diff --git a/CHANGES b/CHANGES index 4404f208..4c92c404 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,9 @@ potential to be intercepted incorrectly when other Apache httpd modules that used internal requests were used with mod_security. + * Added Solaris to the list of platforms not supporting the hidden + visibility attribute. + * Fixed decoding full-width unicode in t:urlDecodeUni. * Lessen some overhead of debugging messages and calculations. diff --git a/README.TXT b/README.TXT index 666c25a0..2c0ba1d8 100644 --- a/README.TXT +++ b/README.TXT @@ -1,6 +1,10 @@ +ModSecurity for Apache 2.x, http://www.modsecurity.org/ +Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) -ModSecurity for Apache (http://www.modsecurity.org) -Copyright (C) 2004-2006 Breach Security, Inc. (http://www.breach.com) +You should have received a copy of the licence along with this +program (stored in the file "LICENSE"). If the file is missing, +or if you have any other questions related to the licence, please +write to Breach Security, Inc. at support@breach.com. DOCUMENTATION diff --git a/apache2/acmp.c b/apache2/acmp.c new file mode 100644 index 00000000..d5a6dba8 --- /dev/null +++ b/apache2/acmp.c @@ -0,0 +1,711 @@ +/* + * ModSecurity for Apache 2.x, http://www.modsecurity.org/ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) + * + * You should have received a copy of the licence along with this + * program (stored in the file "LICENSE"). If the file is missing, + * or if you have any other questions related to the licence, please + * write to Breach Security, Inc. at support@breach.com. + * + */ +#include "acmp.h" +#include "utf8tables.h" +#include +#include +#include + + +/* + ******************************************************************************* + ******************************************************************************* + * Data structures for acmp parser + */ + + /** + * One node in trie + */ +typedef struct acmp_node_t acmp_node_t; +typedef struct acmp_btree_node_t acmp_btree_node_t; +struct acmp_node_t { + acmp_utf8_char_t letter; + int is_last; + acmp_callback_t callback; + void *callback_data; + int depth; + + acmp_node_t *child; + acmp_node_t *sibling; + acmp_node_t *fail; + acmp_node_t *parent; + acmp_node_t *o_match; + + acmp_btree_node_t *btree; + + apr_size_t hit_count; + + char *text; + char *pattern; +}; + +struct acmp_btree_node_t { + acmp_utf8_char_t letter; + acmp_btree_node_t *left; + acmp_btree_node_t *right; + acmp_node_t *node; +}; + +/** + * Data related to parser, not to individual nodes + */ +struct ACMP { + int is_utf8; + int is_case_sensitive; + apr_pool_t *parent_pool; + apr_pool_t *pool; + + int dict_count; + apr_size_t longest_entry; + + acmp_node_t *root_node; + + const char *data_start; + const char *data_end; + const char *data_pos; + apr_size_t data_len; + + apr_size_t *bp_buffer; + apr_size_t bp_buff_len; + + acmp_node_t *active_node; + char u8_buff[6]; + apr_size_t u8buff_len; + apr_size_t hit_count; + int is_failtree_done; + int is_active; + apr_size_t byte_pos; + apr_size_t char_pos; +}; + +/* + ******************************************************************************* + ******************************************************************************* + * Functions for UTF-8 support + */ + +/** + * Returns length of utf-8 sequence based on its first byte + */ +static int utf8_seq_len(const char *first_byte) { + return utf8_seq_lengths[(unsigned int)(unsigned char)first_byte[0]]; +} + +/** + * Returns length of utf8-encoded text + */ +static size_t utf8_strlen(const char *str) { + int len = 0; + const char *c = str; + while (*c != 0) { + c += utf8_seq_len(c); + len++; + } + return len; +} + +/** + * Returns ucs code for given utf-8 sequence + */ +static acmp_utf8_char_t utf8_decodechar(const char *str) { + int len = utf8_seq_len(str); + acmp_utf8_char_t ch = 0; + switch (len) { + case 6: ch += (unsigned char)*str++; ch <<= 6; + case 5: ch += (unsigned char)*str++; ch <<= 6; + case 4: ch += (unsigned char)*str++; ch <<= 6; + case 3: ch += (unsigned char)*str++; ch <<= 6; + case 2: ch += (unsigned char)*str++; ch <<= 6; + case 1: ch += (unsigned char)*str++; + } + ch -= utf8_offsets[len - 1]; + return ch; +} + +/** + * Returns lowercase for given unicode character. Searches through + * utf8_lcase_map table, if it doesn't find the code assumes + * it doesn't have a lowercase variant and returns code itself. + */ +static long utf8_lcase(acmp_utf8_char_t ucs_code) { + long mid, left, right; + left = 1; + right = UTF8_LCASEMAP_LEN * 2 + 1; + + while (left <= right) { + mid = (left + right) >> 1; + mid -= (mid % 2); mid++; + if (ucs_code > utf8_lcase_map[mid]) + left = mid + 2; + else if (ucs_code < utf8_lcase_map[mid]) + right = mid - 2; + else if (ucs_code == utf8_lcase_map[mid]) + return utf8_lcase_map[mid - 1]; + } + return ucs_code; +} + +/* + ******************************************************************************* + ******************************************************************************* + * Code for local / static utility functions + */ + +/** + * Returns length of given string for parser's encoding + */ +static size_t acmp_strlen(ACMP *parser, const char *str) { + return (parser->is_utf8 == 0) ? strlen(str) : utf8_strlen(str); +} + +/** + * Turns string to array of ucs values, depending on parser's encoding + * str - string to convert, doesn't have to be NULL-terminated + * ucs_chars - where to write ucs values + * len - length of input string + */ +static void acmp_strtoucs(ACMP *parser, const char *str, acmp_utf8_char_t *ucs_chars, int len) { + int i; + const char *c = str; + + if (parser->is_utf8 == 0) { + for (i = 0; i < len; i++) { + *ucs_chars++ = *c++; + } + } else { + for (i = 0; i < len; i++) { + *ucs_chars++ = utf8_decodechar(c); + c += utf8_seq_len(c); + } + } +} + +/** + * Returns node with given letter, or null if not found + */ +static acmp_node_t *acmp_child_for_code(acmp_node_t *parent_node, acmp_utf8_char_t ucs_code) { + acmp_node_t *node = parent_node->child; + if (node == NULL) return NULL; + for (;;) { + if (node->letter == ucs_code) return node; + node = node->sibling; + if (node == NULL) return NULL; + } +} + +/** + * Adds node to parent node, if it is not already there + */ +static void acmp_add_node_to_parent(acmp_node_t *parent, acmp_node_t *child) { + child->parent = parent; + if (parent->child == NULL) { + parent->child = child; + return; + } + acmp_node_t *node = parent->child; + for (;;) { + if (node == child) return; + if (node->sibling == NULL) { + node->sibling = child; + return; + } + node = node->sibling; + } +} + +/** + * Copies values from one node to another, without child/sibling/fail pointers + * and without state variables. + */ +static void acmp_clone_node_no_state(acmp_node_t *from, acmp_node_t *to) { + memcpy(to, from, sizeof(acmp_node_t)); + to->child = NULL; + to->sibling = NULL; + to->fail = NULL; + to->hit_count = 0; +} + +/** + * Copies sibling nodes and child node for from given "from" node to "to" node. + * Both nodes must already exist. + */ +static void acmp_copy_nodes_recursive(acmp_node_t *from, acmp_node_t *to, apr_pool_t *pool) { + acmp_node_t *old_node = from->child, *new_node, *nn2; + if (old_node == NULL) return; + nn2 = apr_pcalloc(pool, sizeof(acmp_node_t)); + acmp_clone_node_no_state(old_node, nn2); + nn2->parent = to; + to->child = nn2; + acmp_copy_nodes_recursive(from->child, to->child, pool); + + for (;;) { + old_node = old_node->sibling; + if (old_node == NULL) break; + new_node = apr_pcalloc(pool, sizeof(acmp_node_t)); + acmp_clone_node_no_state(old_node, new_node); + new_node->parent = to; + nn2->sibling = new_node; + nn2 = new_node; + acmp_copy_nodes_recursive(old_node, new_node, pool); + } +} + +static inline acmp_node_t *acmp_btree_find(acmp_node_t *node, acmp_utf8_char_t letter) { + acmp_btree_node_t *bnode = node->btree; + for (;;) { + if (bnode == NULL) return NULL; + if (bnode->letter == letter) return bnode->node; + if (bnode->letter > letter) { + bnode = bnode->left; + } else { + bnode = bnode->right; + } + } +} + +/** + * + */ +static inline acmp_node_t *acmp_goto(acmp_node_t *node, acmp_utf8_char_t letter) { + //return acmp_child_for_code(node, letter); + return acmp_btree_find(node, letter); +} + +/** + * Connects each node with its first fail node that is end of a phrase. + */ +static void acmp_connect_other_matches(ACMP *parser, acmp_node_t *node) { + acmp_node_t *child, *om; + + for (child = node->child; child != NULL; child = child->sibling) { + if (child->fail == NULL) continue; + for (om = child->fail; om != parser->root_node; om = om->fail) { + if (om->is_last) { + child->o_match = om; + break; + } + } + } + + /* Go recursively through children of this node that have a child node */ + for(child = node->child; child != NULL; child = child->sibling) { + if (child->child != NULL) acmp_connect_other_matches(parser, child); + } +} + +/** + * Adds leaves to binary tree, working from sorted array of keyword tree nodes + */ +static void acmp_add_btree_leaves(acmp_btree_node_t *node, acmp_node_t *nodes[], + int pos, int lb, int rb, apr_pool_t *pool) { + + int left = 0, right = 0; + if ((pos - lb) > 1) { + left = lb + (pos - lb) / 2; + node->left = apr_pcalloc(pool, sizeof(acmp_btree_node_t)); + node->left->node = nodes[left]; + node->left->letter = nodes[left]->letter; + /* printf("%c ->left %c \n", node->node->letter, node->left->node->letter); */ + } + if ((rb - pos) > 1) { + right = pos + (rb - pos) / 2; + node->right = apr_pcalloc(pool, sizeof(acmp_btree_node_t)); + node->right->node = nodes[right]; + node->right->letter = nodes[right]->letter; + /* printf("%c ->right %c \n", node->node->letter, node->right->node->letter); */ + } + if (node->right != NULL) { + acmp_add_btree_leaves(node->right, nodes, right, pos, rb, pool); + } + if (node->left != NULL) { + acmp_add_btree_leaves(node->left, nodes, left, lb, pos, pool); + } +} + +/** + * Builds balanced binary tree from children nodes of given node. + */ +static void acmp_build_binary_tree(ACMP *parser, acmp_node_t *node) { + apr_size_t count, i, j; + acmp_node_t *child = node->child; + + for (count = 0; child != NULL; child = child->sibling) count++; + acmp_node_t *nodes[count]; + child = node->child; + for (i = 0; i < count; i++) { + nodes[i] = child; + child = child->sibling; + }; + /* We have array with all children of the node and number of those children + */ + for (i = 0; i < count - 1; i++) + for (j = i + 1; j < count; j++) { + if (nodes[i]->letter < nodes[j]->letter) continue; + acmp_node_t *tmp = nodes[i]; + nodes[i] = nodes[j]; + nodes[j] = tmp; + } + node->btree = apr_pcalloc(parser->pool, sizeof(acmp_btree_node_t)); + apr_size_t pos = count / 2; + node->btree->node = nodes[pos]; + node->btree->letter = nodes[pos]->letter; + acmp_add_btree_leaves(node->btree, nodes, pos, -1, count, parser->pool); + for (i = 0; i < count; i++) { + if (nodes[i]->child != NULL) acmp_build_binary_tree(parser, nodes[i]); + } +} + +/** + * Constructs fail paths on keyword trie + */ +static apr_status_t acmp_connect_fail_branches(ACMP *parser) { + /* Already connected ? */ + if (parser->is_failtree_done != 0) return APR_SUCCESS; + acmp_node_t *child, *node, *goto_node; + apr_array_header_t *arr, *arr2, *tmp; + + parser->root_node->text = ""; + arr = apr_array_make(parser->pool, 32, sizeof(acmp_node_t *)); + arr2 = apr_array_make(parser->pool, 32, sizeof(acmp_node_t *)); + + parser->root_node->fail = parser->root_node; + + /* All first-level children will fail back to root node */ + for (child = parser->root_node->child; child != NULL; child = child->sibling) { + child->fail = parser->root_node; + *(acmp_node_t **)apr_array_push(arr) = child; + /* printf("fail direction: *%s* => *%s*\n", child->text, child->fail->text); */ + } + + for (;;) { + while (apr_is_empty_array(arr) == 0) { + node = *(acmp_node_t **)apr_array_pop(arr); + node->fail = parser->root_node; + if (node->parent != parser->root_node) { + goto_node = acmp_child_for_code(node->parent->fail, node->letter); + node->fail = (goto_node != NULL) ? goto_node : parser->root_node; + } + /* printf("fail direction: *%s* => *%s*\n", node->text, node->fail->text); */ + child = node->child; + while (child != NULL) { + *(acmp_node_t **)apr_array_push(arr2) = child; + child = child->sibling; + } + } + if (apr_is_empty_array(arr2) != 0) break; + + tmp = arr; + arr = arr2; + arr2 = tmp; + } + acmp_connect_other_matches(parser, parser->root_node); + if (parser->root_node->child != NULL) acmp_build_binary_tree(parser, parser->root_node); + parser->is_failtree_done = 1; + return APR_SUCCESS; +} + +/** + * Clears hit count of each node, called from acmp_reset() + */ +static void acmp_clear_hit_count_recursive(acmp_node_t *node) { + for (; node != NULL; node = node->sibling) { + node->hit_count = 0; + if (node->child != NULL) acmp_clear_hit_count_recursive(node->child); + } +} + +/** + * Called when a match is found + */ +static void acmp_found(ACMP *parser, acmp_node_t *node) { + if (node->callback) { + node->callback(parser, node->callback_data, + parser->bp_buffer[(parser->char_pos - node->depth - 1) % parser->bp_buff_len], + parser->char_pos - node->depth - 1); + } + /* printf("found: %s at position %d\n", node->pattern, parser->char_pos - node->depth - 1); */ + node->hit_count++; + parser->hit_count++; +} + +/* + ******************************************************************************* + ******************************************************************************* + * Code for functions from header file + */ + + +/** + * flags - OR-ed values of ACMP_FLAG constants + * pool - apr_pool to use as parent pool, can be set to NULL + */ +ACMP *acmp_create(int flags, apr_pool_t *pool) { + apr_status_t rc; + apr_pool_t *p; + rc = apr_pool_create(&p, pool); + if (rc != APR_SUCCESS) return NULL; + + ACMP *parser = apr_pcalloc(p, sizeof(ACMP)); + parser->pool = p; + parser->parent_pool = pool; + parser->is_utf8 = (flags & ACMP_FLAG_UTF8) == 0 ? 0 : 1; + parser->is_case_sensitive = (flags & ACMP_FLAG_CASE_SENSITIVE) == 0 ? 0 : 1; + parser->root_node = apr_pcalloc(p, sizeof(acmp_node_t)); + return parser; +} + +/** + * Destroys previously created parser + */ +void acmp_destroy(ACMP *parser) { + /* + * All data is kept in parser's pool (including parser struct itself), so + * destroying the pool will destroy everything + */ + apr_pool_destroy(parser->pool); +} + +/** + * Creates parser with same options and same patterns + * parser - ACMP parser to duplicate + * pool - parent pool to use, if left as NULL original parser's parent pool is used + */ +ACMP *acmp_duplicate(ACMP *parser, apr_pool_t *pool) { + apr_status_t rc; + apr_pool_t *p; + + if (pool == NULL) pool = parser->parent_pool; + rc = apr_pool_create(&p, pool); + if (rc != APR_SUCCESS) return NULL; + + ACMP *new_parser = apr_pcalloc(p, sizeof(ACMP)); + new_parser->pool = p; + new_parser->parent_pool = pool; + new_parser->is_utf8 = parser->is_utf8; + new_parser->is_case_sensitive = parser->is_case_sensitive; + new_parser->root_node = apr_pcalloc(p, sizeof(acmp_node_t)); + new_parser->dict_count = parser->dict_count; + new_parser->longest_entry = parser->longest_entry; + acmp_copy_nodes_recursive(parser->root_node, new_parser->root_node, new_parser->pool); + acmp_prepare(new_parser); + return new_parser; +} + +/** + * Creates fail tree and initializes buffer + */ +apr_status_t acmp_prepare(ACMP *parser) { + if (parser->bp_buff_len < parser->longest_entry) { + parser->bp_buff_len = parser->longest_entry * 2; + parser->bp_buffer = apr_pcalloc(parser->pool, sizeof(apr_size_t) * parser->bp_buff_len); + } + apr_status_t st = acmp_connect_fail_branches(parser); + parser->active_node = parser->root_node; + if (st != APR_SUCCESS) return st; + parser->is_active = 1; + return APR_SUCCESS; +} + +/** + * Adds pattern to parser + * parser - ACMP parser + * pattern - string with pattern to match + * callback - Optional, pointer to an acmp_callback_t function + * data - pointer to data that will be passed to callback function, only used if callback + * is supplied + * len - Length of pattern in characters, if zero string length is used. + */ +apr_status_t acmp_add_pattern(ACMP *parser, const char *pattern, + acmp_callback_t callback, void *data, apr_size_t len) +{ + if (parser->is_active != 0) return APR_EGENERAL; + size_t length = (len == 0) ? acmp_strlen(parser, pattern) : len; + size_t i, j; + acmp_utf8_char_t ucs_chars[length]; + + acmp_node_t *parent = parser->root_node, *child; + acmp_strtoucs(parser, pattern, ucs_chars, length); + + for (i = 0; i < length; i++) { + acmp_utf8_char_t letter = ucs_chars[i]; + if (parser->is_case_sensitive == 0) { + letter = utf8_lcase(letter); + } + child = acmp_child_for_code(parent, letter); + if (child == NULL) { + child = apr_pcalloc(parser->pool, sizeof(acmp_node_t)); + child->pattern = ""; + child->letter = letter; + child->depth = i; + child->text = apr_pcalloc(parser->pool, strlen(pattern) + 2); + for (j = 0; j <= i; j++) child->text[j] = pattern[j]; + } + if (i == length - 1) { + if (child->is_last == 0) { + parser->dict_count++; + child->is_last = 1; + child->pattern = apr_pcalloc(parser->pool, strlen(pattern) + 2); + strcpy(child->pattern, pattern); + } + child->callback = callback; + child->callback_data = data; + } + acmp_add_node_to_parent(parent, child); + parent = child; + } + if (length > parser->longest_entry) parser->longest_entry = length; + parser->is_failtree_done = 0; + + return APR_SUCCESS; +} + +/** + * Called to process incoming data stream + * data - ptr to incoming data + * len - size of data in bytes + */ +apr_status_t acmp_process(ACMP *parser, const char *data, apr_size_t len) { + if (parser->is_failtree_done == 0) acmp_prepare(parser); + acmp_node_t *node = parser->active_node, *go_to; + apr_size_t seq_length; + const char *end = (data + len); + + while (data < end) { + parser->bp_buffer[parser->char_pos % parser->bp_buff_len] = parser->byte_pos; + acmp_utf8_char_t letter; + if (parser->is_utf8) { + if (parser->u8buff_len > 0) { + /* Resuming partial utf-8 sequence */ + seq_length = utf8_seq_len(parser->u8_buff); + for (;;) { + parser->u8_buff[parser->u8buff_len++] = *data++; + if (parser->u8buff_len == seq_length) { + parser->u8buff_len = 0; + letter = utf8_decodechar(parser->u8_buff); + parser->byte_pos += seq_length; + parser->char_pos++; + break; + } + } + } else { + /* not resuming partial sequence, reading from the stream */ + seq_length = utf8_seq_len(data); + if ((data + seq_length) > end) { + while (data < end) parser->u8_buff[parser->u8buff_len++] = *data++; + return APR_SUCCESS; + } else { + letter = utf8_decodechar(data); + data += seq_length; + parser->byte_pos += seq_length; + parser->char_pos++; + } + } + } else { + letter = *data++; + parser->byte_pos++; + parser->char_pos++; + } + if (parser->is_case_sensitive == 0) letter = utf8_lcase(letter); + + go_to = NULL; + while (go_to == NULL) { + acmp_node_t *n2 = acmp_goto(node, letter); + go_to = acmp_child_for_code(node, letter); + if (n2 != go_to) { + n2 = acmp_goto(node, letter); + }; + if (go_to != NULL) { + if (go_to->is_last) { + acmp_found(parser, go_to); + } + } + if (node == parser->root_node) break; + if (go_to == NULL) node = node->fail; + } + if (go_to != NULL) node = go_to; + + /* We need to collect other nodes that are last letters of phrase. These + * will be fail node of current node if it has is_last flag set, and + * fail node of that node, recursively down to root node. + */ + go_to = node; + if (go_to != parser->root_node) { + for (go_to = go_to->o_match; go_to != NULL; go_to = go_to->o_match) { + acmp_found(parser, go_to); + } + } + } + parser->active_node = node; + return parser->hit_count > 0 ? 1 : 0; +} + +/** + * Resets the state of parser so you can start using it with new set of data. + * + * No need to clear buffer since it will be re-initialized at first run of + * acmp_process + */ +void acmp_reset(ACMP *parser) { + parser->is_active = 0; + parser->byte_pos = 0; + parser->char_pos = 0; + parser->hit_count = 0; + parser->u8buff_len = 0; + acmp_clear_hit_count_recursive(parser->root_node); +} + +/** + * Creates an ACMPT struct that will use parser's tree, without duplicating its data + */ +ACMPT *acmp_duplicate_quick(ACMP *parser, apr_pool_t *pool) { + apr_pool_t *p = (pool != NULL) ? pool : parser->pool; + ACMPT *dup = apr_pcalloc(p, sizeof(ACMPT)); + dup->parser = parser; + return dup; +} + +/** + * Process the data using ACMPT to keep state, and ACMPT's parser to keep the tree + */ +apr_status_t acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, apr_size_t len) { + if (acmpt->parser->is_failtree_done == 0) { + acmp_prepare(acmpt->parser); + }; + ACMP *parser = acmpt->parser; + if (acmpt->ptr == NULL) acmpt->ptr = parser->root_node; + acmp_node_t *node = acmpt->ptr, *go_to; + const char *end = (data + len); + + while (data < end) { + acmp_utf8_char_t letter = (unsigned char)*data++; + go_to = NULL; + while (go_to == NULL) { + go_to = acmp_goto(node, letter); + if (go_to != NULL) { + if (go_to->is_last) { + *match = go_to->text; + return 1; + } + } + if (node == parser->root_node) break; + if (go_to == NULL) node = node->fail; + } + if (go_to != NULL) node = go_to; + + /* If node has o_match, then we found a pattern */ + if (node->o_match != NULL) { + *match = node->text; + return 1; + } + } + acmpt->ptr = node; + return 0; +} diff --git a/apache2/acmp.h b/apache2/acmp.h new file mode 100644 index 00000000..40865ac7 --- /dev/null +++ b/apache2/acmp.h @@ -0,0 +1,115 @@ +/* + * ModSecurity for Apache 2.x, http://www.modsecurity.org/ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) + * + * You should have received a copy of the licence along with this + * program (stored in the file "LICENSE"). If the file is missing, + * or if you have any other questions related to the licence, please + * write to Breach Security, Inc. at support@breach.com. + * + */ +#ifndef ACMP_H_ +#define ACMP_H_ + +#include +#include + +#define ACMP_FLAG_BYTE 0 +#define ACMP_FLAG_UTF8 0x100 +#define ACMP_FLAG_CASE_SENSITIVE 1 +#define ACMP_FLAG_CASE_INSENSITIVE 0 + +/** + * Opaque struct with parser data + */ +typedef struct ACMP ACMP; + +/** + * Used to separate state from the trie for acmp_process_quick function + */ +typedef struct { + ACMP *parser; + void *ptr; +} ACMPT; + +/** + * Callback function. Arguments are: + * ACMP * - acmp parser that initiated callback + * void * - custom data you supplied when adding callback + * apr_size_t - position in bytes where pattern was found + * apr_size_t - position in chars where pattern was found, for multibyte strings + */ +typedef void (*acmp_callback_t)(ACMP *, void *, apr_size_t, apr_size_t); + +/** + * flags - OR-ed values of ACMP_FLAG constants + * pool - apr_pool to use as parent pool, can be set to NULL + */ +ACMP *acmp_create(int flags, apr_pool_t *pool); + +/** + * Destroys previously created parser + */ +void acmp_destroy(ACMP *parser); + +/** + * Creates parser with same options and same patterns + * parser - ACMP parser to duplicate + * pool - parent pool to use, if left as NULL original parser's parent pool is used + */ +ACMP *acmp_duplicate(ACMP *parser, apr_pool_t *pool); + +/** + * Adds pattern to parser. Cannot be done after starting the search. + * parser - ACMP parser + * pattern - string with pattern to match + * callback - Optional, pointer to an acmp_callback_t function + * data - pointer to data that will be passed to callback function, only used if callback + * is supplied + * len - Length of pattern in characters, if zero string length is used. + */ +apr_status_t acmp_add_pattern(ACMP *parser, const char *pattern, + acmp_callback_t callback, void *data, apr_size_t len); + +/** + * Called to process incoming data stream. You must call acmp_done after sending + * last data packet + * + * data - ptr to incoming data + * len - size of data in bytes + */ +apr_status_t acmp_process(ACMP *parser, const char *data, apr_size_t len); + +/** + * Returns number of matches on all patterns combined + */ +apr_size_t acmp_match_count_total(ACMP *parser); + +/** + * Returns number of matches for given pattern + */ +apr_size_t acmp_match_count(ACMP *parser, const char *pattern); + +/** + * Resets the state of parser so you can start using it with new set of data, + * or add new patterns. + */ +void acmp_reset(ACMP *parser); + +/** + * Creates an ACMPT struct that will use parser's tree, without duplicating its data + */ +ACMPT *acmp_duplicate_quick(ACMP *parser, apr_pool_t *pool); + +/** + * Process the data using ACMPT to keep state, and ACMPT's parser to keep the tree + */ +apr_status_t acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, apr_size_t len); + +/** + * Prepares parser for searching + */ +apr_status_t acmp_prepare(ACMP *parser); + + +#endif /*ACMP_H_*/ diff --git a/apache2/apache2.h b/apache2/apache2.h index d20fe0d8..471045e8 100644 --- a/apache2/apache2.h +++ b/apache2/apache2.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: apache2.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _APACHE2_H_ diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 3bf1d499..31ef0741 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -1,20 +1,17 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: apache2_config.c,v 1.8 2006/12/28 10:39:13 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include #include "modsecurity.h" #include "msc_logging.h" - #include "http_log.h" /* #define DEBUG_CONF 1 */ diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index 3221047a..4605a1fa 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: apache2_io.c,v 1.6 2007/01/23 16:08:15 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "modsecurity.h" diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c index 817ddc03..f60d1ce8 100644 --- a/apache2/apache2_util.c +++ b/apache2/apache2_util.