owasp-modsecurity · airween · Mar 12, 2025 · Dec 10, 2024 · Dec 10, 2024 · Dec 10, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -26,7 +26,7 @@ jobs:
           - {label: "wo geoip",   opt: "--without-geoip" }
           - {label: "wo ssdeep",  opt: "--without-ssdeep" }
           - {label: "with lmdb",  opt: "--with-lmdb" }
-          - {label: "with pcre2", opt: "--with-pcre2" }
+          - {label: "with pcre", opt: "--with-pcre" }
         exclude:
           - platform: {label: "x32"}
             configure: {label: "wo geoip"}
@@ -88,7 +88,7 @@ jobs:
           - {label: "wo geoip",   opt: "--without-geoip" }
           - {label: "wo ssdeep",  opt: "--without-ssdeep" }
           - {label: "with lmdb",  opt: "--with-lmdb" }
-          - {label: "with pcre2", opt: "--with-pcre2" }
+          - {label: "with pcre", opt: "--with-pcre" }
     steps:
       - name: Setup Dependencies
         # curl, pcre2 not installed because they're already

diff --git a/build/pcre.m4 b/build/pcre.m4
@@ -21,8 +21,8 @@ AC_ARG_WITH(
     [test_paths="${with_pcre}"],
     [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"])
 
-if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then
-    AC_MSG_NOTICE([pcre2 specified; omitting check for pcre])
+if test "x${with_pcre}" == "x" && test "x${with_pcre}" != "xno"; then
+    AC_MSG_NOTICE([Support for pcre not requested; omitting check for pcre])
 else
 
     AC_MSG_CHECKING([for libpcre config script])
@@ -106,6 +106,7 @@ else
         LIBS=$save_LIBS
     fi
 
+    PCRE_CFLAGS="-DWITH_PCRE ${PCRE_CFLAGS}"
     AC_SUBST(PCRE_CONFIG)
     AC_SUBST(PCRE_VERSION)
     AC_SUBST(PCRE_CPPFLAGS)

diff --git a/build/pcre2.m4 b/build/pcre2.m4
@@ -29,10 +29,12 @@ if test "x${with_pcre2}" == "xno"; then
     AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no])
     PCRE2_DISABLED=yes
 else
-    if test "x${with_pcre2}" == "xyes"; then
-        PCRE2_MANDATORY=yes
-        AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
-    fi
+     PCRE2_MANDATORY=yes
+     AC_MSG_NOTICE([PCRE2 is enabled by default.])
+#    if test "x${with_pcre2}" == "xyes"; then
+#        PCRE2_MANDATORY=yes
+#        AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes])
+#    fi
 #        for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do
 #            CHECK_FOR_PCRE2_AT(${x})
 #            if test -n "${PCRE2_VERSION}"; then
@@ -96,9 +98,14 @@ else
         AC_MSG_NOTICE([PCRE2 is disabled by default.])
     else
         PCRE2_FOUND=1
-        AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}])
-        PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}"
+        PCRE2_CFLAGS="${PCRE2_CFLAGS}"
         PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}"
+        AC_MSG_NOTICE([using PCRE2_VERSION ${PCRE2_VERSION}])
+        AC_MSG_NOTICE([using PCRE2_LDADD ${PCRE2_LDADD}])
+        AC_MSG_NOTICE([using PCRE2_LIBS ${PCRE2_LIBS}])
+        AC_MSG_NOTICE([using PCRE2_LDFLAGS ${PCRE2_LDFLAGS}])
+        AC_MSG_NOTICE([using PCRE2_CFLAGS ${PCRE2_CFLAGS}])
+        AC_MSG_NOTICE([using PCRE2_DISPLAY ${PCRE2_DISPLAY}])
         AC_SUBST(PCRE2_VERSION)
         AC_SUBST(PCRE2_LDADD)
         AC_SUBST(PCRE2_LIBS)

diff --git a/configure.ac b/configure.ac
@@ -109,24 +109,19 @@ AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""])
 
 # Check for LibGeoIP
 PROG_GEOIP
-AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""])
 
 # Check for MaxMind
 PROG_MAXMIND
-AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""])
 
 
 # Check for LMDB
 PROG_LMDB
-AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""])
 
 # Check for SSDEEP
 CHECK_SSDEEP
-AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""])
 
 # Check for LUA
 CHECK_LUA
-AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""])
 
 
 #
@@ -146,16 +141,16 @@ CHECK_LIBXML2
 
 
 #
-# Check for libpcre
+# Check for libpcre only if explicitly requested
 #
-CHECK_PCRE
-
-
-#
-# Check for pcre2
-#
-PROG_PCRE2
-AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
+if test "x${with_pcre}" != "x" && test "x${with_pcre}" != "xno"; then
+  CHECK_PCRE
+else
+  #
+  # Check for pcre2
+  #
+  PROG_PCRE2
+fi
 
