VCC-compiler: Syntax error for breach #9

Open
DaiYamatta opened this Issue Oct 13, 2011 · 4 comments

Comments

Projects
None yet
2 participants

enable include "/etc/varnish/security/breach.vcl";

this code is syntax error.

varnishd -d -f default.vcl
Message from VCC-compiler:
Syntax error at
('/etc/varnish/security/breach/40_generic_attacks.vcl' Line 5 Pos 78)
if(req.http.Cookie ~ "(?:(?:[;|]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"|\;-\s]|$))"){
-----------------------------------------------------------------------------#-----------------

Running VCC-compiler failed, exit 1

VCL compilation failed

varnishd -d -f /etc/varnish/default.vcl
Message from VCC-compiler:
Expected ')' got 'validateUtf8Encoding'
(program line 73), at
('/etc/varnish/security/breach/20_protocol_violations.vcl' Line 256 Pos 15)
if(req.url validateUtf8Encoding ""){
--------------####################-----

Running VCC-compiler failed, exit 1

VCL compilation failed

varnishd -d -f /etc/varnish/default.vcl
Message from VCC-compiler:
Unknown token '%' when looking for BOOL

('/etc/varnish/security/breach/30_http_policy.vcl' Line 5 Pos 8)
if((%{tx.allowed_methods}) ~ "req.request"){
-------#---------------------------------------

Running VCC-compiler failed, exit 1

VCL compilation failed

as is code comment out is running !!

Owner

comotion commented Oct 13, 2011

Hey Dai,
thanks for the notice
yeah the breach module is not precisely tip top since the port to V3.0 and the introduction of some new mod_security features. I will hack on it some when I get a chance, til then I recommend you use the standard VCL modules shipped with security.vcl.

Owner

comotion commented Oct 13, 2011

wait, did you say these are the only three errors and if you comment them out it works?

Dear comotion

wait, did you say these are the only three errors and if you comment them out it works?

yes!! runnnig.

test enviroment is Scientific Linux 6.1 x86_64. Need more information?

Owner

comotion commented Oct 14, 2011

good to hear! 5a33710 pushes a fix that skips emitting rules for validateUtf8Enoding, since we have to implement that in the upcoming sec.vcl VMOD.
%{tx.allowed_methods} is going to be trickier since I'll have to put something badass together in perl to resolve variables,
while the regex
"(?:(?:[;|]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"|\;-\s]|$))"
I dunno what's wrong here... the regex is straight from the breach ruleset and it seems to complain on valid regex..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment