From 4fb22466a0c31ea01570887ef21eb4abdf5deb9c Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 07:32:13 +0000 Subject: [PATCH 1/8] Cleanup: Remove useless/nonfunctional AM_CONDITIONAL macros - Deleted AM_CONDITIONAL macros from configure.ac that had no functional impact on the build system. --- configure.ac | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac index 11cef0b6..91b8d59a 100644 --- a/configure.ac +++ b/configure.ac @@ -109,24 +109,19 @@ AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""]) # Check for LibGeoIP PROG_GEOIP -AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""]) # Check for MaxMind PROG_MAXMIND -AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""]) # Check for LMDB PROG_LMDB -AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""]) # Check for SSDEEP CHECK_SSDEEP -AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""]) # Check for LUA CHECK_LUA -AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""]) # @@ -155,7 +150,6 @@ CHECK_PCRE # Check for pcre2 # PROG_PCRE2 -AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""]) # Checks for header files. From c6433df7b21d5c7d4f027eda916ecbe3efc94b51 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 10:16:14 +0000 Subject: [PATCH 2/8] Refactor build system to use libpcre2 as the default Updated the build system and related source files to use libpcre2 as the default regex library instead of the deprecated libpcre. This change ensures future compatibility and aligns with the library's maintenance status. To build with the old libpcre, the `--with-pcre` configuration parameter can be specified. --- .github/workflows/ci.yml | 4 ++-- build/pcre.m4 | 5 +++-- build/pcre2.m4 | 25 ++++++++++--------------- configure.ac | 17 +++++++++-------- src/operators/verify_cc.cc | 12 ++++++------ src/operators/verify_cc.h | 6 +++--- src/utils/regex.cc | 32 ++++++++++++++++---------------- src/utils/regex.h | 4 ++-- 8 files changed, 51 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2fe0010a..65984320 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } exclude: - platform: {label: "x32"} configure: {label: "wo geoip"} @@ -88,7 +88,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } steps: - name: Setup Dependencies # curl, pcre2 not installed because they're already diff --git a/build/pcre.m4 b/build/pcre.m4 index 4d991232..5c3ea989 100644 --- a/build/pcre.m4 +++ b/build/pcre.m4 @@ -21,8 +21,8 @@ AC_ARG_WITH( [test_paths="${with_pcre}"], [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"]) -if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then - AC_MSG_NOTICE([pcre2 specified; omitting check for pcre]) +if test "x${with_pcre}" == "x" && test "x${with_pcre}" != "xno"; then + AC_MSG_NOTICE([Support for pcre not requested; omitting check for pcre]) else AC_MSG_CHECKING([for libpcre config script]) @@ -106,6 +106,7 @@ else LIBS=$save_LIBS fi + PCRE_CFLAGS="-DWITH_PCRE$ {PCRE_CFLAGS}" AC_SUBST(PCRE_CONFIG) AC_SUBST(PCRE_VERSION) AC_SUBST(PCRE_CPPFLAGS) diff --git a/build/pcre2.m4 b/build/pcre2.m4 index 2d0814ac..bd28c7df 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -91,21 +91,16 @@ if test -z "${PCRE2_LDADD}"; then PCRE2_FOUND=-1 fi else - if test -z "${PCRE2_MANDATORY}"; then - PCRE2_FOUND=2 - AC_MSG_NOTICE([PCRE2 is disabled by default.]) - else - PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) - PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}" - PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" - AC_SUBST(PCRE2_VERSION) - AC_SUBST(PCRE2_LDADD) - AC_SUBST(PCRE2_LIBS) - AC_SUBST(PCRE2_LDFLAGS) - AC_SUBST(PCRE2_CFLAGS) - AC_SUBST(PCRE2_DISPLAY) - fi + PCRE2_FOUND=1 + AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) + PCRE2_CFLAGS="${PCRE2_CFLAGS}" + PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_SUBST(PCRE2_VERSION) + AC_SUBST(PCRE2_LDADD) + AC_SUBST(PCRE2_LIBS) + AC_SUBST(PCRE2_LDFLAGS) + AC_SUBST(PCRE2_CFLAGS) + AC_SUBST(PCRE2_DISPLAY) fi diff --git a/configure.ac b/configure.ac index 91b8d59a..0bce5135 100644 --- a/configure.ac +++ b/configure.ac @@ -141,15 +141,16 @@ CHECK_LIBXML2 # -# Check for libpcre +# Check for libpcre only if explicitly requested # -CHECK_PCRE - - -# -# Check for pcre2 -# -PROG_PCRE2 +if test "x${with_pcre}" != "x" && test "x${with_pcre}" != "xno"; then + CHECK_PCRE +else + # + # Check for pcre2 + # + PROG_PCRE2 +fi # Checks for header files. diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 66f2e911..4f197783 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -21,7 +21,7 @@ #include "src/operators/operator.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT #define pcre_study_opt PCRE_STUDY_JIT_COMPILE #else @@ -34,7 +34,7 @@ namespace modsecurity { namespace operators { VerifyCC::~VerifyCC() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else if (m_pc != NULL) { @@ -94,7 +94,7 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { bool VerifyCC::init(const std::string ¶m2, std::string *error) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(m_param.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); int errornumber = 0; @@ -136,7 +136,7 @@ bool VerifyCC::init(const std::string ¶m2, std::string *error) { bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, const std::string& i, RuleMessage &ruleMessage) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SIZE offset = 0; size_t target_length = i.length(); PCRE2_SPTR pcre2_i = reinterpret_cast(i.c_str()); @@ -192,7 +192,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, "\" at " + i + ". [offset " + std::to_string(offset) + "]"); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return true; @@ -200,7 +200,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index 05d4cdec..ec1661fb 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -16,7 +16,7 @@ #ifndef SRC_OPERATORS_VERIFY_CC_H_ #define SRC_OPERATORS_VERIFY_CC_H_ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -38,7 +38,7 @@ class VerifyCC : public Operator { /** @ingroup ModSecurity_Operator */ explicit VerifyCC(std::unique_ptr param) : Operator("VerifyCC", std::move(param)), -#if WITH_PCRE2 +#ifndef WITH_PCRE m_pc(NULL), m_pcje(PCRE2_ERROR_JIT_BADOPTION) { } #else @@ -52,7 +52,7 @@ class VerifyCC : public Operator { RuleMessage &ruleMessage) override; bool init(const std::string ¶m, std::string *error) override; private: -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 731ffc97..9d84c871 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -23,7 +23,7 @@ #include "src/utils/geo_lookup.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT // NOTE: Add PCRE_STUDY_EXTRA_NEEDED so studying always yields a pcre_extra strucure // and we can selectively override match limits using a copy of that structure at runtime. @@ -35,7 +35,7 @@ #endif #endif -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE class Pcre2MatchContextPtr { public: Pcre2MatchContextPtr() @@ -62,7 +62,7 @@ namespace Utils { // Helper function to tell us if the current config indicates CRLF is a valid newline sequence bool crlfIsNewline() { -#if WITH_PCRE2 +#ifndef WITH_PCRE uint32_t newline = 0; pcre2_config(PCRE2_CONFIG_NEWLINE, &newline); bool crlf_is_newline = @@ -89,7 +89,7 @@ bool crlfIsNewline() { Regex::Regex(const std::string& pattern_, bool ignoreCase) : pattern(pattern_.empty() ? ".*" : pattern_) { -#if WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(pattern.