans) const override; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - - static int normalize_path_inplace(unsigned char *input, int input_len, - int win, int *changed); + static bool normalize_path_inplace(std::string &val, const bool win); }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.cc b/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.cc index 6c171a59c4..b60943e155 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.cc @@ -13,48 +13,17 @@ * */ -#include "src/actions/transformations/normalise_path_win.h" +#include "normalise_path_win.h" -#include +#include "normalise_path.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "src/actions/transformations/normalise_path.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string NormalisePathWin::evaluate(const std::string &value, - Transaction *transaction) { - int changed; - - char *tmp = reinterpret_cast( - malloc(sizeof(char) * value.size() + 1)); - memcpy(tmp, value.c_str(), value.size() + 1); - tmp[value.size()] = '\0'; - - int i = NormalisePath::normalize_path_inplace( - reinterpret_cast(tmp), - value.size(), 1, &changed); - - std::string ret(""); - ret.assign(tmp, i); - free(tmp); - - return ret; +bool NormalisePathWin::transform(std::string &value, const Transaction *trans) const { + return NormalisePath::normalize_path_inplace(value, true); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.h b/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.h index a1f8c5f746..0cf11260fc 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.h +++ b/src/deps/src/modsecurity/src/actions/transformations/normalise_path_win.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ +#include "transformation.h" -namespace modsecurity { -class Transaction; - -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class NormalisePathWin : public Transformation { public: - explicit NormalisePathWin(const std::string &action) - : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.cc b/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.cc index 2c0be31cd4..d9327b9eb2 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.cc @@ -13,70 +13,15 @@ * */ -#include "src/actions/transformations/parity_even_7bit.h" +#include "parity_even_7bit.h" -#include -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string ParityEven7bit::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - - std::memcpy(input, value.c_str(), value.length()+1); - - inplace(input, value.length()); - - ret.assign(reinterpret_cast(input), value.length()); - free(input); - - return ret; +bool ParityEven7bit::transform(std::string &value, const Transaction *trans) const { + return ParityEven7bit::inplace(value); } -bool ParityEven7bit::inplace(unsigned char *input, uint64_t input_len) { - uint64_t i; - - i = 0; - while (i < input_len) { - unsigned int x = input[i]; - - input[i] ^= input[i] >> 4; - input[i] &= 0xf; - - if ((0x6996 >> input[i]) & 1) { - input[i] = x | 0x80; - } else { - input[i] = x & 0x7f; - } - i++; - } - - return true; -} - - -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.h b/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.h index 08aa88230a..8e107a5da8 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.h +++ b/src/deps/src/modsecurity/src/actions/transformations/parity_even_7bit.h @@ -13,33 +13,42 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class ParityEven7bit : public Transformation { public: - explicit ParityEven7bit(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, Transaction *transaction) override; - static bool inplace(unsigned char *input, uint64_t input_len); -}; + bool transform(std::string &value, const Transaction *trans) const override; + + template + static bool inplace(std::string &value) { + if (value.empty()) return false; -} // namespace transformations -} // namespace actions -} // namespace modsecurity + for(auto &c : value) { + auto &uc = reinterpret_cast(c); + unsigned int x = uc; + + uc ^= uc >> 4; + uc &= 0xf; + + const bool condition = (0x6996 >> uc) & 1; + if (even ? condition : !condition) { + uc = x | 0x80; + } else { + uc = x & 0x7f; + } + } + + return true; + } +}; -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.cc b/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.cc index 5ac38d20dc..865a2754ed 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.cc @@ -13,69 +13,16 @@ * */ -#include "src/actions/transformations/parity_odd_7bit.h" +#include "parity_odd_7bit.h" +#include "parity_even_7bit.h" -#include -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string ParityOdd7bit::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - - memcpy(input, value.c_str(), value.length()+1); - - inplace(input, value.length()); - - ret.assign(reinterpret_cast(input), value.length()); - free(input); - - return ret; -} - -bool ParityOdd7bit::inplace(unsigned char *input, uint64_t input_len) { - uint64_t i; - - i = 0; - while (i < input_len) { - unsigned int x = input[i]; - - input[i] ^= input[i] >> 4; - input[i] &= 0xf; - - if ((0x6996 >> input[i]) & 1) { - input[i] = x & 0x7f; - } else { - input[i] = x | 0x80; - } - i++; - } - - return true; +bool ParityOdd7bit::transform(std::string &value, const Transaction *trans) const { + return ParityEven7bit::inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.h b/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.h index 8b7e34d289..0b9164b912 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.h +++ b/src/deps/src/modsecurity/src/actions/transformations/parity_odd_7bit.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class ParityOdd7bit : public Transformation { public: - explicit ParityOdd7bit(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, Transaction *transaction) override; - static bool inplace(unsigned char *input, uint64_t input_len); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.cc b/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.cc index 7bb846362c..77ad05145b 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.cc @@ -13,61 +13,26 @@ * */ -#include "src/actions/transformations/parity_zero_7bit.h" +#include "parity_zero_7bit.h" -#include -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { +static inline bool inplace(std::string &value) { + if (value.empty()) return false; - -std::string ParityZero7bit::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; + for(auto &c : value) { + ((unsigned char&)c) &= 0x7f; } - memcpy(input, value.c_str(), value.length()+1); - - inplace(input, value.length()); - - ret.assign(reinterpret_cast(input), value.length()); - free(input); - - return ret; + return true; } -bool ParityZero7bit::inplace(unsigned char *input, uint64_t input_len) { - uint64_t i; - - i = 0; - while (i < input_len) { - input[i] &= 0x7f; - i++; - } - - return true; +bool ParityZero7bit::transform(std::string &value, const Transaction *trans) const { + return inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.h b/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.h index 4b4ccd23e1..aa9d1bf328 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.h +++ b/src/deps/src/modsecurity/src/actions/transformations/parity_zero_7bit.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class ParityZero7bit : public Transformation { public: - explicit ParityZero7bit(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, Transaction *transaction) override; - static bool inplace(unsigned char *input, uint64_t input_len); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_comments.cc b/src/deps/src/modsecurity/src/actions/transformations/remove_comments.cc index 043dd9505a..5f3edaef58 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_comments.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_comments.cc @@ -13,61 +13,40 @@ * */ -#include "src/actions/transformations/remove_comments.h" +#include "remove_comments.h" -#include -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { +static inline int inplace(std::string &value) { + auto input = reinterpret_cast(value.data()); + const auto input_len = value.length(); + bool changed = false, incomment = false; + std::string::size_type i = 0, j = 0; - -std::string RemoveComments::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - - memcpy(input, value.c_str(), value.length()+1); - - uint64_t input_len = value.size(); - uint64_t i, j, incomment; - - i = j = incomment = 0; while (i < input_len) { - if (incomment == 0) { + if (!incomment) { if ((input[i] == '/') && (i + 1 < input_len) && (input[i + 1] == '*')) { - incomment = 1; + incomment = true; + changed = true; i += 2; } else if ((input[i] == '<') && (i + 1 < input_len) && (input[i + 1] == '!') && (i + 2 < input_len) && (input[i+2] == '-') && (i + 3 < input_len) && (input[i + 3] == '-')) { - incomment = 1; + incomment = true; + changed = true; i += 4; } else if ((input[i] == '-') && (i + 1 < input_len) && (input[i + 1] == '-')) { input[i] = ' '; + changed = true; break; } else if (input[i] == '#') { input[i] = ' '; + changed = true; break; } else { input[j] = input[i]; @@ -77,7 +56,7 @@ std::string RemoveComments::evaluate(const std::string &value, } else { if ((input[i] == '*') && (i + 1 < input_len) && (input[i + 1] == '/')) { - incomment = 0; + incomment = false; i += 2; input[j] = input[i]; i++; @@ -85,7 +64,7 @@ std::string RemoveComments::evaluate(const std::string &value, } else if ((input[i] == '-') && (i + 1 < input_len) && (input[i + 1] == '-') && (i + 2 < input_len) && (input[i+2] == '>')) { - incomment = 0; + incomment = false; i += 3; input[j] = input[i]; i++; @@ -100,13 +79,14 @@ std::string RemoveComments::evaluate(const std::string &value, input[j++] = ' '; } - ret.assign(reinterpret_cast(input), j); - free(input); + value.resize(j); + return changed; +} + - return ret; +bool RemoveComments::transform(std::string &value, const Transaction *trans) const { + return inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_comments.h b/src/deps/src/modsecurity/src/actions/transformations/remove_comments.h index 78dd213d69..948536cbf5 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_comments.h +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_comments.h @@ -13,35 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; - -namespace actions { -namespace transformations { +#include "transformation.h" +namespace modsecurity::actions::transformations { class RemoveComments : public Transformation { public: - explicit RemoveComments(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; - -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.cc b/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.cc index 4c54e68aa7..7e666db31f 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.cc @@ -13,62 +13,51 @@ * */ -#include "src/actions/transformations/remove_comments_char.h" - -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" - - -namespace modsecurity { -namespace actions { -namespace transformations { - -RemoveCommentsChar::RemoveCommentsChar(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string RemoveCommentsChar::evaluate(const std::string &val, - Transaction *transaction) { - size_t i = 0; - std::string transformed_value; - transformed_value.reserve(val.size()); - - while (i < val.size()) { - if (val.at(i) == '/' - && (i+1 < val.size()) && val.at(i+1) == '*') { - i += 2; - } else if (val.at(i) == '*' - && (i+1 < val.size()) && val.at(i+1) == '/') { - i += 2; - } else if (val.at(i) == '<' - && (i+1 < val.size()) - && val.at(i+1) == '!' - && (i+2 < val.size()) - && val.at(i+2) == '-' - && (i+3 < val.size()) - && val.at(i+3) == '-') { - i += 4; - } else if (val.at(i) == '-' - && (i+1 < val.size()) && val.at(i+1) == '-' - && (i+2 < val.size()) && val.at(i+2) == '>') { - i += 3; - } else if (val.at(i) == '-' - && (i+1 < val.size()) && val.at(i+1) == '-') { - i += 2; - } else if (val.at(i) == '#') { - i += 1; +#include "remove_comments_char.h" + + +namespace modsecurity::actions::transformations { + + +bool RemoveCommentsChar::transform(std::string &value, const Transaction *trans) const { + char *d = value.data(); + const char *s = d; + const char *e = s + value.size(); + + while (s < e) { + if (*s == '/' + && (s+1 < e) && *(s+1) == '*') { + s += 2; + } else if (*s == '*' + && (s+1 < e) && *(s+1) == '/') { + s += 2; + } else if (*s == '<' + && (s+1 < e) + && *(s+1) == '!' + && (s+2 < e) + && *(s+2) == '-' + && (s+3 < e) + && *(s+3) == '-') { + s += 4; + } else if (*s == '-' + && (s+1 < e) && *(s+1) == '-' + && (s+2 < e) && *(s+2) == '>') { + s += 3; + } else if (*s == '-' + && (s+1 < e) && *(s+1) == '-') { + s += 2; + } else if (*s == '#') { + s += 1; } else { - transformed_value += val.at(i); - i++; + *d++ = *s++; } } - return transformed_value; + + const auto changed = d != s; + const auto new_len = d - value.c_str(); + value.resize(new_len); + return changed; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.h b/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.h index 722aba5926..d11b0148a3 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.h +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_comments_char.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class RemoveCommentsChar : public Transformation { public: - explicit RemoveCommentsChar(const std::string &action); + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.cc b/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.cc index 2d479c73eb..1d3cc552e6 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.cc @@ -13,40 +13,15 @@ * */ -#include "src/actions/transformations/remove_nulls.h" +#include "remove_nulls.h" -#include -#include +namespace modsecurity::actions::transformations { -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" - -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string RemoveNulls::evaluate(const std::string &val, - Transaction *transaction) { - size_t i = 0; - std::string transformed_value; - transformed_value.reserve(val.size()); - - while (i < val.size()) { - if (val.at(i) == '\0') { - // do nothing; continue on to next char in original val - } else { - transformed_value += val.at(i); - } - i++; - } - - return transformed_value; +bool RemoveNulls::transform(std::string &value, const Transaction *trans) const { + return remove_if(value, [](const auto c) { return c == '\0'; }); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.h b/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.h index eeb33b363f..67c90ee018 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.h +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_nulls.h @@ -13,34 +13,34 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +#include + +namespace modsecurity::actions::transformations { class RemoveNulls : public Transformation { public: - explicit RemoveNulls(const std::string &action) - : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; -}; + bool transform(std::string &value, const Transaction *trans) const override; -} // namespace transformations -} // namespace actions -} // namespace modsecurity + template + static bool remove_if(std::string &val, Pred pred) { + const auto old_size = val.size(); + + val.erase( + std::remove_if( + val.begin(), val.end(), pred), + val.end()); + + return val.size() != old_size; + } +}; -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.cc b/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.cc index 3796466385..f7047f4760 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.cc @@ -13,49 +13,27 @@ * */ -#include "src/actions/transformations/remove_whitespace.h" +#include "remove_whitespace.h" -#include +#include "remove_nulls.h" -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - -RemoveWhitespace::RemoveWhitespace(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string RemoveWhitespace::evaluate(const std::string &val, - Transaction *transaction) { - std::string transformed_value; - transformed_value.reserve(val.size()); - - size_t i = 0; +bool RemoveWhitespace::transform(std::string &value, const Transaction *trans) const { const char nonBreakingSpaces = 0xa0; const char nonBreakingSpaces2 = 0xc2; - // loop through all the chars - while (i < val.size()) { + auto pred = [](const auto c) { // remove whitespaces and non breaking spaces (NBSP) - if (std::isspace(static_cast(val[i])) - || (val[i] == nonBreakingSpaces) - || val[i] == nonBreakingSpaces2) { - // don't copy; continue on to next char in original val - } else { - transformed_value += val.at(i); - } - i++; - } - - return transformed_value; + return std::isspace(static_cast(c)) + || c == nonBreakingSpaces + || c == nonBreakingSpaces2; + }; + + return RemoveNulls::remove_if(value, pred); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.h b/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.h index f977914cb0..b95a508b74 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.h +++ b/src/deps/src/modsecurity/src/actions/transformations/remove_whitespace.h @@ -13,33 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class RemoveWhitespace : public Transformation { public: - explicit RemoveWhitespace(const std::string &action); + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/replace_comments.cc b/src/deps/src/modsecurity/src/actions/transformations/replace_comments.cc index 77e3e3b700..78ae786c73 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/replace_comments.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/replace_comments.cc @@ -13,54 +13,34 @@ * */ -#include "src/actions/transformations/replace_comments.h" +#include "replace_comments.h" -#include -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { +static inline bool inplace(std::string &value) { + auto input = reinterpret_cast(value.data()); + const auto input_len = value.length(); + bool changed = false, incomment = false; + std::string::size_type i = 0, j = 0; -ReplaceComments::ReplaceComments(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string ReplaceComments::evaluate(const std::string &value, - Transaction *transaction) { - uint64_t i, j, incomment; - - char *input = reinterpret_cast( - malloc(sizeof(char) * value.size() + 1)); - memcpy(input, value.c_str(), value.size() + 1); - input[value.size()] = '\0'; - - i = j = incomment = 0; - while (i < value.size()) { - if (incomment == 0) { - if ((input[i] == '/') && (i + 1 < value.size()) + while (i < input_len) { + if (!incomment) { + if ((input[i] == '/') && (i + 1 < input_len) && (input[i + 1] == '*')) { - incomment = 1; + incomment = true; i += 2; + changed = true; } else { input[j] = input[i]; i++; j++; } } else { - if ((input[i] == '*') && (i + 1 < value.size()) + if ((input[i] == '*') && (i + 1 < input_len) && (input[i + 1] == '/')) { - incomment = 0; + incomment = false; i += 2; input[j] = ' '; j++; @@ -74,15 +54,14 @@ std::string ReplaceComments::evaluate(const std::string &value, input[j++] = ' '; } + value.resize(j); + return changed; +} - std::string resp; - resp.append(reinterpret_cast(input), j); - - free(input); - return resp; +bool ReplaceComments::transform(std::string &value, const Transaction *trans) const { + return inplace(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/replace_comments.h b/src/deps/src/modsecurity/src/actions/transformations/replace_comments.h index 6808f426c1..db206e538f 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/replace_comments.h +++ b/src/deps/src/modsecurity/src/actions/transformations/replace_comments.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class ReplaceComments : public Transformation { public: + using Transformation::Transformation; - explicit ReplaceComments(const std::string &action) ; - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.cc b/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.cc index 1af860f4e8..9792da5d03 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.cc @@ -13,40 +13,23 @@ * */ -#include "src/actions/transformations/replace_nulls.h" +#include "replace_nulls.h" -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { +bool ReplaceNulls::transform(std::string &value, const Transaction *trans) const { + bool changed = false; -ReplaceNulls::ReplaceNulls(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string ReplaceNulls::evaluate(const std::string &val, - Transaction *transaction) { - int64_t i; - std::string value(val); - - i = 0; - while (i < value.size()) { - if (value.at(i) == '\0') { - value[i] = ' '; - } else { - i++; + for(auto &c : value) { + if (c == '\0') { + c = ' '; + changed = true; } } - return value; + return changed; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.h b/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.h index 8e2d315fc5..a01077c704 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.h +++ b/src/deps/src/modsecurity/src/actions/transformations/replace_nulls.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class ReplaceNulls : public Transformation { public: + using Transformation::Transformation; - explicit ReplaceNulls(const std::string &action) ; - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/sha1.cc b/src/deps/src/modsecurity/src/actions/transformations/sha1.cc index 9e0c7f53e7..388633455c 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/sha1.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/sha1.cc @@ -13,35 +13,18 @@ * */ -#include "src/actions/transformations/sha1.h" +#include "sha1.h" -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/sha1.h" -namespace modsecurity { -namespace actions { -namespace transformations { - -Sha1::Sha1(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} +namespace modsecurity::actions::transformations { -std::string Sha1::evaluate(const std::string &value, - Transaction *transaction) { - return Utils::Sha1::digest(value); +bool Sha1::transform(std::string &value, const Transaction *trans) const { + value = Utils::Sha1::digest(value); + return true; } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/sha1.h b/src/deps/src/modsecurity/src/actions/transformations/sha1.h index eb5fb3f135..f777641141 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/sha1.h +++ b/src/deps/src/modsecurity/src/actions/transformations/sha1.h @@ -13,32 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ #define SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Sha1 : public Transformation { public: - explicit Sha1(const std::string &action) ; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; -}; + using Transformation::Transformation; -} // namespace transformations -} // namespace actions -} // namespace modsecurity + bool transform(std::string &value, const Transaction *trans) const override; +}; -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.cc index 8c8805ff67..0ce2408726 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.cc @@ -13,101 +13,62 @@ * */ -#include "src/actions/transformations/sql_hex_decode.h" - -#include -#include -#include -#include -#include -#include +#include "sql_hex_decode.h" + #include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" +using namespace modsecurity::utils::string; -namespace modsecurity { -namespace actions { -namespace transformations { - -#ifndef VALID_HEX -#define VALID_HEX(X) (((X >= '0') && (X <= '9')) \ - || ((X >= 'a') && (X <= 'f')) \ - || ((X >= 'A') && (X <= 'F'))) -#endif -#ifndef ISODIGIT -#define ISODIGIT(X) ((X >= '0') && (X <= '7')) -#endif - -std::string SqlHexDecode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - int size = 0; +namespace modsecurity::actions::transformations { - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - memcpy(input, value.c_str(), value.length()+1); - - size = inplace(input, value.length()); - - ret.assign(reinterpret_cast(input), size); - free(input); - - return ret; +static inline int mytolower(int ch) { + if (ch >= 'A' && ch <= 'Z') + return ('a' + ch - 'A'); + else + return ch; } - -int SqlHexDecode::inplace(unsigned char *data, int len) { - unsigned char *d, *begin = data; - int count = 0; - - if ((data == NULL) || (len == 0)) { - return 0; +static inline bool inplace(std::string &value) { + if (value.empty()) { + return false; } - for (d = data; (++count < len) && *data; *d++ = *data++) { - if (*data != '0') { - continue; + auto d = reinterpret_cast(value.data()); + const unsigned char *data = d; + const auto end = data + value.size(); + + bool changed = false; + + while (data < end) { + if (data + 3 < end + && *data == '0' + && mytolower(*(data + 1)) == 'x' + && VALID_HEX(*(data + 2)) && VALID_HEX(*(data + 3))) { + data += 2; // skip '0x' + do { + *d++ = utils::string::x2c(data); + data += 2; + } while ((data + 1 < end) && VALID_HEX(*data) && VALID_HEX(*(data + 1))); + changed = true; } - ++data; - ++count; - if (mytolower(*data) != 'x') { - data--; - count--; - continue; - } - - data++; - ++count; - - // Do we need to keep "0x" if no hexa after? - if (!VALID_HEX(data[0]) || !VALID_HEX(data[1])) { - data -= 2; - count -= 2; - continue; - } - - while (VALID_HEX(data[0]) && VALID_HEX(data[1])) { - *d++ = utils::string::x2c(data); - data += 2; - count += 2; + else { + *d++ = *data++; } } *d = '\0'; - return strlen(reinterpret_cast(begin)); + + value.resize(d - reinterpret_cast(value.c_str())); + return changed; } +bool SqlHexDecode::transform(std::string &value, const Transaction *trans) const { + return inplace(value); +} + -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.h b/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.h index 9a3afe0f5e..0acb1cff6b 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/sql_hex_decode.h @@ -13,42 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class SqlHexDecode : public Transformation { public: - explicit SqlHexDecode(const std::string &action) : Transformation(action) { } - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + using Transformation::Transformation; - static int inplace(unsigned char *data, int len); - - static int mytolower(int ch) { - if (ch >= 'A' && ch <= 'Z') - return ('a' + ch - 'A'); - else - return ch; - } + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/transformation.cc b/src/deps/src/modsecurity/src/actions/transformations/transformation.cc index 3b38431ad1..b6fbf5a394 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/transformation.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/transformation.cc @@ -13,65 +13,62 @@ * */ -#include "src/actions/transformations/transformation.h" +#include "transformation.h" #include - #include #include #include "modsecurity/transaction.h" #include "modsecurity/actions/action.h" -#include "src/actions/transformations/base64_decode_ext.h" -#include "src/actions/transformations/base64_decode.h" -#include "src/actions/transformations/base64_encode.h" -#include "src/actions/transformations/cmd_line.h" -#include "src/actions/transformations/compress_whitespace.h" -#include "src/actions/transformations/css_decode.h" -#include "src/actions/transformations/escape_seq_decode.h" -#include "src/actions/transformations/hex_decode.h" -#include "src/actions/transformations/hex_encode.h" -#include "src/actions/transformations/html_entity_decode.h" -#include "src/actions/transformations/js_decode.h" -#include "src/actions/transformations/length.h" -#include "src/actions/transformations/lower_case.h" -#include "src/actions/transformations/md5.h" -#include "src/actions/transformations/none.h" -#include "src/actions/transformations/normalise_path.h" -#include "src/actions/transformations/normalise_path_win.h" -#include "src/actions/transformations/parity_even_7bit.h" -#include "src/actions/transformations/parity_odd_7bit.h" -#include "src/actions/transformations/parity_zero_7bit.h" -#include "src/actions/transformations/remove_comments_char.h" -#include "src/actions/transformations/remove_comments.h" -#include "src/actions/transformations/remove_nulls.h" -#include "src/actions/transformations/remove_whitespace.h" -#include "src/actions/transformations/replace_comments.h" -#include "src/actions/transformations/replace_nulls.h" -#include "src/actions/transformations/sha1.h" -#include "src/actions/transformations/sql_hex_decode.h" -#include "src/actions/transformations/trim.h" -#include "src/actions/transformations/trim_left.h" -#include "src/actions/transformations/trim_right.h" -#include "src/actions/transformations/upper_case.h" -#include "src/actions/transformations/url_decode.h" -#include "src/actions/transformations/url_decode_uni.h" -#include "src/actions/transformations/url_encode.h" -#include "src/actions/transformations/utf8_to_unicode.h" + +#include "base64_decode_ext.h" +#include "base64_decode.h" +#include "base64_encode.h" +#include "cmd_line.h" +#include "compress_whitespace.h" +#include "css_decode.h" +#include "escape_seq_decode.h" +#include "hex_decode.h" +#include "hex_encode.h" +#include "html_entity_decode.h" +#include "js_decode.h" +#include "length.h" +#include "lower_case.h" +#include "md5.h" +#include "none.h" +#include "normalise_path.h" +#include "normalise_path_win.h" +#include "parity_even_7bit.h" +#include "parity_odd_7bit.h" +#include "parity_zero_7bit.h" +#include "remove_comments_char.h" +#include "remove_comments.h" +#include "remove_nulls.h" +#include "remove_whitespace.h" +#include "replace_comments.h" +#include "replace_nulls.h" +#include "sha1.h" +#include "sql_hex_decode.h" +#include "trim.h" +#include "trim_left.h" +#include "trim_right.h" +#include "upper_case.h" +#include "url_decode.h" +#include "url_decode_uni.h" +#include "url_encode.h" +#include "utf8_to_unicode.h" #define IF_MATCH(b) \ if (a.compare(2, std::strlen(#b), #b) == 0) -namespace modsecurity { -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { -std::string Transformation::evaluate(const std::string &value, - Transaction *transaction) { - return value; +bool Transformation::transform(std::string &value, const Transaction *trans) const { + return false; } Transformation* Transformation::instantiate(std::string a) { @@ -119,6 +116,5 @@ Transformation* Transformation::instantiate(std::string a) { return new Transformation(a); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/transformation.h b/src/deps/src/modsecurity/src/actions/transformations/transformation.h index f1d81503ec..1d0ea99aa6 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/transformation.h +++ b/src/deps/src/modsecurity/src/actions/transformations/transformation.h @@ -13,37 +13,23 @@ * */ -#include - -#include "modsecurity/actions/action.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ +#include "modsecurity/actions/action.h" -namespace modsecurity { -class Transaction; - -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Transformation : public Action { public: explicit Transformation(const std::string& _action) - : Action(_action, RunTimeBeforeMatchAttemptKind) { } - - explicit Transformation(const std::string& _action, int kind) - : Action(_action, kind) { } - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + : Action(_action, Kind::RunTimeBeforeMatchAttemptKind) { } static Transformation* instantiate(std::string a); -}; -} // namespace transformations -} // namespace actions -} // namespace modsecurity + virtual bool transform(std::string &value, const Transaction *trans) const; +}; +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/trim.cc b/src/deps/src/modsecurity/src/actions/transformations/trim.cc index 5902497f40..2056b25622 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/trim.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/trim.cc @@ -13,67 +13,51 @@ * */ -#include "src/actions/transformations/trim.h" +#include "trim.h" -#include -#include #include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" -namespace modsecurity { -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { -std::string *Trim::ltrim(std::string *s) { - s->erase( - s->begin(), - std::find_if(s->begin(), s->end(), [](unsigned char c) { +bool Trim::ltrim(std::string &s) { + auto it = std::find_if(s.begin(), s.end(), [](unsigned char c) { return !std::isspace(c); - }) - ); + }); - return s; + const bool changed = it != s.begin(); + + s.erase(s.begin(), it); + + return changed; } -std::string *Trim::rtrim(std::string *s) { - s->erase( - std::find_if(s->rbegin(), s->rend(), [](unsigned char c) { +bool Trim::rtrim(std::string &s) { + auto it = std::find_if(s.rbegin(), s.rend(), [](unsigned char c) { return !std::isspace(c); - }).base(), - s->end() - ); + }).base(); - return s; -} + const bool changed = it != s.end(); + s.erase(it, s.end()); -std::string *Trim::trim(std::string *s) { - return ltrim(rtrim(s)); + return changed; } -Trim::Trim(const std::string &action) - : Transformation(action) { - this->action_kind = 1; +bool Trim::trim(std::string &s) { + bool changed = false; + changed |= rtrim(s); + changed |= ltrim(s); + return changed; } -std::string -Trim::evaluate(const std::string &val, - Transaction *transaction) { - std::string value(val); - return *this->trim(&value); +bool Trim::transform(std::string &value, const Transaction *trans) const { + return trim(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/trim.h b/src/deps/src/modsecurity/src/actions/transformations/trim.h index ac16050cfd..e436f5bf54 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/trim.h +++ b/src/deps/src/modsecurity/src/actions/transformations/trim.h @@ -13,38 +13,24 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Trim : public Transformation { public: + using Transformation::Transformation; - explicit Trim(const std::string &action) ; + bool transform(std::string &value, const Transaction *trans) const override; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - - std::string *ltrim(std::string *s); - std::string *rtrim(std::string *s); - std::string *trim(std::string *s); + static bool ltrim(std::string &s); + static bool rtrim(std::string &s); + static bool trim(std::string &s); }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/trim_left.cc b/src/deps/src/modsecurity/src/actions/transformations/trim_left.cc index 50c0cc6aa5..2ce7014910 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/trim_left.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/trim_left.cc @@ -13,37 +13,16 @@ * */ -#include "src/actions/transformations/trim_left.h" +#include "trim_left.h" +#include "trim.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "src/actions/transformations/trim.h" -#include "modsecurity/actions/action.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - - -TrimLeft::TrimLeft(const std::string &action) - : Trim(action) { - this->action_kind = 1; +bool TrimLeft::transform(std::string &value, const Transaction *trans) const { + return Trim::ltrim(value); } -std::string TrimLeft::evaluate(const std::string &val, - Transaction *transaction) { - std::string value(val); - return *ltrim(&value); -} -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/trim_left.h b/src/deps/src/modsecurity/src/actions/transformations/trim_left.h index 54e4885c05..8acf1fe593 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/trim_left.h +++ b/src/deps/src/modsecurity/src/actions/transformations/trim_left.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" -#include "src/actions/transformations/trim.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { -class TrimLeft : public Trim { +class TrimLeft : public Transformation { public: - explicit TrimLeft(const std::string &action) ; + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/trim_right.cc b/src/deps/src/modsecurity/src/actions/transformations/trim_right.cc index 92383f7e00..e6536786ba 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/trim_right.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/trim_right.cc @@ -13,35 +13,16 @@ * */ -#include "src/actions/transformations/trim_right.h" +#include "trim_right.h" +#include "trim.h" -#include -#include -#include -#include -#include -#include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" +namespace modsecurity::actions::transformations { -namespace modsecurity { -namespace actions { -namespace transformations { - -TrimRight::TrimRight(const std::string &action) - : Trim(action) { - this->action_kind = 1; +bool TrimRight::transform(std::string &value, const Transaction *trans) const { + return Trim::rtrim(value); } -std::string TrimRight::evaluate(const std::string &val, - Transaction *transaction) { - std::string value(val); - return *this->rtrim(&value); -} -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/trim_right.h b/src/deps/src/modsecurity/src/actions/transformations/trim_right.h index 9a96b4c5cc..7e31795a31 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/trim_right.h +++ b/src/deps/src/modsecurity/src/actions/transformations/trim_right.h @@ -13,34 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" -#include "src/actions/transformations/trim.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { -class TrimRight : public Trim { +class TrimRight : public Transformation { public: - explicit TrimRight(const std::string &action) ; + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/upper_case.cc b/src/deps/src/modsecurity/src/actions/transformations/upper_case.cc index 118696ad43..2b3978c740 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/upper_case.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/upper_case.cc @@ -13,36 +13,21 @@ * */ -#include "src/actions/transformations/upper_case.h" -#include -#include +#include "upper_case.h" -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" +#include -namespace modsecurity { -namespace actions { -namespace transformations { +#include "lower_case.h" -UpperCase::UpperCase(const std::string &a) - : Transformation(a) { -} - -std::string UpperCase::evaluate(const std::string &val, - Transaction *transaction) { - std::string value(val); - std::locale loc; +namespace modsecurity::actions::transformations { - for (std::string::size_type i=0; i < value.length(); ++i) { - value[i] = std::toupper(value[i], loc); - } - return value; +bool UpperCase::transform(std::string &value, const Transaction *trans) const { + return LowerCase::convert(value, [](auto c) + { return std::toupper(c); }); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity + +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/upper_case.h b/src/deps/src/modsecurity/src/actions/transformations/upper_case.h index f4a77220c6..87a1df8a0a 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/upper_case.h +++ b/src/deps/src/modsecurity/src/actions/transformations/upper_case.h @@ -13,35 +13,20 @@ * */ -#include -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ -#ifdef __cplusplus - -namespace modsecurity { -class Transaction; -namespace actions { -namespace transformations { +#include "transformation.h" +namespace modsecurity::actions::transformations { class UpperCase : public Transformation { public: - explicit UpperCase(const std::string &action) ; + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/url_decode.cc b/src/deps/src/modsecurity/src/actions/transformations/url_decode.cc index 845c6a647a..dbc7bf9fb9 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/url_decode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/url_decode.cc @@ -13,52 +13,18 @@ * */ -#include "src/actions/transformations/url_decode.h" +#include "url_decode.h" -#include -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/decode.h" -namespace modsecurity { -namespace actions { -namespace transformations { - - -UrlDecode::UrlDecode(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - -std::string UrlDecode::evaluate(const std::string &value, - Transaction *transaction) { - unsigned char *val(NULL); - int invalid_count = 0; - int changed; - - val = (unsigned char *) malloc(sizeof(char) * value.size() + 1); - memcpy(val, value.c_str(), value.size() + 1); - val[value.size()] = '\0'; - - int size = utils::urldecode_nonstrict_inplace(val, value.size(), - &invalid_count, &changed); - std::string out; - out.append((const char *)val, size); +namespace modsecurity::actions::transformations { - free(val); - return out; +bool UrlDecode::transform(std::string &value, const Transaction *trans) const { + int invalid_count; + return utils::urldecode_nonstrict_inplace(value, invalid_count); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/url_decode.h b/src/deps/src/modsecurity/src/actions/transformations/url_decode.h index e965dae7fe..cc73c9c3fa 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/url_decode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/url_decode.h @@ -13,36 +13,20 @@ * */ -#include -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; - -namespace actions { -namespace transformations { +#include "transformation.h" +namespace modsecurity::actions::transformations { class UrlDecode : public Transformation { public: + using Transformation::Transformation; - explicit UrlDecode(const std::string &action) ; - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.cc b/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.cc index ad5b8111c6..58d683c85b 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.cc @@ -13,66 +13,30 @@ * */ -#include "src/actions/transformations/url_decode_uni.h" +#include "url_decode_uni.h" -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" -#include "src/utils/system.h" - - -namespace modsecurity { -namespace actions { -namespace transformations { - -std::string UrlDecodeUni::evaluate(const std::string &value, - Transaction *t) { - std::string ret; - unsigned char *input; +using namespace modsecurity::utils::string; - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); - - if (input == NULL) { - return ""; - } - - memcpy(input, value.c_str(), value.length()+1); - - size_t i = inplace(input, value.length(), t); - - ret.assign(reinterpret_cast(input), i); - free(input); - - return ret; -} +namespace modsecurity::actions::transformations { /** * * IMP1 Assumes NUL-terminated */ -int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, - Transaction *t) { - unsigned char *d = input; - int64_t i, count, fact, j, xv; +static inline bool inplace(std::string &value, + const Transaction *t) { + bool changed = false; + auto d = reinterpret_cast(value.data()); + const unsigned char *input = d; + const auto input_len = value.length(); + + std::string::size_type i, count, fact, j, xv; int Code, hmap = -1; - if (input == NULL) return -1; - i = count = 0; while (i < input_len) { if (input[i] == '%') { @@ -131,19 +95,17 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, } } d++; - count++; i += 6; + changed = true; } else { /* Invalid data, skip %u. */ *d++ = input[i++]; *d++ = input[i++]; - count += 2; } } else { /* Not enough bytes (4 data bytes), skip %u. */ *d++ = input[i++]; *d++ = input[i++]; - count += 2; } } else { /* Standard URL encoding. */ @@ -158,8 +120,8 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, if (VALID_HEX(c1) && VALID_HEX(c2)) { *d++ = utils::string::x2c(&input[i + 1]); - count++; i += 3; + changed = true; } else { /* Not a valid encoding, skip this % */ *d++ = input[i++]; @@ -168,28 +130,32 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, } else { /* Not enough bytes available, skip this % */ *d++ = input[i++]; - count++; } } } else { /* Character is not a percent sign. */ if (input[i] == '+') { *d++ = ' '; + changed = true; } else { *d++ = input[i]; } - count++; i++; } } *d = '\0'; - return count; + value.resize(d - input); + return changed; +} + + + +bool UrlDecodeUni::transform(std::string &value, const Transaction *trans) const { + return inplace(value, trans); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.h b/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.h index d7b0dd2152..046f251a42 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.h +++ b/src/deps/src/modsecurity/src/actions/transformations/url_decode_uni.h @@ -13,35 +13,20 @@ * */ -#include - -#include "modsecurity/rules_set_properties.h" -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ +#include "transformation.h" -#ifdef __cplusplus -namespace modsecurity { -class Transaction; -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class UrlDecodeUni : public Transformation { public: - explicit UrlDecodeUni(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, Transaction *transaction) override; - static int inplace(unsigned char *input, uint64_t input_len, - Transaction *transaction); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/url_encode.cc