From 254b29265efc0f9d1168a6fbd72d9ed3ca8248a1 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 9 Sep 2015 18:31:37 -0300 Subject: [PATCH] Adds action expirevar to the parser and fix the line counting --- src/parser/seclang-parser.yy | 5 +++++ src/parser/seclang-scanner.ll | 29 ++++++++++++++++++++++------- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 34593ff3..cec26e91 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -225,6 +225,7 @@ using ModSecurity::Variables::Variable; %token ACTION_AUDIT_LOG %token ACTION_SEVERITY %token ACTION_SETVAR +%token ACTION_EXPIREVAR %token ACTION_MSG %token ACTION_TAG %token ACTION_REV @@ -703,6 +704,10 @@ act: { $$ = new Severity($1); } + | ACTION_EXPIREVAR + { + $$ = Action::instantiate($1); + } | ACTION_SETVAR { std::string error; diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 7f86d86b..f0445d88 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -31,6 +31,7 @@ ACTION_AUDIT_LOG (?i:auditlog) ACTION_SEVERITY (?i:severity) ACTION_SEVERITY_VALUE (?i:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|[0-9]+) ACTION_SETVAR (?i:setvar) +ACTION_EXPIREVAR (?i:expirevar) ACTION_MSG (?i:msg) ACTION_TAG (?i:tag) ACTION_REV (?i:rev) @@ -100,7 +101,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida TRANSFORMATION t:(sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|length) -VARIABLE (?i:UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO|REQBODY_PROCESSOR) +VARIABLE (?i:UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO|REQBODY_PROCESSOR|IP) RUN_TIME_VAR_DUR (?i:DURATION) RUN_TIME_VAR_ENV (?i:ENV) RUN_TIME_VAR_BLD (?i:MODSEC_BUILD) @@ -270,6 +271,20 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) {ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}' { return yy::seclang_parser::make_ACTION_SEVERITY(std::string(yytext, 10, yyleng - 11), *driver.loc.back()); } +{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' { + return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back()); + } +{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}' { + return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back()); + } +{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} { + return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back()); + } +{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE_COMMA} { + return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back()); + } + + {ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back()); } @@ -300,15 +315,15 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) { [ \t]+ { return yy::seclang_parser::make_SPACE(*driver.loc.back()); } -[ \t]*\\\n[ \t]* { return yy::seclang_parser::make_SPACE(*driver.loc.back()); } -[ \t]*\\\r\n[ \t]* { return yy::seclang_parser::make_SPACE(*driver.loc.back()); } +[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); return yy::seclang_parser::make_SPACE(*driver.loc.back()); } +[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); return yy::seclang_parser::make_SPACE(*driver.loc.back()); } } { -.*[ \t]*\\\n[ \t]* { driver.loc.back()->step(); } -.*[ \t]*\\\r\n[ \t]* { driver.loc.back()->step(); } -.*[^\\] { BEGIN(INITIAL); driver.loc.back()->step(); } -.*[^\\] { BEGIN(INITIAL); driver.loc.back()->step(); } +.*[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } +.*[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } +.*[^\\] { BEGIN(INITIAL); driver.loc.back()->lines(1); driver.loc.back()->step(); } +.*[^\\] { BEGIN(INITIAL); driver.loc.back()->lines(1); driver.loc.back()->step(); } } [\n]+ { driver.loc.back()->lines(yyleng); driver.loc.back()->step(); }