owasp-modsecurity · Easton97-Jens · Dec 7, 2025 · Dec 7, 2025 · Dec 7, 2025 · Dec 7, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,10 +10,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-22.04]
+        os: [ubuntu-24.04]
         platform:
-          - {label: "x64", arch: "amd64", configure: ""}
-          - {label: "x32", arch: "i386", configure: "PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32"}
+          - {label: "x64", arch: "amd64", configure: ""}   # nur noch x64
         compiler:
           - {label: "gcc", cc: "gcc", cxx: "g++"}
           - {label: "clang", cc: "clang", cxx: "clang++"}
@@ -27,11 +26,8 @@ jobs:
           - {label: "wo ssdeep",  opt: "--without-ssdeep" }
           - {label: "with lmdb",  opt: "--with-lmdb" }
           - {label: "with pcre", opt: "--with-pcre" }
-        exclude:
-          - platform: {label: "x32"}
-            configure: {label: "wo geoip"}
-          - platform: {label: "x32"}
-            configure: {label: "wo ssdeep"}
+      # keine excludes mehr nötig – es gibt kein x32
+
     steps:
       - name: Setup Dependencies (common)
         run: |
@@ -40,36 +36,48 @@ jobs:
           sudo apt-get install -y libyajl-dev:${{ matrix.platform.arch }} \
                                   libcurl4-openssl-dev:${{ matrix.platform.arch }} \
                                   liblmdb-dev:${{ matrix.platform.arch }} \
-                                  liblua5.2-dev:${{ matrix.platform.arch }} \
+                                  liblua5.3-dev:${{ matrix.platform.arch }} \
                                   libmaxminddb-dev:${{ matrix.platform.arch }} \
                                   libpcre2-dev:${{ matrix.platform.arch }} \
                                   pcre2-utils:${{ matrix.platform.arch }} \
-                                  bison flex
-      - name: Setup Dependencies (x32)
-        if: ${{ matrix.platform.label == 'x32' }}
-        run: |
-          sudo apt-get install g++-multilib
-          sudo apt-get install -y libxml2-dev:${{ matrix.platform.arch }} \
-                                  libpcre3-dev:${{ matrix.platform.arch }}
+                                  libpcre3-dev:${{ matrix.platform.arch }} \
+                                  bison flex cmake \
+                                  libmbedtls-dev:${{ matrix.platform.arch }}
+      # x32-Setup fällt komplett weg
+
       - name: Setup Dependencies (x64)
         if: ${{ matrix.platform.label == 'x64' }}
         run: |
           sudo apt-get install -y libgeoip-dev:${{ matrix.platform.arch }} \
-                                  libfuzzy-dev:${{ matrix.platform.arch }}
-      - uses: actions/checkout@v4
+                                  libfuzzy-dev:${{ matrix.platform.arch }} 
+
+      - uses: actions/checkout@v6
         with:
           submodules: true
           fetch-depth: 0
-      - name: build.sh
-        run: ./build.sh
+
+      - name: Init git submodules
+        run: |
+          git submodule sync --recursive
+          git submodule update --init --recursive --force
+
+      - name: Build-Script ausführbar machen
+        run: chmod +x build_on_linux.sh
+
+      - name: build_on_linux.sh
+        run: ./build_on_linux.sh
+
       - name: configure
         env:
           CC: ${{ matrix.compiler.cc }}
           CXX: ${{ matrix.compiler.cxx }}
-        run: ./configure ${{ matrix.platform.configure }} ${{ matrix.configure.opt }} --enable-assertions=yes
+        run: ./configure ${{ matrix.configure.opt }} --enable-assertions=yes --disable-dependency-tracking
+
       - uses: ammaraskar/gcc-problem-matcher@master
+
       - name: make
         run: make -j `nproc`
+
       - name: check
         run: make check
 
