Clean up CI and libinjection integration changes

- update adapter and detection sources
- improve multithreaded unit tests
- add SQLi/XSS logging changes
- hide test override symbols
- fix linker visibility for test hooks
- consolidate CI workflow updates
- update libinjection integration files
- improve tests and build configuration

Author: Easton97-Jens

.github/workflows/ci.yml

@@ -4,9 +4,6 @@ on:
   push:
   pull_request:
 
-env:
-  LUA_VERSION: "5.5"
-
 jobs:
   build-linux:
     name: Linux (${{ matrix.platform.label }}, ${{ matrix.compiler.label }}, ${{ matrix.configure.label }})
@@ -37,18 +34,49 @@ jobs:
           - platform: {label: "x32"}
             configure: {label: "wo ssdeep"}
     steps:
+      - name: Detect latest Lua dev package
+        id: detect_lua
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          sudo apt-get update -y -qq
+
+          CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
+
+          if [ -z "$CANDIDATES" ]; then
+            echo "No libluaX.Y-dev package found"
+            exit 1
+          fi
+
+          BEST_PKG="$(
+            printf '%s\n' "$CANDIDATES" \
+            | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
+            | sort -V \
+            | tail -n1 \
+            | awk '{print $2}'
+          )"
+
+          if [ -z "$BEST_PKG" ]; then
+            echo "Failed to determine Lua package"
+            exit 1
+          fi
+
+          echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
+          echo "Using $BEST_PKG"
+
       - name: Setup Dependencies (common)
         run: |
           sudo dpkg --add-architecture ${{ matrix.platform.arch }}
           sudo apt-get update -y -qq
           sudo apt-get install -y libyajl-dev:${{ matrix.platform.arch }} \
                                   libcurl4-openssl-dev:${{ matrix.platform.arch }} \
                                   liblmdb-dev:${{ matrix.platform.arch }} \
-                                  liblua${{ env.LUA_VERSION }}-dev:${{ matrix.platform.arch }} \
+                                  ${{ steps.detect_lua.outputs.lua_pkg }}:${{ matrix.platform.arch }} \
                                   libmaxminddb-dev:${{ matrix.platform.arch }} \
                                   libpcre2-dev:${{ matrix.platform.arch }} \
                                   pcre2-utils:${{ matrix.platform.arch }} \
-                                  bison flex
+                                  bison flex python3 python3-venv
       - name: Setup Dependencies (x32)
         if: ${{ matrix.platform.label == 'x32' }}
         run: |
@@ -58,8 +86,8 @@ jobs:
       - name: Setup Dependencies (x64)
         if: ${{ matrix.platform.label == 'x64' }}
         run: |
-          sudo apt-get install -y libgeoip-dev:${{ matrix.platform.arch }} \
-                                  libfuzzy-dev:${{ matrix.platform.arch }}
+          sudo apt-get install -y libfuzzy-dev:${{ matrix.platform.arch }}
+          
       - uses: actions/checkout@v6
         with:
           submodules: recursive
@@ -104,27 +132,18 @@ jobs:
                        libtool \
                        yajl \
                        lmdb \
-                       lua@${{ env.LUA_VERSION }} \
+                       lua \
                        libmaxminddb \
                        libxml2 \
                        ssdeep \
                        pcre \
                        bison \
-                       flex
+                       flex 
+                       
       - uses: actions/checkout@v6
         with:
           submodules: recursive
           fetch-depth: 0
-      - name: Build GeoIP
-        run: |
-          git clone --depth 1 --no-checkout https://github.com/maxmind/geoip-api-c.git
-          cd geoip-api-c
-          git fetch --tags
-          # Check out the last release, v1.6.12
-          git checkout 4b526e7331ca1d692b74a0509ddcc725622ed31a
-          autoreconf --install
-          ./configure --disable-dependency-tracking --disable-silent-rules --prefix=/opt/homebrew
-          make install
       - name: build.sh
         run: ./build.sh
       - name: configure
@@ -201,7 +220,8 @@ jobs:
                        automake \
                        libtool \
                        cppcheck
-      - uses: actions/checkout@v4
+                       
+      - uses: actions/checkout@v6
         with:
           submodules: recursive
           fetch-depth: 0

.github/workflows/ci_new.yml

@@ -4,9 +4,6 @@ on:
   push:
   pull_request:
 
-env:
-  LUA_VERSION: "5.5"
-
 jobs:
   build-linux:
     name: Linux (${{ matrix.platform.label }}, ${{ matrix.compiler.label }}, ${{ matrix.configure.label }})
@@ -43,14 +40,45 @@ jobs:
           fetch-depth: 0
           submodules: recursive
 
-      - name: Install dependencies
+      - name: Detect latest Lua dev package
+        id: detect_lua
+        shell: bash
         run: |
+          set -euo pipefail
+
           sudo apt-get update -y -qq
+
+          CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
+
+          if [ -z "$CANDIDATES" ]; then
+            echo "No libluaX.Y-dev package found"
+            exit 1
+          fi
+
+          BEST_PKG="$(
+            printf '%s\n' "$CANDIDATES" \
+            | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
+            | sort -V \
+            | tail -n1 \
+            | awk '{print $2}'
+          )"
+
+          if [ -z "$BEST_PKG" ]; then
+            echo "Failed to determine Lua package"
+            exit 1
+          fi
+
+          echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
+          echo "Using $BEST_PKG"
+
+
+      - name: Install dependencies
+        run: |
           sudo apt-get install -y \
             libyajl-dev \
             libcurl4-openssl-dev \
             liblmdb-dev \
-            liblua${{ env.LUA_VERSION }}-dev \
+            ${{ steps.detect_lua.outputs.lua_pkg }} \
             libmaxminddb-dev \
             libpcre2-dev \
             libxml2-dev \
@@ -63,6 +91,11 @@ jobs:
             python3 \
             python3-venv
 
+      - name: Show Lua installation
+        run: |
+          which lua || true
+          lua -v || true
+          dpkg -l | grep lua || true
 
       - name: Run build preparation script
         run: ./build.sh
@@ -83,11 +116,12 @@ jobs:
 
   build-macos:
     name: macOS (${{ matrix.configure.label }})
-    runs-on: macos-15
+    runs-on: ${{ matrix.os }}
 
     strategy:
       fail-fast: false
       matrix:
+        os: [macos-15, macos-26]
         configure:
           - { label: "with parser generation", opt: "--enable-parser-generation" }
           - { label: "without curl",    opt: "--without-curl" }
@@ -114,14 +148,13 @@ jobs:
                        libtool \
                        yajl \
                        lmdb \
-                       lua@${{ env.LUA_VERSION }} \
+                       lua \
                        libmaxminddb \
                        libxml2 \
                        ssdeep \
                        pcre \
                        bison \
-                       flex \
-                       python3 
+                       flex
 
       - name: Run build preparation script
         run: ./build.sh
@@ -202,7 +235,7 @@ jobs:
 
   cppcheck:
     name: Static analysis (cppcheck)
-    runs-on: macos-15
+    runs-on: macos-26
 
     steps:
       - uses: actions/checkout@v6
@@ -212,7 +245,7 @@ jobs:
 
       - name: Install cppcheck
         run: |
-          brew install autoconf automake libtool cppcheck libmaxminddb yajl lua@${{ env.LUA_VERSION }} lmdb ssdeep python3 
+          brew install autoconf automake libtool cppcheck libmaxminddb yajl lua lmdb ssdeep
 
       - name: Configure project
         run: |
@@ -240,11 +273,47 @@ jobs:
         with:
           fetch-depth: 0
           submodules: recursive
+          
+      - name: Detect latest Lua packages
+        id: detect_lua
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          apt-get update
+
+          CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
+
+          if [ -z "$CANDIDATES" ]; then
+            echo "No libluaX.Y-dev package found"
+            exit 1
+          fi
+
+          BEST_PKG="$(
+            printf '%s\n' "$CANDIDATES" \
+            | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
+            | sort -V \
+            | tail -n1 \
+            | awk '{print $2}'
+          )"
 
+          if [ -z "$BEST_PKG" ]; then
+            echo "Failed to determine Lua dev package"
+            printf '%s\n' "$CANDIDATES"
+            exit 1
+          fi
+
+          BEST_VER="$(printf '%s\n' "$BEST_PKG" | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1/')"
+          LUA_PKG="lua$BEST_VER"
+
+          echo "lua_dev_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
+          echo "lua_pkg=$LUA_PKG" >> "$GITHUB_OUTPUT"
+
+          echo "Using dev package: $BEST_PKG"
+          echo "Using interpreter: $LUA_PKG"
 
       - name: Install dependencies (v2 style)
         run: |
-          apt-get update
           apt-get install -y \
             autoconf \
             automake \
@@ -255,7 +324,8 @@ jobs:
             libyajl-dev \
             libcurl4-openssl-dev \
             liblmdb-dev \
-            liblua${{ env.LUA_VERSION }}-dev \
+            ${{ steps.detect_lua.outputs.lua_dev_pkg }} \
+            ${{ steps.detect_lua.outputs.lua_pkg }} \
             libmaxminddb-dev \
             libpcre2-dev \
             libxml2-dev \
@@ -265,7 +335,13 @@ jobs:
             flex \
             python3 \
             python3-venv
-
+            
+      - name: Show Lua installation
+        run: |
+          which lua || true
+          lua -v || true
+          dpkg -l | grep lua || true
+            
       - name: Run build preparation script
         run: ./build.sh
 

others/Makefile.am

@@ -15,6 +15,7 @@ noinst_HEADERS = \
 	libinjection/src/libinjection_sqli.h \
 	libinjection/src/libinjection_sqli_data.h \
 	libinjection/src/libinjection_xss.h \
+	libinjection/src/libinjection_error.h \
 	mbedtls/include/mbedtls/base64.h \
 	mbedtls/include/mbedtls/check_config.h \
 	mbedtls/include/mbedtls/mbedtls_config.h \

src/operators/detect_sqli.cc

@@ -22,12 +22,17 @@
 #include "src/operators/operator.h"
 #include "src/operators/libinjection_utils.h"
 #include "src/operators/libinjection_adapter.h"
+#include "src/utils/string.h"
 #include "libinjection/src/libinjection_error.h"
 
 namespace modsecurity::operators {
 
 bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
     const std::string& input, RuleMessage &ruleMessage) {
+#ifndef NO_LOGS
+    const std::string loggable_input =
+        utils::string::limitTo(80, utils::string::toHexIfNeeded(input));
+#endif
 
     std::array<char, 8> fingerprint{};
 
@@ -42,9 +47,11 @@ bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
         case LIBINJECTION_RESULT_TRUE:
             t->m_matched.emplace_back(fingerprint.data());
 
+#ifndef NO_LOGS
             ms_dbg_a(t, 4,
                 std::string("detected SQLi using libinjection with fingerprint '")
-                + fingerprint.data() + "' at: '" + input + "'");
+                + fingerprint.data() + "' at: '" + loggable_input + "'");
+#endif
 
             if (rule != nullptr && rule->hasCaptureAction()) {
                 t->m_collections.m_tx_collection->storeOrUpdateFirst(
@@ -57,11 +64,13 @@ bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
             break;
 
         case LIBINJECTION_RESULT_ERROR:
+#ifndef NO_LOGS
             ms_dbg_a(t, 4,
                 std::string("libinjection parser error during SQLi analysis (")
                 + libinjectionResultToString(sqli_result)
                 + "); treating as match (fail-safe). Input: '"
-                + input + "'");
+                + loggable_input + "'");
+#endif
 
             if (rule != nullptr && rule->hasCaptureAction()) {
                 t->m_collections.m_tx_collection->storeOrUpdateFirst(
@@ -77,9 +86,11 @@ bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
             break;
 
         case LIBINJECTION_RESULT_FALSE:
+#ifndef NO_LOGS
             ms_dbg_a(t, 9,
                 std::string("libinjection was not able to find any SQLi in: ")
-                + input);
+                + loggable_input);
+#endif
             break;
     }