Adds support for the @inspectFile operator

CHANGES

@@ -2,6 +2,8 @@
 v3.0.????? - ?
 ---------------------------
 
+ - Adds support for @inspectFile operator.
+   [Issue #999 - @zimmerle, @victorhora]
  - Adds support for RESOURCE variable collection.
    [Issue #1014 - @zimmerle, @victorhora]
  - Adds support for @fuzzyHash operator.

Makefile.am

@@ -286,4 +286,5 @@ TESTS+=test/test-cases/regression/config-update-target-by-id.json
 TESTS+=test/test-cases/regression/misc-variable-under-quotes.json
 TESTS+=test/test-cases/regression/operator-fuzzyhash.json
 TESTS+=test/test-cases/regression/collection-resource.json
+TESTS+=test/test-cases/regression/operator-inpectFile.json
 

src/operators/inspect_file.cc

@@ -16,20 +16,61 @@
 #include "src/operators/inspect_file.h"
 
 #include <string>
+#include <iostream>
+#include <stdio.h>
 
 #include "src/operators/operator.h"
+#include "src/utils/system.h"
 
 namespace modsecurity {
 namespace operators {
 
-bool InspectFile::evaluate(Transaction *transaction, const std::string &str) {
+bool InspectFile::init(const std::string &param2, std::string *error) {
-    /**
+    std::istream *iss;
-     * @todo Implement the operator InspectFile.
+    std::string err;
-     *       Reference: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#inspectfile
+
-     */
+    m_file = utils::find_resource(m_param, param2, &err);
+    iss = new std::ifstream(m_file, std::ios::in);
+
+    if (((std::ifstream *)iss)->is_open() == false) {
+        error->assign("Failed to open file: " + m_param + ". " + err);
+        delete iss;
+        return false;
+    }
+
+    delete iss;
     return true;
 }
 
+bool InspectFile::evaluate(Transaction *transaction, const std::string &str) {
+    FILE *in;
+    char buff[512];
+    std::stringstream s;
+    std::string res;
+    std::string openstr;
+
+    openstr.append(m_param);
+    openstr.append(" ");
+    openstr.append(str);
+
+    if (!(in = popen(openstr.c_str(), "r"))){
+        return false;
+    }
+
+    while (fgets(buff, sizeof(buff), in) != NULL) {
+        s << buff;
+    }
+
+    pclose(in);
+
+    res.append(s.str());
+    if (res.size() > 1 && res.at(0) == '1') {
+        return true;
+    }
+
+    return false;
+}
+
 
 }  // namespace operators
 }  // namespace modsecurity

src/operators/inspect_file.h

@@ -28,11 +28,16 @@ class InspectFile : public Operator {
  public:
     /** @ingroup ModSecurity_Operator */
     InspectFile(std::string o, std::string p, bool n)
-        : Operator(o, p, n) { }
+        : Operator(o, p, n),
+        m_file("") { }
     explicit InspectFile(std::string param)
-        : Operator("InspectFile", param) { }
+        : Operator("InspectFile", param),
+        m_file("") { }
 
+    bool init(const std::string &param, std::string *error) override;
     bool evaluate(Transaction *transaction, const std::string &str) override;
+ private:
+    std::string m_file;
 };
 
 }  // namespace operators

src/parser/seclang-parser.yy

@@ -905,8 +905,12 @@ op_before_init:
       }
     | OPERATOR_INSPECT_FILE FREE_TEXT
       {
-        /* $$ = new operators::InspectFile($1); */
+        OPERATOR_CONTAINER($$, new operators::InspectFile($2));
-        OPERATOR_NOT_SUPPORTED("InspectFile", @0);
+        std::string error;
+        if ($$->init(driver.ref.back(), &error) == false) {
+            driver.error(@0, error);
+            YYERROR;
+        }
       }
     | OPERATOR_FUZZY_HASH FREE_TEXT
       {

test/test-cases/regression/operator-inpectFile.json

@@ -0,0 +1,116 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile (1/3)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=0",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Rule returned 0."
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS:res \"@inspectFile /bin/echo\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile (2/3)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=1",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Rule returned 1."
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS:res \"@inspectFile /bin/echo\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile (2/3)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=whee",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Rule returned 0."
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS:res \"@inspectFile /bin/echo\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  }
+]