Author Topic: Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/l  (Read 681 times)

Offline forsec

  • Newbie
  • *
  • Posts: 9
OS: CentOS 7
web server: httpd-2.4.6-67.el7.centos.6.x86_64
perl:  perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
cwaf: Latest release: 1.181, Client agent: 2.23

After I updated cwaf ruleset and scripts to latest version yesterday,

When I run the following command today
"su -c ' /usr/local/cwaf/scripts/updater.pl' -s /bin/sh nobody"
I get infinite
"Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250."
errors.

Also when I try to connect to the port running on "su -c ' /usr/local/cwaf/scripts/standalone-gui.pl&' -s /bin/sh nobody"
It fails,
I did a strace on the standalone-gui.pl pid
I get infinite
"read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 1136
read(5, "Use of uninitialized value withi"..., 8192) = 710
read(5, "Use of uninitialized value withi"..., 8192) = 852
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 852
read(5, "Use of uninitialized value withi"..., 8192) = 1136
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 1136
read(5, "Use of uninitialized value withi"..., 8192) = 568
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 568
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 852
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 1136
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 1136
read(5, "Use of uninitialized value withi"..., 8192) = 426
read(5, "Use of uninitialized value withi"..., 8192) = 1136
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 568
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 852
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 852
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 710
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 852
read(5, "Use of uninitialized value withi"..., 8192) = 994
read(5, "Use of uninitialized value withi"..., 8192) = 994"
errors.

Anyone know what the problem is?

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Hi
Please update CWAF plugin to v2.24
Regards.

Offline forsec

  • Newbie
  • *
  • Posts: 9
Hi
Please update CWAF plugin to v2.24
Regards.

As the official update script doesn't work anymore, what is the recommended way to upgrade to v2.24 in this case?
Also, please note in https://waf.comodo.com/user/cwaf_revisions there is only v.2.23 and no v2.24.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
v2.24 of CWAF plugin is available now.

Offline forsec

  • Newbie
  • *
  • Posts: 9
I can't upgrade...
su -c ' /usr/local/cwaf/scripts/updater.pl' -s /bin/sh nobody
does infinite
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.
...

while downloading 2.24 cwaf_client_install.sh and running causes 100% cpu, so I checked with strace and found it doing infiinite
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 12
Hi forsec,

To update the cwaf client please use /usr/local/cwaf/scripts/update-client.pl. In case the issue still occurs, please try to remove the client with /usr/local/cwaf/scripts/uninstall_cwaf.sh and install the latest version with from scratch.

Once done. ensure that "cat /usr/local/cwaf/etc/version.dat" results with 2.24 version. Finally, run updater.pl once the client upgrade is done.

We look forward to hearing from you.

Regards,

Offline forsec

  • Newbie
  • *
  • Posts: 9
su -c ' /usr/local/cwaf/scripts/update-client.pl' -s /bin/sh nobody
results in infinite
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.
...

/usr/local/cwaf/scripts/uninstall_cwaf.sh
results also in infinite
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.

How do I do a manual delete?

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Hello forsec.
Please use
/usr/local/cwaf/scripts/update-client.pl

to update client to v2.24.1

Regards.

Offline forsec

  • Newbie
  • *
  • Posts: 9
Like I replied many times, as my current client is version 2.23 with the bug.
If I run /usr/local/cwaf/scripts/update-client.pl
I get infinite:
"Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250.
Use of uninitialized value within [at]httpd_config in pattern match (m//) at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm line 250."

The prior version update-client.pl fails and the new version install script also fails.

Please use
/usr/local/cwaf/scripts/update-client.pl

to update client to v2.24.1

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Hi forsec.

Try to replace the /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm with the attached one which is taken from 2.24.1 agent source. Please backup the original file beforehand.
Rename attached WebConfig.txt to WebConfig.pm.
Regards.

Offline forsec

  • Newbie
  • *
  • Posts: 9
Of note, I don't think you attached any file  :'(

I'll find the file on my own when I have time.

Hi forsec.