 
 # Checks for header files.
@@ -587,6 +582,17 @@ if test "x$LUA_FOUND" = "x2"; then
     echo "   + LUA                                           ....disabled"
 fi
 
+##PCRE
+if test "x${with_pcre}" != "x" \
+   && test "x${with_pcre}" != "xno" \
+   && test "x${PCRE_VERSION}" == "x"; then
+    AC_MSG_NOTICE([*** pcre library not found.])
+else
+    echo "   + PCRE                                          ....found "
+    echo "     using pcre v${PCRE_VERSION}"
+    echo "      ${PCRE_LDADD}, ${PCRE_CFLAGS}"
+fi
+
 
 ## PCRE2
 if test "x$PCRE2_FOUND" = "x0"; then

diff --git a/examples/multithread/Makefile.am b/examples/multithread/Makefile.am
@@ -14,6 +14,7 @@ multithread_LDADD = \
 	$(MAXMIND_LDADD) \
 	$(LUA_LDADD) \
 	$(PCRE_LDADD) \
+	$(PCRE2_LDADD) \
 	$(SSDEEP_LDADD) \
 	$(YAJL_LDADD)
 
@@ -46,6 +47,7 @@ multithread_CPPFLAGS = \
 	$(LMDB_CFLAGS) \
 	$(LUA_CFLAGS) \
 	$(PCRE_CFLAGS) \
+	$(PCRE2_CFLAGS) \
 	$(LIBXML2_CFLAGS)
 
 

diff --git a/examples/reading_logs_via_rule_message/Makefile.am b/examples/reading_logs_via_rule_message/Makefile.am
@@ -14,6 +14,7 @@ simple_request_LDADD = \
 	$(MAXMIND_LDADD) \
 	$(LUA_LDADD) \
 	$(PCRE_LDADD) \
+	$(PCRE2_LDADD) \
 	$(SSDEEP_LDADD) \
 	$(YAJL_LDADD)
 
@@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \
 	$(LMDB_CFLAGS) \
 	$(LUA_CFLAGS) \
 	$(PCRE_CFLAGS) \
+	$(PCRE2_CFLAGS) \
 	$(LIBXML2_CFLAGS)
 
 

diff --git a/examples/reading_logs_with_offset/Makefile.am b/examples/reading_logs_with_offset/Makefile.am
@@ -14,6 +14,7 @@ read_LDADD = \
 	$(LMDB_LDADD) \
 	$(LUA_LDADD) \
 	$(PCRE_LDADD) \
+	$(PCRE2_LDADD) \
 	$(SSDEEP_LDADD) \
 	$(YAJL_LDADD)
 
@@ -46,6 +47,7 @@ read_CPPFLAGS = \
 	$(LMDB_CFLAGS) \
 	$(LUA_CFLAGS) \
 	$(PCRE_CFLAGS) \
+	$(PCRE2_CFLAGS) \
 	$(LIBXML2_CFLAGS)
 
 

diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am
@@ -14,6 +14,7 @@ simple_request_LDADD = \
 	$(LMDB_LDADD) \
 	$(LUA_LDADD) \
 	$(PCRE_LDADD) \
+	$(PCRE2_LDADD) \
 	$(SSDEEP_LDADD) \
 	$(YAJL_LDADD)
 
@@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \
 	$(LMDB_CFLAGS) \
 	$(LUA_CFLAGS) \
 	$(PCRE_CFLAGS) \
+	$(PCRE2_CFLAGS) \
 	$(LIBXML2_CFLAGS)
 
 MAINTAINERCLEANFILES = \

diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc
@@ -21,11 +21,11 @@
 
 #include "src/operators/operator.h"
 
-#ifndef WITH_PCRE2
+#ifdef WITH_PCRE
 #if PCRE_HAVE_JIT
 #define pcre_study_opt PCRE_STUDY_JIT_COMPILE
 #else
-#define pcre_study_opt 0
+constexpr int pcre_study_opt = 0;
 #endif
 #endif
 
@@ -34,20 +34,20 @@ namespace modsecurity {
 namespace operators {
 
 VerifyCC::~VerifyCC() {
-#if WITH_PCRE2
+#ifndef WITH_PCRE
     pcre2_code_free(m_pc);
 #else
-    if (m_pc != NULL) {
+    if (m_pc != nullptr) {
         pcre_free(m_pc);
-        m_pc = NULL;
+        m_pc = nullptr;
     }
-    if (m_pce != NULL) {
+    if (m_pce != nullptr) {
 #if PCRE_HAVE_JIT
         pcre_free_study(m_pce);
 #else
         pcre_free(m_pce);
 #endif
-        m_pce = NULL;
+        m_pce = nullptr;
     }
 #endif
 }
@@ -94,33 +94,33 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) {
 
 
 bool VerifyCC::init(const std::string &param2, std::string *error) {
-#ifdef WITH_PCRE2
+#ifndef WITH_PCRE
     PCRE2_SPTR pcre2_pattern = reinterpret_cast<PCRE2_SPTR>(m_param.c_str());
     uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE);
     int errornumber = 0;
     PCRE2_SIZE erroroffset = 0;
     m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED,
-        pcre2_options, &errornumber, &erroroffset, NULL);
-    if (m_pc == NULL) {
+        pcre2_options, &errornumber, &erroroffset, nullptr);
+    if (m_pc == nullptr) {
         return false;
     }
     m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE);
 #else
-    const char *errptr = NULL;
+    const char *errptr = nullptr;
     int erroffset = 0;
 
     m_pc = pcre_compile(m_param.c_str(), PCRE_DOTALL|PCRE_MULTILINE,
-        &errptr, &erroffset, NULL);
-    if (m_pc == NULL) {
+        &errptr, &erroffset, nullptr);
+    if (m_pc == nullptr) {
         error->assign(errptr);
         return false;
     }
 
     m_pce = pcre_study(m_pc, pcre_study_opt, &errptr);
-    if (m_pce == NULL) {
-        if (errptr == NULL) {
+    if (m_pce == nullptr) {
+        if (errptr == nullptr) {
             /*
-             * Per pcre_study(3) m_pce == NULL && errptr == NULL means
+             * Per pcre_study(3) m_pce == nullptr && errptr == nullptr means
              * that no addional information is found, so no need to study
              */
             return true;
@@ -136,21 +136,21 @@ bool VerifyCC::init(const std::string &param2, std::string *error) {
 
 bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule,
     const std::string& i, RuleMessage &ruleMessage) {
-#ifdef WITH_PCRE2
+#ifndef WITH_PCRE
     PCRE2_SIZE offset = 0;
     size_t target_length = i.length();
     PCRE2_SPTR pcre2_i = reinterpret_cast<PCRE2_SPTR>(i.c_str());
-    pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL);
+    pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr);
 
     int ret;
     for (offset = 0; offset < target_length; offset++) {
 
         if (m_pcje == 0) {
-            ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, NULL);
+            ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, nullptr);
         }
 
         if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) {
-            ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, NULL);
+            ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, nullptr);
         }
 
         /* If there was no match, then we are done. */
@@ -192,15 +192,15 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule,
                         "\" at " + i + ". [offset " +
                         std::to_string(offset) + "]");
                 }
-#ifdef WITH_PCRE2
+#ifndef WITH_PCRE
                 pcre2_match_data_free(match_data);
 #endif
                 return true;
             }
         }
     }
 
-#ifdef WITH_PCRE2
+#ifndef WITH_PCRE
     pcre2_match_data_free(match_data);
 #endif
 

diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h
@@ -16,7 +16,7 @@
 #ifndef SRC_OPERATORS_VERIFY_CC_H_
 #define SRC_OPERATORS_VERIFY_CC_H_
 
-#if WITH_PCRE2
+#ifndef WITH_PCRE
 #define PCRE2_CODE_UNIT_WIDTH 8
 #include <pcre2.h>
 #else
@@ -38,12 +38,12 @@ class VerifyCC : public Operator {
     /** @ingroup ModSecurity_Operator */
     explicit VerifyCC(std::unique_ptr<RunTimeString> param)
         : Operator("VerifyCC", std::move(param)),
-#if WITH_PCRE2
-        m_pc(NULL),
+#ifndef WITH_PCRE
+        m_pc(nullptr),
         m_pcje(PCRE2_ERROR_JIT_BADOPTION) { }
 #else
-        m_pc(NULL),
-        m_pce(NULL) { }
+        m_pc(nullptr),
+        m_pce(nullptr) { }
 #endif
     ~VerifyCC() override;
 
@@ -52,7 +52,7 @@ class VerifyCC : public Operator {
         RuleMessage &ruleMessage)  override;
     bool init(const std::string &param, std::string *error) override;
  private:
-#if WITH_PCRE2
+#ifndef WITH_PCRE
     pcre2_code *m_pc;
     int m_pcje;
 #else

diff --git a/src/parser/Makefile.am b/src/parser/Makefile.am
@@ -25,6 +25,7 @@ libmodsec_parser_la_CPPFLAGS = \
 	$(YAJL_CFLAGS) \
 	$(LMDB_CFLAGS) \
 	$(PCRE_CFLAGS) \
+	$(PCRE2_CFLAGS) \
 	$(LIBXML2_CFLAGS)
 
 test.cc: seclang-parser.hh