b/src/deps/src/modsecurity/src/actions/transformations/url_encode.cc index 19ecb3349d..2692a2d3d8 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/url_encode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/url_encode.cc @@ -13,90 +13,50 @@ * */ -#include "src/actions/transformations/url_encode.h" +#include "url_encode.h" -#include -#include -#include -#include -#include -#include - -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" -namespace modsecurity { -namespace actions { -namespace transformations { - - -UrlEncode::UrlEncode(const std::string &action) - : Transformation(action) { - this->action_kind = 1; -} - +namespace modsecurity::actions::transformations { -std::string UrlEncode::url_enc(const char *input, - unsigned int input_len, int *changed) { - char *rval, *d; - unsigned int i, len; - int count = 0; - *changed = 0; +static inline bool url_enc(std::string &value) { + const auto len = value.size() * 3 + 1; + std::string ret(len, {}); - len = input_len * 3 + 1; - d = rval = reinterpret_cast(malloc(len)); - if (rval == NULL) { - return NULL; - } + bool changed = false; /* ENH Only encode the characters that really need to be encoded. */ - for (i = 0; i < input_len; i++) { - unsigned char c = input[i]; - + char *d = ret.data(); + for (const auto c : value) { if (c == ' ') { *d++ = '+'; - *changed = 1; - count++; + changed = true; } else { if ( (c == 42) || ((c >= 48) && (c <= 57)) || ((c >= 65) && (c <= 90)) || ((c >= 97) && (c <= 122))) { *d++ = c; - count++; - } else { + } + else + { *d++ = '%'; - count++; - utils::string::c2x(c, (unsigned char *)d); - d += 2; - count++; - count++; - *changed = 1; + d = (char *)utils::string::c2x(c, (unsigned char *)d); + changed = true; } } } - *d = '\0'; - - std::string ret(""); - ret.append(rval, count); - free(rval); - return ret; + ret.resize(d - ret.c_str()); + std::swap(value, ret); + return changed; } -std::string UrlEncode::evaluate(const std::string &value, - Transaction *transaction) { - int changed; - - std::string ret = url_enc(value.c_str(), value.size(), &changed); - - return ret; +bool UrlEncode::transform(std::string &value, const Transaction *trans) const { + return url_enc(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/url_encode.h b/src/deps/src/modsecurity/src/actions/transformations/url_encode.h index a45be56402..e112fb57fe 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/url_encode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/url_encode.h @@ -13,37 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class UrlEncode : public Transformation { public: + using Transformation::Transformation; - explicit UrlEncode(const std::string &action) ; - - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - - std::string url_enc(const char *input, - unsigned int input_len, int *changed); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - -#endif +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.cc b/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.cc index 70c1f9c8e1..4b01583e7c 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.cc +++ b/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.cc @@ -13,83 +13,40 @@ * */ -#include "src/actions/transformations/utf8_to_unicode.h" - -#include -#include -#include -#include -#include -#include +#include "utf8_to_unicode.h" + #include -#include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/string.h" -namespace modsecurity { -namespace actions { -namespace transformations { - - -std::string Utf8ToUnicode::evaluate(const std::string &value, - Transaction *transaction) { - std::string ret; - unsigned char *input; - int changed = 0; - char *out; - - input = reinterpret_cast - (malloc(sizeof(char) * value.length()+1)); +constexpr int UNICODE_ERROR_CHARACTERS_MISSING = -1; +constexpr int UNICODE_ERROR_INVALID_ENCODING = -2; - if (input == NULL) { - return ""; - } - - memcpy(input, value.c_str(), value.length()+1); - out = inplace(input, value.size() + 1, &changed); - free(input); - if (out != NULL) { - ret.assign(reinterpret_cast(out), - strlen(reinterpret_cast(out))); - free(out); - } +namespace modsecurity::actions::transformations { - return ret; -} +static inline bool encode(std::string &value) { + auto input = reinterpret_cast(value.data()); + const auto input_len = value.length(); -char *Utf8ToUnicode::inplace(unsigned char *input, - uint64_t input_len, int *changed) { - unsigned int count = 0; - char *data; - char *data_orig; - unsigned int i, len, j; - unsigned int bytes_left = input_len; + bool changed = false; + std::string::size_type count = 0; + auto bytes_left = input_len; unsigned char unicode[8]; - *changed = 0; /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 octets. */ /* Max size per character should fit in 4 bytes */ - len = input_len * 4 + 1; - data = reinterpret_cast(malloc(sizeof(char) * len)); - if (data == NULL) { - return NULL; - } - data_orig = data; - - if (input == NULL) { - free(data); - return NULL; - } + const auto len = input_len * 4 + 1; + std::string ret(len, {}); + auto data = ret.data(); - for (i = 0; i < bytes_left;) { + for (std::string::size_type i = 0; i < bytes_left;) { int unicode_len = 0; unsigned int d = 0; unsigned char c; - unsigned char *utf = (unsigned char *)&input[i]; + auto utf = &input[i]; c = *utf; @@ -117,7 +74,7 @@ char *Utf8ToUnicode::inplace(unsigned char *input, unicode_len = UNICODE_ERROR_INVALID_ENCODING; } else { unicode_len = 2; - count+=6; + count += 6; if (count <= len) { int length = 0; /* compute character number */ @@ -147,11 +104,11 @@ char *Utf8ToUnicode::inplace(unsigned char *input, break; } - for (j = 0; j < length; j++) { + for (std::string::size_type j = 0; j < length; j++) { *data++ = unicode[j]; } - *changed = 1; + changed = true; } } } else if ((c & 0xF0) == 0xE0) { @@ -199,11 +156,11 @@ char *Utf8ToUnicode::inplace(unsigned char *input, break; } - for (j = 0; j < length; j++) { + for (std::string::size_type j = 0; j < length; j++) { *data++ = unicode[j]; } - *changed = 1; + changed = true; } } } else if ((c & 0xF8) == 0xF0) { @@ -261,11 +218,11 @@ char *Utf8ToUnicode::inplace(unsigned char *input, break; } - for (j = 0; j < length; j++) { + for (std::string::size_type j = 0; j < length; j++) { *data++ = unicode[j]; } - *changed = 1; + changed = true; } } } else { @@ -309,10 +266,15 @@ char *Utf8ToUnicode::inplace(unsigned char *input, *data ='\0'; - return data_orig; + ret.resize(data - ret.c_str()); + std::swap(value, ret); + return changed; +} + + +bool Utf8ToUnicode::transform(std::string &value, const Transaction *trans) const { + return encode(value); } -} // namespace transformations -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions::transformations diff --git a/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.h b/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.h index 4d488410e0..af1253382a 100644 --- a/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.h +++ b/src/deps/src/modsecurity/src/actions/transformations/utf8_to_unicode.h @@ -13,40 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ -#define UNICODE_ERROR_CHARACTERS_MISSING -1 -#define UNICODE_ERROR_INVALID_ENCODING -2 -#define UNICODE_ERROR_OVERLONG_CHARACTER -3 -#define UNICODE_ERROR_RESTRICTED_CHARACTER -4 -#define UNICODE_ERROR_DECODING_ERROR -5 - -namespace modsecurity { -class Transaction; +#include "transformation.h" -namespace actions { -namespace transformations { +namespace modsecurity::actions::transformations { class Utf8ToUnicode : public Transformation { public: - explicit Utf8ToUnicode(const std::string &action) : Transformation(action) { } + using Transformation::Transformation; - std::string evaluate(const std::string &exp, - Transaction *transaction) override; - - static char *inplace(unsigned char *input, uint64_t input_len, - int *changed); + bool transform(std::string &value, const Transaction *trans) const override; }; -} // namespace transformations -} // namespace actions -} // namespace modsecurity - +} // namespace modsecurity::actions::transformations #endif // SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ diff --git a/src/deps/src/modsecurity/src/actions/ver.cc b/src/deps/src/modsecurity/src/actions/ver.cc index 43b8b832e2..d7b8bdc42d 100644 --- a/src/deps/src/modsecurity/src/actions/ver.cc +++ b/src/deps/src/modsecurity/src/actions/ver.cc @@ -15,16 +15,10 @@ #include "src/actions/ver.h" -#include -#include +#include "modsecurity/rule_with_actions.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" - -namespace modsecurity { -namespace actions { +namespace modsecurity::actions { bool Ver::evaluate(RuleWithActions *rule, Transaction *transaction) { @@ -33,5 +27,4 @@ bool Ver::evaluate(RuleWithActions *rule, Transaction *transaction) { } -} // namespace actions -} // namespace modsecurity +} // namespace modsecurity::actions diff --git a/src/deps/src/modsecurity/src/actions/ver.h b/src/deps/src/modsecurity/src/actions/ver.h index 364d567b31..8bce189ce4 100644 --- a/src/deps/src/modsecurity/src/actions/ver.h +++ b/src/deps/src/modsecurity/src/actions/ver.h @@ -29,7 +29,7 @@ namespace actions { class Ver : public Action { public: - explicit Ver(const std::string &action) : Action(action, ConfigurationKind) { } + explicit Ver(const std::string &action) : Action(action, Kind::ConfigurationKind) { } bool evaluate(RuleWithActions *rule, Transaction *transaction) override; diff --git a/src/deps/src/modsecurity/src/anchored_set_variable.cc b/src/deps/src/modsecurity/src/anchored_set_variable.cc index ec087775dd..6d7a5aa5ac 100644 --- a/src/deps/src/modsecurity/src/anchored_set_variable.cc +++ b/src/deps/src/modsecurity/src/anchored_set_variable.cc @@ -52,26 +52,16 @@ void AnchoredSetVariable::unset() { void AnchoredSetVariable::set(const std::string &key, const std::string &value, size_t offset, size_t len) { - std::unique_ptr origin(new VariableOrigin()); VariableValue *var = new VariableValue(&m_name, &key, &value); - - origin->m_offset = offset; - origin->m_length = len; - - var->addOrigin(std::move(origin)); + var->addOrigin(len, offset); emplace(key, var); } void AnchoredSetVariable::set(const std::string &key, const std::string &value, size_t offset) { - std::unique_ptr origin(new VariableOrigin()); VariableValue *var = new VariableValue(&m_name, &key, &value); - - origin->m_offset = offset; - origin->m_length = value.size(); - - var->addOrigin(std::move(origin)); + var->addOrigin(value.size(), offset); emplace(key, var); } @@ -109,12 +99,11 @@ void AnchoredSetVariable::resolve(const std::string &key, std::unique_ptr AnchoredSetVariable::resolveFirst( const std::string &key) { - auto range = equal_range(key); - for (auto it = range.first; it != range.second; ++it) { - std::unique_ptr b(new std::string()); - b->assign(it->second->getValue()); - return b; + + if (auto search = this->find(key); search != this->end()) { + return std::make_unique(search->second->getValue()); } + return nullptr; } diff --git a/src/deps/src/modsecurity/src/anchored_variable.cc b/src/deps/src/modsecurity/src/anchored_variable.cc index 63128bb286..51860d1fe6 100644 --- a/src/deps/src/modsecurity/src/anchored_variable.cc +++ b/src/deps/src/modsecurity/src/anchored_variable.cc @@ -31,19 +31,9 @@ AnchoredVariable::AnchoredVariable(Transaction *t, const std::string &name) : m_transaction(t), m_offset(0), - m_name(""), + m_name(name), m_value(""), - m_var(NULL) { - m_name.append(name); - m_var = new VariableValue(&m_name); -} - - -AnchoredVariable::~AnchoredVariable() { - if (m_var) { - delete (m_var); - m_var = NULL; - } + m_var(&name) { } @@ -54,58 +44,16 @@ void AnchoredVariable::unset() { void AnchoredVariable::set(const std::string &a, size_t offset, size_t offsetLen) { - std::unique_ptr origin(new VariableOrigin()); - m_offset = offset; m_value.assign(a.c_str(), a.size()); - origin->m_offset = offset; - origin->m_length = offsetLen; - m_var->addOrigin(std::move(origin)); + m_var.addOrigin(offsetLen, offset); } void AnchoredVariable::set(const std::string &a, size_t offset) { - std::unique_ptr origin(new VariableOrigin()); - m_offset = offset; m_value.assign(a.c_str(), a.size()); - origin->m_offset = offset; - origin->m_length = m_value.size(); - m_var->addOrigin(std::move(origin)); -} - - -void AnchoredVariable::append(const std::string &a, size_t offset, - bool spaceSeparator) { - std::unique_ptr origin( - new VariableOrigin()); - - if (spaceSeparator && !m_value.empty()) { - m_value.append(" " + a); - } else { - m_value.append(a); - } - m_offset = offset; - origin->m_offset = offset; - origin->m_length = a.size(); - m_var->addOrigin(std::move(origin)); -} - - -void AnchoredVariable::append(const std::string &a, size_t offset, - bool spaceSeparator, int size) { - std::unique_ptr origin( - new VariableOrigin()); - - if (spaceSeparator && !m_value.empty()) { - m_value.append(" " + a); - } else { - m_value.append(a); - } - m_offset = offset; - origin->m_offset = offset; - origin->m_length = size; - m_var->addOrigin(std::move(origin)); + m_var.addOrigin(m_value.size(), offset); } @@ -114,9 +62,8 @@ void AnchoredVariable::evaluate(std::vector *l) { return; } - m_var->setValue(m_value); - VariableValue *m_var2 = new VariableValue(m_var); - l->push_back(m_var2); + m_var.setValue(m_value); + l->push_back(new VariableValue(&m_var)); } @@ -129,9 +76,7 @@ std::unique_ptr AnchoredVariable::resolveFirst() { if (m_value.empty()) { return nullptr; } - std::unique_ptr a(new std::string()); - a->append(m_value); - return a; + return std::make_unique(m_value); } diff --git a/src/deps/src/modsecurity/src/audit_log/writer/parallel.cc b/src/deps/src/modsecurity/src/audit_log/writer/parallel.cc index 0a9777bfa5..5237adb74d 100644 --- a/src/deps/src/modsecurity/src/audit_log/writer/parallel.cc +++ b/src/deps/src/modsecurity/src/audit_log/writer/parallel.cc @@ -21,7 +21,12 @@ #include #include #include +#ifndef WIN32 #include +#else +#include +#include "src/compat/msvc.h" +#endif #include #include @@ -46,28 +51,27 @@ Parallel::~Parallel() { inline std::string Parallel::logFilePath(time_t *t, int part) { - struct tm timeinfo; - char tstr[300]; - std::string name(""); + std::string name; + struct tm timeinfo; localtime_r(t, &timeinfo); if (part & YearMonthDayDirectory) { - memset(tstr, '\0', 300); - strftime(tstr, 299, "/%Y%m%d", &timeinfo); - name = tstr; + char tstr[std::size("/yyyymmdd")]; + strftime(tstr, std::size(tstr), "/%Y%m%d", &timeinfo); + name.append(tstr); } if (part & YearMonthDayAndTimeDirectory) { - memset(tstr, '\0', 300); - strftime(tstr, 299, "/%Y%m%d-%H%M", &timeinfo); - name = name + tstr; + char tstr[std::size("/yyyymmdd-hhmm")]; + strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M", &timeinfo); + name.append(tstr); } if (part & YearMonthDayAndTimeFileName) { - memset(tstr, '\0', 300); - strftime(tstr, 299, "/%Y%m%d-%H%M%S", &timeinfo); - name = name + tstr; + char tstr[std::size("/yyyymmdd-hhmmss")]; + strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M%S", &timeinfo); + name.append(tstr); } return name; @@ -118,7 +122,7 @@ bool Parallel::write(Transaction *transaction, int parts, std::string *error) { log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--"); } - std::string logPath = m_audit->m_storage_dir; + const auto &logPath = m_audit->m_storage_dir; fileName = logPath + fileName + "-" + *transaction->m_id.get(); if (logPath.empty()) { diff --git a/src/deps/src/modsecurity/src/audit_log/writer/writer.h b/src/deps/src/modsecurity/src/audit_log/writer/writer.h index 093f271c17..56dada0622 100644 --- a/src/deps/src/modsecurity/src/audit_log/writer/writer.h +++ b/src/deps/src/modsecurity/src/audit_log/writer/writer.h @@ -18,8 +18,10 @@ #include +#ifndef WIN32 #include #include +#endif #include #include diff --git a/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.cc b/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.cc index 59aeb105f1..b16ee843ac 100644 --- a/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.cc +++ b/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.cc @@ -25,8 +25,6 @@ #include #endif -#include - #include "modsecurity/variable_value.h" #include "src/utils/regex.h" #include "src/utils/string.h" @@ -39,26 +37,48 @@ namespace backend { InMemoryPerProcess::InMemoryPerProcess(const std::string &name) : Collection(name) { - this->reserve(1000); - pthread_mutex_init(&m_lock, NULL); + m_map.reserve(1000); } InMemoryPerProcess::~InMemoryPerProcess() { - this->clear(); - pthread_mutex_destroy(&m_lock); + m_map.clear(); +} + + +template +inline void __store(Map &map, std::string key, std::string value) { + // NOTE: should be called with write-lock previously acquired + + map.emplace(key, value); +} + + +template +inline bool __updateFirst(Map &map, + const std::string &key, + const std::string &value) { + // NOTE: should be called with write-lock previously acquired + + if (auto search = map.find(key); search != map.end()) { + search->second.setValue(value); + return true; + } + + return false; } -void InMemoryPerProcess::store(std::string key, std::string value) { - pthread_mutex_lock(&m_lock); - this->emplace(key, value); - pthread_mutex_unlock(&m_lock); + +void InMemoryPerProcess::store(const std::string &key, const std::string &value) { + const std::lock_guard lock(m_mutex); // write lock (exclusive access) + __store(m_map, key, value); } bool InMemoryPerProcess::storeOrUpdateFirst(const std::string &key, const std::string &value) { - if (updateFirst(key, value) == false) { - store(key, value); + const std::lock_guard lock(m_mutex); // write lock (exclusive access) + if (__updateFirst(m_map, key, value) == false) { + __store(m_map, key, value); } return true; } @@ -66,66 +86,59 @@ bool InMemoryPerProcess::storeOrUpdateFirst(const std::string &key, bool InMemoryPerProcess::updateFirst(const std::string &key, const std::string &value) { - pthread_mutex_lock(&m_lock); - auto range = this->equal_range(key); - - for (auto it = range.first; it != range.second; ++it) { - it->second.setValue(value); - pthread_mutex_unlock(&m_lock); - return true; - } - pthread_mutex_unlock(&m_lock); - return false; + const std::lock_guard lock(m_mutex); // write lock (exclusive access) + return __updateFirst(m_map, key, value); } void InMemoryPerProcess::del(const std::string& key) { - pthread_mutex_lock(&m_lock); - this->erase(key); - pthread_mutex_unlock(&m_lock); + const std::lock_guard lock(m_mutex); // write lock (exclusive access) + m_map.erase(key); } void InMemoryPerProcess::delIfExpired(const std::string& key) { - pthread_mutex_lock(&m_lock); + const std::lock_guard lock(m_mutex); // write lock (exclusive access) // Double check the status while within the mutex - auto iter = this->find(key); - if ((iter != this->end()) && (iter->second.isExpired())) { - this->erase(key); + const auto iter = std::find_if(m_map.begin(), m_map.end(), + [&key](const auto &x) { return x.first == key && x.second.isExpired(); }); + if (iter != m_map.end()) { + m_map.erase(key); } - pthread_mutex_unlock(&m_lock); } void InMemoryPerProcess::setExpiry(const std::string& key, int32_t expiry_seconds) { - pthread_mutex_lock(&m_lock); - auto range = this->equal_range(key); - for (auto it = range.first; it != range.second; ++it) { - it->second.setExpiry(expiry_seconds); - pthread_mutex_unlock(&m_lock); - return; + const std::lock_guard lock(m_mutex); // write lock (exclusive access) + + if (const auto search = m_map.find(key); search != m_map.end()) { + search->second.setExpiry(expiry_seconds); + return; } // We allow an expiry value to be set for a key that has not (yet) had a value set. - auto iter = this->emplace(key, CollectionData()); + const auto iter = m_map.emplace(key, CollectionData()); iter->second.setExpiry(expiry_seconds); - - pthread_mutex_unlock(&m_lock); } void InMemoryPerProcess::resolveSingleMatch(const std::string& var, std::vector *l) { std::list expiredVars; - auto range = this->equal_range(var); - - for (auto it = range.first; it != range.second; ++it) { - if (it->second.isExpired()) { - expiredVars.push_back(it->first); - } else if (it->second.hasValue() == false) { - // No-op. A non-expired expiry exists for the key but there is no actual value - } else { - l->push_back(new VariableValue(&m_name, &it->first, &it->second.getValue())); - } + + { + const std::shared_lock lock(m_mutex); // read lock (shared access) + + const auto range = m_map.equal_range(var); + for (auto it = range.first; it != range.second; ++it) { + if (it->second.isExpired()) { + expiredVars.push_back(it->first); + } else if (it->second.hasValue() == false) { + // No-op. A non-expired expiry exists for the key but there is no actual value + } else { + l->push_back(new VariableValue(&m_name, &it->first, &it->second.getValue())); + } + } } + for (const auto& expiredVar : expiredVars) { delIfExpired(expiredVar); } @@ -134,40 +147,45 @@ void InMemoryPerProcess::resolveSingleMatch(const std::string& var, void InMemoryPerProcess::resolveMultiMatches(const std::string& var, std::vector *l, variables::KeyExclusions &ke) { - size_t keySize = var.size(); + const auto keySize = var.size(); l->reserve(15); std::list expiredVars; - if (keySize == 0) { - for (auto &i : *this) { - if (ke.toOmit(i.first)) { - continue; + { + const std::shared_lock lock(m_mutex); // read lock (shared access) + + if (keySize == 0) { + for (auto &i : m_map) { + if (ke.toOmit(i.first)) { + continue; + } + if (i.second.isExpired()) { + expiredVars.push_back(i.first); + } else if (i.second.hasValue() == false) { + // No-op. A non-expired expiry exists for the key but there is no actual value + } else { + l->insert(l->begin(), new VariableValue(&m_name, &i.first, + &i.second.getValue())); + } } - if (i.second.isExpired()) { - expiredVars.push_back(i.first); - } else if (i.second.hasValue() == false) { - // No-op. A non-expired expiry exists for the key but there is no actual value - } else { - l->insert(l->begin(), new VariableValue(&m_name, &i.first, - &i.second.getValue())); - } - } - } else { - auto range = this->equal_range(var); - for (auto it = range.first; it != range.second; ++it) { - if (ke.toOmit(var)) { - continue; + } else { + const auto range = m_map.equal_range(var); + for (auto it = range.first; it != range.second; ++it) { + if (ke.toOmit(var)) { + continue; + } + if (it->second.isExpired()) { + expiredVars.push_back(it->first); + } else if (it->second.hasValue() == false) { + // No-op. A non-expired expiry exists for the key but there is no actual value + } else { + l->insert(l->begin(), new VariableValue(&m_name, &var, + &it->second.getValue())); + } } - if (it->second.isExpired()) { - expiredVars.push_back(it->first); - } else if (it->second.hasValue() == false) { - // No-op. A non-expired expiry exists for the key but there is no actual value - } else { - l->insert(l->begin(), new VariableValue(&m_name, &var, - &it->second.getValue())); - } } } + for (const auto& expiredVar : expiredVars) { delIfExpired(expiredVar); } @@ -176,47 +194,30 @@ void InMemoryPerProcess::resolveMultiMatches(const std::string& var, void InMemoryPerProcess::resolveRegularExpression(const std::string& var, std::vector *l, variables::KeyExclusions &ke) { - - //if (var.find(":") == std::string::npos) { - // return; - //} - //if (var.size() < var.find(":") + 3) { - // return; - //} - //std::string col = std::string(var, 0, var.find(":")); - //std::string name = std::string(var, var.find(":") + 2, - // var.size() - var.find(":") - 3); - //size_t keySize = col.size(); Utils::Regex r(var, true); std::list expiredVars; - for (const auto& x : *this) { - //if (x.first.size() <= keySize + 1) { - // continue; - //} - //if (x.first.at(keySize) != ':') { - // continue; - //} - //if (std::string(x.first, 0, keySize) != col) { - // continue; - //} - //std::string content = std::string(x.first, keySize + 1, - // x.first.size() - keySize - 1); - int ret = Utils::regex_search(x.first, r); - if (ret <= 0) { - continue; - } - if (ke.toOmit(x.first)) { - continue; + { + const std::shared_lock lock(m_mutex); // read lock (shared access) + + for (const auto& x : m_map) { + const auto ret = Utils::regex_search(x.first, r); + if (ret <= 0) { + continue; + } + if (ke.toOmit(x.first)) { + continue; + } + if (x.second.isExpired()) { + expiredVars.push_back(x.first); + } else if (x.second.hasValue() == false) { + // No-op. A non-expired expiry exists for the key but there is no actual value + } else { + l->insert(l->begin(), new VariableValue(&m_name, &x.first, &x.second.getValue())); + } } - if (x.second.isExpired()) { - expiredVars.push_back(x.first); - } else if (x.second.hasValue() == false) { - // No-op. A non-expired expiry exists for the key but there is no actual value - } else { - l->insert(l->begin(), new VariableValue(&m_name, &x.first, &x.second.getValue())); - } } + for (const auto& expiredVar : expiredVars) { delIfExpired(expiredVar); } @@ -225,18 +226,29 @@ void InMemoryPerProcess::resolveRegularExpression(const std::string& var, std::unique_ptr InMemoryPerProcess::resolveFirst( const std::string& var) { - auto range = equal_range(var); - for (auto it = range.first; it != range.second; ++it) { - if (it->second.isExpired()) { - delIfExpired(it->second.getValue()); - } else if (it->second.hasValue() == false) { - // No-op. A non-expired expiry exists for the key but there is no actual value - } else { - return std::unique_ptr(new std::string(it->second.getValue())); - } + std::unique_ptr ret; + std::list expiredVars; + + { + const std::shared_lock lock(m_mutex); // read lock (shared access) + + const auto range = m_map.equal_range(var); + for (auto it = range.first; it != range.second; ++it) { + if (it->second.isExpired()) { + expiredVars.push_back(it->first); + } else if (it->second.hasValue() == false) { + // No-op. A non-expired expiry exists for the key but there is no actual value + } else { + ret = std::make_unique(it->second.getValue()); + } + } + } + + for (const auto& expiredVar : expiredVars) { + delIfExpired(expiredVar); } - return NULL; + return ret; } diff --git a/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.h b/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.h index 43b8de24dc..2e283d2582 100644 --- a/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.h +++ b/src/deps/src/modsecurity/src/collection/backend/in_memory-per_process.h @@ -23,6 +23,7 @@ #include #include #include +#include #endif @@ -70,13 +71,11 @@ struct MyHash{ }; class InMemoryPerProcess : - public std::unordered_multimap*/MyHash, MyEqual>, public Collection { public: explicit InMemoryPerProcess(const std::string &name); ~InMemoryPerProcess(); - void store(std::string key, std::string value); + void store(const std::string &key, const std::string &value); bool storeOrUpdateFirst(const std::string &key, const std::string &value) override; @@ -102,21 +101,23 @@ class InMemoryPerProcess : variables::KeyExclusions &ke) override; /* store */ - virtual void store(std::string key, std::string compartment, + virtual void store(const std::string &key, std::string &compartment, std::string value) { - std::string nkey = compartment + "::" + key; + const auto nkey = compartment + "::" + key; store(nkey, value); } - virtual void store(std::string key, std::string compartment, + virtual void store(const std::string &key, const std::string &compartment, std::string compartment2, std::string value) { - std::string nkey = compartment + "::" + compartment2 + "::" + key; + const auto nkey = compartment + "::" + compartment2 + "::" + key; store(nkey, value); } private: - pthread_mutex_t m_lock; + std::unordered_multimap*/MyHash, MyEqual> m_map; + std::shared_mutex m_mutex; }; } // namespace backend diff --git a/src/deps/src/modsecurity/src/collection/backend/lmdb.cc b/src/deps/src/modsecurity/src/collection/backend/lmdb.cc index 9197fda83c..4a77f5fb81 100644 --- a/src/deps/src/modsecurity/src/collection/backend/lmdb.cc +++ b/src/deps/src/modsecurity/src/collection/backend/lmdb.cc @@ -18,13 +18,15 @@ #include "src/collection/backend/collection_data.h" #include +#ifndef WIN32 #include +#else +#include +#endif #include #include -#include - #include "modsecurity/variable_value.h" #include "src/utils/regex.h" #include "src/variables/variable.h" @@ -659,7 +661,7 @@ MDB_dbi* MDBEnvProvider::GetDBI() { return &m_dbi; } -bool MDBEnvProvider::isValid() { +bool MDBEnvProvider::isValid() const { return valid; } diff --git a/src/deps/src/modsecurity/src/collection/backend/lmdb.h b/src/deps/src/modsecurity/src/collection/backend/lmdb.h index fb88b00382..49633e37b9 100644 --- a/src/deps/src/modsecurity/src/collection/backend/lmdb.h +++ b/src/deps/src/modsecurity/src/collection/backend/lmdb.h @@ -27,12 +27,10 @@ #ifdef WITH_LMDB #include -#include #endif // WITH_LMDB #include #include #include -#include #include "modsecurity/variable_value.h" #include "modsecurity/collection/collection.h" @@ -83,7 +81,7 @@ class MDBEnvProvider { } MDB_env* GetEnv(); MDB_dbi* GetDBI(); - bool isValid(); + bool isValid() const; ~MDBEnvProvider(); private: diff --git a/src/deps/src/modsecurity/src/compat/msvc.h b/src/deps/src/modsecurity/src/compat/msvc.h new file mode 100644 index 0000000000..ce9a14c0a4 --- /dev/null +++ b/src/deps/src/modsecurity/src/compat/msvc.h @@ -0,0 +1,22 @@ +#ifndef __COMPAT_MSVC +#define __COMPAT_MSVC + +#include + +#if !defined(S_ISREG) && defined(S_IFMT) && defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#endif + +#define strcasecmp _stricmp +#define strncasecmp _strnicmp +#define strtok_r strtok_s +#define popen _popen +#define pclose _pclose + +inline tm* localtime_r(const time_t* tin, tm* tout) { + if (!localtime_s(tout, tin)) return tout; + + return nullptr; +} + +#endif diff --git a/src/deps/src/modsecurity/src/debug_log/debug_log.cc b/src/deps/src/modsecurity/src/debug_log/debug_log.cc index 54d86bda0c..e883177ca4 100644 --- a/src/deps/src/modsecurity/src/debug_log/debug_log.cc +++ b/src/deps/src/modsecurity/src/debug_log/debug_log.cc @@ -15,10 +15,6 @@ #include "modsecurity/debug_log.h" -#include - -#include - #include "src/debug_log/debug_log_writer.h" #include "src/debug_log_writer_agent.h" diff --git a/src/deps/src/modsecurity/src/debug_log/debug_log_writer.cc b/src/deps/src/modsecurity/src/debug_log/debug_log_writer.cc index 86facfed3b..b7bb1ff265 100644 --- a/src/deps/src/modsecurity/src/debug_log/debug_log_writer.cc +++ b/src/deps/src/modsecurity/src/debug_log/debug_log_writer.cc @@ -15,18 +15,6 @@ #include "src/debug_log/debug_log_writer.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - #include "src/utils/shared_files.h" namespace modsecurity { diff --git a/src/deps/src/modsecurity/src/debug_log/debug_log_writer.h b/src/deps/src/modsecurity/src/debug_log/debug_log_writer.h index 1f4f43df53..46b641d686 100644 --- a/src/deps/src/modsecurity/src/debug_log/debug_log_writer.h +++ b/src/deps/src/modsecurity/src/debug_log/debug_log_writer.h @@ -13,15 +13,7 @@ * */ -#include -#include -#include -#include - -#include -#include #include -#include #ifndef SRC_DEBUG_LOG_DEBUG_LOG_WRITER_H_ @@ -45,18 +37,16 @@ class DebugLogWriter { static int open(const std::string& m_fileName, std::string *error); private: - DebugLogWriter() : m_first(NULL) { } - ~DebugLogWriter() { } + DebugLogWriter() = default; + ~DebugLogWriter() = default; // C++ 03 // ======== // Dont forget to declare these two. You want to make sure they // are unacceptable otherwise you may accidentally get copies of // your singleton appearing. - DebugLogWriter(DebugLogWriter const&); - void operator=(DebugLogWriter const&); - - struct debug_log_file_handler *m_first; + DebugLogWriter(DebugLogWriter const&) = delete; + void operator=(DebugLogWriter const&) = delete; }; diff --git a/src/deps/src/modsecurity/src/engine/lua.cc b/src/deps/src/modsecurity/src/engine/lua.cc index 0fac4f6477..1bed904442 100644 --- a/src/deps/src/modsecurity/src/engine/lua.cc +++ b/src/deps/src/modsecurity/src/engine/lua.cc @@ -185,7 +185,7 @@ int Lua::run(Transaction *t, const std::string &str) { lua_getglobal(L, "main"); - ms_dbg_a(t, 1, str); + ms_dbg_a(t, 9, str); /* Put the parameter on the stack. */ if (!str.empty() ) { @@ -267,7 +267,7 @@ int Lua::getvar(lua_State *L) { t = reinterpret_cast(z); std::string var = variables::Variable::stringMatchResolve(t, varname); - var = applyTransformations(L, t, 2, var); + applyTransformations(L, t, 2, var); if (var.size() == 0) { lua_pushnil(L); @@ -407,12 +407,10 @@ int Lua::setvar(lua_State *L) { } -std::string Lua::applyTransformations(lua_State *L, Transaction *t, - int idx, std::string var) { - std::string newVar = var; - +void Lua::applyTransformations(lua_State *L, const Transaction *t, + int idx, std::string &var) { if (lua_isuserdata(L, idx) || lua_isnoneornil(L, idx)) { - return var; + return; } if (lua_istable(L, idx)) { @@ -429,16 +427,15 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t, /* A "none" means start over */ if (strcmp("none", name) == 0) { - newVar = var; continue; } - actions::transformations::Transformation *tfn = \ + auto tfn = \ actions::transformations::Transformation::instantiate( "t:" + std::string(name)); // FIXME: transformation is not yet returning null. if (tfn) { - newVar = tfn->evaluate(newVar, t); + tfn->transform(var, t); } else { ms_dbg_a(t, 1, "SecRuleScript: Invalid transformation function: " \ @@ -447,32 +444,31 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t, delete tfn; } - return newVar; + return; } if (lua_isstring(L, idx)) { const char *name(NULL); name = reinterpret_cast(luaL_checkstring(L, idx)); - actions::transformations::Transformation *tfn = \ + auto tfn = \ actions::transformations::Transformation::instantiate( "t:" + std::string(name)); // FIXME: transformation is not yet returning null. if (tfn) { - newVar = tfn->evaluate(newVar, t); + tfn->transform(var, t); delete tfn; } else { ms_dbg_a(t, 1, "SecRuleScript: Invalid transformation function: " \ + std::string(name)); } - return newVar; + return; } ms_dbg_a(t, 8, "SecRuleScript: Transformation parameter must be a " \ "transformation name or array of transformation names, but found " \ "" + std::string(lua_typename(L, idx)) + " (type " \ + std::to_string(lua_type(L, idx)) + ")"); - return newVar; } #endif diff --git a/src/deps/src/modsecurity/src/engine/lua.h b/src/deps/src/modsecurity/src/engine/lua.h index 9a678fd740..452c7f4989 100644 --- a/src/deps/src/modsecurity/src/engine/lua.h +++ b/src/deps/src/modsecurity/src/engine/lua.h @@ -67,8 +67,8 @@ class Lua { public: Lua() { } - bool load(const std::string &script, std::string *err); - int run(Transaction *t, const std::string &str=""); + bool load(const std::string &script, std::string *err); // cppcheck-suppress functionStatic ; triggered when compiling without LUA + int run(Transaction *t, const std::string &str = ""); // cppcheck-suppress functionStatic ; triggered when compiling without LUA static bool isCompatible(const std::string &script, Lua *l, std::string *error); #ifdef WITH_LUA @@ -79,8 +79,8 @@ class Lua { static int getvar(lua_State *L); static int getvars(lua_State *L); static int setvar(lua_State *L); - static std::string applyTransformations(lua_State *L, Transaction *t, - int idx, std::string var); + static void applyTransformations(lua_State *L, const Transaction *t, + int idx, std::string &var); LuaScriptBlob m_blob; #endif diff --git a/src/deps/src/modsecurity/src/modsecurity.cc b/src/deps/src/modsecurity/src/modsecurity.cc index 854ec31ea9..93caa95242 100644 --- a/src/deps/src/modsecurity/src/modsecurity.cc +++ b/src/deps/src/modsecurity/src/modsecurity.cc @@ -202,7 +202,7 @@ void ModSecurity::serverLog(void *data, std::shared_ptr rm) { } if (m_logProperties & TextLogProperty) { - std::string &&d = rm->log(); + auto d = rm->log(); const void *a = static_cast(d.c_str()); m_logCb(data, a); return; @@ -210,10 +210,6 @@ void ModSecurity::serverLog(void *data, std::shared_ptr rm) { if (m_logProperties & RuleMessageLogProperty) { const void *a = static_cast(rm.get()); - if (m_logProperties & IncludeFullHighlightLogProperty) { - m_logCb(data, a); - return; - } m_logCb(data, a); return; } @@ -258,14 +254,11 @@ int ModSecurity::processContentOffset(const char *content, size_t len, strlen("highlight")); yajl_gen_array_open(g); - while (vars.size() > 3) { - std::string value; + for(auto [it, pending] = std::tuple{vars.rbegin(), vars.size()}; pending > 3; pending -= 3) { yajl_gen_map_open(g); - vars.pop_back(); - const std::string &startingAt = vars.back().str(); - vars.pop_back(); - const std::string &size = vars.back().str(); - vars.pop_back(); + it++; + const std::string &startingAt = it->str(); it++; + const std::string &size = it->str(); it++; yajl_gen_string(g, reinterpret_cast("startingAt"), strlen("startingAt")); @@ -284,7 +277,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len, return -1; } - value = std::string(content, stoi(startingAt), stoi(size)); + const auto value = std::string(content, stoi(startingAt), stoi(size)); if (varValue.size() > 0) { varValue.append(" " + value); } else { @@ -307,7 +300,6 @@ int ModSecurity::processContentOffset(const char *content, size_t len, while (!trans.empty()) { modsecurity::actions::transformations::Transformation *t; - std::string varValueRes; yajl_gen_map_open(g); yajl_gen_string(g, reinterpret_cast("transformation"), @@ -319,8 +311,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len, t = modsecurity::actions::transformations::Transformation::instantiate( trans.back().str().c_str()); - varValueRes = t->evaluate(varValue, NULL); - varValue.assign(varValueRes); + t->transform(varValue, nullptr); trans.pop_back(); yajl_gen_string(g, reinterpret_cast("value"), @@ -340,16 +331,13 @@ int ModSecurity::processContentOffset(const char *content, size_t len, yajl_gen_map_open(g); - while (ops.size() > 3) { - std::string value; + for(auto [it, pending] = std::tuple{ops.rbegin(), ops.size()}; pending > 3; pending -= 3) { yajl_gen_string(g, reinterpret_cast("highlight"), strlen("highlight")); yajl_gen_map_open(g); - ops.pop_back(); - std::string startingAt = ops.back().str(); - ops.pop_back(); - std::string size = ops.back().str(); - ops.pop_back(); + it++; + const std::string &startingAt = it->str(); it++; + const std::string &size = ops.back().str(); it++; yajl_gen_string(g, reinterpret_cast("startingAt"), strlen("startingAt")); @@ -371,7 +359,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len, reinterpret_cast("value"), strlen("value")); - value = std::string(varValue, stoi(startingAt), stoi(size)); + const auto value = std::string(varValue, stoi(startingAt), stoi(size)); yajl_gen_string(g, reinterpret_cast(value.c_str()), diff --git a/src/deps/src/modsecurity/src/operators/detect_sqli.cc b/src/deps/src/modsecurity/src/operators/detect_sqli.cc index 793d564406..2c734d85eb 100644 --- a/src/deps/src/modsecurity/src/operators/detect_sqli.cc +++ b/src/deps/src/modsecurity/src/operators/detect_sqli.cc @@ -19,7 +19,7 @@ #include #include "src/operators/operator.h" -#include "others/libinjection/src/libinjection.h" +#include "libinjection/src/libinjection.h" namespace modsecurity { namespace operators { diff --git a/src/deps/src/modsecurity/src/operators/detect_xss.cc b/src/deps/src/modsecurity/src/operators/detect_xss.cc index 6c89ef7203..cf4b7861de 100644 --- a/src/deps/src/modsecurity/src/operators/detect_xss.cc +++ b/src/deps/src/modsecurity/src/operators/detect_xss.cc @@ -18,7 +18,7 @@ #include #include "src/operators/operator.h" -#include "others/libinjection/src/libinjection.h" +#include "libinjection/src/libinjection.h" namespace modsecurity { diff --git a/src/deps/src/modsecurity/src/operators/geo_lookup.h b/src/deps/src/modsecurity/src/operators/geo_lookup.h index e019378259..187a2f317e 100644 --- a/src/deps/src/modsecurity/src/operators/geo_lookup.h +++ b/src/deps/src/modsecurity/src/operators/geo_lookup.h @@ -32,6 +32,7 @@ class GeoLookup : public Operator { bool evaluate(Transaction *transaction, const std::string &exp) override; protected: + // cppcheck-suppress functionStatic bool debug(Transaction *transaction, int x, const std::string &a) { ms_dbg_a(transaction, x, a); return true; diff --git a/src/deps/src/modsecurity/src/operators/inspect_file.cc b/src/deps/src/modsecurity/src/operators/inspect_file.cc index 9ce43af0d8..72052a32da 100644 --- a/src/deps/src/modsecurity/src/operators/inspect_file.cc +++ b/src/deps/src/modsecurity/src/operators/inspect_file.cc @@ -23,6 +23,10 @@ #include "src/operators/operator.h" #include "src/utils/system.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace operators { diff --git a/src/deps/src/modsecurity/src/operators/pm.cc b/src/deps/src/modsecurity/src/operators/pm.cc index ebf31c4077..ccd809e125 100644 --- a/src/deps/src/modsecurity/src/operators/pm.cc +++ b/src/deps/src/modsecurity/src/operators/pm.cc @@ -15,20 +15,81 @@ #include "src/operators/pm.h" -#include - -#include #include #include #include -#include -#include -#include -#include "src/operators/operator.h" #include "src/utils/acmp.h" #include "src/utils/string.h" +using namespace modsecurity::utils::string; + +static inline std::string parse_pm_content(const std::string &op_parm) { + auto offset = op_parm.find_first_not_of(" \t"); + if (offset == std::string::npos) { + return op_parm; + } + + auto size = op_parm.size() - offset; + if (size >= 2 && + op_parm.at(offset) == '\"' && op_parm.back() == '\"') { + offset++; + size -= 2; + } + + if (size == 0) { + return op_parm; + } + + std::string parsed_parm(op_parm.c_str() + offset, size); + + unsigned char bin_offset = 0; + unsigned char bin_parm[3] = { 0 }; + bool bin = false, esc = false; + + char *d = parsed_parm.data(); + for(const char *s = d, *e = d + size; s != e; ++s) { + if (*s == '|') { + bin = !bin; + } else if(!esc && *s == '\\') { + esc = true; + } else { + if (bin) { + if (VALID_HEX(*s)) { + bin_parm[bin_offset] = (char)*s; + bin_offset++; + if (bin_offset == 2) { + unsigned char c = strtol((char *)bin_parm, (char **) nullptr, 16) & 0xFF; + bin_offset = 0; + *d++ = c; + } + } else { + // Invalid hex character + return op_parm; + } + } else if (esc) { + if (*s == ':' || + *s == ';' || + *s == '\\' || + *s == '\"') + { + *d++ = *s; + } else { + // Unsupported escape sequence + return op_parm; + } + esc = false; + } else { + *d++ = *s; + } + } + } + + parsed_parm.resize(d - parsed_parm.c_str()); + return parsed_parm; +} + + namespace modsecurity { namespace operators { @@ -39,9 +100,6 @@ Pm::~Pm() { free(m_p); m_p = NULL; -#ifdef MODSEC_MUTEX_ON_PM - pthread_mutex_destroy(&m_lock); -#endif } @@ -88,13 +146,7 @@ bool Pm::evaluate(Transaction *transaction, RuleWithActions *rule, pt.parser = m_p; pt.ptr = NULL; const char *match = NULL; -#ifdef MODSEC_MUTEX_ON_PM - pthread_mutex_lock(&m_lock); -#endif rc = acmp_process_quick(&pt, &match, input.c_str(), input.length()); -#ifdef MODSEC_MUTEX_ON_PM - pthread_mutex_unlock(&m_lock); -#endif if (rc >= 0 && transaction) { std::string match_(match?match:""); @@ -114,39 +166,19 @@ bool Pm::evaluate(Transaction *transaction, RuleWithActions *rule, bool Pm::init(const std::string &file, std::string *error) { - std::vector vec; - std::istringstream *iss; - const char *err = NULL; - -#ifdef MODSEC_MUTEX_ON_PM - pthread_mutex_init(&m_lock, NULL); -#endif - char *content = parse_pm_content(m_param.c_str(), m_param.length(), &err); - if (content == NULL) { - iss = new std::istringstream(m_param); - } else { - iss = new std::istringstream(content); - } + const auto op_parm = parse_pm_content(m_param); - std::copy(std::istream_iterator(*iss), + std::istringstream iss{op_parm}; + std::for_each(std::istream_iterator(iss), std::istream_iterator(), - back_inserter(vec)); - - for (auto &a : vec) { - acmp_add_pattern(m_p, a.c_str(), NULL, NULL, a.length()); - } + [this](const auto &a) { + acmp_add_pattern(m_p, a.c_str(), NULL, NULL, a.length()); + }); while (m_p->is_failtree_done == 0) { acmp_prepare(m_p); } - if (content) { - free(content); - content = NULL; - } - - delete iss; - return true; } diff --git a/src/deps/src/modsecurity/src/operators/pm.h b/src/deps/src/modsecurity/src/operators/pm.h index b090ec5dc5..72d3a54611 100644 --- a/src/deps/src/modsecurity/src/operators/pm.h +++ b/src/deps/src/modsecurity/src/operators/pm.h @@ -17,9 +17,9 @@ #define SRC_OPERATORS_PM_H_ #include -#include #include #include +#include #include "src/operators/operator.h" #include "src/utils/acmp.h" @@ -52,12 +52,6 @@ class Pm : public Operator { protected: ACMP *m_p; - -#ifdef MODSEC_MUTEX_ON_PM - - private: - pthread_mutex_t m_lock; -#endif }; diff --git a/src/deps/src/modsecurity/src/operators/pm_f.cc b/src/deps/src/modsecurity/src/operators/pm_f.cc deleted file mode 100644 index bc83a33b4d..0000000000 --- a/src/deps/src/modsecurity/src/operators/pm_f.cc +++ /dev/null @@ -1,27 +0,0 @@ -/* - * ModSecurity, http://www.modsecurity.org/ - * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/) - * - * You may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Trustwave Holdings, Inc. - * directly using the email address security@modsecurity.org. - * - */ - -#include "src/operators/pm_f.h" - -#include - -#include "src/operators/pm_from_file.h" - -namespace modsecurity { -namespace operators { - - -} // namespace operators -} // namespace modsecurity diff --git a/src/deps/src/modsecurity/src/operators/rbl.cc b/src/deps/src/modsecurity/src/operators/rbl.cc index ffdb17a288..f1561e7f08 100644 --- a/src/deps/src/modsecurity/src/operators/rbl.cc +++ b/src/deps/src/modsecurity/src/operators/rbl.cc @@ -16,10 +16,15 @@ #include "src/operators/rbl.h" #include +#ifndef WIN32 #include #include #include #include +#else +#include +#include +#endif #include diff --git a/src/deps/src/modsecurity/src/operators/rbl.h b/src/deps/src/modsecurity/src/operators/rbl.h index f002d532c5..30fcaa3e37 100644 --- a/src/deps/src/modsecurity/src/operators/rbl.h +++ b/src/deps/src/modsecurity/src/operators/rbl.h @@ -17,10 +17,14 @@ #define SRC_OPERATORS_RBL_H_ #include +#ifndef WIN32 #include #include #include #include +#else +#include +#endif #include #include @@ -66,14 +70,15 @@ class Rbl : public Operator { m_demandsPassword(false), m_provider(RblProvider::UnknownProvider), Operator("Rbl", std::move(param)) { - m_service = m_string->evaluate(); - if (m_service.find("httpbl.org") != std::string::npos) { - m_demandsPassword = true; - m_provider = RblProvider::httpbl; + m_service = m_string->evaluate(); // cppcheck-suppress useInitializationList + if (m_service.find("httpbl.org") != std::string::npos) + { + m_demandsPassword = true; + m_provider = RblProvider::httpbl; } else if (m_service.find("uribl.com") != std::string::npos) { - m_provider = RblProvider::httpbl; + m_provider = RblProvider::uribl; } else if (m_service.find("spamhaus.org") != std::string::npos) { - m_provider = RblProvider::httpbl; + m_provider = RblProvider::spamhaus; } } bool evaluate(Transaction *transaction, RuleWithActions *rule, diff --git a/src/deps/src/modsecurity/src/operators/validate_url_encoding.cc b/src/deps/src/modsecurity/src/operators/validate_url_encoding.cc index 20a86eb625..502aa3d49e 100644 --- a/src/deps/src/modsecurity/src/operators/validate_url_encoding.cc +++ b/src/deps/src/modsecurity/src/operators/validate_url_encoding.cc @@ -74,7 +74,7 @@ bool ValidateUrlEncoding::evaluate(Transaction *transaction, RuleWithActions *ru bool res = false; if (input.empty() == true) { - return res; + return res; // cppcheck-suppress knownConditionTrueFalse } int rc = validate_url_encoding(input.c_str(), input.size(), &offset); diff --git a/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.cc b/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.cc index e95061af3c..cd2f064c8c 100644 --- a/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.cc +++ b/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.cc @@ -19,6 +19,14 @@ #include "src/operators/operator.h" + +constexpr int UNICODE_ERROR_CHARACTERS_MISSING = -1; +constexpr int UNICODE_ERROR_INVALID_ENCODING = -2; +constexpr int UNICODE_ERROR_OVERLONG_CHARACTER = -3; +constexpr int UNICODE_ERROR_RESTRICTED_CHARACTER = -4; +constexpr int UNICODE_ERROR_DECODING_ERROR = -5; + + namespace modsecurity { namespace operators { @@ -132,7 +140,6 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *r std::to_string(i) + "\"]"); } return true; - break; case UNICODE_ERROR_INVALID_ENCODING : if (transaction) { ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: " @@ -142,7 +149,6 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *r logOffset(ruleMessage, i, str.size()); } return true; - break; case UNICODE_ERROR_OVERLONG_CHARACTER : if (transaction) { ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: " @@ -152,7 +158,6 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *r logOffset(ruleMessage, i, str.size()); } return true; - break; case UNICODE_ERROR_RESTRICTED_CHARACTER : if (transaction) { ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: " @@ -162,7 +167,6 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *r logOffset(ruleMessage, i, str.size()); } return true; - break; case UNICODE_ERROR_DECODING_ERROR : if (transaction) { ms_dbg_a(transaction, 8, "Error validating UTF-8 decoding " @@ -171,7 +175,6 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *r logOffset(ruleMessage, i, str.size()); } return true; - break; } if (rc <= 0) { diff --git a/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.h b/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.h index e59eef5897..2bd75dc8e7 100644 --- a/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.h +++ b/src/deps/src/modsecurity/src/operators/validate_utf8_encoding.h @@ -22,13 +22,6 @@ #include "src/operators/operator.h" -#define UNICODE_ERROR_CHARACTERS_MISSING -1 -#define UNICODE_ERROR_INVALID_ENCODING -2 -#define UNICODE_ERROR_OVERLONG_CHARACTER -3 -#define UNICODE_ERROR_RESTRICTED_CHARACTER -4 -#define UNICODE_ERROR_DECODING_ERROR -5 - - namespace modsecurity { namespace operators { diff --git a/src/deps/src/modsecurity/src/operators/verify_cc.cc b/src/deps/src/modsecurity/src/operators/verify_cc.cc index ee39902d81..8a36bb7e7d 100644 --- a/src/deps/src/modsecurity/src/operators/verify_cc.cc +++ b/src/deps/src/modsecurity/src/operators/verify_cc.cc @@ -59,7 +59,6 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { int sum[2] = { 0, 0 }; int odd = 0; int digits = 0; - int i; /* Weighted lookup table which is just a precalculated (i = index): * i*2 + (( (i*2) > 9 ) ? -9 : 0) @@ -71,7 +70,7 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { /* Add up only digits (weighted digits via lookup table) * for both odd and even CC numbers to avoid 2 passes. */ - for (i = 0; i < len; i++) { + for (int i = 0;i < len;i++) { if (ccnumber[i] >= (0 + 48) && ccnumber[i] <= (9 + 48)) { sum[0] += (!odd ? wtable[ccnumber[i] - '0'] : (ccnumber[i] - '0')); sum[1] += (odd ? wtable[ccnumber[i] - '0'] : (ccnumber[i] - '0')); diff --git a/src/deps/src/modsecurity/src/operators/verify_cpf.cc b/src/deps/src/modsecurity/src/operators/verify_cpf.cc index 778584db62..1dcf18444f 100644 --- a/src/deps/src/modsecurity/src/operators/verify_cpf.cc +++ b/src/deps/src/modsecurity/src/operators/verify_cpf.cc @@ -74,7 +74,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) { c = cpf_len; for (i = 0; i < 9; i++) { - sum += (cpf[i] * --c); + sum += (cpf[i] * --c); // cppcheck-suppress uninitvar } factor = (sum % cpf_len); diff --git a/src/deps/src/modsecurity/src/operators/verify_svnr.cc b/src/deps/src/modsecurity/src/operators/verify_svnr.cc index 248e6b4ec1..87834dd4d3 100644 --- a/src/deps/src/modsecurity/src/operators/verify_svnr.cc +++ b/src/deps/src/modsecurity/src/operators/verify_svnr.cc @@ -64,7 +64,7 @@ bool VerifySVNR::verify(const char *svnrnumber, int len) { } //Laufnummer mit 3, 7, 9 //Geburtsdatum mit 5, 8, 4, 2, 1, 6 - sum = svnr[0] * 3 + svnr[1] * 7 + svnr[2] * 9 + svnr[4] * 5 + svnr[5] * 8 + svnr[6] * 4 + svnr[7] * 2 + svnr[8] * 1 + svnr[9] * 6; + sum = svnr[0] * 3 + svnr[1] * 7 + svnr[2] * 9 + svnr[4] * 5 + svnr[5] * 8 + svnr[6] * 4 + svnr[7] * 2 + svnr[8] * 1 + svnr[9] * 6; // cppcheck-suppress uninitvar sum %= 11; if(sum == 10){ sum = 0; @@ -84,7 +84,7 @@ bool VerifySVNR::evaluate(Transaction *t, RuleWithActions *rule, int i; if (m_param.empty()) { - return is_svnr; + return is_svnr; // cppcheck-suppress knownConditionTrueFalse } for (i = 0; i < input.size() - 1 && is_svnr == false; i++) { diff --git a/src/deps/src/modsecurity/src/parser/Makefile.am b/src/deps/src/modsecurity/src/parser/Makefile.am index c5605d677a..cded626179 100644 --- a/src/deps/src/modsecurity/src/parser/Makefile.am +++ b/src/deps/src/modsecurity/src/parser/Makefile.am @@ -11,11 +11,9 @@ libmodsec_parser_la_SOURCES = \ test.cc libmodsec_parser_la_CPPFLAGS = \ - -std=c++11 \ -I../.. \ -I../../headers \ -I../../others \ - -std=c++11 \ -I.. \ -g \ -fPIC \ diff --git a/src/deps/src/modsecurity/src/parser/seclang-parser.cc b/src/deps/src/modsecurity/src/parser/seclang-parser.cc index 9e18db4d21..fbce57040d 100644 --- a/src/deps/src/modsecurity/src/parser/seclang-parser.cc +++ b/src/deps/src/modsecurity/src/parser/seclang-parser.cc @@ -2295,8 +2295,9 @@ namespace yy { std::vector *a = new std::vector(); std::vector *t = new std::vector(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { - if (dynamic_cast(i.get())) { - t->push_back(dynamic_cast(i.release())); + if (auto pt = dynamic_cast(i.get())) { + t->push_back(pt); + i.release(); } else { a->push_back(i.release()); } @@ -2320,11 +2321,11 @@ namespace yy { YYERROR; } } -#line 2324 "seclang-parser.cc" +#line 2325 "seclang-parser.cc" break; case 76: // expression: "DIRECTIVE" variables op -#line 1115 "seclang-parser.yy" +#line 1116 "seclang-parser.yy" { variables::Variables *v = new variables::Variables(); for (auto &i : *yystack_[1].value.as < std::unique_ptr > > > ().get()) { @@ -2343,17 +2344,18 @@ namespace yy { YYERROR; } } -#line 2347 "seclang-parser.cc" +#line 2348 "seclang-parser.cc" break; case 77: // expression: "CONFIG_DIR_SEC_ACTION" actions -#line 1134 "seclang-parser.yy" +#line 1135 "seclang-parser.yy" { std::vector *a = new std::vector(); std::vector *t = new std::vector(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { - if (dynamic_cast(i.get())) { - t->push_back(dynamic_cast(i.release())); + if (auto pt = dynamic_cast(i.get())) { + t->push_back(pt); + i.release(); } else { a->push_back(i.release()); } @@ -2366,18 +2368,19 @@ namespace yy { )); driver.addSecAction(std::move(rule)); } -#line 2370 "seclang-parser.cc" +#line 2372 "seclang-parser.cc" break; case 78: // expression: "DIRECTIVE_SECRULESCRIPT" actions -#line 1153 "seclang-parser.yy" +#line 1155 "seclang-parser.yy" { std::string err; std::vector *a = new std::vector(); std::vector *t = new std::vector(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { - if (dynamic_cast(i.get())) { - t->push_back(dynamic_cast(i.release())); + if (auto pt = dynamic_cast(i.get())) { + t->push_back(pt); + i.release(); } else { a->push_back(i.release()); } @@ -2398,11 +2401,11 @@ namespace yy { YYERROR; } } -#line 2402 "seclang-parser.cc" +#line 2405 "seclang-parser.cc" break; case 79: // expression: "CONFIG_DIR_SEC_DEFAULT_ACTION" actions -#line 1181 "seclang-parser.yy" +#line 1184 "seclang-parser.yy" { bool hasDisruptive = false; std::vector *actions = new std::vector(); @@ -2421,8 +2424,8 @@ namespace yy { definedPhase = phase->m_phase; secRuleDefinedPhase = phase->m_secRulesPhase; delete phase; - } else if (a->action_kind == actions::Action::RunTimeOnlyIfMatchKind || - a->action_kind == actions::Action::RunTimeBeforeMatchAttemptKind) { + } else if (a->action_kind == actions::Action::Kind::RunTimeOnlyIfMatchKind || + a->action_kind == actions::Action::Kind::RunTimeBeforeMatchAttemptKind) { actions::transformations::None *none = dynamic_cast(a); if (none != NULL) { driver.error(yystack_[2].location, "The transformation none is not suitable to be part of the SecDefaultActions"); @@ -2459,78 +2462,78 @@ namespace yy { delete actions; } -#line 2463 "seclang-parser.cc" +#line 2466 "seclang-parser.cc" break; case 80: // expression: "CONFIG_DIR_SEC_MARKER" -#line 1238 "seclang-parser.yy" +#line 1241 "seclang-parser.yy" { driver.addSecMarker(modsecurity::utils::string::removeBracketsIfNeeded(yystack_[0].value.as < std::string > ()), /* file name */ std::unique_ptr(new std::string(*yystack_[0].location.end.filename)), /* line number */ yystack_[0].location.end.line ); } -#line 2474 "seclang-parser.cc" +#line 2477 "seclang-parser.cc" break; case 81: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_OFF" -#line 1245 "seclang-parser.yy" +#line 1248 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine; } -#line 2482 "seclang-parser.cc" +#line 2485 "seclang-parser.cc" break; case 82: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_ON" -#line 1249 "seclang-parser.yy" +#line 1252 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine; } -#line 2490 "seclang-parser.cc" +#line 2493 "seclang-parser.cc" break; case 83: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_DETC" -#line 1253 "seclang-parser.yy" +#line 1256 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine; } -#line 2498 "seclang-parser.cc" +#line 2501 "seclang-parser.cc" break; case 84: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_ON" -#line 1257 "seclang-parser.yy" +#line 1260 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2506 "seclang-parser.cc" +#line 2509 "seclang-parser.cc" break; case 85: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_OFF" -#line 1261 "seclang-parser.yy" +#line 1264 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2514 "seclang-parser.cc" +#line 2517 "seclang-parser.cc" break; case 86: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_ON" -#line 1265 "seclang-parser.yy" +#line 1268 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2522 "seclang-parser.cc" +#line 2525 "seclang-parser.cc" break; case 87: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_OFF" -#line 1269 "seclang-parser.yy" +#line 1272 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2530 "seclang-parser.cc" +#line 2533 "seclang-parser.cc" break; case 88: // expression: "CONFIG_SEC_ARGUMENT_SEPARATOR" -#line 1273 "seclang-parser.yy" +#line 1276 "seclang-parser.yy" { if (yystack_[0].value.as < std::string > ().length() != 1) { driver.error(yystack_[1].location, "Argument separator should be set to a single character."); @@ -2539,259 +2542,259 @@ namespace yy { driver.m_secArgumentSeparator.m_value = yystack_[0].value.as < std::string > (); driver.m_secArgumentSeparator.m_set = true; } -#line 2543 "seclang-parser.cc" +#line 2546 "seclang-parser.cc" break; case 89: // expression: "CONFIG_COMPONENT_SIG" -#line 1282 "seclang-parser.yy" +#line 1285 "seclang-parser.yy" { driver.m_components.push_back(yystack_[0].value.as < std::string > ()); } -#line 2551 "seclang-parser.cc" +#line 2554 "seclang-parser.cc" break; case 90: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_ON" -#line 1286 "seclang-parser.yy" +#line 1289 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecConnEngine is not yet supported."); YYERROR; } -#line 2560 "seclang-parser.cc" +#line 2563 "seclang-parser.cc" break; case 91: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_OFF" -#line 1291 "seclang-parser.yy" +#line 1294 "seclang-parser.yy" { } -#line 2567 "seclang-parser.cc" +#line 2570 "seclang-parser.cc" break; case 92: // expression: "CONFIG_SEC_WEB_APP_ID" -#line 1294 "seclang-parser.yy" +#line 1297 "seclang-parser.yy" { driver.m_secWebAppId.m_value = yystack_[0].value.as < std::string > (); driver.m_secWebAppId.m_set = true; } -#line 2576 "seclang-parser.cc" +#line 2579 "seclang-parser.cc" break; case 93: // expression: "CONFIG_SEC_SERVER_SIG" -#line 1299 "seclang-parser.yy" +#line 1302 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecServerSignature is not supported."); YYERROR; } -#line 2585 "seclang-parser.cc" +#line 2588 "seclang-parser.cc" break; case 94: // expression: "CONFIG_SEC_CACHE_TRANSFORMATIONS" -#line 1304 "seclang-parser.yy" +#line 1307 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCacheTransformations is not supported."); YYERROR; } -#line 2594 "seclang-parser.cc" +#line 2597 "seclang-parser.cc" break; case 95: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_ON" -#line 1309 "seclang-parser.yy" +#line 1312 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecDisableBackendCompression is not supported."); YYERROR; } -#line 2603 "seclang-parser.cc" +#line 2606 "seclang-parser.cc" break; case 96: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_OFF" -#line 1314 "seclang-parser.yy" +#line 1317 "seclang-parser.yy" { } -#line 2610 "seclang-parser.cc" +#line 2613 "seclang-parser.cc" break; case 97: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_ON" -#line 1317 "seclang-parser.yy" +#line 1320 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecContentInjection is not yet supported."); YYERROR; } -#line 2619 "seclang-parser.cc" +#line 2622 "seclang-parser.cc" break; case 98: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_OFF" -#line 1322 "seclang-parser.yy" +#line 1325 "seclang-parser.yy" { } -#line 2626 "seclang-parser.cc" +#line 2629 "seclang-parser.cc" break; case 99: // expression: "CONFIG_SEC_CHROOT_DIR" -#line 1325 "seclang-parser.yy" +#line 1328 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecChrootDir is not supported."); YYERROR; } -#line 2635 "seclang-parser.cc" +#line 2638 "seclang-parser.cc" break; case 100: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_ON" -#line 1330 "seclang-parser.yy" +#line 1333 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecHashEngine is not yet supported."); YYERROR; } -#line 2644 "seclang-parser.cc" +#line 2647 "seclang-parser.cc" break; case 101: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_OFF" -#line 1335 "seclang-parser.yy" +#line 1338 "seclang-parser.yy" { } -#line 2651 "seclang-parser.cc" +#line 2654 "seclang-parser.cc" break; case 102: // expression: "CONFIG_SEC_HASH_KEY" -#line 1338 "seclang-parser.yy" +#line 1341 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashKey is not yet supported."); YYERROR; } -#line 2660 "seclang-parser.cc" +#line 2663 "seclang-parser.cc" break; case 103: // expression: "CONFIG_SEC_HASH_PARAM" -#line 1343 "seclang-parser.yy" +#line 1346 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashParam is not yet supported."); YYERROR; } -#line 2669 "seclang-parser.cc" +#line 2672 "seclang-parser.cc" break; case 104: // expression: "CONFIG_SEC_HASH_METHOD_RX" -#line 1348 "seclang-parser.yy" +#line 1351 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodRx is not yet supported."); YYERROR; } -#line 2678 "seclang-parser.cc" +#line 2681 "seclang-parser.cc" break; case 105: // expression: "CONFIG_SEC_HASH_METHOD_PM" -#line 1353 "seclang-parser.yy" +#line 1356 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodPm is not yet supported."); YYERROR; } -#line 2687 "seclang-parser.cc" +#line 2690 "seclang-parser.cc" break; case 106: // expression: "CONFIG_DIR_GSB_DB" -#line 1358 "seclang-parser.yy" +#line 1361 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGsbLookupDb is not supported."); YYERROR; } -#line 2696 "seclang-parser.cc" +#line 2699 "seclang-parser.cc" break; case 107: // expression: "CONFIG_SEC_GUARDIAN_LOG" -#line 1363 "seclang-parser.yy" +#line 1366 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGuardianLog is not supported."); YYERROR; } -#line 2705 "seclang-parser.cc" +#line 2708 "seclang-parser.cc" break; case 108: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_ON" -#line 1368 "seclang-parser.yy" +#line 1371 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecInterceptOnError is not yet supported."); YYERROR; } -#line 2714 "seclang-parser.cc" +#line 2717 "seclang-parser.cc" break; case 109: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_OFF" -#line 1373 "seclang-parser.yy" +#line 1376 "seclang-parser.yy" { } -#line 2721 "seclang-parser.cc" +#line 2724 "seclang-parser.cc" break; case 110: // expression: "CONFIG_SEC_CONN_R_STATE_LIMIT" -#line 1376 "seclang-parser.yy" +#line 1379 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnReadStateLimit is not yet supported."); YYERROR; } -#line 2730 "seclang-parser.cc" +#line 2733 "seclang-parser.cc" break; case 111: // expression: "CONFIG_SEC_CONN_W_STATE_LIMIT" -#line 1381 "seclang-parser.yy" +#line 1384 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnWriteStateLimit is not yet supported."); YYERROR; } -#line 2739 "seclang-parser.cc" +#line 2742 "seclang-parser.cc" break; case 112: // expression: "CONFIG_SEC_SENSOR_ID" -#line 1386 "seclang-parser.yy" +#line 1389 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecSensorId is not yet supported."); YYERROR; } -#line 2748 "seclang-parser.cc" +#line 2751 "seclang-parser.cc" break; case 113: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_ON" -#line 1391 "seclang-parser.yy" +#line 1394 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecRuleInheritance is not yet supported."); YYERROR; } -#line 2757 "seclang-parser.cc" +#line 2760 "seclang-parser.cc" break; case 114: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_OFF" -#line 1396 "seclang-parser.yy" +#line 1399 "seclang-parser.yy" { } -#line 2764 "seclang-parser.cc" +#line 2767 "seclang-parser.cc" break; case 115: // expression: "CONFIG_SEC_RULE_PERF_TIME" -#line 1399 "seclang-parser.yy" +#line 1402 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecRulePerfTime is not yet supported."); YYERROR; } -#line 2773 "seclang-parser.cc" +#line 2776 "seclang-parser.cc" break; case 116: // expression: "CONFIG_SEC_STREAM_IN_BODY_INSPECTION" -#line 1404 "seclang-parser.yy" +#line 1407 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamInBodyInspection is not supported."); YYERROR; } -#line 2782 "seclang-parser.cc" +#line 2785 "seclang-parser.cc" break; case 117: // expression: "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION" -#line 1409 "seclang-parser.yy" +#line 1412 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamOutBodyInspection is not supported."); YYERROR; } -#line 2791 "seclang-parser.cc" +#line 2794 "seclang-parser.cc" break; case 118: // expression: "CONFIG_SEC_RULE_REMOVE_BY_ID" -#line 1414 "seclang-parser.yy" +#line 1417 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.load(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2804,11 +2807,11 @@ namespace yy { YYERROR; } } -#line 2808 "seclang-parser.cc" +#line 2811 "seclang-parser.cc" break; case 119: // expression: "CONFIG_SEC_RULE_REMOVE_BY_TAG" -#line 1427 "seclang-parser.yy" +#line 1430 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByTag(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2821,11 +2824,11 @@ namespace yy { YYERROR; } } -#line 2825 "seclang-parser.cc" +#line 2828 "seclang-parser.cc" break; case 120: // expression: "CONFIG_SEC_RULE_REMOVE_BY_MSG" -#line 1440 "seclang-parser.yy" +#line 1443 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByMsg(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2838,11 +2841,11 @@ namespace yy { YYERROR; } } -#line 2842 "seclang-parser.cc" +#line 2845 "seclang-parser.cc" break; case 121: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG" variables_pre_process -#line 1453 "seclang-parser.yy" +#line 1456 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByTag(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2855,11 +2858,11 @@ namespace yy { YYERROR; } } -#line 2859 "seclang-parser.cc" +#line 2862 "seclang-parser.cc" break; case 122: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG" variables_pre_process -#line 1466 "seclang-parser.yy" +#line 1469 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByMsg(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2872,11 +2875,11 @@ namespace yy { YYERROR; } } -#line 2876 "seclang-parser.cc" +#line 2879 "seclang-parser.cc" break; case 123: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID" variables_pre_process -#line 1479 "seclang-parser.yy" +#line 1482 "seclang-parser.yy" { std::string error; double ruleId; @@ -2902,11 +2905,11 @@ namespace yy { YYERROR; } } -#line 2906 "seclang-parser.cc" +#line 2909 "seclang-parser.cc" break; case 124: // expression: "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID" actions -#line 1505 "seclang-parser.yy" +#line 1508 "seclang-parser.yy" { std::string error; double ruleId; @@ -2933,11 +2936,11 @@ namespace yy { YYERROR; } } -#line 2937 "seclang-parser.cc" +#line 2940 "seclang-parser.cc" break; case 125: // expression: "CONFIG_DIR_DEBUG_LVL" -#line 1533 "seclang-parser.yy" +#line 1536 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { driver.m_debugLog->setDebugLogLevel(atoi(yystack_[0].value.as < std::string > ().c_str())); @@ -2949,11 +2952,11 @@ namespace yy { YYERROR; } } -#line 2953 "seclang-parser.cc" +#line 2956 "seclang-parser.cc" break; case 126: // expression: "CONFIG_DIR_DEBUG_LOG" -#line 1545 "seclang-parser.yy" +#line 1548 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { std::string error; @@ -2972,11 +2975,11 @@ namespace yy { YYERROR; } } -#line 2976 "seclang-parser.cc" +#line 2979 "seclang-parser.cc" break; case 127: // expression: "CONFIG_DIR_GEO_DB" -#line 1565 "seclang-parser.yy" +#line 1568 "seclang-parser.yy" { #if defined(WITH_GEOIP) or defined(WITH_MAXMIND) std::string err; @@ -3003,47 +3006,47 @@ namespace yy { YYERROR; #endif // WITH_GEOIP } -#line 3007 "seclang-parser.cc" +#line 3010 "seclang-parser.cc" break; case 128: // expression: "CONFIG_DIR_ARGS_LIMIT" -#line 1592 "seclang-parser.yy" +#line 1595 "seclang-parser.yy" { driver.m_argumentsLimit.m_set = true; driver.m_argumentsLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3016 "seclang-parser.cc" +#line 3019 "seclang-parser.cc" break; case 129: // expression: "CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT" -#line 1597 "seclang-parser.yy" +#line 1600 "seclang-parser.yy" { driver.m_requestBodyJsonDepthLimit.m_set = true; driver.m_requestBodyJsonDepthLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3025 "seclang-parser.cc" +#line 3028 "seclang-parser.cc" break; case 130: // expression: "CONFIG_DIR_REQ_BODY_LIMIT" -#line 1603 "seclang-parser.yy" +#line 1606 "seclang-parser.yy" { driver.m_requestBodyLimit.m_set = true; driver.m_requestBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3034 "seclang-parser.cc" +#line 3037 "seclang-parser.cc" break; case 131: // expression: "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT" -#line 1608 "seclang-parser.yy" +#line 1611 "seclang-parser.yy" { driver.m_requestBodyNoFilesLimit.m_set = true; driver.m_requestBodyNoFilesLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3043 "seclang-parser.cc" +#line 3046 "seclang-parser.cc" break; case 132: // expression: "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT" -#line 1613 "seclang-parser.yy" +#line 1616 "seclang-parser.yy" { std::stringstream ss; ss << "As of ModSecurity version 3.0, SecRequestBodyInMemoryLimit is no longer "; @@ -3052,77 +3055,77 @@ namespace yy { driver.error(yystack_[1].location, ss.str()); YYERROR; } -#line 3056 "seclang-parser.cc" +#line 3059 "seclang-parser.cc" break; case 133: // expression: "CONFIG_DIR_RES_BODY_LIMIT" -#line 1622 "seclang-parser.yy" +#line 1625 "seclang-parser.yy" { driver.m_responseBodyLimit.m_set = true; driver.m_responseBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3065 "seclang-parser.cc" +#line 3068 "seclang-parser.cc" break; case 134: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1627 "seclang-parser.yy" +#line 1630 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3073 "seclang-parser.cc" +#line 3076 "seclang-parser.cc" break; case 135: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1631 "seclang-parser.yy" +#line 1634 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3081 "seclang-parser.cc" +#line 3084 "seclang-parser.cc" break; case 136: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1635 "seclang-parser.yy" +#line 1638 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3089 "seclang-parser.cc" +#line 3092 "seclang-parser.cc" break; case 137: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1639 "seclang-parser.yy" +#line 1642 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3097 "seclang-parser.cc" +#line 3100 "seclang-parser.cc" break; case 138: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_ABORT" -#line 1643 "seclang-parser.yy" +#line 1646 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; } -#line 3105 "seclang-parser.cc" +#line 3108 "seclang-parser.cc" break; case 139: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_WARN" -#line 1647 "seclang-parser.yy" +#line 1650 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; } -#line 3113 "seclang-parser.cc" +#line 3116 "seclang-parser.cc" break; case 141: // expression: "CONFIG_DIR_PCRE_MATCH_LIMIT" -#line 1656 "seclang-parser.yy" +#line 1659 "seclang-parser.yy" { driver.m_pcreMatchLimit.m_set = true; driver.m_pcreMatchLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3122 "seclang-parser.cc" +#line 3125 "seclang-parser.cc" break; case 142: // expression: "CONGIG_DIR_RESPONSE_BODY_MP" -#line 1661 "seclang-parser.yy" +#line 1664 "seclang-parser.yy" { std::istringstream buf(yystack_[0].value.as < std::string > ()); std::istream_iterator beg(buf), end; @@ -3134,37 +3137,37 @@ namespace yy { driver.m_responseBodyTypeToBeInspected.m_value.insert(*it); } } -#line 3138 "seclang-parser.cc" +#line 3141 "seclang-parser.cc" break; case 143: // expression: "CONGIG_DIR_RESPONSE_BODY_MP_CLEAR" -#line 1673 "seclang-parser.yy" +#line 1676 "seclang-parser.yy" { driver.m_responseBodyTypeToBeInspected.m_set = true; driver.m_responseBodyTypeToBeInspected.m_clear = true; driver.m_responseBodyTypeToBeInspected.m_value.clear(); } -#line 3148 "seclang-parser.cc" +#line 3151 "seclang-parser.cc" break; case 144: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_OFF" -#line 1679 "seclang-parser.yy" +#line 1682 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 3156 "seclang-parser.cc" +#line 3159 "seclang-parser.cc" break; case 145: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_ON" -#line 1683 "seclang-parser.yy" +#line 1686 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 3164 "seclang-parser.cc" +#line 3167 "seclang-parser.cc" break; case 146: // expression: "CONGIG_DIR_SEC_TMP_DIR" -#line 1687 "seclang-parser.yy" +#line 1690 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended std::stringstream ss; @@ -3175,31 +3178,31 @@ namespace yy { YYERROR; */ } -#line 3179 "seclang-parser.cc" +#line 3182 "seclang-parser.cc" break; case 149: // expression: "CONGIG_DIR_SEC_COOKIE_FORMAT" -#line 1708 "seclang-parser.yy" +#line 1711 "seclang-parser.yy" { if (atoi(yystack_[0].value.as < std::string > ().c_str()) == 1) { driver.error(yystack_[1].location, "SecCookieFormat 1 is not yet supported."); YYERROR; } } -#line 3190 "seclang-parser.cc" +#line 3193 "seclang-parser.cc" break; case 150: // expression: "CONFIG_SEC_COOKIEV0_SEPARATOR" -#line 1715 "seclang-parser.yy" +#line 1718 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCookieV0Separator is not yet supported."); YYERROR; } -#line 3199 "seclang-parser.cc" +#line 3202 "seclang-parser.cc" break; case 152: // expression: "CONFIG_DIR_UNICODE_MAP_FILE" -#line 1725 "seclang-parser.yy" +#line 1728 "seclang-parser.yy" { std::string error; std::vector param; @@ -3253,31 +3256,31 @@ namespace yy { } } -#line 3257 "seclang-parser.cc" +#line 3260 "seclang-parser.cc" break; case 153: // expression: "CONFIG_SEC_COLLECTION_TIMEOUT" -#line 1779 "seclang-parser.yy" +#line 1782 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default CRS installations with crs-setup.conf-recommended driver.error(@0, "SecCollectionTimeout is not yet supported."); YYERROR; */ } -#line 3268 "seclang-parser.cc" +#line 3271 "seclang-parser.cc" break; case 154: // expression: "CONFIG_SEC_HTTP_BLKEY" -#line 1786 "seclang-parser.yy" +#line 1789 "seclang-parser.yy" { driver.m_httpblKey.m_set = true; driver.m_httpblKey.m_value = yystack_[0].value.as < std::string > (); } -#line 3277 "seclang-parser.cc" +#line 3280 "seclang-parser.cc" break; case 155: // variables: variables_pre_process -#line 1794 "seclang-parser.yy" +#line 1797 "seclang-parser.yy" { std::unique_ptr > > originalList = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); std::unique_ptr>> newList(new std::vector>()); @@ -3311,2401 +3314,2401 @@ namespace yy { } yylhs.value.as < std::unique_ptr > > > () = std::move(newNewList); } -#line 3315 "seclang-parser.cc" +#line 3318 "seclang-parser.cc" break; case 156: // variables_pre_process: variables_may_be_quoted -#line 1831 "seclang-parser.yy" +#line 1834 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); } -#line 3323 "seclang-parser.cc" +#line 3326 "seclang-parser.cc" break; case 157: // variables_pre_process: "QUOTATION_MARK" variables_may_be_quoted "QUOTATION_MARK" -#line 1835 "seclang-parser.yy" +#line 1838 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[1].value.as < std::unique_ptr > > > ()); } -#line 3331 "seclang-parser.cc" +#line 3334 "seclang-parser.cc" break; case 158: // variables_may_be_quoted: variables_may_be_quoted PIPE var -#line 1842 "seclang-parser.yy" +#line 1845 "seclang-parser.yy" { yystack_[2].value.as < std::unique_ptr > > > ()->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[2].value.as < std::unique_ptr > > > ()); } -#line 3340 "seclang-parser.cc" +#line 3343 "seclang-parser.cc" break; case 159: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_EXCLUSION var -#line 1847 "seclang-parser.yy" +#line 1850 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3350 "seclang-parser.cc" +#line 3353 "seclang-parser.cc" break; case 160: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_COUNT var -#line 1853 "seclang-parser.yy" +#line 1856 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3360 "seclang-parser.cc" +#line 3363 "seclang-parser.cc" break; case 161: // variables_may_be_quoted: var -#line 1859 "seclang-parser.yy" +#line 1862 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); b->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3370 "seclang-parser.cc" +#line 3373 "seclang-parser.cc" break; case 162: // variables_may_be_quoted: VAR_EXCLUSION var -#line 1865 "seclang-parser.yy" +#line 1868 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3381 "seclang-parser.cc" +#line 3384 "seclang-parser.cc" break; case 163: // variables_may_be_quoted: VAR_COUNT var -#line 1872 "seclang-parser.yy" +#line 1875 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3392 "seclang-parser.cc" +#line 3395 "seclang-parser.cc" break; case 164: // var: VARIABLE_ARGS "Dictionary element" -#line 1882 "seclang-parser.yy" +#line 1885 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3400 "seclang-parser.cc" +#line 3403 "seclang-parser.cc" break; case 165: // var: VARIABLE_ARGS "Dictionary element, selected by regexp" -#line 1886 "seclang-parser.yy" +#line 1889 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3408 "seclang-parser.cc" +#line 3411 "seclang-parser.cc" break; case 166: // var: VARIABLE_ARGS -#line 1890 "seclang-parser.yy" +#line 1893 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_NoDictElement()); } -#line 3416 "seclang-parser.cc" +#line 3419 "seclang-parser.cc" break; case 167: // var: VARIABLE_ARGS_POST "Dictionary element" -#line 1894 "seclang-parser.yy" +#line 1897 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3424 "seclang-parser.cc" +#line 3427 "seclang-parser.cc" break; case 168: // var: VARIABLE_ARGS_POST "Dictionary element, selected by regexp" -#line 1898 "seclang-parser.yy" +#line 1901 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3432 "seclang-parser.cc" +#line 3435 "seclang-parser.cc" break; case 169: // var: VARIABLE_ARGS_POST -#line 1902 "seclang-parser.yy" +#line 1905 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_NoDictElement()); } -#line 3440 "seclang-parser.cc" +#line 3443 "seclang-parser.cc" break; case 170: // var: VARIABLE_ARGS_GET "Dictionary element" -#line 1906 "seclang-parser.yy" +#line 1909 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3448 "seclang-parser.cc" +#line 3451 "seclang-parser.cc" break; case 171: // var: VARIABLE_ARGS_GET "Dictionary element, selected by regexp" -#line 1910 "seclang-parser.yy" +#line 1913 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3456 "seclang-parser.cc" +#line 3459 "seclang-parser.cc" break; case 172: // var: VARIABLE_ARGS_GET -#line 1914 "seclang-parser.yy" +#line 1917 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_NoDictElement()); } -#line 3464 "seclang-parser.cc" +#line 3467 "seclang-parser.cc" break; case 173: // var: VARIABLE_FILES_SIZES "Dictionary element" -#line 1918 "seclang-parser.yy" +#line 1921 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3472 "seclang-parser.cc" +#line 3475 "seclang-parser.cc" break; case 174: // var: VARIABLE_FILES_SIZES "Dictionary element, selected by regexp" -#line 1922 "seclang-parser.yy" +#line 1925 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3480 "seclang-parser.cc" +#line 3483 "seclang-parser.cc" break; case 175: // var: VARIABLE_FILES_SIZES -#line 1926 "seclang-parser.yy" +#line 1929 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_NoDictElement()); } -#line 3488 "seclang-parser.cc" +#line 3491 "seclang-parser.cc" break; case 176: // var: VARIABLE_FILES_NAMES "Dictionary element" -#line 1930 "seclang-parser.yy" +#line 1933 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3496 "seclang-parser.cc" +#line 3499 "seclang-parser.cc" break; case 177: // var: VARIABLE_FILES_NAMES "Dictionary element, selected by regexp" -#line 1934 "seclang-parser.yy" +#line 1937 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3504 "seclang-parser.cc" +#line 3507 "seclang-parser.cc" break; case 178: // var: VARIABLE_FILES_NAMES -#line 1938 "seclang-parser.yy" +#line 1941 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_NoDictElement()); } -#line 3512 "seclang-parser.cc" +#line 3515 "seclang-parser.cc" break; case 179: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element" -#line 1942 "seclang-parser.yy" +#line 1945 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3520 "seclang-parser.cc" +#line 3523 "seclang-parser.cc" break; case 180: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element, selected by regexp" -#line 1946 "seclang-parser.yy" +#line 1949 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3528 "seclang-parser.cc" +#line 3531 "seclang-parser.cc" break; case 181: // var: VARIABLE_FILES_TMP_CONTENT -#line 1950 "seclang-parser.yy" +#line 1953 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_NoDictElement()); } -#line 3536 "seclang-parser.cc" +#line 3539 "seclang-parser.cc" break; case 182: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element" -#line 1954 "seclang-parser.yy" +#line 1957 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3544 "seclang-parser.cc" +#line 3547 "seclang-parser.cc" break; case 183: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element, selected by regexp" -#line 1958 "seclang-parser.yy" +#line 1961 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3552 "seclang-parser.cc" +#line 3555 "seclang-parser.cc" break; case 184: // var: VARIABLE_MULTIPART_FILENAME -#line 1962 "seclang-parser.yy" +#line 1965 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_NoDictElement()); } -#line 3560 "seclang-parser.cc" +#line 3563 "seclang-parser.cc" break; case 185: // var: VARIABLE_MULTIPART_NAME "Dictionary element" -#line 1966 "seclang-parser.yy" +#line 1969 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3568 "seclang-parser.cc" +#line 3571 "seclang-parser.cc" break; case 186: // var: VARIABLE_MULTIPART_NAME "Dictionary element, selected by regexp" -#line 1970 "seclang-parser.yy" +#line 1973 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3576 "seclang-parser.cc" +#line 3579 "seclang-parser.cc" break; case 187: // var: VARIABLE_MULTIPART_NAME -#line 1974 "seclang-parser.yy" +#line 1977 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_NoDictElement()); } -#line 3584 "seclang-parser.cc" +#line 3587 "seclang-parser.cc" break; case 188: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element" -#line 1978 "seclang-parser.yy" +#line 1981 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3592 "seclang-parser.cc" +#line 3595 "seclang-parser.cc" break; case 189: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element, selected by regexp" -#line 1982 "seclang-parser.yy" +#line 1985 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3600 "seclang-parser.cc" +#line 3603 "seclang-parser.cc" break; case 190: // var: VARIABLE_MATCHED_VARS_NAMES -#line 1986 "seclang-parser.yy" +#line 1989 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_NoDictElement()); } -#line 3608 "seclang-parser.cc" +#line 3611 "seclang-parser.cc" break; case 191: // var: VARIABLE_MATCHED_VARS "Dictionary element" -#line 1990 "seclang-parser.yy" +#line 1993 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3616 "seclang-parser.cc" +#line 3619 "seclang-parser.cc" break; case 192: // var: VARIABLE_MATCHED_VARS "Dictionary element, selected by regexp" -#line 1994 "seclang-parser.yy" +#line 1997 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3624 "seclang-parser.cc" +#line 3627 "seclang-parser.cc" break; case 193: // var: VARIABLE_MATCHED_VARS -#line 1998 "seclang-parser.yy" +#line 2001 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_NoDictElement()); } -#line 3632 "seclang-parser.cc" +#line 3635 "seclang-parser.cc" break; case 194: // var: VARIABLE_FILES "Dictionary element" -#line 2002 "seclang-parser.yy" +#line 2005 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3640 "seclang-parser.cc" +#line 3643 "seclang-parser.cc" break; case 195: // var: VARIABLE_FILES "Dictionary element, selected by regexp" -#line 2006 "seclang-parser.yy" +#line 2009 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3648 "seclang-parser.cc" +#line 3651 "seclang-parser.cc" break; case 196: // var: VARIABLE_FILES -#line 2010 "seclang-parser.yy" +#line 2013 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_NoDictElement()); } -#line 3656 "seclang-parser.cc" +#line 3659 "seclang-parser.cc" break; case 197: // var: VARIABLE_REQUEST_COOKIES "Dictionary element" -#line 2014 "seclang-parser.yy" +#line 2017 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3664 "seclang-parser.cc" +#line 3667 "seclang-parser.cc" break; case 198: // var: VARIABLE_REQUEST_COOKIES "Dictionary element, selected by regexp" -#line 2018 "seclang-parser.yy" +#line 2021 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3672 "seclang-parser.cc" +#line 3675 "seclang-parser.cc" break; case 199: // var: VARIABLE_REQUEST_COOKIES -#line 2022 "seclang-parser.yy" +#line 2025 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_NoDictElement()); } -#line 3680 "seclang-parser.cc" +#line 3683 "seclang-parser.cc" break; case 200: // var: VARIABLE_REQUEST_HEADERS "Dictionary element" -#line 2026 "seclang-parser.yy" +#line 2029 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3688 "seclang-parser.cc" +#line 3691 "seclang-parser.cc" break; case 201: // var: VARIABLE_REQUEST_HEADERS "Dictionary element, selected by regexp" -#line 2030 "seclang-parser.yy" +#line 2033 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3696 "seclang-parser.cc" +#line 3699 "seclang-parser.cc" break; case 202: // var: VARIABLE_REQUEST_HEADERS -#line 2034 "seclang-parser.yy" +#line 2037 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_NoDictElement()); } -#line 3704 "seclang-parser.cc" +#line 3707 "seclang-parser.cc" break; case 203: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element" -#line 2038 "seclang-parser.yy" +#line 2041 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3712 "seclang-parser.cc" +#line 3715 "seclang-parser.cc" break; case 204: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element, selected by regexp" -#line 2042 "seclang-parser.yy" +#line 2045 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3720 "seclang-parser.cc" +#line 3723 "seclang-parser.cc" break; case 205: // var: VARIABLE_RESPONSE_HEADERS -#line 2046 "seclang-parser.yy" +#line 2049 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_NoDictElement()); } -#line 3728 "seclang-parser.cc" +#line 3731 "seclang-parser.cc" break; case 206: // var: VARIABLE_GEO "Dictionary element" -#line 2050 "seclang-parser.yy" +#line 2053 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3736 "seclang-parser.cc" +#line 3739 "seclang-parser.cc" break; case 207: // var: VARIABLE_GEO "Dictionary element, selected by regexp" -#line 