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); if (ignoreCase) { @@ -117,7 +117,7 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) Regex::~Regex() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else if (m_pc != NULL) { @@ -139,7 +139,7 @@ Regex::~Regex() { std::list Regex::searchAll(const std::string& s) const { std::list retList; int rc = 0; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE offset = 0; @@ -183,14 +183,14 @@ std::list Regex::searchAll(const std::string& s) const { } } while (rc > 0); -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return retList; } RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? @@ -235,7 +235,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { bool prev_match_zero_length = false; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? @@ -337,14 +337,14 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return RegexResult::Ok; } int Regex::search(const std::string& s, SMatch *match) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); int ret = 0; @@ -371,14 +371,14 @@ int Regex::search(const std::string& s, SMatch *match) const { 0); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return ret; } int Regex::search(const std::string& s) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); int rc = 0; @@ -405,7 +405,7 @@ int Regex::search(const std::string& s) const { RegexResult Regex::to_regex_result(int pcre_exec_result) const { if ( pcre_exec_result > 0 || -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_NOMATCH #else pcre_exec_result == PCRE_ERROR_NOMATCH @@ -413,7 +413,7 @@ RegexResult Regex::to_regex_result(int pcre_exec_result) const { ) { return RegexResult::Ok; } else if( -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_MATCHLIMIT #else pcre_exec_result == PCRE_ERROR_MATCHLIMIT diff --git a/src/utils/regex.h b/src/utils/regex.h index f27cdd25..a771720a 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -12,7 +12,7 @@ * directly using the email address security@modsecurity.org. * */ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -91,7 +91,7 @@ class Regex { private: RegexResult to_regex_result(int pcre_exec_result) const; -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else From 106ed22b6dc763737707ffd17d8c3408f1e6d750 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 10:58:20 +0000 Subject: [PATCH 3/8] Fix typo in pcre.m4: corrected PCRE_CFLAGS assignment --- build/pcre.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/pcre.m4 b/build/pcre.m4 index 5c3ea989..de28e8b8 100644 --- a/build/pcre.m4 +++ b/build/pcre.m4 @@ -106,7 +106,7 @@ else LIBS=$save_LIBS fi - PCRE_CFLAGS="-DWITH_PCRE$ {PCRE_CFLAGS}" + PCRE_CFLAGS="-DWITH_PCRE ${PCRE_CFLAGS}" AC_SUBST(PCRE_CONFIG) AC_SUBST(PCRE_VERSION) AC_SUBST(PCRE_CPPFLAGS) From a07d0c7d345f87bab16f3fcffb05d53a93bd6b91 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 21:40:09 +0000 Subject: [PATCH 4/8] Fix missing libpcre2 dependency on macOS GitHub runner Identified an issue where the macOS GitHub runner no longer includes the libpcre2 library by default. Updated the workflow configuration to explicitly add libpcre2 as a dependency, ensuring successful builds and compatibility with the updated build system. This change prevents build failures on macOS environments and aligns the runner's setup with project requirements. --- .github/workflows/ci.yml | 1 + build/pcre2.m4 | 35 +++++++++++++++++++++-------------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65984320..06bbe07f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,6 +105,7 @@ jobs: geoip \ ssdeep \ pcre \ + pcre2 \ bison \ flex - uses: actions/checkout@v4 diff --git a/build/pcre2.m4 b/build/pcre2.m4 index bd28c7df..dde0bca9 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -29,10 +29,12 @@ if test "x${with_pcre2}" == "xno"; then AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no]) PCRE2_DISABLED=yes else - if test "x${with_pcre2}" == "xyes"; then - PCRE2_MANDATORY=yes - AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) - fi + # pcre2 is the default + PCRE2_MANDATORY=yes +# if test "x${with_pcre2}" == "xyes"; then +# PCRE2_MANDATORY=yes +# AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) +# fi # for x in ${PCRE2_POSSIBLE_LIB_NAMES}; do # CHECK_FOR_PCRE2_AT(${x}) # if test -n "${PCRE2_VERSION}"; then @@ -91,16 +93,21 @@ if test -z "${PCRE2_LDADD}"; then PCRE2_FOUND=-1 fi else - PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) - PCRE2_CFLAGS="${PCRE2_CFLAGS}" - PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" - AC_SUBST(PCRE2_VERSION) - AC_SUBST(PCRE2_LDADD) - AC_SUBST(PCRE2_LIBS) - AC_SUBST(PCRE2_LDFLAGS) - AC_SUBST(PCRE2_CFLAGS) - AC_SUBST(PCRE2_DISPLAY) + if test -z "${PCRE2_MANDATORY}"; then + PCRE2_FOUND=2 + AC_MSG_NOTICE([PCRE2 is disabled by default.]) + else + PCRE2_FOUND=1 + AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) + PCRE2_CFLAGS="${PCRE2_CFLAGS}" + PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_SUBST(PCRE2_VERSION) + AC_SUBST(PCRE2_LDADD) + AC_SUBST(PCRE2_LIBS) + AC_SUBST(PCRE2_LDFLAGS) + AC_SUBST(PCRE2_CFLAGS) + AC_SUBST(PCRE2_DISPLAY) + fi fi From 784cf0b64cc00666016bba5a0e1cedd965238e82 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Wed, 11 Dec 2024 08:57:43 +0000 Subject: [PATCH 5/8] Debug: increase verbosity in pcre2.m4 for macOS GitHub Actions Added AC_MSG_NOTICE macros to pcre2.m4 to enhance debugging output. This change aims to identify the cause of build failures on macOS runners in GitHub Actions, which do not occur locally or on other platforms (Linux, Windows). The added verbosity will help trace the build process and inspect variable values for inconsistencies in the macOS runner environment. --- .github/workflows/ci.yml | 1 - build/pcre2.m4 | 9 +++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 06bbe07f..65984320 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,6 @@ jobs: geoip \ ssdeep \ pcre \ - pcre2 \ bison \ flex - uses: actions/checkout@v4 diff --git a/build/pcre2.m4 b/build/pcre2.m4 index dde0bca9..aaa4f8a1 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -29,8 +29,8 @@ if test "x${with_pcre2}" == "xno"; then AC_MSG_NOTICE([Support for PCRE2 was disabled by the utilization of --without-pcre2 or --with-pcre2=no]) PCRE2_DISABLED=yes else - # pcre2 is the default PCRE2_MANDATORY=yes + AC_MSG_NOTICE([PCRE2 is enabled by default.]) # if test "x${with_pcre2}" == "xyes"; then # PCRE2_MANDATORY=yes # AC_MSG_NOTICE([PCRE2 support was marked as mandatory by the utilization of --with-pcre2=yes]) @@ -98,9 +98,14 @@ else AC_MSG_NOTICE([PCRE2 is disabled by default.]) else PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) PCRE2_CFLAGS="${PCRE2_CFLAGS}" PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_MSG_NOTICE([using PCRE2_VERSION ${PCRE2_VERSION}]) + AC_MSG_NOTICE([using PCRE2_LDADD ${PCRE2_LDADD}]) + AC_MSG_NOTICE([using PCRE2_LIBS ${PCRE2_LIBS}]) + AC_MSG_NOTICE([using PCRE2_LDFLAGS ${PCRE2_LDFLAGS}]) + AC_MSG_NOTICE([using PCRE2_CFLAGS ${PCRE2_CFLAGS}]) + AC_MSG_NOTICE([using PCRE2_DISPLAY ${PCRE2_DISPLAY}]) AC_SUBST(PCRE2_VERSION) AC_SUBST(PCRE2_LDADD) AC_SUBST(PCRE2_LIBS) From e92507868ec722a6c13e9ab7e45e7242f06264e9 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Wed, 11 Dec 2024 12:48:20 +0000 Subject: [PATCH 6/8] Fix macOS GitHub Actions build: add PCRE2_CFLAGS/LDADD/LDFLAGS Introduced PCRE2_CFLAGS, PCRE2_LDADD, and PCRE2_LDFLAGS in all relevant Makefile.am files to align with the existing PCRE_* variable usage. This change addresses potential issues with