github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Finish XMLArgs processing

Browse Source
This commit is contained in:
Ervin Hegedus
2024-09-30 18:53:19 +02:00
parent fa621f81e9
commit 0c8cc6e2cf
5 changed files with 306 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
apache2/apache2_config.c
View File

@@ -166,6 +166,7 @@ void *create_directory_config(apr_pool_t *mp, char *path)
/* xml external entity */
dcfg->xml_external_entity = NOT_SET;
dcfg->parse_xml_into_args = NOT_SET;
return dcfg;
}
@@ -640,6 +641,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
/* xml external entity */
merged->xml_external_entity = (child->xml_external_entity == NOT_SET
? parent->xml_external_entity : child->xml_external_entity);
merged->parse_xml_into_args = (child->parse_xml_into_args == NOT_SET
? parent->parse_xml_into_args : child->parse_xml_into_args);
return merged;
}
@@ -773,6 +776,7 @@ void init_directory_config(directory_config *dcfg)
/* xml external entity */
if (dcfg->xml_external_entity == NOT_SET) dcfg->xml_external_entity = 0;
if (dcfg->parse_xml_into_args == NOT_SET) dcfg->parse_xml_into_args = 0;
}
@@ -3698,6 +3702,34 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
return NULL;
}
/**
* \brief Add SecParseXMLIntoArgs configuration option
*
* \param cmd Pointer to configuration data
* \param _dcfg Pointer to directory configuration
* \param p1 Pointer to configuration option
*
* \retval NULL On failure
* \retval apr_psprintf On Success
*/
static const char *cmd_parse_xml_into_args(cmd_parms *cmd, void *_dcfg, const char *p1)
{
assert(cmd != NULL);
assert(_dcfg != NULL);
assert(p1 != NULL);
// Normally useless code, left to be safe for the moment
if (_dcfg == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, "cmd_hash_engine: _dcfg is NULL");
return NULL;
}
directory_config *dcfg = (directory_config *)_dcfg;
if (strcasecmp(p1, "on") == 0) { dcfg->parse_xml_into_args = MSC_XML_ARGS_ON; }
else if (strcasecmp(p1, "off") == 0) { dcfg->parse_xml_into_args = MSC_XML_ARGS_OFF; }
else if (strcasecmp(p1, "onlyargs") == 0) { dcfg->parse_xml_into_args = MSC_XML_ARGS_ONLYARGS; }
else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecParseXMLIntoArgs: %s", p1);
return NULL;
}
/* -- Configuration directives definitions -- */
@@ -4466,5 +4498,13 @@ const command_rec module_directives[] = {
"Set Hash parameter"
),
AP_INIT_TAKE1 (
"SecParseXMLintoArgs",
cmd_parse_xml_into_args,
NULL,
CMD_SCOPE_ANY,
"On, Off or OnlyArgs"
),
{ NULL }
};

5
apache2/modsecurity.h
View File

@@ -243,6 +243,10 @@ extern DSOLOCAL int *unicode_map_table;
#define RULE_EXCEPTION_REMOVE_MSG 4
#define RULE_EXCEPTION_REMOVE_TAG 5
#define MSC_XML_ARGS_OFF 0
#define MSC_XML_ARGS_ON 1
#define MSC_XML_ARGS_ONLYARGS 2
#define NBSP 160
struct rule_exception {
@@ -643,6 +647,7 @@ struct directory_config {
/* xml */
int xml_external_entity;
int parse_xml_into_args;
/* This will be used whenever ModSecurity will be ready
* to ask the server for newer rules.