Try to replace the /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm with the attached one which is taken from 2.24.1 agent source. Please backup the original file beforehand.
Rename attached WebConfig.txt to WebConfig.pm.
Regards.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Quote
Of note, I don't think you attached any file  :'(

Code: [Select]
package Comodo::CWAF::WebConfig;

#### USAGE example

# Test apache interface

# my $httpd_config_file = '/etc/httpd/conf/httpd.conf';
# my $httpd_config = -f $httpd_config_file ? $httpd_config_file : '/etc/apache2/conf/httpd.conf';
# my $httpd_parser = Comodo::CWAF::WebConfig->new(httpd => $httpd_config);
# $httpd_parser->parse_httpd();
# my $result = $httpd_parser->result_httpd();

# Test nginx interface

# my $nginx_config = -f 'nginx.conf' ? 'nginx.conf' : '/etc/nginx/nginx.conf';
# my $nginx_parser = Comodo::CWAF::WebConfig->new(nginx => $nginx_config);
# $nginx_parser->parse_nginx();
# my $nginx_result = $nginx_parser->result_nginx();

#### Main Debug
# print Dumper $result;
# print Dumper $nginx_result;
####


use strict;
use warnings;
use Storable;
use File::Path qw(make_path);

our (%conf);
use Comodo::CWAF::Main;
$conf{'cwaf_path'} =~ s/\/+$//;
my $cache_dir = $conf{'cwaf_path'} . '/tmp/domain_cache';
my $cache_time = $conf{'domaincache_timeout'} ? $conf{'domaincache_timeout'} : 7200;
make_path $cache_dir unless -d $cache_dir;

use constant {
    OPTIONS => {
        VIRTUAL_HOST => 'VirtualHost',
        SERVER_NAME => 'ServerName',
        SERVER_ALIAS => 'ServerAlias',
        DOCUMENT_ROOT => 'DocumentRoot',
    },
    NGINX => {
        LISTEN => 'listen',
        SERVER => 'server',
        SERVER_NAME => 'server_name',
    },
};

sub new {
    my ($class, %params) = [at]_;

    my $self = {
        # Apache part
        httpd => undef,
        _server_root => undef,
        _httpd_config => [],
        _raw_includes => [],
        _includes => [],
        _vhosts_raw => [],
        _vhosts => [],
        vhosts_httpd => [],
        aliases_httpd => {},

        # Nginx part
        nginx => undef,
        _nginx_config => [],
        _nginx_raw_includes => [],
        _nginx_includes => [],
        _servers_raw => [],
        _servers => [],
        servers_nginx => {},
    };

    $self->{$_} = $params{$_} for keys %params;

    bless $self => $class;

    return $self;
}

#### APACHE part ####

sub parse_httpd {
    my $self = shift;

    # Check if we have domains cache
    if (-f "$cache_dir/httpd_cache.st") {
        if (time() > (stat("$cache_dir/httpd_cache.st"))[10] + $cache_time) {
            unlink "$cache_dir/httpd_cache.st";
        }
        else {
            $self->{'result_httpd'} = retrieve "$cache_dir/httpd_cache.st";
            return;
        }
    }

    # Open main config file
    $self->_read_main_config();

    # Exit if there's nothing to parse
    return unless scalar [at]{$self->{'_httpd_config'}};

    # Server root prefix
    $self->_search_server_root();

    # Search for includes recursively
    $self->_search_includes_r();

    # Append config string from all found includes
    $self->_append_strings();

    # Clear config strings from comments, spaces, etc.
    $self->_clean_config();

    # Search for virtual hosts
    $self->_search_virtual_hosts();

    # Parse and split includes
    $self->_parse_virtual_hosts();

    # Grep fileds to needed format
    $self->_cook_virtual_hosts();

    # Create alias-oriented structure for plugin
    $self->_aliases_httpd();

    $self->{'result_httpd'} = $self->{'aliases_httpd'};

    if (-d $cache_dir) {
        store $self->{'result_httpd'}, "$cache_dir/httpd_cache.st";
    }
}

sub result_httpd {
    return $_[0]->{'result_httpd'};
}

sub _read_main_config {
    my $self = shift;

    if (open my $fh, '<', $self->{'httpd'}) {
        [at]{$self->{'_httpd_config'}} = <$fh>;
        close $fh;
        if (scalar [at]{$self->{'_httpd_config'}}) {
            chomp for [at]{$self->{'_httpd_config'}};
        }
    }
    else {
        do_log("Failed to open config file: $!", 0);
    }
}

sub _search_includes_r {
    my $self = shift;

    return if (ref $self->{'_httpd_config'} ne 'ARRAY' || ! scalar [at]{$self->{'_httpd_config'}});

    # If it's first recursive iteration search includes in main config file
    unless (scalar [at]{$self->{'_includes'}}) {
        [at]{$self->{'_includes_raw'}} = grep $_ =~ m/^\s*Include\s+/i, [at]{$self->{'_httpd_config'}};
    }

    $self->__parse_includes();

    if (scalar [at]{$self->{'_includes'}}) {
        [at]{$self->{'_includes'}} = grep -f $_, [at]{$self->{'_includes'}};
        for ([at]{$self->{'_includes'}}) {
            next unless -f $_;
            if (open my $fh, '<', $_) {
                my [at]strings = <$fh>;
                close $fh;
                for ([at]strings) {
                    chomp;
                    push [at]{$self->{'_includes_raw'}}, $_ if m/^Include/i;
                }
                $self->__parse_includes();
            }
            else {
                do_log("Can't read config include: $!", 0);
            }
        }
    }
}

sub _search_server_root {
    my $self = shift;

    my ($server_root) = grep m/^ServerRoot/, [at]{$self->{'_httpd_config'}};

    return unless $server_root;

    chomp $server_root;
    (undef, $server_root) = split(/\s+/, $server_root, 2);
    $server_root =~ s/^"|"$//g;

    $self->{'_server_root'} = $server_root ? $server_root : '';
}

sub _append_strings {
    my $self = shift;

    return unless scalar [at]{$self->{'_includes'}};

    # Protection from inlude duplicates
    my %unduplicate = map { $_ => 1 } [at]{$self->{'_includes'}};
    [at]{$self->{'_includes'}} = keys %unduplicate;

    for my $include ([at]{$self->{'_includes'}}) {
        if (open my $fh, '<', $include) {
            my [at]append_strings = <$fh>;
            close $fh;
            chomp for [at]append_strings;
            push [at]{$self->{'_httpd_config'}}, [at]append_strings;
        }
        else {
            do_log("Failed to open include config file: $!", 0);
        }
    }
}

sub _clean_config {
    my $self = shift;

    if (scalar [at]{$self->{'_httpd_config'}}) {
        for ([at]{$self->{'_httpd_config'}}) {
            chomp;
            s/^\s*#//;
            s/^\s+|\s+$//g;
        }

        # Skip commented strings
        [at]{$self->{'_httpd_config'}} = grep $_ !~ m/^#+/, [at]{$self->{'_httpd_config'}};
        [at]{$self->{'_httpd_config'}} = grep $_ !~ m/#+$/, [at]{$self->{'_httpd_config'}};
        [at]{$self->{'_httpd_config'}} = grep $_, [at]{$self->{'_httpd_config'}};
    }
}

sub _search_virtual_hosts {
    my $self = shift;

    my [at]httpd_config = [at]{$self->{'_httpd_config'}};
    return unless scalar [at]httpd_config;

    for my $index (0 .. $#httpd_config) {
        if ($httpd_config[$index] && $httpd_config[$index] =~ m/^<VirtualHost/) {
            my [at]vhost = ();
            for (my $i = $index; $httpd_config[$i] && $httpd_config[$i] !~ m/^<\/VirtualHost>/; $i++) {
                push [at]vhost, $httpd_config[$i];
            }
            # Append found vhost to main list
            push [at]{$self->{'_vhosts_raw'}}, \[at]vhost;
        }
    }
}

sub _parse_virtual_hosts {
    my $self = shift;

    return unless scalar [at]{$self->{'_vhosts_raw'}};

