Adds support for ctl:ruleRemoveByTag action

2025-12-31 21:59:11 +03:00 · 2018-03-26 15:25:48 -03:00
parent 9537cfceed
commit 0ca5994744
16 changed files with 7393 additions and 7149 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -115,6 +115,7 @@ ACTIONS = \
 	actions/ctl/rule_remove_target_by_tag.cc \
 	actions/ctl/rule_remove_target_by_id.cc \
 	actions/ctl/rule_remove_by_id.cc \
+	actions/ctl/rule_remove_by_tag.cc \
 	actions/ctl/request_body_access.cc\
 	actions/disruptive/allow.cc \
 	actions/disruptive/block.cc \
--- a/src/actions/ctl/rule_remove_by_tag.cc
+++ b/src/actions/ctl/rule_remove_by_tag.cc
@@ -0,0 +1,43 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/ctl/rule_remove_by_tag.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+namespace ctl {
+
+
+bool RuleRemoveByTag::init(std::string *error) {
+    std::string what(m_parser_payload, 16, m_parser_payload.size() - 16);
+    m_tag = what;
+
+    return true;
+}
+
+bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) {
+    transaction->m_ruleRemoveByTag.push_back(m_tag);
+    return true;
+}
+
+
+}  // namespace ctl
+}  // namespace actions
+}  // namespace modsecurity
--- a/src/actions/ctl/rule_remove_by_tag.h
+++ b/src/actions/ctl/rule_remove_by_tag.h
@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/transaction.h"
+
+
+#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
+#define SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
+
+namespace modsecurity {
+namespace actions {
+namespace ctl {
+
+
+class RuleRemoveByTag : public Action {
+ public:
+    explicit RuleRemoveByTag(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind),
+        m_tag("") { }
+
+    bool init(std::string *error) override;
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+
+    std::string m_tag;
+};
+
+
+}  // namespace ctl
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -29,6 +29,7 @@ class Driver;
 #include "src/actions/ctl/request_body_processor_json.h"
 #include "src/actions/ctl/request_body_processor_xml.h"
 #include "src/actions/ctl/rule_remove_by_id.h"
+#include "src/actions/ctl/rule_remove_by_tag.h"
 #include "src/actions/ctl/rule_remove_target_by_id.h"
 #include "src/actions/ctl/rule_remove_target_by_tag.h"
 #include "src/actions/data/status.h"
@@ -524,6 +525,7 @@ using modsecurity::operators::Operator;
  ACTION_CTL_FORCE_REQ_BODY_VAR                "ACTION_CTL_FORCE_REQ_BODY_VAR"
  ACTION_CTL_REQUEST_BODY_ACCESS               "ACTION_CTL_REQUEST_BODY_ACCESS"
  ACTION_CTL_RULE_REMOVE_BY_ID                 "ACTION_CTL_RULE_REMOVE_BY_ID"
+  ACTION_CTL_RULE_REMOVE_BY_TAG                "ACTION_CTL_RULE_REMOVE_BY_TAG"
  ACTION_CTL_RULE_REMOVE_TARGET_BY_ID          "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID"
  ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG         "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG"
  ACTION_DENY                                  "Deny"
@@ -2577,6 +2579,10 @@ act:
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveById($1));
      }
+    | ACTION_CTL_RULE_REMOVE_BY_TAG
+      {
+        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveByTag($1));
+      }
    | ACTION_CTL_RULE_REMOVE_TARGET_BY_ID
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveTargetById($1));
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -91,6 +91,7 @@ ACTION_CTL_BDY_XML                              (?i:ctl:requestBodyProcessor=XML
 ACTION_CTL_FORCE_REQ_BODY_VAR                   (?i:ctl:forceRequestBodyVariable)
 ACTION_CTL_REQUEST_BODY_ACCESS                  (?i:ctl:requestBodyAccess)
 ACTION_CTL_RULE_ENGINE                          (?i:ctl:ruleEngine)
+ACTION_CTL_RULE_REMOVE_BY_TAG                   (?i:ctl:ruleRemoveByTag)
 ACTION_CTL_RULE_REMOVE_BY_ID                    (?i:ctl:ruleRemoveById)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_ID             (?i:ctl:ruleRemoveTargetById)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG            (?i:ctl:ruleRemoveTargetByTag)
@@ -526,6 +527,7 @@ EQUALS_MINUS                            (?i:=\-)
 {ACTION_CTL_REQUEST_BODY_ACCESS}=                                       { return p::make_ACTION_CTL_REQUEST_BODY_ACCESS(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_ENGINE}=                                               { return p::make_ACTION_CTL_RULE_ENGINE(*driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_BY_ID}[=]{REMOVE_RULE_BY}                       { return p::make_ACTION_CTL_RULE_REMOVE_BY_ID(yytext, *driver.loc.back()); }
+{ACTION_CTL_RULE_REMOVE_BY_TAG}[=]{REMOVE_RULE_BY}                       { return p::make_ACTION_CTL_RULE_REMOVE_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_ID}[=]{REMOVE_RULE_BY}                { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_ID(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG}[=]{REMOVE_RULE_BY}               { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}'                                   { return p::make_ACTION_EXEC(yytext, *driver.loc.back()); }
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -766,7 +766,7 @@ bool Rule::evaluate(Transaction *trans,
        }
 #ifndef NO_LOGS
        trans->debug(9, "Rule id: " + std::to_string(m_ruleId) +
-            " was skipped due to an ruleRemoveById action...");
+            " was skipped due to a ruleRemoveById action...");
 #endif
        return true;
    }
--- a/src/rules.cc
+++ b/src/rules.cc
@@ -234,6 +234,16 @@ int Rules::evaluate(int phase, Transaction *transaction) {
                }
            }

+            for (auto &z : transaction->m_ruleRemoveByTag) {
+                if (rule->containsTag(z, transaction) == true) {
+                    debug(9, "Skipped rule id '" \
+                        + std::to_string(rule->m_ruleId) \
+                        + "'. Skipped due to a ruleRemoveByTag action.");
+                    remove_rule = true;
+                    break;
+                }
+            }
+
            rule->evaluate(transaction, NULL);
            if (transaction->m_it.disruptive == true) {
                debug(8, "Skipping this phase as this " \