From 4fb22466a0c31ea01570887ef21eb4abdf5deb9c Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 07:32:13 +0000 Subject: [PATCH 1/8] Cleanup: Remove useless/nonfunctional AM_CONDITIONAL macros - Deleted AM_CONDITIONAL macros from configure.ac that had no functional impact on the build system. --- configure.ac | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac index 11cef0b67e..91b8d59afa 100644 --- a/configure.ac +++ b/configure.ac @@ -109,24 +109,19 @@ AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""]) # Check for LibGeoIP PROG_GEOIP -AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""]) # Check for MaxMind PROG_MAXMIND -AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""]) # Check for LMDB PROG_LMDB -AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""]) # Check for SSDEEP CHECK_SSDEEP -AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""]) # Check for LUA CHECK_LUA -AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""]) # @@ -155,7 +150,6 @@ CHECK_PCRE # Check for pcre2 # PROG_PCRE2 -AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""]) # Checks for header files. From c6433df7b21d5c7d4f027eda916ecbe3efc94b51 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 10:16:14 +0000 Subject: [PATCH 2/8] Refactor build system to use libpcre2 as the default Updated the build system and related source files to use libpcre2 as the default regex library instead of the deprecated libpcre. This change ensures future compatibility and aligns with the library's maintenance status. To build with the old libpcre, the `--with-pcre` configuration parameter can be specified. --- .github/workflows/ci.yml | 4 ++-- build/pcre.m4 | 5 +++-- build/pcre2.m4 | 25 ++++++++++--------------- configure.ac | 17 +++++++++-------- src/operators/verify_cc.cc | 12 ++++++------ src/operators/verify_cc.h | 6 +++--- src/utils/regex.cc | 32 ++++++++++++++++---------------- src/utils/regex.h | 4 ++-- 8 files changed, 51 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2fe0010a0b..65984320cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } exclude: - platform: {label: "x32"} configure: {label: "wo geoip"} @@ -88,7 +88,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } steps: - name: Setup Dependencies # curl, pcre2 not installed because they're already diff --git a/build/pcre.m4 b/build/pcre.m4 index 4d9912327b..5c3ea989e5 100644 --- a/build/pcre.m4 +++ b/build/pcre.m4 @@ -21,8 +21,8 @@ AC_ARG_WITH( [test_paths="${with_pcre}"], [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"]) -if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then - AC_MSG_NOTICE([pcre2 specified; omitting check for pcre]) +if test "x${with_pcre}" == "x" && test "x${with_pcre}" != "xno"; then + AC_MSG_NOTICE([Support for pcre not requested; omitting check for pcre]) else AC_MSG_CHECKING([for libpcre config script]) @@ -106,6 +106,7 @@ else LIBS=$save_LIBS fi + PCRE_CFLAGS="-DWITH_PCRE$ {PCRE_CFLAGS}" AC_SUBST(PCRE_CONFIG) AC_SUBST(PCRE_VERSION) AC_SUBST(PCRE_CPPFLAGS) diff --git a/build/pcre2.m4 b/build/pcre2.m4 index 2d0814ace7..bd28c7df1e 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -91,21 +91,16 @@ if test -z "${PCRE2_LDADD}"; then PCRE2_FOUND=-1 fi else - if test -z "${PCRE2_MANDATORY}"; then - PCRE2_FOUND=2 - AC_MSG_NOTICE([PCRE2 is disabled by default.]) - else - PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) - PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}" - PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" - AC_SUBST(PCRE2_VERSION) - AC_SUBST(PCRE2_LDADD) - AC_SUBST(PCRE2_LIBS) - AC_SUBST(PCRE2_LDFLAGS) - AC_SUBST(PCRE2_CFLAGS) - AC_SUBST(PCRE2_DISPLAY) - fi + PCRE2_FOUND=1 + AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) + PCRE2_CFLAGS="${PCRE2_CFLAGS}" + PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_SUBST(PCRE2_VERSION) + AC_SUBST(PCRE2_LDADD) + AC_SUBST(PCRE2_LIBS) + AC_SUBST(PCRE2_LDFLAGS) + AC_SUBST(PCRE2_CFLAGS) + AC_SUBST(PCRE2_DISPLAY) fi diff --git a/configure.ac b/configure.ac index 91b8d59afa..0bce513541 100644 --- a/configure.ac +++ b/configure.ac @@ -141,15 +141,16 @@ CHECK_LIBXML2 # -# Check for libpcre +# Check for libpcre only if explicitly requested # -CHECK_PCRE - - -# -# Check for pcre2 -# -PROG_PCRE2 +if test "x${with_pcre}" != "x" && test "x${with_pcre}" != "xno"; then + CHECK_PCRE +else + # + # Check for pcre2 + # + PROG_PCRE2 +fi # Checks for header files. diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 66f2e91178..4f19778355 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -21,7 +21,7 @@ #include "src/operators/operator.