Thread: [Mod-security-developers] Hyperscan
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers
|
From: Breno S. <bre...@gm...> - 2016-03-31 22:34:44
|
Interesting project to be considered by modsecurity https://01.org/hyperscan Breno |
|
From: Felipe C. <FC...@tr...> - 2016-04-01 13:59:49
|
Hi Breno, In fact that is an interesting replacement for the libpcre. We may be able to make the regex engine inside ModSecurity v3 something pluggable. So it will be easy to integrate and test a new regex engine. During the elaboration of ModSecurity v3 we have considered to replace the regex engine. Chaim suggested another engine that was capable to deal with utf-8 string more easily, I don’t recall the name. Chaim? Considering that I've created this wrapper for the regex utilization: https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/utils/regex.cc https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/utils/regex.h To replace the engine we just have to change the code in those files. Are you interested to make a contribution on that area? If so, we can help you. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> From: Breno Silva <bre...@gm...> Reply-To: "mod...@li..." <mod...@li...> Date: Thursday, March 31, 2016 at 6:27 PM To: mod-security-developers <mod...@li...> Subject: [Mod-security-developers] Hyperscan Interesting project to be considered by modsecurity https://01.org/hyperscan <http://scanmail.trustwave.com/?c=4062&d=oab91mRoxVs_Ad9K3z51iYss857g0PdnLYNBfKNJYg&s=5&u=https%3a%2f%2f01%2eorg%2fhyperscan> Breno ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ne...> - 2016-04-05 04:53:57
|
Hello, On Fri, Apr 01, 2016 at 01:59:38PM +0000, Felipe Costa wrote: > In fact that is an interesting replacement for the libpcre. It seems to come with the following string attached: > If you need features (e.g. sub-expression capture) or pattern > constructs > (e.g. back-references or arbitrary look around asserts) you may not be > able to use Hyperscan (although we do have a pre-filter mode that can > optimize some cases). -> https://01.org/hyperscan/blogs/geofflangdale/2015/welcome-hyperscan Is not that a blocker? Ahoj, Christian -- When there are too many policemen, there can be no liberty. When there are too many soldiers, there can be no peace. When there are too many lawyers, there can be no justice. -- Lin Yutang |
|
From: Felipe C. <FC...@tr...> - 2016-04-05 16:52:44
|
Hi, On 4/5/16, 1:53 AM, "Christian Folini" <chr...@ne...> wrote: >It seems to come with the following string attached: > >> If you need features (e.g. sub-expression capture) or pattern >> constructs >> (e.g. back-references or arbitrary look around asserts) you may not be >> able to use Hyperscan (although we do have a pre-filter mode that can >> optimize some cases). > >-> http://scanmail.trustwave.com/?c=4062&d=_8SD17SSFxcGTyITZx90bheVWxEf38or3BaqDWrOIQ&s=5&u=https%3a%2f%2f01%2eorg%2fhyperscan%2fblogs%2fgeofflangdale%2f2015%2fwelcome-hyperscan > >Is not that a blocker? It is not clear to me if this is a blocker. I don't think so. Are you concerned about the sub-expression capture? It is also not clear if it will really improve the performance, as our content is usually very small. I guess it is not so hard to test. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Robert P. <rpa...@fe...> - 2016-04-05 17:01:43
|
Not having PCRE backreferences should definitely be a blocker, as that significantly limits the flexiblity of the expression language. I also think that, in most cases, the scope of regex targets is not such that this would present a significant performance improvement. On Tue, Apr 5, 2016 at 9:52 AM, Felipe Costa <FC...@tr...> wrote: > > Hi, > > > On 4/5/16, 1:53 AM, "Christian Folini" <chr...@ne...> > wrote: > > >It seems to come with the following string attached: > > > >> If you need features (e.g. sub-expression capture) or pattern > >> constructs > >> (e.g. back-references or arbitrary look around asserts) you may not be > >> able to use Hyperscan (although we do have a pre-filter mode that can > >> optimize some cases). > > > >-> > http://scanmail.trustwave.com/?c=4062&d=_8SD17SSFxcGTyITZx90bheVWxEf38or3BaqDWrOIQ&s=5&u=https%3a%2f%2f01%2eorg%2fhyperscan%2fblogs%2fgeofflangdale%2f2015%2fwelcome-hyperscan > > > >Is not that a blocker? > > > It is not clear to me if this is a blocker. I don't think so. Are you > concerned > about the sub-expression capture? > > > It is also not clear if it will really improve the performance, as our > content > is usually very small. I guess it is not so hard to test. > > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > > > > > > > ________________________________ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Christian F. <chr...@ne...> - 2016-04-05 18:02:44
|
Hello, On Tue, Apr 05, 2016 at 04:52:36PM +0000, Felipe Costa wrote: > >Is not that a blocker? > > It is not clear to me if this is a blocker. I don't think so. Are you concerned > about the sub-expression capture? Exactly. Or does not ModSec depend on that pcre feature? > It is also not clear if it will really improve the performance, as our content > is usually very small. I guess it is not so hard to test. If the API is similar, then a perf test definitely makes sense. Ahoj, Christian -- We cannot ensure success, but we can deserve it. -- George Washington |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X