owasp-modsecurity
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 50 additions & 24 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 50 additions & 24 deletions
diff --git a/‎.github/workflows/ci_new.yml‎
Lines changed: 93 additions & 9 deletions b/‎.github/workflows/ci_new.yml‎
Lines changed: 93 additions & 9 deletions
diff --git a/‎build/win32/CMakeLists.txt‎
Lines changed: 2 additions & 2 deletions b/‎build/win32/CMakeLists.txt‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎others/Makefile.am‎
Lines changed: 1 addition & 0 deletions b/‎others/Makefile.am‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Makefile.am‎
Lines changed: 1 addition & 0 deletions b/‎src/Makefile.am‎
Lines changed: 1 addition & 0 deletions
@@ -3,12 +3,13 @@ name: Quality Assurance
 on:
   push:
   pull_request:
-
+  
 jobs:
   build-linux:
     name: Linux (${{ matrix.platform.label }}, ${{ matrix.compiler.label }}, ${{ matrix.configure.label }})
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-22.04]
         platform:
@@ -33,18 +34,49 @@ jobs:
           - platform: {label: "x32"}
             configure: {label: "wo ssdeep"}
     steps:
+      - name: Detect latest Lua dev package
+        id: detect_lua
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          sudo apt-get update -y -qq
+
+          CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
+
+          if [ -z "$CANDIDATES" ]; then
+            echo "No libluaX.Y-dev package found"
+            exit 1
+          fi
+
+          BEST_PKG="$(
+            printf '%s\n' "$CANDIDATES" \
+            | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
+            | sort -V \
+            | tail -n1 \
+            | awk '{print $2}'
+          )"
+
+          if [ -z "$BEST_PKG" ]; then
+            echo "Failed to determine Lua package"
+            exit 1
+          fi
+
+          echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
+          echo "Using $BEST_PKG"
+
       - name: Setup Dependencies (common)
         run: |
           sudo dpkg --add-architecture ${{ matrix.platform.arch }}
           sudo apt-get update -y -qq
           sudo apt-get install -y libyajl-dev:${{ matrix.platform.arch }} \
                                   libcurl4-openssl-dev:${{ matrix.platform.arch }} \
                                   liblmdb-dev:${{ matrix.platform.arch }} \
-                                  liblua5.2-dev:${{ matrix.platform.arch }} \
+                                  ${{ steps.detect_lua.outputs.lua_pkg }}:${{ matrix.platform.arch }} \
                                   libmaxminddb-dev:${{ matrix.platform.arch }} \
                                   libpcre2-dev:${{ matrix.platform.arch }} \
                                   pcre2-utils:${{ matrix.platform.arch }} \
-                                  bison flex
+                                  bison flex python3 python3-venv
       - name: Setup Dependencies (x32)
         if: ${{ matrix.platform.label == 'x32' }}
         run: |
@@ -54,11 +86,11 @@ jobs:
       - name: Setup Dependencies (x64)
         if: ${{ matrix.platform.label == 'x64' }}
         run: |
-          sudo apt-get install -y libgeoip-dev:${{ matrix.platform.arch }} \
-                                  libfuzzy-dev:${{ matrix.platform.arch }}
-      - uses: actions/checkout@v4
+          sudo apt-get install -y libfuzzy-dev:${{ matrix.platform.arch }}
+          
+      - uses: actions/checkout@v6
         with:
-          submodules: true
+          submodules: recursive
           fetch-depth: 0
       - name: build.sh
         run: ./build.sh
@@ -77,6 +109,7 @@ jobs:
     name: macOS (${{ matrix.configure.label }})
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         os: [macos-14]
         configure:
@@ -105,21 +138,12 @@ jobs:
                        ssdeep \
                        pcre \
                        bison \
-                       flex
-      - uses: actions/checkout@v4
+                       flex 
+                       
+      - uses: actions/checkout@v6
         with:
-          submodules: true
+          submodules: recursive
           fetch-depth: 0
-      - name: Build GeoIP
-        run: |
-          git clone --depth 1 --no-checkout https://github.com/maxmind/geoip-api-c.git
-          cd geoip-api-c
-          git fetch --tags
-          # Check out the last release, v1.6.12
-          git checkout 4b526e7331ca1d692b74a0509ddcc725622ed31a
-          autoreconf --install
-          ./configure --disable-dependency-tracking --disable-silent-rules --prefix=/opt/homebrew
-          make install
       - name: build.sh
         run: ./build.sh
       - name: configure
@@ -134,6 +158,7 @@ jobs:
     name: Windows (${{ matrix.platform.label }}, ${{ matrix.configure.label }})
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         os: [windows-2022]
         platform:
@@ -147,9 +172,9 @@ jobs:
           - {label: "wo libxml",  opt: "-DWITH_LIBXML2=OFF" }
           - {label: "with lmdb",  opt: "-DWITH_LMDB=ON" }
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
-          submodules: true
+          submodules: recursive
           fetch-depth: 0
       - name: Install Conan
         run: |
@@ -195,9 +220,10 @@ jobs:
                        automake \
                        libtool \
                        cppcheck
-      - uses: actions/checkout@v4
+                       
+      - uses: actions/checkout@v6
         with:
-          submodules: true
+          submodules: recursive
           fetch-depth: 0
       - name: configure
         run: |
 
@@ -40,14 +40,45 @@ jobs:
           fetch-depth: 0
           submodules: recursive
 
-      - name: Install dependencies
+      - name: Detect latest Lua dev package
+        id: detect_lua
+        shell: bash
         run: |
+          set -euo pipefail
+
           sudo apt-get update -y -qq
+
+          CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
+
+          if [ -z "$CANDIDATES" ]; then
+            echo "No libluaX.Y-dev package found"
+            exit 1
+          fi
+
+          BEST_PKG="$(
+            printf '%s\n' "$CANDIDATES" \
+            | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
+            | sort -V \
+            | tail -n1 \
+            | awk '{print $2}'
+          )"
+
+          if [ -z "$BEST_PKG" ]; then
+            echo "Failed to determine Lua package"
+            exit 1
+          fi
+
+          echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
+          echo "Using $BEST_PKG"
+
+
+      - name: Install dependencies
+        run: |
           sudo apt-get install -y \
             libyajl-dev \
             libcurl4-openssl-dev \
             liblmdb-dev \
-            liblua5.2-dev \
+            ${{ steps.detect_lua.outputs.lua_pkg }} \
             libmaxminddb-dev \
             libpcre2-dev \
             libxml2-dev \
@@ -56,8 +87,15 @@ jobs:
             libpcre3-dev \
             bison \
             flex \
-            pkg-config
+            pkg-config \
+            python3 \
+            python3-venv
 
+      - name: Show Lua installation
+        run: |
+          which lua || true
+          lua -v || true
+          dpkg -l | grep lua || true
 
       - name: Run build preparation script
         run: ./build.sh
@@ -78,11 +116,12 @@ jobs:
 
   build-macos:
     name: macOS (${{ matrix.configure.label }})
-    runs-on: macos-15
+    runs-on: ${{ matrix.os }}
 
     strategy:
       fail-fast: false
       matrix:
+        os: [macos-15, macos-26]
         configure:
           - { label: "with parser generation", opt: "--enable-parser-generation" }
           - { label: "without curl",    opt: "--without-curl" }
@@ -196,7 +235,7 @@ jobs:
 
   cppcheck:
     name: Static analysis (cppcheck)
-    runs-on: macos-15
+    runs-on: macos-26
 
     steps:
       - uses: actions/checkout@v6
@@ -234,11 +273,47 @@ jobs:
         with:
           fetch-depth: 0
           submodules: recursive
+          
+      - name: Detect latest Lua packages
+        id: detect_lua
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          apt-get update
+
+          CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
+
+          if [ -z "$CANDIDATES" ]; then
+            echo "No libluaX.Y-dev package found"
+            exit 1
+          fi
+
+          BEST_PKG="$(
+            printf '%s\n' "$CANDIDATES" \
+            | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
+            | sort -V \
+            | tail -n1 \
+            | awk '{print $2}'
+          )"
+
+          if [ -z "$BEST_PKG" ]; then
+            echo "Failed to determine Lua dev package"
+            printf '%s\n' "$CANDIDATES"
+            exit 1
+          fi
 
+          BEST_VER="$(printf '%s\n' "$BEST_PKG" | sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1/')"
+          LUA_PKG="lua$BEST_VER"
+
+          echo "lua_dev_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
+          echo "lua_pkg=$LUA_PKG" >> "$GITHUB_OUTPUT"
+
+          echo "Using dev package: $BEST_PKG"
+          echo "Using interpreter: $LUA_PKG"
 
       - name: Install dependencies (v2 style)
         run: |
-          apt-get update
           apt-get install -y \
             autoconf \
             automake \
@@ -249,15 +324,24 @@ jobs:
             libyajl-dev \
             libcurl4-openssl-dev \
             liblmdb-dev \
-            liblua5.2-dev \
+            ${{ steps.detect_lua.outputs.lua_dev_pkg }} \
+            ${{ steps.detect_lua.outputs.lua_pkg }} \
             libmaxminddb-dev \
             libpcre2-dev \
             libxml2-dev \
             libfuzzy-dev \
             pcre2-utils \
             bison \
-            flex
-
+            flex \
+            python3 \
+            python3-venv
+            
+      - name: Show Lua installation
+        run: |
+          which lua || true
+          lua -v || true
+          dpkg -l | grep lua || true
+            
       - name: Run build preparation script
         run: ./build.sh
 
 
@@ -164,7 +164,7 @@ project(libModSecurityTests)
 
 function(setTestTargetProperties executable)
   target_compile_definitions(${executable} PRIVATE WITH_PCRE2)
-  target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers)
+  target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others)
   target_link_libraries(${executable} PRIVATE libModSecurity pcre2::pcre2 dirent::dirent)
   add_package_dependency(${executable} WITH_YAJL yajl::yajl HAVE_YAJL)
 endfunction()
@@ -239,7 +239,7 @@ setTestTargetProperties(rules_optimization)
 project(libModSecurityExamples)
 
 function(setExampleTargetProperties executable)
-  target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers)
+  target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others)
   target_link_libraries(${executable} PRIVATE libModSecurity)
 endfunction()
 
 
@@ -15,6 +15,7 @@ noinst_HEADERS = \
 	libinjection/src/libinjection_sqli.h \
 	libinjection/src/libinjection_sqli_data.h \
 	libinjection/src/libinjection_xss.h \
+	libinjection/src/libinjection_error.h \
 	mbedtls/include/mbedtls/base64.h \
 	mbedtls/include/mbedtls/check_config.h \
 	mbedtls/include/mbedtls/mbedtls_config.h \
 
@@ -187,6 +187,7 @@ OPERATORS = \
 	operators/contains_word.cc \
 	operators/detect_sqli.cc \
 	operators/detect_xss.cc \
+	operators/libinjection_adapter.cc \
 	operators/ends_with.cc \
 	operators/eq.cc \
 	operators/fuzzy_hash.cc \