January 28, 2019 21:12 · February 7, 2019 15:54 · February 12, 2019 13:41 · April 5, 2019 14:14 · June 3, 2019 23:05 · March 23, 2020 15:02
 ;rps_avg,latency_avg,workers_utime_avg,revision,date,commit_log
 529.30,98.20,978.30,dc78c0e180d09aa1b2f0ffad1a8d6967e69f984f,2019-01-21 14:44:31 -0300,Fix: Extra whitespace in some configuration directives causing error
 502.17,103.73,978.70,df3c3f62b74eb5d8b6e0ac89aeb703335675ca31,2019-01-18 10:48:04 -0300,Cosmetics: coding style
 464.73,113.22,977.90,ad28de4f14e47d3c6b479a1d043f2bd0b7a17706,2019-01-17 01:55:17 +0300,Refactor regex code
 499.59,105.01,978.60,e0a0fa05cc6a1419f5e7f5085af50ec5b9f1915f,2019-01-14 16:29:48 -0300,CHANGES: Info on #2002
 541.67,96.22,982.70,ae020763402c1d4044b6565654f508370a3d58a6,2019-01-14 09:04:45 +0300,Fixed buffer overflow in Utils::Md5::hexdigest()
 540.06,96.31,981.60,3c1fba278c14fe9b63cff80a3ae32df82ba042ac,2019-01-08 10:35:33 -0300,CHANGES: Adds info about #1990
 509.50,102.28,980.10,7c19ffea64a78f9896dfdad43be195655469e52b,2018-12-25 18:50:24 +0300,Implemented merge_bodylimitaction_value() for BodyLimitAction
 530.70,98.01,980.20,3c41751edac579d8d930f91f718dab46f90de3e5,2018-12-
 ==5853== 
 ==5853== Use of uninitialised value of size 8
 ==5853==    at 0x76FD4D5: ??? (in /usr/lib/libre2.so.0.0.0)
 ==5853==    by 0x76FE461: ??? (in /usr/lib/libre2.so.0.0.0)
 ==5853==    by 0x76DB3C7: ??? (in /usr/lib/libre2.so.0.0.0)
 ==5853==    by 0x76DD3A2: ??? (in /usr/lib/libre2.so.0.0.0)
 ==5853==    by 0x7705E2D: re2::RE2::Init(re2::StringPiece const&, re2::RE2::Options const&) (in /usr/lib/libre2.so.0.0.0)
 ==5853==    by 0x7706DE3: re2::RE2::RE2(re2::StringPiece const&, re2::RE2::Options const&) (in /usr/lib/libre2.so.0.0.0)
 ==5853==    by 0x1F2479: modsecurity::regex::backend::Re2::Re2(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (re2.cc:43)
 ==5853==    by 0x1D8BB0: modsecurity::regex::backend::Backend* modsecurity::regex::compile_regex_fallback<modsecurity::regex::backend::Re2, modsecurity::regex::backend::Pcre>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (backend_fallback.h:32)
    if (keyl == "cookie") {
        size_t localOffset = m_variableOffset;
        std::vector<std::string> cookies = utils::string::ssplit(value, ';');
        for (const std::string &c : cookies) {
            std::vector<std::string> s = utils::string::split(c, '=');
            if (s.size() > 1) {
                if (s[0].at(0) == ' ') {
                    s[0].erase(0, 1);
                }
                m_variableRequestCookiesNames.set(s[0], s[0], localOffset);

 SecRule REQUEST_FILENAME "@pmFromFile https://www.modsecurity.org/modsecurity-regression-test.txt" "id:'123',phase:2,log,pass,t:none"

 airween [7:04 PM]
 here is an issue:
 https://github.com/SpiderLabs/ModSecurity/issues/1960

 and a possible solution:
 https://github.com/airween/ModSecurity/tree/v3/issue-1960
 GitHub
 SecRuleEngine ignore DetectionOnly · Issue #1960 · SpiderLabs/ModSecurity
 Describe the bug it seems that the latest v3/master completely ignores the DetectionOnly SecRuleEngine configuration. When a rule match, I get always the default disruptive action even if SecRuleEn...
 GitHub
 diff --git a/test/fuzzer/afl_fuzzer.cc b/test/fuzzer/afl_fuzzer.cc
 index 9c7fe3a5..f2234141 100644
 --- a/test/fuzzer/afl_fuzzer.cc
 +++ b/test/fuzzer/afl_fuzzer.cc
 @@ -23,8 +23,8 @@
  * for i in $(ls -l src/actions/transformations/*.h | awk {'print $9'}); do echo "#include \"$i\""; done;
  *
  */
 -#include "src/actions/transformations/base64_decode_ext.h"
 #include "src/actions/transformations/base64_decode.h"
 [1591979490] [] [4] Initializing transaction
 [1591979490] [] [4] Transaction context created.
 [1591979490] [] [4] Starting phase CONNECTION. (SecRules 0)
 [1591979490] [] [9] This phase consists of 0 rule(s).
 [1591979490] [] [4] Starting phase URI. (SecRules 0 + 1/2)
 [1591979490] [/] [4] Starting phase REQUEST_HEADERS.  (SecRules 1)
 [1591979490] [/] [9] This phase consists of 0 rule(s).
 [1591979490] [/] [4] Starting phase REQUEST_BODY. (SecRules 2)
 [1591979490] [/] [9] This phase consists of 1 rule(s).
 [1591979490] [/] [4] (Rule: 159) Executing operator "Rx" with param "3" against MODSEC_BUILD.
 [  
  {  
    "enabled":1,
    "version_min":300000,
    "title":"Test case to exemplify the discussion on issue #2368",
    "client":{  
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{  
 #!env python

 from scholarly import scholarly
 import sys


 authors_pub = """
 Aad van Moorsel
 Felipe Zimmerle da N. Costa
 ...
 thread '<unnamed>' panicked at 'attempted to leave type `nodrop::NoDrop<(epoch::Epoch, garbage::Bag)>` uninitialized, which is invalid', /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/core/src/mem/mod.rs:658:9
 stack backtrace:
 Block 73000H: 00000000005936a8d5637765967ad4da3599596adf19879f5e65d6940da7fa64
   0:     0x564a68ac1d50 - std::backtrace_rs::backtrace::libunwind::trace::h72c2fb8038f1bbee
                               at /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/std/src/../../backtrace/src/backtrace/libunwind.rs:96
   1:     0x564a68ac1d50 - std::backtrace_rs::backtrace::trace_unsynchronized::h1e3b084883f1e78c
                               at /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/std/src/../../backtrace/src/backtrace/mod.rs:66
   2:     0x564a68ac1d50 - std::sys_common::backtrace::_print_fmt::h3bf6a7ebf7f0394a
                               at /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/std/src/sys_common/backtrace.rs:79
   3:     0x564a68ac1d50 -
	;rps_avg,latency_avg,workers_utime_avg,revision,date,commit_log
	529.30,98.20,978.30,dc78c0e180d09aa1b2f0ffad1a8d6967e69f984f,2019-01-21 14:44:31 -0300,Fix: Extra whitespace in some configuration directives causing error
	502.17,103.73,978.70,df3c3f62b74eb5d8b6e0ac89aeb703335675ca31,2019-01-18 10:48:04 -0300,Cosmetics: coding style
	464.73,113.22,977.90,ad28de4f14e47d3c6b479a1d043f2bd0b7a17706,2019-01-17 01:55:17 +0300,Refactor regex code
	499.59,105.01,978.60,e0a0fa05cc6a1419f5e7f5085af50ec5b9f1915f,2019-01-14 16:29:48 -0300,CHANGES: Info on #2002
	541.67,96.22,982.70,ae020763402c1d4044b6565654f508370a3d58a6,2019-01-14 09:04:45 +0300,Fixed buffer overflow in Utils::Md5::hexdigest()
	540.06,96.31,981.60,3c1fba278c14fe9b63cff80a3ae32df82ba042ac,2019-01-08 10:35:33 -0300,CHANGES: Adds info about #1990
	509.50,102.28,980.10,7c19ffea64a78f9896dfdad43be195655469e52b,2018-12-25 18:50:24 +0300,Implemented merge_bodylimitaction_value() for BodyLimitAction
	530.70,98.01,980.20,3c41751edac579d8d930f91f718dab46f90de3e5,2018-12-
	==5853==
	==5853== Use of uninitialised value of size 8
	==5853== at 0x76FD4D5: ??? (in /usr/lib/libre2.so.0.0.0)
	==5853== by 0x76FE461: ??? (in /usr/lib/libre2.so.0.0.0)
	==5853== by 0x76DB3C7: ??? (in /usr/lib/libre2.so.0.0.0)
	==5853== by 0x76DD3A2: ??? (in /usr/lib/libre2.so.0.0.0)
	==5853== by 0x7705E2D: re2::RE2::Init(re2::StringPiece const&, re2::RE2::Options const&) (in /usr/lib/libre2.so.0.0.0)
	==5853== by 0x7706DE3: re2::RE2::RE2(re2::StringPiece const&, re2::RE2::Options const&) (in /usr/lib/libre2.so.0.0.0)
	==5853== by 0x1F2479: modsecurity::regex::backend::Re2::Re2(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (re2.cc:43)
	==5853== by 0x1D8BB0: modsecurity::regex::backend::Backend* modsecurity::regex::compile_regex_fallback<modsecurity::regex::backend::Re2, modsecurity::regex::backend::Pcre>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (backend_fallback.h:32)
	if (keyl == "cookie") {
	size_t localOffset = m_variableOffset;
	std::vector<std::string> cookies = utils::string::ssplit(value, ';');
	for (const std::string &c : cookies) {
	std::vector<std::string> s = utils::string::split(c, '=');
	if (s.size() > 1) {
	if (s[0].at(0) == ' ') {
	s[0].erase(0, 1);
	}
	m_variableRequestCookiesNames.set(s[0], s[0], localOffset);

