Makes @geoLookup optional depending on the availability of libGeoIP

2025-09-30 11:44:32 +03:00 · 2015-11-20 09:52:36 -03:00
parent 21cae53d47
commit 09a958544d
6 changed files with 51 additions and 9 deletions
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -220,6 +220,7 @@ using ModSecurity::Variables::Tx;
 %token <std::string> CONFIG_DIR_GEO_DB

 %token <std::string> OPERATOR
+%token <std::string> OPERATOR_GEOIP
 %token <std::string> FREE_TEXT
 %token <std::string> ACTION
 %token <std::string> ACTION_ACCURACY
@@ -361,6 +362,23 @@ op:
        }
        $$ = op;
      }
+    | OPERATOR_GEOIP
+      {
+#ifdef WITH_GEOIP
+        Operator *op = Operator::instantiate($1);
+        const char *error = NULL;
+        if (op->init(driver.ref.back(), &error) == false) {
+            driver.error(@0, error);
+            YYERROR;
+        }
+        $$ = op;
+#else
+        std::stringstream ss;
+            ss << "This version of ModSecurity was not compiled with GeoIP support.";
+            driver.error(@0, ss.str());
+            YYERROR;
+#endif  // WITH_GEOIP
+      }
    | FREE_TEXT
      {
        Operator *op = Operator::instantiate("\"@rx " + $1 + "\"");
@@ -521,6 +539,7 @@ expression:
    /* Debug log: end */
    | CONFIG_DIR_GEO_DB
      {
+#ifdef WITH_GEOIP
        std::string file = ModSecurity::find_resource($1, driver.ref.back());
        if (GeoLookup::getInstance().setDataBase(file) == false) {
            std::stringstream ss;
@@ -529,6 +548,12 @@ expression:
            driver.error(@0, ss.str());
            YYERROR;
        }
+#else
+        std::stringstream ss;
+        ss << "This version of ModSecurity was not compiled with GeoIP support.";
+        driver.error(@0, ss.str());
+        YYERROR;
+#endif  // WITH_GEOIP
      }
    /* Body limits */
    | CONFIG_DIR_REQ_BODY_LIMIT
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -103,8 +103,8 @@ DICT_ELEMENT    [^ \t|]+

 OPERATOR        (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@validateHash|@validateSchema|@verifyCC|@verifyCPF|@verifySSN|@gsbLookup|@rsub)|(?:\!{0,1})(?:@within|@containsWord|@contains|@endsWith|@eq|@ge|@gt|@ipMatchF|@ipMatch|@ipMatchFromFile|@le|@lt|@pmf|@pm|@pmFromFile|@rbl|@rx|@streq|@strmatch|@beginsWith))

-OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@validateUtf8Encoding)
-
+OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@validateUrlEncoding|@validateUtf8Encoding)
+OPERATOR_GEOIP  (?i:@geoLookup)

 TRANSFORMATION  t:(sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePath|length|utf8toUnicode|urldecode|removeComments|replaceComments)

@@ -281,7 +281,8 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 <EXPECTING_OPERATOR>{
 {SOMETHING}           { BEGIN(INITIAL); return yy::seclang_parser::make_FREE_TEXT(yytext, *driver.loc.back()); }
 ["]{OPERATOR}[ ]{FREE_TEXT}["]  { BEGIN(INITIAL); return yy::seclang_parser::make_OPERATOR(yytext, *driver.loc.back()); }
-["]{OPERATORNOARG}[\t ]*["]           { BEGIN(INITIAL); return yy::seclang_parser::make_OPERATOR(yytext, *driver.loc.back()); }
+["]{OPERATORNOARG}[\t ]*["]     { BEGIN(INITIAL); return yy::seclang_parser::make_OPERATOR(yytext, *driver.loc.back()); }
+["]{OPERATOR_GEOIP}[\t ]*["]    { BEGIN(INITIAL); return yy::seclang_parser::make_OPERATOR_GEOIP(yytext, *driver.loc.back()); }
 }

 {ACTION}                        { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }