github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds SecComponentSignature configuration directive

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-07-09 17:13:04 -03:00
parent 4aa521df65
commit 1ddb36a781
6 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
headers/modsecurity/rules.h
View File

@ -18,6 +18,7 @@
#include <iostream> #include <iostream>
#include <string> #include <string>
#include <vector> #include <vector>
#include <list>
#endif #endif
@ -121,6 +122,7 @@ class Rules {
int debug_level; int debug_level;
DebugLog *debug_log; DebugLog *debug_log;
void debug(int level, std::string message); void debug(int level, std::string message);
std::list<std::string> components;
AuditLog *audit_log; AuditLog *audit_log;

2
src/parser/driver.h
View File

@ -18,6 +18,7 @@
#include <map> #include <map>
#include <stack> #include <stack>
#include <vector> #include <vector>
#include <list>
#endif #endif
#ifndef SRC_PARSER_DRIVER_H_ #ifndef SRC_PARSER_DRIVER_H_
@ -88,6 +89,7 @@ class Driver {
bool sec_response_body_access; bool sec_response_body_access;
std::string debug_log_path; std::string debug_log_path;
std::list<std::string> components;
ModSecurity::AuditLog *audit_log; ModSecurity::AuditLog *audit_log;

6
src/parser/seclang-parser.yy
View File

@ -74,6 +74,8 @@ using ModSecurity::Rule;
%token <std::string> CONFIG_DIR_AUDIT_STS %token <std::string> CONFIG_DIR_AUDIT_STS
%token <std::string> CONFIG_DIR_AUDIT_TPE %token <std::string> CONFIG_DIR_AUDIT_TPE
%token <std::string> CONFIG_COMPONENT_SIG
%token <std::string> CONFIG_DIR_DEBUG_LOG %token <std::string> CONFIG_DIR_DEBUG_LOG
%token <std::string> CONFIG_DIR_DEBUG_LVL %token <std::string> CONFIG_DIR_DEBUG_LVL
@ -212,6 +214,10 @@ expression:
{ {
driver.sec_request_body_access = false; driver.sec_request_body_access = false;
} }
| CONFIG_COMPONENT_SIG
{
driver.components.push_back($1);
}
/* Debug log: start */ /* Debug log: start */
| CONFIG_DIR_DEBUG_LVL | CONFIG_DIR_DEBUG_LVL
{ {

2
src/parser/seclang-scanner.ll
View File

@ -43,6 +43,7 @@ CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType)
CONFIG_DIR_DEBUG_LOG SecDebugLog CONFIG_DIR_DEBUG_LOG SecDebugLog
CONFIG_DIR_DEBUG_LVL SecDebugLogLevel CONFIG_DIR_DEBUG_LVL SecDebugLogLevel
CONFIG_COMPONENT_SIG (?i:SecComponentSignature)
CONFIG_INCLUDE Include CONFIG_INCLUDE Include
DICT_ELEMENT [A-Za-z_]+ DICT_ELEMENT [A-Za-z_]+
@ -105,6 +106,7 @@ FREE_TEXT [^\"]+
{CONFIG_DIR_DEBUG_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LOG(strchr(yytext, ' ') + 1, loc); } {CONFIG_DIR_DEBUG_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LOG(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_DEBUG_LVL}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LVL(strchr(yytext, ' ') + 1, loc); } {CONFIG_DIR_DEBUG_LVL}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LVL(strchr(yytext, ' ') + 1, loc); }
{CONFIG_COMPONENT_SIG}[ ]["]{FREE_TEXT}["] { return yy::seclang_parser::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, loc); }
{CONFIG_VALUE_ON} { return yy::seclang_parser::make_CONFIG_VALUE_ON(yytext, loc); } {CONFIG_VALUE_ON} { return yy::seclang_parser::make_CONFIG_VALUE_ON(yytext, loc); }
{CONFIG_VALUE_OFF} { return yy::seclang_parser::make_CONFIG_VALUE_OFF(yytext, loc); } {CONFIG_VALUE_OFF} { return yy::seclang_parser::make_CONFIG_VALUE_OFF(yytext, loc); }

2
src/rules.cc
View File

@ -161,6 +161,7 @@ int Rules::merge(Driver *from) {
this->sec_response_body_access = from->sec_response_body_access; this->sec_response_body_access = from->sec_response_body_access;
this->debug_log_path = from->debug_log_path; this->debug_log_path = from->debug_log_path;
this->debug_level = from->debug_level; this->debug_level = from->debug_level;
this->components = from->components;
if (m_custom_debug_log) { if (m_custom_debug_log) {
this->debug_log = m_custom_debug_log->new_instance(); this->debug_log = m_custom_debug_log->new_instance();
@ -194,6 +195,7 @@ int Rules::merge(Rules *from) {
this->sec_audit_engine = from->sec_audit_engine; this->sec_audit_engine = from->sec_audit_engine;
this->sec_request_body_access = from->sec_request_body_access; this->sec_request_body_access = from->sec_request_body_access;
this->sec_response_body_access = from->sec_response_body_access; this->sec_response_body_access = from->sec_response_body_access;
this->components = from->components;
this->debug_log = from->debug_log; this->debug_log = from->debug_log;

55
test/test-cases/regression/sec_component_signature.json Normal file
View File

@ -0,0 +1,55 @@
[
{
"enabled":1,
"version_min":300000,
"version_max":0,
"title":"SecComponentSignature",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"protocol": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected":{
"audit_log":"",
"debug_log":".*",
"error_log":"",
"http_code": 403
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecComponentSignature \"OWASP_CRS/2.2.9\"",
"SecRule ARGS \"@contains test\" \"t:trim,block,auditlog\""
]
}
]