From 1c21d1aeba4b91a88c6481e27437d679d859c0b8 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Wed, 26 Oct 2016 10:59:24 -0300
Subject: [PATCH] Adds support to action CtlRuleRemoveById

---
 headers/modsecurity/transaction.h    |  5 +++
 src/Makefile.am                      |  1 +
 src/actions/ctl_rule_remove_by_id.cc | 46 ++++++++++++++++++++++++++++
 src/actions/ctl_rule_remove_by_id.h  | 43 ++++++++++++++++++++++++++
 src/parser/seclang-parser.yy         | 11 +++++++
 src/parser/seclang-scanner.ll        |  2 ++
 src/rule.cc                          |  9 ++++++
 7 files changed, 117 insertions(+)
 create mode 100644 src/actions/ctl_rule_remove_by_id.cc
 create mode 100644 src/actions/ctl_rule_remove_by_id.h

diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
index ae3ae619..63187997 100644
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -268,6 +268,11 @@ class Transaction {
      */
     Rules *m_rules;
 
+    /**
+     *
+     */
+    std::list<int > m_ruleRemoveById;
+
     /**
      *
      */
diff --git a/src/Makefile.am b/src/Makefile.am
index 10546ba1..870b8dee 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -105,6 +105,7 @@ ACTIONS = \
 	actions/ctl_request_body_processor_xml.cc \
 	actions/ctl_rule_remove_target_by_tag.cc \
 	actions/ctl_rule_remove_target_by_id.cc \
+	actions/ctl_rule_remove_by_id.cc \
 	actions/init_col.cc \
 	actions/deny.cc \
 	actions/log.cc \
diff --git a/src/actions/ctl_rule_remove_by_id.cc b/src/actions/ctl_rule_remove_by_id.cc
new file mode 100644
index 00000000..2aae590d
--- /dev/null
+++ b/src/actions/ctl_rule_remove_by_id.cc
@@ -0,0 +1,46 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/ctl_rule_remove_by_id.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+
+bool CtlRuleRemoveById::init(std::string *error) {
+    std::string what(m_parser_payload, 15, m_parser_payload.size() - 15);
+
+    try {
+        m_id = std::stoi(what);
+    } catch(...) {
+        error->assign("Not able to convert '" + what +
+            "' into a number");
+        return false;
+    }
+
+    return true;
+}
+
+bool CtlRuleRemoveById::evaluate(Rule *rule, Transaction *transaction) {
+    transaction->m_ruleRemoveById.push_back(m_id);
+    return true;
+}
+
+}  // namespace actions
+}  // namespace modsecurity
diff --git a/src/actions/ctl_rule_remove_by_id.h b/src/actions/ctl_rule_remove_by_id.h
new file mode 100644
index 00000000..dffcbd92
--- /dev/null
+++ b/src/actions/ctl_rule_remove_by_id.h
@@ -0,0 +1,43 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/transaction.h"
+#include "utils.h"
+
+#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_
+#define SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_
+
+namespace modsecurity {
+namespace actions {
+
+
+class CtlRuleRemoveById : public Action {
+ public:
+    explicit CtlRuleRemoveById(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind) { }
+
+    bool init(std::string *error) override;
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+
+    int m_id;
+};
+
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
index 5a5570ee..57c846e3 100644
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -28,6 +28,7 @@ class Driver;
 #include "actions/ctl_request_body_processor_xml.h"
 #include "actions/ctl_rule_remove_target_by_tag.h"
 #include "actions/ctl_rule_remove_target_by_id.h"
+#include "actions/ctl_rule_remove_by_id.h"
 #include "actions/init_col.h"
 #include "actions/set_sid.h"
 #include "actions/set_uid.h"
@@ -302,6 +303,7 @@ using modsecurity::Variables::XML;
 %token <std::string> CONFIG_SEC_COLLECTION_TIMEOUT
 %token <std::string> ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG
 %token <std::string> ACTION_CTL_RULE_REMOVE_TARGET_BY_ID
+%token <std::string> ACTION_CTL_RULE_REMOVE_BY_ID
 
 %type <std::vector<Action *> *> actions
 %type <std::vector<Variable *> *> variables
@@ -1232,6 +1234,15 @@ act:
             YYERROR;
         }
       }
+    | ACTION_CTL_RULE_REMOVE_BY_ID
+      {
+        std::string error;
+        $$ = new modsecurity::actions::CtlRuleRemoveById($1);
+        if ($$->init(&error) == false) {
+            driver.error(@0, error);
+            YYERROR;
+        }
+      }
     | ACTION_CTL_AUDIT_LOG_PARTS
       {
         std::string error;
diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll
index 33cf85da..dd9e063e 100755
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -79,6 +79,7 @@ CONFIG_DIR_RES_BODY_LIMIT_ACTION (?i:SecResponseBodyLimitAction)
 
 ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG (?i:ctl:ruleRemoveTargetByTag)
 ACTION_CTL_RULE_REMOVE_TARGET_BY_ID (?i:ctl:ruleRemoveTargetById)
+ACTION_CTL_RULE_REMOVE_BY_ID (?i:ctl:ruleRemoveById)
 
 CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
 
@@ -239,6 +240,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 {CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]{FREE_TEXT_NEW_LINE}      { return yy::seclang_parser::make_CONFIG_SEC_RULE_REMOVE_BY_ID(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG}[=]{CONFIG_VALUE_PATH2}      { return yy::seclang_parser::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG(yytext, *driver.loc.back()); }
 {ACTION_CTL_RULE_REMOVE_TARGET_BY_ID}[=]{CONFIG_VALUE_PATH2}      { return yy::seclang_parser::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_ID(yytext, *driver.loc.back()); }
+{ACTION_CTL_RULE_REMOVE_BY_ID}[=]{CONFIG_VALUE_PATH2}      { return yy::seclang_parser::make_ACTION_CTL_RULE_REMOVE_BY_ID(yytext, *driver.loc.back()); }
 
 %{ /* Upload */ %}
 {CONFIG_UPLOAD_FILE_LIMIT}[ ]{CONFIG_VALUE_NUMBER}  { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
diff --git a/src/rule.cc b/src/rule.cc
index c97f115f..71f5479d 100644
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -285,6 +285,15 @@ bool Rule::evaluate(Transaction *trasn) {
         return evaluateActions(trasn);
     }
 
+    for (auto &i : trasn->m_ruleRemoveById) {
+        if (rule_id != i) {
+            continue;
+        }
+        trasn->debug(9, "Rule id: " + std::to_string(rule_id) +
+            " was skipped due to an ruleRemoveById action...");
+        return true;
+    }
+
     ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
 
 #ifndef NO_LOGS