diff --git a/CMakeLists.txt b/CMakeLists.txt index 54d49a591..eca6483cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -13,15 +13,10 @@ include(GNUInstallDirs) include(CTest) include(cmake/ada-flags.cmake) -set(ADA_SOURCE_DIR src) - add_subdirectory(src) set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/scripts/cmake) -option(ADA_BENCHMARKS "Build benchmarks" OFF) -option(ADA_TESTING "Build tests" OFF) - # There are cases where when embedding ada as a dependency for other CMake # projects as submodules or subdirectories (via FetchContent) can lead to # errors due to CPM, so this is here to support disabling all the testing @@ -57,6 +52,7 @@ if(ADA_TESTING OR ADA_BENCHMARKS OR ADA_TOOLS) if (ADA_TESTING AND NOT EMSCRIPTEN) set(CTEST_TEST_TIMEOUT 5) + set(ADA_USE_UNSAFE_STD_REGEX_PROVIDER ON) message(STATUS "The tests are enabled.") add_subdirectory(tests) else() @@ -82,6 +78,16 @@ endif() add_library(ada::ada ALIAS ada) +if(ADA_TESTING) + # IMPORTANT! + # + # We enable std_regex_provider for testing purposes + # It is not recommended to enable this flag and use std::regex under + # production environments due to several security issues. + # + target_compile_definitions(ada PUBLIC ADA_USE_UNSAFE_STD_REGEX_PROVIDER=ON) +endif() + set_target_properties( ada PROPERTIES VERSION "${ADA_LIB_VERSION}" diff --git a/cmake/ada-flags.cmake b/cmake/ada-flags.cmake index c351a7a94..6f015bf19 100644 --- a/cmake/ada-flags.cmake +++ b/cmake/ada-flags.cmake @@ -16,6 +16,9 @@ if(ADA_SANITIZE_UNDEFINED) endif() option(ADA_COVERAGE "Compute coverage" OFF) option(ADA_TOOLS "Build cli tools (adaparse)" OFF) +option(ADA_BENCHMARKS "Build benchmarks" OFF) +option(ADA_TESTING "Build tests" OFF) +option(ADA_USE_UNSAFE_STD_REGEX_PROVIDER "Enable unsafe regex provider that uses std::regex" OFF) if (ADA_COVERAGE) message(STATUS "You want to compute coverage. We assume that you have installed gcovr.") diff --git a/fuzz/build.sh b/fuzz/build.sh index 0f5c65d19..1f5bae6f4 100755 --- a/fuzz/build.sh +++ b/fuzz/build.sh @@ -37,9 +37,18 @@ $CXX $CFLAGS $CXXFLAGS \ $CXX $CFLAGS $CXXFLAGS $LIB_FUZZING_ENGINE url_search_params.o \ -o $OUT/url_search_params +# IMPORTANT +# +# We use std_regex_provider for testing purposes. +# It is not encouraged or recommended to be used within production +# environments due to security problems. +# +# Please do not enable it on production systems! +# $CXX $CFLAGS $CXXFLAGS \ -std=c++20 \ -I build/singleheader \ + -DADA_USE_UNSAFE_STD_REGEX_PROVIDER=1 \ -c fuzz/url_pattern.cc -o url_pattern.o $CXX $CFLAGS $CXXFLAGS $LIB_FUZZING_ENGINE url_pattern.o \ diff --git a/include/ada/url_pattern_regex.h b/include/ada/url_pattern_regex.h index 47a6301bf..4324958e6 100644 --- a/include/ada/url_pattern_regex.h +++ b/include/ada/url_pattern_regex.h @@ -6,7 +6,10 @@ #define ADA_URL_PATTERN_REGEX_H #include + +#ifdef ADA_USE_UNSAFE_STD_REGEX_PROVIDER #include +#endif // ADA_USE_UNSAFE_STD_REGEX_PROVIDER namespace ada::url_pattern_regex { @@ -38,6 +41,7 @@ concept regex_concept = requires(T t, std::string_view pattern, { T(std::declval()) } -> std::same_as; }; +#ifdef ADA_USE_UNSAFE_STD_REGEX_PROVIDER class std_regex_provider { public: std_regex_provider() = default; @@ -48,6 +52,7 @@ class std_regex_provider { std::string_view input, const regex_type& pattern); static bool regex_match(std::string_view input, const regex_type& pattern); }; +#endif // ADA_USE_UNSAFE_STD_REGEX_PROVIDER } // namespace ada::url_pattern_regex diff --git a/src/url_pattern_regex.cpp b/src/url_pattern_regex.cpp index 59cac71b9..421b98e4f 100644 --- a/src/url_pattern_regex.cpp +++ b/src/url_pattern_regex.cpp @@ -1,7 +1,8 @@ -#include #include "ada/url_pattern_regex.h" namespace ada::url_pattern_regex { + +#ifdef ADA_USE_UNSAFE_STD_REGEX_PROVIDER std::optional std_regex_provider::create_instance( std::string_view pattern, bool ignore_case) { // Let flags be an empty string. @@ -49,4 +50,6 @@ bool std_regex_provider::regex_match(std::string_view input, return std::regex_match(input.begin(), input.end(), pattern); } +#endif // ADA_USE_UNSAFE_STD_REGEX_PROVIDER + } // namespace ada::url_pattern_regex