Check for null pointer dereference (almost) everywhere

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

7.67k stars 1.54k forks source link

Check for null pointer dereference (almost) everywhere #3120

Closed marcstern closed 1 week ago

marcstern commented 1 month ago

Added a design doc explaining the approach

airween commented 1 month ago

The use of assertions will terminate the process, right? Is that what you want?

You can control the behavior with a macro. See the identical solution in case of libmodsecurity3. Here @gberkes introduced a new CFLAG, which can be controlled with a configure option. It's disabled by default, so the process won't terminate - but we can use that in our test environment.

marcstern commented 1 month ago

The use of assertions will terminate the process, right? Is that what you want?

Yes, as it's an impossible path, unless the implementation is bogus

sonarcloud[bot] commented 3 weeks ago

Quality Gate failed

Failed conditions
22.0% Duplication on New Code (required ≤ 3%)
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

airween commented 1 week ago

Looks good to me. I think the SonarCloud reports are false positives, all mentioned duplicate code had added years ago. Merging now - thanks, Marc.