diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index eaf88dd7..e80daf88 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -46,6 +46,7 @@ class RulesProperties { remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction), requestBodyLimit(0), requestBodyNoFilesLimit(0), + requestBodyInMemoryLimit(0), secRequestBodyAccess(false), secResponseBodyAccess(false), requestBodyLimitAction(ProcessPartialBodyLimitAction), @@ -64,6 +65,7 @@ class RulesProperties { requestBodyLimit(0), requestBodyLimitAction(ProcessPartialBodyLimitAction), requestBodyNoFilesLimit(0), + requestBodyInMemoryLimit(0), responseBodyLimit(0), responseBodyLimitAction(ProcessPartialBodyLimitAction), secRuleEngine(DetectionOnlyRuleEngine) { } @@ -159,6 +161,7 @@ class RulesProperties { RuleEngine secRuleEngine; double requestBodyNoFilesLimit; + double requestBodyInMemoryLimit; double requestBodyLimit; double responseBodyLimit; BodyLimitAction requestBodyLimitAction; diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 0000a0ec..7630544d 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -130,6 +130,7 @@ using ModSecurity::Variables::Variable; %token DIRECTIVE %token CONFIG_DIR_REQ_BODY_LIMIT %token CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT +%token CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT %token CONFIG_DIR_RES_BODY_LIMIT %token CONFIG_DIR_REQ_BODY_LIMIT_ACTION %token CONFIG_DIR_RES_BODY_LIMIT_ACTION @@ -371,6 +372,10 @@ expression: { driver.requestBodyNoFilesLimit = atoi($1.c_str()); } + | CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT + { + driver.requestBodyInMemoryLimit = atoi($1.c_str()); + } | CONFIG_DIR_RES_BODY_LIMIT { driver.responseBodyLimit = atoi($1.c_str()); diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 73defb9d..1d1bdda0 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -33,7 +33,9 @@ ACTION_CTL_BDY_XML ctl:requestBodyProcessor=XML ACTION_CTL_BDY_JSON ctl:requestBodyProcessor=JSON DIRECTIVE SecRule -CONFIG_DIRECTIVE SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine +CONFIG_DIRECTIVE SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine + +CONFIG_DIR_REQ_BOYD_IN_MEMORY_LIMIT (?i:SecRequestBodyInMemoryLimit) CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT (?i:SecRequestBodyNoFilesLimit) CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit) @@ -179,7 +181,8 @@ FREE_TEXT_NEW_LINE [^\"|\n]+ %{ /* Request body limit */ %} {CONFIG_DIR_REQ_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } -{CONFIG_DIR_REQ_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); } +{CONFIG_DIR_REQ_BODY_LIMIT_ACTION}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(strchr(yytext, ' ') + 1, *driver.loc.back()); } +{CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT}[ ]{CONFIG_VALUE_NUMBER}{ return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } %{ /* Reponse body limit */ %} {CONFIG_DIR_RES_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_RES_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); }