github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactor code and build system to use libpcre2 as the default

Browse Source
This commit is contained in:
Ervin Hegedus
2025-05-15 21:13:52 +02:00
parent 9bc3300a3a
commit d7b38f034e
14 changed files with 106 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apache2/apache2_config.c
View File

@@ -1343,7 +1343,7 @@ static const char *cmd_audit_log_relevant_status(cmd_parms *cmd, void *_dcfg,
assert(p1 != NULL);
directory_config *dcfg = _dcfg;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE2_DOTALL, NULL, NULL);
#else
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NULL, NULL);

4
apache2/mod_security2.c
View File

@@ -116,7 +116,7 @@ static void version(apr_pool_t *mp, server_rec* s) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, "ModSecurity: Loaded APR do not match with compiled!");
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
pcre_vrs = apr_psprintf(mp,"%d.%d ", PCRE2_MAJOR, PCRE2_MINOR);
pcre_loaded_vrs = pcre2_loaded_vrs_buffer;
pcre2_config(PCRE2_CONFIG_VERSION, pcre2_loaded_vrs_buffer);
@@ -126,7 +126,7 @@ static void version(apr_pool_t *mp, server_rec* s) {
#endif
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
"ModSecurity: PCRE2 compiled version=\"%s\"; "
#else
"ModSecurity: PCRE compiled version=\"%s\"; "

2
apache2/modsecurity.c
View File

@@ -584,7 +584,7 @@ static int is_response_status_relevant(modsec_rec *msr, int status) {
rc = msc_regexec(msr->txcfg->auditlog_relevant_regex, buf, strlen(buf), &my_error_msg);
if (rc >= 0) return 1;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc == PCRE2_ERROR_NOMATCH) return 0;
#else
if (rc == PCRE_ERROR_NOMATCH) return 0;

20
apache2/msc_crypt.c
View File

@@ -388,7 +388,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_HREF_HASH_RX:
if(em[i]->type == HASH_URL_HREF_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -421,7 +421,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
@@ -451,7 +451,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_FACTION_HASH_RX:
if(em[i]->type == HASH_URL_FACTION_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -484,7 +484,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
@@ -514,7 +514,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_LOCATION_HASH_RX:
if(em[i]->type == HASH_URL_LOCATION_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -547,7 +547,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
@@ -577,7 +577,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_IFRAMESRC_HASH_RX:
if(em[i]->type == HASH_URL_IFRAMESRC_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -610,7 +610,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
@@ -640,7 +640,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_FRAMESRC_HASH_RX:
if(em[i]->type == HASH_URL_FRAMESRC_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -673,7 +673,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */

8
apache2/msc_pcre.c
View File

@@ -20,7 +20,7 @@
*/
static apr_status_t msc_pcre_cleanup(msc_regex_t *regex) {
if (regex != NULL) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (regex->match_context != NULL) {
pcre2_match_context_free(regex->match_context);
regex->match_context = NULL;
@@ -55,7 +55,7 @@ static apr_status_t msc_pcre_cleanup(msc_regex_t *regex) {
void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
const char **_errptr, int *_erroffset,
int match_limit, int match_limit_recursion)
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
{
msc_regex_t *regex = NULL;
PCRE2_SPTR pcre2_pattern;
@@ -239,7 +239,7 @@ int msc_regexec_ex(msc_regex_t *regex, const char *s, unsigned int slen,
if (error_msg == NULL) return -1000; /* To differentiate from PCRE as it already uses -1. */
*error_msg = NULL;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
{
PCRE2_SPTR pcre2_s;
int pcre2_ret;
@@ -319,7 +319,7 @@ int msc_regexec(msc_regex_t *regex, const char *s, unsigned int slen,
*/
int msc_fullinfo(msc_regex_t *regex, int what, void *where)
{
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
return pcre2_pattern_info(regex->re, (uint32_t)what, where);
#else
return pcre_fullinfo(regex->re, regex->pe, what, where);

4
apache2/msc_pcre.h
View File

@@ -17,7 +17,7 @@
typedef struct msc_regex_t msc_regex_t;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
#define PCRE2_CODE_UNIT_WIDTH 8
#include "pcre2.h"
#else
@@ -42,7 +42,7 @@ typedef struct msc_regex_t msc_regex_t;
#include "modsecurity.h"
struct msc_regex_t {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
pcre2_code *re;
pcre2_match_context *match_context;
#ifdef WITH_PCRE_JIT

2
apache2/msc_status_engine.c
View File

@@ -349,7 +349,7 @@ int DSOLOCAL msc_beacon_string (char *beacon_string, int beacon_string_max_len)
apr = APR_VERSION_STRING;
apr_loaded = apr_version_string();
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
apr_snprintf(pcre, 7, "%d.%d", PCRE2_MAJOR, PCRE2_MINOR);
pcre_loaded = ""; /* complete this if/when status reactivated */
#else