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: apache2_util.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "modsecurity.h" @@ -255,6 +253,7 @@ void msr_log(modsec_rec *msr, int level, const char *text, ...) { va_end(ap); } + /** * Converts an Apache error log message into one line of text. */ diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index bf6d835c..412692b9 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: mod_security2.c,v 1.11 2006/12/15 15:06:04 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index 8ae49b6d..8734d3c0 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: modsecurity.c,v 1.7 2006/12/28 10:39:13 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 4b39aad1..f4779046 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: modsecurity.h,v 1.27 2007/02/05 12:44:40 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MODSECURITY_H_ @@ -26,7 +24,7 @@ typedef struct msc_data_chunk msc_data_chunk; typedef struct msc_arg msc_arg; typedef struct msc_string msc_string; -#if !(defined(WIN32) || defined(NETWARE)) +#if !(defined(WIN32) || defined(NETWARE) || defined(SOLARIS2)) #define DSOLOCAL __attribute__((visibility("hidden"))) #else #define DSOLOCAL diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c index abe5a2a6..9935ef57 100644 --- a/apache2/msc_logging.c +++ b/apache2/msc_logging.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_logging.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "msc_logging.h" diff --git a/apache2/msc_logging.h b/apache2/msc_logging.h index 26ddeb0a..6cfaa181 100644 --- a/apache2/msc_logging.h +++ b/apache2/msc_logging.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_logging.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MSC_LOGGING_H_ diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index a540ce46..f953bd90 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_multipart.c,v 1.2 2006/10/16 04:41:51 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h index 81bf65d6..cfcc35dc 100644 --- a/apache2/msc_multipart.h +++ b/apache2/msc_multipart.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_multipart.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MSC_MULTIPART_H_ diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c index b3720554..69be93e4 100644 --- a/apache2/msc_parsers.c +++ b/apache2/msc_parsers.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_parsers.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "msc_parsers.h" diff --git a/apache2/msc_parsers.h b/apache2/msc_parsers.h index ff7c0b8d..d4370c02 100644 --- a/apache2/msc_parsers.h +++ b/apache2/msc_parsers.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_parsers.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MSC_PARSERS_H_ diff --git a/apache2/msc_pcre.c b/apache2/msc_pcre.c index 4729d3b9..3a74be8a 100644 --- a/apache2/msc_pcre.c +++ b/apache2/msc_pcre.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_pcre.c,v 1.2 2006/12/28 10:39:13 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "msc_pcre.h" diff --git a/apache2/msc_pcre.h b/apache2/msc_pcre.h index 8cc9dc33..5c97fc6d 100644 --- a/apache2/msc_pcre.h +++ b/apache2/msc_pcre.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_pcre.h,v 1.3 2006/12/28 10:39:13 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MSC_PCRE_H_ diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c index 171c6783..4f05c31d 100644 --- a/apache2/msc_reqbody.c +++ b/apache2/msc_reqbody.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_reqbody.c,v 1.2 2006/12/04 21:54:10 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "modsecurity.h" diff --git a/apache2/msc_util.c b/apache2/msc_util.c index 27732d2f..ff078377 100644 --- a/apache2/msc_util.c +++ b/apache2/msc_util.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_util.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "msc_util.h" diff --git a/apache2/msc_util.h b/apache2/msc_util.h index 9a969c70..a77c832b 100644 --- a/apache2/msc_util.h +++ b/apache2/msc_util.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_util.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _UTIL_H_ diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c index a8f7025d..df1e62d5 100644 --- a/apache2/msc_xml.c +++ b/apache2/msc_xml.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_xml.c,v 1.2 2006/12/04 20:04:09 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifdef WITH_LIBXML2 diff --git a/apache2/msc_xml.h b/apache2/msc_xml.h index cea27cef..f8da4adb 100644 --- a/apache2/msc_xml.h +++ b/apache2/msc_xml.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: msc_xml.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MSC_XML_H_ diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c index cb616c97..f5c31cef 100644 --- a/apache2/persist_dbm.c +++ b/apache2/persist_dbm.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: persist_dbm.c,v 1.3 2006/12/21 19:57:41 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "persist_dbm.h" diff --git a/apache2/persist_dbm.h b/apache2/persist_dbm.h index fe006a43..6a5af98f 100644 --- a/apache2/persist_dbm.h +++ b/apache2/persist_dbm.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: persist_dbm.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _PERSIST_DBM_H_ diff --git a/apache2/re.c b/apache2/re.c index 90d4d51a..c877e672 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: re.c,v 1.15 2006/12/29 10:44:25 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include diff --git a/apache2/re.h b/apache2/re.h index 896e2a11..0a6686dd 100644 --- a/apache2/re.h +++ b/apache2/re.h @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: re.h,v 1.7 2006/12/29 10:31:38 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #ifndef _MSC_RE_H_ diff --git a/apache2/re_actions.c b/apache2/re_actions.c index 105547ed..b79fba2b 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: re_actions.c,v 1.9 2007/02/02 18:16:41 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "re.h" diff --git a/apache2/re_operators.c b/apache2/re_operators.c index f6b8f33e..65cb8ac8 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: re_operators.c,v 1.7 2007/01/23 16:08:15 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "re.h" diff --git a/apache2/re_tfns.c b/apache2/re_tfns.c index eaaebc01..4fd07302 100644 --- a/apache2/re_tfns.c +++ b/apache2/re_tfns.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: re_tfns.c,v 1.3 2006/12/04 12:00:24 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include diff --git a/apache2/re_variables.c b/apache2/re_variables.c index 360f5b57..8375750d 100644 --- a/apache2/re_variables.c +++ b/apache2/re_variables.c @@ -1,13 +1,11 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com) - * - * $Id: re_variables.c,v 1.7 2007/01/23 16:08:15 ivanr Exp $ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) * * You should have received a copy of the licence along with this * program (stored in the file "LICENSE"). If the file is missing, * or if you have any other questions related to the licence, please - * write to Thinking Stone at contact@thinkingstone.com. + * write to Breach Security, Inc. at support@breach.com. * */ #include "http_core.h" diff --git a/apache2/utf8tables.h b/apache2/utf8tables.h new file mode 100644 index 00000000..f12dc19b --- /dev/null +++ b/apache2/utf8tables.h @@ -0,0 +1,810 @@ +/* + * ModSecurity for Apache 2.x, http://www.modsecurity.org/ + * Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/) + * + * You should have received a copy of the licence along with this + * program (stored in the file "LICENSE"). If the file is missing, + * or if you have any other questions related to the licence, please + * write to Breach Security, Inc. at support@breach.com. + * + */ +#ifndef UTF8TABLES_H_ +#define UTF8TABLES_H_ + +/** + * This include file is used by acmp.c only, it's not included anywhere else + */ + +typedef long acmp_utf8_char_t; + +static const char utf8_seq_lengths[256] = { + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1, + 2,2,2,2,2,2,2,2, 2,2,2,2,2,2,2,2, + 2,2,2,2,2,2,2,2, 2,2,2,2,2,2,2,2, + 3,3,3,3,3,3,3,3, 3,3,3,3,3,3,3,3, + 