Skip to content

Add libinjection v4 migration audit (2026-04-03) #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Easton97-Jens wants to merge 43 commits into
base: v3/master-libinjection-v4.0-final
Choose a base branch
from
Open

Add libinjection v4 migration audit (2026-04-03) #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
8b082fb
Update ci_new.yml
Easton97-Jens Mar 29, 2026
8214a34
Update ci.yml
Easton97-Jens Mar 29, 2026
a65df3f
Update ci.yml
Easton97-Jens Mar 29, 2026
8b9659c
Update ci.yml
Easton97-Jens Mar 29, 2026
9d9986e
Update ci_new.yml
Easton97-Jens Mar 29, 2026
814e88f
Update ci.yml lua dynamisch
Easton97-Jens Mar 29, 2026
e68f6b1
Enhance CI to detect latest Lua dev package
Easton97-Jens Mar 29, 2026
b50a48d
Update ci.yml
Easton97-Jens Mar 29, 2026
6708f71
Update Lua package detection in CI workflow
Easton97-Jens Mar 29, 2026
9823d8e
Remove python3 from CI workflow installation
Easton97-Jens Mar 30, 2026
e68ad1c
Update CI workflow to remove python3 installation
Easton97-Jens Mar 30, 2026
633f2eb
Add capture/non-capture regression coverage for detectSQLi/XSS
Easton97-Jens Mar 30, 2026
b264dbf
Merge pull request #27 from Easton97-Jens/codex/add-regression-tests-…
Easton97-Jens Mar 30, 2026
fa02a62
Remove pcre
Easton97-Jens Mar 31, 2026
7b7f6d4
Pcre2 set
Easton97-Jens Mar 31, 2026
f33e339
Update macOS runners in CI workflow
Easton97-Jens Mar 31, 2026
7cd1d67
Fix Windows test include path and case-insensitive override matching
Easton97-Jens Mar 31, 2026
2aed15b
Merge pull request #31 from Easton97-Jens/codex/add-regression-tests-…
Easton97-Jens Mar 31, 2026
0af7e13
Update libinjection_adapter.cc
Easton97-Jens Apr 1, 2026
98c0f87
Add pcre support and update dependencies in CI
Easton97-Jens Apr 1, 2026
cfa0bcd
Update ci_new.yml
Easton97-Jens Apr 1, 2026
da00c6d
Merge pull request #3529 from Easton97-Jens/v3/master_update_workflows
airween Apr 1, 2026
d8c7395
Merge branch 'owasp-modsecurity:v3/master' into v3/master-libinjectio…
Easton97-Jens Apr 1, 2026
d6648d1
Add libinjection_error.h to Makefile.am
Easton97-Jens Apr 1, 2026
5c04f6b
Update ci_new.yml
Easton97-Jens Apr 1, 2026
4ae6875
Merge branch 'owasp-modsecurity:v3/master' into v3/master_update_work…
Easton97-Jens Apr 1, 2026
6997bb4
Update ci_new.yml
Easton97-Jens Apr 1, 2026
19ea6d0
Isolate transaction state in multithreaded unit tests
Easton97-Jens Apr 1, 2026
e152a09
Merge pull request #32 from Easton97-Jens/codex/review-multithreaded-…
Easton97-Jens Apr 1, 2026
db55832
Update ci_new.yml
Easton97-Jens Apr 1, 2026
e5d00df
Merge pull request #3531 from Easton97-Jens/v3/master_update_workflows
airween Apr 1, 2026
719d172
Merge branch 'v3/master' into v3/master-libinjection-v4.0-final
Easton97-Jens Apr 1, 2026
468f681
Update libinjection_adapter.cc
Easton97-Jens Apr 1, 2026
d19f58b
Update libinjection_adapter.h
Easton97-Jens Apr 1, 2026
91fbf35
Hide testing override functions from symbol table
Easton97-Jens Apr 3, 2026
e10e9e0
Log input in hex format for SQLi detection
Easton97-Jens Apr 3, 2026
29a461b
Add logging for input in XSS detection
Easton97-Jens Apr 3, 2026
7c104e4
Update multithreaded unit test implementation
Easton97-Jens Apr 3, 2026
0cf4f3c
Update libinjection_adapter.h
Easton97-Jens Apr 3, 2026
3e98c81
Guard log-only detect operator variables under NO_LOGS
Easton97-Jens Apr 3, 2026
e500702
Merge pull request #42 from Easton97-Jens/codex/fix-cppcheck-unreadva…
Easton97-Jens Apr 3, 2026
93a50a4
docs: strengthen evidence model in libinjection audit
Easton97-Jens Apr 3, 2026
82c63f9
docs: re-audit libinjection migration against official checklist
Easton97-Jens Apr 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 50 additions & 24 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,13 @@ name: Quality Assurance
on:
push:
pull_request:

