mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
Adds support to SecWebAppID
This commit is contained in:
Felipe Zimmerle
@@ -20,6 +20,7 @@
|
||||
#include <memory>
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rules.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "src/macro_expansion.h"
|
||||
#include "src/utils/string.h"
|
||||
@@ -154,7 +155,7 @@ bool SetVar::evaluate(Rule *rule, Transaction *transm_parser_payload) {
|
||||
+ ":" + m_variableNameExpanded + " with value: " + targetValue);
|
||||
#endif
|
||||
transm_parser_payload->m_collections.storeOrUpdateFirst(m_collectionName,
|
||||
m_variableNameExpanded, targetValue);
|
||||
m_variableNameExpanded, transm_parser_payload->m_rules->m_secWebAppId.m_value, targetValue);
|
||||
|
||||
end:
|
||||
return true;
|
||||
|
||||
@@ -61,6 +61,12 @@ Collections::~Collections() {
|
||||
void Collections::storeOrUpdateFirst(const std::string& collectionName,
|
||||
const std::string& variableName,
|
||||
const std::string& targetValue) {
|
||||
storeOrUpdateFirst(collectionName, variableName, "", targetValue);
|
||||
}
|
||||
|
||||
void Collections::storeOrUpdateFirst(const std::string& collectionName,
|
||||
const std::string& variableName, const std::string& appid,
|
||||
const std::string& targetValue) {
|
||||
if (utils::string::tolower(collectionName) == "ip"
|
||||
&& !m_ip_collection_key.empty()) {
|
||||
m_ip_collection->storeOrUpdateFirst(collectionName + ":"
|
||||
@@ -78,14 +84,14 @@ void Collections::storeOrUpdateFirst(const std::string& collectionName,
|
||||
if (utils::string::tolower(collectionName) == "resource"
|
||||
&& !m_resource_collection_key.empty()) {
|
||||
m_resource_collection->storeOrUpdateFirst(collectionName + ":"
|
||||
+ variableName, m_resource_collection_key, targetValue);
|
||||
+ variableName, m_resource_collection_key, appid, targetValue);
|
||||
return;
|
||||
}
|
||||
|
||||
if (utils::string::tolower(collectionName) == "session"
|
||||
&& !m_session_collection_key.empty()) {
|
||||
m_session_collection->storeOrUpdateFirst(collectionName + ":"
|
||||
+ variableName, m_session_collection_key, targetValue);
|
||||
+ variableName, m_session_collection_key, appid, targetValue);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -144,9 +150,14 @@ std::unique_ptr<std::string> Collections::resolveFirst(const std::string& var) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
std::unique_ptr<std::string> Collections::resolveFirst(
|
||||
const std::string& collectionName, const std::string& var) {
|
||||
return resolveFirst(collectionName, "", var);
|
||||
}
|
||||
|
||||
std::unique_ptr<std::string> Collections::resolveFirst(
|
||||
const std::string& collectionName, const std::string& var) {
|
||||
const std::string& collectionName, const std::string &appid,
|
||||
const std::string& var) {
|
||||
if (utils::string::tolower(collectionName) == "ip"
|
||||
&& !m_ip_collection_key.empty()) {
|
||||
return m_ip_collection->resolveFirst(
|
||||
@@ -165,14 +176,14 @@ std::unique_ptr<std::string> Collections::resolveFirst(
|
||||
&& !m_resource_collection_key.empty()) {
|
||||
return m_resource_collection->resolveFirst(
|
||||
utils::string::toupper(collectionName)
|
||||
+ ":" + var, m_resource_collection_key);
|
||||
+ ":" + var, m_resource_collection_key, appid);
|
||||
}
|
||||
|
||||
if (utils::string::tolower(collectionName) == "session"
|
||||
&& !m_session_collection_key.empty()) {
|
||||
return m_session_collection->resolveFirst(
|
||||
utils::string::toupper(collectionName)
|
||||
+ ":" + var, m_session_collection_key);
|
||||
+ ":" + var, m_session_collection_key, appid);
|
||||
}
|
||||
|
||||
for (auto &a : *this) {
|
||||
@@ -197,10 +208,15 @@ void Collections::resolveSingleMatch(const std::string& var,
|
||||
m_transient->resolveSingleMatch(var, l);
|
||||
}
|
||||
|
||||
|
||||
void Collections::resolveSingleMatch(const std::string& var,
|
||||
const std::string& collection,
|
||||
std::vector<const Variable *> *l) {
|
||||
resolveSingleMatch(var, collection, "", l);
|
||||
}
|
||||
|
||||
void Collections::resolveSingleMatch(const std::string& var,
|
||||
const std::string& collection, const std::string& appid,
|
||||
std::vector<const Variable *> *l) {
|
||||
|
||||
if (utils::string::tolower(collection) == "ip"
|
||||
&& !m_ip_collection_key.empty()) {
|
||||
@@ -218,14 +234,14 @@ void Collections::resolveSingleMatch(const std::string& var,
|
||||
if (utils::string::tolower(collection) == "resource"
|
||||
&& !m_resource_collection_key.empty()) {
|
||||
m_resource_collection->resolveSingleMatch(var,
|
||||
m_resource_collection_key, l);
|
||||
m_resource_collection_key, appid, l);
|
||||
return;
|
||||
}
|
||||
|
||||
if (utils::string::tolower(collection) == "session"
|
||||
&& !m_session_collection_key.empty()) {
|
||||
m_session_collection->resolveSingleMatch(var,
|
||||
m_session_collection_key, l);
|
||||
m_session_collection_key, appid, l);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -240,10 +256,15 @@ void Collections::resolveMultiMatches(const std::string& var,
|
||||
m_transient->resolveMultiMatches(var, l);
|
||||
}
|
||||
|
||||
|
||||
void Collections::resolveMultiMatches(const std::string& var,
|
||||
const std::string& collection,
|
||||
std::vector<const Variable *> *l) {
|
||||
return resolveMultiMatches(var, collection, "", l);
|
||||
}
|
||||
|
||||
void Collections::resolveMultiMatches(const std::string& var,
|
||||
const std::string& collection, const std::string &appid,
|
||||
std::vector<const Variable *> *l) {
|
||||
if (utils::string::tolower(collection) == "ip"
|
||||
&& !m_ip_collection_key.empty()) {
|
||||
m_ip_collection->resolveMultiMatches(var, m_ip_collection_key, l);
|
||||
@@ -260,14 +281,14 @@ void Collections::resolveMultiMatches(const std::string& var,
|
||||
if (utils::string::tolower(collection) == "resource"
|
||||
&& !m_resource_collection_key.empty()) {
|
||||
m_resource_collection->resolveMultiMatches(var,
|
||||
m_resource_collection_key, l);
|
||||
m_resource_collection_key, appid, l);
|
||||
return;
|
||||
}
|
||||
|
||||
if (utils::string::tolower(collection) == "session"
|
||||
&& !m_session_collection_key.empty()) {
|
||||
m_session_collection->resolveMultiMatches(var,
|
||||
m_session_collection_key, l);
|
||||
m_session_collection_key, appid, l);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -281,10 +302,15 @@ void Collections::resolveRegularExpression(const std::string& var,
|
||||
m_transient->resolveRegularExpression(var, l);
|
||||
}
|
||||
|
||||
|
||||
void Collections::resolveRegularExpression(const std::string& var,
|
||||
const std::string& collection,
|
||||
std::vector<const Variable *> *l) {
|
||||
return resolveRegularExpression(var, collection, "", l);
|
||||
}
|
||||
|
||||
void Collections::resolveRegularExpression(const std::string& var,
|
||||
const std::string& collection, const std::string &appid,
|
||||
std::vector<const Variable *> *l) {
|
||||
if (utils::string::tolower(collection) == "ip"
|
||||
&& !m_ip_collection_key.empty()) {
|
||||
m_ip_collection->resolveRegularExpression(
|
||||
@@ -305,7 +331,7 @@ void Collections::resolveRegularExpression(const std::string& var,
|
||||
&& !m_resource_collection_key.empty()) {
|
||||
m_resource_collection->resolveRegularExpression(
|
||||
utils::string::toupper(collection)
|
||||
+ ":" + var, m_resource_collection_key, l);
|
||||
+ ":" + var, m_resource_collection_key, appid, l);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -313,7 +339,7 @@ void Collections::resolveRegularExpression(const std::string& var,
|
||||
&& !m_session_collection_key.empty()) {
|
||||
m_session_collection->resolveRegularExpression(
|
||||
utils::string::toupper(collection)
|
||||
+ ":" + var, m_session_collection_key, l);
|
||||
+ ":" + var, m_session_collection_key, appid, l);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -2045,8 +2045,8 @@ namespace yy {
|
||||
case 87:
|
||||
#line 1231 "seclang-parser.yy" // lalr1.cc:859
|
||||
{
|
||||
driver.error(yystack_[1].location, "SecWebAppId is not supported.");
