Tried both ModSecurity, tag 3.0.3 and ModSecurity Master from github.
Configure options: ./configure --with-lmdb --enable-parser-generation --enable-afl-fuzz
afl-clang-fast 2.52b by <lszekeres@******.com>
clang-5.0: warning: argument '-fsanitize-coverage=4' is deprecated, use '-fsanitize-coverage=trace-pc-guard' instead [-Wdeprecated]
afl_fuzzer.cc:24:48: warning: '/*' within block comment [-Wcomment]
* for i in $(ls -l src/actions/transformations/*.h | awk {'print $9'})...
^
afl_fuzzer.cc:67:34: warning: '/*' within block comment [-Wcomment]
* for i in $(ls -l src/operators/*.h | awk {'print $9'}); do echo "#inc...
^
afl_fuzzer.cc:147:67: warning: '/*' within block comment [-Wcomment]
* for i in $(grep "class " -Ri src/actions/transformations/* | grep " :...
^
afl_fuzzer.cc:192:53: warning: '/*' within block comment [-Wcomment]
* for i in $(grep "class " -Ri src/operators/* | grep " :" | aw...
^
afl_fuzzer.cc:195:30: error: no matching constructor for initialization of
'modsecurity::operators::BeginsWith'
BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginsw...
^ ~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/begins_with.h:32:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit BeginsWith(std::unique_ptr<RunTimeString> param)
^
../../src/operators/begins_with.h:29:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class BeginsWith : public Operator {
^
afl_fuzzer.cc:195:91: error: too few arguments to function call, expected 4,
have 2
...new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); dele...
~~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/begins_with.h:35:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule, const std::string &str,
^
afl_fuzzer.cc:196:26: error: no matching constructor for initialization of
'modsecurity::operators::Contains'
Contains *contains = new Contains("Contains", z, false); contains->evalu...
^ ~~~~~~~~~~~~~~~~~~~~
../../src/operators/contains.h:35:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit Contains(std::unique_ptr<RunTimeString> param)
^
../../src/operators/contains.h:32:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class Contains : public Operator {
^
afl_fuzzer.cc:196:81: error: too few arguments to function call, expected 4,
have 2
...= new Contains("Contains", z, false); contains->evaluate(t, s); delete c...
~~~~~~~~~~~~~~~~~~ ^
../../src/operators/contains.h:37:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule,
^
afl_fuzzer.cc:197:34: error: no matching constructor for initialization of
'modsecurity::operators::ContainsWord'
...*containsword = new ContainsWord("ContainsWord", z, false); containsword...
^ ~~~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/contains_word.h:32:14: note: candidate constructor not
viable: requires single argument 'param', but 3 arguments were provided
explicit ContainsWord(std::unique_ptr<RunTimeString> param)
^
../../src/operators/contains_word.h:29:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class ContainsWord : public Operator {
^
afl_fuzzer.cc:197:101: error: too few arguments to function call, expected 4,
have 2
...ContainsWord("ContainsWord", z, false); containsword->evaluate(t, s); de...
~~~~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/contains_word.h:35:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule,
^
afl_fuzzer.cc:198:30: error: no matching constructor for initialization of
'modsecurity::operators::DetectSQLi'
DetectSQLi *detectsqli = new DetectSQLi("DetectSQLi", z, false); detects...
^ ~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/detect_sqli.h:27:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class DetectSQLi : public Operator {
^
../../src/operators/detect_sqli.h:30:5: note: candidate constructor not viable:
requires 0 arguments, but 3 were provided
DetectSQLi()
^
afl_fuzzer.cc:198:91: error: too few arguments to function call, expected 4,
have 2
...new DetectSQLi("DetectSQLi", z, false); detectsqli->evaluate(t, s); dele...
~~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/detect_sqli.h:35:5: note: 'evaluate' declared here
bool evaluate(Transaction *t, Rule *rule,
^
afl_fuzzer.cc:199:28: error: no matching constructor for initialization of
'modsecurity::operators::DetectXSS'
DetectXSS *detectxss = new DetectXSS("DetectXSS", z, false); detectxss->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/detect_xss.h:26:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class DetectXSS : public Operator {
^
../../src/operators/detect_xss.h:29:5: note: candidate constructor not viable:
requires 0 arguments, but 3 were provided
DetectXSS()
^
afl_fuzzer.cc:199:86: error: too few arguments to function call, expected 4,
have 2
...= new DetectXSS("DetectXSS", z, false); detectxss->evaluate(t, s); delet...
~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/detect_xss.h:34:5: note: 'evaluate' declared here
bool evaluate(Transaction *t, Rule *rule,
^
afl_fuzzer.cc:200:26: error: no matching constructor for initialization of
'modsecurity::operators::EndsWith'
EndsWith *endswith = new EndsWith("EndsWith", z, false); endswith->evalu...
^ ~~~~~~~~~~~~~~~~~~~~
../../src/operators/ends_with.h:32:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit EndsWith(std::unique_ptr<RunTimeString> param)
^
../../src/operators/ends_with.h:29:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class EndsWith : public Operator {
^
afl_fuzzer.cc:200:81: error: too few arguments to function call, expected 4,
have 2
...= new EndsWith("EndsWith", z, false); endswith->evaluate(t, s); delete e...
~~~~~~~~~~~~~~~~~~ ^
../../src/operators/ends_with.h:36:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule,
^
afl_fuzzer.cc:201:14: error: no matching constructor for initialization of
'modsecurity::operators::Eq'
Eq *eq = new Eq("Eq", z, false); eq->evaluate(t, s); delete eq;
^ ~~~~~~~~~~~~~~
../../src/operators/eq.h:32:14: note: candidate constructor not viable: requires
single argument 'param', but 3 arguments were provided
explicit Eq(std::unique_ptr<RunTimeString> param)
^
../../src/operators/eq.h:29:7: note: candidate constructor (the implicit copy
constructor) not viable: requires 1 argument, but 3 were provided
class Eq : public Operator {
^
afl_fuzzer.cc:202:28: error: no matching constructor for initialization of
'modsecurity::operators::FuzzyHash'
FuzzyHash *fuzzyhash = new FuzzyHash("FuzzyHash", z, false); fuzzyhash->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/fuzzy_hash.h:41:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit FuzzyHash(std::unique_ptr<RunTimeString> param)
^
../../src/operators/fuzzy_hash.h:38:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class FuzzyHash : public Operator {
^
afl_fuzzer.cc:203:14: error: no matching constructor for initialization of
'modsecurity::operators::Ge'
Ge *ge = new Ge("Ge", z, false); ge->evaluate(t, s); delete ge;
^ ~~~~~~~~~~~~~~
../../src/operators/ge.h:31:14: note: candidate constructor not viable: requires
single argument 'param', but 3 arguments were provided
explicit Ge(std::unique_ptr<RunTimeString> param)
^
../../src/operators/ge.h:28:7: note: candidate constructor (the implicit copy
constructor) not viable: requires 1 argument, but 3 were provided
class Ge : public Operator {
^
afl_fuzzer.cc:204:28: error: no matching constructor for initialization of
'modsecurity::operators::GeoLookup'
GeoLookup *geolookup = new GeoLookup("GeoLookup", z, false); geolookup->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/geo_lookup.h:27:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class GeoLookup : public Operator {
^
../../src/operators/geo_lookup.h:30:5: note: candidate constructor not viable:
requires 0 arguments, but 3 were provided
GeoLookup()
^
afl_fuzzer.cc:205:28: error: no matching constructor for initialization of
'modsecurity::operators::GsbLookup'
GsbLookup *gsblookup = new GsbLookup("GsbLookup", z, false); gsblookup->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/gsblookup.h:31:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit GsbLookup(std::unique_ptr<RunTimeString> param)
^
../../src/operators/gsblookup.h:28:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class GsbLookup : public Operator {
^
afl_fuzzer.cc:206:14: error: no matching constructor for initialization of
'modsecurity::operators::Gt'
Gt *gt = new Gt("Gt", z, false); gt->evaluate(t, s); delete gt;
^ ~~~~~~~~~~~~~~
../../src/operators/gt.h:32:14: note: candidate constructor not viable: requires
single argument 'param', but 3 arguments were provided
explicit Gt(std::unique_ptr<RunTimeString> param)
^
../../src/operators/gt.h:29:7: note: candidate constructor (the implicit copy
constructor) not viable: requires 1 argument, but 3 were provided
class Gt : public Operator {
^
afl_fuzzer.cc:207:32: error: no matching constructor for initialization of
'modsecurity::operators::InspectFile'
InspectFile *inspectfile = new InspectFile("InspectFile", z, false); ins...
^ ~~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/inspect_file.h:33:14: note: candidate constructor not
viable: requires single argument 'param', but 3 arguments were provided
explicit InspectFile(std::unique_ptr<RunTimeString> param)
^
../../src/operators/inspect_file.h:30:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class InspectFile : public Operator {
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
4 warnings and 20 errors generated.