This commit changes Regex interface rather dramatically.
Most importantly, RegexMatch class now contains a list of matched groups,
with group(0) being entire match, group(1) - first capturing group,
and so on.
Secondly, searchAll now returns a list of RegexMatch objects instead
of reversed flattened list of groups from all matches.
Ubuntu 14.04 doesn't have RE2 package altogether,
and Ubuntu 16.04 RE2 package is too old.
Ubuntu 18.04 RE2 package might work, but this Ubuntu verison it's not
supported by Travis yet.
So build RE2 from source.
RE2 doesn't support certain features, like negative lookaround,
so when a regular expression cannot be compiled with RE2, it's
compiled with libpcre instead.
This has some runtime cost, as this fallback is implemented
with an extra heap object and virtual function calls.
When RE2 is not enabled, however, everything works as it did before.
Previously, searchAll would stop search when it encountered an empty
matching group in any position. This means that, for example,
regular expression "(a)(b?)(c)" would match string "ac", but the
resulting group list would be ["ac", "a"].
After this change, the resulting list for the aforementioned regular
expression becomes ["ac", "a", "", "c"] like it should've been.
Additionally, this also changes behaviour for multiple matches. For
example, when "aaa00bbb" is matched by "[a-z]*", previously only "aaa"
would be returned. Now the matching list is ["aaa", "", "", "bbb", ""].
The old behaviour was confusing and almost certainly a bug. The new
behaviour is the same as in Python's re.findall.
For reference, though, Go does it somewhat differently: empty matches
at the end of non-empty matches are ignored, so in Go above example is
["aaa", "", "bbb"] instead.
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.
This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
LMBD is not built by default since 6143eb9,
so add explicit --with-lmdb configuration.
Missing --with-lmdb build allowed a bug in PR #2003 to pass
through, causing issue #2008.
This commit fixes quite a few odd things in regex code:
* Lack of encapsulation.
* Non-method functions for matching without retrieving all groups.
* Regex class being copyable without proper copy-constructor (potential UAF
and double free due to pointer members m_pc and m_pce).
* Redundant SMatch::m_length, which always equals to match.size() anyway.
* Weird SMatch::size_ member which is initialized only by one of the three matching
functions, and equals to the return value of that function anyways.
* Several places in code having std::string value instead of reference.
This change makes the following directives to be merged properly:
SecRequestBodyAccess
SecResponseBodyAccess
SecXmlExternalEntity
SecUploadKeepFiles
SecTmpSaveUploadedFiles
This change makes the following directives to be merged properly:
SecRequestBodyLimit
SecResponseBodyLimit
SecUploadFileLimit
SecUploadFileMode
SecUploadDir
SecTmpDir
SecArgumentSeparator
SecWebAppId
SecHttpBlKey
The use of AC_CHECK_FILE causes the following error when cross compiling:
configure: error: cannot check for file existence when cross compiling
The solution is to check for the file directly instead of using a macro.
Resolves: #1983