jobs:
build-linux:
name: Linux (${{ matrix.platform.label }}, ${{ matrix.compiler.label }}, ${{ matrix.configure.label }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04]
platform:
Expand All @@ -33,18 +34,49 @@ jobs:
- platform: {label: "x32"}
configure: {label: "wo ssdeep"}
steps:
- name: Detect latest Lua dev package
id: detect_lua
shell: bash
run: |
set -euo pipefail

sudo apt-get update -y -qq

CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"

if [ -z "$CANDIDATES" ]; then
echo "No libluaX.Y-dev package found"
exit 1
fi

BEST_PKG="$(
printf '%s\n' "$CANDIDATES" \
| sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
| sort -V \
| tail -n1 \
| awk '{print $2}'
)"

if [ -z "$BEST_PKG" ]; then
echo "Failed to determine Lua package"
exit 1
fi

echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
echo "Using $BEST_PKG"

- name: Setup Dependencies (common)
run: |
sudo dpkg --add-architecture ${{ matrix.platform.arch }}
sudo apt-get update -y -qq
sudo apt-get install -y libyajl-dev:${{ matrix.platform.arch }} \
libcurl4-openssl-dev:${{ matrix.platform.arch }} \
liblmdb-dev:${{ matrix.platform.arch }} \
liblua5.2-dev:${{ matrix.platform.arch }} \
${{ steps.detect_lua.outputs.lua_pkg }}:${{ matrix.platform.arch }} \
libmaxminddb-dev:${{ matrix.platform.arch }} \
libpcre2-dev:${{ matrix.platform.arch }} \
pcre2-utils:${{ matrix.platform.arch }} \
bison flex
bison flex python3 python3-venv
- name: Setup Dependencies (x32)
if: ${{ matrix.platform.label == 'x32' }}
run: |
Expand All @@ -54,11 +86,11 @@ jobs:
- name: Setup Dependencies (x64)
if: ${{ matrix.platform.label == 'x64' }}
run: |
sudo apt-get install -y libgeoip-dev:${{ matrix.platform.arch }} \
libfuzzy-dev:${{ matrix.platform.arch }}
- uses: actions/checkout@v4
sudo apt-get install -y libfuzzy-dev:${{ matrix.platform.arch }}

- uses: actions/checkout@v6
with:
submodules: true
submodules: recursive
fetch-depth: 0
- name: build.sh
run: ./build.sh
Expand All @@ -77,6 +109,7 @@ jobs:
name: macOS (${{ matrix.configure.label }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [macos-14]
configure:
Expand Down Expand Up @@ -105,21 +138,12 @@ jobs:
ssdeep \
pcre \
bison \
flex
- uses: actions/checkout@v4
flex

- uses: actions/checkout@v6
with:
submodules: true
submodules: recursive
fetch-depth: 0
- name: Build GeoIP
run: |
git clone --depth 1 --no-checkout https://github.com/maxmind/geoip-api-c.git
cd geoip-api-c
git fetch --tags
# Check out the last release, v1.6.12
git checkout 4b526e7331ca1d692b74a0509ddcc725622ed31a
autoreconf --install
./configure --disable-dependency-tracking --disable-silent-rules --prefix=/opt/homebrew
make install
- name: build.sh
run: ./build.sh
- name: configure
Expand All @@ -134,6 +158,7 @@ jobs:
name: Windows (${{ matrix.platform.label }}, ${{ matrix.configure.label }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [windows-2022]
platform:
Expand All @@ -147,9 +172,9 @@ jobs:
- {label: "wo libxml", opt: "-DWITH_LIBXML2=OFF" }
- {label: "with lmdb", opt: "-DWITH_LMDB=ON" }
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
submodules: true
submodules: recursive
fetch-depth: 0
- name: Install Conan
run: |
Expand Down Expand Up @@ -195,9 +220,10 @@ jobs:
automake \
libtool \
cppcheck
- uses: actions/checkout@v4

- uses: actions/checkout@v6
with:
submodules: true
submodules: recursive
fetch-depth: 0
- name: configure
run: |
Expand Down
102 changes: 93 additions & 9 deletions .github/workflows/ci_new.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,45 @@ jobs:
fetch-depth: 0
submodules: recursive