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT #define pcre_study_opt PCRE_STUDY_JIT_COMPILE #else @@ -34,7 +34,7 @@ namespace modsecurity { namespace operators { VerifyCC::~VerifyCC() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else if (m_pc != NULL) { @@ -94,7 +94,7 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { bool VerifyCC::init(const std::string ¶m2, std::string *error) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(m_param.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); int errornumber = 0; @@ -136,7 +136,7 @@ bool VerifyCC::init(const std::string ¶m2, std::string *error) { bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, const std::string& i, RuleMessage &ruleMessage) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SIZE offset = 0; size_t target_length = i.length(); PCRE2_SPTR pcre2_i = reinterpret_cast(i.c_str()); @@ -192,7 +192,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, "\" at " + i + ". [offset " + std::to_string(offset) + "]"); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return true; @@ -200,7 +200,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index 05d4cdec7e..ec1661fb5f 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -16,7 +16,7 @@ #ifndef SRC_OPERATORS_VERIFY_CC_H_ #define SRC_OPERATORS_VERIFY_CC_H_ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -38,7 +38,7 @@ class VerifyCC : public Operator { /** @ingroup ModSecurity_Operator */ explicit VerifyCC(std::unique_ptr param) : Operator("VerifyCC", std::move(param)), -#if WITH_PCRE2 +#ifndef WITH_PCRE m_pc(NULL), m_pcje(PCRE2_ERROR_JIT_BADOPTION) { } #else @@ -52,7 +52,7 @@ class VerifyCC : public Operator { RuleMessage &ruleMessage) override; bool init(const std::string ¶m, std::string *error) override; private: -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 731ffc9795..9d84c871e2 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -23,7 +23,7 @@ #include "src/utils/geo_lookup.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT // NOTE: Add PCRE_STUDY_EXTRA_NEEDED so studying always yields a pcre_extra strucure // and we can selectively override match limits using a copy of that structure at runtime. @@ -35,7 +35,7 @@ #endif #endif -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE class Pcre2MatchContextPtr { public: Pcre2MatchContextPtr() @@ -62,7 +62,7 @@ namespace Utils { // Helper function to tell us if the current config indicates CRLF is a valid newline sequence bool crlfIsNewline() { -#if WITH_PCRE2 +#ifndef WITH_PCRE uint32_t newline = 0; pcre2_config(PCRE2_CONFIG_NEWLINE, &newline); bool crlf_is_newline = @@ -89,7 +89,7 @@ bool crlfIsNewline() { Regex::Regex(const std::string& pattern_, bool ignoreCase) : pattern(pattern_.empty() ? ".*" : pattern_) { -#if WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(pattern.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); if (ignoreCase) { @@ -117,7 +117,7 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) Regex::~Regex() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else if (m_pc != NULL) { @@ -139,7 +139,7 @@ Regex::~Regex() { std::list Regex::searchAll(const std::string& s) const { std::list retList; int rc = 0; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE offset = 0; @@ -183,14 +183,14 @@ std::list Regex::searchAll(const std::string& s) const { } } while (rc > 0); -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return retList; } RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? @@ -235,7 +235,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { bool prev_match_zero_length = false; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? @@ -337,14 +337,14 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return RegexResult::Ok; } int Regex::search(const std::string& s, SMatch *match) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); int