headers
Ivan Ristic | 3 Jul 16:50

Re: problem with my regex and single line HTMLcomment in RESPONSE_BODY

On Thu, Jul 3, 2008 at 3:45 PM, Stephen Craig Evans
<stephencraig.evans <at> gmail.com> wrote:
> Hi Ivan,
>
> This is nothing directed at you guys.

No worries, I didn't think it was.

> For my use, bypassing regex altogether; as in C, using a running
> buffer pointer like I see so much in your code :-)  Lua might have the
> same functionality.
>
> I just feel like I am using a hammer with regex's while everything is
> not a nail.

That could be true. Perhaps it would help if we knew what you were
doing. Since I am supposed to be helping with your work anyway, I will
spend some time on that next week.

> Stephen
>
> On Thu, Jul 3, 2008 at 10:22 PM, Ivan Ristic <ivan.ristic <at> gmail.com> wrote:
>> I think you want a ModSecurity IDE... I've dreamed of one myself. It's
>> feasible, from a technical point of view, but requires a commitment of
>> resources to implement.
>>
>> Questions below.
>>
>> On Thu, Jul 3, 2008 at 3:14 PM, Stephen Craig Evans
>> <stephencraig.evans <at> gmail.com> wrote:
>>> Hi Achim,
>>>
>>> Pardon me if my rant is off-topic, but this seems to be a good place
>>> for it for me now.
>>>
>>> In the 60+ hours in the last 5 days that I have spent writing
>>> ModSecurity rules for WebGoat vulnerabilities, more than half of that
>>> time has been spent on getting the regex's working. I am so tired of
>>> reading the debug file to see how my regex is being interpreted.
>>>
>>> I feel like I am a slave to the PCRE engine instead of the opposite.
>>
>> We are all slaves, Stephen, just slaves :)
>>
>> Can we channel your rant into something useful: how about a suggestion?
>>
>>
>>>
>>> It's not rocket science:
>>> 1. I want an account number that has digits, characters and a hyphen,
>>> but no spaces or special characters.
>>> 2. I want a password that has alphanumeric and special chars, but has
>>> no spaces or '>' and '<'.
>>> 3. I want a user name with chars, ', -, and spaces but nothing else.
>>>
>>> I could do this much easier and faster writing Java, C#, or C (which
>>> is why ModSecurity is written in C; check the source for
>>> urlDecodeUni).
>>
>> Why would writing in C be easier for you? The regular expressions
>> would be the same?
>>
>>
>>> I'm at the point where I think it's easier to write my own routines in
>>> Lua and build my own library for reuse; disclaimer: I don't need
>>> speed.
>>>
>>> (/end of rant)
>>>
>>> Stephen
>>>
>>>
>>>
>>> On Thu, Jul 3, 2008 at 7:10 PM, Achim Hoffmann <ah <at> securenet.de> wrote:
>>>> !! Yes, we do use PCRE underneath. We don't do anything with the regular
>>>> !! expression... we just pass it to the PCRE engine, compiling with
>>>>
>>>> thanks Ivan for this information (which could be found in the docs,
>>>> I believe:)
>>>>
>>>> !!  "PCRE_DOTALL
>>>>
>>>> this means that the s modifier in the regex is obsolete, somehow
>>>> As the core-rules set uses (?i:) modifiers, someone -who initially
>>>> understands that- might think to use (?s:) also.
>>>> On the other hand: does (?m:) change it back to "dot does not match
>>>> newline"? This is not documented in http://www.pcre.org/pcre.txt
>>>> However, perlre man-page is accurate in that behaviour.
>>>>
>>>> !! | PCRE_DOLLAR_ENDONLY".
>>>>
>>>> hmm, this causes some questions how ModSecurity handles "strings",
>>>> for example:
>>>>  is the whole HTTP header passed to the rules, or each line
>>>>  (means what is separated by \r\n) individually?
>>>>  That would make some difference, I guess.
>>>>  You need to know that when writing rules.
>>>>
>>>> Before going deeper into that (and some more examples), I'd
>>>> suggest to point this out in the docs. I mean to describe how
>>>> the different parts of the request/response is handled by ModSec.
>>>>
>>>> Achim
>>>>
>>>>
>>>
>>> -------------------------------------------------------------------------
>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
>>> Studies have shown that voting for your favorite open source project,
>>> along with a healthy diet, reduces your potential for chronic lameness
>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
>>> _______________________________________________
>>> mod-security-users mailing list
>>> mod-security-users <at> lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>>>
>>
>>
>>
>> --
>> Ivan Ristic
>>
>

--

-- 
Ivan Ristic

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Permalink | Reply |

Gmane