Skip to content

Commit 40798f3

Browse files
committed
fix: use per version config file
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
1 parent a70cd51 commit 40798f3

3 files changed

Lines changed: 27 additions & 6 deletions

File tree

.github/workflows/verifyimage.yml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,17 @@ jobs:
8383

8484
- name: Run ${{ matrix.target }}
8585
run: |
86+
# get the major version from the matrix.target
87+
# Format: apache-debian-3-3-7, apache-alpine-4-18-0, nginx-debian-writable-3-3-7, nginx-alpine-writable-4-18-0
88+
if echo "${{ matrix.target }}" | grep -q "nginx"; then
89+
# nginx format: nginx-debian-writable-3-3-7 (5 parts) -> get $4
90+
CRS_VERSION="v$(echo "${{ matrix.target }}" | awk -F'-' '{print $4}')"
91+
else
92+
# apache format: apache-debian-3-3-7 (4 parts) -> get $3
93+
CRS_VERSION="v$(echo "${{ matrix.target }}" | awk -F'-' '{print $3}')"
94+
fi
8695
. .github/workflows/configure-rules-for-test.sh \
87-
src/opt/modsecurity/configure-rules.conf \
96+
src/opt/modsecurity/configure-rules.${CRS_VERSION}.conf \
8897
README.md \
8998
"${{ matrix.target }}.env"
9099
echo "Starting container ${{ matrix.target }}-verification"

src/opt/modsecurity/configure-rules.sh

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,12 +67,25 @@ EOF
6767
# by either `,`, `'`, or `"`, depending on whether it's the last line of the rule
6868
# and whether the expression is enclosed in single quotes.
6969
# Use `#` as pattern delimiter, as `/` is part of some variable values.
70-
ed -s "${setup_conf_path}" <<EOF 2 > /dev/null
70+
# Try to find and update the variable (with or without quotes)
71+
if ed -s "${setup_conf_path}" <<EOF 2 > /dev/null
7172
/id:${rule}/
72-
/setvar:[']*tx\.${tx_var_name}=/
73-
s#=[^,'"]*#=${var_value}#
73+
/setvar:tx\.${tx_var_name}=/
74+
s#=[^,"']*#=${var_value}#
7475
wq
7576
EOF
77+
then
78+
# Success with unquoted pattern
79+
true
80+
else
81+
# Try with quoted pattern
82+
ed -s "${setup_conf_path}" <<EOF 2 > /dev/null
83+
/id:${rule}/
84+
/setvar:'tx\.${tx_var_name}=/
85+
s#=.*'\"#=${var_value}'\"#
86+
wq
87+
EOF
88+
fi
7689
}
7790

7891
should_set() {

src/opt/modsecurity/configure-rules.v3.conf

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,7 @@ false|ALLOWED_REQUEST_CONTENT_TYPE|900220|allowed_request_content_type|applicati
1616
false|ALLOWED_REQUEST_CONTENT_TYPE_CHARSET|900280|allowed_request_content_type_charset|utf-8
1717
false|ALLOWED_HTTP_VERSIONS|900230|allowed_http_versions|1.1
1818
false|RESTRICTED_EXTENSIONS|900240|restricted_extensions|.exe/
19-
false|RESTRICTED_HEADERS_BASIC|900250|restricted_headers_basic|/if/
20-
false|RESTRICTED_HEADERS_EXTENDED|900255|restricted_headers_extended|/x-some-header/
19+
false|RESTRICTED_HEADERS_BASIC|900250|restricted_headers|/if/
2120
false|MAX_NUM_ARGS|900300|max_num_args|100
2221
false|ARG_NAME_LENGTH|900310|arg_name_length|200
2322
false|ARG_LENGTH|900320|arg_length|300

0 commit comments

Comments
 (0)