ret = 0; @@ -371,14 +371,14 @@ int Regex::search(const std::string& s, SMatch *match) const { 0); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return ret; } int Regex::search(const std::string& s) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); int rc = 0; @@ -405,7 +405,7 @@ int Regex::search(const std::string& s) const { RegexResult Regex::to_regex_result(int pcre_exec_result) const { if ( pcre_exec_result > 0 || -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_NOMATCH #else pcre_exec_result == PCRE_ERROR_NOMATCH @@ -413,7 +413,7 @@ RegexResult Regex::to_regex_result(int pcre_exec_result) const { ) { return RegexResult::Ok; } else if( -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_MATCHLIMIT #else pcre_exec_result == PCRE_ERROR_MATCHLIMIT diff --git a/src/utils/regex.h b/src/utils/regex.h index f27cdd2536..a771720ab6 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -12,7 +12,7 @@ * directly using the email address security@modsecurity.org. * */ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -91,7 +91,7 @@ class Regex { private: RegexResult to_regex_result(int pcre_exec_result) const; -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else From 106ed22b6dc763737707ffd17d8c3408f1e6d750 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 10:58:20 +0000 Subject: [PATCH 3/8] Fix typo in pcre.m4: corrected PCRE_CFLAGS assignment --- build/pcre.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/pcre.m4 b/build/pcre.m4 index 5c3ea989e5..de28e8b889 100644 --- a/build/pcre.m4 +++ b/build/pcre.m4 @@ -106,7 +106,7 @@ else LIBS=$save_LIBS fi - PCRE_CFLAGS="-DWITH_PCRE$ {PCRE_CFLAGS}" + PCRE_CFLAGS="-DWITH_PCRE ${PCRE_CFLAGS}" AC_SUBST(PCRE_CONFIG) AC_SUBST(PCRE_VERSION) AC_SUBST(PCRE_CPPFLAGS) From a07d0c7d345f87bab16f3fcffb05d53a93bd6b91 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 21:40:09 +0000 Subject: [PATCH 4/8] Fix missing libpcre2 dependency on macOS GitHub runner Identified an issue where the macOS GitHub runner no longer includes the libpcre2 library by default. Updated the workflow configuration to explicitly add libpcre2 as a dependency, ensuring successful builds and compatibility with the updated build system. This change prevents build failures on macOS environments and aligns the runner's setup with project requirements. --- .github/workflows/ci.yml | 1 + build/pcre2.m4 | 35 +++++++++++++++++++++-------------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65984320cf..06bbe07f25 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,6 +105,7 @@ jobs: geoip \ ssdeep \ pcre \ + pcre2 \ bison \ flex - uses: actions/checkout@v4 diff --git a/build/pcre2.m4 b/build/pcre2.m4 index bd28c7df1e..dde0bca9a1 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -29,10 +29,12 @@ if test "x${with_pcre2}" == "xno"; then AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no]) PCRE2_DISABLED=yes else - if test "x${with_pcre2}" == "xyes"; then - PCRE2_MANDATORY=yes - AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) - fi + # pcre2 is the default + PCRE2_MANDATORY=yes +# if test "x${with_pcre2}" == "xyes"; then +# PCRE2_MANDATORY=yes +# AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) +# fi # for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do # CHECK_FOR_PCRE2_AT(${x}) # if test -n "${PCRE2_VERSION}"; then @@ -91,16 +93,21 @@ if test -z "${PCRE2_LDADD}"; then PCRE2_FOUND=-1 fi else - PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) - PCRE2_CFLAGS="${PCRE2_CFLAGS}" - PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" - AC_SUBST(PCRE2_VERSION) - AC_SUBST(PCRE2_LDADD) - AC_SUBST(PCRE2_LIBS) - AC_SUBST(PCRE2_LDFLAGS) - AC_SUBST(PCRE2_CFLAGS) - AC_SUBST(PCRE2_DISPLAY) + if test -z "${PCRE2_MANDATORY}"; then + PCRE2_FOUND=2 + AC_MSG_NOTICE([PCRE2 is disabled by default.]) + else + PCRE2_FOUND=1 + AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) + PCRE2_CFLAGS="${PCRE2_CFLAGS}" + PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_SUBST(PCRE2_VERSION) + AC_SUBST(PCRE2_LDADD) + AC_SUBST(PCRE2_LIBS) + AC_SUBST(PCRE2_LDFLAGS) + AC_SUBST(PCRE2_CFLAGS) + AC_SUBST(PCRE2_DISPLAY) + fi fi From 784cf0b64cc00666016bba5a0e1cedd965238e82 