8000 feat(apache): switch to pcre2 by fzipi · Pull Request #218 · coreruleset/modsecurity-crs-docker · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat(apache): switch to pcre2 #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Mar 12, 2025
Merged

feat(apache): switch to pcre2 #218

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
02547bd
feat(apache): switch to pcre2
fzipi Mar 17, 2024
d8c4546
chore: specify correct library name
theseion Mar 2, 2025
749eb60
chore: enable alpine images
theseion Mar 2, 2025
0be91fd
debugging
theseion Mar 2, 2025
2b7b423
chore: parameterize compilation flags
theseion Mar 9, 2025
e52d587
chore: also upload test run error logs
theseion Mar 9, 2025
60f2816
chore: exclude nginx-alpine builds from test runs
theseion Mar 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/configure-rules-for-test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ while read -r line; do
test_value="$(cut -d'|' -f5 <<< "${line}")"

if ! grep -q "${var_name}" "${readme_file}&qu 8000 ot;; then
echo "Failed to find environment variable `${var_name}` in README."
echo "Failed to find environment variable '${var_name}' in README."
exit 1
fi

Expand Down
12 changes: 12 additions & 0 deletions .github/workflows/verifyimage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,15 @@ jobs:
's#image: owasp/modsecurity-crs:${{ contains(matrix.target, 'apache') && 'apache' || 'nginx' }}.*#image: ${{ matrix.target }}-verification#' \
crs/tests/docker-compose.yml
- name: Run CRS tests for ${{ matrix.target }}
# Log flushing isn't reliable enough for go-ftw (https://github.com/coreruleset/go-ftw/issues/473)
if: ${{!contains(matrix.target, 'nginx-alpine')}}
run: |
cd crs
modsec_version="${{ contains(matrix.target, 'apache') && 'modsec2-apache' || 'modsec3-nginx' }}"
backend="${{ contains(matrix.target, 'apache') && 'httpd' || 'nginx' }}"
mkdir -p "tests/logs/${modsec_version}/{nginx,apache2}"
docker compose -f ./tests/docker-compose.yml up -d "${modsec_version}"
sleep 10
docker compose -f ./tests/docker-compose.yml logs
if ! [ "$(docker inspect ${modsec_version} --format='{{.State.Running}}')" = "true" ]; then
echo "Web server failed to start. Aborting."
Expand All @@ -146,3 +149,12 @@ jobs:
--log-file "tests/logs/${modsec_version}/error.log" \
--overrides "tests/regression/${backend}-overrides.yaml" \
--show-failures-only

- name: Upload logs
uses: actions/upload-artifact@v4
if: always()
with:
name: ${{ matrix.target }}-error.log
path: "crs/tests/logs/${{ contains(matrix.target, 'apache') && 'modsec2-apache' || 'modsec3-nginx' }}/error.log"
retention-days: 7
overwrite: true
6 changes: 4 additions & 2 deletions apache/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ ARG HTTPD_VERSION="n/a"
FROM image AS build

ARG MODSEC2_VERSION="n/a"
ARG MODSEC2_FLAGS="n/a"
ARG LUA_VERSION="n/a"

RUN set -eux; \
Expand All @@ -17,7 +18,7 @@ RUN set -eux; \
libaprutil1-dev \
libcurl4-gnutls-dev \
libfuzzy-dev \
libpcre3-dev \
libpcre2-dev \
libtool \
libxml2-dev \
libyajl-dev \
Expand All @@ -31,7 +32,7 @@ RUN set -eux; \
tar -zxvf v${MODSEC2_VERSION}.tar.gz; \
cd ModSecurity-${MODSEC2_VERSION}; \
./autogen.sh; \
./configure --with-yajl --with-ssdeep; \
./configure ${MODSEC2_FLAGS}; \
make; \
make install; \
make clean
Expand Down Expand Up @@ -173,6 +174,7 @@ RUN set -eux; \
libfuzzy2 \
liblua${LUA_VERSION} \
${LUA_MODULES} \
libpcre2-8-0 \
libxml2 \
libyajl2; \
update-ca-certificates -f; \
Expand Down
6 changes: 4 additions & 2 deletions apache/Dockerfile-alpine
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ ARG HTTPD_VERSION="n/a"
FROM image AS build

ARG MODSEC2_VERSION="n/a"
ARG MODSEC2_FLAGS="n/a"
ARG LUA_VERSION="n/a"

# see https://httpd.apache.org/docs/2.4/install.html#requirements
Expand Down Expand Up @@ -33,15 +34,15 @@ RUN set -eux; \
make \
openssl \
openssl-dev \
pcre-dev \
pcre2-dev \
zlib-dev

RUN set -eux; \
wget --quiet https://github.com/owasp-modsecurity/ModSecurity/archive/refs/tags/v${MODSEC2_VERSION}.tar.gz; \
tar -zxvf v${MODSEC2_VERSION}.tar.gz; \
cd ModSecurity-${MODSEC2_VERSION}; \
./autogen.sh; \
./configure --with-yajl --with-ssdeep --with-lmdb; \
./configure ${MODSEC2_FLAGS}; \
make; \
make install; \
make clean
Expand Down Expand Up @@ -184,6 +185,7 @@ RUN set -eux; \
${LUA_MODULES} \
moreutils \
openssl \
pcre2 \
sed \
tzdata \
yajl; \
Expand Down
38 changes: 24 additions & 14 deletions docker-bake.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,19 @@ variable "modsec3-version" {
default = "3.0.14"
}

variable "modsec3-flags" {
default = "--with-yajl --with-ssdeep --with-lmdb --with-pcre2 --with-maxmind --enable-silent-rules"
}

