rodsec 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/examples/modsec.ru +2 -1
  3. data/lib/rodsec/rack.rb +1 -4
  4. data/lib/rodsec/version.rb +1 -1
  5. data/lib/rodsec/wrapper.rb +24 -0
  6. data/rodsec.gemspec +1 -1
  7. data/spec/config/modsecurity.conf +3 -1
  8. metadata +16 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ac2432e156ba0488621acc680796b095b29593c0
4
- data.tar.gz: be4ecc12f5e5f56b4831e329da176f53d754c4b2
3
+ metadata.gz: 1924f01c61f44cdbbfe0fe31597887f0c7711fe7
4
+ data.tar.gz: a7ed7ab4ab2eef261eeb3b6035ad48efa75ad8ff
5
5
  SHA512:
6
- metadata.gz: 6cce1ddf8cc5277f245dab788578c6d9f3849f9fe665818bb0f9eda8895ed4d650392fab60434d31a7ed4dd4e7dcb06b946094104ddce0f80b77cf3794937de2
7
- data.tar.gz: 19c75b3098c58fd0a4fb363be350e84bc12e6bdf362bc72e7372f4844714fa2656f157e7d4786903715adb50ea5c333fd505d120d7c24ac465032c2d5f74d200
6
+ metadata.gz: 4de064f346d044c84008d29c16d1ac8178c00d73fe4cc03c07af0d3cc95c0edfdae1efe3d717141b43e8dfb9b88c77300566220e9002e09e24fbe857796889d2
7
+ data.tar.gz: d6844f3d327c7a0cca05dcf525e28c18be589d858a837d6827d3677ed7cc587374373d1e694b253db28a123190bcd84baa448b6e179d30de910a3773ea4551d1
data/examples/modsec.ru CHANGED
@@ -33,7 +33,8 @@ fn = Proc.new do |env|
33
33
  body = YAML.load_file Pathname(__dir__) + 'body.yml'
34
34
  ['200', {'Content-Type' => 'text/plain'}, body]
35
35
  else
36
- ['200', {}, []]
36
+ # older rack eg 1.4.7 Lint insists on a Content-Type here
37
+ ['200', {'Content-Type' => 'text/plain'}, ["This is a nonspecific response."]]
37
38
  end
38
39
  end
39
40
 
data/lib/rodsec/rack.rb CHANGED
@@ -22,8 +22,6 @@ module Rodsec
22
22
  # structured and you might want to parse them, so the tag
23
23
  # helps disambiguate the source of the logs.
24
24
  #
25
- # ? :msi_blk called with [status, headers, body] if there's an intervention from ModSecurity.
26
- #
27
25
  #
28
26
  # === Examples:
29
27
  #
@@ -32,11 +30,10 @@ module Rodsec
32
30
  def initialize app, config:, rules: nil, logger: nil, log_blk: nil
33
31
  @app = app
34
32
 
33
+ @logger = logger || StringIO.new
35
34
  @log_blk = log_blk || -> _tag, str{self.logger.puts str}
36
35
  @msc = Rodsec::Modsec.new{|tag,str| @log_blk.call tag, str}
37
36
 
38
- @logger = logger || StringIO.new
39
-
40
37
  @log_blk.call self.class, "#{self.class} starting with #{@msc.version_info}"
41
38
 
42
39
  set_rules config, rules
data/lib/rodsec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Rodsec
2
- VERSION = '0.0.2'
2
+ VERSION = '0.0.3'
3
3
  end
data/lib/rodsec/wrapper.rb CHANGED
@@ -11,6 +11,9 @@ module Rodsec
11
11
  msc_intervention = dlopen File.join __dir__, "msc_intervention.#{dlext}"
12
12
  dlload msc_intervention, MODSECURITY_SO_PATH
13
13
 