@@ -78,22 +86,27 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [macos-14]
+        os: [macos-14, macos-15, macos-26]
         configure:
-          - {label: "with parser generation", opt: "--enable-parser-generation" }
-          - {label: "wo curl",    opt: "--without-curl" }
-          - {label: "wo lua",     opt: "--without-lua" }
-          - {label: "wo maxmind", opt: "--without-maxmind" }
-          - {label: "wo libxml",  opt: "--without-libxml" }
+          - {label: "with parser generation", opt: "--enable-parser-generation --without-geoip" }
+          - {label: "wo curl",    opt: "--without-curl --without-geoip" }
+          - {label: "wo lua",     opt: "--without-lua --without-geoip" }
+          - {label: "wo maxmind", opt: "--without-maxmind --without-geoip" }
+          - {label: "wo libxml",  opt: "--without-libxml --without-geoip" }
           - {label: "wo geoip",   opt: "--without-geoip" }
-          - {label: "wo ssdeep",  opt: "--without-ssdeep" }
-          - {label: "with lmdb",  opt: "--with-lmdb" }
-          - {label: "with pcre", opt: "--with-pcre" }
+          - {label: "wo ssdeep",  opt: "--without-ssdeep --without-geoip" }
+          - {label: "with lmdb",  opt: "--with-lmdb --without-geoip" }
+          - {label: "with pcre", opt: "--with-pcre --without-geoip" }
+
     steps:
-      - name: Setup Dependencies
-        # curl, pcre2 not installed because they're already
-        # included in the image
+      - name: Setup Homebrew
+        run: |
+          echo "PATH=/opt/homebrew/bin:$PATH" >> $GITHUB_ENV
+          echo "PKG_CONFIG_PATH=/opt/homebrew/lib/pkgconfig:/opt/homebrew/opt/openssl/lib/pkgconfig:/opt/homebrew/opt/pcre/lib/pkgconfig:/opt/homebrew/opt/pcre2/lib/pkgconfig:/opt/homebrew/opt/libxml2/lib/pkgconfig:/opt/homebrew/opt/curl/lib/pkgconfig:/opt/homebrew/opt/icu4c/lib/pkgconfig:/opt/homebrew/opt/openssl@3/lib/pkgconfig" >> $GITHUB_ENV
+
+      - name: Install Dependencies
         run: |
+          brew update
           brew install autoconf \
                        automake \
                        libtool \
@@ -105,103 +118,137 @@ jobs:
                        ssdeep \
                        pcre \
                        bison \
-                       flex
-      - uses: actions/checkout@v4
+                       flex \
+                       mbedtls
+
+      - uses: actions/checkout@v6
         with:
           submodules: true
           fetch-depth: 0
-      - name: Build GeoIP
+
+      - name: Init git submodules
         run: |
-          git clone --depth 1 --no-checkout https://github.com/maxmind/geoip-api-c.git
-          cd geoip-api-c
-          git fetch --tags
-          # Check out the last release, v1.6.12
-          git checkout 4b526e7331ca1d692b74a0509ddcc725622ed31a
-          autoreconf --install
-          ./configure --disable-dependency-tracking --disable-silent-rules --prefix=/opt/homebrew
-          make install
-      - name: build.sh
-        run: ./build.sh
+          git submodule sync --recursive
+          git submodule update --init --recursive --force
+
+      - name: Build-Script ausführbar machen
+        run: chmod +x build_on_macos.sh
+      - name: build_on_macos.sh
+        run: ./build_on_macos.sh
+
       - name: configure
-        run: ./configure ${{ matrix.configure.opt }} --enable-assertions=yes
+        env:
+          CPPFLAGS: -I/opt/homebrew/opt/mbedtls/include
+          LDFLAGS: -L/opt/homebrew/opt/mbedtls/lib
+        run: ./configure ${{ matrix.configure.opt }} --enable-assertions=yes --disable-dependency-tracking
+
       - uses: ammaraskar/gcc-problem-matcher@master
+
       - name: make
         run: make -j `sysctl -n hw.logicalcpu`
+
       - name: check
         run: make check
 
