How to call modsecurity in my application and use rules to check if the URL is safe?

[kaingeyy]

program : linux c
platform: centos 7
version : v3
file : examples/simple_example_using_c/test
add line into file : basic_rules.conf
Include "./crs-setup.conf"
Include "./rules/*.conf"

run test
./test
...
Rule ID: ./rules/REQUEST-949-BLOCKING-EVALUATION.conf:51--0x1f32530
Rule ID: ./rules/REQUEST-949-BLOCKING-EVALUATION.conf:132--0x2b41e00
Rule ID: ./rules/RESPONSE-950-DATA-LEAKAGES.conf:139--0x2b4e0d0
Rule ID: ./rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf:476--0x2beb180
Rule ID: ./rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf:103--0x2c07ba0
Rule ID: ./rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf:137--0x2d7c5b0
Rule ID: ./rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf:151--0x2d8d7f0
Rule ID: ./rules/RESPONSE-959-BLOCKING-EVALUATION.conf:115--0x2d95690
Rule ID: ./rules/RESPONSE-980-CORRELATION.conf:127--0x2dac940
Rule ID: ./rules/RESPONSE-980-CORRELATION.conf:165--0x2db1a10
Phase: 1 (40 rules)
Segmentation fault (core dumped)

how to fix it ?

[zimmerle]

Hi, @kaingeyy

Can you provide us the stack trace for the error using gdb?

[kaingeyy]

strace_log.txt
strace -o strace_log ./test

[kaingeyy]

add line "SecRule id:id:941110" ... to file basic_rules.conf
./test success , not failed
:(
why ??

[zimmerle]

@kaingeyy,

It will be interesting to have the gdb stack trace. Do you think you can share it?

[kaingeyy]

29 const char *error = NULL;
(gdb)
34 modsec = msc_init();
(gdb)
36 msc_set_connector_info(modsec, "ModSecurity-test v0.0.1-alpha (Simple "
(gdb)
34 modsec = msc_init();
(gdb)
36 msc_set_connector_info(modsec, "ModSecurity-test v0.0.1-alpha (Simple "
(gdb)
39 rules = msc_create_rules_set();
(gdb)
41 ret = msc_rules_add_file(rules, main_rule_uri, &error);
(gdb)
39 rules = msc_create_rules_set();
(gdb)
41 ret = msc_rules_add_file(rules, main_rule_uri, &error);
(gdb)
42 if (ret < 0) {
(gdb)
47 msc_rules_dump(rules);
(gdb)
Phase: 0 (1 rules)
Rule ID: ./rule/REQUEST-941-APPLICATION-ATTACK-XSS.conf:884--0x6beaa0
Phase: 1 (1 rules)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6db4cb8 in std::basic_string<char, std::char_traits, std::allocator >::basic_string(std::string const&) ()
from /lib64/libstdc++.so.6
(gdb)

[kaingeyy]

comment function msc_rules_dump(rules) , test program success 👍
//msc_rules_dump(rules);

[kaingeyy]

backtrace:
(gdb) bt
#0 0x00007ffff6db4cb8 in std::basic_string<char, std::char_traits, std::allocator >::basic_string(std::string const&) ()
from /lib64/libstdc++.so.6
#1 0x00007ffff7aa5975 in operator+<char, std::char_traits, std::allocator > (__rhs=0x7ffff7b66790 ":", __lhs=...,
this=) at /usr/include/c++/4.8.2/bits/basic_string.h:2405
#2 modsecurity::Rule::getReference (this=) at ../headers/modsecurity/rule.h:93
#3 0x00007ffff7ac25b7 in dump (this=0x611660) at ../headers/modsecurity/rules.h:45
#4 modsecurity::RulesSetPhases::dump (this=this@entry=0x611648) at rules_set_phases.cc:74
#5 0x00007ffff7abf67c in modsecurity::RulesSet::dump (this=this@entry=0x6111d0) at rules_set.cc:260
#6 0x00007ffff7abf685 in modsecurity::msc_rules_dump (rules=rules@entry=0x6111d0) at rules_set.cc:270
#7 0x0000000000400bc0 in main (argc=, argv=) at test.c:47

[zimmerle]

@kaingeyy are you using 3.1-experimental branch?