14
+ # required library version - RubyGems style
15
+ REQUIRED_MODSECURITY_VERSION = '~> 3.0.2'
16
+
14
17
  ###########################
15
18
  # from modsecurity/modsecurity.h
16
19
  typealias 'ModSecurity', 'void'
@@ -27,6 +30,27 @@ module Rodsec
27
30
  typealias 'ModSecLogCb', 'void (*) (void *, const void *)'
28
31
  extern 'void msc_set_log_cb(ModSecurity *msc, ModSecLogCb cb)'
29
32
 
33
+ # make sure the version of the library matches the version we need NOTE this
34
+ # duplicates some of the code in Rodsec::Modsec#version_info. But we need an
35
+ # instance of msc to get the version, and it's better to check the version
36
+ # here. lambda is just for local variable scoping.
37
+ lambda do
38
+ msc_ptr = Wrapper.msc_init
39
+ msc_ptr.free = Wrapper['msc_cleanup']
40
+
41
+ # This is the ModSecurity version required by this gem, in RubyGems format.
42
+ required_version = Gem::Requirement.new REQUIRED_MODSECURITY_VERSION
43
+ # parse actual version from library info
44
+ version_info = (Wrapper.msc_who_am_i msc_ptr).to_s
45
+ /v([\-\.\d]+)/ =~ version_info
46
+ actual_version = Gem::Version.new $1
47
+
48
+ # check that the library meets the required version
49
+ unless required_version.satisfied_by? actual_version
50
+ raise "#{Rodsec} needs ModSecurity #{required_version}, which doesn't match '#{version_info}' from #{Rodsec::MODSECURITY_SO_PATH}"
51
+ end
52
+ end.call
53
+
30
54
  ###########################
31
55
  # from modsecurity/rules.h
32
56
  typealias 'Rules', 'void'
data/rodsec.gemspec CHANGED
@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
31
31
 
32
32
  spec.extensions << %q[ext/msc_intervention/extconf.rb]
33
33
 
34
+ spec.add_dependency 'rack', '>= 1.4.7'
34
35
  spec.add_development_dependency 'bundler', '~> 1.15'
35
36
  spec.add_development_dependency 'rake', '~> 10.0'
36
37
  spec.add_development_dependency 'rspec', '~> 3.0'
37
38
  spec.add_development_dependency 'pry'
38
- spec.add_development_dependency 'rack', '~> 2'
39
39
  spec.add_development_dependency 'rake-compiler', '>= 1.0.5'
40
40
  end
data/spec/config/modsecurity.conf CHANGED
@@ -254,7 +254,9 @@ SecCookieFormat 0
254
254
  # to properly map encoded data to your language. Properly setting
255
255
  # these directives helps to reduce false positives and negatives.
256
256
  #
257
- SecUnicodeMapFile unicode.mapping 20127
257
+ # commented out for now, because it triggers an error
258
+ # "Rules error. File: rodsec/spec/config/modsecurity.conf. Line: 238. Column: 17. Failed to load locate the unicode map file from: unicode.mapping 20127 Looking at: 'unicode.mapping 20127', 'unicode.mapping 20127', 'rodsec/spec/config/unicode.mapping 20127', 'rodsec/spec/config/unicode.mapping 20127'. "]
259
+ # SecUnicodeMapFile unicode.mapping 20127
258
260
 
259
261
  # Improve the quality of ModSecurity by sharing information about your
260
262
  # current ModSecurity version and dependencies versions.
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodsec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Anderson
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-09-27 00:00:00.000000000 Z
11
+ date: 2018-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 1.4.7
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 1.4.7
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: bundler
15
29
  requirement: !ruby/object:Gem::Requirement
@@ -66,20 +80,6 @@ dependencies:
66
80
  - - ">="
67
81
  - !ruby/object:Gem::Version
68
82
  version: '0'
69
- - !ruby/object:Gem::Dependency
70
- name: rack
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "~>"
74
- - !ruby/object:Gem::Version
75
- version: '2'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '2'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rake-compiler
85
85
  requirement: !ruby/object:Gem::Requirement