blob: 164c0547994825b8ed1c2b10c71c4659982fbb48 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
;;; Copyright © 2025 Wojtek Kosior <koszko@koszko.org>
;;; Licensed under the Creative Commons Zero v1.0.
(define-module (gnu packages modsecurity)
#:use-module ((gnu packages apr) #:select (apr apr-util))
#:use-module ((gnu packages autotools) #:select (autoconf automake libtool))
#:use-module ((gnu packages bison) #:select (bison))
#:use-module ((gnu packages curl) #:select (curl))
#:use-module ((gnu packages databases) #:select (lmdb))
#:use-module ((gnu packages datastructures) #:select (ssdeep))
#:use-module ((gnu packages documentation) #:select (doxygen))
#:use-module ((gnu packages flex) #:select (flex))
#:use-module ((gnu packages geo) #:select (libmaxminddb))
#:use-module ((gnu packages lua) #:select (lua))
#:use-module ((gnu packages pcre) #:select (pcre pcre2))
#:use-module ((gnu packages perl) #:select (perl))
#:use-module ((gnu packages pkg-config) #:select (pkg-config))
#:use-module ((gnu packages xml) #:select (libxml2))
#:use-module ((gnu packages valgrind) #:select (valgrind))
#:use-module ((gnu packages web) #:select (httpd yajl))
#:use-module ((guix build-system gnu) #:select (gnu-build-system))
#:use-module ((guix gexp) #:select (gexp file-append))
#:use-module ((guix git-download) #:select
(git-fetch git-file-name git-reference))
#:use-module ((guix licenses) #:select (asl2.0 bsd-3))
#:use-module ((guix packages) #:select
(base32 delete modify-inputs origin package package-arguments
package-inputs replace))
#:use-module ((guix utils) #:select (substitute-keyword-arguments)))
�
(define-public libmodsecurity
(package
(name "libmodsecurity")
(version "3.0.13")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/owasp-modsecurity/ModSecurity")
(commit (format #f "v~a" version))
(recursive? #t)))
(file-name (git-file-name name version))
(sha256 (base32
"0khzm7wfd34w3zdhinq8z46c21pwcczb5jvg2j0b0d1v9nvzaggv"))))
(build-system gnu-build-system)
(arguments (list
#:configure-flags
#~(cons* "--with-pcre2"
(map (lambda (name)
(format #f "--with-~a=~a" name
(assoc-ref %build-inputs name)))
'("curl" "lmdb" "ssdeep")))
#:phases
#~(modify-phases %standard-phases
(add-after 'patch-source-shebangs 'patch-prog-paths-in-tests
(lambda _
(let* ((PATH (string-split (getenv "PATH") #\:))
(/bin/echo (search-path PATH "echo"))
(/bin/ech (string-drop-right /bin/echo 1))
(regression "test/test-cases/regression"))
(for-each
(lambda (test)
(substitute*
(format #f "test/test-cases/regression/~a.json"
test)
(("/bin/ech") /bin/ech)))
'("action-exec" "operator-inpectFile")))))
(add-before 'configure 'fix-ssdeep-searching
(lambda _
(substitute* "build/ssdeep.m4"
(("\\[Path to ssdeep prefix\\]\\)\\]" matched)
(string-append
matched
",[SSDEEP_POSSIBLE_PATHS=\"${with_ssdeep}\";"
" with_ssdeep=yes]"))))))))
(inputs (list curl libmaxminddb libxml2 lmdb lua pcre2 ssdeep yajl))
(native-inputs (list autoconf
automake
bison
doxygen
libtool
flex
perl
pkg-config
valgrind))
(synopsis "Free software web application firewall (WAF) library")
(description "Libmodsecurity is one component of the ModSecurity v3 project.
The library codebase serves as an interface to ModSecurity Connectors taking in
web traffic and applying traditional ModSecurity processing.")
(home-page "https://modsecurity.org/")
(license (list asl2.0 ;; libmodsecurity, Mbed TLS
bsd-3)))) ;; libinjection
(define httpd-modsecurity-with-older-pcre
(package
(name "httpd-modsecurity")
(version "2.9.8")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/owasp-modsecurity/ModSecurity")
(commit (format #f "v~a" version))))
(file-name (git-file-name name version))
(sha256 (base32
"04mjmc0kp3k56lvi4s8vmksiqsamspsj5cqbk14bkr36xrw5g7kw"))))
(build-system gnu-build-system)
(arguments (list
#:configure-flags
#~(let ((inputs `(("apu" . ,(assoc-ref %build-inputs "apr-util"))
("apxs" . ,(assoc-ref %build-inputs "httpd"))
. ,%build-inputs)))
(map (lambda (name)
(format #f "--with-~a=~a"
name (assoc-ref inputs name)))
'("apr" "apu" "apxs" "curl" "pcre" "ssdeep")))
#:phases
#~(modify-phases %standard-phases
(add-after 'unpack 'supply-id_log-for-test-linking
(lambda _
(let ((port (open-file "tests/msc_test.c" "a")))
;; True `id_log' is in `apache2/apache2_config.c' which
;; isn't and cannot (easily) be linked with the test.
(format port "const char* id_log(msre_rule* _) ~
{return \"DUMMY\";}")
(close port))))
(add-after 'unpack 'fix-module-installation-prefix
(lambda _
(substitute* "apache2/Makefile.am"
(("(\\$.DESTDIR.)(\\$.APXS_MODULES.)" _ dst apxs_mods)
(format #f "~a$(prefix)~a" dst apxs_mods)))))
(add-after 'install-license-files 'install-NOTICE-file
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(package (strip-store-file-name out)))
(install-file "NOTICE" (format #f "~a/share/doc/~a"
out package))))))))
(inputs (list apr
apr-util
curl
httpd
libxml2
lua
(list pcre "bin")
ssdeep
yajl))
(native-inputs (list autoconf automake httpd libtool perl pkg-config))
(synopsis "Free software web application firewall (WAF) module")
(description "ModSecurity enables web application defenders to gain
visibility into HTTP(S) and provides a power rules language and API to implement
advanced protections.")
(home-page "https://modsecurity.org/")
(license (list asl2.0))))
(define-public httpd-modsecurity
(let ((base httpd-modsecurity-with-older-pcre))
(package
(inherit base)
(arguments (substitute-keyword-arguments (package-arguments base)
;; Sadly, tests don't seem to work with PRCE2.
((#:tests? _ #f) #f)
((#:configure-flags flags)
#~(cons (format #f "--with-pcre2=~a"
(assoc-ref %build-inputs "pcre2"))
#$flags))))
(inputs (modify-inputs (package-inputs base)
(delete "pcre")
(append pcre2))))))
|