    my [at]vhosts = ();
    for my $vhost ([at]{$self->{'_vhosts_raw'}}) {
        next if ref $vhost ne 'ARRAY';
        my %vhost = ();
        for my $string ([at]$vhost) {
            my ($key, $value) = split(/\s+/, $string, 2);
            if ($key && $value) {
                for ($key, $value) {
                    chomp;
                    s/^['"<]|['">]$//g;
                    s/^\s+|\s+$//g;
                }
            }
            $vhost{$key} = $value;
        }
        push [at]{$self->{'_vhosts'}}, \%vhost;
    }
}

sub _cook_virtual_hosts {
    my $self = shift;

    return unless scalar [at]{$self->{'_vhosts'}};

    for my $vhost ([at]{$self->{'_vhosts'}}) {
        next if ref $vhost ne 'HASH';
        my %vhost = ();
        for my $option (keys %{(OPTIONS)}) {
            for my $key (keys %$vhost) {
                ### Attention: minimum length limits 4 key. Protection from trash matches
                # if (length $key > 8 && OPTIONS->{$option} =~ /$key/) {
                if (OPTIONS->{$option} =~ m/^\Q$key\E$/) {
                    $vhost{OPTIONS->{$option}} = $vhost->{$key};
                }
            }
        }
        push [at]{$self->{'vhosts_httpd'}}, \%vhost;
    }
}

sub _aliases_httpd {
    my $self = shift;

    return unless scalar [at]{$self->{'vhosts_httpd'}};

    my %aliases = map {
        my $vhost = $_;
        my $server_name = $vhost->{OPTIONS->{SERVER_NAME}};
        my $port = $1 if $vhost->{OPTIONS->{VIRTUAL_HOST}} =~ m/:\d+$/;
        my [at]aliases = split(/\s+/, $vhost->{OPTIONS->{SERVER_ALIAS}}) if defined $vhost->{OPTIONS->{SERVER_ALIAS}};
        [at]aliases = grep { $_ ne $server_name } [at]aliases;
        [at]aliases = grep $_ !~ m/^localhost/i, [at]aliases;
        $server_name .= ":$port" if $server_name !~ m/:\d+$/ && $port;
        $server_name => \[at]aliases
    } [at]{$self->{'vhosts_httpd'}};

    %aliases = map { $_ => $aliases{$_} } grep { $_ !~ m/^localhost/i } keys %aliases;

    $self->{'aliases_httpd'} = \%aliases if scalar keys %aliases;
}

sub __parse_includes {
    my $self = shift;

    if (ref $self->{'_includes_raw'} eq 'ARRAY' && scalar [at]{$self->{'_includes_raw'}}) {
        for ([at]{$self->{'_includes_raw'}}) {
            my (undef, $include) = split(/\s+/, $_, 2);
            $include =~ s/^"|"$//g;
            next unless $include;
            my $sroot = $self->{'_server_root'};
            # Add server root to not abs paths of includes
            if ($sroot && substr($include, 0, 1) ne '/') {
                $include = $sroot . '/' . $include;
            }
            if ($include =~ m/\*/) {
                my [at]includes_by_mask = glob qq($include);
                if (scalar [at]includes_by_mask) {
                    push [at]{$self->{'_includes'}}, [at]includes_by_mask;
                }
            }
            else {
                push [at]{$self->{'_includes'}}, $include;
            }
        }
    }

    # Clear previous raw includes
    $self->{'_includes_raw'} = [];
}

#### NGINX part ####

sub parse_nginx {
    my $self = shift;

    # Check if we have domains cache
    if (-f "$cache_dir/nginx_cache.st") {
        if (time() > (stat("$cache_dir/nginx_cache.st"))[10] + $cache_time) {
            unlink "$cache_dir/nginx_cache.st";
        }
        else {
            $self->{'result_nginx'} = retrieve "$cache_dir/nginx_cache.st";
            return;
        }
    }

    $self->_read_nginx_config();

    $self->_nginx_search_includes_r();

    $self->_append_nginx_strings();

    $self->_clean_nginx_config();

    $self->_search_nginx_servers();

    $self->_parse_nginx_servers();

    $self->_cook_nginx_servers();

    $self->{'result_nginx'} = $self->{'servers_nginx'};

    if (-d $cache_dir) {
        store $self->{'result_nginx'}, "$cache_dir/nginx_cache.st";
    }
}

sub result_nginx {
    return $_[0]->{'result_nginx'};
}

sub _read_nginx_config {
    my $self = shift;

    if (open my $fh, '<', $self->{'nginx'}) {
        [at]{$self->{'_nginx_config'}} = <$fh>;
        close $fh;
        if (scalar [at]{$self->{'_nginx_config'}}) {
            chomp for [at]{$self->{'_nginx_config'}};
        }
    }
    else {
        do_log("Failed to open config file: $!", 0);
    }
}

sub _nginx_search_includes_r {
    my $self = shift;

    return if (ref $self->{'_nginx_config'} ne 'ARRAY' || ! scalar [at]{$self->{'_nginx_config'}});

    unless (scalar [at]{$self->{'_nginx_includes'}}) {
        [at]{$self->{'_nginx_raw_includes'}} = grep m/include/i, [at]{$self->{'_nginx_config'}};
    }

    $self->__parse_nginx_includes();

    if (scalar [at]{$self->{'_nginx_includes'}}) {
        for ([at]{$self->{'_nginx_includes'}}) {
            next unless -f $_;
            if (open my $fh, '<', $_) {
                my [at]strings = <$fh>;
                close $fh;
                for ([at]strings) {
                    chomp;
                    push [at]{$self->{'_nginx_raw_includes'}}, $_ if m/include/i;
                }
                $self->__parse_nginx_includes();
            }
            else {
                do_log("Can't read config include: $!", 0);
            }
        }
    }
}

sub _append_nginx_strings {
    my $self = shift;

    return if (ref $self->{'_nginx_includes'} ne 'ARRAY' || ! scalar [at]{$self->{'_nginx_includes'}});

    # Nginx may have duplicate of includes
    my %unduplicate = map { $_ => 1 } [at]{$self->{'_nginx_includes'}};
    [at]{$self->{'_nginx_includes'}} = keys %unduplicate;

    for my $include ([at]{$self->{'_nginx_includes'}}) {
        next unless -f $include;
        if (open my $fh, '<', $include) {
            my [at]append_strings = <$fh>;
            close $fh;
            chomp for [at]append_strings;
            push [at]{$self->{'_nginx_config'}}, [at]append_strings;
        }
        else {
            do_log("Failed to open include config file: $!", 0);
        }
    }
}

sub _clean_nginx_config {
    my $self = shift;

    if (scalar [at]{$self->{'_nginx_config'}}) {
        for ([at]{$self->{'_nginx_config'}}) {
            chomp;
            s/^\s+#//;
            s/{$//;
            s/^\s+|\s+$//g;
        }
        [at]{$self->{'_nginx_config'}} = grep $_ !~ m/^#+/, [at]{$self->{'_nginx_config'}};
        [at]{$self->{'_nginx_config'}} = grep $_ !~ m/#+$/, [at]{$self->{'_nginx_config'}};
        [at]{$self->{'_nginx_config'}} = grep $_, [at]{$self->{'_nginx_config'}};
    }
}

sub _search_nginx_servers {
    my $self = shift;

    if (scalar [at]{$self->{'_nginx_config'}}) {
        # Grep server names without examples
        my [at]nginx_config = [at]{$self->{'_nginx_config'}};
        for my $index (0 .. $#nginx_config) {
            if ($nginx_config[$index] && $nginx_config[$index] =~ m/^server/) {
                my [at]server = ();
                for (my $i = $index; $nginx_config[$i] && $nginx_config[$i] !~ m/}/; $i++) {
                    push [at]server, $nginx_config[$i];
                }
                #### Search multiline server_name entries
                my [at]server_names = ();
                my $search = 0;
                my $start = 0;
                for (0 .. $#server) {
                    if ($server[$_] =~ m/server_name\s+/ && $server[$_] !~ m/;$/) {
                        push [at]server_names, splice([at]server, $_, 1);
                        $search = 1;
                        $start = $_;
                        last;
                    }
                }
                if ($search) {
                    my $finish = 0;
                    for (my $j = $start; $server[$j] !~ m/;$/; $j++) {
                        push [at]server_names, splice([at]server, $j, 1);
                        $finish = $j;
                    }
                    push [at]server_names, splice([at]server, $finish, 1);
                }
                if (scalar [at]server_names) {
                    my $server_names = join(' ', [at]server_names);
                    push [at]server, $server_names;
                }
                #### Finished search multiline server names

                # Append found server to main list
                push [at]{$self->{'_servers_raw'}}, \[at]server;
            }
        }
    }
}

sub _parse_nginx_servers {
    my $self = shift;

    return if (ref $self->{'_servers_raw'} ne 'ARRAY' || ! scalar [at]{$self->{'_servers_raw'}});

    for my $server ([at]{$self->{'_servers_raw'}}) {
        next if ref $server ne 'ARRAY';
        my %server = ();
        for my $string ([at]$server) {
            next if $string =~ m/\$hostname/;
            next if $string =~ m/localhost/;
            my ($key, $value) = split(/\s+/, $string, 2);
            if ($key && $value) {
                for ($key, $value) {
                    chomp;
                    s/^{//;
                    s/^\s+|\s+$//g;
                    s/^#\s*//;
                    s/[};]$//;
                }
                $server{$key} = $value;
            }
        }
        push [at]{$self->{'_servers'}}, \%server;
    }

    # Grep no ported and remove duplicates
    [at]{$self->{'_servers'}} = grep { $_->{NGINX->{LISTEN}} && $_->{NGINX->{SERVER_NAME}} } [at]{$self->{'_servers'}};
}

sub _cook_nginx_servers {
    my $self = shift;

    return if (ref $self->{'_servers'} ne 'ARRAY' || ! scalar [at]{$self->{'_servers'}});

    my %servers = map {
        my $server = $_;
        my [at]domains = split(/\s+/, $server->{NGINX->{SERVER_NAME}});
        my $domain = shift [at]domains;
        my $port = $server->{NGINX->{LISTEN}};
        $port = $1 if $port =~ m/\d{2,}/;
        $domain .= ":$port" if $port && $domain !~ m/:\d+/;
        $domain => \[at]domains;
    } [at]{$self->{'_servers'}};

    # Grep duplicates
    # my %unduplicate = map { $_->{NGINX->{SERVER_NAME}} => $_ } [at]{$self->{'_servers'}};
    # [at]{$self->{'_servers'}} = values %unduplicate;

    $self->{'servers_nginx'} = \%servers;
}

sub __parse_nginx_includes {
    my $self = shift;

    return if (ref $self->{'_nginx_raw_includes'} ne 'ARRAY' || ! scalar [at]{$self->{'_nginx_raw_includes'}});

    for ([at]{$self->{'_nginx_raw_includes'}}) {
        chomp;
        s/^\s+|\s+$//g;
        s/;$//;
        my (undef, $string) = split(/\s+/, $_, 2);
        if ($string =~ m/\*/) {
            my [at]includes_by_mask = glob qq($string);
            if (scalar [at]includes_by_mask) {
                push [at]{$self->{'_nginx_includes'}}, [at]includes_by_mask;
            }
        }
        else {
            push [at]{$self->{'_nginx_includes'}}, $string;
        }
    }

    $self->{'_nginx_raw_includes'} = [];
}

1;

Offline forsec

  • Newbie
  • *
  • Posts: 9
dang... this was painful to fix.

Copy and pasting SergeiP /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm
didnt' work, possibly due to some formatting errors coming from forum.

The method I used to fix was to create a new temporary server in Vmware, install apache, install modsecurity, run apache, install newest cwaf
Take the /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm
Overwrite prior servers /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/WebConfig.pm

The go into the gui and update client.

Thanks to SergeiP for his help.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek