New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Re2 support 942130 #2425
Re2 support 942130 #2425
Conversation
cf1cd89
to
3bc3b78
Compare
37b138a
to
15dbc90
Compare
As discussed with @fzipi, this is our plan for going forward:
|
15dbc90
to
b1a0ca5
Compare
@theseion First take on splitting this rule. Tests are failing still. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good already.
bc0c527
to
1839894
Compare
After digging through the source code of ModSecurity v2.9.5, we have identified a bug that effectively breaks all but the simplest use of macro expansion in ModSecurity v3 is fine, no escaping happens at all in that version. Unfortunately, I think that means the idea is off the table for now. Even if this bug were fixed in a short amount of time, it would mean that older installations of Apache httpd would not get this rule. Unless we implement this technique "for future use" and retain fallback rules. @dune73 What's your take? |
1839894
to
77627f0
Compare
dd94784
to
9afbf38
Compare
Ok, this looks like it might work. Pushed the use of |
14751c2
to
533e9db
Compare
Added more tests. I'm sorry to say: it works like a charm! Other than some changes in logging style, I think this is good to go! Example:
The match is going to be on the chained rule I guess.... |
Yay! Great stuff! I'll see whether I can review it later today. |
02d5a28
to
40ac6ec
Compare
40ac6ec
to
9e47a35
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not entirely sure what the state is of this PR. Are we still assessing the URL decoding issue?
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
9e47a35
to
b57b167
Compare
Co-authored-by: Max Leske <th3s3ion@gmail.com> Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
b57b167
to
cad8fc9
Compare
Not sure whether you're done yet, but there are more unresolved comments (hidden again...). |
No. In the end I just removed the problematic part and kept the compatibility with the previous rule in that regard. We can take a second look after we merge this one. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pretty good. Only a couple small changes left.
Co-authored-by: Max Leske <th3s3ion@gmail.com>
@theseion Suggestions commited. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Sorry I did not respond here. Overlooked it in a huge pile of mail. |
This is an implementation for the idea described in #2353.
These is a summary of the changes: