rodsec 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/examples/modsec.ru +2 -1
- data/lib/rodsec/rack.rb +1 -4
- data/lib/rodsec/version.rb +1 -1
- data/lib/rodsec/wrapper.rb +24 -0
- data/rodsec.gemspec +1 -1
- data/spec/config/modsecurity.conf +3 -1
- metadata +16 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1924f01c61f44cdbbfe0fe31597887f0c7711fe7
|
|
4
|
+
data.tar.gz: a7ed7ab4ab2eef261eeb3b6035ad48efa75ad8ff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4de064f346d044c84008d29c16d1ac8178c00d73fe4cc03c07af0d3cc95c0edfdae1efe3d717141b43e8dfb9b88c77300566220e9002e09e24fbe857796889d2
|
|
7
|
+
data.tar.gz: d6844f3d327c7a0cca05dcf525e28c18be589d858a837d6827d3677ed7cc587374373d1e694b253db28a123190bcd84baa448b6e179d30de910a3773ea4551d1
|
data/examples/modsec.ru
CHANGED
|
@@ -33,7 +33,8 @@ fn = Proc.new do |env|
|
|
|
33
33
|
body = YAML.load_file Pathname(__dir__) + 'body.yml'
|
|
34
34
|
['200', {'Content-Type' => 'text/plain'}, body]
|
|
35
35
|
else
|
|
36
|
-
|
|
36
|
+
# older rack eg 1.4.7 Lint insists on a Content-Type here
|
|
37
|
+
['200', {'Content-Type' => 'text/plain'}, ["This is a nonspecific response."]]
|
|
37
38
|
end
|
|
38
39
|
end
|
|
39
40
|
|
data/lib/rodsec/rack.rb
CHANGED
|
@@ -22,8 +22,6 @@ module Rodsec
|
|
|
22
22
|
# structured and you might want to parse them, so the tag
|
|
23
23
|
# helps disambiguate the source of the logs.
|
|
24
24
|
#
|
|
25
|
-
# ? :msi_blk called with [status, headers, body] if there's an intervention from ModSecurity.
|
|
26
|
-
#
|
|
27
25
|
#
|
|
28
26
|
# === Examples:
|
|
29
27
|
#
|
|
@@ -32,11 +30,10 @@ module Rodsec
|
|
|
32
30
|
def initialize app, config:, rules: nil, logger: nil, log_blk: nil
|
|
33
31
|
@app = app
|
|
34
32
|
|
|
33
|
+
@logger = logger || StringIO.new
|
|
35
34
|
@log_blk = log_blk || -> _tag, str{self.logger.puts str}
|
|
36
35
|
@msc = Rodsec::Modsec.new{|tag,str| @log_blk.call tag, str}
|
|
37
36
|
|
|
38
|
-
@logger = logger || StringIO.new
|
|
39
|
-
|
|
40
37
|
@log_blk.call self.class, "#{self.class} starting with #{@msc.version_info}"
|
|
41
38
|
|
|
42
39
|
set_rules config, rules
|
data/lib/rodsec/version.rb
CHANGED
data/lib/rodsec/wrapper.rb
CHANGED
|
@@ -11,6 +11,9 @@ module Rodsec
|
|
|
11
11
|
msc_intervention = dlopen File.join __dir__, "msc_intervention.#{dlext}"
|
|
12
12
|
dlload msc_intervention, MODSECURITY_SO_PATH
|
|
13
13
|
|
|
14
|
+
# required library version - RubyGems style
|
|
15
|
+
REQUIRED_MODSECURITY_VERSION = '~> 3.0.2'
|
|
16
|
+
|
|
14
17
|
###########################
|
|
15
18
|
# from modsecurity/modsecurity.h
|
|
16
19
|
typealias 'ModSecurity', 'void'
|
|
@@ -27,6 +30,27 @@ module Rodsec
|
|
|
27
30
|
typealias 'ModSecLogCb', 'void (*) (void *, const void *)'
|
|
28
31
|
extern 'void msc_set_log_cb(ModSecurity *msc, ModSecLogCb cb)'
