Adds support for ctl:ruleRemoveByTag action

2025-08-13 13:26:01 +03:00 · 2018-03-26 15:25:48 -03:00 · 2018-03-26 15:25:48 -03:00 · 0ca5994744
commit 0ca5994744
parent 9537cfceed
16 changed files with 7393 additions and 7149 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.0.x - YYYY-MMM-DD (To be released)
 -------------------------------------
 - Adds support for ctl:ruleRemoveById
   [@zimmerle]
 - Fix SecUploadDir configuration merge
   [Issue #1720 - @zimmerle, @gjvanetten]
 - Include all prerequisites for "make check" into dist archive
--- a/Makefile.am
+++ b/Makefile.am
@ -91,6 +91,7 @@ TESTS+=test/test-cases/regression/action-ctl_request_body_access.json
 TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
 TESTS+=test/test-cases/regression/action-ctl_rule_engine.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json
 TESTS+=test/test-cases/regression/action-disruptive.json
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -438,6 +438,11 @@ class Transaction : public TransactionAnchoredVariables {
     */
    std::list<int > m_ruleRemoveById;
    /**
     *
     */
    std::list<std::string> m_ruleRemoveByTag;
    /**
     *
     */
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -115,6 +115,7 @@ ACTIONS = \
 	actions/ctl/rule_remove_target_by_tag.cc \
 	actions/ctl/rule_remove_target_by_id.cc \
 	actions/ctl/rule_remove_by_id.cc \
 	actions/ctl/rule_remove_by_tag.cc \
 	actions/ctl/request_body_access.cc\
 	actions/disruptive/allow.cc \
 	actions/disruptive/block.cc \
--- a/src/actions/ctl/rule_remove_by_tag.cc
+++ b/src/actions/ctl/rule_remove_by_tag.cc
@ -0,0 +1,43 @@
 /*
 * ModSecurity, http://www.modsecurity.org/
 * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
 *
 * You may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * If any of the files related to licensing are missing or if you have any
 * other questions related to licensing please contact Trustwave Holdings, Inc.
 * directly using the email address security@modsecurity.org.
 *
 */
 #include "src/actions/ctl/rule_remove_by_tag.h"
 #include <iostream>
 #include <string>
 #include "modsecurity/transaction.h"
 namespace modsecurity {
 namespace actions {
 namespace ctl {
 bool RuleRemoveByTag::init(std::string *error) {
    std::string what(m_parser_payload, 16, m_parser_payload.size() - 16);
    m_tag = what;
    return true;
 }
 bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) {
    transaction->m_ruleRemoveByTag.push_back(m_tag);
    return true;
 }
 }  // namespace ctl
 }  // namespace actions
 }  // namespace modsecurity
--- a/src/actions/ctl/rule_remove_by_tag.h
+++ b/src/actions/ctl/rule_remove_by_tag.h
@ -0,0 +1,47 @@
 /*
 * ModSecurity, http://www.modsecurity.org/
 * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
 *
 * You may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * If any of the files related to licensing are missing or if you have any
 * other questions related to licensing please contact Trustwave Holdings, Inc.
 * directly using the email address security@modsecurity.org.
 *
 */
 #include <string>
 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
 #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
 #define SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
 namespace modsecurity {
 namespace actions {
 namespace ctl {
 class RuleRemoveByTag : public Action {
 public:
    explicit RuleRemoveByTag(std::string action)
        : Action(action, RunTimeOnlyIfMatchKind),
        m_tag("") { }
    bool init(std::string *error) override;
    bool evaluate(Rule *rule, Transaction *transaction) override;
    std::string m_tag;
 };
 }  // namespace ctl
 }  // namespace actions
 }  // namespace modsecurity
 #endif  // SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -29,6 +29,7 @@ class Driver;
 #include "src/actions/ctl/request_body_processor_json.h"
 #include "src/actions/ctl/request_body_processor_xml.h"
 #include "src/actions/ctl/rule_remove_by_id.h"
 #include "src/actions/ctl/rule_remove_by_tag.h"
 #include "src/actions/ctl/rule_remove_target_by_id.h"
 #include "src/actions/ctl/rule_remove_target_by_tag.h"
 #include "src/actions/data/status.h"
@ -524,6 +525,7 @@ using modsecurity::operators::Operator;
  ACTION_CTL_FORCE_REQ_BODY_VAR                "ACTION_CTL_FORCE_REQ_BODY_VAR"
  ACTION_CTL_REQUEST_BODY_ACCESS               "ACTION_CTL_REQUEST_BODY_ACCESS"
  ACTION_CTL_RULE_REMOVE_BY_ID                 "ACTION_CTL_RULE_REMOVE_BY_ID"
  ACTION_CTL_RULE_REMOVE_BY_TAG                "ACTION_CTL_RULE_REMOVE_BY_TAG"
  ACTION_CTL_RULE_REMOVE_TARGET_BY_ID          "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID"
  ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG         "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG"
  ACTION_DENY                                  "Deny"
@ -2577,6 +2579,10 @@ act:
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveById($1));
      }
    | ACTION_CTL_RULE_REMOVE_BY_TAG
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveByTag($1));
      }
    | ACTION_CTL_RULE_REMOVE_TARGET_BY_ID
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveTargetById($1));
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -91,6 +91,7 @@ ACTION_CTL_BDY_XML                              (?i:ctl:requestBodyProcessor=XML
 ACTION_CTL_FORCE_REQ_BODY_VAR                   (?i:ctl:forceRequestBodyVariable)
 ACTION_CTL_REQUEST_BODY_ACCESS                  (?i:ctl:requestBodyAccess)
 ACTION_CTL_RULE_ENGINE                          (?i:ctl:ruleEngine)
 ACTION_CTL_RULE_REMOVE_BY_TAG                   (?i:ctl:ruleRemoveByTag)
 ACTION_CTL_RULE_REMOVE_BY_ID                    (?i:ctl:ruleRemoveById)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_ID             (?i:ctl:ruleRemoveTargetById)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG            (?i:ctl:ruleRemoveTargetByTag)
@ -526,6 +527,7 @@ EQUALS_MINUS                            (?i:=\-)
 {ACTION_CTL_REQUEST_BODY_ACCESS}=                                       { return p::make_ACTION_CTL_REQUEST_BODY_ACCESS(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_ENGINE}=                                               { return p::make_ACTION_CTL_RULE_ENGINE(*driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_BY_ID}[=]{REMOVE_RULE_BY}                       { return p::make_ACTION_CTL_RULE_REMOVE_BY_ID(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_BY_TAG}[=]{REMOVE_RULE_BY}                       { return p::make_ACTION_CTL_RULE_REMOVE_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_ID}[=]{REMOVE_RULE_BY}                { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_ID(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG}[=]{REMOVE_RULE_BY}               { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}'                                   { return p::make_ACTION_EXEC(yytext, *driver.loc.back()); }
--- a/src/rule.cc
+++ b/src/rule.cc
@ -766,7 +766,7 @@ bool Rule::evaluate(Transaction *trans,
        }
 #ifndef NO_LOGS
        trans->debug(9, "Rule id: " + std::to_string(m_ruleId) +
-            " was skipped due to an ruleRemoveById action...");
+            " was skipped due to a ruleRemoveById action...");
 #endif
        return true;
    }
--- a/src/rules.cc
+++ b/src/rules.cc
@ -234,6 +234,16 @@ int Rules::evaluate(int phase, Transaction *transaction) {
                }
            }
            for (auto &z : transaction->m_ruleRemoveByTag) {
                if (rule->containsTag(z, transaction) == true) {
                    debug(9, "Skipped rule id '" \
                        + std::to_string(rule->m_ruleId) \
                        + "'. Skipped due to a ruleRemoveByTag action.");
                    remove_rule = true;
                    break;
                }
            }
            rule->evaluate(transaction, NULL);
            if (transaction->m_it.disruptive == true) {
                debug(8, "Skipping this phase as this " \
--- a/test/Makefile.am
+++ b/test/Makefile.am
@ -68,7 +68,6 @@ unit_tests_CPPFLAGS = \
 	-std=c++11 \
 	-Icommon \
 	-I../ \
 	-O0 \
 	-g \
 	-I$(top_builddir)/headers \
 	$(CURL_CFLAGS) \
@ -119,7 +118,6 @@ regression_tests_CPPFLAGS = \
 	-std=c++11 \
 	-Icommon \
 	-I../ \
 	-O0 \
 	-g \
 	-I$(top_builddir)/headers \
 	$(CURL_CFLAGS) \
@ -167,7 +165,6 @@ rules_optimization_CPPFLAGS = \
 	-std=c++11 \
 	-Icommon \
 	-I../ \
 	-O0 \
 	-g \
 	-I$(top_builddir)/headers \
 	$(CURL_CFLAGS) \
--- a/test/test-cases/regression/action-ctl_rule_remove_by_id.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_by_id.json
@ -4,7 +4,7 @@
    "version_min":300000,
    "title":"Testing CtlRuleRemoteById (1)",
    "expected":{
-      "debug_log": "Rule id: 1 was skipped due to an ruleRemoveById action..."
+      "debug_log": "Rule id: 1 was skipped due to a ruleRemoveById action..."
    },
    "client":{
      "ip":"200.249.12.31",
--- a/test/test-cases/regression/action-ctl_rule_remove_by_tag.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_by_tag.json
@ -0,0 +1,84 @@
 [
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing ctl:ruleRemoveByTag (1/2)",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{
      "ip":"200.249.12.31",
      "port":80
    },
    "request":{
      "headers":{
        "Host":"localhost",
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*"
      },
      "uri":"/?key=value&key=other_value",
      "method":"GET"
    },
    "response":{
      "headers":{
        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
        "Content-Type":"text/html"
      },
      "body":[
        "no need."
      ]
    },
    "expected":{
      "debug_log":"Skipped rule id '2'. Skipped due to a ruleRemoveByTag action."
    },
    "rules":[
      "SecRule ARGS:key \".\" \"id:4,ctl:ruleRemoveByTag=tag123",
      "SecRule ARGS \"@contains test1\" \"id:1,pass,t:trim\"",
      "SecRule ARGS \"@contains test2\" \"id:2,pass,t:trim,tag:tag123\"",
      "SecRule ARGS \"@contains test3\" \"id:3,pass,t:trim\""
    ]
  },
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing ctl:ruleRemoveByTag (2/2)",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{
      "ip":"200.249.12.31",
      "port":80
    },
    "request":{
      "headers":{
        "Host":"localhost",
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*"
      },
      "uri":"/?key=value&key=other_value",
      "method":"GET"
    },
    "response":{
      "headers":{
        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
        "Content-Type":"text/html"
      },
      "body":[
        "no need."
      ]
    },
    "expected":{
      "debug_log":"Skipped rule id '3'. Skipped due to a ruleRemoveByTag action."
    },
    "rules":[
      "SecRule ARGS:key \".\" \"id:4,ctl:ruleRemoveByTag=whee\"",
      "SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"",
      "SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"",
      "SecRule ARGS \"@contains test\" \"id:3,pass,t:trim,tag:whee\""
    ]
  }
 ]