2054 "seclang-parser.yy" +#line 2057 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3744 "seclang-parser.cc" +#line 3747 "seclang-parser.cc" break; case 208: // var: VARIABLE_GEO -#line 2058 "seclang-parser.yy" +#line 2061 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_NoDictElement()); } -#line 3752 "seclang-parser.cc" +#line 3755 "seclang-parser.cc" break; case 209: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element" -#line 2062 "seclang-parser.yy" +#line 2065 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3760 "seclang-parser.cc" +#line 3763 "seclang-parser.cc" break; case 210: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element, selected by regexp" -#line 2066 "seclang-parser.yy" +#line 2069 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3768 "seclang-parser.cc" +#line 3771 "seclang-parser.cc" break; case 211: // var: VARIABLE_REQUEST_COOKIES_NAMES -#line 2070 "seclang-parser.yy" +#line 2073 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_NoDictElement()); } -#line 3776 "seclang-parser.cc" +#line 3779 "seclang-parser.cc" break; case 212: // var: VARIABLE_MULTIPART_PART_HEADERS "Dictionary element" -#line 2074 "seclang-parser.yy" +#line 2077 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartPartHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3784 "seclang-parser.cc" +#line 3787 "seclang-parser.cc" break; case 213: // var: VARIABLE_MULTIPART_PART_HEADERS "Dictionary element, selected by regexp" -#line 2078 "seclang-parser.yy" +#line 2081 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartPartHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3792 "seclang-parser.cc" +#line 3795 "seclang-parser.cc" break; case 214: // var: VARIABLE_MULTIPART_PART_HEADERS -#line 2082 "seclang-parser.yy" +#line 2085 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartPartHeaders_NoDictElement()); } -#line 3800 "seclang-parser.cc" +#line 3803 "seclang-parser.cc" break; case 215: // var: VARIABLE_RULE "Dictionary element" -#line 2086 "seclang-parser.yy" +#line 2089 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3808 "seclang-parser.cc" +#line 3811 "seclang-parser.cc" break; case 216: // var: VARIABLE_RULE "Dictionary element, selected by regexp" -#line 2090 "seclang-parser.yy" +#line 2093 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3816 "seclang-parser.cc" +#line 3819 "seclang-parser.cc" break; case 217: // var: VARIABLE_RULE -#line 2094 "seclang-parser.yy" +#line 2097 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_NoDictElement()); } -#line 3824 "seclang-parser.cc" +#line 3827 "seclang-parser.cc" break; case 218: // var: "RUN_TIME_VAR_ENV" "Dictionary element" -#line 2098 "seclang-parser.yy" +#line 2101 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3832 "seclang-parser.cc" +#line 3835 "seclang-parser.cc" break; case 219: // var: "RUN_TIME_VAR_ENV" "Dictionary element, selected by regexp" -#line 2102 "seclang-parser.yy" +#line 2105 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3840 "seclang-parser.cc" +#line 3843 "seclang-parser.cc" break; case 220: // var: "RUN_TIME_VAR_ENV" -#line 2106 "seclang-parser.yy" +#line 2109 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV")); } -#line 3848 "seclang-parser.cc" +#line 3851 "seclang-parser.cc" break; case 221: // var: "RUN_TIME_VAR_XML" "Dictionary element" -#line 2110 "seclang-parser.yy" +#line 2113 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML("XML:" + yystack_[0].value.as < std::string > ())); } -#line 3856 "seclang-parser.cc" +#line 3859 "seclang-parser.cc" break; case 222: // var: "RUN_TIME_VAR_XML" "Dictionary element, selected by regexp" -#line 2114 "seclang-parser.yy" +#line 2117 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML("XML:" + yystack_[0].value.as < std::string > ())); } -#line 3864 "seclang-parser.cc" +#line 3867 "seclang-parser.cc" break; case 223: // var: "RUN_TIME_VAR_XML" -#line 2118 "seclang-parser.yy" +#line 2121 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_NoDictElement()); } -#line 3872 "seclang-parser.cc" +#line 3875 "seclang-parser.cc" break; case 224: // var: "FILES_TMPNAMES" "Dictionary element" -#line 2122 "seclang-parser.yy" +#line 2125 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3880 "seclang-parser.cc" +#line 3883 "seclang-parser.cc" break; case 225: // var: "FILES_TMPNAMES" "Dictionary element, selected by regexp" -#line 2126 "seclang-parser.yy" +#line 2129 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3888 "seclang-parser.cc" +#line 3891 "seclang-parser.cc" break; case 226: // var: "FILES_TMPNAMES" -#line 2130 "seclang-parser.yy" +#line 2133 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_NoDictElement()); } -#line 3896 "seclang-parser.cc" +#line 3899 "seclang-parser.cc" break; case 227: // var: "RESOURCE" run_time_string -#line 2134 "seclang-parser.yy" +#line 2137 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3904 "seclang-parser.cc" +#line 3907 "seclang-parser.cc" break; case 228: // var: "RESOURCE" "Dictionary element" -#line 2138 "seclang-parser.yy" +#line 2141 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3912 "seclang-parser.cc" +#line 3915 "seclang-parser.cc" break; case 229: // var: "RESOURCE" "Dictionary element, selected by regexp" -#line 2142 "seclang-parser.yy" +#line 2145 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3920 "seclang-parser.cc" +#line 3923 "seclang-parser.cc" break; case 230: // var: "RESOURCE" -#line 2146 "seclang-parser.yy" +#line 2149 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_NoDictElement()); } -#line 3928 "seclang-parser.cc" +#line 3931 "seclang-parser.cc" break; case 231: // var: "VARIABLE_IP" run_time_string -#line 2150 "seclang-parser.yy" +#line 2153 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3936 "seclang-parser.cc" +#line 3939 "seclang-parser.cc" break; case 232: // var: "VARIABLE_IP" "Dictionary element" -#line 2154 "seclang-parser.yy" +#line 2157 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3944 "seclang-parser.cc" +#line 3947 "seclang-parser.cc" break; case 233: // var: "VARIABLE_IP" "Dictionary element, selected by regexp" -#line 2158 "seclang-parser.yy" +#line 2161 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3952 "seclang-parser.cc" +#line 3955 "seclang-parser.cc" break; case 234: // var: "VARIABLE_IP" -#line 2162 "seclang-parser.yy" +#line 2165 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_NoDictElement()); } -#line 3960 "seclang-parser.cc" +#line 3963 "seclang-parser.cc" break; case 235: // var: "VARIABLE_GLOBAL" run_time_string -#line 2166 "seclang-parser.yy" +#line 2169 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3968 "seclang-parser.cc" +#line 3971 "seclang-parser.cc" break; case 236: // var: "VARIABLE_GLOBAL" "Dictionary element" -#line 2170 "seclang-parser.yy" +#line 2173 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3976 "seclang-parser.cc" +#line 3979 "seclang-parser.cc" break; case 237: // var: "VARIABLE_GLOBAL" "Dictionary element, selected by regexp" -#line 2174 "seclang-parser.yy" +#line 2177 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3984 "seclang-parser.cc" +#line 3987 "seclang-parser.cc" break; case 238: // var: "VARIABLE_GLOBAL" -#line 2178 "seclang-parser.yy" +#line 2181 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_NoDictElement()); } -#line 3992 "seclang-parser.cc" +#line 3995 "seclang-parser.cc" break; case 239: // var: "VARIABLE_USER" run_time_string -#line 2182 "seclang-parser.yy" +#line 2185 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 4000 "seclang-parser.cc" +#line 4003 "seclang-parser.cc" break; case 240: // var: "VARIABLE_USER" "Dictionary element" -#line 2186 "seclang-parser.yy" +#line 2189 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4008 "seclang-parser.cc" +#line 4011 "seclang-parser.cc" break; case 241: // var: "VARIABLE_USER" "Dictionary element, selected by regexp" -#line 2190 "seclang-parser.yy" +#line 2193 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4016 "seclang-parser.cc" +#line 4019 "seclang-parser.cc" break; case 242: // var: "VARIABLE_USER" -#line 2194 "seclang-parser.yy" +#line 2197 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_NoDictElement()); } -#line 4024 "seclang-parser.cc" +#line 4027 "seclang-parser.cc" break; case 243: // var: "VARIABLE_TX" run_time_string -#line 2198 "seclang-parser.yy" +#line 2201 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 4032 "seclang-parser.cc" +#line 4035 "seclang-parser.cc" break; case 244: // var: "VARIABLE_TX" "Dictionary element" -#line 2202 "seclang-parser.yy" +#line 2205 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4040 "seclang-parser.cc" +#line 4043 "seclang-parser.cc" break; case 245: // var: "VARIABLE_TX" "Dictionary element, selected by regexp" -#line 2206 "seclang-parser.yy" +#line 2209 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4048 "seclang-parser.cc" +#line 4051 "seclang-parser.cc" break; case 246: // var: "VARIABLE_TX" -#line 2210 "seclang-parser.yy" +#line 2213 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_NoDictElement()); } -#line 4056 "seclang-parser.cc" +#line 4059 "seclang-parser.cc" break; case 247: // var: "VARIABLE_SESSION" run_time_string -#line 2214 "seclang-parser.yy" +#line 2217 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 4064 "seclang-parser.cc" +#line 4067 "seclang-parser.cc" break; case 248: // var: "VARIABLE_SESSION" "Dictionary element" -#line 2218 "seclang-parser.yy" +#line 2221 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4072 "seclang-parser.cc" +#line 4075 "seclang-parser.cc" break; case 249: // var: "VARIABLE_SESSION" "Dictionary element, selected by regexp" -#line 2222 "seclang-parser.yy" +#line 2225 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4080 "seclang-parser.cc" +#line 4083 "seclang-parser.cc" break; case 250: // var: "VARIABLE_SESSION" -#line 2226 "seclang-parser.yy" +#line 2229 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_NoDictElement()); } -#line 4088 "seclang-parser.cc" +#line 4091 "seclang-parser.cc" break; case 251: // var: "Variable ARGS_NAMES" "Dictionary element" -#line 2230 "seclang-parser.yy" +#line 2233 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4096 "seclang-parser.cc" +#line 4099 "seclang-parser.cc" break; case 252: // var: "Variable ARGS_NAMES" "Dictionary element, selected by regexp" -#line 2234 "seclang-parser.yy" +#line 2237 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4104 "seclang-parser.cc" +#line 4107 "seclang-parser.cc" break; case 253: // var: "Variable ARGS_NAMES" -#line 2238 "seclang-parser.yy" +#line 2241 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_NoDictElement()); } -#line 4112 "seclang-parser.cc" +#line 4115 "seclang-parser.cc" break; case 254: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element" -#line 2242 "seclang-parser.yy" +#line 2245 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4120 "seclang-parser.cc" +#line 4123 "seclang-parser.cc" break; case 255: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element, selected by regexp" -#line 2246 "seclang-parser.yy" +#line 2249 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4128 "seclang-parser.cc" +#line 4131 "seclang-parser.cc" break; case 256: // var: VARIABLE_ARGS_GET_NAMES -#line 2250 "seclang-parser.yy" +#line 2253 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_NoDictElement()); } -#line 4136 "seclang-parser.cc" +#line 4139 "seclang-parser.cc" break; case 257: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element" -#line 2255 "seclang-parser.yy" +#line 2258 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4144 "seclang-parser.cc" +#line 4147 "seclang-parser.cc" break; case 258: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element, selected by regexp" -#line 2259 "seclang-parser.yy" +#line 2262 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4152 "seclang-parser.cc" +#line 4155 "seclang-parser.cc" break; case 259: // var: VARIABLE_ARGS_POST_NAMES -#line 2263 "seclang-parser.yy" +#line 2266 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_NoDictElement()); } -#line 4160 "seclang-parser.cc" +#line 4163 "seclang-parser.cc" break; case 260: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element" -#line 2268 "seclang-parser.yy" +#line 2271 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4168 "seclang-parser.cc" +#line 4171 "seclang-parser.cc" break; case 261: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2272 "seclang-parser.yy" +#line 2275 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4176 "seclang-parser.cc" +#line 4179 "seclang-parser.cc" break; case 262: // var: VARIABLE_REQUEST_HEADERS_NAMES -#line 2276 "seclang-parser.yy" +#line 2279 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_NoDictElement()); } -#line 4184 "seclang-parser.cc" +#line 4187 "seclang-parser.cc" break; case 263: // var: VARIABLE_RESPONSE_CONTENT_TYPE -#line 2281 "seclang-parser.yy" +#line 2284 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentType()); } -#line 4192 "seclang-parser.cc" +#line 4195 "seclang-parser.cc" break; case 264: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element" -#line 2286 "seclang-parser.yy" +#line 2289 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4200 "seclang-parser.cc" +#line 4203 "seclang-parser.cc" break; case 265: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2290 "seclang-parser.yy" +#line 2293 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4208 "seclang-parser.cc" +#line 4211 "seclang-parser.cc" break; case 266: // var: VARIABLE_RESPONSE_HEADERS_NAMES -#line 2294 "seclang-parser.yy" +#line 2297 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_NoDictElement()); } -#line 4216 "seclang-parser.cc" +#line 4219 "seclang-parser.cc" break; case 267: // var: VARIABLE_ARGS_COMBINED_SIZE -#line 2298 "seclang-parser.yy" +#line 2301 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsCombinedSize()); } -#line 4224 "seclang-parser.cc" +#line 4227 "seclang-parser.cc" break; case 268: // var: "AUTH_TYPE" -#line 2302 "seclang-parser.yy" +#line 2305 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::AuthType()); } -#line 4232 "seclang-parser.cc" +#line 4235 "seclang-parser.cc" break; case 269: // var: "FILES_COMBINED_SIZE" -#line 2306 "seclang-parser.yy" +#line 2309 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesCombinedSize()); } -#line 4240 "seclang-parser.cc" +#line 4243 "seclang-parser.cc" break; case 270: // var: "FULL_REQUEST" -#line 2310 "seclang-parser.yy" +#line 2313 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequest()); } -#line 4248 "seclang-parser.cc" +#line 4251 "seclang-parser.cc" break; case 271: // var: "FULL_REQUEST_LENGTH" -#line 2314 "seclang-parser.yy" +#line 2317 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequestLength()); } -#line 4256 "seclang-parser.cc" +#line 4259 "seclang-parser.cc" break; case 272: // var: "INBOUND_DATA_ERROR" -#line 2318 "seclang-parser.yy" +#line 2321 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::InboundDataError()); } -#line 4264 "seclang-parser.cc" +#line 4267 "seclang-parser.cc" break; case 273: // var: "MATCHED_VAR" -#line 2322 "seclang-parser.yy" +#line 2325 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVar()); } -#line 4272 "seclang-parser.cc" +#line 4275 "seclang-parser.cc" break; case 274: // var: "MATCHED_VAR_NAME" -#line 2326 "seclang-parser.yy" +#line 2329 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarName()); } -#line 4280 "seclang-parser.cc" +#line 4283 "seclang-parser.cc" break; case 275: // var: "MSC_PCRE_ERROR" -#line 2330 "seclang-parser.yy" +#line 2333 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MscPcreError()); } -#line 4288 "seclang-parser.cc" +#line 4291 "seclang-parser.cc" break; case 276: // var: "MSC_PCRE_LIMITS_EXCEEDED" -#line 2334 "seclang-parser.yy" +#line 2337 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MscPcreLimitsExceeded()); } -#line 4296 "seclang-parser.cc" +#line 4299 "seclang-parser.cc" break; case 277: // var: VARIABLE_MULTIPART_BOUNDARY_QUOTED -#line 2338 "seclang-parser.yy" +#line 2341 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryQuoted()); } -#line 4304 "seclang-parser.cc" +#line 4307 "seclang-parser.cc" break; case 278: // var: VARIABLE_MULTIPART_BOUNDARY_WHITESPACE -#line 2342 "seclang-parser.yy" +#line 2345 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryWhiteSpace()); } -#line 4312 "seclang-parser.cc" +#line 4315 "seclang-parser.cc" break; case 279: // var: "MULTIPART_CRLF_LF_LINES" -#line 2346 "seclang-parser.yy" +#line 2349 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartCrlfLFLines()); } -#line 4320 "seclang-parser.cc" +#line 4323 "seclang-parser.cc" break; case 280: // var: "MULTIPART_DATA_AFTER" -#line 2350 "seclang-parser.yy" +#line 2353 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateAfter()); } -#line 4328 "seclang-parser.cc" +#line 4331 "seclang-parser.cc" break; case 281: // var: VARIABLE_MULTIPART_DATA_BEFORE -#line 2354 "seclang-parser.yy" +#line 2357 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateBefore()); } -#line 4336 "seclang-parser.cc" +#line 4339 "seclang-parser.cc" break; case 282: // var: "MULTIPART_FILE_LIMIT_EXCEEDED" -#line 2358 "seclang-parser.yy" +#line 2361 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartFileLimitExceeded()); } -#line 4344 "seclang-parser.cc" +#line 4347 "seclang-parser.cc" break; case 283: // var: "MULTIPART_HEADER_FOLDING" -#line 2362 "seclang-parser.yy" +#line 2365 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartHeaderFolding()); } -#line 4352 "seclang-parser.cc" +#line 4355 "seclang-parser.cc" break; case 284: // var: "MULTIPART_INVALID_HEADER_FOLDING" -#line 2366 "seclang-parser.yy" +#line 2369 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidHeaderFolding()); } -#line 4360 "seclang-parser.cc" +#line 4363 "seclang-parser.cc" break; case 285: // var: VARIABLE_MULTIPART_INVALID_PART -#line 2370 "seclang-parser.yy" +#line 2373 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidPart()); } -#line 4368 "seclang-parser.cc" +#line 4371 "seclang-parser.cc" break; case 286: // var: "MULTIPART_INVALID_QUOTING" -#line 2374 "seclang-parser.yy" +#line 2377 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidQuoting()); } -#line 4376 "seclang-parser.cc" +#line 4379 "seclang-parser.cc" break; case 287: // var: VARIABLE_MULTIPART_LF_LINE -#line 2378 "seclang-parser.yy" +#line 2381 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartLFLine()); } -#line 4384 "seclang-parser.cc" +#line 4387 "seclang-parser.cc" break; case 288: // var: VARIABLE_MULTIPART_MISSING_SEMICOLON -#line 2382 "seclang-parser.yy" +#line 2385 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4392 "seclang-parser.cc" +#line 4395 "seclang-parser.cc" break; case 289: // var: VARIABLE_MULTIPART_SEMICOLON_MISSING -#line 2386 "seclang-parser.yy" +#line 2389 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4400 "seclang-parser.cc" +#line 4403 "seclang-parser.cc" break; case 290: // var: "MULTIPART_STRICT_ERROR" -#line 2390 "seclang-parser.yy" +#line 2393 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartStrictError()); } -#line 4408 "seclang-parser.cc" +#line 4411 "seclang-parser.cc" break; case 291: // var: "MULTIPART_UNMATCHED_BOUNDARY" -#line 2394 "seclang-parser.yy" +#line 2397 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartUnmatchedBoundary()); } -#line 4416 "seclang-parser.cc" +#line 4419 "seclang-parser.cc" break; case 292: // var: "OUTBOUND_DATA_ERROR" -#line 2398 "seclang-parser.yy" +#line 2401 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::OutboundDataError()); } -#line 4424 "seclang-parser.cc" +#line 4427 "seclang-parser.cc" break; case 293: // var: "PATH_INFO" -#line 2402 "seclang-parser.yy" +#line 2405 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::PathInfo()); } -#line 4432 "seclang-parser.cc" +#line 4435 "seclang-parser.cc" break; case 294: // var: "QUERY_STRING" -#line 2406 "seclang-parser.yy" +#line 2409 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::QueryString()); } -#line 4440 "seclang-parser.cc" +#line 4443 "seclang-parser.cc" break; case 295: // var: "REMOTE_ADDR" -#line 2410 "seclang-parser.yy" +#line 2413 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteAddr()); } -#line 4448 "seclang-parser.cc" +#line 4451 "seclang-parser.cc" break; case 296: // var: "REMOTE_HOST" -#line 2414 "seclang-parser.yy" +#line 2417 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteHost()); } -#line 4456 "seclang-parser.cc" +#line 4459 "seclang-parser.cc" break; case 297: // var: "REMOTE_PORT" -#line 2418 "seclang-parser.yy" +#line 2421 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemotePort()); } -#line 4464 "seclang-parser.cc" +#line 4467 "seclang-parser.cc" break; case 298: // var: "REQBODY_ERROR" -#line 2422 "seclang-parser.yy" +#line 2425 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyError()); } -#line 4472 "seclang-parser.cc" +#line 4475 "seclang-parser.cc" break; case 299: // var: "REQBODY_ERROR_MSG" -#line 2426 "seclang-parser.yy" +#line 2429 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyErrorMsg()); } -#line 4480 "seclang-parser.cc" +#line 4483 "seclang-parser.cc" break; case 300: // var: "REQBODY_PROCESSOR" -#line 2430 "seclang-parser.yy" +#line 2433 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessor()); } -#line 4488 "seclang-parser.cc" +#line 4491 "seclang-parser.cc" break; case 301: // var: "REQBODY_PROCESSOR_ERROR" -#line 2434 "seclang-parser.yy" +#line 2437 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorError()); } -#line 4496 "seclang-parser.cc" +#line 4499 "seclang-parser.cc" break; case 302: // var: "REQBODY_PROCESSOR_ERROR_MSG" -#line 2438 "seclang-parser.yy" +#line 2441 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorErrorMsg()); } -#line 4504 "seclang-parser.cc" +#line 4507 "seclang-parser.cc" break; case 303: // var: "REQUEST_BASENAME" -#line 2442 "seclang-parser.yy" +#line 2445 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBasename()); } -#line 4512 "seclang-parser.cc" +#line 4515 "seclang-parser.cc" break; case 304: // var: "REQUEST_BODY" -#line 2446 "seclang-parser.yy" +#line 2449 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBody()); } -#line 4520 "seclang-parser.cc" +#line 4523 "seclang-parser.cc" break; case 305: // var: "REQUEST_BODY_LENGTH" -#line 2450 "seclang-parser.yy" +#line 2453 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBodyLength()); } -#line 4528 "seclang-parser.cc" +#line 4531 "seclang-parser.cc" break; case 306: // var: "REQUEST_FILENAME" -#line 2454 "seclang-parser.yy" +#line 2457 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestFilename()); } -#line 4536 "seclang-parser.cc" +#line 4539 "seclang-parser.cc" break; case 307: // var: "REQUEST_LINE" -#line 2458 "seclang-parser.yy" +#line 2461 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestLine()); } -#line 4544 "seclang-parser.cc" +#line 4547 "seclang-parser.cc" break; case 308: // var: "REQUEST_METHOD" -#line 2462 "seclang-parser.yy" +#line 2465 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestMethod()); } -#line 4552 "seclang-parser.cc" +#line 4555 "seclang-parser.cc" break; case 309: // var: "REQUEST_PROTOCOL" -#line 2466 "seclang-parser.yy" +#line 2469 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestProtocol()); } -#line 4560 "seclang-parser.cc" +#line 4563 "seclang-parser.cc" break; case 310: // var: "REQUEST_URI" -#line 2470 "seclang-parser.yy" +#line 2473 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURI()); } -#line 4568 "seclang-parser.cc" +#line 4571 "seclang-parser.cc" break; case 311: // var: "REQUEST_URI_RAW" -#line 2474 "seclang-parser.yy" +#line 2477 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURIRaw()); } -#line 4576 "seclang-parser.cc" +#line 4579 "seclang-parser.cc" break; case 312: // var: "RESPONSE_BODY" -#line 2478 "seclang-parser.yy" +#line 2481 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseBody()); } -#line 4584 "seclang-parser.cc" +#line 4587 "seclang-parser.cc" break; case 313: // var: "RESPONSE_CONTENT_LENGTH" -#line 2482 "seclang-parser.yy" +#line 2485 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentLength()); } -#line 4592 "seclang-parser.cc" +#line 4595 "seclang-parser.cc" break; case 314: // var: "RESPONSE_PROTOCOL" -#line 2486 "seclang-parser.yy" +#line 2489 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseProtocol()); } -#line 4600 "seclang-parser.cc" +#line 4603 "seclang-parser.cc" break; case 315: // var: "RESPONSE_STATUS" -#line 2490 "seclang-parser.yy" +#line 2493 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseStatus()); } -#line 4608 "seclang-parser.cc" +#line 4611 "seclang-parser.cc" break; case 316: // var: "SERVER_ADDR" -#line 2494 "seclang-parser.yy" +#line 2497 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerAddr()); } -#line 4616 "seclang-parser.cc" +#line 4619 "seclang-parser.cc" break; case 317: // var: "SERVER_NAME" -#line 2498 "seclang-parser.yy" +#line 2501 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerName()); } -#line 4624 "seclang-parser.cc" +#line 4627 "seclang-parser.cc" break; case 318: // var: "SERVER_PORT" -#line 2502 "seclang-parser.yy" +#line 2505 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerPort()); } -#line 4632 "seclang-parser.cc" +#line 4635 "seclang-parser.cc" break; case 319: // var: "SESSIONID" -#line 2506 "seclang-parser.yy" +#line 2509 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::SessionID()); } -#line 4640 "seclang-parser.cc" +#line 4643 "seclang-parser.cc" break; case 320: // var: "UNIQUE_ID" -#line 2510 "seclang-parser.yy" +#line 2513 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UniqueID()); } -#line 4648 "seclang-parser.cc" +#line 4651 "seclang-parser.cc" break; case 321: // var: "URLENCODED_ERROR" -#line 2514 "seclang-parser.yy" +#line 2517 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UrlEncodedError()); } -#line 4656 "seclang-parser.cc" +#line 4659 "seclang-parser.cc" break; case 322: // var: "USERID" -#line 2518 "seclang-parser.yy" +#line 2521 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UserID()); } -#line 4664 "seclang-parser.cc" +#line 4667 "seclang-parser.cc" break; case 323: // var: "VARIABLE_STATUS" -#line 2522 "seclang-parser.yy" +#line 2525 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4672 "seclang-parser.cc" +#line 4675 "seclang-parser.cc" break; case 324: // var: "VARIABLE_STATUS_LINE" -#line 2526 "seclang-parser.yy" +#line 2529 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4680 "seclang-parser.cc" +#line 4683 "seclang-parser.cc" break; case 325: // var: "WEBAPPID" -#line 2530 "seclang-parser.yy" +#line 2533 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::WebAppId()); } -#line 4688 "seclang-parser.cc" +#line 4691 "seclang-parser.cc" break; case 326: // var: "RUN_TIME_VAR_DUR" -#line 2534 "seclang-parser.yy" +#line 2537 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Duration(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4699 "seclang-parser.cc" +#line 4702 "seclang-parser.cc" break; case 327: // var: "RUN_TIME_VAR_BLD" -#line 2542 "seclang-parser.yy" +#line 2545 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new ModsecBuild(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4710 "seclang-parser.cc" +#line 4713 "seclang-parser.cc" break; case 328: // var: "RUN_TIME_VAR_HSV" -#line 2549 "seclang-parser.yy" +#line 2552 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new HighestSeverity(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4721 "seclang-parser.cc" +#line 4724 "seclang-parser.cc" break; case 329: // var: "RUN_TIME_VAR_REMOTE_USER" -#line 2556 "seclang-parser.yy" +#line 2559 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new RemoteUser(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4732 "seclang-parser.cc" +#line 4735 "seclang-parser.cc" break; case 330: // var: "RUN_TIME_VAR_TIME" -#line 2563 "seclang-parser.yy" +#line 2566 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Time(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4743 "seclang-parser.cc" +#line 4746 "seclang-parser.cc" break; case 331: // var: "RUN_TIME_VAR_TIME_DAY" -#line 2570 "seclang-parser.yy" +#line 2573 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4754 "seclang-parser.cc" +#line 4757 "seclang-parser.cc" break; case 332: // var: "RUN_TIME_VAR_TIME_EPOCH" -#line 2577 "seclang-parser.yy" +#line 2580 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeEpoch(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4765 "seclang-parser.cc" +#line 4768 "seclang-parser.cc" break; case 333: // var: "RUN_TIME_VAR_TIME_HOUR" -#line 2584 "seclang-parser.yy" +#line 2587 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeHour(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4776 "seclang-parser.cc" +#line 4779 "seclang-parser.cc" break; case 334: // var: "RUN_TIME_VAR_TIME_MIN" -#line 2591 "seclang-parser.yy" +#line 2594 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMin(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4787 "seclang-parser.cc" +#line 4790 "seclang-parser.cc" break; case 335: // var: "RUN_TIME_VAR_TIME_MON" -#line 2598 "seclang-parser.yy" +#line 2601 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMon(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4798 "seclang-parser.cc" +#line 4801 "seclang-parser.cc" break; case 336: // var: "RUN_TIME_VAR_TIME_SEC" -#line 2605 "seclang-parser.yy" +#line 2608 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeSec(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4809 "seclang-parser.cc" +#line 4812 "seclang-parser.cc" break; case 337: // var: "RUN_TIME_VAR_TIME_WDAY" -#line 2612 "seclang-parser.yy" +#line 2615 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeWDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4820 "seclang-parser.cc" +#line 4823 "seclang-parser.cc" break; case 338: // var: "RUN_TIME_VAR_TIME_YEAR" -#line 2619 "seclang-parser.yy" +#line 2622 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeYear(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4831 "seclang-parser.cc" +#line 4834 "seclang-parser.cc" break; case 339: // act: "Accuracy" -#line 2629 "seclang-parser.yy" +#line 2632 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Accuracy(yystack_[0].value.as < std::string > ())); } -#line 4839 "seclang-parser.cc" +#line 4842 "seclang-parser.cc" break; case 340: // act: "Allow" -#line 2633 "seclang-parser.yy" +#line 2636 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Allow(yystack_[0].value.as < std::string > ())); } -#line 4847 "seclang-parser.cc" +#line 4850 "seclang-parser.cc" break; case 341: // act: "Append" -#line 2637 "seclang-parser.yy" +#line 2640 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Append", yystack_[1].location); } -#line 4855 "seclang-parser.cc" +#line 4858 "seclang-parser.cc" break; case 342: // act: "AuditLog" -#line 2641 "seclang-parser.yy" +#line 2644 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::AuditLog(yystack_[0].value.as < std::string > ())); } -#line 4863 "seclang-parser.cc" +#line 4866 "seclang-parser.cc" break; case 343: // act: "Block" -#line 2645 "seclang-parser.yy" +#line 2648 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Block(yystack_[0].value.as < std::string > ())); } -#line 4871 "seclang-parser.cc" +#line 4874 "seclang-parser.cc" break; case 344: // act: "Capture" -#line 2649 "seclang-parser.yy" +#line 2652 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Capture(yystack_[0].value.as < std::string > ())); } -#line 4879 "seclang-parser.cc" +#line 4882 "seclang-parser.cc" break; case 345: // act: "Chain" -#line 2653 "seclang-parser.yy" +#line 2656 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Chain(yystack_[0].value.as < std::string > ())); } -#line 4887 "seclang-parser.cc" +#line 4890 "seclang-parser.cc" break; case 346: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_ON" -#line 2657 "seclang-parser.yy" +#line 2660 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditEngine("ctl:auditengine=on")); driver.m_auditLog->setCtlAuditEngineActive(); } -#line 4896 "seclang-parser.cc" +#line 4899 "seclang-parser.cc" break; case 347: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" -#line 2662 "seclang-parser.yy" +#line 2665 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditEngine("ctl:auditengine=off")); } -#line 4904 "seclang-parser.cc" +#line 4907 "seclang-parser.cc" break; case 348: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" -#line 2666 "seclang-parser.yy" +#line 2669 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditEngine("ctl:auditengine=relevantonly")); driver.m_auditLog->setCtlAuditEngineActive(); } -#line 4913 "seclang-parser.cc" +#line 4916 "seclang-parser.cc" break; case 349: // act: "ACTION_CTL_AUDIT_LOG_PARTS" -#line 2671 "seclang-parser.yy" +#line 2674 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditLogParts(yystack_[0].value.as < std::string > ())); } -#line 4921 "seclang-parser.cc" +#line 4924 "seclang-parser.cc" break; case 350: // act: "ACTION_CTL_BDY_JSON" -#line 2675 "seclang-parser.yy" +#line 2678 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorJSON(yystack_[0].value.as < std::string > ())); } -#line 4929 "seclang-parser.cc" +#line 4932 "seclang-parser.cc" break; case 351: // act: "ACTION_CTL_BDY_XML" -#line 2679 "seclang-parser.yy" +#line 2682 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorXML(yystack_[0].value.as < std::string > ())); } -#line 4937 "seclang-parser.cc" +#line 4940 "seclang-parser.cc" break; case 352: // act: "ACTION_CTL_BDY_URLENCODED" -#line 2683 "seclang-parser.yy" +#line 2686 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorURLENCODED(yystack_[0].value.as < std::string > ())); } -#line 4945 "seclang-parser.cc" +#line 4948 "seclang-parser.cc" break; case 353: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_ON" -#line 2687 "seclang-parser.yy" +#line 2690 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4954 "seclang-parser.cc" +#line 4957 "seclang-parser.cc" break; case 354: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" -#line 2692 "seclang-parser.yy" +#line 2695 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4963 "seclang-parser.cc" +#line 4966 "seclang-parser.cc" break; case 355: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_ON" -#line 2697 "seclang-parser.yy" +#line 2700 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "true")); } -#line 4971 "seclang-parser.cc" +#line 4974 "seclang-parser.cc" break; case 356: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_OFF" -#line 2701 "seclang-parser.yy" +#line 2704 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "false")); } -#line 4979 "seclang-parser.cc" +#line 4982 "seclang-parser.cc" break; case 357: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_ON" -#line 2705 "seclang-parser.yy" +#line 2708 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=on")); } -#line 4987 "seclang-parser.cc" +#line 4990 "seclang-parser.cc" break; case 358: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_OFF" -#line 2709 "seclang-parser.yy" +#line 2712 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=off")); } -#line 4995 "seclang-parser.cc" +#line 4998 "seclang-parser.cc" break; case 359: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_DETC" -#line 2713 "seclang-parser.yy" +#line 2716 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=detectiononly")); } -#line 5003 "seclang-parser.cc" +#line 5006 "seclang-parser.cc" break; case 360: // act: "ACTION_CTL_RULE_REMOVE_BY_ID" -#line 2717 "seclang-parser.yy" +#line 2720 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveById(yystack_[0].value.as < std::string > ())); } -#line 5011 "seclang-parser.cc" +#line 5014 "seclang-parser.cc" break; case 361: // act: "ACTION_CTL_RULE_REMOVE_BY_TAG" -#line 2721 "seclang-parser.yy" +#line 2724 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveByTag(yystack_[0].value.as < std::string > ())); } -#line 5019 "seclang-parser.cc" +#line 5022 "seclang-parser.cc" break; case 362: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID" -#line 2725 "seclang-parser.yy" +#line 2728 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetById(yystack_[0].value.as < std::string > ())); } -#line 5027 "seclang-parser.cc" +#line 5030 "seclang-parser.cc" break; case 363: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG" -#line 2729 "seclang-parser.yy" +#line 2732 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetByTag(yystack_[0].value.as < std::string > ())); } -#line 5035 "seclang-parser.cc" +#line 5038 "seclang-parser.cc" break; case 364: // act: "Deny" -#line 2733 "seclang-parser.yy" +#line 2736 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Deny(yystack_[0].value.as < std::string > ())); } -#line 5043 "seclang-parser.cc" +#line 5046 "seclang-parser.cc" break; case 365: // act: "DeprecateVar" -#line 2737 "seclang-parser.yy" +#line 2740 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("DeprecateVar", yystack_[1].location); } -#line 5051 "seclang-parser.cc" +#line 5054 "seclang-parser.cc" break; case 366: // act: "Drop" -#line 2741 "seclang-parser.yy" +#line 2744 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Drop(yystack_[0].value.as < std::string > ())); } -#line 5059 "seclang-parser.cc" +#line 5062 "seclang-parser.cc" break; case 367: // act: "Exec" -#line 2745 "seclang-parser.yy" +#line 2748 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Exec(yystack_[0].value.as < std::string > ())); } -#line 5067 "seclang-parser.cc" +#line 5070 "seclang-parser.cc" break; case 368: // act: "ExpireVar" run_time_string -#line 2749 "seclang-parser.yy" +#line 2752 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ExpireVar(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5075 "seclang-parser.cc" +#line 5078 "seclang-parser.cc" break; case 369: // act: "Id" -#line 2753 "seclang-parser.yy" +#line 2756 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::RuleId(yystack_[0].value.as < std::string > ())); } -#line 5083 "seclang-parser.cc" +#line 5086 "seclang-parser.cc" break; case 370: // act: "InitCol" run_time_string -#line 2757 "seclang-parser.yy" +#line 2760 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::InitCol(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5091 "seclang-parser.cc" +#line 5094 "seclang-parser.cc" break; case 371: // act: "LogData" run_time_string -#line 2761 "seclang-parser.yy" +#line 2764 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::LogData(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5099 "seclang-parser.cc" +#line 5102 "seclang-parser.cc" break; case 372: // act: "Log" -#line 2765 "seclang-parser.yy" +#line 2768 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Log(yystack_[0].value.as < std::string > ())); } -#line 5107 "seclang-parser.cc" +#line 5110 "seclang-parser.cc" break; case 373: // act: "Maturity" -#line 2769 "seclang-parser.yy" +#line 2772 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Maturity(yystack_[0].value.as < std::string > ())); } -#line 5115 "seclang-parser.cc" +#line 5118 "seclang-parser.cc" break; case 374: // act: "Msg" run_time_string -#line 2773 "seclang-parser.yy" +#line 2776 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Msg(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5123 "seclang-parser.cc" +#line 5126 "seclang-parser.cc" break; case 375: // act: "MultiMatch" -#line 2777 "seclang-parser.yy" +#line 2780 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::MultiMatch(yystack_[0].value.as < std::string > ())); } -#line 5131 "seclang-parser.cc" +#line 5134 "seclang-parser.cc" break; case 376: // act: "NoAuditLog" -#line 2781 "seclang-parser.yy" +#line 2784 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoAuditLog(yystack_[0].value.as < std::string > ())); } -#line 5139 "seclang-parser.cc" +#line 5142 "seclang-parser.cc" break; case 377: // act: "NoLog" -#line 2785 "seclang-parser.yy" +#line 2788 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoLog(yystack_[0].value.as < std::string > ())); } -#line 5147 "seclang-parser.cc" +#line 5150 "seclang-parser.cc" break; case 378: // act: "Pass" -#line 2789 "seclang-parser.yy" +#line 2792 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Pass(yystack_[0].value.as < std::string > ())); } -#line 5155 "seclang-parser.cc" +#line 5158 "seclang-parser.cc" break; case 379: // act: "Pause" -#line 2793 "seclang-parser.yy" +#line 2796 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Pause", yystack_[1].location); } -#line 5163 "seclang-parser.cc" +#line 5166 "seclang-parser.cc" break; case 380: // act: "Phase" -#line 2797 "seclang-parser.yy" +#line 2800 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Phase(yystack_[0].value.as < std::string > ())); } -#line 5171 "seclang-parser.cc" +#line 5174 "seclang-parser.cc" break; case 381: // act: "Prepend" -#line 2801 "seclang-parser.yy" +#line 2804 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Prepend", yystack_[1].location); } -#line 5179 "seclang-parser.cc" +#line 5182 "seclang-parser.cc" break; case 382: // act: "Proxy" -#line 2805 "seclang-parser.yy" +#line 2808 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Proxy", yystack_[1].location); } -#line 5187 "seclang-parser.cc" +#line 5190 "seclang-parser.cc" break; case 383: // act: "Redirect" run_time_string -#line 2809 "seclang-parser.yy" +#line 2812 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Redirect(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5195 "seclang-parser.cc" +#line 5198 "seclang-parser.cc" break; case 384: // act: "Rev" -#line 2813 "seclang-parser.yy" +#line 2816 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Rev(yystack_[0].value.as < std::string > ())); } -#line 5203 "seclang-parser.cc" +#line 5206 "seclang-parser.cc" break; case 385: // act: "SanitiseArg" -#line 2817 "seclang-parser.yy" +#line 2820 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseArg", yystack_[1].location); } -#line 5211 "seclang-parser.cc" +#line 5214 "seclang-parser.cc" break; case 386: // act: "SanitiseMatched" -#line 2821 "seclang-parser.yy" +#line 2824 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatched", yystack_[1].location); } -#line 5219 "seclang-parser.cc" +#line 5222 "seclang-parser.cc" break; case 387: // act: "SanitiseMatchedBytes" -#line 2825 "seclang-parser.yy" +#line 2828 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatchedBytes", yystack_[1].location); } -#line 5227 "seclang-parser.cc" +#line 5230 "seclang-parser.cc" break; case 388: // act: "SanitiseRequestHeader" -#line 2829 "seclang-parser.yy" +#line 2832 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseRequestHeader", yystack_[1].location); } -#line 5235 "seclang-parser.cc" +#line 5238 "seclang-parser.cc" break; case 389: // act: "SanitiseResponseHeader" -#line 2833 "seclang-parser.yy" +#line 2836 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseResponseHeader", yystack_[1].location); } -#line 5243 "seclang-parser.cc" +#line 5246 "seclang-parser.cc" break; case 390: // act: "SetEnv" run_time_string -#line 2837 "seclang-parser.yy" +#line 2840 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetENV(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5251 "seclang-parser.cc" +#line 5254 "seclang-parser.cc" break; case 391: // act: "SetRsc" run_time_string -#line 2841 "seclang-parser.yy" +#line 2844 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetRSC(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5259 "seclang-parser.cc" +#line 5262 "seclang-parser.cc" break; case 392: // act: "SetSid" run_time_string -#line 2845 "seclang-parser.yy" +#line 2848 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetSID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5267 "seclang-parser.cc" +#line 5270 "seclang-parser.cc" break; case 393: // act: "SetUID" run_time_string -#line 2849 "seclang-parser.yy" +#line 2852 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetUID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5275 "seclang-parser.cc" +#line 5278 "seclang-parser.cc" break; case 394: // act: "SetVar" setvar_action -#line 2853 "seclang-parser.yy" +#line 2856 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > () = std::move(yystack_[0].value.as < std::unique_ptr > ()); } -#line 5283 "seclang-parser.cc" +#line 5286 "seclang-parser.cc" break; case 395: // act: "Severity" -#line 2857 "seclang-parser.yy" +#line 2860 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Severity(yystack_[0].value.as < std::string > ())); } -#line 5291 "seclang-parser.cc" +#line 5294 "seclang-parser.cc" break; case 396: // act: "Skip" -#line 2861 "seclang-parser.yy" +#line 2864 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Skip(yystack_[0].value.as < std::string > ())); } -#line 5299 "seclang-parser.cc" +#line 5302 "seclang-parser.cc" break; case 397: // act: "SkipAfter" -#line 2865 "seclang-parser.yy" +#line 2868 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SkipAfter(yystack_[0].value.as < std::string > ())); } -#line 5307 "seclang-parser.cc" +#line 5310 "seclang-parser.cc" break; case 398: // act: "Status" -#line 2869 "seclang-parser.yy" +#line 2872 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::data::Status(yystack_[0].value.as < std::string > ())); } -#line 5315 "seclang-parser.cc" +#line 5318 "seclang-parser.cc" break; case 399: // act: "Tag" run_time_string -#line 2873 "seclang-parser.yy" +#line 2876 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Tag(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5323 "seclang-parser.cc" +#line 5326 "seclang-parser.cc" break; case 400: // act: "Ver" -#line 2877 "seclang-parser.yy" +#line 2880 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Ver(yystack_[0].value.as < std::string > ())); } -#line 5331 "seclang-parser.cc" +#line 5334 "seclang-parser.cc" break; case 401: // act: "xmlns" -#line 2881 "seclang-parser.yy" +#line 2884 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::XmlNS(yystack_[0].value.as < std::string > ())); } -#line 5339 "seclang-parser.cc" +#line 5342 "seclang-parser.cc" break; case 402: // act: "ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT" -#line 2885 "seclang-parser.yy" +#line 2888 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityZero7bit(yystack_[0].value.as < std::string > ())); } -#line 5347 "seclang-parser.cc" +#line 5350 "seclang-parser.cc" break; case 403: // act: "ACTION_TRANSFORMATION_PARITY_ODD_7_BIT" -#line 2889 "seclang-parser.yy" +#line 2892 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityOdd7bit(yystack_[0].value.as < std::string > ())); } -#line 5355 "seclang-parser.cc" +#line 5358 "seclang-parser.cc" break; case 404: // act: "ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT" -#line 2893 "seclang-parser.yy" +#line 2896 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityEven7bit(yystack_[0].value.as < std::string > ())); } -#line 5363 "seclang-parser.cc" +#line 5366 "seclang-parser.cc" break; case 405: // act: "ACTION_TRANSFORMATION_SQL_HEX_DECODE" -#line 2897 "seclang-parser.yy" +#line 2900 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::SqlHexDecode(yystack_[0].value.as < std::string > ())); } -#line 5371 "seclang-parser.cc" +#line 5374 "seclang-parser.cc" break; case 406: // act: "ACTION_TRANSFORMATION_BASE_64_ENCODE" -#line 2901 "seclang-parser.yy" +#line 2904 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Encode(yystack_[0].value.as < std::string > ())); } -#line 5379 "seclang-parser.cc" +#line 5382 "seclang-parser.cc" break; case 407: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE" -#line 2905 "seclang-parser.yy" +#line 2908 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Decode(yystack_[0].value.as < std::string > ())); } -#line 5387 "seclang-parser.cc" +#line 5390 "seclang-parser.cc" break; case 408: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE_EXT" -#line 2909 "seclang-parser.yy" +#line 2912 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64DecodeExt(yystack_[0].value.as < std::string > ())); } -#line 5395 "seclang-parser.cc" +#line 5398 "seclang-parser.cc" break; case 409: // act: "ACTION_TRANSFORMATION_CMD_LINE" -#line 2913 "seclang-parser.yy" +#line 2916 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CmdLine(yystack_[0].value.as < std::string > ())); } -#line 5403 "seclang-parser.cc" +#line 5406 "seclang-parser.cc" break; case 410: // act: "ACTION_TRANSFORMATION_SHA1" -#line 2917 "seclang-parser.yy" +#line 2920 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Sha1(yystack_[0].value.as < std::string > ())); } -#line 5411 "seclang-parser.cc" +#line 5414 "seclang-parser.cc" break; case 411: // act: "ACTION_TRANSFORMATION_MD5" -#line 2921 "seclang-parser.yy" +#line 2924 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Md5(yystack_[0].value.as < std::string > ())); } -#line 5419 "seclang-parser.cc" +#line 5422 "seclang-parser.cc" break; case 412: // act: "ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE" -#line 2925 "seclang-parser.yy" +#line 2928 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::EscapeSeqDecode(yystack_[0].value.as < std::string > ())); } -#line 5427 "seclang-parser.cc" +#line 5430 "seclang-parser.cc" break; case 413: // act: "ACTION_TRANSFORMATION_HEX_ENCODE" -#line 2929 "seclang-parser.yy" +#line 2932 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexEncode(yystack_[0].value.as < std::string > ())); } -#line 5435 "seclang-parser.cc" +#line 5438 "seclang-parser.cc" break; case 414: // act: "ACTION_TRANSFORMATION_HEX_DECODE" -#line 2933 "seclang-parser.yy" +#line 2936 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexDecode(yystack_[0].value.as < std::string > ())); } -#line 5443 "seclang-parser.cc" +#line 5446 "seclang-parser.cc" break; case 415: // act: "ACTION_TRANSFORMATION_LOWERCASE" -#line 2937 "seclang-parser.yy" +#line 2940 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::LowerCase(yystack_[0].value.as < std::string > ())); } -#line 5451 "seclang-parser.cc" +#line 5454 "seclang-parser.cc" break; case 416: // act: "ACTION_TRANSFORMATION_UPPERCASE" -#line 2941 "seclang-parser.yy" +#line 2944 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UpperCase(yystack_[0].value.as < std::string > ())); } -#line 5459 "seclang-parser.cc" +#line 5462 "seclang-parser.cc" break; case 417: // act: "ACTION_TRANSFORMATION_URL_DECODE_UNI" -#line 2945 "seclang-parser.yy" +#line 2948 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecodeUni(yystack_[0].value.as < std::string > ())); } -#line 5467 "seclang-parser.cc" +#line 5470 "seclang-parser.cc" break; case 418: // act: "ACTION_TRANSFORMATION_URL_DECODE" -#line 2949 "seclang-parser.yy" +#line 2952 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecode(yystack_[0].value.as < std::string > ())); } -#line 5475 "seclang-parser.cc" +#line 5478 "seclang-parser.cc" break; case 419: // act: "ACTION_TRANSFORMATION_URL_ENCODE" -#line 2953 "seclang-parser.yy" +#line 2956 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlEncode(yystack_[0].value.as < std::string > ())); } -#line 5483 "seclang-parser.cc" +#line 5486 "seclang-parser.cc" break; case 420: // act: "ACTION_TRANSFORMATION_NONE" -#line 2957 "seclang-parser.yy" +#line 2960 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::None(yystack_[0].value.as < std::string > ())); } -#line 5491 "seclang-parser.cc" +#line 5494 "seclang-parser.cc" break; case 421: // act: "ACTION_TRANSFORMATION_COMPRESS_WHITESPACE" -#line 2961 "seclang-parser.yy" +#line 2964 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CompressWhitespace(yystack_[0].value.as < std::string > ())); } -#line 5499 "seclang-parser.cc" +#line 5502 "seclang-parser.cc" break; case 422: // act: "ACTION_TRANSFORMATION_REMOVE_WHITESPACE" -#line 2965 "seclang-parser.yy" +#line 2968 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveWhitespace(yystack_[0].value.as < std::string > ())); } -#line 5507 "seclang-parser.cc" +#line 5510 "seclang-parser.cc" break; case 423: // act: "ACTION_TRANSFORMATION_REPLACE_NULLS" -#line 2969 "seclang-parser.yy" +#line 2972 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceNulls(yystack_[0].value.as < std::string > ())); } -#line 5515 "seclang-parser.cc" +#line 5518 "seclang-parser.cc" break; case 424: // act: "ACTION_TRANSFORMATION_REMOVE_NULLS" -#line 2973 "seclang-parser.yy" +#line 2976 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveNulls(yystack_[0].value.as < std::string > ())); } -#line 5523 "seclang-parser.cc" +#line 5526 "seclang-parser.cc" break; case 425: // act: "ACTION_TRANSFORMATION_HTML_ENTITY_DECODE" -#line 2977 "seclang-parser.yy" +#line 2980 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HtmlEntityDecode(yystack_[0].value.as < std::string > ())); } -#line 5531 "seclang-parser.cc" +#line 5534 "seclang-parser.cc" break; case 426: // act: "ACTION_TRANSFORMATION_JS_DECODE" -#line 2981 "seclang-parser.yy" +#line 2984 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::JsDecode(yystack_[0].value.as < std::string > ())); } -#line 5539 "seclang-parser.cc" +#line 5542 "seclang-parser.cc" break; case 427: // act: "ACTION_TRANSFORMATION_CSS_DECODE" -#line 2985 "seclang-parser.yy" +#line 2988 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CssDecode(yystack_[0].value.as < std::string > ())); } -#line 5547 "seclang-parser.cc" +#line 5550 "seclang-parser.cc" break; case 428: // act: "ACTION_TRANSFORMATION_TRIM" -#line 2989 "seclang-parser.yy" +#line 2992 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Trim(yystack_[0].value.as < std::string > ())); } -#line 5555 "seclang-parser.cc" +#line 5558 "seclang-parser.cc" break; case 429: // act: "ACTION_TRANSFORMATION_TRIM_LEFT" -#line 2993 "seclang-parser.yy" +#line 2996 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimLeft(yystack_[0].value.as < std::string > ())); } -#line 5563 "seclang-parser.cc" +#line 5566 "seclang-parser.cc" break; case 430: // act: "ACTION_TRANSFORMATION_TRIM_RIGHT" -#line 2997 "seclang-parser.yy" +#line 3000 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimRight(yystack_[0].value.as < std::string > ())); } -#line 5571 "seclang-parser.cc" +#line 5574 "seclang-parser.cc" break; case 431: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH_WIN" -#line 3001 "seclang-parser.yy" +#line 3004 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePathWin(yystack_[0].value.as < std::string > ())); } -#line 5579 "seclang-parser.cc" +#line 5582 "seclang-parser.cc" break; case 432: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH" -#line 3005 "seclang-parser.yy" +#line 3008 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePath(yystack_[0].value.as < std::string > ())); } -#line 5587 "seclang-parser.cc" +#line 5590 "seclang-parser.cc" break; case 433: // act: "ACTION_TRANSFORMATION_LENGTH" -#line 3009 "seclang-parser.yy" +#line 3012 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Length(yystack_[0].value.as < std::string > ())); } -#line 5595 "seclang-parser.cc" +#line 5598 "seclang-parser.cc" break; case 434: // act: "ACTION_TRANSFORMATION_UTF8_TO_UNICODE" -#line 3013 "seclang-parser.yy" +#line 3016 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Utf8ToUnicode(yystack_[0].value.as < std::string > ())); } -#line 5603 "seclang-parser.cc" +#line 5606 "seclang-parser.cc" break; case 435: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR" -#line 3017 "seclang-parser.yy" +#line 3020 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveCommentsChar(yystack_[0].value.as < std::string > ())); } -#line 5611 "seclang-parser.cc" +#line 5614 "seclang-parser.cc" break; case 436: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS" -#line 3021 "seclang-parser.yy" +#line 3024 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveComments(yystack_[0].value.as < std::string > ())); } -#line 5619 "seclang-parser.cc" +#line 5622 "seclang-parser.cc" break; case 437: // act: "ACTION_TRANSFORMATION_REPLACE_COMMENTS" -#line 3025 "seclang-parser.yy" +#line 3028 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceComments(yystack_[0].value.as < std::string > ())); } -#line 5627 "seclang-parser.cc" +#line 5630 "seclang-parser.cc" break; case 438: // setvar_action: "NOT" var -#line 3032 "seclang-parser.yy" +#line 3035 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::unsetOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5635 "seclang-parser.cc" +#line 5638 "seclang-parser.cc" break; case 439: // setvar_action: var -#line 3036 "seclang-parser.yy" +#line 3039 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setToOneOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5643 "seclang-parser.cc" +#line 5646 "seclang-parser.cc" break; case 440: // setvar_action: var SETVAR_OPERATION_EQUALS run_time_string -#line 3040 "seclang-parser.yy" +#line 3043 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5651 "seclang-parser.cc" +#line 5654 "seclang-parser.cc" break; case 441: // setvar_action: var SETVAR_OPERATION_EQUALS_PLUS run_time_string -#line 3044 "seclang-parser.yy" +#line 3047 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::sumAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5659 "seclang-parser.cc" +#line 5662 "seclang-parser.cc" break; case 442: // setvar_action: var SETVAR_OPERATION_EQUALS_MINUS run_time_string -#line 3048 "seclang-parser.yy" +#line 3051 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::substractAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5667 "seclang-parser.cc" +#line 5670 "seclang-parser.cc" break; case 443: // run_time_string: run_time_string "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3055 "seclang-parser.yy" +#line 3058 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->appendText(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5676 "seclang-parser.cc" +#line 5679 "seclang-parser.cc" break; case 444: // run_time_string: run_time_string var -#line 3060 "seclang-parser.yy" +#line 3063 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->appendVar(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5685 "seclang-parser.cc" +#line 5688 "seclang-parser.cc" break; case 445: // run_time_string: "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3065 "seclang-parser.yy" +#line 3068 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->appendText(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5695 "seclang-parser.cc" +#line 5698 "seclang-parser.cc" break; case 446: // run_time_string: var -#line 3071 "seclang-parser.yy" +#line 3074 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->appendVar(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5705 "seclang-parser.cc" +#line 5708 "seclang-parser.cc" break; -#line 5709 "seclang-parser.cc" +#line 5712 "seclang-parser.cc" default: break; @@ -7236,44 +7239,44 @@ namespace yy { 934, 938, 942, 946, 950, 954, 958, 963, 967, 971, 975, 979, 983, 988, 993, 997, 1001, 1005, 1009, 1013, 1017, 1021, 1025, 1029, 1033, 1037, 1041, 1045, 1049, 1053, - 1057, 1061, 1065, 1069, 1083, 1084, 1114, 1133, 1152, 1180, - 1237, 1244, 1248, 1252, 1256, 1260, 1264, 1268, 1272, 1281, - 1285, 1290, 1293, 1298, 1303, 1308, 1313, 1316, 1321, 1324, - 1329, 1334, 1337, 1342, 1347, 1352, 1357, 1362, 1367, 1372, - 1375, 1380, 1385, 1390, 1395, 1398, 1403, 1408, 1413, 1426, - 1439, 1452, 1465, 1478, 1504, 1532, 1544, 1564, 1591, 1596, - 1602, 1607, 1612, 1621, 1626, 1630, 1634, 1638, 1642, 1646, - 1650, 1655, 1660, 1672, 1678, 1682, 1686, 1697, 1706, 1707, - 1714, 1719, 1724, 1778, 1785, 1793, 1830, 1834, 1841, 1846, - 1852, 1858, 1864, 1871, 1881, 1885, 1889, 1893, 1897, 1901, - 1905, 1909, 1913, 1917, 1921, 1925, 1929, 1933, 1937, 1941, - 1945, 1949, 1953, 1957, 1961, 1965, 1969, 1973, 1977, 1981, - 1985, 1989, 1993, 1997, 2001, 2005, 2009, 2013, 2017, 2021, - 2025, 2029, 2033, 2037, 2041, 2045, 2049, 2053, 2057, 2061, - 2065, 2069, 2073, 2077, 2081, 2085, 2089, 2093, 2097, 2101, - 2105, 2109, 2113, 2117, 2121, 2125, 2129, 2133, 2137, 2141, - 2145, 2149, 2153, 2157, 2161, 2165, 2169, 2173, 2177, 2181, - 2185, 2189, 2193, 2197, 2201, 2205, 2209, 2213, 2217, 2221, - 2225, 2229, 2233, 2237, 2241, 2245, 2249, 2254, 2258, 2262, - 2267, 2271, 2275, 2280, 2285, 2289, 2293, 2297, 2301, 2305, - 2309, 2313, 2317, 2321, 2325, 2329, 2333, 2337, 2341, 2345, - 2349, 2353, 2357, 2361, 2365, 2369, 2373, 2377, 2381, 2385, - 2389, 2393, 2397, 2401, 2405, 2409, 2413, 2417, 2421, 2425, - 2429, 2433, 2437, 2441, 2445, 2449, 2453, 2457, 2461, 2465, - 2469, 2473, 2477, 2481, 2485, 2489, 2493, 2497, 2501, 2505, - 2509, 2513, 2517, 2521, 2525, 2529, 2533, 2541, 2548, 2555, - 2562, 2569, 2576, 2583, 2590, 2597, 2604, 2611, 2618, 2628, - 2632, 2636, 2640, 2644, 2648, 2652, 2656, 2661, 2665, 2670, - 2674, 2678, 2682, 2686, 2691, 2696, 2700, 2704, 2708, 2712, - 2716, 2720, 2724, 2728, 2732, 2736, 2740, 2744, 2748, 2752, - 2756, 2760, 2764, 2768, 2772, 2776, 2780, 2784, 2788, 2792, - 2796, 2800, 2804, 2808, 2812, 2816, 2820, 2824, 2828, 2832, - 2836, 2840, 2844, 2848, 2852, 2856, 2860, 2864, 2868, 2872, - 2876, 2880, 2884, 2888, 2892, 2896, 2900, 2904, 2908, 2912, - 2916, 2920, 2924, 2928, 2932, 2936, 2940, 2944, 2948, 2952, - 2956, 2960, 2964, 2968, 2972, 2976, 2980, 2984, 2988, 2992, - 2996, 3000, 3004, 3008, 3012, 3016, 3020, 3024, 3031, 3035, - 3039, 3043, 3047, 3054, 3059, 3064, 3070 + 1057, 1061, 1065, 1069, 1083, 1084, 1115, 1134, 1154, 1183, + 1240, 1247, 1251, 1255, 1259, 1263, 1267, 1271, 1275, 1284, + 1288, 1293, 1296, 1301, 1306, 1311, 1316, 1319, 1324, 1327, + 1332, 1337, 1340, 1345, 1350, 1355, 1360, 1365, 1370, 1375, + 1378, 1383, 1388, 1393, 1398, 1401, 1406, 1411, 1416, 1429, + 1442, 1455, 1468, 1481, 1507, 1535, 1547, 1567, 1594, 1599, + 1605, 1610, 1615, 1624, 1629, 1633, 1637, 1641, 1645, 1649, + 1653, 1658, 1663, 1675, 1681, 1685, 1689, 1700, 1709, 1710, + 1717, 1722, 1727, 1781, 1788, 1796, 1833, 1837, 1844, 1849, + 1855, 1861, 1867, 1874, 1884, 1888, 1892, 1896, 1900, 1904, + 1908, 1912, 1916, 1920, 1924, 1928, 1932, 1936, 1940, 1944, + 1948, 1952, 1956, 1960, 1964, 1968, 1972, 1976, 1980, 1984, + 1988, 1992, 1996, 2000, 2004, 2008, 2012, 2016, 2020, 2024, + 2028, 2032, 2036, 2040, 2044, 2048, 2052, 2056, 2060, 2064, + 2068, 2072, 2076, 2080, 2084, 2088, 2092, 2096, 2100, 2104, + 2108, 2112, 2116, 2120, 2124, 2128, 2132, 2136, 2140, 2144, + 2148, 2152, 2156, 2160, 2164, 2168, 2172, 2176, 2180, 2184, + 2188, 2192, 2196, 2200, 2204, 2208, 2212, 2216, 2220, 2224, + 2228, 2232, 2236, 2240, 2244, 2248, 2252, 2257, 2261, 2265, + 2270, 2274, 2278, 2283, 2288, 2292, 2296, 2300, 2304, 2308, + 2312, 2316, 2320, 2324, 2328, 2332, 2336, 2340, 2344, 2348, + 2352, 2356, 2360, 2364, 2368, 2372, 2376, 2380, 2384, 2388, + 2392, 2396, 2400, 2404, 2408, 2412, 2416, 2420, 2424, 2428, + 2432, 2436, 2440, 2444, 2448, 2452, 2456, 2460, 2464, 2468, + 2472, 2476, 2480, 2484, 2488, 2492, 2496, 2500, 2504, 2508, + 2512, 2516, 2520, 2524, 2528, 2532, 2536, 2544, 2551, 2558, + 2565, 2572, 2579, 2586, 2593, 2600, 2607, 2614, 2621, 2631, + 2635, 2639, 2643, 2647, 2651, 2655, 2659, 2664, 2668, 2673, + 2677, 2681, 2685, 2689, 2694, 2699, 2703, 2707, 2711, 2715, + 2719, 2723, 2727, 2731, 2735, 2739, 2743, 2747, 2751, 2755, + 2759, 2763, 2767, 2771, 2775, 2779, 2783, 2787, 2791, 2795, + 2799, 2803, 2807, 2811, 2815, 2819, 2823, 2827, 2831, 2835, + 2839, 2843, 2847, 2851, 2855, 2859, 2863, 2867, 2871, 2875, + 2879, 2883, 2887, 2891, 2895, 2899, 2903, 2907, 2911, 2915, + 2919, 2923, 2927, 2931, 2935, 2939, 2943, 2947, 2951, 2955, + 2959, 2963, 2967, 2971, 2975, 2979, 2983, 2987, 2991, 2995, + 2999, 3003, 3007, 3011, 3015, 3019, 3023, 3027, 3034, 3038, + 3042, 3046, 3050, 3057, 3062, 3067, 3073 }; void @@ -7305,9 +7308,9 @@ namespace yy { } // yy -#line 7309 "seclang-parser.cc" +#line 7312 "seclang-parser.cc" -#line 3077 "seclang-parser.yy" +#line 3080 "seclang-parser.yy" void yy::seclang_parser::error (const location_type& l, const std::string& m) { diff --git a/src/deps/src/modsecurity/src/parser/seclang-parser.yy b/src/deps/src/modsecurity/src/parser/seclang-parser.yy index 0be74565cd..41583768f5 100644 --- a/src/deps/src/modsecurity/src/parser/seclang-parser.yy +++ b/src/deps/src/modsecurity/src/parser/seclang-parser.yy @@ -1086,8 +1086,9 @@ expression: std::vector *a = new std::vector(); std::vector *t = new std::vector(); for (auto &i : *$4.get()) { - if (dynamic_cast(i.get())) { - t->push_back(dynamic_cast(i.release())); + if (auto pt = dynamic_cast(i.get())) { + t->push_back(pt); + i.release(); } else { a->push_back(i.release()); } @@ -1135,8 +1136,9 @@ expression: std::vector *a = new std::vector(); std::vector *t = new std::vector(); for (auto &i : *$2.get()) { - if (dynamic_cast(i.get())) { - t->push_back(dynamic_cast(i.release())); + if (auto pt = dynamic_cast(i.get())) { + t->push_back(pt); + i.release(); } else { a->push_back(i.release()); } @@ -1155,8 +1157,9 @@ expression: std::vector *a = new std::vector(); std::vector *t = new std::vector(); for (auto &i : *$2.get()) { - if (dynamic_cast(i.get())) { - t->push_back(dynamic_cast(i.release())); + if (auto pt = dynamic_cast(i.get())) { + t->push_back(pt); + i.release(); } else { a->push_back(i.release()); } @@ -1196,8 +1199,8 @@ expression: definedPhase = phase->m_phase; secRuleDefinedPhase = phase->m_secRulesPhase; delete phase; - } else if (a->action_kind == actions::Action::RunTimeOnlyIfMatchKind || - a->action_kind == actions::Action::RunTimeBeforeMatchAttemptKind) { + } else if (a->action_kind == actions::Action::Kind::RunTimeOnlyIfMatchKind || + a->action_kind == actions::Action::Kind::RunTimeBeforeMatchAttemptKind) { actions::transformations::None *none = dynamic_cast(a); if (none != NULL) { driver.error(@0, "The transformation none is not suitable to be part of the SecDefaultActions"); diff --git a/src/deps/src/modsecurity/src/parser/seclang-scanner.cc b/src/deps/src/modsecurity/src/parser/seclang-scanner.cc index c0d4d7661a..4e55e00bf0 100644 --- a/src/deps/src/modsecurity/src/parser/seclang-scanner.cc +++ b/src/deps/src/modsecurity/src/parser/seclang-scanner.cc @@ -4900,13 +4900,14 @@ static std::stack YY_PREVIOUS_STATE; // The location of the current token. #line 4902 "seclang-scanner.cc" #define YY_NO_INPUT 1 +#define YY_NO_UNISTD_H 1 #line 494 "seclang-scanner.ll" // Code run each time a pattern is matched. # define YY_USER_ACTION driver.loc.back()->columns (yyleng); -#line 4909 "seclang-scanner.cc" #line 4910 "seclang-scanner.cc" +#line 4911 "seclang-scanner.cc" #define INITIAL 0 #define EXPECTING_ACTION_PREDICATE_VARIABLE 1 @@ -5228,7 +5229,7 @@ YY_DECL // Code run each time yylex is called. driver.loc.back()->step(); -#line 5232 "seclang-scanner.cc" +#line 5233 "seclang-scanner.cc" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -8334,7 +8335,7 @@ YY_RULE_SETUP #line 1340 "seclang-scanner.ll" ECHO; YY_BREAK -#line 8338 "seclang-scanner.cc" +#line 8339 "seclang-scanner.cc" case YY_END_OF_BUFFER: { @@ -8956,7 +8957,7 @@ static void yy_load_buffer_state (void) /* %if-c-only */ - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + b->yy_is_interactive = 0; /* %endif */ /* %if-c++-only */ diff --git a/src/deps/src/modsecurity/src/parser/seclang-scanner.ll b/src/deps/src/modsecurity/src/parser/seclang-scanner.ll index c6756d6ff8..c1a04a65d4 100755 --- a/src/deps/src/modsecurity/src/parser/seclang-scanner.ll +++ b/src/deps/src/modsecurity/src/parser/seclang-scanner.ll @@ -73,7 +73,7 @@ static std::stack YY_PREVIOUS_STATE; // The location of the current token. %} -%option noyywrap nounput batch debug noinput +%option noyywrap nounput batch debug noinput nounistd never-interactive diff --git a/src/deps/src/modsecurity/src/request_body_processor/multipart.cc b/src/deps/src/modsecurity/src/request_body_processor/multipart.cc index 78dc5d9c97..71d0d0e889 100644 --- a/src/deps/src/modsecurity/src/request_body_processor/multipart.cc +++ b/src/deps/src/modsecurity/src/request_body_processor/multipart.cc @@ -21,7 +21,12 @@ #include #include #include +#ifndef WIN32 #include +#else +#include +#include "src/compat/msvc.h" +#endif #include #include #include @@ -60,28 +65,34 @@ MultipartPartTmpFile::~MultipartPartTmpFile() { } void MultipartPartTmpFile::Open() { - struct tm timeinfo; - char tstr[300]; - time_t tt = time(NULL); + time_t tt = time(nullptr); + struct tm timeinfo; localtime_r(&tt, &timeinfo); - memset(tstr, '\0', 300); - strftime(tstr, 299, "/%Y%m%d-%H%M%S", &timeinfo); + char tstr[std::size("/yyyymmdd-hhmmss")]; + strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M%S", &timeinfo); std::string path = m_transaction->m_rules->m_uploadDirectory.m_value; path = path + tstr + "-" + *m_transaction->m_id.get(); path += "-file-XXXXXX"; - char* tmp = strdup(path.c_str()); - m_tmp_file_fd = mkstemp(tmp); - m_tmp_file_name.assign(tmp); - free(tmp); +#ifndef WIN32 + m_tmp_file_fd = mkstemp(path.data()); +#else + _mktemp_s(path.data(), path.length()+1); + m_tmp_file_fd = _open(path.c_str(), _O_CREAT | _O_EXCL | _O_RDWR); +#endif + m_tmp_file_name = path; ms_dbg_a(m_transaction, 4, "MultipartPartTmpFile: Create filename= " + m_tmp_file_name); int mode = m_transaction->m_rules->m_uploadFileMode.m_value; if ((m_tmp_file_fd != -1) && (mode != 0)) { +#ifndef WIN32 if (fchmod(m_tmp_file_fd, mode) == -1) { +#else + if (_chmod(m_tmp_file_name.c_str(), mode) == -1) { +#endif m_tmp_file_fd = -1; } } @@ -231,7 +242,7 @@ int Multipart::boundary_characters_valid(const char *boundary) { void Multipart::validate_quotes(const char *data, char quote) { - int i, len; + int len; if (data == NULL) return; @@ -244,7 +255,7 @@ void Multipart::validate_quotes(const char *data, char quote) { len = strlen(data); - for (i = 0; i < len; i++) { + for (int i = 0;i < len;i++) { if (data[i] == '\'') { ms_dbg_a(m_transaction, 9, "Multipart: Invalid quoting detected: " \ @@ -844,7 +855,7 @@ int Multipart::process_part_header(std::string *error, int offset) { } new_value = std::string(data); - utils::string::chomp(&new_value); + utils::string::chomp(new_value); /* update the header value in the table */ header_value = m_mpp->m_headers.at( @@ -905,6 +916,18 @@ int Multipart::process_part_header(std::string *error, int offset) { return false; } + /* check if multipart header contains any invalid characters */ + for (const auto& ch : header_name) { + if (ch < 33 || ch > 126) { + ms_dbg_a(m_transaction, 1, + "Multipart: Invalid part header " \ + "(contains invalid character)."); + error->assign("Multipart: Invalid part header "\ + "(contains invalid character)."); + return false; + } + } + /* extract the value value */ data++; i++; @@ -913,7 +936,7 @@ int Multipart::process_part_header(std::string *error, int offset) { i++; } header_value = std::string(data); - utils::string::chomp(&header_value); + utils::string::chomp(header_value); /* error if the name already exists */ if (m_mpp->m_headers.count(header_name) > 0) { @@ -1258,22 +1281,10 @@ int Multipart::multipart_complete(std::string *error) { int Multipart::count_boundary_params(const std::string& str_header_value) { - std::string lower = utils::string::tolower(str_header_value); - const char *header_value = lower.c_str(); - char *duplicate = NULL; - char *s = NULL; int count = 0; - if (header_value == NULL) { - return -1; - } - - duplicate = strdup(header_value); - if (duplicate == NULL) { - return -1; - } - - s = duplicate; + const auto lower = utils::string::tolower(str_header_value); + const char *s = lower.c_str(); while ((s = strstr(s, "boundary")) != NULL) { s += 8; @@ -1282,7 +1293,6 @@ int Multipart::count_boundary_params(const std::string& str_header_value) { } } - free(duplicate); return count; } diff --git a/src/deps/src/modsecurity/src/rule_message.cc b/src/deps/src/modsecurity/src/rule_message.cc index b88ca5c6be..5be23839eb 100644 --- a/src/deps/src/modsecurity/src/rule_message.cc +++ b/src/deps/src/modsecurity/src/rule_message.cc @@ -42,8 +42,8 @@ std::string RuleMessage::_details(const RuleMessage *rm) { msg.append(" [tag \"" + utils::string::toHexIfNeeded(a, true) + "\"]"); } - msg.append(" [hostname \"" + *rm->m_serverIpAddress.get() \ - + "\"]"); + msg.append(" [hostname \"" + *rm->m_requestHostName.get() + "\"]"); + msg.append(" [uri \"" + utils::string::limitTo(200, *rm->m_uriNoQueryStringDecoded.get()) + "\"]"); msg.append(" [unique_id \"" + *rm->m_id + "\"]"); msg.append(" [ref \"" + utils::string::limitTo(200, rm->m_reference) + "\"]"); diff --git a/src/deps/src/modsecurity/src/rule_with_actions.cc b/src/deps/src/modsecurity/src/rule_with_actions.cc index 04ee219c4b..1cde80054c 100644 --- a/src/deps/src/modsecurity/src/rule_with_actions.cc +++ b/src/deps/src/modsecurity/src/rule_with_actions.cc @@ -17,6 +17,7 @@ #include +#include #include #include #include @@ -24,6 +25,7 @@ #include #include #include +#include #include "modsecurity/rules_set.h" #include "src/operators/operator.h" @@ -86,45 +88,50 @@ RuleWithActions::RuleWithActions( if (actions) { for (Action *a : *actions) { - if (a->action_kind == Action::ConfigurationKind) { - a->evaluate(this, NULL); - delete a; - - } else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) { - if (dynamic_cast(a)) { - m_containsCaptureAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_containsMultiMatchAction = true; + switch (a->action_kind) { + case Action::Kind::ConfigurationKind: + a->evaluate(this, NULL); delete a; - } else if (dynamic_cast(a)) { - m_severity = dynamic_cast(a); - } else if (dynamic_cast(a)) { - m_logData = dynamic_cast(a); - } else if (dynamic_cast(a)) { - m_msg = dynamic_cast(a); - } else if (dynamic_cast(a)) { - m_actionsSetVar.push_back( - dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_actionsTag.push_back(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_actionsRuntimePos.push_back(a); - m_containsStaticBlockAction = true; - } else if (a->isDisruptive() == true) { - if (m_disruptiveAction != nullptr) { - delete m_disruptiveAction; - m_disruptiveAction = nullptr; + break; + case Action::Kind::RunTimeOnlyIfMatchKind: + if (dynamic_cast(a)) { + m_containsCaptureAction = true; + delete a; + } else if (dynamic_cast(a)) { + m_containsMultiMatchAction = true; + delete a; + } else if (auto sa = dynamic_cast(a)) { + m_severity = sa; + } else if (auto lda = dynamic_cast(a)) { + m_logData = lda; + } else if (auto ma = dynamic_cast(a)) { + m_msg = ma; + } else if (auto sva = dynamic_cast(a)) { + m_actionsSetVar.push_back(sva); + } else if (auto ta = dynamic_cast(a)) { + m_actionsTag.push_back(ta); + } else if (dynamic_cast(a)) { + m_actionsRuntimePos.push_back(a); + m_containsStaticBlockAction = true; + } else if (a->isDisruptive() == true) { + if (m_disruptiveAction != nullptr) { + delete m_disruptiveAction; + m_disruptiveAction = nullptr; + } + m_disruptiveAction = a; + } else { + m_actionsRuntimePos.push_back(a); } - m_disruptiveAction = a; - } else { - m_actionsRuntimePos.push_back(a); - } - } else { - delete a; - std::cout << "General failure, action: " << a->m_name; - std::cout << " has an unknown type." << std::endl; - throw; + break; + default: + std::cout << "General failure, action: " << a->m_name; + std::cout << " has an unknown type." << std::endl; + delete a; + #ifdef NDEBUG + break; + #else + assert(false); + #endif } } delete actions; @@ -172,9 +179,7 @@ RuleWithActions::~RuleWithActions() { bool RuleWithActions::evaluate(Transaction *transaction) { - RuleMessage rm(this, transaction); - std::shared_ptr rm2 = std::make_shared(&rm); - return evaluate(transaction, rm2); + return evaluate(transaction, std::make_shared(this, transaction)); } @@ -208,7 +213,7 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction * if (m_ruleId != b.first) { continue; } - actions::Action *a = dynamic_cast(b.second.get()); + actions::Action *a = b.second.get(); if (a->isDisruptive() == true && *a->m_name.get() == "block") { ms_dbg_a(trans, 9, "Rule contains a `block' action"); *containsBlock = true; @@ -241,8 +246,8 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans, bool containsBlock, std::shared_ptr ruleMessage) { bool disruptiveAlreadyExecuted = false; - for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { - if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) { + for (const auto &a : trans->m_rules->m_defaultActions[getPhase()]) { // cppcheck-suppress ctunullpointer + if (a.get()->action_kind != actions::Action::Kind::RunTimeOnlyIfMatchKind) { continue; } if (!a.get()->isDisruptive()) { @@ -261,7 +266,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans, if (m_ruleId != b.first) { continue; } - actions::Action *a = dynamic_cast(b.second.get()); + actions::Action *a = b.second.get(); executeAction(trans, containsBlock, ruleMessage, a, false); disruptiveAlreadyExecuted = true; } @@ -319,50 +324,42 @@ void RuleWithActions::executeAction(Transaction *trans, inline void RuleWithActions::executeTransformation( - actions::transformations::Transformation *a, - std::shared_ptr *value, - Transaction *trans, - TransformationResults *ret, - std::string *path, - int *nth) const { - - std::string *oldValue = (*value).get(); - std::string newValue = a->evaluate(*oldValue, trans); - - if (newValue != *oldValue) { - std::shared_ptr u(new std::string(newValue)); - if (m_containsMultiMatchAction) { - ret->push_back(std::make_pair(u, a->m_name)); - (*nth)++; - } - *value = u; + const actions::transformations::Transformation &a, + std::string &value, + const Transaction *trans, + TransformationResults &ret, + std::string &path, + int &nth) const { + + if (a.transform(value, trans) && + m_containsMultiMatchAction) { + ret.emplace_back(value, a.m_name); + nth++; } - if (path->empty()) { - path->append(*a->m_name.get()); + if (path.empty()) { + path.append(*a.m_name.get()); } else { - path->append("," + *a->m_name.get()); + path.append("," + *a.m_name.get()); } ms_dbg_a(trans, 9, " T (" + \ - std::to_string(*nth) + ") " + \ - *a->m_name.get() + ": \"" + \ - utils::string::limitTo(80, newValue) +"\""); + std::to_string(nth) + ") " + \ + *a.m_name.get() + ": \"" + \ + utils::string::limitTo(80, value) +"\""); } void RuleWithActions::executeTransformations( - Transaction *trans, const std::string &in, TransformationResults &ret) { + const Transaction *trans, const std::string &in, TransformationResults &ret) { int none = 0; int transformations = 0; - std::string path(""); - std::shared_ptr value = - std::shared_ptr(new std::string(in)); + std::string path; + auto value = in; if (m_containsMultiMatchAction == true) { /* keep the original value */ - ret.push_back(std::make_pair( - std::shared_ptr(new std::string(*value)), - std::shared_ptr(new std::string(path)))); + ret.emplace_back(value, + std::make_shared(path)); } for (Action *a : m_transformations) { @@ -377,22 +374,23 @@ void RuleWithActions::executeTransformations( if (none == 0) { for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { if (a->action_kind \ - != actions::Action::RunTimeBeforeMatchAttemptKind) { + != actions::Action::Kind::RunTimeBeforeMatchAttemptKind) { continue; } // FIXME: here the object needs to be a transformation already. - Transformation *t = dynamic_cast(a.get()); - executeTransformation(t, &value, trans, &ret, &path, - &transformations); + auto t = dynamic_cast(a.get()); + assert(t != nullptr); + executeTransformation(*t, value, trans, ret, path, + transformations); } } - for (Transformation *a : m_transformations) { + for (const Transformation *a : m_transformations) { + assert(a != nullptr); if (none == 0) { - Transformation *t = dynamic_cast(a); - executeTransformation(t, &value, trans, &ret, &path, - &transformations); + executeTransformation(*a, value, trans, ret, path, + transformations); } if (a->m_isNone) { none--; @@ -406,7 +404,8 @@ void RuleWithActions::executeTransformations( if (m_ruleId != b.first) { continue; } - Transformation *a = dynamic_cast(b.second.get()); + auto a = dynamic_cast(b.second.get()); + assert(a != nullptr); if (a->m_isNone) { none++; } @@ -417,11 +416,11 @@ void RuleWithActions::executeTransformations( if (m_ruleId != b.first) { continue; } - Transformation *a = dynamic_cast(b.second.get()); + auto a = dynamic_cast(b.second.get()); + assert(a != nullptr); if (none == 0) { - Transformation *t = dynamic_cast(a); - executeTransformation(t, &value, trans, &ret, &path, - &transformations); + executeTransformation(*a, value, trans, ret, path, + transformations); } if (a->m_isNone) { none--; @@ -435,9 +434,8 @@ void RuleWithActions::executeTransformations( } if (!m_containsMultiMatchAction) { - ret.push_back(std::make_pair( - std::shared_ptr(new std::string(*value)), - std::shared_ptr(new std::string(path)))); + ret.emplace_back(value, + std::make_shared(path)); } } @@ -475,7 +473,7 @@ std::vector RuleWithActions::getActionsByName(const std::stri if (m_ruleId != b.first) { continue; } - actions::Action *z = dynamic_cast(b.second.get()); + actions::Action *z = b.second.get(); if (*z->m_name.get() == name) { ret.push_back(z); } @@ -485,7 +483,7 @@ std::vector RuleWithActions::getActionsByName(const std::stri if (m_ruleId != b.first) { continue; } - actions::Action *z = dynamic_cast(b.second.get()); + actions::Action *z = b.second.get(); if (*z->m_name.get() == name) { ret.push_back(z); } diff --git a/src/deps/src/modsecurity/src/rule_with_operator.cc b/src/deps/src/modsecurity/src/rule_with_operator.cc index 21d9362827..b043af5c17 100644 --- a/src/deps/src/modsecurity/src/rule_with_operator.cc +++ b/src/deps/src/modsecurity/src/rule_with_operator.cc @@ -92,6 +92,7 @@ void RuleWithOperator::updateMatchedVars(Transaction *trans, const std::string & void RuleWithOperator::cleanMatchedVars(Transaction *trans) { ms_dbg_a(trans, 9, "Matched vars cleaned."); + // cppcheck-suppress ctunullpointer trans->m_variableMatchedVar.unset(); trans->m_variableMatchedVars.unset(); trans->m_variableMatchedVarName.unset(); @@ -130,56 +131,43 @@ bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string & } -void RuleWithOperator::getVariablesExceptions(Transaction *t, - variables::Variables *exclusion, variables::Variables *addition) { - for (auto &a : t->m_rules->m_exceptions.m_variable_update_target_by_tag) { - if (containsTag(*a.first.get(), t) == false) { - continue; - } - Variable *b = a.second.get(); - if (dynamic_cast(b)) { - exclusion->push_back( - dynamic_cast( - b)->m_base.get()); - } else { - addition->push_back(b); +template +void getVariablesExceptionsHelper( + variables::Variables *exclusion, variables::Variables *addition, + const MapType &map, Operation op) { + for (const auto &[x, v] : map) { + if (op(x)) { + auto b = v.get(); + if (auto vme = dynamic_cast(b)) { + exclusion->push_back(vme->m_base.get()); + } else { + addition->push_back(b); + } } } +} - for (auto &a : t->m_rules->m_exceptions.m_variable_update_target_by_msg) { - if (containsMsg(*a.first.get(), t) == false) { - continue; - } - Variable *b = a.second.get(); - if (dynamic_cast(b)) { - exclusion->push_back( - dynamic_cast( - b)->m_base.get()); - } else { - addition->push_back(b); - } - } - for (auto &a : t->m_rules->m_exceptions.m_variable_update_target_by_id) { - if (m_ruleId != a.first) { - continue; - } - Variable *b = a.second.get(); - if (dynamic_cast(b)) { - exclusion->push_back( - dynamic_cast( - b)->m_base.get()); - } else { - addition->push_back(b); - } - } +void RuleWithOperator::getVariablesExceptions(Transaction &t, + variables::Variables *exclusion, variables::Variables *addition) { + getVariablesExceptionsHelper(exclusion, addition, + t.m_rules->m_exceptions.m_variable_update_target_by_tag, + [this, &t](const auto &tag) { return containsTag(*tag.get(), &t); }); + + getVariablesExceptionsHelper(exclusion, addition, + t.m_rules->m_exceptions.m_variable_update_target_by_msg, + [this, &t](const auto &msg) { return containsMsg(*msg.get(), &t); }); + + getVariablesExceptionsHelper(exclusion, addition, + t.m_rules->m_exceptions.m_variable_update_target_by_id, + [this](const auto &id) { return m_ruleId == id; }); } inline void RuleWithOperator::getFinalVars(variables::Variables *vars, variables::Variables *exclusion, Transaction *trans) { variables::Variables addition; - getVariablesExceptions(trans, exclusion, &addition); + getVariablesExceptions(*trans, exclusion, &addition); // cppcheck-suppress ctunullpointer for (int i = 0; i < m_variables->size(); i++) { Variable *variable = m_variables->at(i); @@ -308,16 +296,15 @@ bool RuleWithOperator::evaluate(Transaction *trans, executeTransformations(trans, value, values); for (const auto &valueTemp : values) { - bool ret; - std::string valueAfterTrans = std::move(*valueTemp.first); + const auto &valueAfterTrans = valueTemp.first; - ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage); + const bool ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage); if (ret == true) { ruleMessage->m_match = m_operator->resolveMatchMessage(trans, key, value); - for (auto &i : v->getOrigin()) { - ruleMessage->m_reference.append(i->toText()); + for (const auto &i : v->getOrigin()) { + ruleMessage->m_reference.append(i.toText()); } ruleMessage->m_reference.append(*valueTemp.second); diff --git a/src/deps/src/modsecurity/src/rules_exceptions.cc b/src/deps/src/modsecurity/src/rules_exceptions.cc index 1349866d44..71cf28c223 100644 --- a/src/deps/src/modsecurity/src/rules_exceptions.cc +++ b/src/deps/src/modsecurity/src/rules_exceptions.cc @@ -36,15 +36,15 @@ bool RulesExceptions::loadUpdateActionById(double id, std::string *error) { for (auto &a : *actions) { - if (a->action_kind == actions::Action::ConfigurationKind) { + if (a->action_kind == actions::Action::Kind::ConfigurationKind) { std::cout << "General failure, action: " << a->m_name; std::cout << " has not expected to be used with UpdateActionByID."; std::cout << std::endl; } else if (a->action_kind - == actions::Action::RunTimeBeforeMatchAttemptKind) { + == actions::Action::Kind::RunTimeBeforeMatchAttemptKind) { m_action_pre_update_target_by_id.emplace(std::pair>(id , std::move(a))); - } else if (a->action_kind == actions::Action::RunTimeOnlyIfMatchKind) { + } else if (a->action_kind == actions::Action::Kind::RunTimeOnlyIfMatchKind) { m_action_pos_update_target_by_id.emplace(std::pair>(id , std::move(a))); } else { diff --git a/src/deps/src/modsecurity/src/rules_set.cc b/src/deps/src/modsecurity/src/rules_set.cc index 883c78e126..025abe69d9 100644 --- a/src/deps/src/modsecurity/src/rules_set.cc +++ b/src/deps/src/modsecurity/src/rules_set.cc @@ -311,6 +311,21 @@ extern "C" int msc_rules_add(RulesSet *rules, const char *plain_rules, } +/** + * @name msc_rules_error_cleanup + * @brief Deallocates an error message buffer returned by a msc_rules_xxx function. + * + * This is a helper function to free the error message buffer allocated + * by a msc_rules_xxx function. + * + * @param error Error message pointer. + * + */ +extern "C" void msc_rules_error_cleanup(const char *error) { + free((void*) error); +} + + extern "C" int msc_rules_cleanup(RulesSet *rules) { delete rules; return true; diff --git a/src/deps/src/modsecurity/src/rules_set_properties.cc b/src/deps/src/modsecurity/src/rules_set_properties.cc index ffb37e7689..80078b3dd2 100644 --- a/src/deps/src/modsecurity/src/rules_set_properties.cc +++ b/src/deps/src/modsecurity/src/rules_set_properties.cc @@ -19,6 +19,10 @@ #include "src/utils/string.h" #include "src/variables/variable.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { @@ -98,8 +102,8 @@ void ConfigUnicodeMap::loadConfig(std::string f, double configCodePage, if (mapping != NULL) { ucode = strtok_r(mapping, ":", &hmap); - sscanf(ucode, "%x", &code); - sscanf(hmap, "%x", &Map); + sscanf(ucode, "%x", &code); // cppcheck-suppress invalidScanfArgType_int + sscanf(hmap, "%x", &Map); // cppcheck-suppress invalidScanfArgType_int if (code >= 0 && code <= 65535) { driver->m_unicodeMapTable.m_unicodeMapTable->change(code, Map); } diff --git a/src/deps/src/modsecurity/src/transaction.cc b/src/deps/src/modsecurity/src/transaction.cc index cf52288d9b..8c9dd669d9 100644 --- a/src/deps/src/modsecurity/src/transaction.cc +++ b/src/deps/src/modsecurity/src/transaction.cc @@ -53,6 +53,9 @@ #include "src/actions/disruptive/allow.h" #include "src/variables/remote_user.