e6e2989bd5
- Added new test/test_suite.in with list of regression and unit tests
previously in Makefile.am, to be shared between Unix and Windows
builds.
- Updated regression.cc & unit.cc to return the number of failed tests
to indicate to CTest that the test failed. Similarly, a crash or
unhandled exception terminates the process with a non-zero exit code.
- This change doesn't affect running the tests with autotest in Unix
builds because this processes test output from custom-test-driver &
test-suite.sh, and ignores the exit code of the test runner.
- Removed comment in test/test-cases/regression-offset-variable.json as
this is not supported by JSON and prevents strict parsers to read and
process the file.
- Minor change in regression.cc's clearAuditLog to replace std::ifstream
with std::ofstream as the mode to open the flag applies to an output
stream.
- Minor change in unit.cc to simplify code that deletes tests.
- Minor changes to test/custom-test-driver to correct usage information.
libModSecurity Windows build information
The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for Visual C++ & CMake) and Conan package manager.
Contents
Prerequisites
- Build Tools for Visual Studio 2022
- Install Desktop development with C++ workload, which includes:
- MSVC C++ compiler
- Windows SDK
- CMake
- Address Sanitizer
- Install Desktop development with C++ workload, which includes:
- Conan package manager 2.2.2
- Install and then setup the default Conan profile to use the MSVC C++ compiler:
- Open a command-prompt and set the MSVC C++ compiler environment by executing:
C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat - Execute:
conan profile detect --force
- Open a command-prompt and set the MSVC C++ compiler environment by executing:
- Install and then setup the default Conan profile to use the MSVC C++ compiler:
- Git for Windows 2.44.0
- To clone the libModSecurity repository.
- NOTE: Make sure to initialize and update submodules (to get
libinjectionand regression tests)git submodule initgit submodule update
Build
Install the prerequisites listsed in the previous section, checkout libModSecurity and from the directory where it's located execute:
vcbuild.bat [build_configuration] [arch] [USE_ASAN]
where [build_configuration] can be: Release (default), RelWithDebInfo, MinSizeRel or Debug, and [arch] can be: x86_64 (default) or x86.
Built files will be located in the directory: build\win32\build\[build_configuration] and include:
libModSecurity.dll- Executable files for test projects
unit_tests.exeregression_tests.exebenchmark.exerules_optimization.exe
- Executable files for examples
simple_example_using_c.exeusing_bodies_in_chunks.exereading_logs_via_rule_message.exereading_logs_with_offset.exe
- Executable files for tools
rules_check.exe
NOTE: When building a different configuration, it's recommended to reset:
- the build directory:
build\win32\build - previously built conan packages executing the command:
conan remove * -c
Optional features
By default the following all the following features are enabled by including the associated third-party library through a Conan package:
- libxml2 2.12.6 for XML processing support
- libcurl 8.6.0 to support http requests from rules
- libmaxminddb 1.9.1 to support reading MaxMind DB files.
- LUA 5.4.6 to enable rules to run scripts in this language for extensibility
- lmdb 0.9.31 in-memory database
Each of these can be turned off by updating the associated HAVE_xxx variable (setting it to zero) in the beginning of the libModSecurity section of CMakeLists.txt.
Address Sanitizer
AddressSanitizer (aka ASan) is a memory error detector for C/C++.
To generate a build with Address Sanitizer, add the USE_ASAN optional third argument to vcbuild.bat. For example:
vcbuild.bat Debug x86_64 USE_ASAN
NOTE: USE_ASAN does not work with Release & MinSizeRel configurations because they do not include debug info (it is only compatible with Debug & RelWithDebInfo builds).
- References
Docker container
A Dockerfile configuration file is provided in the docker subdir that creates a Windows container image which installs the prerequisites and builds libModSecurity and other binaries.
NOTE: Windows containers are supported in Docker Desktop for Windows, using the Switch to Windows containers... option on the context menu of the system tray icon.
To build the docker image, execute the following command (from the build\win32\docker directory):
docker build -t libmodsecurity:latest -m 4GB .- Build type, architecture and build with Address Sanitizer can be configured through build arguments (
BUILD_TYPE,ARCH&USE_ASANrespectively). For example, to generate a debug build, add the following argument:--build-arg BUILD_TYPE=Debug
- Build type, architecture and build with Address Sanitizer can be configured through build arguments (
Once the image is generated, the library and associated binaries (tests & examples) are located in the C:\src\ModSecurity\build\win32\build\[build_type] directory.
To extract the library (libModSecurity.dll) from the image, you can execute the following commands:
docker container create --name [container_name] libmodsecuritydocker cp [container_name]:C:\src\ModSecurity\build\win32\build\[build_type]\libModSecurity.dll .- NOTE: If you leave out the
libModSecurity.dllfilename out, you can copy all the built binaries (including examples & tests).
- NOTE: If you leave out the
Additionally, the image can be used interactively for additional development work by executing:
docker run -it libmodsecurity