From c6433df7b21d5c7d4f027eda916ecbe3efc94b51 Mon Sep 17 00:00:00 2001 From: Gabor Berkes Date: Tue, 10 Dec 2024 10:16:14 +0000 Subject: [PATCH] Refactor build system to use libpcre2 as the default Updated the build system and related source files to use libpcre2 as the default regex library instead of the deprecated libpcre. This change ensures future compatibility and aligns with the library's maintenance status. To build with the old libpcre, the `--with-pcre` configuration parameter can be specified. --- .github/workflows/ci.yml | 4 ++-- build/pcre.m4 | 5 +++-- build/pcre2.m4 | 25 ++++++++++--------------- configure.ac | 17 +++++++++-------- src/operators/verify_cc.cc | 12 ++++++------ src/operators/verify_cc.h | 6 +++--- src/utils/regex.cc | 32 ++++++++++++++++---------------- src/utils/regex.h | 4 ++-- 8 files changed, 51 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2fe0010a..65984320 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } exclude: - platform: {label: "x32"} configure: {label: "wo geoip"} @@ -88,7 +88,7 @@ jobs: - {label: "wo geoip", opt: "--without-geoip" } - {label: "wo ssdeep", opt: "--without-ssdeep" } - {label: "with lmdb", opt: "--with-lmdb" } - - {label: "with pcre2", opt: "--with-pcre2" } + - {label: "with pcre", opt: "--with-pcre" } steps: - name: Setup Dependencies # curl, pcre2 not installed because they're already diff --git a/build/pcre.m4 b/build/pcre.m4 index 4d991232..5c3ea989 100644 --- a/build/pcre.m4 +++ b/build/pcre.m4 @@ -21,8 +21,8 @@ AC_ARG_WITH( [test_paths="${with_pcre}"], [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr /opt/local"]) -if test "x${with_pcre2}" != "x" && test "x${with_pcre2}" != "xno"; then - AC_MSG_NOTICE([pcre2 specified; omitting check for pcre]) +if test "x${with_pcre}" == "x" && test "x${with_pcre}" != "xno"; then + AC_MSG_NOTICE([Support for pcre not requested; omitting check for pcre]) else AC_MSG_CHECKING([for libpcre config script]) @@ -106,6 +106,7 @@ else LIBS=$save_LIBS fi + PCRE_CFLAGS="-DWITH_PCRE$ {PCRE_CFLAGS}" AC_SUBST(PCRE_CONFIG) AC_SUBST(PCRE_VERSION) AC_SUBST(PCRE_CPPFLAGS) diff --git a/build/pcre2.m4 b/build/pcre2.m4 index 2d0814ac..bd28c7df 100644 --- a/build/pcre2.m4 +++ b/build/pcre2.m4 @@ -91,21 +91,16 @@ if test -z "${PCRE2_LDADD}"; then PCRE2_FOUND=-1 fi else - if test -z "${PCRE2_MANDATORY}"; then - PCRE2_FOUND=2 - AC_MSG_NOTICE([PCRE2 is disabled by default.]) - else - PCRE2_FOUND=1 - AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) - PCRE2_CFLAGS="-DWITH_PCRE2 ${PCRE2_CFLAGS}" - PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" - AC_SUBST(PCRE2_VERSION) - AC_SUBST(PCRE2_LDADD) - AC_SUBST(PCRE2_LIBS) - AC_SUBST(PCRE2_LDFLAGS) - AC_SUBST(PCRE2_CFLAGS) - AC_SUBST(PCRE2_DISPLAY) - fi + PCRE2_FOUND=1 + AC_MSG_NOTICE([using PCRE2 v${PCRE2_VERSION}]) + PCRE2_CFLAGS="${PCRE2_CFLAGS}" + PCRE2_DISPLAY="${PCRE2_LDADD}, ${PCRE2_CFLAGS}" + AC_SUBST(PCRE2_VERSION) + AC_SUBST(PCRE2_LDADD) + AC_SUBST(PCRE2_LIBS) + AC_SUBST(PCRE2_LDFLAGS) + AC_SUBST(PCRE2_CFLAGS) + AC_SUBST(PCRE2_DISPLAY) fi diff --git a/configure.ac b/configure.ac index 91b8d59a..0bce5135 100644 --- a/configure.ac +++ b/configure.ac @@ -141,15 +141,16 @@ CHECK_LIBXML2 # -# Check for libpcre +# Check for libpcre only if explicitly requested # -CHECK_PCRE - - -# -# Check for pcre2 -# -PROG_PCRE2 +if test "x${with_pcre}" != "x" && test "x${with_pcre}" != "xno"; then + CHECK_PCRE +else + # + # Check for pcre2 + # + PROG_PCRE2 +fi # Checks for header files. diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 66f2e911..4f197783 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -21,7 +21,7 @@ #include "src/operators/operator.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT #define pcre_study_opt PCRE_STUDY_JIT_COMPILE #else @@ -34,7 +34,7 @@ namespace modsecurity { namespace operators { VerifyCC::~VerifyCC() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else if (m_pc != NULL) { @@ -94,7 +94,7 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { bool VerifyCC::init(const std::string ¶m2, std::string *error) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(m_param.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); int errornumber = 0; @@ -136,7 +136,7 @@ bool VerifyCC::init(const std::string ¶m2, std::string *error) { bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, const std::string& i, RuleMessage &ruleMessage) { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SIZE offset = 0; size_t target_length = i.length(); PCRE2_SPTR pcre2_i = reinterpret_cast(i.c_str()); @@ -192,7 +192,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, "\" at " + i + ". [offset " + std::to_string(offset) + "]"); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return true; @@ -200,7 +200,7 @@ bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule, } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index 05d4cdec..ec1661fb 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -16,7 +16,7 @@ #ifndef SRC_OPERATORS_VERIFY_CC_H_ #define SRC_OPERATORS_VERIFY_CC_H_ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -38,7 +38,7 @@ class VerifyCC : public Operator { /** @ingroup ModSecurity_Operator */ explicit VerifyCC(std::unique_ptr param) : Operator("VerifyCC", std::move(param)), -#if WITH_PCRE2 +#ifndef WITH_PCRE m_pc(NULL), m_pcje(PCRE2_ERROR_JIT_BADOPTION) { } #else @@ -52,7 +52,7 @@ class VerifyCC : public Operator { RuleMessage &ruleMessage) override; bool init(const std::string ¶m, std::string *error) override; private: -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 731ffc97..9d84c871 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -23,7 +23,7 @@ #include "src/utils/geo_lookup.h" -#ifndef WITH_PCRE2 +#ifdef WITH_PCRE #if PCRE_HAVE_JIT // NOTE: Add PCRE_STUDY_EXTRA_NEEDED so studying always yields a pcre_extra strucure // and we can selectively override match limits using a copy of that structure at runtime. @@ -35,7 +35,7 @@ #endif #endif -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE class Pcre2MatchContextPtr { public: Pcre2MatchContextPtr() @@ -62,7 +62,7 @@ namespace Utils { // Helper function to tell us if the current config indicates CRLF is a valid newline sequence bool crlfIsNewline() { -#if WITH_PCRE2 +#ifndef WITH_PCRE uint32_t newline = 0; pcre2_config(PCRE2_CONFIG_NEWLINE, &newline); bool crlf_is_newline = @@ -89,7 +89,7 @@ bool crlfIsNewline() { Regex::Regex(const std::string& pattern_, bool ignoreCase) : pattern(pattern_.empty() ? ".*" : pattern_) { -#if WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_pattern = reinterpret_cast(pattern.c_str()); uint32_t pcre2_options = (PCRE2_DOTALL|PCRE2_MULTILINE); if (ignoreCase) { @@ -117,7 +117,7 @@ Regex::Regex(const std::string& pattern_, bool ignoreCase) Regex::~Regex() { -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code_free(m_pc); #else if (m_pc != NULL) { @@ -139,7 +139,7 @@ Regex::~Regex() { std::list Regex::searchAll(const std::string& s) const { std::list retList; int rc = 0; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); PCRE2_SIZE offset = 0; @@ -183,14 +183,14 @@ std::list Regex::searchAll(const std::string& s) const { } } while (rc > 0); -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return retList; } RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? @@ -235,7 +235,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector& captures, unsigned long match_limit) const { bool prev_match_zero_length = false; -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE Pcre2MatchContextPtr match_context; if (match_limit > 0) { // TODO: What if setting the match limit fails? @@ -337,14 +337,14 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector } } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return RegexResult::Ok; } int Regex::search(const std::string& s, SMatch *match) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); int ret = 0; @@ -371,14 +371,14 @@ int Regex::search(const std::string& s, SMatch *match) const { 0); } -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre2_match_data_free(match_data); #endif return ret; } int Regex::search(const std::string& s) const { -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE PCRE2_SPTR pcre2_s = reinterpret_cast(s.c_str()); pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(m_pc, NULL); int rc = 0; @@ -405,7 +405,7 @@ int Regex::search(const std::string& s) const { RegexResult Regex::to_regex_result(int pcre_exec_result) const { if ( pcre_exec_result > 0 || -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_NOMATCH #else pcre_exec_result == PCRE_ERROR_NOMATCH @@ -413,7 +413,7 @@ RegexResult Regex::to_regex_result(int pcre_exec_result) const { ) { return RegexResult::Ok; } else if( -#ifdef WITH_PCRE2 +#ifndef WITH_PCRE pcre_exec_result == PCRE2_ERROR_MATCHLIMIT #else pcre_exec_result == PCRE_ERROR_MATCHLIMIT diff --git a/src/utils/regex.h b/src/utils/regex.h index f27cdd25..a771720a 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -12,7 +12,7 @@ * directly using the email address security@modsecurity.org. * */ -#if WITH_PCRE2 +#ifndef WITH_PCRE #define PCRE2_CODE_UNIT_WIDTH 8 #include #else @@ -91,7 +91,7 @@ class Regex { private: RegexResult to_regex_result(int pcre_exec_result) const; -#if WITH_PCRE2 +#ifndef WITH_PCRE pcre2_code *m_pc; int m_pcje; #else