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif using modsecurity::actions::Action; @@ -104,6 +107,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) m_clientIpAddress(std::make_shared("")), m_httpVersion(""), m_serverIpAddress(std::make_shared("")), + m_requestHostName(std::make_shared("")), m_uri(""), m_uri_no_query_string_decoded(std::make_shared("")), m_ARGScombinedSizeDouble(0), @@ -180,6 +184,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb m_clientIpAddress(std::make_shared("")), m_httpVersion(""), m_serverIpAddress(std::make_shared("")), + m_requestHostName(std::make_shared("")), m_uri(""), m_uri_no_query_string_decoded(std::make_shared("")), m_ARGScombinedSizeDouble(0), @@ -316,6 +321,7 @@ int Transaction::processConnection(const char *client, int cPort, const char *server, int sPort) { m_clientIpAddress = std::unique_ptr(new std::string(client)); m_serverIpAddress = std::unique_ptr(new std::string(server)); + m_requestHostName = std::unique_ptr(new std::string(server)); this->m_clientPort = cPort; this->m_serverPort = sPort; ms_dbg(4, "Transaction context created."); @@ -342,46 +348,22 @@ bool Transaction::extractArguments(const std::string &orig, if (m_rules->m_secArgumentSeparator.m_set) { sep1 = m_rules->m_secArgumentSeparator.m_value.at(0); } - std::vector key_value_sets = utils::string::ssplit(buf, sep1); - - for (std::string t : key_value_sets) { - char sep2 = '='; - size_t key_s = 0; - size_t value_s = 0; - int invalid = 0; - int changed = 0; - - std::string key; - std::string value; - std::pair key_value_pair = utils::string::ssplit_pair(t, sep2); - key = key_value_pair.first; - value = key_value_pair.second; - - key_s = (key.length() + 1); - value_s = (value.length() + 1); - unsigned char *key_c = reinterpret_cast( - calloc(sizeof(char), key_s)); - unsigned char *value_c = reinterpret_cast( - calloc(sizeof(char), value_s)); - - memcpy(key_c, key.c_str(), key_s); - memcpy(value_c, value.c_str(), value_s); - - key_s = utils::urldecode_nonstrict_inplace(key_c, key_s, - &invalid, &changed); - value_s = utils::urldecode_nonstrict_inplace(value_c, value_s, - &invalid, &changed); - - if (invalid) { + const auto key_value_sets = utils::string::ssplit(buf, sep1); + + for (const auto &t : key_value_sets) { + const auto sep2 = '='; + auto [key, value] = utils::string::ssplit_pair(t, sep2); + + int invalid_count; + utils::urldecode_nonstrict_inplace(key, invalid_count); + utils::urldecode_nonstrict_inplace(value, invalid_count); + + if (invalid_count > 0) { m_variableUrlEncodedError.set("1", m_variableOffset); } - addArgument(orig, std::string(reinterpret_cast(key_c), key_s-1), - std::string(reinterpret_cast(value_c), value_s-1), offset); + addArgument(orig, key, value, offset); offset = offset + t.size() + 1; - - free(key_c); - free(value_c); } return true; @@ -1463,49 +1445,57 @@ int Transaction::processLogging() { * @brief Check if ModSecurity has anything to ask to the server. * * Intervention can generate a log event and/or perform a disruptive action. + * + * If the return value is true, all fields in the ModSecurityIntervention + * parameter have been initialized and are safe to access. + * If the return value is false, no changes to the ModSecurityIntervention + * parameter have been made. * - * @param Pointer ModSecurityIntervention structure + * @param it Pointer to ModSecurityIntervention structure * @retval true A intervention should be made. * @retval false Nothing to be done. * */ bool Transaction::intervention(ModSecurityIntervention *it) { + const auto disruptive = m_it.disruptive; if (m_it.disruptive) { if (m_it.url) { it->url = strdup(m_it.url); + } else { + it->url = NULL; } it->disruptive = m_it.disruptive; it->status = m_it.status; if (m_it.log != NULL) { - std::string log(""); - log.append(m_it.log); - utils::string::replaceAll(&log, std::string("%d"), + std::string log(m_it.log); + utils::string::replaceAll(log, "%d", std::to_string(it->status)); it->log = strdup(log.c_str()); + } else { + it->log = NULL; } intervention::reset(&m_it); } - return it->disruptive; + return disruptive; } std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename, double size, const std::string &md5) { std::stringstream ss; - struct tm timeinfo; - char tstr[300]; - memset(tstr, '\0', 300); + struct tm timeinfo; localtime_r(&this->m_timeStamp, &timeinfo); - strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo); + char tstr[std::size("[dd/Mmm/yyyy:hh:mm:ss shhmm]")]; + strftime(tstr, std::size(tstr), "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo); ss << utils::string::dash_if_empty( m_variableRequestHeaders.resolveFirst("Host").get()) << " "; - ss << utils::string::dash_if_empty(this->m_clientIpAddress->c_str()) << " "; + ss << utils::string::dash_if_empty(this->m_clientIpAddress.get()) << " "; /** TODO: Check variable */ variables::RemoteUser *r = new variables::RemoteUser("REMOTE_USER"); std::vector l; @@ -1516,7 +1506,7 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename, delete r; ss << utils::string::dash_if_empty( - m_variableRemoteUser.c_str()); + &m_variableRemoteUser); ss << " "; /** TODO: Check variable */ //ss << utils::string::dash_if_empty( @@ -1557,14 +1547,14 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename, std::string Transaction::toOldAuditLogFormat(int parts, const std::string &trailer) { std::stringstream audit_log; - struct tm timeinfo; - char tstr[300]; - memset(tstr, '\0', 300); + struct tm timeinfo; localtime_r(&this->m_timeStamp, &timeinfo); + char tstr[std::size("[dd/Mmm/yyyy:hh:mm:ss shhmm]")]; + strftime(tstr, std::size(tstr), "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo); + audit_log << "--" << trailer << "-" << "A--" << std::endl; - strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo); audit_log << tstr; audit_log << " " << m_id->c_str(); audit_log << " " << this->m_clientIpAddress->c_str(); @@ -2254,11 +2244,16 @@ extern "C" void msc_transaction_cleanup(Transaction *transaction) { * * Intervention can generate a log event and/or perform a disruptive action. * - * @param transaction ModSecurity transaction. + * If the return value is not zero, all fields in the ModSecurityIntervention + * parameter have been initialized and are safe to access. + * If the return value is zero, no changes to the ModSecurityIntervention + * parameter have been made. * - * @return Pointer to ModSecurityIntervention structure - * @retval >0 A intervention should be made. - * @retval NULL Nothing to be done. + * @param transaction ModSecurity transaction. + * @param it Pointer to ModSecurityIntervention structure + * @returns If an intervention should be made + * @retval >0 A intervention should be made. + * @retval 0 Nothing to be done. * */ extern "C" int msc_intervention(Transaction *transaction, @@ -2267,6 +2262,22 @@ extern "C" int msc_intervention(Transaction *transaction, } +/** + * @name msc_intervention_cleanup + * @brief Removes all the resources allocated by a given Intervention. + * + * This is a helper function to free any allocated buffers owned by the + * intervention. + * + * @param it ModSecurity intervention. + * + */ +extern "C" void msc_intervention_cleanup(ModSecurityIntervention *it) { + intervention::free(it); + intervention::clean(it); +} + + /** * @name msc_get_response_body * @brief Retrieve a buffer with the updated response body. @@ -2355,5 +2366,52 @@ extern "C" int msc_update_status_code(Transaction *transaction, int status) { } +/** + * @name setRequestHostName + * @brief Set request's host name + * + * With this method it is possible to set the request's hostname. + * + * @note This function expects a NULL terminated string. + * + * @param hostname hostname. + * + * @returns If the operation was successful or not. + * @retval true Operation was successful. + * @retval false Operation failed. + * + */ +int Transaction::setRequestHostName(const std::string& hostname) { + + if (hostname != "") { + m_requestHostName = std::unique_ptr(new std::string(hostname)); + } + + return true; +} + + +/** + * @name msc_set_request_hostname + * @brief Set request's host name + * + * With this method it is possible to set request's hostname. + * + * @note This function expects a NULL terminated string. + * + * @param transaction ModSecurity transaction. + * @param hostname hostname. + * + * @returns If the operation was successful or not. + * @retval 1 Operation was successful. + * @retval 0 Operation failed. + * + */ +extern "C" int msc_set_request_hostname(Transaction *transaction, + const unsigned char *hostname) { + return transaction->setRequestHostName(reinterpret_cast(hostname)); +} + + } // namespace modsecurity diff --git a/src/deps/src/modsecurity/src/unique_id.cc b/src/deps/src/modsecurity/src/unique_id.cc index a78ebd751b..3106776e3a 100644 --- a/src/deps/src/modsecurity/src/unique_id.cc +++ b/src/deps/src/modsecurity/src/unique_id.cc @@ -17,7 +17,8 @@ #include "src/config.h" #ifdef WIN32 -#include +#include "src/compat/msvc.h" +#include #include #endif @@ -48,7 +49,11 @@ #endif #include +#ifndef WIN32 #include +#else +#include +#endif #include #include "src/utils/sha1.h" @@ -207,7 +212,7 @@ std::string UniqueId::ethernetMacAddress() { pAdapter = pAdapterInfo; while (pAdapter && !mac[0] && !mac[1] && !mac[2]) { if (pAdapter->AddressLength > 4) { - apr_snprintf(mac, MAC_ADDRESS_SIZE, "%02x:%02x:%02x:%02x:%02x:%02x", + snprintf(mac, MAC_ADDRESS_SIZE, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned char)pAdapter->Address[0], (unsigned char)pAdapter->Address[1], (unsigned char)pAdapter->Address[2], diff --git a/src/deps/src/modsecurity/src/utils/acmp.cc b/src/deps/src/modsecurity/src/utils/acmp.cc index 2bfe7acb90..fb61f31d99 100644 --- a/src/deps/src/modsecurity/src/utils/acmp.cc +++ b/src/deps/src/modsecurity/src/utils/acmp.cc @@ -33,135 +33,8 @@ * that should be mitigated. This ACMP parser should be re-written to * consume less memory. */ -extern "C" { - -char *parse_pm_content(const char *op_parm, unsigned short int op_len, const char **error_msg) { - char *parm = NULL; - char *content; - unsigned short int offset = 0; -// char converted = 0; - int i, x; - unsigned char bin = 0, esc = 0, bin_offset = 0; - unsigned char c = 0; - unsigned char bin_parm[3] = { 0 }; - char *processed = NULL; - - content = strdup(op_parm); - - if (content == NULL) { - *error_msg = std::string("Error allocating memory for pattern matching content.").c_str(); - return NULL; - } - - while (offset < op_len && (content[offset] == ' ' || content[offset] == '\t')) { - offset++; - }; - - op_len = strlen(content); - - if (content[offset] == '\"' && content[op_len-1] == '\"') { - parm = strdup(content + offset + 1); - if (parm == NULL) { - *error_msg = std::string("Error allocating memory for pattern matching content.").c_str(); - free(content); - content = NULL; - return NULL; - } - parm[op_len - offset - 2] = '\0'; - } else { - parm = strdup(content + offset); - if (parm == NULL) { - free(content); - content = NULL; - *error_msg = std::string("Error allocating memory for pattern matching content.").c_str(); - return NULL; - } - } - - free(content); - content = NULL; - op_len = strlen(parm); - - if (op_len == 0) { - *error_msg = "Content length is 0."; - free(parm); - return NULL; - } - - for (i = 0, x = 0; i < op_len; i++) { - if (parm[i] == '|') { - if (bin) { - bin = 0; - } else { - bin = 1; - } - } else if(!esc && parm[i] == '\\') { - esc = 1; - } else { - if (bin) { - if (parm[i] == 0 || parm[i] == 1 || parm[i] == 2 || - parm[i] == 3 || parm[i] == 4 || parm[i] == 5 || - parm[i] == 6 || parm[i] == 7 || parm[i] == 8 || - parm[i] == 9 || - parm[i] == 'A' || parm[i] == 'a' || - parm[i] == 'B' || parm[i] == 'b' || - parm[i] == 'C' || parm[i] == 'c' || - parm[i] == 'D' || parm[i] == 'd' || - parm[i] == 'E' || parm[i] == 'e' || - parm[i] == 'F' || parm[i] == 'f') - { - bin_parm[bin_offset] = (char)parm[i]; - bin_offset++; - if (bin_offset == 2) { - c = strtol((char *)bin_parm, (char **) NULL, 16) & 0xFF; - bin_offset = 0; - parm[x] = c; - x++; - //converted = 1; - } - } else if (parm[i] == ' ') { - } - } else if (esc) { - if (parm[i] == ':' || - parm[i] == ';' || - parm[i] == '\\' || - parm[i] == '\"') - { - parm[x] = parm[i]; - x++; - } else { - *error_msg = std::string("Unsupported escape sequence.").c_str(); - free(parm); - return NULL; - } - esc = 0; - //converted = 1; - } else { - parm[x] = parm[i]; - x++; - } - } - } - -#if 0 - if (converted) { - op_len = x; - } -#endif - - //processed = memcpy(processed, parm, op_len); - processed = strdup(parm); - free(parm); - parm = NULL; - - if (processed == NULL) { - *error_msg = std::string("Error allocating memory for pattern matching content.").c_str(); - return NULL; - } - - return processed; -} +extern "C" { /* ******************************************************************************* @@ -190,10 +63,9 @@ static size_t acmp_strlen(ACMP *parser, const char *str) { * len - length of input string */ static void acmp_strtoucs(ACMP *parser, const char *str, long *ucs_chars, int len) { - int i; const char *c = str; - for (i = 0; i < len; i++) { + for (int i = 0;i < len;i++) { *(ucs_chars++) = *(c++); } } diff --git a/src/deps/src/modsecurity/src/utils/acmp.h b/src/deps/src/modsecurity/src/utils/acmp.h index 1af454e1df..a93165fe5d 100644 --- a/src/deps/src/modsecurity/src/utils/acmp.h +++ b/src/deps/src/modsecurity/src/utils/acmp.h @@ -23,6 +23,7 @@ #endif #include +#include extern "C" { @@ -189,8 +190,6 @@ int acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, size_ */ int acmp_prepare(ACMP *parser); -char *parse_pm_content(const char *op_parm, unsigned short int op_len, const char **error_msg); - } #endif /*ACMP_H_*/ diff --git a/src/deps/src/modsecurity/src/utils/base64.cc b/src/deps/src/modsecurity/src/utils/base64.cc index ebbb7393c9..7b1f4b07e6 100644 --- a/src/deps/src/modsecurity/src/utils/base64.cc +++ b/src/deps/src/modsecurity/src/utils/base64.cc @@ -23,33 +23,30 @@ #include "mbedtls/base64.h" -namespace modsecurity { -namespace Utils { +template +inline std::string base64Helper(const char *data, const unsigned int len, Operation op) { + size_t out_len = 0; + op(nullptr, 0, &out_len, + reinterpret_cast(data), len); -std::string Base64::encode(const std::string& data) { - size_t encoded_len = 0; - unsigned char *d; - std::string ret; - - mbedtls_base64_encode(NULL, 0, &encoded_len, - reinterpret_cast(data.c_str()), data.size()); + std::string ret(out_len, {}); + if(out_len > 0) { + op(reinterpret_cast(ret.data()), ret.size(), &out_len, + reinterpret_cast(data), len); - d = reinterpret_cast(malloc(sizeof(char) * encoded_len)); - if (d == NULL) { - return data; + ret.resize(out_len); } - memset(d, '\0', encoded_len); - - mbedtls_base64_encode(d, encoded_len, &encoded_len, - (unsigned char*) data.c_str(), data.size()); + return ret; +} - ret.assign(reinterpret_cast(d), encoded_len); - free(d); +namespace modsecurity { +namespace Utils { - return ret; +std::string Base64::encode(const std::string& data) { + return base64Helper(data.c_str(), data.size(), mbedtls_base64_encode); } @@ -63,53 +60,12 @@ std::string Base64::decode(const std::string& data, bool forgiven) { std::string Base64::decode(const std::string& data) { - size_t decoded_len = 0; - unsigned char *d; - std::string ret; - size_t len = strlen(data.c_str()); - - mbedtls_base64_decode(NULL, 0, &decoded_len, - reinterpret_cast(data.c_str()), len); - - d = reinterpret_cast(malloc(sizeof(char) * decoded_len)); - if (d == NULL) { - return data; - } - - memset(d, '\0', decoded_len); - - mbedtls_base64_decode(d, decoded_len, &decoded_len, - reinterpret_cast(data.c_str()), len); - - ret.assign(reinterpret_cast(d), decoded_len); - free(d); - - return ret; + return base64Helper(data.c_str(), strlen(data.c_str()), mbedtls_base64_decode); } std::string Base64::decode_forgiven(const std::string& data) { - size_t decoded_len = 0; - unsigned char *d; - std::string ret; - - decode_forgiven_engine(NULL, 0, &decoded_len, - reinterpret_cast(data.c_str()), data.size()); - - d = reinterpret_cast(malloc(sizeof(char) * decoded_len)); - if (d == NULL) { - return data; - } - - memset(d, '\0', decoded_len); - - decode_forgiven_engine(d, decoded_len, &decoded_len, - reinterpret_cast(data.c_str()), data.size()); - - ret.assign(reinterpret_cast(d), decoded_len); - free(d); - - return ret; + return base64Helper(data.c_str(), data.size(), decode_forgiven_engine); } @@ -215,6 +171,5 @@ void Base64::decode_forgiven_engine(unsigned char *plain_text, } } - } // namespace Utils } // namespace modsecurity diff --git a/src/deps/src/modsecurity/src/utils/decode.cc b/src/deps/src/modsecurity/src/utils/decode.cc index c631101191..2735cf3eee 100644 --- a/src/deps/src/modsecurity/src/utils/decode.cc +++ b/src/deps/src/modsecurity/src/utils/decode.cc @@ -17,68 +17,60 @@ #include "modsecurity/modsecurity.h" #include "src/utils/string.h" +using namespace modsecurity::utils::string; -namespace modsecurity { -namespace utils { +namespace modsecurity::utils { -int urldecode_nonstrict_inplace(unsigned char *input, - uint64_t input_len, int *invalid_count, int *changed) { - unsigned char *d = (unsigned char *)input; - uint64_t i, count; +bool urldecode_nonstrict_inplace(std::string &val, + int &invalid_count) { + unsigned char *d = (unsigned char *)val.data(); + unsigned char *s = d; + const unsigned char *e = s + val.size(); - *changed = 0; + invalid_count = 0; + bool changed = false; - if (input == NULL) { - return -1; - } - - i = count = 0; - while (i < input_len) { - if (input[i] == '%') { + while (s != e) { + if (*s == '%') { /* Character is a percent sign. */ /* Are there enough bytes available? */ - if (i + 2 < input_len) { - char c1 = input[i + 1]; - char c2 = input[i + 2]; + if (s + 2 < e) { + const auto c1 = *(s + 1); + const auto c2 = *(s + 2); if (VALID_HEX(c1) && VALID_HEX(c2)) { - uint64_t uni = string::x2c(&input[i + 1]); + const auto uni = string::x2c(s + 1); - *d++ = (wchar_t)uni; - count++; - i += 3; - *changed = 1; + *d++ = uni; + s += 3; + changed = true; } else { /* Not a valid encoding, skip this % */ - *d++ = input[i++]; - count++; - (*invalid_count)++; + *d++ = *s++; + invalid_count++; } } else { /* Not enough bytes available, copy the raw bytes. */ - *d++ = input[i++]; - count++; - (*invalid_count)++; + *d++ = *s++; + invalid_count++; } } else { /* Character is not a percent sign. */ - if (input[i] == '+') { + if (*s == '+') { *d++ = ' '; - *changed = 1; + changed = true; } else { - *d++ = input[i]; + *d++ = *s; } - count++; - i++; + s++; } } -#if 0 - *d = '\0'; -#endif + if (changed) + val.resize((char*) d - val.c_str()); - return count; + return changed; } @@ -99,8 +91,8 @@ std::string uri_decode(const std::string & sSrc) { while (pSrc < SRC_LAST_DEC) { if (*pSrc == '%') { char dec1, dec2; - if (-1 != (dec1 = string::HEX2DEC[*(pSrc + 1)]) - && -1 != (dec2 = string::HEX2DEC[*(pSrc + 2)])) { + if ((char)-1 != (dec1 = string::HEX2DEC[*(pSrc + 1)]) + && (char)-1 != (dec2 = string::HEX2DEC[*(pSrc + 2)])) { *pEnd++ = (dec1 << 4) + dec2; pSrc += 3; continue; @@ -120,5 +112,4 @@ std::string uri_decode(const std::string & sSrc) { } -} // namespace utils -} // namespace modsecurity +} // namespace modsecurity::utils diff --git a/src/deps/src/modsecurity/src/utils/decode.h b/src/deps/src/modsecurity/src/utils/decode.h index e0e31bcbf9..d80a55d5b8 100644 --- a/src/deps/src/modsecurity/src/utils/decode.h +++ b/src/deps/src/modsecurity/src/utils/decode.h @@ -29,8 +29,8 @@ namespace modsecurity { namespace utils { -int urldecode_nonstrict_inplace(unsigned char *input, - uint64_t input_len, int *invalid_count, int *changed); +bool urldecode_nonstrict_inplace(std::string &val, + int &invalid_count); std::string uri_decode(const std::string & sSrc); diff --git a/src/deps/src/modsecurity/src/utils/geo_lookup.cc b/src/deps/src/modsecurity/src/utils/geo_lookup.cc index 33a80be5cb..4e06a1ec52 100644 --- a/src/deps/src/modsecurity/src/utils/geo_lookup.cc +++ b/src/deps/src/modsecurity/src/utils/geo_lookup.cc @@ -13,10 +13,13 @@ * */ +#ifndef WIN32 #include -#include #include #include +#else +#include +#endif #include #include diff --git a/src/deps/src/modsecurity/src/utils/https_client.cc b/src/deps/src/modsecurity/src/utils/https_client.cc index 9ee84b1540..f413e8ca07 100644 --- a/src/deps/src/modsecurity/src/utils/https_client.cc +++ b/src/deps/src/modsecurity/src/utils/https_client.cc @@ -20,10 +20,14 @@ #include #endif +#ifndef WIN32 #include #include #include #include +#else +#include +#endif #include #include @@ -94,6 +98,11 @@ bool HttpsClient::download(const std::string &uri) { curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1); +#ifdef WIN32 + /* use the operating system's native CA store for certificate verification.*/ + curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, (long)CURLSSLOPT_NATIVE_CA); +#endif + /* send all data to this function */ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &HttpsClient::handle); diff --git a/src/deps/src/modsecurity/src/utils/ip_tree.cc b/src/deps/src/modsecurity/src/utils/ip_tree.cc index 969213a55f..124bc47f30 100644 --- a/src/deps/src/modsecurity/src/utils/ip_tree.cc +++ b/src/deps/src/modsecurity/src/utils/ip_tree.cc @@ -15,10 +15,14 @@ #include "src/utils/ip_tree.h" +#ifndef WIN32 #include #include #include #include +#else +#include +#endif #include #include diff --git a/src/deps/src/modsecurity/src/utils/md5.cc b/src/deps/src/modsecurity/src/utils/md5.cc deleted file mode 100644 index 8474600785..0000000000 --- a/src/deps/src/modsecurity/src/utils/md5.cc +++ /dev/null @@ -1,40 +0,0 @@ - - -#include "src/utils/md5.h" -#include "others/mbedtls/md5.h" - -namespace modsecurity { -namespace Utils { - - -std::string Md5::hexdigest(const std::string& input) { - unsigned char digest[16]; - - mbedtls_md5(reinterpret_cast(input.c_str()), - input.size(), digest); - - char buf[33]; - for (int i = 0; i < 16; i++) { - sprintf(buf+i*2, "%02x", digest[i]); - } - - return std::string(buf, 32); -} - - -std::string Md5::digest(const std::string& input) { - unsigned char output[16]; - std::string ret; - - mbedtls_md5(reinterpret_cast(input.c_str()), - input.size(), output); - - ret.assign(reinterpret_cast(output), 16); - - return ret; -} - - -} // namespace Utils -} // namespace modsecurity - diff --git a/src/deps/src/modsecurity/src/utils/md5.h b/src/deps/src/modsecurity/src/utils/md5.h index b6ebc12013..68f5d748e4 100644 --- a/src/deps/src/modsecurity/src/utils/md5.h +++ b/src/deps/src/modsecurity/src/utils/md5.h @@ -13,29 +13,20 @@ * */ -#include - -#include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" - #ifndef SRC_UTILS_MD5_H_ #define SRC_UTILS_MD5_H_ -#include -#include +#include "src/utils/sha1.h" +#include "mbedtls/md5.h" +#include -namespace modsecurity { -namespace Utils { +namespace modsecurity::Utils { -class Md5 { - public: - Md5() { } - static std::string hexdigest(const std::string& input); - static std::string digest(const std::string& input); +class Md5 : public DigestImpl<&mbedtls_md5, 16> { }; -} // namespace Utils -} // namespace modsecurity + +} // namespace modsecurity::Utils #endif // SRC_UTILS_MD5_H_ \ No newline at end of file diff --git a/src/deps/src/modsecurity/src/utils/msc_tree.cc b/src/deps/src/modsecurity/src/utils/msc_tree.cc index 8e36f274ef..27c7461c81 100644 --- a/src/deps/src/modsecurity/src/utils/msc_tree.cc +++ b/src/deps/src/modsecurity/src/utils/msc_tree.cc @@ -15,9 +15,15 @@ #include #include #include +#ifndef WIN32 #include #include #include +#else +#include "src/compat/msvc.h" +#include +#include +#endif #include "src/utils/msc_tree.h" diff --git a/src/deps/src/modsecurity/src/utils/sha1.cc b/src/deps/src/modsecurity/src/utils/sha1.cc deleted file mode 100644 index 116d510709..0000000000 --- a/src/deps/src/modsecurity/src/utils/sha1.cc +++ /dev/null @@ -1,60 +0,0 @@ -/* - * ModSecurity, http://www.modsecurity.org/ - * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/) - * - * You may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Trustwave Holdings, Inc. - * directly using the email address security@modsecurity.org. - * - */ - - -#include "src/utils/sha1.h" -#include "others/mbedtls/sha1.h" -#include -#include -#include - -namespace modsecurity { -namespace Utils { - - -std::string Sha1::hexdigest(const std::string& input) { - unsigned char digest[20] = { 0 }; - static const char* const lut = "0123456789abcdef"; - - mbedtls_sha1(reinterpret_cast(input.c_str()), - input.size(), digest); - std::string a; - - for (int i = 0; i < 20; i++) { - const unsigned char c = digest[i]; - a.push_back(lut[c >> 4]); - a.push_back(lut[c & 15]); - } - - return a; -} - - -std::string Sha1::digest(const std::string& input) { - unsigned char output[20]; - std::string ret; - - mbedtls_sha1(reinterpret_cast(input.c_str()), - input.size(), output); - - ret.assign(reinterpret_cast(output), 20); - - return ret; -} - - -} // namespace Utils -} // namespace modsecurity - diff --git a/src/deps/src/modsecurity/src/utils/sha1.h b/src/deps/src/modsecurity/src/utils/sha1.h index 6bae47c2b2..2dac3ea2c4 100644 --- a/src/deps/src/modsecurity/src/utils/sha1.h +++ b/src/deps/src/modsecurity/src/utils/sha1.h @@ -13,26 +13,63 @@ * */ - #ifndef SRC_UTILS_SHA1_H_ #define SRC_UTILS_SHA1_H_ -#include -#include #include +#include + +#include "src/utils/string.h" +#include "mbedtls/sha1.h" + +namespace modsecurity::Utils { + -namespace modsecurity { -namespace Utils { +using DigestOp = int (*)(const unsigned char *, size_t, unsigned char []); -class Sha1 { + +template +class DigestImpl { public: - Sha1() { } - static std::string hexdigest(const std::string& input); - static std::string digest(const std::string& input); + static std::string digest(const std::string& input) { + return digestHelper(input, [](const auto digest) { + return std::string(digest); + }); + } + + static void digestReplace(std::string& value) { + digestHelper(value, [&value](const auto digest) mutable { + value = digest; + }); + } + + static std::string hexdigest(const std::string &input) { + return digestHelper(input, [](const auto digest) { + return utils::string::string_to_hex(digest); + }); + } + +private: + + template + static auto digestHelper(const std::string &input, + ConvertOp convertOp) -> auto { + char digest[DigestSize]; + + auto ret = digestOp(reinterpret_cast(input.c_str()), + input.size(), reinterpret_cast(digest)); + assert(ret == 0); + + return convertOp(std::string_view(digest, DigestSize)); + } }; -} // namespace Utils -} // namespace modsecurity + +class Sha1 : public DigestImpl<&mbedtls_sha1, 20> { +}; + + +} // namespace modsecurity::Utils #endif // SRC_UTILS_SHA1_H_ diff --git a/src/deps/src/modsecurity/src/utils/shared_files.cc b/src/deps/src/modsecurity/src/utils/shared_files.cc index 73216bd002..6982d0d6e9 100644 --- a/src/deps/src/modsecurity/src/utils/shared_files.cc +++ b/src/deps/src/modsecurity/src/utils/shared_files.cc @@ -15,236 +15,131 @@ #include "src/utils/shared_files.h" -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include +#ifdef WIN32 +#include +#endif + namespace modsecurity { namespace utils { -std::pair SharedFiles::find_handler( - const std::string &fileName) { - for (const auto &i : m_handlers) { - if (i.first == fileName) { - return i.second; - } - } - return std::pair(NULL, NULL); -} - - -std::pair SharedFiles::add_new_handler( +SharedFiles::handlers_map::iterator SharedFiles::add_new_handler( const std::string &fileName, std::string *error) { - int shm_id; - int ret; - key_t mem_key_structure; - msc_file_handler_t *new_debug_log = NULL; - struct shmid_ds shared_mem_info; - FILE *fp; - bool toBeCreated = true; - - fp = fopen(fileName.c_str(), "a"); + FILE *fp = fopen(fileName.c_str(), "a"); if (fp == 0) { error->assign("Failed to open file: " + fileName); - goto err_fh; + return m_handlers.end(); } - mem_key_structure = ftok(fileName.c_str(), 1); - if (mem_key_structure < 0) { - error->assign("Failed to select key for the shared memory (1): "); - error->append(strerror(errno)); - goto err_mem_key; - } +#ifdef WIN32 + // replace invalid characters for a Win32 named object + auto tmp = fileName; + std::replace(tmp.begin(), tmp.end(), '\\', '_'); + std::replace(tmp.begin(), tmp.end(), '/', '_'); - shm_id = shmget(mem_key_structure, sizeof (msc_file_handler_t) \ - + fileName.size() + 1, IPC_CREAT | IPC_EXCL | 0666); - if (shm_id < 0) { - shm_id = shmget(mem_key_structure, sizeof (msc_file_handler_t) - + fileName.size() + 1, IPC_CREAT | 0666); - toBeCreated = false; - if (shm_id < 0) { - error->assign("Failed to allocate shared memory (1): "); - error->append(strerror(errno)); - goto err_shmget1; - } - } - - ret = shmctl(shm_id, IPC_STAT, &shared_mem_info); - if (ret < 0) { - error->assign("Failed to get information on shared memory (1): "); - error->append(strerror(errno)); - goto err_shmctl1; - } + // use named mutex for multi-process locking support + const auto mutexName = "Global\\ModSecurity_" + tmp; - new_debug_log = reinterpret_cast( - shmat(shm_id, NULL, 0)); - if ((reinterpret_cast(new_debug_log)[0]) == -1) { - error->assign("Failed to attach shared memory (1): "); - error->append(strerror(errno)); - goto err_shmat1; - } - - if (toBeCreated == false && shared_mem_info.shm_nattch == 0) { - toBeCreated = true; + HANDLE hMutex = CreateMutex(NULL, FALSE, mutexName.c_str()); + if (hMutex == NULL) { + error->assign("Failed to create mutex for shared file: " + fileName); + fclose(fp); + return m_handlers.end(); } +#endif - if (toBeCreated) { - memset(new_debug_log, '\0', sizeof(msc_file_handler_t)); - new_debug_log->shm_id_structure = shm_id; - memcpy(new_debug_log->file_name, fileName.c_str(), fileName.size()); - new_debug_log->file_name[fileName.size()] = '\0'; - } - m_handlers.push_back(std::make_pair(fileName, - std::make_pair(new_debug_log, fp))); - - return std::make_pair(new_debug_log, fp); -err_shmat1: - shmdt(new_debug_log); -err_shmctl1: -err_shmget1: -err_mem_key: - fclose(fp); -err_fh: - return std::pair(NULL, NULL); + auto handler = handler_info { + fp, +#ifdef WIN32 + hMutex, +#endif + 0 + }; + // cppcheck-suppress resourceLeak ; false positive, fp is closed in SharedFiles::close + return m_handlers.insert({ fileName, handler }).first; } bool SharedFiles::open(const std::string& fileName, std::string *error) { - std::pair a; - bool ret = true; - - #if MODSEC_USE_GENERAL_LOCK - pthread_mutex_lock(m_generalLock); -#endif - - a = find_handler(fileName); - if (a.first == NULL) { - a = add_new_handler(fileName, error); - if (error->size() > 0) { - ret = false; - goto out; - } + auto it = m_handlers.find(fileName); + if (it == m_handlers.end()) { + it = add_new_handler(fileName, error); + if (error->size() > 0) + return false; } - if (a.first == NULL) { + + if (it == m_handlers.end()) { error->assign("Not able to open: " + fileName); - ret = false; - goto out; + return false; } -out: -#if MODSEC_USE_GENERAL_LOCK - pthread_mutex_unlock(m_generalLock); -#endif + it->second.cnt++; - return ret; + return true; } void SharedFiles::close(const std::string& fileName) { - std::pair a; - /* int ret; */ - /* int shm_id; */ - /* struct shmid_ds shared_mem_info; */ - /* int j = 0; */ - -#if MODSEC_USE_GENERAL_LOCK - pthread_mutex_lock(m_generalLock); + if (fileName.empty()) + return; + + auto it = m_handlers.find(fileName); + if (it == m_handlers.end()) + return; + + it->second.cnt--; + if (it->second.cnt == 0) + { + fclose(it->second.fp); +#ifdef WIN32 + CloseHandle(it->second.hMutex); #endif - if (fileName.empty()) { - goto out; + m_handlers.erase(it); } - - a = find_handler(fileName); - if (a.first == NULL || a.second == NULL) { - goto out; - } - - /* fclose(a.second); */ - a.second = 0; - - /* - * Delete the file structure will be welcomed, but we cannot delay - * while the process is being killed. - * - for (std::pair> i : m_handlers) { - if (i.first == fileName) { - j++; - } - } - - m_handlers.erase(m_handlers.begin()+j); - */ - - /* hmdt(a.second); */ - shmctl(a.first->shm_id_structure, IPC_RMID, NULL); - - /* - * - * We could check to see how many process attached to the shared memory - * we have, prior to the deletion of the shared memory. - * - ret = shmctl(a.first->shm_id_structure, IPC_STAT, &shared_mem_info); - if (ret < 0) { - goto out; - } - ret = shared_mem_info.shm_nattch; - shm_id = a.first->shm_id_structure; - */ - -out: -#if MODSEC_USE_GENERAL_LOCK - pthread_mutex_unlock(m_generalLock); -#endif - return; } bool SharedFiles::write(const std::string& fileName, const std::string &msg, std::string *error) { - std::pair a; - std::string lmsg = msg; - size_t wrote; - struct flock lock{}; bool ret = true; - a = find_handler(fileName); - if (a.first == NULL) { + auto it = m_handlers.find(fileName); + if (it == m_handlers.end()) { error->assign("file is not open: " + fileName); return false; } //Exclusively lock whole file +#ifndef WIN32 + struct flock lock {}; lock.l_start = lock.l_len = lock.l_whence = 0; lock.l_type = F_WRLCK; - fcntl(fileno(a.second), F_SETLKW, &lock); + fcntl(fileno(it->second.fp), F_SETLKW, &lock); +#else + DWORD dwWaitResult = WaitForSingleObject(it->second.hMutex, INFINITE); + if (dwWaitResult != WAIT_OBJECT_0) { + error->assign("couldn't lock shared file: " + fileName); + return false; + } +#endif - wrote = fwrite(lmsg.c_str(), 1, lmsg.size(), a.second); + auto wrote = fwrite(msg.c_str(), 1, msg.size(), it->second.fp); if (wrote < msg.size()) { error->assign("failed to write: " + fileName); ret = false; } - fflush(a.second); + fflush(it->second.fp); //Remove exclusive lock +#ifndef WIN32 lock.l_type = F_UNLCK; - fcntl(fileno(a.second), F_SETLKW, &lock); + fcntl(fileno(it->second.fp), F_SETLKW, &lock); +#else + ::ReleaseMutex(it->second.hMutex); +#endif return ret; } diff --git a/src/deps/src/modsecurity/src/utils/shared_files.h b/src/deps/src/modsecurity/src/utils/shared_files.h index bec28f6527..fcc78c9863 100644 --- a/src/deps/src/modsecurity/src/utils/shared_files.h +++ b/src/deps/src/modsecurity/src/utils/shared_files.h @@ -17,45 +17,21 @@ #define SRC_UTILS_SHARED_FILES_H_ -#include -#include -#include #include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - +#ifdef WIN32 +#include +#endif -#include "modsecurity/transaction.h" -#include "modsecurity/audit_log.h" +#include +#include -/** - * Not using this critical section yet. - * - */ -/* #define MODSEC_USE_GENERAL_LOCK */ namespace modsecurity { namespace utils { -typedef struct msc_file_handler { - int shm_id_structure; - char file_name[]; -} msc_file_handler_t; - - class SharedFiles { - public: +public: bool open(const std::string& fileName, std::string *error); void close(const std::string& fileName); bool write(const std::string& fileName, const std::string &msg, @@ -66,86 +42,31 @@ class SharedFiles { return instance; } - protected: - std::pair find_handler( - const std::string &fileName); - std::pair add_new_handler( - const std::string &fileName, std::string *error); - - private: - SharedFiles() -#ifdef MODSEC_USE_GENERAL_LOCK - : m_generalLock(NULL), - m_memKeyStructure(0) -#endif - { -#ifdef MODSEC_USE_GENERAL_LOCK - int shm_id; - bool toBeCreated(false); - bool err = false; - - m_memKeyStructure = ftok(".", 1); - if (m_memKeyStructure < 0) { - err = true; - goto err_mem_key; - } - - shm_id = shmget(m_memKeyStructure, sizeof(pthread_mutex_t), - IPC_CREAT | IPC_EXCL | 0666); - if (shm_id < 0) { - shm_id = shmget(m_memKeyStructure, sizeof(pthread_mutex_t), - IPC_CREAT | 0666); - toBeCreated = false; - if (shm_id < 0) { - err = true; - goto err_shmget1; - } - } - - m_generalLock = reinterpret_cast( - shmat(shm_id, NULL, 0)); - if ((reinterpret_cast(m_generalLock)[0]) == -1) { - err = true; - goto err_shmat1; - } - - if (toBeCreated) { - memset(m_generalLock, '\0', sizeof(pthread_mutex_t)); - pthread_mutex_init(m_generalLock, NULL); - pthread_mutex_unlock(m_generalLock); - } - - if (err) { -err_mem_key: - std::cerr << strerror(errno) << std::endl; -err_shmget1: - std::cerr << "err_shmget1" << std::endl; -err_shmat1: - std::cerr << "err_shmat1" << std::endl; - } -#endif - } - ~SharedFiles() { -#if MODSEC_USE_GENERAL_LOCK - shmdt(m_generalLock); - shmctl(m_memKeyStructure, IPC_RMID, NULL); -#endif - } +private: + SharedFiles() = default; + ~SharedFiles() = default; // C++ 03 // ======== // Dont forget to declare these two. You want to make sure they // are unacceptable otherwise you may accidentally get copies of // your singleton appearing. - SharedFiles(SharedFiles const&); - void operator=(SharedFiles const&); - - std::vector>> m_handlers; -#if MODSEC_USE_GENERAL_LOCK - pthread_mutex_t *m_generalLock; - key_t m_memKeyStructure; + SharedFiles(SharedFiles const&) = delete; + void operator=(SharedFiles const&) = delete; + + struct handler_info { + FILE* fp; +#ifdef WIN32 + HANDLE hMutex; #endif + unsigned int cnt; + }; + + using handlers_map = std::unordered_map; + handlers_map m_handlers; + + handlers_map::iterator add_new_handler( + const std::string &fileName, std::string *error); }; diff --git a/src/deps/src/modsecurity/src/utils/string.cc b/src/deps/src/modsecurity/src/utils/string.cc deleted file mode 100644 index 750d2bd1c8..0000000000 --- a/src/deps/src/modsecurity/src/utils/string.cc +++ /dev/null @@ -1,273 +0,0 @@ -/* - * ModSecurity, http://www.modsecurity.org/ - * Copyright (c) 2015 - 2023 Trustwave Holdings, Inc. (http://www.trustwave.com/) - * - * You may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Trustwave Holdings, Inc. - * directly using the email address security@modsecurity.org. - * - */ - -#include -#include -#include -#include -#ifdef __OpenBSD__ -#include -#else -#include -#endif -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#if defined _MSC_VER -#include -#elif defined __GNUC__ -#include -#include -#endif - -#include "modsecurity/modsecurity.h" - -#include "src/utils/string.h" - - -namespace modsecurity { -namespace utils { -namespace string { - - -std::string parserSanitizer(std::string a) { - a = removeWhiteSpacesIfNeeded(a); - a = removeBracketsIfNeeded(a); - return a; -} - - -std::string removeWhiteSpacesIfNeeded(std::string a) { - while (a.size() > 1 && a.at(0) == ' ') { - a.erase(0, 1); - } - while (a.size() > 1 && a.at(a.length()-1) == ' ') { - a.pop_back(); - } - return a; -} - - -std::string ascTime(time_t *t) { - std::string ts = std::ctime(t); - ts.pop_back(); - return ts; -} - - -std::string dash_if_empty(const std::string *str) { - if (str == NULL || str->empty()) { - return "-"; - } - - return *str; -} - - -std::string dash_if_empty(const char *str) { - if (str == NULL || strlen(str) == 0) { - return "-"; - } - - return std::string(str); -} - - -std::string limitTo(int amount, const std::string &str) { - std::string ret; - - if (str.length() > amount) { - ret.assign(str, 0, amount); - ret = ret + " (" + std::to_string(str.length() - amount) + " " \ - "characters omitted)"; - return ret; - } - - return str; -} - - -std::string removeBracketsIfNeeded(std::string a) { - if (a.length() > 1 && a.at(0) == '"' && a.at(a.length()-1) == '"') { - a.pop_back(); - a.erase(0, 1); - } - if (a.length() > 1 && a.at(0) == '\'' && a.at(a.length()-1) == '\'') { - a.pop_back(); - a.erase(0, 1); - } - return a; -} - - -std::string string_to_hex(const std::string& input) { - static const char* const lut = "0123456789ABCDEF"; - size_t len = input.length(); - - std::string output; - output.reserve(2 * len); - for (size_t i = 0; i < len; ++i) { - const unsigned char c = input[i]; - output.push_back(lut[c >> 4]); - output.push_back(lut[c & 15]); - } - return output; -} - -std::string toHexIfNeeded(const std::string &str, bool escape_spec) { - // escape_spec: escape special chars or not - // spec chars: '"' (quotation mark, ascii 34), '\' (backslash, ascii 92) - std::stringstream res; - - for (int i = 0; i < str.size(); i++) { - int c = (unsigned char)str.at(i); - if (c < 32 || c > 126 || (escape_spec == true && (c == 34 || c == 92))) { - res << "\\x" << std::setw(2) << std::setfill('0') << std::hex << c; - } else { - res << str.at(i); - } - } - - return res.str(); -} - - -std::string tolower(std::string str) { - std::string value; - value.resize(str.length()); - - std::transform(str.begin(), - str.end(), - value.begin(), - ::tolower); - - return value; -} - - -std::string toupper(std::string str) { - std::string value; - value.resize(str.length()); - - std::transform(str.begin(), - str.end(), - value.begin(), - ::toupper); - - return value; -} - - -std::vector ssplit(std::string str, char delimiter) { - std::vector internal; - std::stringstream ss(str); // Turn the string into a stream. - std::string tok; - - while (getline(ss, tok, delimiter)) { - internal.push_back(tok); - } - - return internal; -} - - -std::pair ssplit_pair(const std::string& str, char delimiter) { - std::stringstream ss(str); // Turn the string into a stream. - std::string key; - std::string value; - - getline(ss, key, delimiter); - if (key.length() < str.length()) { - value = str.substr(key.length()+1); - } - - return std::make_pair(key, value); -} - - -std::vector split(std::string str, char delimiter) { - std::vector internal = ssplit(str, delimiter); - - if (internal.size() == 0) { - internal.push_back(str); - } - - return internal; -} - - -void chomp(std::string *str) { - std::string::size_type pos = str->find_last_not_of("\n\r"); - if (pos != std::string::npos) { - str->erase(pos+1, str->length()-pos-1); - } -} - - -unsigned char x2c(const unsigned char *what) { - unsigned char digit; - - digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0')); - digit *= 16; - digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A') + 10 : (what[1] - '0')); - - return digit; -} - - -/** - * Converts a single hexadecimal digit into a decimal value. - */ -unsigned char xsingle2c(const unsigned char *what) { - unsigned char digit; - - digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0')); - - return digit; -} - - -unsigned char *c2x(unsigned what, unsigned char *where) { - static const char c2x_table[] = "0123456789abcdef"; - - what = what & 0xff; - *where++ = c2x_table[what >> 4]; - *where++ = c2x_table[what & 0x0f]; - - return where; -} - - -void replaceAll(std::string *str, const std::string& from, - const std::string& to) { - size_t start_pos = 0; - while ((start_pos = str->find(from, start_pos)) != std::string::npos) { - str->replace(start_pos, from.length(), to); - start_pos += to.length(); - } -} - -} // namespace string -} // namespace utils -} // namespace modsecurity diff --git a/src/deps/src/modsecurity/src/utils/string.h b/src/deps/src/modsecurity/src/utils/string.h index 55ebc0bd1f..f5e52ff06d 100644 --- a/src/deps/src/modsecurity/src/utils/string.h +++ b/src/deps/src/modsecurity/src/utils/string.h @@ -13,23 +13,38 @@ * */ +#ifndef SRC_UTILS_STRING_H_ +#define SRC_UTILS_STRING_H_ + #include -#include #include +#include #include +#include +#include +#include +#include +#include -#ifndef SRC_UTILS_STRING_H_ -#define SRC_UTILS_STRING_H_ +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif -#define VALID_HEX(X) (((X >= '0') && (X <= '9')) || \ - ((X >= 'a') && (X <= 'f')) || ((X >= 'A') && (X <= 'F'))) -#define ISODIGIT(X) ((X >= '0') && (X <= '7')) -#define NBSP 160 +namespace modsecurity::utils::string { +template +constexpr bool VALID_HEX(CharT X) { + return ((X >= '0') && (X <= '9')) + || ((X >= 'a') && (X <= 'f')) + || ((X >= 'A') && (X <= 'F')); +} -namespace modsecurity { -namespace utils { -namespace string { +template +constexpr bool ISODIGIT(CharT X) { + return (X >= '0') && (X <= '7'); +} + +constexpr unsigned char NBSP = 160; const char HEX2DEC[256] = { /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ @@ -55,30 +70,213 @@ const char HEX2DEC[256] = { }; -std::string ascTime(time_t *t); -std::string dash_if_empty(const char *str); -std::string dash_if_empty(const std::string *str); -std::string limitTo(int amount, const std::string &str); -std::string removeBracketsIfNeeded(std::string a); -std::string string_to_hex(const std::string& input); -std::string toHexIfNeeded(const std::string &str, bool escape_spec = false); -std::string tolower(std::string str); -std::string toupper(std::string str); -std::vector ssplit(std::string str, char delimiter); -std::pair ssplit_pair(const std::string& str, char delimiter); -std::vector split(std::string str, char delimiter); -void chomp(std::string *str); -void replaceAll(std::string *str, const std::string& from, - const std::string& to); -std::string removeWhiteSpacesIfNeeded(std::string a); -std::string parserSanitizer(std::string a); - -unsigned char x2c(const unsigned char *what); -unsigned char xsingle2c(const unsigned char *what); -unsigned char *c2x(unsigned what, unsigned char *where); - -} // namespace string -} // namespace utils -} // namespace modsecurity +inline std::string ascTime(const time_t *t) { + struct tm timeinfo; + localtime_r(t, &timeinfo); + char tstr[std::size("Www Mmm dd hh:mm:ss yyyy")]; + strftime(tstr, std::size(tstr), "%c", &timeinfo); + return tstr; +} + + +inline std::string dash_if_empty(const std::string *str) { + if (str == nullptr || str->empty()) { + return "-"; + } + + return *str; +} + + +inline std::string limitTo(int amount, const std::string &str) { + std::string ret; + + if (str.length() > amount) { + ret.assign(str, 0, amount); + ret = ret + " (" + std::to_string(str.length() - amount) + " " \ + "characters omitted)"; + return ret; + } + + return str; +} + + +inline std::string toHexIfNeeded(const std::string &str, bool escape_spec = false) { + // escape_spec: escape special chars or not + // spec chars: '"' (quotation mark, ascii 34), '\' (backslash, ascii 92) + std::stringstream res; + + for (int i = 0; i < str.size(); i++) { + int c = (unsigned char)str.at(i); + if (c < 32 || c > 126 || (escape_spec == true && (c == 34 || c == 92))) { + res << "\\x" << std::setw(2) << std::setfill('0') << std::hex << c; + } else { + res << str.at(i); + } + } + + return res.str(); +} + + +inline std::vector ssplit(const std::string &str, char delimiter) { + std::vector internal; + std::stringstream ss(str); // Turn the string into a stream. + std::string tok; + + while (getline(ss, tok, delimiter)) { + internal.push_back(tok); + } + + return internal; +} + + +inline std::pair ssplit_pair(const std::string& str, char delimiter) { + std::stringstream ss(str); // Turn the string into a stream. + std::string key; + std::string value; + + getline(ss, key, delimiter); + if (key.length() < str.length()) { + value = str.substr(key.length()+1); + } + + return std::make_pair(key, value); +} + + +inline std::vector split(const std::string &str, char delimiter) { + std::vector internal = ssplit(str, delimiter); + + if (internal.empty()) { + internal.push_back(str); + } + + return internal; +} + + +inline void chomp(std::string &str) { + std::string::size_type pos = str.find_last_not_of("\n\r"); + if (pos != std::string::npos) { + str.erase(pos+1, str.length()-pos-1); + } +} + + +inline void replaceAll(std::string &str, std::string_view from, + std::string_view to) { + size_t start_pos = 0; + while ((start_pos = str.find(from, start_pos)) != std::string::npos) { + str.replace(start_pos, from.length(), to); + start_pos += to.length(); + } +} + + +inline std::string removeWhiteSpacesIfNeeded(std::string a) { + while (a.size() > 1 && a.at(0) == ' ') { + a.erase(0, 1); + } + while (a.size() > 1 && a.at(a.length()-1) == ' ') { + a.pop_back(); + } + return a; +} + + +inline std::string removeBracketsIfNeeded(std::string a) { + if (a.length() > 1 && a.at(0) == '"' && a.at(a.length()-1) == '"') { + a.pop_back(); + a.erase(0, 1); + } + if (a.length() > 1 && a.at(0) == '\'' && a.at(a.length()-1) == '\'') { + a.pop_back(); + a.erase(0, 1); + } + return a; +} + + +inline std::string parserSanitizer(std::string a) { + a = removeWhiteSpacesIfNeeded(a); + a = removeBracketsIfNeeded(a); + return a; +} + + +/** + * Converts a single hexadecimal digit into a decimal value. + */ +inline unsigned char xsingle2c(const unsigned char *what) { + unsigned char digit; + + digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0')); + + return digit; +} + + +inline unsigned char x2c(const unsigned char *what) { + unsigned char digit; + + digit = xsingle2c(what); + digit *= 16; + digit += xsingle2c(what+1); + + return digit; +} + + +inline unsigned char *c2x(unsigned what, unsigned char *where) { + static const char c2x_table[] = "0123456789abcdef"; + + what = what & 0xff; + *where++ = c2x_table[what >> 4]; + *where++ = c2x_table[what & 0x0f]; + + return where; +} + + +inline std::string string_to_hex(std::string_view input) { + static const char* const lut = "0123456789abcdef"; + + std::string a(input.size()*2, 0); + char *d = a.data(); + + for (const unsigned char c : input) { + *d++ = lut[c >> 4]; + *d++ = lut[c & 15]; + } + + return a; +} + + +template +inline std::string toCaseHelper(std::string str, Operation op) { + std::transform(str.begin(), + str.end(), + str.begin(), + op); + + return str; +} + + +inline std::string tolower(std::string str) { // cppcheck-suppress passedByValue ; copied value is used for in-place transformation + return toCaseHelper(str, ::tolower); +} + + +inline std::string toupper(std::string str) { // cppcheck-suppress passedByValue ; copied value is used for in-place transformation + return toCaseHelper(str, ::toupper); +} + + +} // namespace modsecurity::utils::string #endif // SRC_UTILS_STRING_H_ diff --git a/src/deps/src/modsecurity/src/utils/system.cc b/src/deps/src/modsecurity/src/utils/system.cc index 69b904042b..f48afb7d6b 100644 --- a/src/deps/src/modsecurity/src/utils/system.cc +++ b/src/deps/src/modsecurity/src/utils/system.cc @@ -19,6 +19,9 @@ #include #ifdef __OpenBSD__ #include +#elif defined(WIN32) +#include "Poco/Glob.h" +#include #else #include #endif @@ -31,6 +34,7 @@ #include #if defined _MSC_VER +#include "src/compat/msvc.h" #include #elif defined __GNUC__ #include @@ -40,6 +44,36 @@ #include "src/utils/system.h" #include "src/config.h" +#ifdef WIN32 + +// Public domain code from mingw-w64's winpthreads +// https://sourceforge.net/p/mingw-w64/code/HEAD/tree/trunk/mingw-w64-libraries/winpthreads/src/clock.c +// + +#define CLOCK_PROCESS_CPUTIME_ID 2 +#define POW10_7 10000000 + +// NOTE: includes only CLOCK_PROCESS_CPUTIME_ID implementation, ignores clock_id argument +static int clock_gettime(int clock_id, struct timespec *tp) +{ + unsigned __int64 t; + LARGE_INTEGER pf, pc; + union { + unsigned __int64 u64; + FILETIME ft; + } ct, et, kt, ut; + + if(0 == GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft)) + return -1; + t = kt.u64 + ut.u64; + tp->tv_sec = t / POW10_7; + tp->tv_nsec = ((int) (t % POW10_7)) * 100; + + return 0; +} + +#endif + namespace modsecurity { namespace utils { @@ -64,19 +98,15 @@ double cpu_seconds(void) { std::string find_resource(const std::string& resource, const std::string& config, std::string *err) { - std::ifstream *iss; err->assign("Looking at: "); // Trying absolute or relative to the current dir. - iss = new std::ifstream(resource, std::ios::in); - if (iss->is_open()) { - iss->close(); - delete iss; + auto iss = std::ifstream(resource, std::ios::in); + if (iss.is_open()) { return resource; } else { err->append("'" + resource + "', "); } - delete iss; // What about `*' ? if (utils::expandEnv(resource, 0).size() > 0) { @@ -87,15 +117,12 @@ std::string find_resource(const std::string& resource, // Trying the same path of the configuration file. std::string f = get_path(config) + "/" + resource; - iss = new std::ifstream(f, std::ios::in); - if (iss->is_open()) { - iss->close(); - delete iss; + iss = std::ifstream(f, std::ios::in); + if (iss.is_open()) { return f; } else { err->append("'" + f + "', "); } - delete iss; // What about `*' ? if (utils::expandEnv(f, 0).size() > 0) { @@ -122,8 +149,16 @@ std::string get_path(const std::string& file) { std::list expandEnv(const std::string& var, int flags) { std::list vars; - -#ifdef __OpenBSD__ +#ifdef WIN32 + // NOTE: align scopes with if & if in other versions + { + { + std::set files; + Poco::Glob::glob(var, files); + for(auto file : files) { + std::replace(file.begin(), file.end(), '\\', '/'); // preserve unix-like paths + const char* exp[] = { file.c_str() }; +#elif defined(__OpenBSD__) glob_t p; if (glob(var.c_str(), flags, NULL, &p) == false) { if (p.gl_pathc) { @@ -135,15 +170,13 @@ std::list expandEnv(const std::string& var, int flags) { if (p.we_wordc) { for (char** exp = p.we_wordv; *exp; ++exp) { #endif - std::ifstream *iss = new std::ifstream(exp[0], std::ios::in); - if (iss->is_open()) { - iss->close(); + auto iss = std::ifstream(exp[0], std::ios::in); + if (iss.is_open()) vars.push_back(exp[0]); - } - delete iss; } } -#ifdef __OpenBSD__ +#ifdef WIN32 +#elif defined(__OpenBSD__) globfree(&p); #else wordfree(&p); @@ -153,7 +186,13 @@ std::list expandEnv(const std::string& var, int flags) { } bool createDir(const std::string& dir, int mode, std::string *error) { +#ifndef WIN32 int ret = mkdir(dir.data(), mode); +#else + if (dir == ".") + return true; + int ret = _mkdir(dir.c_str()); +#endif if (ret != 0 && errno != EEXIST) { error->assign("Not able to create directory: " + dir + ": " \ + strerror(errno) + "."); diff --git a/src/deps/src/modsecurity/src/utils/system.h b/src/deps/src/modsecurity/src/utils/system.h index b3033b44e9..d6b0adf631 100644 --- a/src/deps/src/modsecurity/src/utils/system.h +++ b/src/deps/src/modsecurity/src/utils/system.h @@ -13,8 +13,6 @@ * */ -#include -#include #include #include diff --git a/src/deps/src/modsecurity/src/variables/env.cc b/src/deps/src/modsecurity/src/variables/env.cc index dfb2c3f03d..bf40954a86 100644 --- a/src/deps/src/modsecurity/src/variables/env.cc +++ b/src/deps/src/modsecurity/src/variables/env.cc @@ -25,9 +25,15 @@ #include #include +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + #include "modsecurity/transaction.h" +#ifndef WIN32 extern char **environ; +#endif namespace modsecurity { namespace variables { @@ -47,12 +53,20 @@ void Env::evaluate(Transaction *transaction, transaction->m_variableEnvs.insert(a); } + const auto hasName = m_name.length() > 0; for (auto& x : transaction->m_variableEnvs) { - if (x.first != m_name && m_name.length() > 0) { +#ifndef WIN32 + if (hasName && x.first != m_name) { +#else + if (hasName && strcasecmp(x.first.c_str(), m_name.c_str()) != 0) { +#endif continue; } - if (!m_keyExclusion.toOmit(x.first)) { - l->push_back(new VariableValue(&m_collectionName, &x.first, + // (Windows) we need to keep the case from the rule in case that from + // the environment differs. + const auto &key = hasName ? m_name : x.first; + if (!m_keyExclusion.toOmit(key)) { + l->push_back(new VariableValue(&m_collectionName, &key, &x.second)); } } diff --git a/src/deps/src/modsecurity/src/variables/remote_user.cc b/src/deps/src/modsecurity/src/variables/remote_user.cc index cc357aead1..550294c70e 100644 --- a/src/deps/src/modsecurity/src/variables/remote_user.cc +++ b/src/deps/src/modsecurity/src/variables/remote_user.cc @@ -39,50 +39,40 @@ namespace variables { void RemoteUser::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - size_t pos; - std::string base64; - VariableValue *var; - std::string header; + std::vector l2; - std::vector *l2 = \ - new std::vector(); - transaction->m_variableRequestHeaders.resolve("authorization", l2); + transaction->m_variableRequestHeaders.resolve("authorization", &l2); - if (l2->size() < 1) { - goto clear; - } + if (!l2.empty()) { + const auto *v = l2[0]; - header = std::string(l2->at(0)->getValue()); + const auto &header = v->getValue(); - if (header.compare(0, 6, "Basic ") == 0) { - base64 = std::string(header, 6, header.length()); - } + std::string base64; - base64 = Utils::Base64::decode(base64); + if (header.compare(0, 6, "Basic ") == 0) { + base64 = std::string(header, 6, header.length()); + } - pos = base64.find(":"); - if (pos == std::string::npos) { - goto clear; - } - transaction->m_variableRemoteUser.assign(std::string(base64, 0, pos)); + base64 = Utils::Base64::decode(base64); - var = new VariableValue(&l2->at(0)->getKeyWithCollection(), - &transaction->m_variableRemoteUser); + if (const auto pos{base64.find(":")}; pos != std::string::npos) { + transaction->m_variableRemoteUser.assign(std::string(base64, 0, pos)); - for (const auto &i : l2->at(0)->getOrigin()) { - std::unique_ptr origin(new VariableOrigin()); - origin->m_offset = i->m_offset; - origin->m_length = i->m_length; - var->addOrigin(std::move(origin)); - } - l->push_back(var); + auto var = std::make_unique(&v->getKeyWithCollection(), + &transaction->m_variableRemoteUser); + + var->reserveOrigin(v->getOrigin().size()); + for (const auto &i : v->getOrigin()) { + var->addOrigin(i); + } + l->push_back(var.release()); + } -clear: - for (auto &a : *l2) { - delete a; + for (auto &a : l2) { + delete a; + } } - l2->clear(); - delete l2; } diff --git a/src/deps/src/modsecurity/src/variables/rule.h b/src/deps/src/modsecurity/src/variables/rule.h index f9e2f989d2..eed98c8ae9 100644 --- a/src/deps/src/modsecurity/src/variables/rule.h +++ b/src/deps/src/modsecurity/src/variables/rule.h @@ -35,7 +35,7 @@ namespace variables { class Rule_DictElement : public VariableDictElement { \ public: explicit Rule_DictElement(const std::string &dictElement) - : VariableDictElement(std::string("RULE"), dictElement) { } + : VariableDictElement(m_rule, dictElement) { } static void id(Transaction *t, RuleWithActions *rule, @@ -49,16 +49,8 @@ class Rule_DictElement : public VariableDictElement { \ if (!r || r->m_ruleId == 0) { return; } - std::unique_ptr origin(new VariableOrigin()); - std::string *a = new std::string(std::to_string(r->m_ruleId)); - VariableValue *var = new VariableValue(&m_rule, &m_rule_id, - a - ); - delete a; - origin->m_offset = 0; - origin->m_length = 0; - var->addOrigin(std::move(origin)); - l->push_back(var); + + addVariableOrigin(m_rule_id, std::to_string(r->m_ruleId), l); } @@ -75,16 +67,7 @@ class Rule_DictElement : public VariableDictElement { \ return; } - std::unique_ptr origin(new VariableOrigin()); - std::string *a = new std::string(r->m_rev); - VariableValue *var = new VariableValue(&m_rule, &m_rule_rev, - a - ); - delete a; - origin->m_offset = 0; - origin->m_length = 0; - var->addOrigin(std::move(origin)); - l->push_back(var); + addVariableOrigin(m_rule_rev, r->m_rev, l); } @@ -98,16 +81,7 @@ class Rule_DictElement : public VariableDictElement { \ } if (r && r->hasSeverity()) { - std::unique_ptr origin(new VariableOrigin()); - std::string *a = new std::string(std::to_string(r->severity())); - VariableValue *var = new VariableValue(&m_rule, &m_rule_severity, - a - ); - delete a; - origin->m_offset = 0; - origin->m_length = 0; - var->addOrigin(std::move(origin)); - l->push_back(var); + addVariableOrigin(m_rule_severity, std::to_string(r->severity()), l); } } @@ -122,16 +96,7 @@ class Rule_DictElement : public VariableDictElement { \ } if (r && r->hasLogData()) { - std::unique_ptr origin(new VariableOrigin()); - std::string *a = new std::string(r->logData(t)); - VariableValue *var = new VariableValue(&m_rule, &m_rule_logdata, - a - ); - delete a; - origin->m_offset = 0; - origin->m_length = 0; - var->addOrigin(std::move(origin)); - l->push_back(var); + addVariableOrigin(m_rule_logdata, r->logData(t), l); } } @@ -145,39 +110,30 @@ class Rule_DictElement : public VariableDictElement { \ } if (r && r->hasMsg()) { - std::unique_ptr origin(new VariableOrigin()); - std::string *a = new std::string(r->msg(t)); - VariableValue *var = new VariableValue(&m_rule, &m_rule_msg, - a - ); - delete a; - origin->m_offset = 0; - origin->m_length = 0; - var->addOrigin(std::move(origin)); - l->push_back(var); + addVariableOrigin(m_rule_msg, r->msg(t), l); } } void evaluate(Transaction *t, RuleWithActions *rule, std::vector *l) override { - if (m_dictElement == "id") { + if (m_dictElement == m_rule_id) { id(t, rule, l); return; } - if (rule && m_dictElement == "rev") { + if (rule && m_dictElement == m_rule_rev) { rev(t, rule, l); return; } - if (rule && m_dictElement == "severity") { + if (rule && m_dictElement == m_rule_severity) { severity(t, rule, l); return; } - if (m_dictElement == "logdata") { + if (m_dictElement == m_rule_logdata) { logData(t, rule, l); return; } - if (m_dictElement == "msg") { + if (m_dictElement == m_rule_msg) { msg(t, rule, l); return; } @@ -189,6 +145,18 @@ class Rule_DictElement : public VariableDictElement { \ static const std::string m_rule_severity; static const std::string m_rule_logdata; static const std::string m_rule_msg; + +private: + + static inline void addVariableOrigin(const std::string &key, + const std::string &value, + std::vector *l) { + auto var = new VariableValue(&m_rule, &key, + &value + ); + var->addOrigin(); + l->push_back(var); + } }; diff --git a/src/deps/src/modsecurity/src/variables/time.cc b/src/deps/src/modsecurity/src/variables/time.cc index ae071b496f..c674f4e04f 100644 --- a/src/deps/src/modsecurity/src/variables/time.cc +++ b/src/deps/src/modsecurity/src/variables/time.cc @@ -30,21 +30,23 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void Time::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); + + char tstr[std::size("hh:mm:ss")]; strftime(tstr, 200, "%H:%M:%S", &timeinfo); transaction->m_variableTime.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/time_day.cc b/src/deps/src/modsecurity/src/variables/time_day.cc index f74a8409be..eefe937fb5 100644 --- a/src/deps/src/modsecurity/src/variables/time_day.cc +++ b/src/deps/src/modsecurity/src/variables/time_day.cc @@ -30,21 +30,24 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeDay::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%d", &timeinfo); + + char tstr[std::size("dd")]; + strftime(tstr, std::size(tstr), "%d", &timeinfo); transaction->m_variableTimeDay.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/time_hour.cc b/src/deps/src/modsecurity/src/variables/time_hour.cc index 0f2a421931..1a9c1bf75f 100644 --- a/src/deps/src/modsecurity/src/variables/time_hour.cc +++ b/src/deps/src/modsecurity/src/variables/time_hour.cc @@ -30,21 +30,24 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeHour::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%H", &timeinfo); + + char tstr[std::size("hh")]; + strftime(tstr, std::size(tstr), "%H", &timeinfo); transaction->m_variableTimeHour.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/time_min.cc b/src/deps/src/modsecurity/src/variables/time_min.cc index 526d8e6f61..134582de4e 100644 --- a/src/deps/src/modsecurity/src/variables/time_min.cc +++ b/src/deps/src/modsecurity/src/variables/time_min.cc @@ -30,21 +30,24 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeMin::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%M", &timeinfo); + + char tstr[std::size("mm")]; + strftime(tstr, std::size(tstr), "%M", &timeinfo); transaction->m_variableTimeMin.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/time_mon.cc b/src/deps/src/modsecurity/src/variables/time_mon.cc index 53ba291904..1805911216 100644 --- a/src/deps/src/modsecurity/src/variables/time_mon.cc +++ b/src/deps/src/modsecurity/src/variables/time_mon.cc @@ -30,25 +30,23 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeMon::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%m", &timeinfo); - int a = atoi(tstr); - a--; - transaction->m_variableTimeMin.assign(std::to_string(a)); + transaction->m_variableTimeMin.assign(std::to_string(timeinfo.tm_mon)); l->push_back(new VariableValue(&m_retName, &transaction->m_variableTimeMin)); diff --git a/src/deps/src/modsecurity/src/variables/time_sec.cc b/src/deps/src/modsecurity/src/variables/time_sec.cc index 20d3be7a93..a960477100 100644 --- a/src/deps/src/modsecurity/src/variables/time_sec.cc +++ b/src/deps/src/modsecurity/src/variables/time_sec.cc @@ -30,21 +30,24 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeSec::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%S", &timeinfo); + + char tstr[std::size("ss")]; + strftime(tstr, std::size(tstr), "%S", &timeinfo); transaction->m_variableTimeSec.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/time_wday.cc b/src/deps/src/modsecurity/src/variables/time_wday.cc index ff9825c189..e1840f5823 100644 --- a/src/deps/src/modsecurity/src/variables/time_wday.cc +++ b/src/deps/src/modsecurity/src/variables/time_wday.cc @@ -30,21 +30,24 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeWDay::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%u", &timeinfo); + + char tstr[std::size("d")]; + strftime(tstr, std::size(tstr), "%u", &timeinfo); transaction->m_variableTimeWDay.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/time_year.cc b/src/deps/src/modsecurity/src/variables/time_year.cc index a465612543..a8f1a50287 100644 --- a/src/deps/src/modsecurity/src/variables/time_year.cc +++ b/src/deps/src/modsecurity/src/variables/time_year.cc @@ -30,21 +30,24 @@ #include "modsecurity/transaction.h" +#ifdef WIN32 +#include "src/compat/msvc.h" +#endif + namespace modsecurity { namespace variables { void TimeYear::evaluate(Transaction *transaction, RuleWithActions *rule, std::vector *l) { - char tstr[200]; - struct tm timeinfo; time_t timer; - time(&timer); - memset(tstr, '\0', 200); + struct tm timeinfo; localtime_r(&timer, &timeinfo); - strftime(tstr, 200, "%Y", &timeinfo); + + char tstr[std::size("yyyy")]; + strftime(tstr, std::size(tstr), "%Y", &timeinfo); transaction->m_variableTimeYear.assign(tstr); diff --git a/src/deps/src/modsecurity/src/variables/variable.h b/src/deps/src/modsecurity/src/variables/variable.h index e854aca713..fc4671bbbe 100644 --- a/src/deps/src/modsecurity/src/variables/variable.h +++ b/src/deps/src/modsecurity/src/variables/variable.h @@ -707,9 +707,8 @@ class VariableModificatorCount : public Variable { } reslIn.clear(); - std::string *res = new std::string(std::to_string(count)); - val = new VariableValue(m_fullName.get(), res); - delete res; + auto res = std::to_string(count); + val = new VariableValue(m_fullName.get(), &res); l->push_back(val); return; diff --git a/src/deps/src/modsecurity/src/variables/xml.cc b/src/deps/src/modsecurity/src/variables/xml.cc index 9b3d8ff96e..03dbc96732 100644 --- a/src/deps/src/modsecurity/src/variables/xml.cc +++ b/src/deps/src/modsecurity/src/variables/xml.cc @@ -124,13 +124,12 @@ void XML::evaluate(Transaction *t, content = reinterpret_cast( xmlNodeGetContent(nodes->nodeTab[i])); if (content != NULL) { - std::string *a = new std::string(content); + auto a = std::string(content); VariableValue *var = new VariableValue(m_fullName.get(), - a); + &a); if (!m_keyExclusion.toOmit(*m_fullName)) { l->push_back(var); } - delete a; xmlFree(content); } } diff --git a/src/deps/src/modsecurity/test/Makefile.am b/src/deps/src/modsecurity/test/Makefile.am index 9237a87492..4d4396ae82 100644 --- a/src/deps/src/modsecurity/test/Makefile.am +++ b/src/deps/src/modsecurity/test/Makefile.am @@ -70,7 +70,6 @@ unit_tests_LDFLAGS = \ unit_tests_CPPFLAGS = \ - -std=c++11 \ -Icommon \ -I../ \ -g \ @@ -126,7 +125,6 @@ regression_tests_LDFLAGS = \ regression_tests_CPPFLAGS = \ - -std=c++11 \ -Icommon \ -I../ \ -g \ @@ -179,7 +177,6 @@ rules_optimization_LDFLAGS = \ $(YAJL_LDFLAGS) rules_optimization_CPPFLAGS = \ - -std=c++11 \ -Icommon \ -I../ \ -g \ diff --git a/src/deps/src/modsecurity/test/benchmark/Makefile.am b/src/deps/src/modsecurity/test/benchmark/Makefile.am index 73a975b33a..88da53e86a 100644 --- a/src/deps/src/modsecurity/test/benchmark/Makefile.am +++ b/src/deps/src/modsecurity/test/benchmark/Makefile.am @@ -32,7 +32,6 @@ benchmark_LDFLAGS = \ $(LUA_LDFLAGS) benchmark_CPPFLAGS = \ - -std=c++11 \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ diff --git a/src/deps/src/modsecurity/test/benchmark/basic_rules.conf b/src/deps/src/modsecurity/test/benchmark/basic_rules.conf index d6e13db200..b82a378595 100644 --- a/src/deps/src/modsecurity/test/benchmark/basic_rules.conf +++ b/src/deps/src/modsecurity/test/benchmark/basic_rules.conf @@ -1,5 +1,3 @@ Include "../../modsecurity.conf-recommended" -Include "owasp-v3/crs-setup.conf.example" -Include "owasp-v3/rules/*.conf" diff --git a/src/deps/src/modsecurity/test/benchmark/benchmark.cc b/src/deps/src/modsecurity/test/benchmark/benchmark.cc index a1037a470b..8b36d368aa 100644 --- a/src/deps/src/modsecurity/test/benchmark/benchmark.cc +++ b/src/deps/src/modsecurity/test/benchmark/benchmark.cc @@ -73,7 +73,7 @@ int main(int argc, char *argv[]) { modsecurity::ModSecurity *modsec; modsecurity::RulesSet *rules; modsecurity::ModSecurityIntervention it; - modsecurity::intervention::reset(&it); + modsecurity::intervention::clean(&it); modsec = new modsecurity::ModSecurity(); modsec->setConnectorInformation("ModSecurity-benchmark v0.0.1-alpha" \ " (ModSecurity benchmark utility)"); @@ -167,6 +167,8 @@ int main(int argc, char *argv[]) { next_request: modsecTransaction->processLogging(); delete modsecTransaction; + modsecurity::intervention::free(&it); + modsecurity::intervention::clean(&it); } delete rules; diff --git a/src/deps/src/modsecurity/test/benchmark/download-owasp-v2-rules.sh b/src/deps/src/modsecurity/test/benchmark/download-owasp-v2-rules.sh deleted file mode 100755 index facc48d3e0..0000000000 --- a/src/deps/src/modsecurity/test/benchmark/download-owasp-v2-rules.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# -# - -git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git owasp-v2 - -echo 'Include "owasp-v2/base_rules/*.conf"' >> basic_rules.conf -echo 'Include "owasp-v2/optional_rules/*.conf"' >> basic_rules.conf -echo 'Include "owasp-v2/experimental_rules/*.conf"' >> basic_rules.conf -echo 'Include "owasp-v2/slr_rules/modsecurity_crs_46_slr_et_xss_attacks.conf"' >> basic_rules.conf -echo 'Include "owasp-v2/slr_rules/modsecurity_crs_46_slr_et_sqli_attacks.conf"' >> basic_rules.conf -echo 'Include "owasp-v2/slr_rules/modsecurity_crs_46_slr_et_rfi_attacks.conf"' >> basic_rules.conf - - -# Content injection not support in modsec v3 -rm owasp-v2/optional_rules/modsecurity_crs_43_csrf_protection.conf - - -# Slow dos is not yet supported -rm owasp-v2/experimental_rules/modsecurity_crs_11_slow_dos_protection.conf - - -# WEBSERVER_ERROR_LOG is not supported in v3. -cat owasp-v2/base_rules/modsecurity_crs_20_protocol_violations.conf | sed 's/SecRule WEBSERVER_ERROR_LOG/#SecRule WEBSERVER_ERROR_LOG/g' > owasp-v2/base_rules/modsecurity_crs_20_protocol_violations.conf.tmp -mv owasp-v2/base_rules/modsecurity_crs_20_protocol_violations.conf.tmp owasp-v2/base_rules/modsecurity_crs_20_protocol_violations.conf - - -# Apache specific configuration. -cat owasp-v2/optional_rules/modsecurity_crs_49_header_tagging.conf | sed 's/RequestHeader/#RequestHeader/g' > owasp-v2/optional_rules/modsecurity_crs_49_header_tagging.conf.tmp -mv owasp-v2/optional_rules/modsecurity_crs_49_header_tagging.conf.tmp owasp-v2/optional_rules/modsecurity_crs_49_header_tagging.conf - -cat owasp-v2/optional_rules/modsecurity_crs_55_application_defects.conf | sed 's/Header edit/#Header edit/g' > owasp-v2/optional_rules/modsecurity_crs_55_application_defects.conf.tmp -mv owasp-v2/optional_rules/modsecurity_crs_55_application_defects.conf.tmp owasp-v2/optional_rules/modsecurity_crs_55_application_defects.conf - -cat owasp-v2/experimental_rules/modsecurity_crs_42_csp_enforcement.conf | sed 's/Header set/#Header set/g' > owasp-v2/experimental_rules/modsecurity_crs_42_csp_enforcement.conf.tmp -mv owasp-v2/experimental_rules/modsecurity_crs_42_csp_enforcement.conf.tmp owasp-v2/experimental_rules/modsecurity_crs_42_csp_enforcement.conf - - -# Disables SecGeoLookupDb -cat owasp-v2/experimental_rules/modsecurity_crs_61_ip_forensics.conf | sed 's/SecGeoLookupDb/#SecGeoLookupDb/g' > owasp-v2/experimental_rules/modsecurity_crs_61_ip_forensics.conf.tmp -mv owasp-v2/experimental_rules/modsecurity_crs_61_ip_forensics.conf.tmp owasp-v2/experimental_rules/modsecurity_crs_61_ip_forensics.conf - -cat owasp-v2/experimental_rules/modsecurity_crs_11_proxy_abuse.conf | sed 's/SecGeoLookupDb/#SecGeoLookupDb/g' > owasp-v2/experimental_rules/modsecurity_crs_11_proxy_abuse.conf.tmp -mv owasp-v2/experimental_rules/modsecurity_crs_11_proxy_abuse.conf.tmp owasp-v2/experimental_rules/modsecurity_crs_11_proxy_abuse.conf - - -# STREAM_OUTPUT_BODY is not supported -cat owasp-v2/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf | sed 's/SecRule STREAM_OUTPUT_BODY/#SecRule STREAM_OUTPUT_BODY/g' > owasp-v2/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf.tmp -mv owasp-v2/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf.tmp owasp-v2/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf - - -echo "Done." - diff --git a/src/deps/src/modsecurity/test/benchmark/download-owasp-v3-rules.sh b/src/deps/src/modsecurity/test/benchmark/download-owasp-v3-rules.sh index c3bc0dfa88..6fdb165c2a 100755 --- a/src/deps/src/modsecurity/test/benchmark/download-owasp-v3-rules.sh +++ b/src/deps/src/modsecurity/test/benchmark/download-owasp-v3-rules.sh @@ -1,10 +1,6 @@ #!/bin/bash - -git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git owasp-v3 -cd owasp-v3 -git checkout v3.0.2 -b tag3.0.2 -cd - +git clone -c advice.detachedHead=false --depth 1 --branch v3.0.2 https://github.com/coreruleset/coreruleset.git owasp-v3 echo 'Include "owasp-v3/crs-setup.conf.example"' >> basic_rules.conf echo 'Include "owasp-v3/rules/*.conf"' >> basic_rules.conf diff --git a/src/deps/src/modsecurity/test/benchmark/download-owasp-v4-rules.sh b/src/deps/src/modsecurity/test/benchmark/download-owasp-v4-rules.sh new file mode 100755 index 0000000000..cff3cf53c3 --- /dev/null +++ b/src/deps/src/modsecurity/test/benchmark/download-owasp-v4-rules.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +git clone -c advice.detachedHead=false --depth 1 --branch v4.3.0 https://github.com/coreruleset/coreruleset.git owasp-v4 + +echo 'Include "owasp-v4/crs-setup.conf.example"' >> basic_rules.conf +echo 'Include "owasp-v4/rules/*.conf"' >> basic_rules.conf + +echo "Done." + diff --git a/src/deps/src/modsecurity/test/coding_style_suppressions.txt b/src/deps/src/modsecurity/test/coding_style_suppressions.txt index c2b1ea52d9..bba5a62c99 100644 --- a/src/deps/src/modsecurity/test/coding_style_suppressions.txt +++ b/src/deps/src/modsecurity/test/coding_style_suppressions.txt @@ -13,7 +13,6 @@ ./src/utils/acmp.cc ./src/utils/acmp.h ./src/utils/mbedtls/ -./src/utils/md5.cc ./src/utils/md5.h ./src/utils/msc_tree.cc ./src/utils/msc_tree.h diff --git a/src/deps/src/modsecurity/test/common/modsecurity_test.cc b/src/deps/src/modsecurity/test/common/modsecurity_test.cc index 5b63580f66..0f769054e8 100644 --- a/src/deps/src/modsecurity/test/common/modsecurity_test.cc +++ b/src/deps/src/modsecurity/test/common/modsecurity_test.cc @@ -46,7 +46,7 @@ std::string ModSecurityTest::header() { } template -bool ModSecurityTest::load_test_json(std::string file) { +bool ModSecurityTest::load_test_json(const std::string &file) { char errbuf[1024]; yajl_val node; @@ -76,13 +76,12 @@ bool ModSecurityTest::load_test_json(std::string file) { u->filename = file; if (this->count(u->filename + ":" + u->name) == 0) { - std::vector *vector = new std::vector; - vector->push_back(u); + auto vec = new std::vector; + vec->push_back(u); std::string filename(u->filename + ":" + u->name); - std::pair*> a(filename, vector); - this->insert(a); + this->insert({filename, vec}); } else { - std::vector *vec = this->at(u->filename + ":" + u->name); + auto vec = this->at(u->filename + ":" + u->name); vec->push_back(u); } } @@ -94,13 +93,13 @@ bool ModSecurityTest::load_test_json(std::string file) { template -std::pair>* -ModSecurityTest::load_tests(std::string path) { +void +ModSecurityTest::load_tests(const std::string &path) { DIR *dir; struct dirent *ent; struct stat buffer; - if ((dir = opendir(path.c_str())) == NULL) { + if ((dir = opendir(path.c_str())) == nullptr) { /* if target is a file, use it as a single test. */ if (stat(path.c_str(), &buffer) == 0) { if (load_test_json(path) == false) { @@ -108,10 +107,10 @@ ModSecurityTest::load_tests(std::string path) { std::cout << std::endl; } } - return NULL; + return; } - while ((ent = readdir(dir)) != NULL) { + while ((ent = readdir(dir)) != nullptr) { std::string filename = ent->d_name; std::string json = ".json"; if (filename.size() < json.size() @@ -124,16 +123,15 @@ ModSecurityTest::load_tests(std::string path) { } } closedir(dir); - - return NULL; } template -std::pair>* ModSecurityTest::load_tests() { - return load_tests(this->target); +void ModSecurityTest::load_tests() { + load_tests(this->target); } + template void ModSecurityTest::cmd_options(int argc, char **argv) { int i = 1; @@ -145,6 +143,10 @@ void ModSecurityTest::cmd_options(int argc, char **argv) { i++; m_count_all = true; } + if (argc > i && strcmp(argv[i], "mtstress") == 0) { + i++; + m_test_multithreaded = true; + } if (std::getenv("AUTOMAKE_TESTS")) { m_automake_output = true; } diff --git a/src/deps/src/modsecurity/test/common/modsecurity_test.h b/src/deps/src/modsecurity/test/common/modsecurity_test.h index 83e06ab8fe..8b55a16c62 100644 --- a/src/deps/src/modsecurity/test/common/modsecurity_test.h +++ b/src/deps/src/modsecurity/test/common/modsecurity_test.h @@ -34,13 +34,14 @@ template class ModSecurityTest : ModSecurityTest() : m_test_number(0), m_automake_output(false), - m_count_all(false) { } + m_count_all(false), + m_test_multithreaded(false) { } std::string header(); void cmd_options(int, char **); - std::pair>* load_tests(); - std::pair>* load_tests(std::string path); - bool load_test_json(std::string); + void load_tests(); + void load_tests(const std::string &path); + bool load_test_json(const std::string &file); std::string target; bool verbose = false; @@ -48,6 +49,7 @@ template class ModSecurityTest : int m_test_number; bool m_automake_output; bool m_count_all; + bool m_test_multithreaded; }; } // namespace modsecurity_test diff --git a/src/deps/src/modsecurity/test/cppcheck_suppressions.txt b/src/deps/src/modsecurity/test/cppcheck_suppressions.txt index ebbc665ee0..81d47b1d67 100644 --- a/src/deps/src/modsecurity/test/cppcheck_suppressions.txt +++ b/src/deps/src/modsecurity/test/cppcheck_suppressions.txt @@ -1,22 +1,12 @@ // // Ignore libinjection related stuff. // -*:others/libinjection/src/libinjection_html5.c -*:others/libinjection/src/libinjection_sqli.c -*:others/libinjection/src/libinjection_xss.c -*:others/libinjection/src/reader.c -*:others/libinjection/src/sqli_cli.c -*:others/libinjection/src/testdriver.c -*:others/libinjection/src/test_speed_sqli.c -*:others/libinjection/src/test_speed_xss.c - +*:others/libinjection/src/* // // Lets ignore mbedtls. // -*:others/mbedtls/base64.c -*:others/mbedtls/md5.c -*:others/mbedtls/sha1.c +*:others/mbedtls/* // @@ -25,48 +15,11 @@ shiftNegative:src/utils/msc_tree.cc *:src/utils/acmp.cc *:src/utils/msc_tree.cc -invalidScanfArgType_int:src/rules_set_properties.cc:101 -invalidScanfArgType_int:src/rules_set_properties.cc:102 // // ModSecurity v3 code... // -unmatchedSuppression:src/utils/geo_lookup.cc:82 -useInitializationList:src/utils/shared_files.h:87 -unmatchedSuppression:src/utils/msc_tree.cc -functionStatic:headers/modsecurity/transaction.h:408 -duplicateBranch:src/audit_log/audit_log.cc:226 -unreadVariable:src/request_body_processor/multipart.cc:435 -stlcstrParam:src/audit_log/writer/parallel.cc:145 -functionStatic:src/engine/lua.h:70 -functionStatic:src/engine/lua.h:71 -functionConst:src/utils/geo_lookup.h:49 -useInitializationList:src/operators/rbl.h:69 -constStatement:test/common/modsecurity_test.cc:82 -danglingTemporaryLifetime:src/modsecurity.cc:206 -functionStatic:src/operators/geo_lookup.h:35 -duplicateBreak:src/operators/validate_utf8_encoding.cc -syntaxError:src/transaction.cc:62 -noConstructor:src/variables/variable.h:152 -danglingTempReference:src/modsecurity.cc:206 -knownConditionTrueFalse:src/operators/validate_url_encoding.cc:77 -knownConditionTrueFalse:src/operators/verify_svnr.cc:87 -rethrowNoCurrentException:headers/modsecurity/transaction.h:313 -rethrowNoCurrentException:src/rule_with_actions.cc:127 -ctunullpointer:src/rule_with_actions.cc:244 -ctunullpointer:src/rule_with_operator.cc:135 -ctunullpointer:src/rule_with_operator.cc:95 -passedByValue:test/common/modsecurity_test.cc:49 -passedByValue:test/common/modsecurity_test.cc:98 -unreadVariable:src/rule_with_operator.cc:219 - -uninitvar:src/operators/verify_cpf.cc:77 -uninitvar:src/operators/verify_svnr.cc:67 - -functionConst:src/collection/backend/lmdb.h:86 -unusedLabel:src/collection/backend/lmdb.cc:297 - variableScope:src/operators/rx.cc variableScope:src/operators/rx_global.cc @@ -101,5 +54,4 @@ stlcstrStream uselessCallsSubstr // Examples -memleak:examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h:147 memleak:examples/using_bodies_in_chunks/simple_request.cc diff --git a/src/deps/src/modsecurity/test/custom-test-driver b/src/deps/src/modsecurity/test/custom-test-driver index aa490ee690..d9b0d0ff6f 100755 --- a/src/deps/src/modsecurity/test/custom-test-driver +++ b/src/deps/src/modsecurity/test/custom-test-driver @@ -42,9 +42,9 @@ print_usage () { cat < #include +#ifndef WIN32 #include +#else +#include +#endif #include #include diff --git a/src/deps/src/modsecurity/test/optimization/optimization.cc b/src/deps/src/modsecurity/test/optimization/optimization.cc index f4014058c3..19298b0b9a 100644 --- a/src/deps/src/modsecurity/test/optimization/optimization.cc +++ b/src/deps/src/modsecurity/test/optimization/optimization.cc @@ -87,7 +87,7 @@ int main(int argc, char **argv) { continue; } - if (dynamic_cast(z.get()) != nullptr) { + if (dynamic_cast(z.get())) { std::string op = "Unconditional"; if (operators.count(op) > 0) { operators[op] = 1 + operators[op]; @@ -96,9 +96,7 @@ int main(int argc, char **argv) { } } - if (dynamic_cast(z.get()) != nullptr) { - auto *rwo = dynamic_cast(z.get()); - + if (auto rwo = dynamic_cast(z.get())) { std::string op = rwo->getOperatorName(); if (operators.count(op) > 0) { operators[op] = 1 + operators[op]; diff --git a/src/deps/src/modsecurity/test/regression/regression.cc b/src/deps/src/modsecurity/test/regression/regression.cc index 6343c9e1c3..a6ede61c72 100644 --- a/src/deps/src/modsecurity/test/regression/regression.cc +++ b/src/deps/src/modsecurity/test/regression/regression.cc @@ -15,7 +15,11 @@ #include +#ifndef WIN32 #include +#else +#include +#endif #include #include @@ -60,13 +64,11 @@ bool contains(const std::string &s, const std::string &pattern) { void clearAuditLog(const std::string &filename) { if (!filename.empty()) { - std::ifstream file; - file.open(filename.c_str(), std::ifstream::out | std::ifstream::trunc); + std::ofstream file{filename.c_str(), std::ofstream::out | std::ofstream::trunc}; if (!file.is_open() || file.fail()) { std::cout << std::endl << "Failed to clear previous contents of audit log: " \ << filename << std::endl; } - file.close(); } } std::string getAuditLogContent(const std::string &filename) { @@ -307,6 +309,10 @@ void perform_unit_test(ModSecurityTest *test, modsec_transaction->processConnection(t->clientIp.c_str(), t->clientPort, t->serverIp.c_str(), t->serverPort); + if (t->hostname != "") { + modsec_transaction->setRequestHostName(t->hostname); + } + actions(&r, modsec_transaction, &serverLog); #if 0 if (r.status != 200) { @@ -474,9 +480,14 @@ int main(int argc, char **argv) { ModSecurityTest test; std::string ver(MODSECURITY_VERSION); - std::string envvar("MODSECURITY=ModSecurity " + ver + " regression tests"); + std::string envvar("ModSecurity " + ver + " regression tests"); + +#ifndef WIN32 + setenv("MODSECURITY", envvar.c_str(), 1); +#else + _putenv_s("MODSECURITY", envvar.c_str()); +#endif - putenv(strdup(envvar.c_str())); #ifndef NO_LOGS int test_number = 0; #endif @@ -484,15 +495,12 @@ int main(int argc, char **argv) { #if defined(WITH_GEOIP) or defined(WITH_MAXMIND) resources.push_back("geoip-or-maxmind"); #endif - #if defined(WITH_MAXMIND) resources.push_back("maxmind"); #endif - #if defined(WITH_GEOIP) resources.push_back("geoip"); #endif - #ifdef WITH_CURL resources.push_back("curl"); #endif @@ -502,10 +510,14 @@ int main(int argc, char **argv) { #ifdef WITH_LUA resources.push_back("lua"); #endif +#ifdef WITH_LIBXML2 + resources.push_back("libxml2"); +#endif #ifdef NO_LOGS std::cout << "Test utility cannot work without logging support." \ << std::endl; + return 0; #else test.cmd_options(argc, argv); if (!test.m_automake_output && !test.m_count_all) { @@ -605,6 +617,6 @@ int main(int argc, char **argv) { delete vec; } + return failed; #endif - return 0; } diff --git a/src/deps/src/modsecurity/test/regression/regression_test.cc b/src/deps/src/modsecurity/test/regression/regression_test.cc index 1580a0257f..01ad2aacc9 100644 --- a/src/deps/src/modsecurity/test/regression/regression_test.cc +++ b/src/deps/src/modsecurity/test/regression/regression_test.cc @@ -134,6 +134,9 @@ RegressionTest *RegressionTest::from_yajl_node(const yajl_val &node) { if (strcmp(key2, "port") == 0) { u->serverPort = YAJL_GET_INTEGER(val2); } + if (strcmp(key2, "hostname") == 0) { + u->hostname = YAJL_GET_STRING(val2); + } } } if (strcmp(key, "request") == 0) { diff --git a/src/deps/src/modsecurity/test/regression/regression_test.h b/src/deps/src/modsecurity/test/regression/regression_test.h index 5ed93b86f9..eb37986723 100644 --- a/src/deps/src/modsecurity/test/regression/regression_test.h +++ b/src/deps/src/modsecurity/test/regression/regression_test.h @@ -61,6 +61,7 @@ class RegressionTest { std::string serverIp; int clientPort; int serverPort; + std::string hostname; std::string method; std::string httpVersion; diff --git a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_request_body_processor.json b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_request_body_processor.json index d36a79e0fc..d2b6bd7da0 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_request_body_processor.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_request_body_processor.json @@ -2,6 +2,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing CtlRequestBodyProcessor=XML (1)", "expected":{ "debug_log": "Registered XML namespace href \"http://schemas.xmlsoap.org/soap/envelope/\" prefix \"soap\"" @@ -71,6 +72,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing CtlRequestBodyProcessor=XML (2)", "expected":{ "debug_log": "Rule returned 0" @@ -139,6 +141,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing CtlRequestBodyProcessor=XML (3)", "expected":{ "debug_log": "XML: Failed parsing document." diff --git a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_id.json b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_id.json index 77fb157798..ba89561d57 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_id.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_id.json @@ -18,7 +18,7 @@ "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, - "uri":"/wp-login.php?whee&pwd=lhebs", + "uri":"/wp-login.php?whee=something&pwd=lhebs", "method":"GET", "body": [ ] }, @@ -28,7 +28,7 @@ }, "rules":[ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=1\"", - "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS'\"" + "SecRule ARGS_NAMES \"@contains whee\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS'\"" ] }, { @@ -36,7 +36,7 @@ "version_min":300000, "title":"Testing CtlRuleRemoteById (2)", "expected":{ - "debug_log": "Target value: .*Variable: ARGS:pwd" + "debug_log": "Target value: .*Variable: ARGS_NAMES:whee" }, "client":{ "ip":"200.249.12.31", @@ -50,7 +50,7 @@ "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, - "uri":"/wp-login.php?whee&pwd=lhebs", + "uri":"/wp-login.php?whee=something&pwd=lhebs", "method":"GET", "body": [ ] }, @@ -60,7 +60,7 @@ }, "rules":[ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=123\"", - "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" + "SecRule ARGS_NAMES \"@contains whee\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" ] } ] diff --git a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_tag.json b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_tag.json index eea1c3b11d..6cf2923d58 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_tag.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_by_tag.json @@ -34,7 +34,7 @@ "debug_log":"Skipped rule id '2'. Skipped due to a ruleRemoveByTag action." }, "rules":[ - "SecRule ARGS:key \".\" \"id:4,ctl:ruleRemoveByTag=tag123", + "SecRule ARGS:key \".\" \"id:4,ctl:ruleRemoveByTag=tag123\"", "SecRule ARGS \"@contains test1\" \"id:1,pass,t:trim\"", "SecRule ARGS \"@contains test2\" \"id:2,pass,t:trim,tag:tag123\"", "SecRule ARGS \"@contains test3\" \"id:3,pass,t:trim\"" diff --git a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json index 142ac6230e..68f09385d2 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json @@ -37,7 +37,7 @@ "version_min":300000, "title":"Testing CtlRuleRemoveTargetById (2)", "expected":{ - "debug_log": "Target value: .*Variable: ARGS:pwd" + "debug_log": "Target value: .