231
apache2/msc_xml.c
View File

@@ -14,6 +14,108 @@
#include "msc_xml.h"
static void msc_xml_on_start_elementns(
void *ctx,
const xmlChar *localname,
const xmlChar *prefix,
const xmlChar *URI,
int nb_namespaces,
const xmlChar **namespaces,
int nb_attributes,
int nb_defaulted,
const xmlChar **attributes
) {
// get the length of XML tag (localname)
size_t taglen = strlen((const char *)localname);
modsec_rec * msr = (modsec_rec *)ctx;
msc_xml_parser_state * xml_parser_state = msr->xml->xml_parser_state;
// pathlen contains the concatenated strings of tags with '.'
// eg xml.root.level1.leaf
xml_parser_state->pathlen += (taglen + 1);
char *newpath = apr_pstrcat(msr->mp, xml_parser_state->currpath, ".", (char *)localname, NULL);
xml_parser_state->currpath = newpath;
int *new_stack_item = (int *)apr_array_push(xml_parser_state->has_child_stack);
*new_stack_item = 0;
xml_parser_state->depth++;
// if there is an item before the current one we set that has a child
if (xml_parser_state->depth > 1) {
int *parent_stack_item = &((int *)xml_parser_state->has_child_stack->elts)[xml_parser_state->has_child_stack->nelts - 2];
*parent_stack_item = 1;
}
}
static void msc_xml_on_end_elementns(
void* ctx,
const xmlChar* localname,
const xmlChar* prefix,
const xmlChar* URI
) {
size_t taglen = strlen((const char *)localname);
modsec_rec * msr = (modsec_rec *)ctx;
msc_xml_parser_state * xml_parser_state = msr->xml->xml_parser_state;
// if the node is a leaf we add it as argument
// get the top item from the stack which tells this info
int * top_stack_item = apr_array_pop(xml_parser_state->has_child_stack);
if (*top_stack_item == 0) {
if (apr_table_elts(msr->arguments)->nelts >= msr->txcfg->arguments_limit) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Skipping request argument, over limit (XML): name \"%s\", value \"%s\"",
log_escape_ex(msr->mp, xml_parser_state->currpath, strlen(xml_parser_state->currpath)),
log_escape_ex(msr->mp, xml_parser_state->currval, strlen(xml_parser_state->currval)));
}
msr->msc_reqbody_error = 1;
msr->xml->xml_error = apr_psprintf(msr->mp, "More than %ld XML keys", msr->txcfg->arguments_limit);
xmlStopParser((xmlParserCtxtPtr)msr->xml->parsing_ctx_arg);
}
else {
msc_arg * arg = (msc_arg *) apr_pcalloc(msr->mp, sizeof(msc_arg));
arg->name = xml_parser_state->currpath;
arg->name_len = strlen(arg->name);
arg->value = xml_parser_state->currval;
arg->value_len = strlen(xml_parser_state->currval);
arg->value_origin_len = arg->value_len;
//arg->value_origin_offset = value-base_offset;
arg->origin = "XML";
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Adding XML argument '%s' with value '%s'",
xml_parser_state->currpath, xml_parser_state->currval);
}
apr_table_addn(msr->arguments,
log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *) arg);
} // end else
} // end top_stack_item == 0
// decrease the length of current path length - +1 because of the '\0'
xml_parser_state->pathlen -= (taglen + 1);
// -1 need because we don't need the '.'
char * newpath = apr_pstrndup(msr->mp, xml_parser_state->currpath, xml_parser_state->pathlen - 1);
xml_parser_state->currpath = newpath;
xml_parser_state->depth--;
}
static void msc_xml_on_characters(void *ctx, const xmlChar *ch, int len) {
modsec_rec * msr = (modsec_rec *)ctx;
msc_xml_parser_state * xml_parser_state = msr->xml->xml_parser_state;
xml_parser_state->currval = apr_pstrndup(msr->mp, (const char *)ch, len);
}
static xmlParserInputBufferPtr
xml_unload_external_entity(const char *URI, xmlCharEncoding enc) {
return NULL;
@@ -37,6 +139,33 @@ int xml_init(modsec_rec *msr, char **error_msg) {
entity = xmlParserInputBufferCreateFilenameDefault(xml_unload_external_entity);
}
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_OFF) {
msr->xml->sax_handler = (xmlSAXHandler *)apr_pcalloc(msr->mp, sizeof(xmlSAXHandler));
memset(msr->xml->sax_handler, 0, sizeof(xmlSAXHandler));
if (msr->xml->sax_handler == NULL) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed to create SAX handler.");
return -1;
}
msr->xml->sax_handler->initialized = XML_SAX2_MAGIC;
msr->xml->sax_handler->startElementNs = msc_xml_on_start_elementns;
msr->xml->sax_handler->endElementNs = msc_xml_on_end_elementns;
msr->xml->sax_handler->characters = msc_xml_on_characters;
// set the parser state struct
msr->xml->xml_parser_state = apr_pcalloc(msr->mp, sizeof(msc_xml_parser_state));
msr->xml->xml_parser_state->depth = 0;
msr->xml->xml_parser_state->pathlen = 4; // "xml\0"
msr->xml->xml_parser_state->currpath = apr_pstrdup(msr->mp, "xml");
msr->xml->xml_parser_state->currval = NULL;
msr->xml->xml_parser_state->currpathbufflen = 4;
