Fix OWASP CRS for latest libmodsecurity from v3/master

defanator · defanator · commit 23b03d2496c9 · 2018-02-21T10:41:07.000+03:00
See this PR for details: SpiderLabs/owasp-modsecurity-crs#995
diff --git a/states/nginx.sls b/states/nginx.sls
@@ -2,6 +2,9 @@
 {% set release = salt['grains.get']('lsb_distrib_codename', 'yakkety') %}
 {% set nginxver = salt['pillar.get']('versions:nginx') %}
 
+include:
+  - owasp-crs
+
 NGINX Package Repository:
   pkgrepo.managed:
     - humanname: NGINX Package Repository
@@ -48,3 +51,5 @@ NGINX service:
       - file: /etc/nginx/nginx.conf
       - file: /etc/nginx/modsec/main.conf
       - file: /etc/nginx/modsec/modsecurity.conf
+    - require:
+      - OWASP CRS patch from PR 995 apply
diff --git a/states/owasp-crs.sls b/states/owasp-crs.sls
@@ -10,3 +10,18 @@ Default crs-setup.conf:
     - target: /etc/nginx/modsec/owasp-crs/crs-setup.conf.example
     - require:
       - OWASP CRS
+
+OWASP CRS patch from PR 995:
+  file.managed:
+    - name: /etc/nginx/modsec/owasp-crs/995.patch
+    - source: https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/995.patch
+    - source_hash: 767bb6156ce286f9d17069905feeac5f
+    - require:
+      - OWASP CRS
+
+OWASP CRS patch from PR 995 apply:
+  cmd.run:
+    - name: cd /etc/nginx/modsec/owasp-crs/ && patch -p1 < 995.patch && touch 995.patch.applied
+    - unless: test -e /etc/nginx/modsec/owasp-crs/995.patch.applied
+    - require:
+      - OWASP CRS