4,4,4,4,4,4,4,4, 5,5,5,5,6,6,6,6, +}; + +static const acmp_utf8_char_t utf8_offsets[6] = { + 0x00000000UL, 0x00003080UL, 0x000E2080UL, + 0x03C82080UL, 0xFA082080UL, 0x82082080UL +}; + +/** + * How many element pairs are there in utf8_lcase_map + */ +#define UTF8_LCASEMAP_LEN 759 + +/** + * Table mapping is from PHP's mbstring extension, maps uppercase + */ +static const acmp_utf8_char_t utf8_lcase_map[UTF8_LCASEMAP_LEN * 2] = { + 0x00000061, 0x00000041, + 0x00000062, 0x00000042, + 0x00000063, 0x00000043, + 0x00000064, 0x00000044, + 0x00000065, 0x00000045, + 0x00000066, 0x00000046, + 0x00000067, 0x00000047, + 0x00000068, 0x00000048, + 0x00000069, 0x00000049, + 0x0000006a, 0x0000004a, + 0x0000006b, 0x0000004b, + 0x0000006c, 0x0000004c, + 0x0000006d, 0x0000004d, + 0x0000006e, 0x0000004e, + 0x0000006f, 0x0000004f, + 0x00000070, 0x00000050, + 0x00000071, 0x00000051, + 0x00000072, 0x00000052, + 0x00000073, 0x00000053, + 0x00000074, 0x00000054, + 0x00000075, 0x00000055, + 0x00000076, 0x00000056, + 0x00000077, 0x00000057, + 0x00000078, 0x00000058, + 0x00000079, 0x00000059, + 0x0000007a, 0x0000005a, + 0x000000b5, 0x0000039c, + 0x000000e0, 0x000000c0, + 0x000000e1, 0x000000c1, + 0x000000e2, 0x000000c2, + 0x000000e3, 0x000000c3, + 0x000000e4, 0x000000c4, + 0x000000e5, 0x000000c5, + 0x000000e6, 0x000000c6, + 0x000000e7, 0x000000c7, + 0x000000e8, 0x000000c8, + 0x000000e9, 0x000000c9, + 0x000000ea, 0x000000ca, + 0x000000eb, 0x000000cb, + 0x000000ec, 0x000000cc, + 0x000000ed, 0x000000cd, + 0x000000ee, 0x000000ce, + 0x000000ef, 0x000000cf, + 0x000000f0, 0x000000d0, + 0x000000f1, 0x000000d1, + 0x000000f2, 0x000000d2, + 0x000000f3, 0x000000d3, + 0x000000f4, 0x000000d4, + 0x000000f5, 0x000000d5, + 0x000000f6, 0x000000d6, + 0x000000f8, 0x000000d8, + 0x000000f9, 0x000000d9, + 0x000000fa, 0x000000da, + 0x000000fb, 0x000000db, + 0x000000fc, 0x000000dc, + 0x000000fd, 0x000000dd, + 0x000000fe, 0x000000de, + 0x000000ff, 0x00000178, + 0x00000101, 0x00000100, + 0x00000103, 0x00000102, + 0x00000105, 0x00000104, + 0x00000107, 0x00000106, + 0x00000109, 0x00000108, + 0x0000010b, 0x0000010a, + 0x0000010d, 0x0000010c, + 0x0000010f, 0x0000010e, + 0x00000111, 0x00000110, + 0x00000113, 0x00000112, + 0x00000115, 0x00000114, + 0x00000117, 0x00000116, + 0x00000119, 0x00000118, + 0x0000011b, 0x0000011a, + 0x0000011d, 0x0000011c, + 0x0000011f, 0x0000011e, + 0x00000121, 0x00000120, + 0x00000123, 0x00000122, + 0x00000125, 0x00000124, + 0x00000127, 0x00000126, + 0x00000129, 0x00000128, + 0x0000012b, 0x0000012a, + 0x0000012d, 0x0000012c, + 0x0000012f, 0x0000012e, + 0x00000131, 0x00000049, + 0x00000133, 0x00000132, + 0x00000135, 0x00000134, + 0x00000137, 0x00000136, + 0x0000013a, 0x00000139, + 0x0000013c, 0x0000013b, + 0x0000013e, 0x0000013d, + 0x00000140, 0x0000013f, + 0x00000142, 0x00000141, + 0x00000144, 0x00000143, + 0x00000146, 0x00000145, + 0x00000148, 0x00000147, + 0x0000014b, 0x0000014a, + 0x0000014d, 0x0000014c, + 0x0000014f, 0x0000014e, + 0x00000151, 0x00000150, + 0x00000153, 0x00000152, + 0x00000155, 0x00000154, + 0x00000157, 0x00000156, + 0x00000159, 0x00000158, + 0x0000015b, 0x0000015a, + 0x0000015d, 0x0000015c, + 0x0000015f, 0x0000015e, + 0x00000161, 0x00000160, + 0x00000163, 0x00000162, + 0x00000165, 0x00000164, + 0x00000167, 0x00000166, + 0x00000169, 0x00000168, + 0x0000016b, 0x0000016a, + 0x0000016d, 0x0000016c, + 0x0000016f, 0x0000016e, + 0x00000171, 0x00000170, + 0x00000173, 0x00000172, + 0x00000175, 0x00000174, + 0x00000177, 0x00000176, + 0x0000017a, 0x00000179, + 0x0000017c, 0x0000017b, + 0x0000017e, 0x0000017d, + 0x0000017f, 0x00000053, + 0x00000183, 0x00000182, + 0x00000185, 0x00000184, + 0x00000188, 0x00000187, + 0x0000018c, 0x0000018b, + 0x00000192, 0x00000191, + 0x00000195, 0x000001f6, + 0x00000199, 0x00000198, + 0x0000019e, 0x00000220, + 0x000001a1, 0x000001a0, + 0x000001a3, 0x000001a2, + 0x000001a5, 0x000001a4, + 0x000001a8, 0x000001a7, + 0x000001ad, 0x000001ac, + 0x000001b0, 0x000001af, + 0x000001b4, 0x000001b3, + 0x000001b6, 0x000001b5, + 0x000001b9, 0x000001b8, + 0x000001bd, 0x000001bc, + 0x000001bf, 0x000001f7, + 0x000001c6, 0x000001c4, + 0x000001c9, 0x000001c7, + 0x000001cc, 0x000001ca, + 0x000001ce, 0x000001cd, + 0x000001d0, 0x000001cf, + 0x000001d2, 0x000001d1, + 0x000001d4, 0x000001d3, + 0x000001d6, 0x000001d5, + 0x000001d8, 0x000001d7, + 0x000001da, 0x000001d9, + 0x000001dc, 0x000001db, + 0x000001dd, 0x0000018e, + 0x000001df, 0x000001de, + 0x000001e1, 0x000001e0, + 0x000001e3, 0x000001e2, + 0x000001e5, 0x000001e4, + 0x000001e7, 0x000001e6, + 0x000001e9, 0x000001e8, + 0x000001eb, 0x000001ea, + 0x000001ed, 0x000001ec, + 0x000001ef, 0x000001ee, + 0x000001f3, 0x000001f1, + 0x000001f5, 0x000001f4, + 0x000001f9, 0x000001f8, + 0x000001fb, 0x000001fa, + 0x000001fd, 0x000001fc, + 0x000001ff, 0x000001fe, + 0x00000201, 0x00000200, + 0x00000203, 0x00000202, + 0x00000205, 0x00000204, + 0x00000207, 0x00000206, + 0x00000209, 0x00000208, + 0x0000020b, 0x0000020a, + 0x0000020d, 0x0000020c, + 0x0000020f, 0x0000020e, + 0x00000211, 0x00000210, + 0x00000213, 0x00000212, + 0x00000215, 0x00000214, + 0x00000217, 0x00000216, + 0x00000219, 0x00000218, + 0x0000021b, 0x0000021a, + 0x0000021d, 0x0000021c, + 0x0000021f, 0x0000021e, + 0x00000223, 0x00000222, + 0x00000225, 0x00000224, + 0x00000227, 0x00000226, + 0x00000229, 0x00000228, + 0x0000022b, 0x0000022a, + 0x0000022d, 0x0000022c, + 0x0000022f, 0x0000022e, + 0x00000231, 0x00000230, + 0x00000233, 0x00000232, + 0x00000253, 0x00000181, + 0x00000254, 0x00000186, + 0x00000256, 0x00000189, + 0x00000257, 0x0000018a, + 0x00000259, 0x0000018f, + 0x0000025b, 0x00000190, + 0x00000260, 0x00000193, + 0x00000263, 0x00000194, + 0x00000268, 0x00000197, + 0x00000269, 0x00000196, + 0x0000026f, 0x0000019c, + 0x00000272, 0x0000019d, + 0x00000275, 0x0000019f, + 0x00000280, 0x000001a6, + 0x00000283, 0x000001a9, + 0x00000288, 0x000001ae, + 0x0000028a, 0x000001b1, + 0x0000028b, 0x000001b2, + 0x00000292, 0x000001b7, + 0x00000345, 0x00000399, + 0x000003ac, 0x00000386, + 0x000003ad, 0x00000388, + 0x000003ae, 0x00000389, + 0x000003af, 0x0000038a, + 0x000003b1, 0x00000391, + 0x000003b2, 0x00000392, + 0x000003b3, 0x00000393, + 0x000003b4, 0x00000394, + 0x000003b5, 0x00000395, + 0x000003b6, 0x00000396, + 0x000003b7, 0x00000397, + 0x000003b8, 0x00000398, + 0x000003b9, 0x00000399, + 0x000003ba, 0x0000039a, + 0x000003bb, 0x0000039b, + 0x000003bc, 0x0000039c, + 0x000003bd, 0x0000039d, + 0x000003be, 0x0000039e, + 0x000003bf, 0x0000039f, + 0x000003c0, 0x000003a0, + 0x000003c1, 0x000003a1, + 0x000003c2, 0x000003a3, + 0x000003c3, 0x000003a3, + 0x000003c4, 0x000003a4, + 0x000003c5, 0x000003a5, + 0x000003c6, 0x000003a6, + 0x000003c7, 0x000003a7, + 0x000003c8, 0x000003a8, + 0x000003c9, 0x000003a9, + 0x000003ca, 0x000003aa, + 0x000003cb, 0x000003ab, + 0x000003cc, 0x0000038c, + 0x000003cd, 0x0000038e, + 0x000003ce, 0x0000038f, + 0x000003d0, 0x00000392, + 0x000003d1, 0x00000398, + 0x000003d5, 0x000003a6, + 0x000003d6, 0x000003a0, + 0x000003d9, 0x000003d8, + 0x000003db, 0x000003da, + 0x000003dd, 0x000003dc, + 0x000003df, 0x000003de, + 0x000003e1, 0x000003e0, + 0x000003e3, 0x000003e2, + 0x000003e5, 0x000003e4, + 0x000003e7, 0x000003e6, + 0x000003e9, 0x000003e8, + 0x000003eb, 0x000003ea, + 0x000003ed, 0x000003ec, + 0x000003ef, 0x000003ee, + 0x000003f0, 0x0000039a, + 0x000003f1, 0x000003a1, + 0x000003f2, 0x000003a3, + 0x000003f5, 0x00000395, + 0x00000430, 0x00000410, + 0x00000431, 0x00000411, + 0x00000432, 0x00000412, + 0x00000433, 0x00000413, + 0x00000434, 0x00000414, + 0x00000435, 0x00000415, + 0x00000436, 0x00000416, + 0x00000437, 0x00000417, + 0x00000438, 0x00000418, + 0x00000439, 0x00000419, + 0x0000043a, 0x0000041a, + 0x0000043b, 0x0000041b, + 0x0000043c, 0x0000041c, + 0x0000043d, 0x0000041d, + 0x0000043e, 0x0000041e, + 0x0000043f, 0x0000041f, + 0x00000440, 0x00000420, + 0x00000441, 0x00000421, + 0x00000442, 0x00000422, + 0x00000443, 0x00000423, + 0x00000444, 0x00000424, + 0x00000445, 0x00000425, + 0x00000446, 0x00000426, + 0x00000447, 0x00000427, + 0x00000448, 0x00000428, + 0x00000449, 0x00000429, + 0x0000044a, 0x0000042a, + 0x0000044b, 0x0000042b, + 0x0000044c, 0x0000042c, + 0x0000044d, 0x0000042d, + 0x0000044e, 0x0000042e, + 0x0000044f, 0x0000042f, + 0x00000450, 0x00000400, + 0x00000451, 0x00000401, + 0x00000452, 0x00000402, + 0x00000453, 0x00000403, + 0x00000454, 0x00000404, + 0x00000455, 0x00000405, + 0x00000456, 0x00000406, + 0x00000457, 0x00000407, + 0x00000458, 0x00000408, + 0x00000459, 0x00000409, + 0x0000045a, 0x0000040a, + 0x0000045b, 0x0000040b, + 0x0000045c, 0x0000040c, + 0x0000045d, 