*Variable: ARGS_NAMES:whee" }, "client":{ "ip":"200.249.12.31", @@ -51,7 +51,7 @@ "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, - "uri":"/wp-login.php?whee&pwd=lhebs", + "uri":"/wp-login.php?whee=something&pwd=lhebs", "method":"GET", "body": [ ] }, @@ -61,7 +61,7 @@ }, "rules":[ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=123;ARGS:pwd\"", - "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" + "SecRule ARGS_NAMES \"@contains whee\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" ] }, { @@ -83,7 +83,7 @@ "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, - "uri":"/wp-login.php?whee&pwd=lhebs", + "uri":"/wp-login.php?whee=something&pwd=lhebs", "method":"GET", "body": [ ] }, diff --git a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json index 027a078dc8..fc696a5cb0 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json @@ -37,7 +37,7 @@ "version_min":300000, "title":"Testing CtlRuleRemoteTargetByTag (2)", "expected":{ - "debug_log": "Target value: .*Variable: ARGS:pwd" + "debug_log": "Target value: .*Variable: ARGS_NAMES:pwd" }, "client":{ "ip":"200.249.12.31", @@ -61,7 +61,7 @@ }, "rules":[ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd\"", - "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" + "SecRule ARGS_NAMES \"@contains pwd\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" ] }, { @@ -69,7 +69,7 @@ "version_min":300000, "title":"Testing CtlRuleRemoteTargetByTag (3)", "expected":{ - "debug_log": "Target value: .*Variable: ARGS:pwd" + "debug_log": "Target value: .*Variable: ARGS_NAMES:whee" }, "client":{ "ip":"200.249.12.31", @@ -83,7 +83,7 @@ "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, - "uri":"/wp-login.php?whee&pwd=lhebs", + "uri":"/wp-login.php?whee=something&pwd=lhebs", "method":"GET", "body": [ ] }, @@ -93,7 +93,7 @@ }, "rules":[ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=CRS;ARGS\"", - "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" + "SecRule ARGS_NAMES \"@contains whee\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" ] } ] diff --git a/src/deps/src/modsecurity/test/test-cases/regression/action-xmlns.json b/src/deps/src/modsecurity/test/test-cases/regression/action-xmlns.json index f85a1d2273..df612f20c3 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/action-xmlns.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/action-xmlns.json @@ -38,6 +38,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser (validate ok)", "expected":{ "debug_log": "Target value: \"39.95\" \\(Variable: XML:\/bookstore\/book\/price\\[text\\(\\)\\]\\)" diff --git a/src/deps/src/modsecurity/test/test-cases/regression/config-body_limits.json b/src/deps/src/modsecurity/test/test-cases/regression/config-body_limits.json index ebc047db56..c7ce75f949 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/config-body_limits.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/config-body_limits.json @@ -578,6 +578,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"SecRequestBodyNoFilesLimit - xml, limit exceeded", "client":{ "ip":"200.249.12.31", @@ -626,6 +627,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"SecRequestBodyNoFilesLimit - xml, limit not exceeded", "client":{ "ip":"200.249.12.31", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/config-secremoterules.json b/src/deps/src/modsecurity/test/test-cases/regression/config-secremoterules.json index 017245c1fe..1ba3fd4b09 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/config-secremoterules.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/config-secremoterules.json @@ -46,7 +46,7 @@ "version_min":300000, "title":"Include remote rules - failed download (Abort)", "expected":{ - "parser_error": "Failed to download: HTTP response code said error" + "parser_error": "Failed to download" }, "rules":[ "SecRuleEngine On", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/config-xml_external_entity.json b/src/deps/src/modsecurity/test/test-cases/regression/config-xml_external_entity.json index fa0b405fa7..1f5cf098dc 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/config-xml_external_entity.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/config-xml_external_entity.json @@ -2,6 +2,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing SecXMLExternalEntity/XXE 1", "expected":{ "debug_log": "Target value: \" jo smith\"" @@ -47,6 +48,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing SecXMLExternalEntity/XXE 2", "expected":{ "debug_log": "XML: Failed to load DTD: test-cases/data/SoapEnvelope.dtd", @@ -94,6 +96,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing SecXMLExternalEntity/XXE 3", "expected":{ "debug_log": "XML Error: No declaration for element bookstore", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/fn-setHostname.json b/src/deps/src/modsecurity/test/test-cases/regression/fn-setHostname.json new file mode 100644 index 0000000000..59c5b52e8f --- /dev/null +++ b/src/deps/src/modsecurity/test/test-cases/regression/fn-setHostname.json @@ -0,0 +1,41 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing function :: setRequestHostName", + "client": { + "ip":"200.249.12.31" + }, + "server":{ + "ip":"200.249.12.31", + "port":80, + "hostname":"modsecurity.org" + }, + "request": { + "headers": { + "Host":"www.modsecurity.org" + }, + "uri":"/foo?q=attack", + "http_version": 1.1 + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/plain" + }, + "body":[ + "denystring" + ] + }, + "expected":{ + "http_code": 403, + "debug_log": "[hostname: \"modsecurity.org\"]" + }, + "rules":[ + "SecRuleEngine On", + "SecResponseBodyAccess On", + "SecRule ARGS_GET \"@contains attack\" \"id:1,phase:2,deny\"" + ] + } +] diff --git a/src/deps/src/modsecurity/test/test-cases/regression/issue-1850.json b/src/deps/src/modsecurity/test/test-cases/regression/issue-1850.json index 3057537a5e..75ac2bc5f6 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/issue-1850.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/issue-1850.json @@ -44,7 +44,7 @@ "rules": [ "SecRuleEngine On", "SecDefaultAction \"phase:1,status:404,deny\"", - "SecRule REQUEST_URI \"@contains /\" \"id:2000001,phase:1,log,redirect:'http://1.1.1.1/failed.html',t:none,msg:\"Unauthorized administrator request'\"" + "SecRule REQUEST_URI \"@contains /\" \"id:2000001,phase:1,log,redirect:'http://1.1.1.1/failed.html',t:none,msg:'Unauthorized administrator request'\"" ] } ] diff --git a/src/deps/src/modsecurity/test/test-cases/regression/misc-variable-under-quotes.json b/src/deps/src/modsecurity/test/test-cases/regression/misc-variable-under-quotes.json index 5310f61e8c..c455b69dec 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/misc-variable-under-quotes.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/misc-variable-under-quotes.json @@ -34,7 +34,7 @@ "debug_log":"t:lowercase:" }, "rules":[ - "SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\"" + "SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,phase:1,t:lowercase,ctl:auditLogParts=+E\"" ] }, { diff --git a/src/deps/src/modsecurity/test/test-cases/regression/offset-variable.json b/src/deps/src/modsecurity/test/test-cases/regression/offset-variable.json index 9aa5120c2c..7ffe9299ba 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/offset-variable.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/offset-variable.json @@ -215,7 +215,6 @@ ] }, "expected":{ - // should not match }, "rules":[ "SecRequestBodyAccess On", @@ -248,7 +247,6 @@ ] }, "expected":{ - // should not match }, "rules":[ "SecRequestBodyAccess On", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/operator-pm.json b/src/deps/src/modsecurity/test/test-cases/regression/operator-pm.json index 4f94d6ea0c..2261ebe923 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/operator-pm.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/operator-pm.json @@ -3,7 +3,7 @@ "enabled": 1, "version_min": 300000, "version_max": 0, - "title": "pm operator test 1/4", + "title": "pm operator test 1/6", "client": { "ip": "200.249.12.31", "port": 2313 @@ -77,7 +77,7 @@ "enabled": 1, "version_min": 300000, "version_max": 0, - "title": "pm operater test 3/4", + "title": "pm operater test 3/6", "client": { "ip": "200.249.12.31", "port": 2313 @@ -114,7 +114,7 @@ "enabled": 1, "version_min": 300000, "version_max": 0, - "title": "pm operater test 4/4", + "title": "pm operater test 4/6", "client": { "ip": "200.249.12.31", "port": 2313 @@ -146,5 +146,79 @@ "SecRuleEngine On", "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\"" ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "pm operater test 5/6", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "net.tutsplus.com" + }, + "uri": "\/test.pl?param1=123", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "text\/xml; charset=utf-8\n\r", + "Content-Length": "length\n\r" + } + }, + "expected": { + "debug_log": "Rule returned 1", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecRule ARGS \"@pm 1 2 3\" \"phase:1,id:999,deny\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "pm operater test 6/6", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "net.tutsplus.com" + }, + "uri": "\/test.pl?param1=abc", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "text\/xml; charset=utf-8\n\r", + "Content-Length": "length\n\r" + } + }, + "expected": { + "debug_log": "Rule returned 0", + "http_code": 200 + }, + "rules": [ + "SecRuleEngine On", + "SecRule ARGS \"@pm 1 2 3\" \"phase:1,id:999,deny\"" + ] } ] diff --git a/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-multipart.json b/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-multipart.json index c922057378..4e25168e36 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-multipart.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-multipart.json @@ -3294,5 +3294,56 @@ "SecRequestBodyAccess On", "SecRule ARGS:namea \"@streq 111\" \"phase:2,deny,id:500096\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"multipart parser (invalid part header - contains invalid character)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"330", + "Content-Type":"multipart/form-data; boundary=a", + "Expect":"100-continue" + }, + "uri":"/", + "method":"POST", + "body":[ + "--a\r", + "\u000eContent-Disposition\u000e: form-data; name=\"file\"; filename=\"1.jsp\"\r", + "Content-Disposition: form-data; name=\"post\";\r", + "\r", + "<%out.print(123)%>\r", + "--a--\r" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code":403, + "debug_log":"Multipart: Invalid part header \\(contains invalid character\\)" + }, + "rules":[ + "SecruleEngine On", + "SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,status:403,id:500077\"" + ] } ] diff --git a/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml-validade-dtd.json b/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml-validade-dtd.json index c01c8c7522..db071aefae 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml-validade-dtd.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml-validade-dtd.json @@ -2,6 +2,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser - validateDTD (validate ok)", "expected":{ "debug_log": "XML: Successfully validated payload against DTD: test-cases/data/SoapEnvelope.dtd" @@ -47,6 +48,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser - validateDTD (validation failed)", "expected":{ "debug_log": "XML Error: No declaration for element xBody", @@ -93,6 +95,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser - validateDTD (bad XML)", "expected":{ "debug_log": "XML: DTD validation failed because content is not well formed", @@ -139,6 +142,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser - validateDTD (bad DTD)", "expected":{ "debug_log": "Failed to load DTD: test-cases/data/SoapEnvelope-bad.dtd", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml.json b/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml.json index 072912d411..9b07c2ca1d 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/request-body-parser-xml.json @@ -2,6 +2,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser (validate ok)", "expected":{ "debug_log": "XML: Successfully validated payload against Schema:" @@ -51,6 +52,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser (validate attribute value failed)", "expected":{ "debug_log": "'badval' is not a valid value of the local atomic type", @@ -101,6 +103,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser (validate failed)", "expected":{ "debug_log": "This element is not expected. Expected is one of", @@ -151,6 +154,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser (bad XML)", "expected":{ "debug_log": "XML Error: Element '{http://schemas.xmlsoap.org/soap/envelope/}xBody'", @@ -201,6 +205,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XML request body parser (bad schema)", "expected":{ "debug_log": "XML: Failed to load Schema: test-cases/data/SoapEnvelope-bad.xsd. XML Error: Failed to parse the XML resource 'test-cases/data/SoapEnvelope-bad.xsd", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/rule-920200.json b/src/deps/src/modsecurity/test/test-cases/regression/rule-920200.json index 8ace66cb68..64841f30c2 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/rule-920200.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/rule-920200.json @@ -18,7 +18,7 @@ "Accept-Language":"en-us,en;q=0.5", "Accept":"*/*", "Keep-Alive":"300", - "Range": "bytes=1-10,11-20,21-30,31-40,41-50,51-60" + "Range": "bytes=1-10,11-20,21-30,31-40,41-50,51-60" }, "uri":"/", "method":"GET" diff --git a/src/deps/src/modsecurity/test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json b/src/deps/src/modsecurity/test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json index e470362d02..8cc4a15735 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json @@ -2,6 +2,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing Variables :: REQBODY_PROCESSOR_ERROR_MSG (1/2)", "client":{ "ip":"200.249.12.31", diff --git a/src/deps/src/modsecurity/test/test-cases/regression/variable-XML.json b/src/deps/src/modsecurity/test/test-cases/regression/variable-XML.json index c5ca889c19..dda3822128 100644 --- a/src/deps/src/modsecurity/test/test-cases/regression/variable-XML.json +++ b/src/deps/src/modsecurity/test/test-cases/regression/variable-XML.json @@ -2,6 +2,7 @@ { "enabled":1, "version_min":300000, + "resource":"libxml2", "title":"Testing XPath expression with equals sign", "expected":{ "http_code": 403 diff --git a/src/deps/src/modsecurity/test/test-suite.in b/src/deps/src/modsecurity/test/test-suite.in new file mode 100644 index 0000000000..0feb361b79 --- /dev/null +++ b/src/deps/src/modsecurity/test/test-suite.in @@ -0,0 +1,256 @@ +# for i in `find test/test-cases -iname *.json`; do echo TESTS+=$i; done +TESTS+=test/test-cases/regression/action-allow.json +TESTS+=test/test-cases/regression/action-block.json +TESTS+=test/test-cases/regression/action-ctl_request_body_access.json +TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json +TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json +TESTS+=test/test-cases/regression/action-ctl_rule_engine.json +TESTS+=test/test-cases/regression/action-ctl_audit_engine.json +TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json +TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json +TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json +TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json +TESTS+=test/test-cases/regression/action-disruptive.json +TESTS+=test/test-cases/regression/action-exec.json +TESTS+=test/test-cases/regression/action-expirevar.json +TESTS+=test/test-cases/regression/action-id.json +TESTS+=test/test-cases/regression/action-initcol.json +TESTS+=test/test-cases/regression/action-msg.json +TESTS+=test/test-cases/regression/action-setenv.json +TESTS+=test/test-cases/regression/action-setrsc.json +TESTS+=test/test-cases/regression/action-setsid.json +TESTS+=test/test-cases/regression/action-setuid.json +TESTS+=test/test-cases/regression/actions.json +TESTS+=test/test-cases/regression/action-skip.json +TESTS+=test/test-cases/regression/action-tag.json +TESTS+=test/test-cases/regression/action-tnf-base64.json +TESTS+=test/test-cases/regression/action-xmlns.json +TESTS+=test/test-cases/regression/auditlog.json +TESTS+=test/test-cases/regression/collection-case-insensitive.json +TESTS+=test/test-cases/regression/collection-lua.json +TESTS+=test/test-cases/regression/collection-regular_expression_selection.json +TESTS+=test/test-cases/regression/collection-resource.json +TESTS+=test/test-cases/regression/collection-tx.json +TESTS+=test/test-cases/regression/collection-tx-with-macro.json +TESTS+=test/test-cases/regression/config-body_limits.json +TESTS+=test/test-cases/regression/config-calling_phases_by_name.json +TESTS+=test/test-cases/regression/config-include-bad.json +TESTS+=test/test-cases/regression/config-include.json +TESTS+=test/test-cases/regression/config-remove_by_id.json +TESTS+=test/test-cases/regression/config-remove_by_msg.json +TESTS+=test/test-cases/regression/config-remove_by_tag.json +TESTS+=test/test-cases/regression/config-response_type.json +TESTS+=test/test-cases/regression/config-secdefaultaction.json +TESTS+=test/test-cases/regression/config-secremoterules.json +TESTS+=test/test-cases/regression/config-update-action-by-id.json +TESTS+=test/test-cases/regression/config-update-target-by-id.json +TESTS+=test/test-cases/regression/config-update-target-by-msg.json +TESTS+=test/test-cases/regression/config-update-target-by-tag.json +TESTS+=test/test-cases/regression/config-xml_external_entity.json +TESTS+=test/test-cases/regression/debug_log.json +TESTS+=test/test-cases/regression/directive-sec_rule_script.json +TESTS+=test/test-cases/regression/fn-setHostname.json +TESTS+=test/test-cases/regression/issue-1152.json +TESTS+=test/test-cases/regression/issue-1528.json +TESTS+=test/test-cases/regression/issue-1565.json +TESTS+=test/test-cases/regression/issue-1576.json +TESTS+=test/test-cases/regression/issue-1591.json +TESTS+=test/test-cases/regression/issue-1725.json +TESTS+=test/test-cases/regression/issue-1743.json +TESTS+=test/test-cases/regression/issue-1785.json +TESTS+=test/test-cases/regression/issue-1812.json +TESTS+=test/test-cases/regression/issue-1831.json +TESTS+=test/test-cases/regression/issue-1844.json +TESTS+=test/test-cases/regression/issue-1850.json +TESTS+=test/test-cases/regression/issue-1941.json +TESTS+=test/test-cases/regression/issue-1943.json +TESTS+=test/test-cases/regression/issue-1956.json +TESTS+=test/test-cases/regression/issue-1960.json +TESTS+=test/test-cases/regression/issue-2099.json +TESTS+=test/test-cases/regression/issue-2000.json +TESTS+=test/test-cases/regression/issue-2111.json +TESTS+=test/test-cases/regression/issue-2196.json +TESTS+=test/test-cases/regression/issue-2423-msg-in-chain.json +TESTS+=test/test-cases/regression/issue-2427.json +TESTS+=test/test-cases/regression/issue-2296.json +TESTS+=test/test-cases/regression/issue-394.json +TESTS+=test/test-cases/regression/issue-849.json +TESTS+=test/test-cases/regression/issue-960.json +TESTS+=test/test-cases/regression/misc.json +TESTS+=test/test-cases/regression/misc-variable-under-quotes.json +TESTS+=test/test-cases/regression/offset-variable.json +TESTS+=test/test-cases/regression/operator-detectsqli.json +TESTS+=test/test-cases/regression/operator-detectxss.json +TESTS+=test/test-cases/regression/operator-fuzzyhash.json +TESTS+=test/test-cases/regression/operator-inpectFile.json +TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json +TESTS+=test/test-cases/regression/operator-pm.json +TESTS+=test/test-cases/regression/operator-rx.json +TESTS+=test/test-cases/regression/operator-rxGlobal.json +TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json +TESTS+=test/test-cases/regression/operator-validate-byte-range.json +TESTS+=test/test-cases/regression/operator-verifycc.json +TESTS+=test/test-cases/regression/operator-verifycpf.json +TESTS+=test/test-cases/regression/operator-verifyssn.json +TESTS+=test/test-cases/regression/operator-verifysvnr.json +TESTS+=test/test-cases/regression/request-body-parser-json.json +TESTS+=test/test-cases/regression/request-body-parser-multipart-crlf.json +TESTS+=test/test-cases/regression/request-body-parser-multipart.json +TESTS+=test/test-cases/regression/request-body-parser-xml.json +TESTS+=test/test-cases/regression/request-body-parser-xml-validade-dtd.json +TESTS+=test/test-cases/regression/rule-920120.json +TESTS+=test/test-cases/regression/rule-920200.json +TESTS+=test/test-cases/regression/rule-920274.json +TESTS+=test/test-cases/regression/secaction.json +TESTS+=test/test-cases/regression/secargumentslimit.json +TESTS+=test/test-cases/regression/sec_component_signature.json +TESTS+=test/test-cases/regression/secmarker.json +TESTS+=test/test-cases/regression/secruleengine.json +TESTS+=test/test-cases/regression/transformation-none.json +TESTS+=test/test-cases/regression/transformations.json +TESTS+=test/test-cases/regression/variable-ARGS_COMBINED_SIZE.json +TESTS+=test/test-cases/regression/variable-ARGS_GET.json +TESTS+=test/test-cases/regression/variable-ARGS_GET_NAMES.json +TESTS+=test/test-cases/regression/variable-ARGS.json +TESTS+=test/test-cases/regression/variable-ARGS_NAMES.json +TESTS+=test/test-cases/regression/variable-ARGS_POST.json +TESTS+=test/test-cases/regression/variable-ARGS_POST_NAMES.json +TESTS+=test/test-cases/regression/variable-AUTH_TYPE.json +TESTS+=test/test-cases/regression/variable-DURATION.json +TESTS+=test/test-cases/regression/variable-ENV.json +TESTS+=test/test-cases/regression/variable-FILES_COMBINED_SIZE.json +TESTS+=test/test-cases/regression/variable-FILES.json +TESTS+=test/test-cases/regression/variable-FILES_NAMES.json +TESTS+=test/test-cases/regression/variable-FILES_SIZES.json +TESTS+=test/test-cases/regression/variable-FULL_REQUEST.json +TESTS+=test/test-cases/regression/variable-FULL_REQUEST_LENGTH.json +TESTS+=test/test-cases/regression/variable-GEO.json +TESTS+=test/test-cases/regression/variable-HIGHEST_SEVERITY.json +TESTS+=test/test-cases/regression/variable-INBOUND_DATA_ERROR.json +TESTS+=test/test-cases/regression/variable-MATCHED_VAR.json +TESTS+=test/test-cases/regression/variable-MATCHED_VAR_NAME.json +TESTS+=test/test-cases/regression/variable-MATCHED_VARS.json +TESTS+=test/test-cases/regression/variable-MATCHED_VARS_NAMES.json +TESTS+=test/test-cases/regression/variable-MODSEC_BUILD.json +TESTS+=test/test-cases/regression/variable-MULTIPART_CRLF_LF_LINES.json +TESTS+=test/test-cases/regression/variable-MULTIPART_FILENAME.json +TESTS+=test/test-cases/regression/variable-MULTIPART_INVALID_HEADER_FOLDING.json +TESTS+=test/test-cases/regression/variable-MULTIPART_NAME.json +TESTS+=test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json +TESTS+=test/test-cases/regression/variable-MULTIPART_STRICT_ERROR.json +TESTS+=test/test-cases/regression/variable-MULTIPART_UNMATCHED_BOUNDARY.json +TESTS+=test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json +TESTS+=test/test-cases/regression/variable-PATH_INFO.json +TESTS+=test/test-cases/regression/variable-QUERY_STRING.json +TESTS+=test/test-cases/regression/variable-REMOTE_ADDR.json +TESTS+=test/test-cases/regression/variable-REMOTE_HOST.json +TESTS+=test/test-cases/regression/variable-REMOTE_PORT.json +TESTS+=test/test-cases/regression/variable-REMOTE_USER.json +TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json +TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR.json +TESTS+=test/test-cases/regression/variable-REQUEST_BASENAME.json +TESTS+=test/test-cases/regression/variable-REQUEST_BODY.json +TESTS+=test/test-cases/regression/variable-REQUEST_BODY_LENGTH.json +TESTS+=test/test-cases/regression/variable-REQUEST_COOKIES.json +TESTS+=test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json +TESTS+=test/test-cases/regression/variable-REQUEST_FILENAME.json +TESTS+=test/test-cases/regression/variable-REQUEST_HEADERS.json +TESTS+=test/test-cases/regression/variable-REQUEST_HEADERS_NAMES.json +TESTS+=test/test-cases/regression/variable-REQUEST_LINE.json +TESTS+=test/test-cases/regression/variable-REQUEST_METHOD.json +TESTS+=test/test-cases/regression/variable-REQUEST_PROTOCOL.json +TESTS+=test/test-cases/regression/variable-REQUEST_URI.json +TESTS+=test/test-cases/regression/variable-REQUEST_URI_RAW.json +TESTS+=test/test-cases/regression/variable-RESPONSE_BODY.json +TESTS+=test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json +TESTS+=test/test-cases/regression/variable-RESPONSE_CONTENT_TYPE.json +TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json +TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS_NAMES.json +TESTS+=test/test-cases/regression/variable-RESPONSE_PROTOCOL.json +TESTS+=test/test-cases/regression/variable-RULE.json +TESTS+=test/test-cases/regression/variable-SERVER_ADDR.json +TESTS+=test/test-cases/regression/variable-SERVER_NAME.json +TESTS+=test/test-cases/regression/variable-SERVER_PORT.json +TESTS+=test/test-cases/regression/variable-SESSIONID.json +TESTS+=test/test-cases/regression/variable-STATUS.json +TESTS+=test/test-cases/regression/variable-TIME_DAY.json +TESTS+=test/test-cases/regression/variable-TIME_EPOCH.json +TESTS+=test/test-cases/regression/variable-TIME_HOUR.json +TESTS+=test/test-cases/regression/variable-TIME.json +TESTS+=test/test-cases/regression/variable-TIME_MIN.json +TESTS+=test/test-cases/regression/variable-TIME_MON.json +TESTS+=test/test-cases/regression/variable-TIME_SEC.json +TESTS+=test/test-cases/regression/variable-TIME_WDAY.json +TESTS+=test/test-cases/regression/variable-TIME_YEAR.json +TESTS+=test/test-cases/regression/variable-TX.json +TESTS+=test/test-cases/regression/variable-UNIQUE_ID.json +TESTS+=test/test-cases/regression/variable-URLENCODED_ERROR.json +TESTS+=test/test-cases/regression/variable-USERID.json +TESTS+=test/test-cases/regression/variable-variation-count.json +TESTS+=test/test-cases/regression/variable-variation-exclusion.json +TESTS+=test/test-cases/regression/variable-WEBAPPID.json +TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json +TESTS+=test/test-cases/regression/variable-XML.json +TESTS+=test/test-cases/secrules-language-tests/operators/beginsWith.json +TESTS+=test/test-cases/secrules-language-tests/operators/contains.json +TESTS+=test/test-cases/secrules-language-tests/operators/containsWord.json +TESTS+=test/test-cases/secrules-language-tests/operators/detectSQLi.json +TESTS+=test/test-cases/secrules-language-tests/operators/detectXSS.json +TESTS+=test/test-cases/secrules-language-tests/operators/endsWith.json +TESTS+=test/test-cases/secrules-language-tests/operators/eq.json +TESTS+=test/test-cases/secrules-language-tests/operators/ge.json +TESTS+=test/test-cases/secrules-language-tests/operators/geoLookup.json +TESTS+=test/test-cases/secrules-language-tests/operators/gt.json +TESTS+=test/test-cases/secrules-language-tests/operators/ipMatch.json +TESTS+=test/test-cases/secrules-language-tests/operators/le.json +TESTS+=test/test-cases/secrules-language-tests/operators/lt.json +TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json +TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json +TESTS+=test/test-cases/secrules-language-tests/operators/pm.json +TESTS+=test/test-cases/secrules-language-tests/operators/rx.json +TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json +TESTS+=test/test-cases/secrules-language-tests/operators/streq.json +TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json +TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json +TESTS+=test/test-cases/secrules-language-tests/operators/validateByteRange.json +TESTS+=test/test-cases/secrules-language-tests/operators/validateUrlEncoding.json +TESTS+=test/test-cases/secrules-language-tests/operators/validateUtf8Encoding.json +TESTS+=test/test-cases/secrules-language-tests/operators/verifyCC.json +TESTS+=test/test-cases/secrules-language-tests/operators/verifycpf.json +TESTS+=test/test-cases/secrules-language-tests/operators/verifyssn.json +TESTS+=test/test-cases/secrules-language-tests/operators/verifysvnr.json +TESTS+=test/test-cases/secrules-language-tests/operators/within.json +TESTS+=test/test-cases/secrules-language-tests/transformations/base64DecodeExt.json +TESTS+=test/test-cases/secrules-language-tests/transformations/base64Decode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/base64Encode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/cmdLine.json +TESTS+=test/test-cases/secrules-language-tests/transformations/compressWhitespace.json +TESTS+=test/test-cases/secrules-language-tests/transformations/cssDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/escapeSeqDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/hexDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/hexEncode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/htmlEntityDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/jsDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/length.json +TESTS+=test/test-cases/secrules-language-tests/transformations/lowercase.json +TESTS+=test/test-cases/secrules-language-tests/transformations/md5.json +TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePath.json +TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePathWin.json +TESTS+=test/test-cases/secrules-language-tests/transformations/parityEven7bit.json +TESTS+=test/test-cases/secrules-language-tests/transformations/parityOdd7bit.json +TESTS+=test/test-cases/secrules-language-tests/transformations/parityZero7bit.json +TESTS+=test/test-cases/secrules-language-tests/transformations/removeCommentsChar.json +TESTS+=test/test-cases/secrules-language-tests/transformations/removeComments.json +TESTS+=test/test-cases/secrules-language-tests/transformations/removeNulls.json +TESTS+=test/test-cases/secrules-language-tests/transformations/removeWhitespace.json +TESTS+=test/test-cases/secrules-language-tests/transformations/replaceComments.json +TESTS+=test/test-cases/secrules-language-tests/transformations/replaceNulls.json +TESTS+=test/test-cases/secrules-language-tests/transformations/sha1.json +TESTS+=test/test-cases/secrules-language-tests/transformations/sqlHexDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/trim.json +TESTS+=test/test-cases/secrules-language-tests/transformations/trimLeft.json +TESTS+=test/test-cases/secrules-language-tests/transformations/trimRight.json +TESTS+=test/test-cases/secrules-language-tests/transformations/urlDecode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/urlDecodeUni.json +TESTS+=test/test-cases/secrules-language-tests/transformations/urlEncode.json +TESTS+=test/test-cases/secrules-language-tests/transformations/utf8toUnicode.json diff --git a/src/deps/src/modsecurity/test/test-suite.sh b/src/deps/src/modsecurity/test/test-suite.sh index ce03c244e1..20262239d7 100755 --- a/src/deps/src/modsecurity/test/test-suite.sh +++ b/src/deps/src/modsecurity/test/test-suite.sh @@ -13,7 +13,7 @@ then AMOUNT=$(./regression_tests countall ../$FILE) RET=$? if [ $RET -ne 0 ]; then - echo ":test-result: SKIP: json is not enabled. (regression/$RET) ../$FILE:$i" + echo ":test-result: SKIP: json is not enabled. (regression/$RET) ../$FILE" exit 0 fi @@ -30,10 +30,10 @@ else RET=$? if [ $RET -eq 127 ] then - echo ":test-result: SKIP: json is not enabled. (unit/$RET) ../$FILE:$i" + echo ":test-result: SKIP: json is not enabled. (unit/$RET) ../$FILE" elif [ $RET -ne 0 ] then - echo ":test-result: FAIL possible segfault: (unit/$RET) ../$FILE:$i" + echo ":test-result: FAIL possible segfault: (unit/$RET) ../$FILE" fi fi diff --git a/src/deps/src/modsecurity/test/unit/unit.cc b/src/deps/src/modsecurity/test/unit/unit.cc index 4d75ba94d1..5ebc9d3fe4 100644 --- a/src/deps/src/modsecurity/test/unit/unit.cc +++ b/src/deps/src/modsecurity/test/unit/unit.cc @@ -15,7 +15,9 @@ #include #include - +#include +#include +#include #include #include #include @@ -38,6 +40,7 @@ using modsecurity_test::UnitTest; +using modsecurity_test::UnitTestResult; using modsecurity_test::ModSecurityTest; using modsecurity_test::ModSecurityTestResults; using modsecurity::actions::transformations::Transformation; @@ -53,64 +56,151 @@ void print_help() { } -void perform_unit_test(ModSecurityTest *test, UnitTest *t, - ModSecurityTestResults* res) { - std::string error; +struct OperatorTest { + using ItemType = Operator; + + static ItemType* init(const UnitTest &t) { + auto op = Operator::instantiate(t.name, t.param); + assert(op != nullptr); + + std::string error; + op->init(t.filename, &error); + + return op; + } + + static UnitTestResult eval(ItemType &op, const UnitTest &t) { + return {op.evaluate(nullptr, nullptr, t.input, nullptr), {}}; + } + + static bool check(const UnitTestResult &result, const UnitTest &t) { + return result.ret != t.ret; + } +}; + + +struct TransformationTest { + using ItemType = Transformation; + + static ItemType* init(const UnitTest &t) { + auto tfn = Transformation::instantiate("t:" + t.name); + assert(tfn != nullptr); + + return tfn; + } + + static UnitTestResult eval(const ItemType &tfn, const UnitTest &t) { + std::string ret = t.input; + tfn.transform(ret, nullptr); + return {1, ret}; + } + + static bool check(const UnitTestResult &result, const UnitTest &t) { + return result.output != t.output; + } +}; + + +template +UnitTestResult perform_unit_test_once(const UnitTest &t) { + std::unique_ptr item(TestType::init(t)); + assert(item.get() != nullptr); + + return TestType::eval(*item.get(), t); +} + + +template +UnitTestResult perform_unit_test_multithreaded(const UnitTest &t) { + + constexpr auto NUM_THREADS = 50; + constexpr auto ITERATIONS = 5'000; + + std::array threads; + std::array results; + + std::unique_ptr item(TestType::init(t)); + assert(item.get() != nullptr); + + for (auto i = 0; i != threads.size(); ++i) + { + auto &result = results[i]; + threads[i] = std::thread( + [&item, &t, &result]() + { + for (auto j = 0; j != ITERATIONS; ++j) + result = TestType::eval(*item.get(), t); + }); + } + + UnitTestResult ret; + + for (auto i = 0; i != threads.size(); ++i) + { + threads[i].join(); + if (TestType::check(results[i], t)) + ret = results[i]; // error value, keep iterating to join all threads + else if(i == 0) + ret = results[i]; // initial value + } + + return ret; // cppcheck-suppress uninitvar ; false positive, ret assigned at least once in previous loop +} + + +template +void perform_unit_test_helper(const ModSecurityTest &test, UnitTest &t, + ModSecurityTestResults &res) { + + if (!test.m_test_multithreaded) + t.result = perform_unit_test_once(t); + else + t.result = perform_unit_test_multithreaded(t); + + if (TestType::check(t.result, t)) { + res.push_back(&t); + if (test.m_automake_output) { + std::cout << "FAIL "; + } + } else if (test.m_automake_output) { + std::cout << "PASS "; + } +} + + +void perform_unit_test(const ModSecurityTest &test, UnitTest &t, + ModSecurityTestResults &res) { bool found = true; - if (test->m_automake_output) { + if (test.m_automake_output) { std::cout << ":test-result: "; } - if (t->resource.empty() == false) { - found = (std::find(resources.begin(), resources.end(), t->resource) - != resources.end()); + if (t.resource.empty() == false) { + found = std::find(resources.begin(), resources.end(), t.resource) + != resources.end(); } if (!found) { - t->skipped = true; - res->push_back(t); - if (test->m_automake_output) { + t.skipped = true; + res.push_back(&t); + if (test.m_automake_output) { std::cout << "SKIP "; } } - if (t->type == "op") { - Operator *op = Operator::instantiate(t->name, t->param); - op->init(t->filename, &error); - int ret = op->evaluate(NULL, NULL, t->input, NULL); - t->obtained = ret; - if (ret != t->ret) { - res->push_back(t); - if (test->m_automake_output) { - std::cout << "FAIL "; - } - } else if (test->m_automake_output) { - std::cout << "PASS "; - } - delete op; - } else if (t->type == "tfn") { - Transformation *tfn = Transformation::instantiate("t:" + t->name); - std::string ret = tfn->evaluate(t->input, NULL); - t->obtained = 1; - t->obtainedOutput = ret; - if (ret != t->output) { - res->push_back(t); - if (test->m_automake_output) { - std::cout << "FAIL "; - } - } else if (test->m_automake_output) { - std::cout << "PASS "; - } - delete tfn; + if (t.type == "op") { + perform_unit_test_helper(test, t, res); + } else if (t.type == "tfn") { + perform_unit_test_helper(test, t, res); } else { - std::cerr << "Failed. Test type is unknown: << " << t->type; + std::cerr << "Failed. Test type is unknown: << " << t.type; std::cerr << std::endl; } - if (test->m_automake_output) { - std::cout << t->name << " " - << modsecurity::utils::string::toHexIfNeeded(t->input) + if (test.m_automake_output) { + std::cout << t.name << " " + << modsecurity::utils::string::toHexIfNeeded(t.input) << std::endl; } } @@ -151,17 +241,15 @@ int main(int argc, char **argv) { test.load_tests("test-cases/secrules-language-tests/transformations"); } - for (std::pair *> a : test) { - std::vector *tests = a.second; - + for (auto& [filename, tests] : test) { total += tests->size(); - for (UnitTest *t : *tests) { + for (auto t : *tests) { ModSecurityTestResults r; if (!test.m_automake_output) { - std::cout << " " << a.first << "...\t"; + std::cout << " " << filename << "...\t"; } - perform_unit_test(&test, t, &r); + perform_unit_test(test, *t, r); if (!test.m_automake_output) { int skp = 0; @@ -189,12 +277,16 @@ int main(int argc, char **argv) { if (!test.m_automake_output) { std::cout << "Total >> " << total << std::endl; - } - for (UnitTest *t : results) { - std::cout << t->print() << std::endl; + for (const auto t : results) { + std::cout << t->print() << std::endl; + } } + const int skp = std::count_if(results.cbegin(), results.cend(), [](const auto &i) + { return i->skipped; }); + const int failed = results.size() - skp; + if (!test.m_automake_output) { std::cout << std::endl; @@ -202,13 +294,7 @@ int main(int argc, char **argv) { if (results.size() == 0) { std::cout << KGRN << "All tests passed" << RESET << std::endl; } else { - int skp = 0; - for (const auto &i : results) { - if (i->skipped == true) { - skp++; - } - } - std::cout << KRED << results.size()-skp << " failed."; + std::cout << KRED << failed << " failed."; std::cout << RESET << std::endl; if (skp > 0) { std::cout << " " << std::to_string(skp) << " "; @@ -217,13 +303,12 @@ int main(int argc, char **argv) { } } - for (std::pair *> a : test) { - std::vector *vec = a.second; - for (int i = 0; i < vec->size(); i++) { - delete vec->at(i); - } + for (auto a : test) { + auto vec = a.second; + for(auto t : *vec) + delete t; delete vec; } -} - + return failed; +} diff --git a/src/deps/src/modsecurity/test/unit/unit_test.cc b/src/deps/src/modsecurity/test/unit/unit_test.cc index d15533a3cc..b00607325c 100644 --- a/src/deps/src/modsecurity/test/unit/unit_test.cc +++ b/src/deps/src/modsecurity/test/unit/unit_test.cc @@ -30,20 +30,6 @@ namespace modsecurity_test { -std::string string_to_hex(const std::string& input) { - static const char* const lut = "0123456789ABCDEF"; - size_t len = input.length(); - - std::string output; - output.reserve(2 * len); - for (size_t i = 0; i < len; ++i) { - const unsigned char c = input[i]; - output.push_back(lut[c >> 4]); - output.push_back(lut[c & 15]); - } - return output; -} - void replaceAll(std::string *s, const std::string &search, const char replace) { for (size_t pos = 0; ; pos += 0) { @@ -102,15 +88,15 @@ std::string UnitTest::print() { i << " \"param\": \"" << this->param << "\"" << std::endl; i << " \"output\": \"" << this->output << "\"" << std::endl; i << "}" << std::endl; - if (this->ret != this->obtained) { + if (this->ret != this->result.ret) { i << "Expecting: \"" << this->ret << "\" - returned: \""; - i << this->obtained << "\"" << std::endl; + i << this->result.ret << "\"" << std::endl; } - if (this->output != this->obtainedOutput) { + if (this->output != this->result.output) { i << "Expecting: \""; i << modsecurity::utils::string::toHexIfNeeded(this->output); i << "\" - returned: \""; - i << modsecurity::utils::string::toHexIfNeeded(this->obtainedOutput); + i << modsecurity::utils::string::toHexIfNeeded(this->result.output); i << "\""; i << std::endl; } diff --git a/src/deps/src/modsecurity/test/unit/unit_test.h b/src/deps/src/modsecurity/test/unit/unit_test.h index d200db5dbc..81d99d1424 100644 --- a/src/deps/src/modsecurity/test/unit/unit_test.h +++ b/src/deps/src/modsecurity/test/unit/unit_test.h @@ -25,6 +25,12 @@ namespace modsecurity_test { +class UnitTestResult { + public: + int ret; + std::string output; +}; + class UnitTest { public: static UnitTest *from_yajl_node(const yajl_val &); @@ -39,9 +45,8 @@ class UnitTest { std::string filename; std::string output; int ret; - int obtained; int skipped; - std::string obtainedOutput; + UnitTestResult result; }; } // namespace modsecurity_test diff --git a/src/deps/src/modsecurity/tools/rules-check/Makefile.am b/src/deps/src/modsecurity/tools/rules-check/Makefile.am index 615d9598ed..6f398fb222 100644 --- a/src/deps/src/modsecurity/tools/rules-check/Makefile.am +++ b/src/deps/src/modsecurity/tools/rules-check/Makefile.am @@ -28,7 +28,6 @@ modsec_rules_check_LDFLAGS = \ $(YAJL_LDFLAGS) modsec_rules_check_CPPFLAGS = \ - -std=c++11 \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ diff --git a/src/deps/src/modsecurity/tools/rules-check/rules-check.cc b/src/deps/src/modsecurity/tools/rules-check/rules-check.cc index f59439ee9f..f63d7aa1e9 100644 --- a/src/deps/src/modsecurity/tools/rules-check/rules-check.cc +++ b/src/deps/src/modsecurity/tools/rules-check/rules-check.cc @@ -15,7 +15,11 @@ #include #include +#ifndef WIN32 #include +#else +#include +#endif #include #include @@ -32,9 +36,8 @@ void print_help(const char *name) { int main(int argc, char **argv) { - modsecurity::RulesSet *rules; + auto rules = std::make_unique(); char **args = argv; - rules = new modsecurity::RulesSet(); int ret = 0; args++; @@ -46,41 +49,26 @@ int main(int argc, char **argv) { while (*args != NULL) { struct stat buffer; - std::string argFull(""); - const char *arg = *args; + std::string arg = *args; std::string err; int r; - if (argFull.empty() == false) { - if (arg[strlen(arg)-1] == '\"') { - argFull.append(arg, strlen(arg)-1); - goto next; - } else { - argFull.append(arg); - goto next; - } - } - - if (arg[0] == '\"' && argFull.empty() == true) { - if (arg[strlen(arg)-1] == '\"') { - argFull.append(arg+1, strlen(arg) - 2); - } else { - argFull.append(arg+1); - goto next; - } - } + // strip arg from leading and trailing '"' chars + arg.erase(arg.find_last_not_of('\"')+1); + arg.erase(0, arg.find_first_not_of('\"')); - if (argFull.empty() == false) { - arg = strdup(argFull.c_str()); - argFull.clear(); + if (arg.empty() == true) { + args++; + continue; } std::cout << " : " << arg << " -- "; - if (stat(arg, &buffer) == 0) { - r = rules->loadFromUri(arg); + if (stat(arg.c_str(), &buffer) == 0) { + r = rules->loadFromUri(arg.c_str()); } else { - r = rules->load(arg); + r = rules->load(arg.c_str()); } + if (r < 0) { err.assign(rules->m_parserError.str()); rules->m_parserError.str(""); @@ -91,12 +79,10 @@ int main(int argc, char **argv) { if (err.empty() == false) { std::cerr << " " << err << std::endl; } -next: + args++; } - delete rules; - if (ret < 0) { std::cout << "Test failed." << std::endl; } else { diff --git a/src/deps/src/modsecurity/vcbuild.bat b/src/deps/src/modsecurity/vcbuild.bat new file mode 100644 index 0000000000..b24572abae --- /dev/null +++ b/src/deps/src/modsecurity/vcbuild.bat @@ -0,0 +1,28 @@ +@rem For Windows build information, see build\win32\README.md + +@echo off +pushd %CD% + +if not "%1"=="" (set build_type=%1) else (set build_type=Release) +echo Build type: %build_type% + +if not "%2"=="" (set arch=%2) else (set arch=x86_64) +echo Arch: %arch% + +if "%3"=="USE_ASAN" ( + echo Address Sanitizer: Enabled + set CI_ASAN=-c tools.build:cxxflags="[""/fsanitize=address""]" + set ASAN_FLAG=ON +) else ( + echo Address Sanitizer: Disabled + set CI_ASAN= + set ASAN_FLAG=OFF +) + +cd build\win32 +conan install . -s compiler.cppstd=17 %CI_ASAN% --output-folder=build --build=missing --settings=build_type=%build_type% --settings=arch=%arch% +cd build +cmake --fresh .. -G "Visual Studio 17 2022" -DCMAKE_TOOLCHAIN_FILE=conan_toolchain.cmake -DUSE_ASAN=%ASAN_FLAG% %4 %5 %6 %7 %8 %9 +cmake --build . --config %build_type% + +popd