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Wed, 11 Dec 2024 08:57:43 +0000 Subject: [PATCH 5/8] Debug: increase verbosity in pcre2.m4 for macOS GitHub Actions Added AC_MSG_NOTICE macros to pcre2.m4 to enhance debugging output. This change aims to identify the cause of build failures on macOS runners in GitHub Actions, which do not occur locally or on other platforms (Linux, Windows). The added verbosity will help trace the build process and inspect variable values for inconsistencies in the macOS runner environment. --- .github/workflows/ci.yml | 1 - build/pcre2.m4 | 9 +++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 06bbe07f25..65984320cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,6 @@ jobs: geoip \ ssdeep \ pcre \ - pcre2 \ bison \ flex - uses: actions/checkout@v4 diff --git a/build/pcre2.m4 b/build/pcre2.m4 index dde0bca9a1..aaa4f8a1d2 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -29,8 +29,8 @@ if test "x${with_pcre2}" == "xno"; then AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no]) PCRE2_DISABLED=yes else - # pcre2 is the default PCRE2_MANDATORY=yes + AC_MSG_NOTICE([PCRE2 is enabled by default.]) # if test "x${with_pcre2}" == "xyes"; then # PCRE2_MANDATORY=yes # AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) @@ -98,9 +98,14 @@ else AC_MSG_NOTICE([PCRE2 is disabled by default.]) else PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) PCRE2_CFLAGS="${PCRE2_CFLAGS}" PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_MSG_NOTICE([using PCRE2_VERSION ${PCRE2_VERSION}]) + AC_MSG_NOTICE([using PCRE2_LDADD ${PCRE2_LDADD}]) + AC_MSG_NOTICE([using PCRE2_LIBS ${PCRE2_LIBS}]) + AC_MSG_NOTICE([using PCRE2_LDFLAGS ${PCRE2_LDFLAGS}]) + AC_MSG_NOTICE([using PCRE2_CFLAGS ${PCRE2_CFLAGS}]) + AC_MSG_NOTICE([using PCRE2_DISPLAY ${PCRE2_DISPLAY}]) AC_SUBST(PCRE2_VERSION) AC_SUBST(PCRE2_LDADD) AC_SUBST(PCRE2_LIBS) From e92507868ec722a6c13e9ab7e45e7242f06264e9 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Wed, 11 Dec 2024 12:48:20 +0000 Subject: [PATCH 6/8] Fix macOS GitHub Actions build: add PCRE2_CFLAGS/LDADD/LDFLAGS Introduced PCRE2_CFLAGS, PCRE2_LDADD, and PCRE2_LDFLAGS in all relevant Makefile.am files to align with the existing PCRE_* variable usage. This change addresses potential issues with linking and configuration for builds on macOS GitHub runners. These modifications aim to resolve the build failure observed exclusively in the macOS environment while maintaining compatibility across other platforms. Testing will confirm if this adjustment corrects the issue. --- examples/multithread/Makefile.am | 2 ++ examples/reading_logs_via_rule_message/Makefile.am | 2 ++ examples/reading_logs_with_offset/Makefile.am | 2 ++ examples/using_bodies_in_chunks/Makefile.am | 2 ++ src/parser/Makefile.am | 1 + test/benchmark/Makefile.am | 2 ++ test/fuzzer/Makefile.am | 2 ++ tools/rules-check/Makefile.am | 2 ++ 8 files changed, 15 insertions(+) diff --git a/examples/multithread/Makefile.am b/examples/multithread/Makefile.am index c17b431a35..0871efa1e1 100644 --- a/examples/multithread/Makefile.am +++ b/examples/multithread/Makefile.am @@ -14,6 +14,7 @@ multithread_LDADD = \ $(MAXMIND_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ multithread_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/reading_logs_via_rule_message/Makefile.am b/examples/reading_logs_via_rule_message/Makefile.am index 210edef3bc..5a6ba74b2a 100644 --- a/examples/reading_logs_via_rule_message/Makefile.am +++ b/examples/reading_logs_via_rule_message/Makefile.am @@ -14,6 +14,7 @@ simple_request_LDADD = \ $(MAXMIND_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/reading_logs_with_offset/Makefile.am b/examples/reading_logs_with_offset/Makefile.am index 3ecda10cbb..a98ed48d0e 100644 --- a/examples/reading_logs_with_offset/Makefile.am +++ b/examples/reading_logs_with_offset/Makefile.am @@ -14,6 +14,7 @@ read_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ read_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am index 5d64537992..9eb438f368 100644 --- a/examples/using_bodies_in_chunks/Makefile.am +++ b/examples/using_bodies_in_chunks/Makefile.am @@ -14,6 +14,7 @@ simple_request_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) MAINTAINERCLEANFILES = \ diff --git a/src/parser/Makefile.am b/src/parser/Makefile.am index cded626179..685675819f 100644 --- a/src/parser/Makefile.am +++ b/src/parser/Makefile.am @@ -25,6 +25,7 @@ libmodsec_parser_la_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) test.cc: seclang-parser.hh diff --git a/test/benchmark/Makefile.am b/test/benchmark/Makefile.am index 88da53e86a..2ac9d92111 100644 --- a/test/benchmark/Makefile.am +++ b/test/benchmark/Makefile.am @@ -10,6 +10,7 @@ benchmark_LDADD = \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(YAJL_LDADD) \ $(LMDB_LDADD) \ $(SSDEEP_LDADD) \ @@ -35,6 +36,7 @@ benchmark_CPPFLAGS = \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LMDB_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/test/fuzzer/Makefile.am b/test/fuzzer/Makefile.am index ea21024059..eee3a94e23 100644 --- a/test/fuzzer/Makefile.am +++ b/test/fuzzer/Makefile.am @@ -18,6 +18,7 @@ afl_fuzzer_LDADD = \ $(CURL_LDADD) \ $(GEOIP_LDFLAGS) $(GEOIP_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(YAJL_LDFLAGS) $(YAJL_LDADD) \ $(LMDB_LDFLAGS) $(LMDB_LDADD) \ $(MAXMIND_LDFLAGS) $(MAXMIND_LDADD) \ @@ -44,4 +45,5 @@ afl_fuzzer_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/tools/rules-check/Makefile.am b/tools/rules-check/Makefile.am index 6f398fb222..c79a625671 100644 --- a/tools/rules-check/Makefile.am +++ b/tools/rules-check/Makefile.am @@ -15,6 +15,7 @@ modsec_rules_check_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -31,6 +32,7 @@ modsec_rules_check_CPPFLAGS = \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LMDB_CFLAGS) \ $(MAXMIND_CFLAGS) \ $(LIBXML2_CFLAGS) From 10d1c2be74e7dbe1887b7bc2285501aea28dfe2a Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Fri, 20 Dec 2024 08:12:06 +0000 Subject: [PATCH 7/8] Refactor: improve PCRE settings output in configure.ac Enhanced the `configure.ac` script to provide clearer and more readable output for PCRE and PCRE2 settings during configuration. This change improves usability by ensuring that the configuration process displays relevant details in a structured and user-friendly format. This update aligns with the broader PCRE to PCRE2 migration effort, making the build configuration process more transparent and consistent. --- configure.ac | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/configure.ac b/configure.ac index 0bce513541..93addd7083 100644 --- a/configure.ac +++ b/configure.ac @@ -582,6 +582,17 @@ if test "x$LUA_FOUND" = "x2"; then echo " + LUA ....disabled" fi +##PCRE +if test "x${with_pcre}" != "x" \ + && test "x${with_pcre}" != "xno" \ + && test "x${PCRE_VERSION}" == "x"; then + AC_MSG_NOTICE([*** pcre library not found.]) +else + echo " + PCRE ....found " + echo " using pcre v${PCRE_VERSION}" + echo " ${PCRE_LDADD}, ${PCRE_CFLAGS}" +fi + ## PCRE2 if test "x$PCRE2_FOUND" = "x0"; then From d68aef320c66d7f065aadbb0af301a60709aeb83 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Thu, 20 Feb 2025 12:25:53 +0000 Subject: [PATCH 8/8] refactor: improve maintainability for SonarCloud compliance - Marked the conversion operator in `Pcre2MatchContextPtr` as `explicit` to improve type safety and prevent unintended implicit conversions. - Ensured consistent use of `nullptr` instead of `NULL` for better readability and modern C++ compliance. These changes enhance code clarity, maintainability, and adherence to modern C++ best practices. --- src/operators/verify_cc.cc | 32 +++++++++++----------- src/operators/verify_cc.h | 6 ++--- src/utils/regex.cc | 54 +++++++++++++++++++------------------- src/utils/regex.h | 6 ++--- 4 files changed, 49 insertions(+), 49 deletions(-) diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 4f19778355..1ddbf4f494 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -25,7 +25,7 @@ #if PCRE_HAVE_JIT #define pcre_study_opt PCRE_STUDY_JIT_COMPILE #else -#define pcre_study_opt 0 +constexpr int pcre_study_opt = 0; #endif #endif @@ -37,17 +37,17 @@ VerifyCC::~VerifyCC() { #ifndef WITH_PCRE pcre2_code_free(m_pc); #else - if (m_pc != NULL) { + if (m_pc != nullptr) { pcre_free(m_pc); - m_pc = NULL; + m_pc = nullptr; } - if (m_pce != NULL) { + if (m_pce != nullptr) { #if PCRE_HAVE_JIT pcre_free_study(m_pce); #else pcre_free(m_pce); #endif - m_pce = NULL; + m_pce = nullptr; } #endif } @@ -100,27 +100,27 @@ bool VerifyCC::init(const std::string ¶m2, std::string *error) { int errornumber = 0; PCRE2_SIZE erroroffset = 0; m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED, - pcre2_options, &errornumber, &erroroffset, NULL); - if (m_pc == NULL) { + pcre2_options, &errornumber, &erroroffset, nullptr); + if (m_pc == nullptr) { return false; } m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE); #else - const char *errptr = NULL; + const char *errptr = nullptr; int erroffset = 0; m_pc = pcre_compile(m_param.c_str(), PCRE_DOTALL|PCRE_MULTILINE, - &errptr, &erroffset, NULL); - if (m_pc == NULL) { + &errptr, &erroffset, nullptr); + if (m_pc == nullptr) { error->assign(errptr); return false; } m_pce = pcre_study(m_pc, pcre_study_opt, &errptr); - if (m_pce == NULL) { - if (errptr == NULL) { + if (m_pce == nullptr) { + if (errptr == nullptr) { /* - * Per pcre_study(3) m_pce == NULL && errptr == NULL means + * Per pcre_study(3) m_pce == nullptr && errptr == nullptr means * that no addional information is found, so no need to study */ return true; @@ -140,17 +140,17 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, PCRE2_SIZE offset = 0; size_t target_length = i.length(); PCRE2_SPTR pcre2_i = reinterpret_cast(i.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int ret; for (offset = 0; offset < target_length; offset++) { if (m_pcje == 0) { - ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, NULL); + ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, nullptr); } if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) { - ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, NULL); + ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, nullptr); } /* If there was no match, then we are done. */ diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index ec1661fb5f..7e7e158bc9 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -39,11 +39,11 @@ class VerifyCC : public Operator { explicit VerifyCC(std::unique_ptr param) : Operator("VerifyCC", std::move(param)), #ifndef WITH_PCRE - m_pc(NULL), + m_pc(nullptr), m_pcje(PCRE2_ERROR_JIT_BADOPTION) { } #else - m_pc(NULL), - m_pce(NULL) { } + m_pc(nullptr), + m_pce(nullptr) { } #endif ~VerifyCC() override; diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 9d84c871e2..3002503743 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -39,7 +39,7 @@ class Pcre2MatchContextPtr { public: Pcre2MatchContextPtr() - : m_match_context(pcre2_match_context_create(NULL)) {} + : m_match_context(pcre2_match_context_create(nullptr)) {} Pcre2MatchContextPtr(const Pcre2MatchContextPtr&) = delete; Pcre2MatchContextPtr& operator=(const Pcre2MatchContextPtr&) = delete; @@ -48,7 +48,7 @@ class Pcre2MatchContextPtr { pcre2_match_context_free(m_match_context); } - operator pcre2_match_context*() const { + explicit operator pcre2_match_context*() const { return m_match_context; } @@ -98,10 +98,10 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) int errornumber = 0; PCRE2_SIZE erroroffset = 0; m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED, - pcre2_options, &errornumber, &erroroffset, NULL); + pcre2_options, &errornumber, &erroroffset, nullptr); m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE); #else - const char *errptr = NULL; + const char *errptr = nullptr; int erroffset; int flags = (PCRE_DOTALL|PCRE_MULTILINE); @@ -109,7 +109,7 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) flags |= PCRE_CASELESS; } m_pc = pcre_compile(pattern.c_str(), flags, - &errptr, &erroffset, NULL); + &errptr, &erroffset, nullptr); m_pce = pcre_study(m_pc, pcre_study_opt, &errptr); #endif @@ -120,17 +120,17 @@ Regex::~Regex() { #ifndef WITH_PCRE pcre2_code_free(m_pc); #else - if (m_pc != NULL) { + if (m_pc != nullptr) { pcre_free(m_pc); - m_pc = NULL; + m_pc = nullptr; } - if (m_pce != NULL) { + if (m_pce != nullptr) { #if PCRE_HAVE_JIT pcre_free_study(m_pce); #else pcre_free(m_pce); #endif - m_pce = NULL; + m_pce = nullptr; } #endif } @@ -143,16 +143,16 @@ std::list Regex::searchAll(const std::string& s) const { PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE offset = 0; - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); do { if (m_pcje == 0) { rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), - offset, 0, match_data, NULL); + offset, 0, match_data, nullptr); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { rc = pcre2_match(m_pc, pcre2_s, s.length(), - offset, PCRE2_NO_JIT, match_data, NULL); + offset, PCRE2_NO_JIT, match_data, nullptr); } const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -194,18 +194,18 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector 0) { // TODO: What if setting the match limit fails? - pcre2_set_match_limit(match_context, match_limit); + pcre2_set_match_limit(static_cast(match_context), match_limit); } PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int rc = 0; if (m_pcje == 0) { - rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, match_context); + rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, static_cast(match_context)); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { - rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, match_context); + rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, static_cast(match_context)); } const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -214,7 +214,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector 0) { + if (m_pce != nullptr && match_limit > 0) { local_pce = *m_pce; local_pce.match_limit = match_limit; local_pce.flags |= PCRE_EXTRA_MATCH_LIMIT; @@ -247,20 +247,20 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? - pcre2_set_match_limit(match_context, match_limit); + pcre2_set_match_limit(static_cast(match_context), match_limit); } PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE startOffset = 0; - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); while (startOffset <= s.length()) { uint32_t pcre2_options = 0; if (prev_match_zero_length) { pcre2_options = PCRE2_NOTEMPTY_ATSTART | PCRE2_ANCHORED; } int rc = pcre2_match(m_pc, pcre2_s, s.length(), - startOffset, pcre2_options, match_data, match_context); + startOffset, pcre2_options, match_data, static_cast(match_context)); const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -268,7 +268,7 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector pcre_extra local_pce; pcre_extra *pce = m_pce; - if (m_pce != NULL && match_limit > 0) { + if (m_pce != nullptr && match_limit > 0) { local_pce = *m_pce; local_pce.match_limit = match_limit; local_pce.flags |= PCRE_EXTRA_MATCH_LIMIT; @@ -346,16 +346,16 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector int Regex::search(const std::string& s, SMatch *match) const { #ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int ret = 0; if (m_pcje == 0) { ret = pcre2_match(m_pc, pcre2_s, s.length(), - 0, 0, match_data, NULL) > 0; + 0, 0, match_data, nullptr) > 0; } if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) { ret = pcre2_match(m_pc, pcre2_s, s.length(), - 0, PCRE2_NO_JIT, match_data, NULL) > 0; + 0, PCRE2_NO_JIT, match_data, nullptr) > 0; } if (ret > 0) { // match PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); @@ -380,14 +380,14 @@ int Regex::search(const std::string& s, SMatch *match) const { int Regex::search(const std::string& s) const { #ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int rc = 0; if (m_pcje == 0) { - rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, NULL); + rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, nullptr); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { - rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, NULL); + rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, nullptr); } pcre2_match_data_free(match_data); if (rc > 0) { diff --git a/src/utils/regex.h b/src/utils/regex.h index a771720ab6..863ce560b6 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -79,7 +79,7 @@ class Regex { Regex& operator=(const Regex&) = delete; bool hasError() const { - return (m_pc == NULL); + return (m_pc == nullptr); } std::list searchAll(const std::string& s) const; RegexResult searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit = 0) const; @@ -95,8 +95,8 @@ class Regex { pcre2_code *m_pc; int m_pcje; #else - pcre *m_pc = NULL; - pcre_extra *m_pce = NULL; + pcre *m_pc = nullptr; + pcre_extra *m_pce = nullptr; #endif };