github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to action CtlRuleRemoteTargetById

Browse Source
This commit is contained in:
Felipe Zimmerle
2016-10-26 09:42:49 -03:00
parent 9245369a54
commit 161cc36acf
8 changed files with 200 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.am
View File

@@ -104,6 +104,7 @@ ACTIONS = \
actions/ctl_request_body_processor_json.cc \
actions/ctl_request_body_processor_xml.cc \
actions/ctl_rule_remove_target_by_tag.cc \
actions/ctl_rule_remove_target_by_id.cc \
actions/init_col.cc \
actions/deny.cc \
actions/log.cc \

55
src/actions/ctl_rule_remove_target_by_id.cc Normal file
View File

@@ -0,0 +1,55 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "actions/ctl_rule_remove_target_by_id.h"
#include <iostream>
#include <string>
#include "modsecurity/transaction.h"
namespace modsecurity {
namespace actions {
bool CtlRuleRemoveTargetById::init(std::string *error) {
std::string what(m_parser_payload, 21, m_parser_payload.size() - 21);
std::vector<std::string> param = split(what, ';');
if (param.size() < 2) {
error->assign(what + " is not a valid `ID;VARIABLE'");
return false;
}
try {
m_id = std::stoi(param[0]);
} catch(...) {
error->assign("Not able to convert '" + param[0] +
"' into a number");
return false;
}
m_target = param[1];
return true;
}
bool CtlRuleRemoveTargetById::evaluate(Rule *rule, Transaction *transaction) {
transaction->m_ruleRemoteTargetById.push_back(
std::make_pair(m_id, m_target));
return true;
}
} // namespace actions
} // namespace modsecurity

44
src/actions/ctl_rule_remove_target_by_id.h Normal file
View File

@@ -0,0 +1,44 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "utils.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_
#define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_
namespace modsecurity {
namespace actions {
class CtlRuleRemoveTargetById : public Action {
public:
explicit CtlRuleRemoveTargetById(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
int m_id;
std::string m_target;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_

11
src/parser/seclang-parser.yy
View File

@@ -27,6 +27,7 @@ class Driver;
#include "actions/ctl_request_body_processor_json.h"
#include "actions/ctl_request_body_processor_xml.h"
#include "actions/ctl_rule_remove_target_by_tag.h"
#include "actions/ctl_rule_remove_target_by_id.h"
#include "actions/init_col.h"
#include "actions/set_sid.h"
#include "actions/set_uid.h"
@@ -300,6 +301,7 @@ using modsecurity::Variables::XML;
%token <std::string> ACTION_CTL_FORCE_REQ_BODY_VAR
%token <std::string> CONFIG_SEC_COLLECTION_TIMEOUT
%token <std::string> ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG
%token <std::string> ACTION_CTL_RULE_REMOVE_TARGET_BY_ID
%type <std::vector<Action *> *> actions
%type <std::vector<Variable *> *> variables
@@ -1221,6 +1223,15 @@ act:
YYERROR;
}
}
| ACTION_CTL_RULE_REMOVE_TARGET_BY_ID
{
std::string error;
$$ = new modsecurity::actions::CtlRuleRemoveTargetById($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_CTL_AUDIT_LOG_PARTS
{
std::string error;

2
src/parser/seclang-scanner.ll
View File

@@ -78,6 +78,7 @@ CONFIG_DIR_REQ_BODY_LIMIT_ACTION (?i:SecRequestBodyLimitAction)
CONFIG_DIR_RES_BODY_LIMIT_ACTION (?i:SecResponseBodyLimitAction)
ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG (?i:ctl:ruleRemoveTargetByTag)
ACTION_CTL_RULE_REMOVE_TARGET_BY_ID (?i:ctl:ruleRemoveTargetById)
CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
@@ -237,6 +238,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
%{ /* Remove Rules */ %}
{CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_SEC_RULE_REMOVE_BY_ID(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG}[=]{CONFIG_VALUE_PATH2} { return yy::seclang_parser::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG(yytext, *driver.loc.back()); }
{ACTION_CTL_RULE_REMOVE_TARGET_BY_ID}[=]{CONFIG_VALUE_PATH2} { return yy::seclang_parser::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_ID(yytext, *driver.loc.back()); }
%{ /* Upload */ %}
{CONFIG_UPLOAD_FILE_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }

16
src/rule.cc
View File

@@ -357,6 +357,22 @@ bool Rule::evaluate(Transaction *trasn) {
if (ignoreVariable) {
continue;
}
for (auto &i : trasn->m_ruleRemoteTargetById) {
int id = i.first;
std::string args = i.second;
if (rule_id != id) {
continue;
}
if (args == v->m_key) {
trasn->debug(9, "Variable: " + v->m_key +
" was excluded by ruleRemoteTargetById...");
ignoreVariable = true;
break;
}
}
if (ignoreVariable) {
continue;
}
std::string value = v->m_value;
int none = 0;