	SecRule REQUEST_FILENAME "@pmFromFile https://www.modsecurity.org/modsecurity-regression-test.txt" "id:'123',phase:2,log,pass,t:none"
	airween [7:04 PM]
	here is an issue:
	https://github.com/SpiderLabs/ModSecurity/issues/1960

	and a possible solution:
	https://github.com/airween/ModSecurity/tree/v3/issue-1960
	GitHub
	SecRuleEngine ignore DetectionOnly · Issue #1960 · SpiderLabs/ModSecurity
	Describe the bug it seems that the latest v3/master completely ignores the DetectionOnly SecRuleEngine configuration. When a rule match, I get always the default disruptive action even if SecRuleEn...
	GitHub
	diff --git a/test/fuzzer/afl_fuzzer.cc b/test/fuzzer/afl_fuzzer.cc
	index 9c7fe3a5..f2234141 100644
	--- a/test/fuzzer/afl_fuzzer.cc
	+++ b/test/fuzzer/afl_fuzzer.cc
	@@ -23,8 +23,8 @@
	* for i in $(ls -l src/actions/transformations/*.h \| awk {'print $9'}); do echo "#include \"$i\""; done;
	*
	*/
	-#include "src/actions/transformations/base64_decode_ext.h"
	#include "src/actions/transformations/base64_decode.h"
	[1591979490] [] [4] Initializing transaction
	[1591979490] [] [4] Transaction context created.
	[1591979490] [] [4] Starting phase CONNECTION. (SecRules 0)
	[1591979490] [] [9] This phase consists of 0 rule(s).
	[1591979490] [] [4] Starting phase URI. (SecRules 0 + 1/2)
	[1591979490] [/] [4] Starting phase REQUEST_HEADERS. (SecRules 1)
	[1591979490] [/] [9] This phase consists of 0 rule(s).
	[1591979490] [/] [4] Starting phase REQUEST_BODY. (SecRules 2)
	[1591979490] [/] [9] This phase consists of 1 rule(s).
	[1591979490] [/] [4] (Rule: 159) Executing operator "Rx" with param "3" against MODSEC_BUILD.
	[
	{
	"enabled":1,
	"version_min":300000,
	"title":"Test case to exemplify the discussion on issue #2368",
	"client":{
	"ip":"200.249.12.31",
	"port":123
	},
	"server":{
	#!env python

	from scholarly import scholarly
	import sys


	authors_pub = """
	Aad van Moorsel
	Felipe Zimmerle da N. Costa
	...
	thread '<unnamed>' panicked at 'attempted to leave type `nodrop::NoDrop<(epoch::Epoch, garbage::Bag)>` uninitialized, which is invalid', /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/core/src/mem/mod.rs:658:9
	stack backtrace:
	Block 73000H: 00000000005936a8d5637765967ad4da3599596adf19879f5e65d6940da7fa64
	0: 0x564a68ac1d50 - std::backtrace_rs::backtrace::libunwind::trace::h72c2fb8038f1bbee
	at /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/std/src/../../backtrace/src/backtrace/libunwind.rs:96
	1: 0x564a68ac1d50 - std::backtrace_rs::backtrace::trace_unsynchronized::h1e3b084883f1e78c
	at /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/std/src/../../backtrace/src/backtrace/mod.rs:66
	2: 0x564a68ac1d50 - std::sys_common::backtrace::_print_fmt::h3bf6a7ebf7f0394a
	at /rustc/7eac88abb2e57e752f3302f02be5f3ce3d7adfb4/library/std/src/sys_common/backtrace.rs:79
	3: 0x564a68ac1d50 -