-  build-windows:
-    name: Windows (${{ matrix.platform.label }}, ${{ matrix.configure.label }})
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [windows-2022]
-        platform:
-          - {label: "x64", arch: "x86_64"}
-        configuration: [Release]
-        configure:
-          - {label: "full",       opt: "" }
-          - {label: "wo curl",    opt: "-DWITH_CURL=OFF" }
-          - {label: "wo lua",     opt: "-DWITH_LUA=OFF" }
-          - {label: "wo maxmind", opt: "-DWITH_MAXMIND=OFF" }
-          - {label: "wo libxml",  opt: "-DWITH_LIBXML2=OFF" }
-          - {label: "with lmdb",  opt: "-DWITH_LMDB=ON" }
+
+ # build-windows:
+ #    name: Windows (${{ matrix.configure.label }})
+ #    runs-on: windows-latest
+ #    strategy:
+ #      matrix:
+ #        configure:
+ #          - {label: "default", opt: "" }
+ #          - {label: "wo curl",    opt: "-DWITH_CURL=OFF" }
+ #         - {label: "wo lua",     opt: "-DWITH_LUA=OFF" }
+ #          - {label: "wo maxmind", opt: "-DWITH_MAXMIND=OFF" }
+  #         - {label: "wo libxml",  opt: "-DWITH_LIBXML2=OFF" }
+ #          - {label: "with lmdb",  opt: "-DWITH_LMDB=ON" }
+ #    steps:
+ #      - uses: actions/checkout@v6
+ #        with:
+  #         submodules: true
+  #         fetch-depth: 0
+ #      - name: Init git submodules
+ #        run: |
+  #         git submodule sync --recursive
+ #          git submodule update --init --recursive --force
+ #      - name: Install Conan
+ #        run: |
+ #          pip3 install conan
+ #      - name: Configure Conan
+ #        run: |
+ #          conan profile detect
+ #      - name: Configure CMake
+    #     run: |
+   #        cmake -S . -B build ${{ matrix.configure.opt }}
+  #     - name: Build
+ #        run: |
+ #          cmake --build build --config Release
+
+  cppcheck-linux:
+    name: cppcheck (Linux)
+    runs-on: ubuntu-24.04
+    timeout-minutes: 120
     steps:
-      - uses: actions/checkout@v4
+      - name: Setup Dependencies
+        run: |
+          sudo apt-get update -y -qq
+          sudo apt-get install -y \
+            cppcheck \
+            autoconf \
+            automake \
+            libtool
+      - uses: actions/checkout@v6
         with:
           submodules: true
           fetch-depth: 0
-      - name: Install Conan
+      - name: Init git submodules
         run: |
-          pip3 install conan --upgrade
-          conan profile detect
-      - uses: ammaraskar/msvc-problem-matcher@master
-      - name: Build ${{ matrix.configuration }} ${{ matrix.platform.arch }} ${{ matrix.configure.label }}
-        shell: cmd
-        run: vcbuild.bat ${{ matrix.configuration }} ${{ matrix.platform.arch }} NO_ASAN "${{ matrix.configure.opt }}"
-      - name: Set up test environment
-        working-directory: build\win32\build\${{ matrix.configuration }}
-        env:
-          BASE_DIR: ..\..\..\..
-        shell: cmd
-        run: |
-          copy unit_tests.exe %BASE_DIR%\test
-          copy regression_tests.exe %BASE_DIR%\test
-          copy libModSecurity.dll %BASE_DIR%\test
-          copy %BASE_DIR%\unicode.mapping %BASE_DIR%\test
-          md \tmp
-          md \bin
-          copy "C:\Program Files\Git\usr\bin\echo.exe" \bin
-          copy "C:\Program Files\Git\usr\bin\echo.exe" \bin\echo
-      - name: Disable tests that don't work on Windows
-        working-directory: test\test-cases\regression
-        shell: cmd
-        run: |
-          jq "map(if .title == \"Test match variable (1/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json
-          jq "map(if .title == \"Test match variable (2/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json
-          jq "map(if .title == \"Test match variable (3/n)\" then .enabled = 0 else . end)" issue-2423-msg-in-chain.json > tmp.json && move /Y tmp.json issue-2423-msg-in-chain.json
-          jq "map(if .title == \"Variable offset - FILES_NAMES\" then .enabled = 0 else . end)" offset-variable.json > tmp.json && move /Y tmp.json offset-variable.json
-      - name: Run tests
-        working-directory: build\win32\build
-        run: |
-          ctest -C ${{ matrix.configuration }} --output-on-failure
+          git submodule sync --recursive
+          git submodule update --init --recursive --force
+      - name: Build-Script ausführbar machen
+        run: chmod +x build_on_linux.sh
+
+      - name: build_on_linux.sh
+        run: ./build_on_linux.sh
+
+      - name: configure
+        run: ./configure --disable-dependency-tracking
 
-  cppcheck:
-    runs-on: [macos-14]
+      - name: cppcheck
+        run: make check-static JOBS=$(nproc)
+
+  cppcheck-macos:
+    name: cppcheck (macOS)
+    runs-on: macos-14
     steps:
       - name: Setup Dependencies
+        # curl, pcre2 not installed because they're from Apple
         run: |
+          brew update
           brew install autoconf \
                        automake \
                        libtool \
-                       cppcheck
-      - uses: actions/checkout@v4
+                       cppcheck \
+                       mbedtls
+      - uses: actions/checkout@v6
         with:
           submodules: true
           fetch-depth: 0
-      - name: configure
+      - name: Init git submodules
         run: |
-          ./build.sh
-          ./configure
+          git submodule sync --recursive
+          git submodule update --init --recursive --force
+      - name: Build-Script ausführbar machen
+        run: chmod +x build_on_macos.sh
+      - name: build_on_macos.sh
+        run: ./build_on_macos.sh
+
+      - name: configure
+        env:
+          CPPFLAGS: -I/opt/homebrew/opt/mbedtls/include
+          LDFLAGS: -L/opt/homebrew/opt/mbedtls/lib
+        run: ./configure --disable-dependency-tracking
+
       - name: cppcheck
-        run: make check-static
+        run: make check-static -j$(nproc)
diff --git a/Makefile.am b/Makefile.am
@@ -55,8 +55,13 @@ parser:
 
 
 
+# Anzahl der cppcheck-Jobs, von außen überschreibbar: JOBS=8 make check-static
+JOBS ?= 1
+
 cppcheck:
-	@cppcheck -U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \
+	@echo "Running cppcheck with $(JOBS) jobs..."
+	@cppcheck -j $(JOBS) \
+		-U YYSTYPE -U MBEDTLS_MD5_ALT -U MBEDTLS_SHA1_ALT \
 		-D MS_CPPCHECK_DISABLED_FOR_PARSER -U YY_USER_INIT \
 		--suppressions-list=./test/cppcheck_suppressions.txt \
 		--inline-suppr \
@@ -70,7 +75,6 @@ cppcheck:
 		--std=c++17 \
 		--force --verbose .
 
-
 check-static: cppcheck
 
 check-style: check-coding-style

diff --git a/bindings/python b/bindings/python
+11 −0		CHANGES
+5 −1		README.md
+25 −11		modsecurity/modsecurity.i
+31 −25		setup.py