Adds support to @unconditionalMatch

Issue #1002
2025-08-13 13:26:01 +03:00 · 2016-06-21 13:46:05 -03:00 · 2016-06-21 13:46:05 -03:00 · 0d53dda1a1
commit 0d53dda1a1
parent 60be385ebe
7 changed files with 133 additions and 2 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -221,3 +221,4 @@ TESTS+=test/test-cases/regression/variable-RULE.json
 TESTS+=test/test-cases/regression/variable-STATUS.json
 TESTS+=test/test-cases/regression/variable-RESPONSE_PROTOCOL.json
 TESTS+=test/test-cases/regression/variable-SERVER_NAME.json
+TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -180,7 +180,8 @@ OPERATORS = \
 	operators/verify_cc.cc \
 	operators/verify_cpf.cc \
 	operators/verify_ssn.cc \
-	operators/within.cc
+	operators/within.cc \
+ 	operators/unconditional_match.cc


 UTILS = \
--- a/src/operators/operator.cc
+++ b/src/operators/operator.cc
@ -58,6 +58,7 @@
 #include "operators/verify_cpf.h"
 #include "operators/verify_ssn.h"
 #include "operators/within.h"
+#include "operators/unconditional_match.h"

 #define IF_MATCH(a) \
    if (op_ == #a)
@ -172,6 +173,10 @@ Operator *Operator::instantiate(std::string op_string) {
    IF_MATCH(verifyssn) { return new VerifySSN(op, param, negation); }
    IF_MATCH(within) { return new Within(op, param, negation); }

+    IF_MATCH(unconditionalmatch) {
+        return new UnconditionalMatch(op, param, negation);
+    }
+

    return new Operator(op, param, negation);
 }
--- a/src/operators/unconditional_match.cc
+++ b/src/operators/unconditional_match.cc
@ -0,0 +1,33 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ * 
+ */
+
+#include "operators/unconditional_match.h"
+
+namespace modsecurity {
+namespace operators {
+
+bool UnconditionalMatch::evaluate(Transaction *transaction,
+    const std::string &input) {
+    bool contains = true;
+
+    if (negation) {
+        return !contains;
+    }
+
+    return contains;
+}
+
+}  // namespace operators
+}  // namespace modsecurity
--- a/src/operators/unconditional_match.h
+++ b/src/operators/unconditional_match.h
@ -0,0 +1,43 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifndef SRC_OPERATORS_UNCONDITIONAL_MATCH_H_
+#define SRC_OPERATORS_UNCONDITIONAL_MATCH_H_
+
+#include <string>
+#include <list>
+
+#include "modsecurity/transaction.h"
+#include "operators/operator.h"
+
+#ifdef __cplusplus
+namespace modsecurity {
+namespace operators {
+
+class UnconditionalMatch : public Operator {
+ public:
+    /** @ingroup ModSecurity_Operator */
+    UnconditionalMatch(std::string op, std::string param, bool negation)
+        : Operator(op, param, negation) { }
+
+    bool evaluate(Transaction *transaction, const std::string &exp) override;
+};
+
+}  // namespace operators
+}  // namespace modsecurity
+#endif
+
+
+#endif  // SRC_OPERATORS_UNCONDITIONAL_MATCH_H_
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -120,7 +120,7 @@ DICT_ELEMENT    [^ \t|]+

 OPERATOR        (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@validateHash|@validateSchema|@verifyCC|@verifyCPF|@verifySSN|@gsbLookup|@rsub)|(?:\!{0,1})(?:@within|@containsWord|@contains|@endsWith|@eq|@ge|@gt|@ipMatchF|@ipMatch|@ipMatchFromFile|@le|@lt|@pmf|@pm|@pmFromFile|@rbl|@rx|@streq|@strmatch|@beginsWith))

-OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@validateUrlEncoding|@validateUtf8Encoding)
+OPERATORNOARG	(?i:@unconditionalMatch|@detectSQLi|@detectXSS|@validateUrlEncoding|@validateUtf8Encoding)
 OPERATOR_GEOIP  (?i:@geoLookup)

 TRANSFORMATION  t:(?i:(parityZero7bit|parityOdd7bit|parityEven7bit|sqlHexDecode|cmdLine|sha1|md5|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeCommentsChar|removeComments|replaceComments))
--- a/test/test-cases/regression/operator-UnconditionalMatch.json
+++ b/test/test-cases/regression/operator-UnconditionalMatch.json
@ -0,0 +1,48 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @UnconditionalMatch",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body": [
+        "param1=value1&param2=value2"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Rule returned 1"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecDebugLogLevel 9",
+      "SecRule ARGS \"@UnconditionalMatch\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  }
+]