Adds support for ctl:ruleRemoveByTag action

2025-08-13 13:26:01 +03:00 · 2018-03-26 15:25:48 -03:00 · 2018-03-26 15:25:48 -03:00 · 0ca5994744
commit 0ca5994744
parent 9537cfceed
16 changed files with 7393 additions and 7149 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.0.x - YYYY-MMM-DD (To be released)
 -------------------------------------

+ - Adds support for ctl:ruleRemoveById
+   [@zimmerle]
 - Fix SecUploadDir configuration merge
   [Issue #1720 - @zimmerle, @gjvanetten]
 - Include all prerequisites for "make check" into dist archive
--- a/Makefile.am
+++ b/Makefile.am
@ -91,6 +91,7 @@ TESTS+=test/test-cases/regression/action-ctl_request_body_access.json
 TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
 TESTS+=test/test-cases/regression/action-ctl_rule_engine.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_id.json
+TESTS+=test/test-cases/regression/action-ctl_rule_remove_by_tag.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
 TESTS+=test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json
 TESTS+=test/test-cases/regression/action-disruptive.json
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -438,6 +438,11 @@ class Transaction : public TransactionAnchoredVariables {
     */
    std::list<int > m_ruleRemoveById;

+    /**
+     *
+     */
+    std::list<std::string> m_ruleRemoveByTag;
+
    /**
     *
     */
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -115,6 +115,7 @@ ACTIONS = \
 	actions/ctl/rule_remove_target_by_tag.cc \
 	actions/ctl/rule_remove_target_by_id.cc \
 	actions/ctl/rule_remove_by_id.cc \
+	actions/ctl/rule_remove_by_tag.cc \
 	actions/ctl/request_body_access.cc\
 	actions/disruptive/allow.cc \
 	actions/disruptive/block.cc \
--- a/src/actions/ctl/rule_remove_by_tag.cc
+++ b/src/actions/ctl/rule_remove_by_tag.cc
@ -0,0 +1,43 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/ctl/rule_remove_by_tag.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+namespace ctl {
+
+
+bool RuleRemoveByTag::init(std::string *error) {
+    std::string what(m_parser_payload, 16, m_parser_payload.size() - 16);
+    m_tag = what;
+
+    return true;
+}
+
+bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) {
+    transaction->m_ruleRemoveByTag.push_back(m_tag);
+    return true;
+}
+
+
+}  // namespace ctl
+}  // namespace actions
+}  // namespace modsecurity
--- a/src/actions/ctl/rule_remove_by_tag.h
+++ b/src/actions/ctl/rule_remove_by_tag.h
@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/transaction.h"
+
+
+#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
+#define SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
+
+namespace modsecurity {
+namespace actions {
+namespace ctl {
+
+
+class RuleRemoveByTag : public Action {
+ public:
+    explicit RuleRemoveByTag(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind),
+        m_tag("") { }
+
+    bool init(std::string *error) override;
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+
+    std::string m_tag;
+};
+
+
+}  // namespace ctl
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -29,6 +29,7 @@ class Driver;
 #include "src/actions/ctl/request_body_processor_json.h"
 #include "src/actions/ctl/request_body_processor_xml.h"
 #include "src/actions/ctl/rule_remove_by_id.h"
+#include "src/actions/ctl/rule_remove_by_tag.h"
 #include "src/actions/ctl/rule_remove_target_by_id.h"
 #include "src/actions/ctl/rule_remove_target_by_tag.h"
 #include "src/actions/data/status.h"
@ -524,6 +525,7 @@ using modsecurity::operators::Operator;
  ACTION_CTL_FORCE_REQ_BODY_VAR                "ACTION_CTL_FORCE_REQ_BODY_VAR"
  ACTION_CTL_REQUEST_BODY_ACCESS               "ACTION_CTL_REQUEST_BODY_ACCESS"
  ACTION_CTL_RULE_REMOVE_BY_ID                 "ACTION_CTL_RULE_REMOVE_BY_ID"
+  ACTION_CTL_RULE_REMOVE_BY_TAG                "ACTION_CTL_RULE_REMOVE_BY_TAG"
  ACTION_CTL_RULE_REMOVE_TARGET_BY_ID          "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID"
  ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG         "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG"
  ACTION_DENY                                  "Deny"
@ -2577,6 +2579,10 @@ act:
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveById($1));
      }
+    | ACTION_CTL_RULE_REMOVE_BY_TAG
+      {
+        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveByTag($1));
+      }
    | ACTION_CTL_RULE_REMOVE_TARGET_BY_ID
      {
        ACTION_CONTAINER($$, new actions::ctl::RuleRemoveTargetById($1));
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -91,6 +91,7 @@ ACTION_CTL_BDY_XML                              (?i:ctl:requestBodyProcessor=XML
 ACTION_CTL_FORCE_REQ_BODY_VAR                   (?i:ctl:forceRequestBodyVariable)
 ACTION_CTL_REQUEST_BODY_ACCESS                  (?i:ctl:requestBodyAccess)
 ACTION_CTL_RULE_ENGINE                          (?i:ctl:ruleEngine)
+ACTION_CTL_RULE_REMOVE_BY_TAG                   (?i:ctl:ruleRemoveByTag)
 ACTION_CTL_RULE_REMOVE_BY_ID                    (?i:ctl:ruleRemoveById)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_ID             (?i:ctl:ruleRemoveTargetById)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG            (?i:ctl:ruleRemoveTargetByTag)
@ -526,6 +527,7 @@ EQUALS_MINUS                            (?i:=\-)
 {ACTION_CTL_REQUEST_BODY_ACCESS}=                                       { return p::make_ACTION_CTL_REQUEST_BODY_ACCESS(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_ENGINE}=                                               { return p::make_ACTION_CTL_RULE_ENGINE(*driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_BY_ID}[=]{REMOVE_RULE_BY}                       { return p::make_ACTION_CTL_RULE_REMOVE_BY_ID(yytext, *driver.loc.back()); }
+{ACTION_CTL_RULE_REMOVE_BY_TAG}[=]{REMOVE_RULE_BY}                       { return p::make_ACTION_CTL_RULE_REMOVE_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_ID}[=]{REMOVE_RULE_BY}                { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_ID(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG}[=]{REMOVE_RULE_BY}               { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}'                                   { return p::make_ACTION_EXEC(yytext, *driver.loc.back()); }
--- a/src/rule.cc
+++ b/src/rule.cc
@ -766,7 +766,7 @@ bool Rule::evaluate(Transaction *trans,
        }
 #ifndef NO_LOGS
        trans->debug(9, "Rule id: " + std::to_string(m_ruleId) +
-            " was skipped due to an ruleRemoveById action...");
+            " was skipped due to a ruleRemoveById action...");
 #endif
        return true;
    }
--- a/src/rules.cc
+++ b/src/rules.cc
@ -234,6 +234,16 @@ int Rules::evaluate(int phase, Transaction *transaction) {
                }
            }

+            for (auto &z : transaction->m_ruleRemoveByTag) {
+                if (rule->containsTag(z, transaction) == true) {
+                    debug(9, "Skipped rule id '" \
+                        + std::to_string(rule->m_ruleId) \
+                        + "'. Skipped due to a ruleRemoveByTag action.");
+                    remove_rule = true;
+                    break;
+                }
+            }
+
            rule->evaluate(transaction, NULL);
            if (transaction->m_it.disruptive == true) {
                debug(8, "Skipping this phase as this " \
--- a/test/Makefile.am
+++ b/test/Makefile.am
@ -68,7 +68,6 @@ unit_tests_CPPFLAGS = \
 	-std=c++11 \
 	-Icommon \
 	-I../ \
-	-O0 \
 	-g \
 	-I$(top_builddir)/headers \
 	$(CURL_CFLAGS) \
@ -119,7 +118,6 @@ regression_tests_CPPFLAGS = \
 	-std=c++11 \
 	-Icommon \
 	-I../ \
-	-O0 \
 	-g \
 	-I$(top_builddir)/headers \
 	$(CURL_CFLAGS) \
@ -167,7 +165,6 @@ rules_optimization_CPPFLAGS = \
 	-std=c++11 \
 	-Icommon \
 	-I../ \
-	-O0 \
 	-g \
 	-I$(top_builddir)/headers \
 	$(CURL_CFLAGS) \
--- a/test/test-cases/regression/action-ctl_rule_remove_by_id.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_by_id.json
@ -4,7 +4,7 @@
    "version_min":300000,
    "title":"Testing CtlRuleRemoteById (1)",
    "expected":{
-      "debug_log": "Rule id: 1 was skipped due to an ruleRemoveById action..."
+      "debug_log": "Rule id: 1 was skipped due to a ruleRemoveById action..."
    },
    "client":{
      "ip":"200.249.12.31",
--- a/test/test-cases/regression/action-ctl_rule_remove_by_tag.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_by_tag.json
@ -0,0 +1,84 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing ctl:ruleRemoveByTag (1/2)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Skipped rule id '2'. Skipped due to a ruleRemoveByTag action."
+    },
+    "rules":[
+      "SecRule ARGS:key \".\" \"id:4,ctl:ruleRemoveByTag=tag123",
+      "SecRule ARGS \"@contains test1\" \"id:1,pass,t:trim\"",
+      "SecRule ARGS \"@contains test2\" \"id:2,pass,t:trim,tag:tag123\"",
+      "SecRule ARGS \"@contains test3\" \"id:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing ctl:ruleRemoveByTag (2/2)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Skipped rule id '3'. Skipped due to a ruleRemoveByTag action."
+    },
+    "rules":[
+      "SecRule ARGS:key \".\" \"id:4,ctl:ruleRemoveByTag=whee\"",
+      "SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"",
+      "SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"",
+      "SecRule ARGS \"@contains test\" \"id:3,pass,t:trim,tag:whee\""
+    ]
+  }
+]