github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,239 Commits 55 Branches 109 Tags
Commit Graph

1295 Commits

Author SHA1 Message Date
Ervin Hegedus
9ab88d6206
chore: prepare v2.9.9 2025-05-21 21:10:34 +02:00
Ervin Hegedus
fdfc2d5b21
fix: add ARGS to sanitize list only if it's not added yet 2025-05-19 10:53:50 +02:00
Joe Orton
5aa6ce0aa2
Log error codes for global mutex failure modes. 2025-05-17 14:55:09 +02:00
Ervin Hegedus
38850f912b
Merge pull request #3372 from notroj/v2-gcc-warning-fixes 
Fix compiler warnings from GCC
 2025-05-17 10:09:29 +02:00
Joe Orton
de1cf63d26 Fix GCC warning in msc_headers_to_buffer(): 
In file included from /usr/include/stdio.h:970,
                 from modsecurity.h:18,
                 from msc_util.c:15:
In function 'sprintf',
    inlined from 'msc_headers_to_buffer' at msc_util.c:2331:17:
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'buffer' [-Wrestrict]
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
msc_util.c: In function 'msc_headers_to_buffer':
msc_util.c:2306:64: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
 2306 | int msc_headers_to_buffer(const apr_array_header_t *arr, char *buffer,
      |                                                          ~~~~~~^~~~~~
 2025-05-16 09:59:32 +01:00
Joe Orton
9d9a727349 Fix compiler warnings. Reported by GCC with flags: 
-Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]
 2025-05-16 09:59:32 +01:00
Ervin Hegedus
d7b38f034e
Refactor code and build system to use libpcre2 as the default 2025-05-15 21:13:52 +02:00
RedXanadu
0c7dadc4c7
Correct indentation 2025-05-14 11:51:01 +01:00
Xanadu
652b942cfb
Add extra conditional compilation for err logging 
Restores the original format string for error logging for ModSecurity
when compiled as a standalone module. Specifically, the format string
has "[client %s]" back again: this is required for standalone modules as
Apache is not present to implicitly log the client source IP address.
 2025-05-14 11:51:01 +01:00
Ervin Hegedus
e0e732aaef
Merge pull request #3375 from airween/v2/failjiterr 
fix: add msc_fullinfo() to check JIT compilation
 2025-05-10 20:12:56 +02:00
Ervin Hegedus
33d0f50698
Add all compilation conditions to the new function 2025-05-10 13:21:29 +02:00
Ervin Hegedus
5f3537ec21
add copilation condition to avoid build error in case of old PCRE 2025-05-10 13:13:55 +02:00
Ervin Hegedus
1549132fb5
chore: refacorize setting of JIT related variables 2025-05-10 13:08:29 +02:00
Ervin Hegedus
d26a1d0d2c
chore: remove unnecessary @LIBXML2_CFLAGS@ from linker flags 2025-05-10 11:12:58 +02:00
Ervin Hegedus
bc500582a2
fix: add msc_fullinfo() to check JIT compilation 2025-05-10 10:13:29 +02:00
Ervin Hegedus
87cbf9ea2e
Update explanation 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-30 08:50:55 +02:00
Ervin Hegedus
19b7e98fb6
Change node value's parsing to concatenate instead of duplicate it every time 2025-04-28 21:12:32 +02:00
Ervin Hegedus
4c043a0889
Change directive format to strict camel case 2025-04-28 21:05:18 +02:00
Ervin Hegedus
bd45108024
Fix error message explanation. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-27 11:28:18 +02:00
Ervin Hegedus
c11bd6c6f2
Fix retval logic explanation 2025-04-27 11:25:59 +02:00
Ervin Hegedus
ed24e70c58
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:37:00 +02:00
Ervin Hegedus
b5188237f4
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:36:32 +02:00
Ervin Hegedus
f1ecdb1cf7
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:35:44 +02:00
Ervin Hegedus
21d71bb603
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:33:12 +02:00
Ervin Hegedus
bfe8047c04
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:32:55 +02:00
Ervin Hegedus
c19f90195c
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:32:25 +02:00
Ervin Hegedus
c3ab480979
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:31:43 +02:00
Ervin Hegedus
321c554965
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:25:05 +02:00
Ervin Hegedus
3829d65792
Debug message clarification 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:08:40 +02:00
Ervin Hegedus
055aec7bf6
Comment clarification 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2025-04-26 20:08:02 +02:00
Ervin Hegedus
78ca32f280
Format comment 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2025-04-26 20:02:07 +02:00
Ervin Hegedus
c24ad689be
Remove unnecessary comment. 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2025-04-26 20:01:07 +02:00
Ervin Hegedus
1953e37217
Add nullptr check conditions 2025-04-20 21:44:47 +02:00
Ervin Hegedus
0c8cc6e2cf
Finish XMLArgs processing 2025-04-07 14:01:46 +02:00
Marc Stern
fa621f81e9
Merge pull request #3284 from marcstern/v2/pr/utf8toUnicodeVsMultibyte 
Incorrect utf8toUnicode transformation for 00xx
 2024-11-12 17:34:05 +01:00
Marc Stern
87dbae9bb2 assert(input != NULL); 2024-11-04 13:53:28 +01:00
Marc Stern
907d61ad6d Incorrect utf8toUnicode transformation for 00xx 
Fix issue and restructure handling
 2024-10-22 15:51:55 +02:00
Marc Stern
ecab91a74e Add problematic pattern when DEBUG_CONF is defined 2024-10-17 14:43:03 +02:00
Marc Stern
89ff91dae3 Fixed PCRE2 error message 2024-10-17 14:10:56 +02:00
Marc Stern
23e3cb491a Fix for #3255 
We don't have to generate a temp name ourselves, it'll be done in apr_global_mutex_create().
We don't have to provide a filename, apr_global_mutex_create() generates one automatically.
Moreover, under Unix & Windows, the preferred mechanism won't use a file at all.
apr_file_mktemp() cannot be used as it creates the file (at least on FreeBSD).
Discussion in Apache mailing list: https://lists.apache.org/thread/ykb26kg4lgcqnldvxwd9p6hv16fy4z9l
 2024-10-03 12:42:23 +02:00
Marc Stern
090e4d3baa
Merge pull request #3257 from marcstern/v2/pr/msr_global_mutex_lock 
msr_global_mutex_lock: handle errors from apr_global_mutex_lock
 2024-10-02 17:09:51 +02:00
Rainer Jung
149376377e Move id_log() to msc_util to fix unit tests; it is declared on msc_util.h already 2024-10-01 13:58:22 +02:00
Marc Stern
c99d931f3c Initialize filename to NULL 2024-09-30 13:53:31 +02:00
Marc Stern
b8e8e30730 Fixed parameters/functions names 2024-09-30 13:12:38 +02:00
Marc Stern
9ba1caa2fa Missing #include <time.h> 2024-09-25 13:57:05 +02:00
Marc Stern
b850c74b12 We should have get the warning at lock time, so ignore it at unlock time 2024-09-12 14:07:55 +02:00
Marc Stern
449c080e63 Same for global_mutex_unlock 2024-09-12 13:01:44 +02:00
Marc Stern
b52201010d msr_global_mutex_lock: Handle errors from apr_global_mutex_lock 2024-09-12 12:18:25 +02:00
Ervin Hegedus
cddd9a7eb5
Fix build error if -Werror=format-security is presented 2024-09-03 21:49:43 +02:00
Ervin Hegedus
ad0161118d
Change release version to v2.9.8 2024-09-03 14:40:55 +02:00