|
|
29
32
|
|
|
33
|
+
# make sure the version of the library matches the version we need NOTE this
|
|
34
|
+
# duplicates some of the code in Rodsec::Modsec#version_info. But we need an
|
|
35
|
+
# instance of msc to get the version, and it's better to check the version
|
|
36
|
+
# here. lambda is just for local variable scoping.
|
|
37
|
+
lambda do
|
|
38
|
+
msc_ptr = Wrapper.msc_init
|
|
39
|
+
msc_ptr.free = Wrapper['msc_cleanup']
|
|
40
|
+
|
|
41
|
+
# This is the ModSecurity version required by this gem, in RubyGems format.
|
|
42
|
+
required_version = Gem::Requirement.new REQUIRED_MODSECURITY_VERSION
|
|
43
|
+
# parse actual version from library info
|
|
44
|
+
version_info = (Wrapper.msc_who_am_i msc_ptr).to_s
|
|
45
|
+
/v([\-\.\d]+)/ =~ version_info
|
|
46
|
+
actual_version = Gem::Version.new $1
|
|
47
|
+
|
|
48
|
+
# check that the library meets the required version
|
|
49
|
+
unless required_version.satisfied_by? actual_version
|
|
50
|
+
raise "#{Rodsec} needs ModSecurity #{required_version}, which doesn't match '#{version_info}' from #{Rodsec::MODSECURITY_SO_PATH}"
|
|
51
|
+
end
|
|
52
|
+
end.call
|
|
53
|
+
|
|
30
54
|
###########################
|
|
31
55
|
# from modsecurity/rules.h
|
|
32
56
|
typealias 'Rules', 'void'
|
data/rodsec.gemspec
CHANGED
|
@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
|
|
|
31
31
|
|
|
32
32
|
spec.extensions << %q[ext/msc_intervention/extconf.rb]
|
|
33
33
|
|
|
34
|
+
spec.add_dependency 'rack', '>= 1.4.7'
|
|
34
35
|
spec.add_development_dependency 'bundler', '~> 1.15'
|
|
35
36
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
36
37
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
|
37
38
|
spec.add_development_dependency 'pry'
|
|
38
|
-
spec.add_development_dependency 'rack', '~> 2'
|
|
39
39
|
spec.add_development_dependency 'rake-compiler', '>= 1.0.5'
|
|
40
40
|
end
|
|
@@ -254,7 +254,9 @@ SecCookieFormat 0
|
|
|
254
254
|
# to properly map encoded data to your language. Properly setting
|
|
255
255
|
# these directives helps to reduce false positives and negatives.
|
|
256
256
|
#
|
|
257
|
-
|
|
257
|
+
# commented out for now, because it triggers an error
|
|
258
|
+
# "Rules error. File: rodsec/spec/config/modsecurity.conf. Line: 238. Column: 17. Failed to load locate the unicode map file from: unicode.mapping 20127 Looking at: 'unicode.mapping 20127', 'unicode.mapping 20127', 'rodsec/spec/config/unicode.mapping 20127', 'rodsec/spec/config/unicode.mapping 20127'. "]
|
|
259
|
+
# SecUnicodeMapFile unicode.mapping 20127
|
|
258
260
|
|
|
259
261
|
# Improve the quality of ModSecurity by sharing information about your
|
|
260
262
|
# current ModSecurity version and dependencies versions.
|
metadata
CHANGED
|
@@ -1,15 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodsec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- John Anderson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rack
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 1.4.7
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 1.4.7
|
|
13
27
|
- !ruby/object:Gem::Dependency
|
|
14
28
|
name: bundler
|
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -66,20 +80,6 @@ dependencies:
|
|
|
66
80
|
- - ">="
|
|
67
81
|
- !ruby/object:Gem::Version
|
|
68
82
|
version: '0'
|
|
69
|
-
- !ruby/object:Gem::Dependency
|
|
70
|
-
name: rack
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
72
|
-
requirements:
|
|
73
|
-
- - "~>"
|
|
74
|
-
- !ruby/object:Gem::Version
|
|
75
|
-
version: '2'
|
|
76
|
-
type: :development
|
|
77
|
-
prerelease: false
|
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
-
requirements:
|
|
80
|
-
- - "~>"
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
version: '2'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: rake-compiler
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|