github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Parser: adds support to SecRequestBodyInMemoryLimit

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-08-19 22:42:46 -03:00
parent 2d56aa521b
commit 0b225f0239
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
headers/modsecurity/rules_properties.h
View File

@ -46,6 +46,7 @@ class RulesProperties {
remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction), remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction),
requestBodyLimit(0), requestBodyLimit(0),
requestBodyNoFilesLimit(0), requestBodyNoFilesLimit(0),
requestBodyInMemoryLimit(0),
secRequestBodyAccess(false), secRequestBodyAccess(false),
secResponseBodyAccess(false), secResponseBodyAccess(false),
requestBodyLimitAction(ProcessPartialBodyLimitAction), requestBodyLimitAction(ProcessPartialBodyLimitAction),
@ -64,6 +65,7 @@ class RulesProperties {
requestBodyLimit(0), requestBodyLimit(0),
requestBodyLimitAction(ProcessPartialBodyLimitAction), requestBodyLimitAction(ProcessPartialBodyLimitAction),
requestBodyNoFilesLimit(0), requestBodyNoFilesLimit(0),
requestBodyInMemoryLimit(0),
responseBodyLimit(0), responseBodyLimit(0),
responseBodyLimitAction(ProcessPartialBodyLimitAction), responseBodyLimitAction(ProcessPartialBodyLimitAction),
secRuleEngine(DetectionOnlyRuleEngine) { } secRuleEngine(DetectionOnlyRuleEngine) { }
@ -159,6 +161,7 @@ class RulesProperties {
RuleEngine secRuleEngine; RuleEngine secRuleEngine;
double requestBodyNoFilesLimit; double requestBodyNoFilesLimit;
double requestBodyInMemoryLimit;
double requestBodyLimit; double requestBodyLimit;
double responseBodyLimit; double responseBodyLimit;
BodyLimitAction requestBodyLimitAction; BodyLimitAction requestBodyLimitAction;

5
src/parser/seclang-parser.yy
View File

@ -130,6 +130,7 @@ using ModSecurity::Variables::Variable;
%token <std::string> DIRECTIVE %token <std::string> DIRECTIVE
%token <std::string> CONFIG_DIR_REQ_BODY_LIMIT %token <std::string> CONFIG_DIR_REQ_BODY_LIMIT
%token <std::string> CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT %token <std::string> CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
%token <std::string> CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT
%token <std::string> CONFIG_DIR_RES_BODY_LIMIT %token <std::string> CONFIG_DIR_RES_BODY_LIMIT
%token <std::string> CONFIG_DIR_REQ_BODY_LIMIT_ACTION %token <std::string> CONFIG_DIR_REQ_BODY_LIMIT_ACTION
%token <std::string> CONFIG_DIR_RES_BODY_LIMIT_ACTION %token <std::string> CONFIG_DIR_RES_BODY_LIMIT_ACTION
@ -371,6 +372,10 @@ expression:
{ {
driver.requestBodyNoFilesLimit = atoi($1.c_str()); driver.requestBodyNoFilesLimit = atoi($1.c_str());
} }
| CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT
{
driver.requestBodyInMemoryLimit = atoi($1.c_str());
}
| CONFIG_DIR_RES_BODY_LIMIT | CONFIG_DIR_RES_BODY_LIMIT
{ {
driver.responseBodyLimit = atoi($1.c_str()); driver.responseBodyLimit = atoi($1.c_str());

7
src/parser/seclang-scanner.ll
View File

@ -33,7 +33,9 @@ ACTION_CTL_BDY_XML ctl:requestBodyProcessor=XML
ACTION_CTL_BDY_JSON ctl:requestBodyProcessor=JSON ACTION_CTL_BDY_JSON ctl:requestBodyProcessor=JSON
DIRECTIVE SecRule DIRECTIVE SecRule
CONFIG_DIRECTIVE SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine CONFIG_DIRECTIVE SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
CONFIG_DIR_REQ_BOYD_IN_MEMORY_LIMIT (?i:SecRequestBodyInMemoryLimit)
CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT (?i:SecRequestBodyNoFilesLimit) CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT (?i:SecRequestBodyNoFilesLimit)
CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit) CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit)
@ -179,7 +181,8 @@ FREE_TEXT_NEW_LINE [^\"|\n]+
%{ /* Request body limit */ %} %{ /* Request body limit */ %}
{CONFIG_DIR_REQ_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_REQ_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); } {CONFIG_DIR_REQ_BODY_LIMIT_ACTION}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT}[ ]{CONFIG_VALUE_NUMBER}{ return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
%{ /* Reponse body limit */ %} %{ /* Reponse body limit */ %}
{CONFIG_DIR_RES_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_RES_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_RES_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); } {CONFIG_DIR_RES_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); }