|
||||
YYERROR;
|
||||
driver.m_secWebAppId.m_value = yystack_[0].value.as< std::string > ();
|
||||
driver.m_secWebAppId.m_set = true;
|
||||
}
|
||||
#line 2052 "seclang-parser.cc" // lalr1.cc:859
|
||||
break;
|
||||
|
||||
@@ -1229,8 +1229,8 @@ expression:
|
||||
}
|
||||
| CONFIG_SEC_WEB_APP_ID
|
||||
{
|
||||
driver.error(@0, "SecWebAppId is not supported.");
|
||||
YYERROR;
|
||||
driver.m_secWebAppId.m_value = $1;
|
||||
driver.m_secWebAppId.m_set = true;
|
||||
}
|
||||
| CONFIG_SEC_SERVER_SIG
|
||||
{
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -363,7 +363,6 @@ EQUALS_PLUS (?i:=\+)
|
||||
EQUALS_MINUS (?i:=\-)
|
||||
|
||||
|
||||
|
||||
%x TRANSACTION_TO_VARIABLE
|
||||
%x EXPECTING_VARIABLE
|
||||
%x EXPECTING_OPERATOR
|
||||
@@ -589,7 +588,7 @@ EQUALS_MINUS (?i:=\-)
|
||||
{CONFIG_COMPONENT_SIG}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, *driver.loc.back()); }
|
||||
{CONFIG_SEC_SERVER_SIG}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_SEC_SERVER_SIG(strchr(yytext, ' ') + 2, *driver.loc.back()); }
|
||||
{CONFIG_SEC_WEB_APP_ID}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_SEC_WEB_APP_ID(parserSanitizer(strchr(yytext, ' ') + 2), *driver.loc.back()); }
|
||||
{CONFIG_SEC_WEB_APP_ID}[ \t]+{FREE_TEXT} { return p::make_CONFIG_SEC_WEB_APP_ID(parserSanitizer(strchr(yytext, ' ') + 2), *driver.loc.back()); }
|
||||
{CONFIG_SEC_WEB_APP_ID}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_WEB_APP_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
|
||||
{CONFIG_CONTENT_INJECTION} { return p::make_CONFIG_CONTENT_INJECTION(*driver.loc.back()); }
|
||||
{CONFIG_DIR_AUDIT_DIR_MOD}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_AUDIT_DIR_MOD(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
|
||||
{CONFIG_DIR_AUDIT_DIR_MOD}[ \t]+["]{CONFIG_VALUE_NUMBER}["] { return p::make_CONFIG_DIR_AUDIT_DIR_MOD(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
|
||||
|
||||
10
src/rule.cc
10
src/rule.cc
@@ -446,7 +446,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
}
|
||||
if (a.second->m_isExclusion) {
|
||||
std::vector<const collection::Variable *> z;
|
||||
a.second->evaluateInternal(trans, this, &z);
|
||||
a.second->evaluate(trans, this, &z);
|
||||
for (auto &y : z) {
|
||||
exclusions_update_by_tag_remove.push_back(std::string(y->m_key));
|
||||
delete y;
|
||||
@@ -465,7 +465,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
}
|
||||
if (a.second->m_isExclusion) {
|
||||
std::vector<const collection::Variable *> z;
|
||||
a.second->evaluateInternal(trans, this, &z);
|
||||
a.second->evaluate(trans, this, &z);
|
||||
for (auto &y : z) {
|
||||
exclusions_update_by_msg_remove.push_back(std::string(y->m_key));
|
||||
delete y;
|
||||
@@ -484,7 +484,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
}
|
||||
if (a.second->m_isExclusion) {
|
||||
std::vector<const collection::Variable *> z;
|
||||
a.second->evaluateInternal(trans, this, &z);
|
||||
a.second->evaluate(trans, this, &z);
|
||||
for (auto &y : z) {
|
||||
exclusions_update_by_id_remove.push_back(std::string(y->m_key));
|
||||
delete y;
|
||||
@@ -500,7 +500,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
Variable *variable = variables.at(i);
|
||||
if (variable->m_isExclusion) {
|
||||
std::vector<const collection::Variable *> z;
|
||||
variable->evaluateInternal(trans, this, &z);
|
||||
variable->evaluate(trans, this, &z);
|
||||
for (auto &y : z) {
|
||||
exclusions.push_back(std::string(y->m_key));
|
||||
delete y;
|
||||
@@ -518,7 +518,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
continue;
|
||||
}
|
||||
|
||||
variable->evaluateInternal(trans, this, &e);
|
||||
variable->evaluate(trans, this, &e);
|
||||
for (const collection::Variable *v : e) {
|
||||
std::string key = v->m_key;
|
||||
|
||||
|
||||
@@ -39,7 +39,8 @@ class Resource_DictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override {
|
||||
transaction->m_collections.resolveMultiMatches(m_dictElement, "RESOURCE", l);
|
||||
transaction->m_collections.resolveMultiMatches(m_dictElement,