56
apache2/re_operators.c
View File

@@ -39,7 +39,7 @@
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
/**
* @brief Set the JIT compile return code and JIT compile status.
* \param regex regex structure
@@ -730,7 +730,7 @@ static int msre_op_validateHash_param_init(msre_rule *rule, char **error_msg) {
/* Compile pattern */
if(strstr(pattern,"%{") == NULL) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
int options = PCRE2_DOTALL | PCRE2_DOLLAR_ENDONLY;
#else
int options = PCRE_DOTALL | PCRE_DOLLAR_ENDONLY;
@@ -744,7 +744,7 @@ static int msre_op_validateHash_param_init(msre_rule *rule, char **error_msg) {
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -834,7 +834,7 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v
msr_log(msr, 6, "Escaping pattern [%s]",pattern);
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_DOLLAR_ENDONLY;
#else
options = PCRE_DOTALL | PCRE_DOLLAR_ENDONLY;
@@ -850,7 +850,7 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
if (msr->txcfg->debuglog_level >= 4) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -888,7 +888,7 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v
* and no memory has to be allocated for any backreferences.
*/
rc = msc_regexec_capture(regex, target, target_length, ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -922,7 +922,7 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v
return -1;
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
@@ -1007,7 +1007,7 @@ static int msre_op_rx_param_init(msre_rule *rule, char **error_msg) {
/* Compile pattern */
if(strstr(pattern,"%{") == NULL) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
int options = PCRE2_DOTALL | PCRE2_DOLLAR_ENDONLY;
#else
int options = PCRE_DOTALL | PCRE_DOLLAR_ENDONLY;
@@ -1021,7 +1021,7 @@ static int msre_op_rx_param_init(msre_rule *rule, char **error_msg) {
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -1104,7 +1104,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
msr_log(msr, 6, "Expanded-macro pattern [%s]",pattern);
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_DOLLAR_ENDONLY;
#else
options = PCRE_DOTALL | PCRE_DOLLAR_ENDONLY;
@@ -1119,7 +1119,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
if (msr->txcfg->debuglog_level >= 4) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -1171,7 +1171,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
/* Show when the regex captures but "capture" is not set */
if (msr->txcfg->debuglog_level >= 6) {
int capcount = 0;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
rc = msc_fullinfo(regex, PCRE2_INFO_CAPTURECOUNT, &capcount);
#else
rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
@@ -1187,7 +1187,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
* and no memory has to be allocated for any backreferences.
*/
rc = msc_regexec_capture(regex, target, target_length, ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
@@ -1282,7 +1282,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
}
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
@@ -1752,7 +1752,7 @@ static int msre_op_gsbLookup_param_init(msre_rule *rule, char **error_msg) {
*error_msg = NULL;
/* Compile rule->op_param */
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_MULTILINE;
#else
options = PCRE_DOTALL | PCRE_MULTILINE;
@@ -1830,7 +1830,7 @@ static int msre_op_gsbLookup_execute(modsec_rec *msr, msre_rule *rule, msre_var
memcpy(data,var->value,var->value_len);
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_NOTEMPTY;
#else
options = PCRE_NOTEMPTY;
@@ -2953,7 +2953,7 @@ static int msre_op_verifyCC_init(msre_rule *rule, char **error_msg) {
if (error_msg == NULL) return -1;
*error_msg = NULL;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_MULTILINE;
#else
options = PCRE_DOTALL | PCRE_MULTILINE;
@@ -3010,7 +3010,7 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
if (msr->txcfg->debuglog_level >= 4) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -3050,7 +3050,7 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
}
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_NOTEMPTY;
#else
options = PCRE_NOTEMPTY;
@@ -3058,7 +3058,7 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
rc = msc_regexec_ex(regex, target, target_length, offset, options, ovector, 30, &my_error_msg);
/* If there was no match, then we are done. */
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc == PCRE2_ERROR_NOMATCH) {
#else
if (rc == PCRE_ERROR_NOMATCH) {
@@ -3280,7 +3280,7 @@ static int msre_op_verifyCPF_init(msre_rule *rule, char **error_msg) {
*error_msg = NULL;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_MULTILINE;
#else
options = PCRE_DOTALL | PCRE_MULTILINE;
@@ -3349,7 +3349,7 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
if (msr->txcfg->debuglog_level >= 4) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -3388,7 +3388,7 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
}
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_NOTEMPTY;
#else
options = PCRE_NOTEMPTY;
@@ -3396,7 +3396,7 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
rc = msc_regexec_ex(regex, target, target_length, offset, options, ovector, 30, &my_error_msg);
/* If there was no match, then we are done. */
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc == PCRE2_ERROR_NOMATCH) {
#else
if (rc == PCRE_ERROR_NOMATCH) {
@@ -3603,7 +3603,7 @@ static int msre_op_verifySSN_init(msre_rule *rule, char **error_msg) {
if (error_msg == NULL) return -1;
*error_msg = NULL;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_MULTILINE;
#else
options = PCRE_DOTALL | PCRE_MULTILINE;
@@ -3674,7 +3674,7 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
if (msr->txcfg->debuglog_level >= 4) {
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
msc_op_set_jitrc(regex, &rc, &jit);
#else
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
@@ -3713,7 +3713,7 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
}
}
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_NOTEMPTY;
#else
options = PCRE_NOTEMPTY;
@@ -3721,7 +3721,7 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
rc = msc_regexec_ex(regex, target, target_length, offset, options, ovector, 30, &my_error_msg);
/* If there was no match, then we are done. */
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
if (rc == PCRE2_ERROR_NOMATCH) {
#else
if (rc == PCRE_ERROR_NOMATCH) {

4
apache2/re_variables.c
View File

@@ -22,7 +22,7 @@
#include "libxml/xpathInternals.h"
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
#define PCRE_ERROR_NOMATCH PCRE2_ERROR_NOMATCH
#endif
/**
@@ -80,7 +80,7 @@ static char *var_generic_list_validate(msre_ruleset *ruleset, msre_var *var) {
pattern = apr_pstrmemdup(ruleset->mp, var->param + 1, strlen(var->param + 1) - 1);
if (pattern == NULL) return FATAL_ERROR;
#ifdef WITH_PCRE2
#ifndef WITH_PCRE
options = PCRE2_DOTALL | PCRE2_CASELESS | PCRE2_DOLLAR_ENDONLY;
#else
options = PCRE_DOTALL | PCRE_CASELESS | PCRE_DOLLAR_ENDONLY;