// initialize the stack with item of 10
// this will store the information about nodes
// 10 is just an initial value, it can be automatically incremented
msr->xml->xml_parser_state->has_child_stack = apr_array_make(msr->mp, 10, sizeof(int));
}
return 1;
}
@@ -68,7 +197,7 @@ int xml_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
* enable us to pass it the first chunk of data so that
* it can attempt to auto-detect the encoding.
*/
if (msr->xml->parsing_ctx == NULL) {
if (msr->xml->parsing_ctx == NULL && msr->xml->parsing_ctx_arg == NULL) {
/* First invocation. */
@@ -86,18 +215,50 @@ int xml_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
*/
msr->xml->parsing_ctx = xmlCreatePushParserCtxt(NULL, NULL, buf, size, "body.xml");
if (msr->xml->parsing_ctx == NULL) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed to create parsing context.");
return -1;
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_ONLYARGS) {
msr->xml->parsing_ctx = xmlCreatePushParserCtxt(NULL, NULL, buf, size, "body.xml");
if (msr->xml->parsing_ctx == NULL) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed to create parsing context.");
return -1;
}
}
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_OFF) {
msr->xml->parsing_ctx_arg = xmlCreatePushParserCtxt(
msr->xml->sax_handler,
msr,
buf,
size,
NULL);
if (msr->xml->parsing_ctx_arg == NULL) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed to create parsing context for ARGS.");
return -1;
}
}
} else {
/* Not a first invocation. */
msr_log(msr, 4, "XML: Continue parsing.");
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_ONLYARGS) {
xmlParseChunk(msr->xml->parsing_ctx, buf, size, 0);
if (msr->xml->parsing_ctx->wellFormed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document.");
return -1;
}
}
xmlParseChunk(msr->xml->parsing_ctx, buf, size, 0);
if (msr->xml->parsing_ctx->wellFormed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document.");
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_OFF) {
if (xmlParseChunk(msr->xml->parsing_ctx_arg, buf, size, 0) != 0) {
if (msr->xml->xml_error) {
*error_msg = msr->xml->xml_error;
}
else {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document for ARGS.");
}
return -1;
}
}
if (msr->xml->xml_error) {
*error_msg = msr->xml->xml_error;
return -1;
}
}
@@ -114,23 +275,42 @@ int xml_complete(modsec_rec *msr, char **error_msg) {
*error_msg = NULL;
/* Only if we have a context, meaning we've done some work. */
if (msr->xml->parsing_ctx != NULL) {
/* This is how we signalise the end of parsing to libxml. */
xmlParseChunk(msr->xml->parsing_ctx, NULL, 0, 1);
if (msr->xml->parsing_ctx != NULL || msr->xml->parsing_ctx_arg != NULL) {
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_ONLYARGS) {
/* This is how we signalise the end of parsing to libxml. */
xmlParseChunk(msr->xml->parsing_ctx, NULL, 0, 1);
/* Preserve the results for our reference. */
msr->xml->well_formed = msr->xml->parsing_ctx->wellFormed;
msr->xml->doc = msr->xml->parsing_ctx->myDoc;
/* Preserve the results for our reference. */
msr->xml->well_formed = msr->xml->parsing_ctx->wellFormed;
msr->xml->doc = msr->xml->parsing_ctx->myDoc;
/* Clean up everything else. */
xmlFreeParserCtxt(msr->xml->parsing_ctx);
msr->xml->parsing_ctx = NULL;
msr_log(msr, 4, "XML: Parsing complete (well_formed %u).", msr->xml->well_formed);
/* Clean up everything else. */
xmlFreeParserCtxt(msr->xml->parsing_ctx);
msr->xml->parsing_ctx = NULL;
msr_log(msr, 4, "XML: Parsing complete (well_formed %u).", msr->xml->well_formed);
if (msr->xml->well_formed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document.");
return -1;
if (msr->xml->well_formed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document.");
return -1;
}
}
if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_OFF) {
if (xmlParseChunk(msr->xml->parsing_ctx_arg, NULL, 0, 1) != 0) {
if (msr->xml->xml_error) {
*error_msg = msr->xml->xml_error;
}
else {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document for ARGS.");
}
xmlFreeParserCtxt(msr->xml->parsing_ctx_arg);
msr->xml->parsing_ctx_arg = NULL;
return -1;
}
xmlFreeParserCtxt(msr->xml->parsing_ctx_arg);
msr->xml->parsing_ctx_arg = NULL;
}
}
return 1;
@@ -152,6 +332,15 @@ apr_status_t xml_cleanup(modsec_rec *msr) {
xmlFreeParserCtxt(msr->xml->parsing_ctx);
msr->xml->parsing_ctx = NULL;
}
if (msr->xml->parsing_ctx_arg != NULL) {
if (msr->xml->parsing_ctx_arg->myDoc) {
xmlFreeDoc(msr->xml->parsing_ctx_arg->myDoc);
}
xmlFreeParserCtxt(msr->xml->parsing_ctx_arg);
msr->xml->parsing_ctx_arg = NULL;
}
if (msr->xml->doc != NULL) {
xmlFreeDoc(msr->xml->doc);
msr->xml->doc = NULL;