|
||||
"RESOURCE", transaction->m_rules->m_secWebAppId.m_value, l);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -54,7 +55,8 @@ class Resource_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override {
|
||||
transaction->m_collections.resolveMultiMatches(m_name, "RESOURCE", l);
|
||||
transaction->m_collections.resolveMultiMatches(m_name, "RESOURCE",
|
||||
transaction->m_rules->m_secWebAppId.m_value, l);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -70,7 +72,7 @@ class Resource_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override {
|
||||
transaction->m_collections.resolveRegularExpression(m_dictElement,
|
||||
"RESOURCE", l);
|
||||
"RESOURCE", transaction->m_rules->m_secWebAppId.m_value, l);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -40,7 +40,7 @@ class Session_DictElement : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override {
|
||||
transaction->m_collections.resolveMultiMatches(m_dictElement,
|
||||
"SESSION", l);
|
||||
"SESSION", transaction->m_rules->m_secWebAppId.m_value, l);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -55,7 +55,8 @@ class Session_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override {
|
||||
transaction->m_collections.resolveMultiMatches(m_name, "SESSION", l);
|
||||
transaction->m_collections.resolveMultiMatches(m_name, "SESSION",
|
||||
transaction->m_rules->m_secWebAppId.m_value, l);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -71,7 +72,7 @@ class Session_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override {
|
||||
transaction->m_collections.resolveRegularExpression(m_dictElement,
|
||||
"SESSION", l);
|
||||
"SESSION", transaction->m_rules->m_secWebAppId.m_value, l);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -120,50 +120,6 @@ Variable::Variable(std::string name, VariableKind kind)
|
||||
}
|
||||
|
||||
|
||||
std::vector<const collection::Variable *> *
|
||||
Variable::evaluate(Transaction *transaction) {
|
||||
std::vector<const collection::Variable *> *l;
|
||||
l = new std::vector<const collection::Variable *>();
|
||||
evaluate(transaction, NULL, l);
|
||||
|
||||
return l;
|
||||
}
|
||||
|
||||
|
||||
void Variable::evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) {
|
||||
if (m_collectionName.empty() == false) {
|
||||
if (m_kind == CollectionVarible && m_type == MultipleMatches) {
|
||||
transaction->m_collections.resolveMultiMatches(m_name,
|
||||
m_collectionName, l);
|
||||
} else if (m_type == RegularExpression) {
|
||||
transaction->m_collections.resolveRegularExpression(m_name,
|
||||
m_collectionName, l);
|
||||
} else {
|
||||
transaction->m_collections.resolveSingleMatch(m_name,
|
||||
m_collectionName, l);
|
||||
}
|
||||
} else {
|
||||
if (m_kind == CollectionVarible && m_type == MultipleMatches) {
|
||||
transaction->m_collections.resolveMultiMatches(m_name, l);
|
||||
} else if (m_type == RegularExpression) {
|
||||
transaction->m_collections.resolveRegularExpression(m_name, l);
|
||||
} else {
|
||||
transaction->m_collections.resolveSingleMatch(m_name, l);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void Variable::evaluateInternal(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) {
|
||||
|
||||
evaluate(transaction, rule, l);
|
||||
}
|
||||
|
||||
|
||||
std::string Variable::to_s(
|
||||
std::vector<Variable *> *variables) {
|
||||
std::string ret;
|
||||
|
||||
@@ -70,19 +70,9 @@ class Variable {
|
||||
Variable(std::string name, VariableKind kind);
|
||||
virtual ~Variable() { }
|
||||
|
||||
|
||||
virtual std::vector<const collection::Variable *>
|
||||
*evaluate(Transaction *transaction);
|
||||
|
||||
|
||||
virtual void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l);
|
||||
|
||||
|
||||
virtual void evaluateInternal(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l);
|
||||
std::vector<const collection::Variable *> *l) = 0;
|
||||
|
||||
static std::string to_s(std::vector<Variable *> *variables);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user