0x0000040d, + 0x0000045e, 0x0000040e, + 0x0000045f, 0x0000040f, + 0x00000461, 0x00000460, + 0x00000463, 0x00000462, + 0x00000465, 0x00000464, + 0x00000467, 0x00000466, + 0x00000469, 0x00000468, + 0x0000046b, 0x0000046a, + 0x0000046d, 0x0000046c, + 0x0000046f, 0x0000046e, + 0x00000471, 0x00000470, + 0x00000473, 0x00000472, + 0x00000475, 0x00000474, + 0x00000477, 0x00000476, + 0x00000479, 0x00000478, + 0x0000047b, 0x0000047a, + 0x0000047d, 0x0000047c, + 0x0000047f, 0x0000047e, + 0x00000481, 0x00000480, + 0x0000048b, 0x0000048a, + 0x0000048d, 0x0000048c, + 0x0000048f, 0x0000048e, + 0x00000491, 0x00000490, + 0x00000493, 0x00000492, + 0x00000495, 0x00000494, + 0x00000497, 0x00000496, + 0x00000499, 0x00000498, + 0x0000049b, 0x0000049a, + 0x0000049d, 0x0000049c, + 0x0000049f, 0x0000049e, + 0x000004a1, 0x000004a0, + 0x000004a3, 0x000004a2, + 0x000004a5, 0x000004a4, + 0x000004a7, 0x000004a6, + 0x000004a9, 0x000004a8, + 0x000004ab, 0x000004aa, + 0x000004ad, 0x000004ac, + 0x000004af, 0x000004ae, + 0x000004b1, 0x000004b0, + 0x000004b3, 0x000004b2, + 0x000004b5, 0x000004b4, + 0x000004b7, 0x000004b6, + 0x000004b9, 0x000004b8, + 0x000004bb, 0x000004ba, + 0x000004bd, 0x000004bc, + 0x000004bf, 0x000004be, + 0x000004c2, 0x000004c1, + 0x000004c4, 0x000004c3, + 0x000004c6, 0x000004c5, + 0x000004c8, 0x000004c7, + 0x000004ca, 0x000004c9, + 0x000004cc, 0x000004cb, + 0x000004ce, 0x000004cd, + 0x000004d1, 0x000004d0, + 0x000004d3, 0x000004d2, + 0x000004d5, 0x000004d4, + 0x000004d7, 0x000004d6, + 0x000004d9, 0x000004d8, + 0x000004db, 0x000004da, + 0x000004dd, 0x000004dc, + 0x000004df, 0x000004de, + 0x000004e1, 0x000004e0, + 0x000004e3, 0x000004e2, + 0x000004e5, 0x000004e4, + 0x000004e7, 0x000004e6, + 0x000004e9, 0x000004e8, + 0x000004eb, 0x000004ea, + 0x000004ed, 0x000004ec, + 0x000004ef, 0x000004ee, + 0x000004f1, 0x000004f0, + 0x000004f3, 0x000004f2, + 0x000004f5, 0x000004f4, + 0x000004f9, 0x000004f8, + 0x00000501, 0x00000500, + 0x00000503, 0x00000502, + 0x00000505, 0x00000504, + 0x00000507, 0x00000506, + 0x00000509, 0x00000508, + 0x0000050b, 0x0000050a, + 0x0000050d, 0x0000050c, + 0x0000050f, 0x0000050e, + 0x00000561, 0x00000531, + 0x00000562, 0x00000532, + 0x00000563, 0x00000533, + 0x00000564, 0x00000534, + 0x00000565, 0x00000535, + 0x00000566, 0x00000536, + 0x00000567, 0x00000537, + 0x00000568, 0x00000538, + 0x00000569, 0x00000539, + 0x0000056a, 0x0000053a, + 0x0000056b, 0x0000053b, + 0x0000056c, 0x0000053c, + 0x0000056d, 0x0000053d, + 0x0000056e, 0x0000053e, + 0x0000056f, 0x0000053f, + 0x00000570, 0x00000540, + 0x00000571, 0x00000541, + 0x00000572, 0x00000542, + 0x00000573, 0x00000543, + 0x00000574, 0x00000544, + 0x00000575, 0x00000545, + 0x00000576, 0x00000546, + 0x00000577, 0x00000547, + 0x00000578, 0x00000548, + 0x00000579, 0x00000549, + 0x0000057a, 0x0000054a, + 0x0000057b, 0x0000054b, + 0x0000057c, 0x0000054c, + 0x0000057d, 0x0000054d, + 0x0000057e, 0x0000054e, + 0x0000057f, 0x0000054f, + 0x00000580, 0x00000550, + 0x00000581, 0x00000551, + 0x00000582, 0x00000552, + 0x00000583, 0x00000553, + 0x00000584, 0x00000554, + 0x00000585, 0x00000555, + 0x00000586, 0x00000556, + 0x00001e01, 0x00001e00, + 0x00001e03, 0x00001e02, + 0x00001e05, 0x00001e04, + 0x00001e07, 0x00001e06, + 0x00001e09, 0x00001e08, + 0x00001e0b, 0x00001e0a, + 0x00001e0d, 0x00001e0c, + 0x00001e0f, 0x00001e0e, + 0x00001e11, 0x00001e10, + 0x00001e13, 0x00001e12, + 0x00001e15, 0x00001e14, + 0x00001e17, 0x00001e16, + 0x00001e19, 0x00001e18, + 0x00001e1b, 0x00001e1a, + 0x00001e1d, 0x00001e1c, + 0x00001e1f, 0x00001e1e, + 0x00001e21, 0x00001e20, + 0x00001e23, 0x00001e22, + 0x00001e25, 0x00001e24, + 0x00001e27, 0x00001e26, + 0x00001e29, 0x00001e28, + 0x00001e2b, 0x00001e2a, + 0x00001e2d, 0x00001e2c, + 0x00001e2f, 0x00001e2e, + 0x00001e31, 0x00001e30, + 0x00001e33, 0x00001e32, + 0x00001e35, 0x00001e34, + 0x00001e37, 0x00001e36, + 0x00001e39, 0x00001e38, + 0x00001e3b, 0x00001e3a, + 0x00001e3d, 0x00001e3c, + 0x00001e3f, 0x00001e3e, + 0x00001e41, 0x00001e40, + 0x00001e43, 0x00001e42, + 0x00001e45, 0x00001e44, + 0x00001e47, 0x00001e46, + 0x00001e49, 0x00001e48, + 0x00001e4b, 0x00001e4a, + 0x00001e4d, 0x00001e4c, + 0x00001e4f, 0x00001e4e, + 0x00001e51, 0x00001e50, + 0x00001e53, 0x00001e52, + 0x00001e55, 0x00001e54, + 0x00001e57, 0x00001e56, + 0x00001e59, 0x00001e58, + 0x00001e5b, 0x00001e5a, + 0x00001e5d, 0x00001e5c, + 0x00001e5f, 0x00001e5e, + 0x00001e61, 0x00001e60, + 0x00001e63, 0x00001e62, + 0x00001e65, 0x00001e64, + 0x00001e67, 0x00001e66, + 0x00001e69, 0x00001e68, + 0x00001e6b, 0x00001e6a, + 0x00001e6d, 0x00001e6c, + 0x00001e6f, 0x00001e6e, + 0x00001e71, 0x00001e70, + 0x00001e73, 0x00001e72, + 0x00001e75, 0x00001e74, + 0x00001e77, 0x00001e76, + 0x00001e79, 0x00001e78, + 0x00001e7b, 0x00001e7a, + 0x00001e7d, 0x00001e7c, + 0x00001e7f, 0x00001e7e, + 0x00001e81, 0x00001e80, + 0x00001e83, 0x00001e82, + 0x00001e85, 0x00001e84, + 0x00001e87, 0x00001e86, + 0x00001e89, 0x00001e88, + 0x00001e8b, 0x00001e8a, + 0x00001e8d, 0x00001e8c, + 0x00001e8f, 0x00001e8e, + 0x00001e91, 0x00001e90, + 0x00001e93, 0x00001e92, + 0x00001e95, 0x00001e94, + 0x00001e9b, 0x00001e60, + 0x00001ea1, 0x00001ea0, + 0x00001ea3, 0x00001ea2, + 0x00001ea5, 0x00001ea4, + 0x00001ea7, 0x00001ea6, + 0x00001ea9, 0x00001ea8, + 0x00001eab, 0x00001eaa, + 0x00001ead, 0x00001eac, + 0x00001eaf, 0x00001eae, + 0x00001eb1, 0x00001eb0, + 0x00001eb3, 0x00001eb2, + 0x00001eb5, 0x00001eb4, + 0x00001eb7, 0x00001eb6, + 0x00001eb9, 0x00001eb8, + 0x00001ebb, 0x00001eba, + 0x00001ebd, 0x00001ebc, + 0x00001ebf, 0x00001ebe, + 0x00001ec1, 0x00001ec0, + 0x00001ec3, 0x00001ec2, + 0x00001ec5, 0x00001ec4, + 0x00001ec7, 0x00001ec6, + 0x00001ec9, 0x00001ec8, + 0x00001ecb, 0x00001eca, + 0x00001ecd, 0x00001ecc, + 0x00001ecf, 0x00001ece, + 0x00001ed1, 0x00001ed0, + 0x00001ed3, 0x00001ed2, + 0x00001ed5, 0x00001ed4, + 0x00001ed7, 0x00001ed6, + 0x00001ed9, 0x00001ed8, + 0x00001edb, 0x00001eda, + 0x00001edd, 0x00001edc, + 0x00001edf, 0x00001ede, + 0x00001ee1, 0x00001ee0, + 0x00001ee3, 0x00001ee2, + 0x00001ee5, 0x00001ee4, + 0x00001ee7, 0x00001ee6, + 0x00001ee9, 0x00001ee8, + 0x00001eeb, 0x00001eea, + 0x00001eed, 0x00001eec, + 0x00001eef, 0x00001eee, + 0x00001ef1, 0x00001ef0, + 0x00001ef3, 0x00001ef2, + 0x00001ef5, 0x00001ef4, + 0x00001ef7, 0x00001ef6, + 0x00001ef9, 0x00001ef8, + 0x00001f00, 0x00001f08, + 0x00001f01, 0x00001f09, + 0x00001f02, 0x00001f0a, + 0x00001f03, 0x00001f0b, + 0x00001f04, 0x00001f0c, + 0x00001f05, 0x00001f0d, + 0x00001f06, 0x00001f0e, + 0x00001f07, 0x00001f0f, + 0x00001f10, 0x00001f18, + 0x00001f11, 0x00001f19, + 0x00001f12, 0x00001f1a, + 0x00001f13, 0x00001f1b, + 0x00001f14, 0x00001f1c, + 0x00001f15, 0x00001f1d, + 0x00001f20, 0x00001f28, + 0x00001f21, 0x00001f29, + 0x00001f22, 0x00001f2a, + 0x00001f23, 0x00001f2b, + 0x00001f24, 0x00001f2c, + 0x00001f25, 0x00001f2d, + 0x00001f26, 0x00001f2e, + 0x00001f27, 0x00001f2f, + 0x00001f30, 0x00001f38, + 0x00001f31, 0x00001f39, + 0x00001f32, 0x00001f3a, + 0x00001f33, 0x00001f3b, + 0x00001f34, 0x00001f3c, + 0x00001f35, 0x00001f3d, + 0x00001f36, 0x00001f3e, + 0x00001f37, 0x00001f3f, + 0x00001f40, 0x00001f48, + 0x00001f41, 0x00001f49, + 0x00001f42, 0x00001f4a, + 0x00001f43, 0x00001f4b, + 0x00001f44, 0x00001f4c, + 0x00001f45, 0x00001f4d, + 0x00001f51, 0x00001f59, + 0x00001f53, 0x00001f5b, + 0x00001f55, 0x00001f5d, + 0x00001f57, 0x00001f5f, + 0x00001f60, 0x00001f68, + 0x00001f61, 0x00001f69, + 0x00001f62, 0x00001f6a, + 0x00001f63, 0x00001f6b, + 0x00001f64, 0x00001f6c, + 0x00001f65, 0x00001f6d, + 0x00001f66, 0x00001f6e, + 0x00001f67, 0x00001f6f, + 0x00001f70, 0x00001fba, + 0x00001f71, 0x00001fbb, + 0x00001f72, 0x00001fc8, + 0x00001f73, 0x00001fc9, + 0x00001f74, 0x00001fca, + 0x00001f75, 0x00001fcb, + 0x00001f76, 0x00001fda, + 0x00001f77, 0x00001fdb, + 0x00001f78, 0x00001ff8, + 0x00001f79, 0x00001ff9, + 0x00001f7a, 0x00001fea, + 0x00001f7b, 0x00001feb, + 0x00001f7c, 0x00001ffa, + 0x00001f7d, 0x00001ffb, + 0x00001f80, 0x00001f88, + 0x00001f81, 0x00001f89, + 0x00001f82, 0x00001f8a, + 0x00001f83, 0x00001f8b, + 0x00001f84, 0x00001f8c, + 0x00001f85, 0x00001f8d, + 0x00001f86, 0x00001f8e, + 0x00001f87, 0x00001f8f, + 0x00001f90, 0x00001f98, + 0x00001f91, 0x00001f99, + 0x00001f92, 0x00001f9a, + 0x00001f93, 0x00001f9b, + 0x00001f94, 0x00001f9c, + 0x00001f95, 0x00001f9d, + 0x00001f96, 0x00001f9e, + 0x00001f97, 0x00001f9f, + 0x00001fa0, 0x00001fa8, + 0x00001fa1, 0x00001fa9, + 0x00001fa2, 0x00001faa, + 0x00001fa3, 0x00001fab, + 0x00001fa4, 0x00001fac, + 0x00001fa5, 0x00001fad, + 0x00001fa6, 0x00001fae, + 0x00001fa7, 0x00001faf, + 0x00001fb0, 0x00001fb8, + 0x00001fb1, 0x00001fb9, + 