- name: Install dependencies
- name: Detect latest Lua dev package
id: detect_lua
shell: bash
run: |
set -euo pipefail

sudo apt-get update -y -qq

CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"

if [ -z "$CANDIDATES" ]; then
echo "No libluaX.Y-dev package found"
exit 1
fi

BEST_PKG="$(
printf '%s\n' "$CANDIDATES" \
| sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
| sort -V \
| tail -n1 \
| awk '{print $2}'
)"

if [ -z "$BEST_PKG" ]; then
echo "Failed to determine Lua package"
exit 1
fi

echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
echo "Using $BEST_PKG"


- name: Install dependencies
run: |
sudo apt-get install -y \
libyajl-dev \
libcurl4-openssl-dev \
liblmdb-dev \
liblua5.2-dev \
${{ steps.detect_lua.outputs.lua_pkg }} \
libmaxminddb-dev \
libpcre2-dev \
libxml2-dev \
Expand All @@ -56,8 +87,15 @@ jobs:
libpcre3-dev \
bison \
flex \
pkg-config
pkg-config \
python3 \
python3-venv

- name: Show Lua installation
run: |
which lua || true
lua -v || true
dpkg -l | grep lua || true

- name: Run build preparation script
run: ./build.sh
Expand All @@ -78,11 +116,12 @@ jobs:

build-macos:
name: macOS (${{ matrix.configure.label }})
runs-on: macos-15
runs-on: ${{ matrix.os }}

strategy:
fail-fast: false
matrix:
os: [macos-15, macos-26]
configure:
- { label: "with parser generation", opt: "--enable-parser-generation" }
- { label: "without curl", opt: "--without-curl" }
Expand Down Expand Up @@ -196,7 +235,7 @@ jobs:

cppcheck:
name: Static analysis (cppcheck)
runs-on: macos-15
runs-on: macos-26

steps:
- uses: actions/checkout@v6
Expand Down Expand Up @@ -234,11 +273,47 @@ jobs:
with:
fetch-depth: 0
submodules: recursive

- name: Detect latest Lua packages
id: detect_lua
shell: bash
run: |
set -euo pipefail

apt-get update

CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"

if [ -z "$CANDIDATES" ]; then
echo "No libluaX.Y-dev package found"
exit 1
fi

BEST_PKG="$(
printf '%s\n' "$CANDIDATES" \
| sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
| sort -V \
| tail -n1 \
| awk '{print $2}'
)"

if [ -z "$BEST_PKG" ]; then
echo "Failed to determine Lua dev package"
printf '%s\n' "$CANDIDATES"
exit 1
fi

BEST_VER="$(printf '%s\n' "$BEST_PKG" | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1/')"
LUA_PKG="lua$BEST_VER"

echo "lua_dev_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
echo "lua_pkg=$LUA_PKG" >> "$GITHUB_OUTPUT"

echo "Using dev package: $BEST_PKG"
echo "Using interpreter: $LUA_PKG"

- name: Install dependencies (v2 style)
run: |
apt-get update
apt-get install -y \
autoconf \
automake \
Expand All @@ -249,15 +324,24 @@ jobs:
libyajl-dev \
libcurl4-openssl-dev \
liblmdb-dev \
liblua5.2-dev \
${{ steps.detect_lua.outputs.lua_dev_pkg }} \
${{ steps.detect_lua.outputs.lua_pkg }} \
libmaxminddb-dev \
libpcre2-dev \
libxml2-dev \
libfuzzy-dev \
pcre2-utils \
bison \
flex

flex \
python3 \
python3-venv

- name: Show Lua installation
run: |
which lua || true
lua -v || true
dpkg -l | grep lua || true

- name: Run build preparation script
run: ./build.sh

Expand Down
4 changes: 2 additions & 2 deletions build/win32/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ project(libModSecurityTests)

function(setTestTargetProperties executable)
target_compile_definitions(${executable} PRIVATE WITH_PCRE2)
target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers)
target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others)
target_link_libraries(${executable} PRIVATE libModSecurity pcre2::pcre2 dirent::dirent)
add_package_dependency(${executable} WITH_YAJL yajl::yajl HAVE_YAJL)
endfunction()
Expand Down Expand Up @@ -239,7 +239,7 @@ setTestTargetProperties(rules_optimization)
project(libModSecurityExamples)

function(setExampleTargetProperties executable)
target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers)
target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others)
target_link_libraries(${executable} PRIVATE libModSecurity)
endfunction()

Expand Down
Loading
Loading