variable "modsec2-version" {
# renovate: depName=ModSecurity2 packageName=owasp-modsecurity/ModSecurity datasource=github-releases
default = "2.9.8"
}

variable "modsec2-flags" {
default = "--with-yajl --with-ssdeep --with-pcre2"
}

variable "crs-version" {
# renovate: depName=coreruleset/coreruleset datasource=github-releases
default = "4.12.0"
Expand Down Expand Up @@ -109,7 +117,9 @@ target "platforms-base" {
args = {
CRS_RELEASE = "${crs-version}"
MODSEC2_VERSION = "${modsec2-version}"
MODSEC2_FLAGS = modsec2-flags
MODSEC3_VERSION = "${modsec3-version}"
MODSEC3_FLAGS = modsec3-flags
LUA_VERSION = "${lua-version}"
LMDB_VERSION = "${lmdb-version}"
}
Expand All @@ -125,13 +135,13 @@ target "apache" {
lua_modules = join(" ", lua-modules-debian)
tag_base = "apache"
},
# {
# name = "alpine"
# dockerfile = "apache/Dockerfile-alpine"
# image = "docker-image://httpd:${httpd-version}-alpine"
# lua_modules = join(" ", lua-modules-alpine)
# tag_base = "apache-alpine"
# }
{
name = "alpine"
dockerfile = "apache/Dockerfile-alpine"
image = "docker-image://httpd:${httpd-version}-alpine"
lua_modules = join(" ", lua-modules-alpine)
tag_base = "apache-alpine"
}
]
}

Expand Down Expand Up @@ -159,13 +169,13 @@ target "nginx" {
lua_modules = join(" ", lua-modules-debian)
tag_base = "nginx"
},
# {
# name = "alpine"
# dockerfile = "nginx/Dockerfile-alpine"
# image = "docker-image://nginxinc/nginx-unprivileged:${nginx-version}-alpine"
# lua_modules = join(" ", lua-modules-alpine)
# tag_base = "nginx-alpine"
# }
{
name = "alpine"
dockerfile = "nginx/Dockerfile-alpine"
image = "docker-image://nginxinc/nginx-unprivileged:${nginx-version}-alpine"
lua_modules = join(" ", lua-modules-alpine)
tag_base = "nginx-alpine"
}
],
read-only-fs = [
{
Expand Down
7 changes: 3 additions & 4 deletions nginx/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ FROM image AS build

ARG NGINX_VERSION="n/a"
ARG MODSEC3_VERSION="n/a"
ARG MODSEC3_FLAGS="n/a"
ARG LMDB_VERSION="n/a"
ARG LUA_VERSION="n/a"
ARG NGINX_DYNAMIC_MODULES="n/a"
Expand All @@ -10,8 +11,6 @@ ARG READ_ONLY_FS="false"

USER root

# Note: libpcre3-dev (PCRE 1) is required by the build description,
# even though the build will use PCRE2.
RUN set -eux; \
echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections; \
apt-get update -qq; \
Expand All @@ -24,7 +23,6 @@ RUN set -eux; \
libcurl4-gnutls-dev \
libfuzzy-dev \
liblua${LUA_VERSION}-dev \
libpcre3-dev \
libpcre2-dev \
libtool \
libxml2-dev \
Expand Down Expand Up @@ -53,7 +51,7 @@ RUN set -eux; \
sed -ie "s/i386-linux-gnu/${ARCH}/g" build/ssdeep.m4; \
sed -ie "s/i386-linux-gnu/${ARCH}/g" build/pcre2.m4; \
./build.sh; \
./configure --with-yajl --with-ssdeep --with-pcre2 --with-maxmind --enable-silent-rules; \
./configure ${MODSEC3_FLAGS}; \
make -j$(nproc) install; \
strip /usr/local/modsecurity/lib/lib*.so*

Expand Down Expand Up @@ -243,6 +241,7 @@ RUN set -eux; \
libfuzzy2 \
liblua${LUA_VERSION} \
${LUA_MODULES} \
libpcre2-8-0 \
libxml2 \
libyajl2 \
libmaxminddb-dev \
Expand Down
5 changes: 2 additions & 3 deletions nginx/Dockerfile-alpine
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ FROM image AS build

ARG NGINX_VERSION="n/a"
ARG MODSEC3_VERSION="n/a"
ARG MODSEC3_FLAGS="n/a"
ARG LUA_VERSION="n/a"
ARG NGINX_DYNAMIC_MODULES="n/a"
ARG NGINX_HOME="n/a"
Expand Down Expand Up @@ -35,7 +36,6 @@ RUN set -eux; \
openssl-dev \
patch \
pkgconfig \
pcre-dev \
pcre2-dev \
yajl-dev \
zlib-dev
Expand All @@ -49,7 +49,7 @@ RUN set -eux; \
sed -ie "s/i386-linux-gnu/${ARCH}/g" build/ssdeep.m4; \
sed -ie "s/i386-linux-gnu/${ARCH}/g" build/pcre2.m4; \
./build.sh; \
./configure --with-yajl --with-ssdeep --with-lmdb --with-pcre2 --with-maxmind --enable-silent-rules; \
./configure ${MODSEC3_FLAGS}; \
make -j$(nproc) install; \
strip /usr/local/modsecurity/lib/lib*.so*

Expand Down Expand Up @@ -240,7 +240,6 @@ RUN set -eux; \
moreutils \
openssl \
tzdata \
pcre \
pcre2 \
# Alpine needs GNU 'sed' because the 'sed' program shipped with busybox does not support 'z' parameter for separating lines with a 'NUL' character.
sed \
44B0 Expand Down
Loading
0