0x00001fb3, 0x00001fbc, + 0x00001fbe, 0x00000399, + 0x00001fc3, 0x00001fcc, + 0x00001fd0, 0x00001fd8, + 0x00001fd1, 0x00001fd9, + 0x00001fe0, 0x00001fe8, + 0x00001fe1, 0x00001fe9, + 0x00001fe5, 0x00001fec, + 0x00001ff3, 0x00001ffc, + 0x00002170, 0x00002160, + 0x00002171, 0x00002161, + 0x00002172, 0x00002162, + 0x00002173, 0x00002163, + 0x00002174, 0x00002164, + 0x00002175, 0x00002165, + 0x00002176, 0x00002166, + 0x00002177, 0x00002167, + 0x00002178, 0x00002168, + 0x00002179, 0x00002169, + 0x0000217a, 0x0000216a, + 0x0000217b, 0x0000216b, + 0x0000217c, 0x0000216c, + 0x0000217d, 0x0000216d, + 0x0000217e, 0x0000216e, + 0x0000217f, 0x0000216f, + 0x000024d0, 0x000024b6, + 0x000024d1, 0x000024b7, + 0x000024d2, 0x000024b8, + 0x000024d3, 0x000024b9, + 0x000024d4, 0x000024ba, + 0x000024d5, 0x000024bb, + 0x000024d6, 0x000024bc, + 0x000024d7, 0x000024bd, + 0x000024d8, 0x000024be, + 0x000024d9, 0x000024bf, + 0x000024da, 0x000024c0, + 0x000024db, 0x000024c1, + 0x000024dc, 0x000024c2, + 0x000024dd, 0x000024c3, + 0x000024de, 0x000024c4, + 0x000024df, 0x000024c5, + 0x000024e0, 0x000024c6, + 0x000024e1, 0x000024c7, + 0x000024e2, 0x000024c8, + 0x000024e3, 0x000024c9, + 0x000024e4, 0x000024ca, + 0x000024e5, 0x000024cb, + 0x000024e6, 0x000024cc, + 0x000024e7, 0x000024cd, + 0x000024e8, 0x000024ce, + 0x000024e9, 0x000024cf, + 0x0000ff41, 0x0000ff21, + 0x0000ff42, 0x0000ff22, + 0x0000ff43, 0x0000ff23, + 0x0000ff44, 0x0000ff24, + 0x0000ff45, 0x0000ff25, + 0x0000ff46, 0x0000ff26, + 0x0000ff47, 0x0000ff27, + 0x0000ff48, 0x0000ff28, + 0x0000ff49, 0x0000ff29, + 0x0000ff4a, 0x0000ff2a, + 0x0000ff4b, 0x0000ff2b, + 0x0000ff4c, 0x0000ff2c, + 0x0000ff4d, 0x0000ff2d, + 0x0000ff4e, 0x0000ff2e, + 0x0000ff4f, 0x0000ff2f, + 0x0000ff50, 0x0000ff30, + 0x0000ff51, 0x0000ff31, + 0x0000ff52, 0x0000ff32, + 0x0000ff53, 0x0000ff33, + 0x0000ff54, 0x0000ff34, + 0x0000ff55, 0x0000ff35, + 0x0000ff56, 0x0000ff36, + 0x0000ff57, 0x0000ff37, + 0x0000ff58, 0x0000ff38, + 0x0000ff59, 0x0000ff39, + 0x0000ff5a, 0x0000ff3a, + 0x00010428, 0x00010400, + 0x00010429, 0x00010401, + 0x0001042a, 0x00010402, + 0x0001042b, 0x00010403, + 0x0001042c, 0x00010404, + 0x0001042d, 0x00010405, + 0x0001042e, 0x00010406, + 0x0001042f, 0x00010407, + 0x00010430, 0x00010408, + 0x00010431, 0x00010409, + 0x00010432, 0x0001040a, + 0x00010433, 0x0001040b, + 0x00010434, 0x0001040c, + 0x00010435, 0x0001040d, + 0x00010436, 0x0001040e, + 0x00010437, 0x0001040f, + 0x00010438, 0x00010410, + 0x00010439, 0x00010411, + 0x0001043a, 0x00010412, + 0x0001043b, 0x00010413, + 0x0001043c, 0x00010414, + 0x0001043d, 0x00010415, + 0x0001043e, 0x00010416, + 0x0001043f, 0x00010417, + 0x00010440, 0x00010418, + 0x00010441, 0x00010419, + 0x00010442, 0x0001041a, + 0x00010443, 0x0001041b, + 0x00010444, 0x0001041c, + 0x00010445, 0x0001041d, + 0x00010446, 0x0001041e, + 0x00010447, 0x0001041f, + 0x00010448, 0x00010420, + 0x00010449, 0x00010421, + 0x0001044a, 0x00010422, + 0x0001044b, 0x00010423, + 0x0001044c, 0x00010424, + 0x0001044d, 0x00010425, +}; + +#endif /*UTF8TABLES_H_*/ diff --git a/rules/README b/rules/README index fb6d6597..98a28508 100644 --- a/rules/README +++ b/rules/README @@ -1,179 +1,177 @@ - - -ModSecurity Core Rule Set -============================== - -(c) 2006 Breach Secuiry Inc. - -The ModSecurity Core Rule Set is provided to you under the terms and -conditions of GPL version 2 - -This directory contains the files for Core ModSecurity Rule Set -The rules are compatible with ModSecurity 2.1 (as of version 1.3.2) - - -Overview --------- - -Using ModSecurity requires rules. In order to enable users to take full -advantage of ModSecurity immediately, Breach Security Inc. is providing a free -Core rule set. Unlike intrusion detection and prevention systems which -rely on signature specific to known vulnerabilities, the Core Rule Set -provides generic protection from unknown vulnerabilities often found in web -application that are in most cases custom coded. - -Keep in mind that a predefined rule set is only part of the work required to -protect your web site. We strongly urge you to consult Ivan Ristic's book, -"Apache Security" in order to harden your Apache web server. You may also -consider writing custom rules for providing a positive security envelope to -your application or critical parts of it. Breach Security can provide you with -training and professional services to assist you in doing that. The Core -Rule Set is heavily commented to allow it to be used as a step-by-step -deployment guide for ModSecurity. - -For more information refer to the Core Rule Set page at -http://www.modsecurity.org/ - - -Core Rule Set Structure & Usage ------------------------------------- - -To activate the rules for your web server installation: - - 1) You may want to edit and customize modsecurity_crs_10_config.conf. - Additionally you may want to edit modsecurity_crs_30_http_policy.conf - which enforces an application specific HTTP protocol usage. - - 2) Add the following line to your httpd.conf (assuming - you've placed the rule files into conf/modsecurity/): - - Include conf/modsecurity/*.conf - - 3) Restart web server. - - 4) Make sure your web sites are still running fine. - - 5) Simulate an attack against the web server. Then check - the attack was correctly logged in the Apache error log, - ModSecurity debug log (if you enabled it) and ModSecurity - audit log (if you enabled it). - - 6) If you configured your audit log entries to be transported - to ModSecurity Console in real time, check the alert was - correctly recorded there too. - -About Regular Expressions -------------------------- - -One of the advantages of the Core Rule Set, being a set of text files is your -ability to modify it. However you will find that the regular expressions used -are very complex. - -Since regular expressions are much more efficient if assembled into a single -expression and optimized, a generation script takes a list of patterns that -are required for a rule and optimize them into a most efficient regular -expression. - -We plan to release the optimization script shortly to allow much easier editing -of regular expressions. - - -Core Rule Set Content --------------------------- - -In order to provide generic web applications protection, the Core Rule Set -uses the following techniques: - -1. HTTP protection - detecting violations of the HTTP protocol and a locally -defined usage policy. - -2. Common Web Attacks Protection - detecting common web application security -attack. - -3. Automation detection - Detecting bots, crawlers, scanners and other surface -malicious activity. - -4. Trojan Protection - Detecting access to Trojans horses. - -5. Errors Hiding – Disguising error messages sent by the server - -In addition the rule set also hints at the power of ModSecurity beyond -providing security by reporting access from the major search engines to your -site. - - -HTTP Protection - This first line of protection ensures that all abnormal HTTP -requests are detected. This line of defense eliminates a large number of -automated and non targeted attacks as well as protects the web server itself. -Common Web Attacks Protection Rules on the second level address the common web -application security attack methods. These are the issues that can appear in -any web application. Some of the issues addressed are: - -- SQL Injection -- Cross-Site Scripting (XSS) -- OS Command execution -- Remote code inclusion -- LDAP Injection -- SSI Injection -- Information leak -- Buffer overflows -- File disclosure - -Automation Detection - Automated clients are both a security risk and a -commercial risk. Automated crawlers collect information from your site, consume -bandwidth and might also search for vulnerabilities on the web site. Automation -detection is especially useful for generic detection of comments spam. - - -Trojan Protection - ModSecurity Core Rule Set detects access to back doors -installed on a web server. This feature is very important in a hosting -environment when some of this backdoors may be uploaded in a legitimate way and -used maliciously. In addition the Core Rule Set includes a hook for adding -an Anti-Virus program such as ClamAV for checking file uploads. - -Errors Hiding - If all fails, the Core Rule Set will detect errors sent by -the web server. Detecting and blocking errors prevents attackers from -collecting reconnaissance information about the web application and also server -as a last line of defense in case an attack was not detected eariler. - - -Few Word of Caution -------------------- - -As with every new technology, using the ModSecurity Core Rule Set requires some caution: - -- Every Rule Set can have false positive in new environments and any new -installation should initially use the log only Rule Set version or if no such -version is available, set ModSecurity to Detection only using the SecRuleEngine -DetectionOnly command. - -After running ModSecurity in a detection only mode for a while review the evens -generated and decide if any modification to the rule set should be made before -moving to protection mode. - -- Freely available wide spread signatures have their down side as attackers may -examine them and find ways to bypass them. Especially note that the automation -detection signatures are relatively easy to evade and should not be viewed as a -security mechanism but only as a "nuisance reduction" mechanism. - - -Road Map --------- - -This rule set is both young and old. Breach Security has a long experience with -rules and signatures for application security protection and the Core Rule -Set is based on this experience. On the other hand, this is a first cut of a -ModSecurity rule set so your feedback and remarks, either directly or through -the ModSecurity mailing list would be greatly appreciated. - -Going forward we plan to: - -- Utilize ModSecurity 2.0 support for events correlation to detect denial of -service attacks, brute force attacks and attack reconnaissance - -- Add a framework for validating SOAP requests. - -- Add signatures for key known vulnerabilities. - -Anything else you would want? - +ModSecurity Core Rule Set +============================== + +(c) 2006 Breach Secuiry Inc. + +The ModSecurity Core Rule Set is provided to you under the terms and +conditions of GPL version 2 + +This directory contains the files for Core ModSecurity Rule Set +The rules are compatible with ModSecurity 2.1 (as of version 1.3.2) + + +Overview +-------- + +Using ModSecurity requires rules. In order to enable users to take full +advantage of ModSecurity immediately, Breach Security Inc. is providing a free +Core rule set. Unlike intrusion detection and prevention systems which +rely on signature specific to known vulnerabilities, the Core Rule Set +provides generic protection from unknown vulnerabilities often found in web +application that are in most cases custom coded. + +Keep in mind that a predefined rule set is only part of the work required to +protect your web site. We strongly urge you to consult Ivan Ristic's book, +"Apache Security" in order to harden your Apache web server. You may also +consider writing custom rules for providing a positive security envelope to +your application or critical parts of it. Breach Security can provide you with +training and professional services to assist you in doing that. The Core +Rule Set is heavily commented to allow it to be used as a step-by-step +deployment guide for ModSecurity. + +For more information refer to the Core Rule Set page at +http://www.modsecurity.org/ + + +Core Rule Set Structure & Usage +------------------------------------ + +To activate the rules for your web server installation: + + 1) You may want to edit and customize modsecurity_crs_10_config.conf. + Additionally you may want to edit modsecurity_crs_30_http_policy.conf + which enforces an application specific HTTP protocol usage. + + 2) Add the following line to your httpd.conf (assuming + you've placed the rule files into conf/modsecurity/): + + Include conf/modsecurity/*.conf + + 3) Restart web server. + + 4) Make sure your web sites are still running fine. + + 5) Simulate an attack against the web server. Then check + the attack was correctly logged in the Apache error log, + ModSecurity debug log (if you enabled it) and ModSecurity + audit log (if you enabled it). + + 6) If you configured your audit log entries to be transported + to ModSecurity Console in real time, check the alert was + correctly recorded there too. + +About Regular Expressions +------------------------- + +One of the advantages of the Core Rule Set, being a set of text files is your +ability to modify it. However you will find that the regular expressions used +are very complex. + +Since regular expressions are much more efficient if assembled into a single +expression and optimized, a generation script takes a list of patterns that +are required for a rule and optimize them into a most efficient regular +expression. + +We plan to release the optimization script shortly to allow much easier editing +of regular expressions. + + +Core Rule Set Content +-------------------------- + +In order to provide generic web applications protection, the Core Rule Set +uses the following techniques: + +1. HTTP protection - detecting violations of the HTTP protocol and a locally +defined usage policy. + +2. Common Web Attacks Protection - detecting common web application security +attack. + +3. Automation detection - Detecting bots, crawlers, scanners and other surface +malicious activity. + +4. Trojan Protection - Detecting access to Trojans horses. + +5. Errors Hiding - Disguising error messages sent by the server + +In addition the rule set also hints at the power of ModSecurity beyond +providing security by reporting access from the major search engines to your +site. + + +HTTP Protection - This first line of protection ensures that all abnormal HTTP +requests are detected. This line of defense eliminates a large number of +automated and non targeted attacks as well as protects the web server itself. +Common Web Attacks Protection Rules on the second level address the common web +application security attack methods. These are the issues that can appear in +any web application. Some of the issues addressed are: + +- SQL Injection +- Cross-Site Scripting (XSS) +- OS Command execution +- Remote code inclusion +- LDAP Injection +- SSI Injection +- Information leak +- Buffer overflows +- File disclosure + +Automation Detection - Automated clients are both a security risk and a +commercial risk. Automated crawlers collect information from your site, consume +bandwidth and might also search for vulnerabilities on the web site. Automation +detection is especially useful for generic detection of comments spam. + + +Trojan Protection - ModSecurity Core Rule Set detects access to back doors +installed on a web server. This feature is very important in a hosting +environment when some of this backdoors may be uploaded in a legitimate way and +used maliciously. In addition the Core Rule Set includes a hook for adding +an Anti-Virus program such as ClamAV for checking file uploads. + +Errors Hiding - If all fails, the Core Rule Set will detect errors sent by +the web server. Detecting and blocking errors prevents attackers from +collecting reconnaissance information about the web application and also server +as a last line of defense in case an attack was not detected eariler. + + +Few Word of Caution +------------------- + +As with every new technology, using the ModSecurity Core Rule Set requires some caution: + +- Every Rule Set can have false positive in new environments and any new +installation should initially use the log only Rule Set version or if no such +version is available, set ModSecurity to Detection only using the SecRuleEngine +DetectionOnly command. + +After running ModSecurity in a detection only mode for a while review the evens +generated and decide if any modification to the rule set should be made before +moving to protection mode. + +- Freely available wide spread signatures have their down side as attackers may +examine them and find ways to bypass them. Especially note that the automation +detection signatures are relatively easy to evade and should not be viewed as a +security mechanism but only as a "nuisance reduction" mechanism. + + +Road Map +-------- + +This rule set is both young and old. Breach Security has a long experience with +rules and signatures for application security protection and the Core Rule +Set is based on this experience. On the other hand, this is a first cut of a +ModSecurity rule set so your feedback and remarks, either directly or through +the ModSecurity mailing list would be greatly appreciated. + +Going forward we plan to: + +- Utilize ModSecurity 2.0 support for events correlation to detect denial of +service attacks, brute force attacks and attack reconnaissance + +- Add a framework for validating SOAP requests. + +- Add signatures for key known vulnerabilities. + +Anything else you would want? +