21
apache2/msc_xml.h
View File

@@ -20,15 +20,36 @@ typedef struct xml_data xml_data;
#include "modsecurity.h"
#include <libxml/xmlschemas.h>
#include <libxml/xpath.h>
#include <libxml/SAX.h>
/* Structures */
struct msc_xml_parser_state {
apr_array_header_t * has_child_stack;
unsigned int depth;
unsigned int pathlen;
char * currpath;
char * currval;
size_t currpathbufflen;
apr_pool_t * mp;
};
typedef struct msc_xml_parser_state msc_xml_parser_state;
struct xml_data {
xmlSAXHandler *sax_handler;
xmlParserCtxtPtr parsing_ctx;
xmlDocPtr doc;
unsigned int well_formed;
/* error reporting and XML array flag */
char *xml_error;
/* another parser context for arguments */
xmlParserCtxtPtr parsing_ctx_arg;
/* parser state for SAX parser */
msc_xml_parser_state *xml_parser_state;
};
/* Functions */

30
apache2/re_actions.c
View File

@@ -1022,6 +1022,13 @@ static char *msre_action_ctl_validate(msre_engine *engine, apr_pool_t *mp, msre_
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
return apr_psprintf(mp, "Invalid setting for ctl name HashEngine: %s", value);
}
else
if (strcasecmp(name, "parseXMLintoArgs") == 0) {
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
if (strcasecmp(value, "onlyargs") == 0) return NULL;
return apr_psprintf(mp, "Invalid setting for ctl name parseXMLintoArgs: %s", value);
} else {
return apr_psprintf(mp, "Invalid ctl name setting: %s", name);
}
@@ -1377,6 +1384,29 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
return -1;
}
apr_table_addn(msr->removed_targets, apr_pstrdup(msr->mp, p2), (void *)re);
return 1;
} else
if (strcasecmp(name, "parseXMLintoArgs") == 0) {
if (strcasecmp(value, "on") == 0) {
msr->txcfg->parse_xml_into_args = MSC_XML_ARGS_ON;
msr->usercfg->parse_xml_into_args = MSC_XML_ARGS_ON;
}
else
if (strcasecmp(value, "off") == 0) {
msr->txcfg->parse_xml_into_args = MSC_XML_ARGS_OFF;
msr->usercfg->parse_xml_into_args = MSC_XML_ARGS_OFF;
}
else
if (strcasecmp(value, "onlyargs") == 0) {
msr->txcfg->parse_xml_into_args = MSC_XML_ARGS_ONLYARGS;
msr->usercfg->parse_xml_into_args = MSC_XML_ARGS_ONLYARGS;
}
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: Set parseXmlIntoArgs to %s.", value);
}
return 1;
}