linking and configuration for builds on macOS GitHub runners. These modifications aim to resolve the build failure observed exclusively in the macOS environment while maintaining compatibility across other platforms. Testing will confirm if this adjustment corrects the issue. --- examples/multithread/Makefile.am | 2 ++ examples/reading_logs_via_rule_message/Makefile.am | 2 ++ examples/reading_logs_with_offset/Makefile.am | 2 ++ examples/using_bodies_in_chunks/Makefile.am | 2 ++ src/parser/Makefile.am | 1 + test/benchmark/Makefile.am | 2 ++ test/fuzzer/Makefile.am | 2 ++ tools/rules-check/Makefile.am | 2 ++ 8 files changed, 15 insertions(+) diff --git a/examples/multithread/Makefile.am b/examples/multithread/Makefile.am index c17b431a..0871efa1 100644 --- a/examples/multithread/Makefile.am +++ b/examples/multithread/Makefile.am @@ -14,6 +14,7 @@ multithread_LDADD = \ $(MAXMIND_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ multithread_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/reading_logs_via_rule_message/Makefile.am b/examples/reading_logs_via_rule_message/Makefile.am index 210edef3..5a6ba74b 100644 --- a/examples/reading_logs_via_rule_message/Makefile.am +++ b/examples/reading_logs_via_rule_message/Makefile.am @@ -14,6 +14,7 @@ simple_request_LDADD = \ $(MAXMIND_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/reading_logs_with_offset/Makefile.am b/examples/reading_logs_with_offset/Makefile.am index 3ecda10c..a98ed48d 100644 --- a/examples/reading_logs_with_offset/Makefile.am +++ b/examples/reading_logs_with_offset/Makefile.am @@ -14,6 +14,7 @@ read_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ read_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am index 5d645379..9eb438f3 100644 --- a/examples/using_bodies_in_chunks/Makefile.am +++ b/examples/using_bodies_in_chunks/Makefile.am @@ -14,6 +14,7 @@ simple_request_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -46,6 +47,7 @@ simple_request_CPPFLAGS = \ $(LMDB_CFLAGS) \ $(LUA_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) MAINTAINERCLEANFILES = \ diff --git a/src/parser/Makefile.am b/src/parser/Makefile.am index cded6261..68567581 100644 --- a/src/parser/Makefile.am +++ b/src/parser/Makefile.am @@ -25,6 +25,7 @@ libmodsec_parser_la_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) test.cc: seclang-parser.hh diff --git a/test/benchmark/Makefile.am b/test/benchmark/Makefile.am index 88da53e8..2ac9d921 100644 --- a/test/benchmark/Makefile.am +++ b/test/benchmark/Makefile.am @@ -10,6 +10,7 @@ benchmark_LDADD = \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(YAJL_LDADD) \ $(LMDB_LDADD) \ $(SSDEEP_LDADD) \ @@ -35,6 +36,7 @@ benchmark_CPPFLAGS = \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LMDB_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/test/fuzzer/Makefile.am b/test/fuzzer/Makefile.am index ea210240..eee3a94e 100644 --- a/test/fuzzer/Makefile.am +++ b/test/fuzzer/Makefile.am @@ -18,6 +18,7 @@ afl_fuzzer_LDADD = \ $(CURL_LDADD) \ $(GEOIP_LDFLAGS) $(GEOIP_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(YAJL_LDFLAGS) $(YAJL_LDADD) \ $(LMDB_LDFLAGS) $(LMDB_LDADD) \ $(MAXMIND_LDFLAGS) $(MAXMIND_LDADD) \ @@ -44,4 +45,5 @@ afl_fuzzer_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LIBXML2_CFLAGS) diff --git a/tools/rules-check/Makefile.am b/tools/rules-check/Makefile.am index 6f398fb2..c79a6256 100644 --- a/tools/rules-check/Makefile.am +++ b/tools/rules-check/Makefile.am @@ -15,6 +15,7 @@ modsec_rules_check_LDADD = \ $(LMDB_LDADD) \ $(LUA_LDADD) \ $(PCRE_LDADD) \ + $(PCRE2_LDADD) \ $(SSDEEP_LDADD) \ $(YAJL_LDADD) @@ -31,6 +32,7 @@ modsec_rules_check_CPPFLAGS = \ -I$(top_builddir)/headers \ $(GLOBAL_CPPFLAGS) \ $(PCRE_CFLAGS) \ + $(PCRE2_CFLAGS) \ $(LMDB_CFLAGS) \ $(MAXMIND_CFLAGS) \ $(LIBXML2_CFLAGS) From 10d1c2be74e7dbe1887b7bc2285501aea28dfe2a Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Fri, 20 Dec 2024 08:12:06 +0000 Subject: [PATCH 7/8] Refactor: improve PCRE settings output in configure.ac Enhanced the `configure.ac` script to provide clearer and more readable output for PCRE and PCRE2 settings during configuration. This change improves usability by ensuring that the configuration process displays relevant details in a structured and user-friendly format. This update aligns with the broader PCRE to PCRE2 migration effort, making the build configuration process more transparent and consistent. --- configure.ac | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/configure.ac b/configure.ac index 0bce5135..93addd70 100644 --- a/configure.ac +++ b/configure.ac @@ -582,6 +582,17 @@ if test "x$LUA_FOUND" = "x2"; then echo " + LUA ....disabled" fi +##PCRE +if test "x${with_pcre}" != "x" \ + && test "x${with_pcre}" != "xno" \ + && test "x${PCRE_VERSION}" == "x"; then + AC_MSG_NOTICE([*** pcre library not found.]) +else + echo " + PCRE ....found " + echo " using pcre v${PCRE_VERSION}" + echo " ${PCRE_LDADD}, ${PCRE_CFLAGS}" +fi + ## PCRE2 if test "x$PCRE2_FOUND" = "x0"; then From d68aef320c66d7f065aadbb0af301a60709aeb83 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Thu, 20 Feb 2025 12:25:53 +0000 Subject: [PATCH 8/8] refactor: improve maintainability for SonarCloud compliance - Marked the conversion operator in `Pcre2MatchContextPtr` as `explicit` to improve type safety and prevent unintended implicit conversions. - Ensured consistent use of `nullptr` instead of `NULL` for better readability and modern C++ compliance. These changes enhance code clarity, maintainability, and adherence to modern C++ best practices. --- src/operators/verify_cc.cc | 32 +++++++++++----------- src/operators/verify_cc.h | 6 ++--- src/utils/regex.cc | 54 +++++++++++++++++++------------------- src/utils/regex.h | 6 ++--- 4 files changed, 49 insertions(+), 49 deletions(-) diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 4f197783..1ddbf4f4 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -25,7 +25,7 @@ #if PCRE_HAVE_JIT #define pcre_study_opt PCRE_STUDY_JIT_COMPILE #else -#define pcre_study_opt 0 +constexpr int pcre_study_opt = 0; #endif #endif @@ -37,17 +37,17 @@ VerifyCC::~VerifyCC() { #ifndef WITH_PCRE pcre2_code_free(m_pc); #else - if (m_pc != NULL) { + if (m_pc != nullptr) { pcre_free(m_pc); - m_pc = NULL; + m_pc = nullptr; } - if (m_pce != NULL) { + if (m_pce != nullptr) { #if PCRE_HAVE_JIT pcre_free_study(m_pce); #else pcre_free(m_pce); #endif - m_pce = NULL; + m_pce = nullptr; } #endif } @@ -100,27 +100,27 @@ bool VerifyCC::init(const std::string ¶m2, std::string *error) { int errornumber = 0; PCRE2_SIZE erroroffset = 0; m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED, - pcre2_options, &errornumber, &erroroffset, NULL); - if (m_pc == NULL) { + pcre2_options, &errornumber, &erroroffset, nullptr); + if (m_pc == nullptr) { return false; } m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE); #else - const char *errptr = NULL; + const char *errptr = nullptr; int erroffset = 0; m_pc = pcre_compile(m_param.c_str(), PCRE_DOTALL|PCRE_MULTILINE, - &errptr, &erroffset, NULL); - if (m_pc == NULL) { + &errptr, &erroffset, nullptr); + if (m_pc == nullptr) { error->assign(errptr); return false; } m_pce = pcre_study(m_pc, pcre_study_opt, &errptr); - if (m_pce == NULL) { - if (errptr == NULL) { + if (m_pce == nullptr) { + if (errptr == nullptr) { /* - * Per pcre_study(3) m_pce == NULL && errptr == NULL means + * Per pcre_study(3) m_pce == nullptr && errptr == nullptr means * that no addional information is found, so no need to study */ return true; @@ -140,17 +140,17 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, PCRE2_SIZE offset = 0; size_t target_length = i.length(); PCRE2_SPTR pcre2_i = reinterpret_cast(i.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int ret; for (offset = 0; offset < target_length; offset++) { if (m_pcje == 0) { - ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, NULL); + ret = pcre2_jit_match(m_pc, pcre2_i, target_length, offset, 0, match_data, nullptr); } if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) { - ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, NULL); + ret = pcre2_match(m_pc, pcre2_i, target_length, offset, PCRE2_NO_JIT, match_data, nullptr); } /* If there was no match, then we are done. */ diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index ec1661fb..7e7e158b 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -39,11 +39,11 @@ class VerifyCC : public Operator { explicit VerifyCC(std::unique_ptr param) : Operator("VerifyCC", std::move(param)), #ifndef WITH_PCRE - m_pc(NULL), + m_pc(nullptr), m_pcje(PCRE2_ERROR_JIT_BADOPTION) { } #else - m_pc(NULL), - m_pce(NULL) { } + m_pc(nullptr), + m_pce(nullptr) { } #endif ~VerifyCC() override; diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 9d84c871..30025037 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -39,7 +39,7 @@ class Pcre2MatchContextPtr { public: Pcre2MatchContextPtr() - : m_match_context(pcre2_match_context_create(NULL)) {} + : m_match_context(pcre2_match_context_create(nullptr)) {} Pcre2MatchContextPtr(const Pcre2MatchContextPtr&) = delete; Pcre2MatchContextPtr& operator=(const Pcre2MatchContextPtr&) = delete; @@ -48,7 +48,7 @@ class Pcre2MatchContextPtr { pcre2_match_context_free(m_match_context); } - operator pcre2_match_context*() const { + explicit operator pcre2_match_context*() const { return m_match_context; } @@ -98,10 +98,10 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) int errornumber = 0; PCRE2_SIZE erroroffset = 0; m_pc = pcre2_compile(pcre2_pattern, PCRE2_ZERO_TERMINATED, - pcre2_options, &errornumber, &erroroffset, NULL); + pcre2_options, &errornumber, &erroroffset, nullptr); m_pcje = pcre2_jit_compile(m_pc, PCRE2_JIT_COMPLETE); #else - const char *errptr = NULL; + const char *errptr = nullptr; int erroffset; int flags = (PCRE_DOTALL|PCRE_MULTILINE); @@ -109,7 +109,7 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) flags |= PCRE_CASELESS; } m_pc = pcre_compile(pattern.c_str(), flags, - &errptr, &erroffset, NULL); + &errptr, &erroffset, nullptr); m_pce = pcre_study(m_pc, pcre_study_opt, &errptr); #endif @@ -120,17 +120,17 @@ Regex::~Regex() { #ifndef WITH_PCRE pcre2_code_free(m_pc); #else - if (m_pc != NULL) { + if (m_pc != nullptr) { pcre_free(m_pc); - m_pc = NULL; + m_pc = nullptr; } - if (m_pce != NULL) { + if (m_pce != nullptr) { #if PCRE_HAVE_JIT pcre_free_study(m_pce); #else pcre_free(m_pce); #endif - m_pce = NULL; + m_pce = nullptr; } #endif } @@ -143,16 +143,16 @@ std::list Regex::searchAll(const std::string& s) const { PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE offset = 0; - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); do { if (m_pcje == 0) { rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), - offset, 0, match_data, NULL); + offset, 0, match_data, nullptr); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { rc = pcre2_match(m_pc, pcre2_s, s.length(), - offset, PCRE2_NO_JIT, match_data, NULL); + offset, PCRE2_NO_JIT, match_data, nullptr); } const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -194,18 +194,18 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector 0) { // TODO: What if setting the match limit fails? - pcre2_set_match_limit(match_context, match_limit); + pcre2_set_match_limit(static_cast(match_context), match_limit); } PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int rc = 0; if (m_pcje == 0) { - rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, match_context); + rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, static_cast(match_context)); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { - rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, match_context); + rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, static_cast(match_context)); } const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -214,7 +214,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector 0) { + if (m_pce != nullptr && match_limit > 0) { local_pce = *m_pce; local_pce.match_limit = match_limit; local_pce.flags |= PCRE_EXTRA_MATCH_LIMIT; @@ -247,20 +247,20 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? - pcre2_set_match_limit(match_context, match_limit); + pcre2_set_match_limit(static_cast(match_context), match_limit); } PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE startOffset = 0; - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); while (startOffset <= s.length()) { uint32_t pcre2_options = 0; if (prev_match_zero_length) { pcre2_options = PCRE2_NOTEMPTY_ATSTART | PCRE2_ANCHORED; } int rc = pcre2_match(m_pc, pcre2_s, s.length(), - startOffset, pcre2_options, match_data, match_context); + startOffset, pcre2_options, match_data, static_cast(match_context)); const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); #else @@ -268,7 +268,7 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector pcre_extra local_pce; pcre_extra *pce = m_pce; - if (m_pce != NULL && match_limit > 0) { + if (m_pce != nullptr && match_limit > 0) { local_pce = *m_pce; local_pce.match_limit = match_limit; local_pce.flags |= PCRE_EXTRA_MATCH_LIMIT; @@ -346,16 +346,16 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector int Regex::search(const std::string& s, SMatch *match) const { #ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int ret = 0; if (m_pcje == 0) { ret = pcre2_match(m_pc, pcre2_s, s.length(), - 0, 0, match_data, NULL) > 0; + 0, 0, match_data, nullptr) > 0; } if (m_pcje != 0 || ret == PCRE2_ERROR_JIT_STACKLIMIT) { ret = pcre2_match(m_pc, pcre2_s, s.length(), - 0, PCRE2_NO_JIT, match_data, NULL) > 0; + 0, PCRE2_NO_JIT, match_data, nullptr) > 0; } if (ret > 0) { // match PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); @@ -380,14 +380,14 @@ int Regex::search(const std::string& s, SMatch *match) const { int Regex::search(const std::string& s) const { #ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); - pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, nullptr); int rc = 0; if (m_pcje == 0) { - rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, NULL); + rc = pcre2_jit_match(m_pc, pcre2_s, s.length(), 0, 0, match_data, nullptr); } if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) { - rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, NULL); + rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, nullptr); } pcre2_match_data_free(match_data); if (rc > 0) { diff --git a/src/utils/regex.h b/src/utils/regex.h index a771720a..863ce560 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -79,7 +79,7 @@ class Regex { Regex& operator=(const Regex&) = delete; bool hasError() const { - return (m_pc == NULL); + return (m_pc == nullptr); } std::list searchAll(const std::string& s) const; RegexResult searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit = 0) const; @@ -95,8 +95,8 @@ class Regex { pcre2_code *m_pc; int m_pcje; #else - pcre *m_pc = NULL; - pcre_extra *m_pce = NULL; + pcre *m_pc = nullptr; + pcre_extra *m_pce = nullptr; #endif };