github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Cosmetics: fix actions on yy file

Browse Source 
- added action for:
  ctl:requestBodyProcessor=XML
  ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
This commit is contained in:
Felipe Zimmerle 2015-08-19 22:33:48 -03:00
parent a230a4ff3c
commit 2d56aa521b
4 changed files with 69 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
headers/modsecurity/rules_properties.h
View File

@ -45,6 +45,7 @@ class RulesProperties {
customDebugLog(NULL),
remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction),
requestBodyLimit(0),
requestBodyNoFilesLimit(0),
secRequestBodyAccess(false),
secResponseBodyAccess(false),
requestBodyLimitAction(ProcessPartialBodyLimitAction),
@ -62,6 +63,7 @@ class RulesProperties {
debugLevel(0),
requestBodyLimit(0),
requestBodyLimitAction(ProcessPartialBodyLimitAction),
requestBodyNoFilesLimit(0),
responseBodyLimit(0),
responseBodyLimitAction(ProcessPartialBodyLimitAction),
secRuleEngine(DetectionOnlyRuleEngine) { }
@ -156,6 +158,7 @@ class RulesProperties {
RuleEngine secRuleEngine;
double requestBodyNoFilesLimit;
double requestBodyLimit;
double responseBodyLimit;
BodyLimitAction requestBodyLimitAction;

4
src/parser/driver.cc
View File

@ -25,8 +25,8 @@ namespace ModSecurity {
namespace Parser {
Driver::Driver()
: trace_scanning(false),
trace_parsing(false) {
: trace_scanning(true),
trace_parsing(true) {
audit_log = new AuditLog();
}

216
src/parser/seclang-parser.yy
View File

@ -129,6 +129,7 @@ using ModSecurity::Variables::Variable;
%token <std::string> QUOTATION_MARK
%token <std::string> DIRECTIVE
%token <std::string> CONFIG_DIR_REQ_BODY_LIMIT
%token <std::string> CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
%token <std::string> CONFIG_DIR_RES_BODY_LIMIT
%token <std::string> CONFIG_DIR_REQ_BODY_LIMIT_ACTION
%token <std::string> CONFIG_DIR_RES_BODY_LIMIT_ACTION
@ -190,11 +191,13 @@ using ModSecurity::Variables::Variable;
%token <std::string> ACTION_TAG
%token <std::string> ACTION_REV
%token <std::string> TRANSFORMATION
%token <std::string> ACTION_CTL_BDY_XML
%token <std::string> ACTION_CTL_BDY_JSON
%type <std::vector<Action *> *> actions
%type <std::vector<Variable *> *> variables
%type <Variable *> var
%type <Action *> act
%printer { yyoutput << $$; } <*>;
%%
@ -364,6 +367,10 @@ expression:
{
driver.requestBodyLimit = atoi($1.c_str());
}
| CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
{
driver.requestBodyNoFilesLimit = atoi($1.c_str());
}
| CONFIG_DIR_RES_BODY_LIMIT
{
driver.responseBodyLimit = atoi($1.c_str());
@ -538,116 +545,21 @@ var:
}
;
actions:
actions COMMA SPACE ACTION
act:
ACTION
{
std::vector<Action *> *a = $1;
a->push_back(Action::instantiate($4));
$$ = $1;
}
| actions COMMA ACTION
{
std::vector<Action *> *a = $1;
a->push_back(Action::instantiate($3));
$$ = $1;
}
| SPACE ACTION
{
std::vector<Action *> *actions = new std::vector<Action *>;
actions->push_back(Action::instantiate($2));
$$ = actions;
}
| ACTION
{
std::vector<Action *> *actions = new std::vector<Action *>;
actions->push_back(Action::instantiate($1));
$$ = actions;
}
| actions COMMA SPACE TRANSFORMATION
{
std::vector<Action *> *a = $1;
a->push_back(Transformation::instantiate($4));
$$ = $1;
}
| actions COMMA TRANSFORMATION
{
std::vector<Action *> *a = $1;
a->push_back(Transformation::instantiate($3));
$$ = $1;
}
| SPACE TRANSFORMATION
{
std::vector<Action *> *actions = new std::vector<Action *>;
actions->push_back(Transformation::instantiate($2));
$$ = actions;
}
| TRANSFORMATION
{
std::vector<Action *> *actions = new std::vector<Action *>;
actions->push_back(Transformation::instantiate($1));
$$ = actions;
}
| actions COMMA SPACE ACTION_SEVERITY
{
std::vector<Action *> *a = $1;
a->push_back(Action::instantiate($4));
$$ = $1;
}
| actions COMMA ACTION_SEVERITY
{
std::vector<Action *> *a = $1;
a->push_back(Action::instantiate($3));
$$ = $1;
}
| SPACE ACTION_SEVERITY
{
std::vector<Action *> *actions = new std::vector<Action *>;
actions->push_back(Action::instantiate($2));
$$ = actions;
$$ = Action::instantiate($1);
}
| ACTION_SEVERITY
{
std::vector<Action *> *actions = new std::vector<Action *>;
actions->push_back(Action::instantiate($1));
$$ = actions;
$$ = Action::instantiate($1);
}
| actions COMMA ACTION_SETVAR
| TRANSFORMATION
{
std::vector<Action *> *a = $1;
std::string error;
SetVar *setVar = new SetVar($3);
if (setVar->init(&error) == false) {
driver.parserError << error;
YYERROR;
}
a->push_back(setVar);
$$ = $1;
}
| SPACE ACTION_SETVAR
{
std::vector<Action *> *actions = new std::vector<Action *>;
std::string error;
SetVar *setVar = new SetVar($2);
if (setVar->init(&error) == false) {
driver.parserError << error;
YYERROR;
}
actions->push_back(setVar);
$$ = actions;
$$ = Transformation::instantiate($1);
}
| ACTION_SETVAR
{
std::vector<Action *> *actions = new std::vector<Action *>;
std::string error;
SetVar *setVar = new SetVar($1);
@ -656,74 +568,56 @@ actions:
YYERROR;
}
actions->push_back(setVar);
$$ = actions;
}
| actions COMMA ACTION_MSG
{
std::vector<Action *> *a = $1;
Msg *msg = new Msg($3);
a->push_back(msg);
$$ = $1;
}
| SPACE ACTION_MSG
{
std::vector<Action *> *actions = new std::vector<Action *>;
Msg *msg = new Msg($2);
actions->push_back(msg);
$$ = actions;
$$ = setVar;
}
| ACTION_MSG
{
std::vector<Action *> *actions = new std::vector<Action *>;
Msg *msg = new Msg($1);
actions->push_back(msg);
$$ = actions;
}
| actions COMMA ACTION_TAG
{
std::vector<Action *> *a = $1;
Tag *tag = new Tag($3);
a->push_back(tag);
$$ = $1;
}
| SPACE ACTION_TAG
{
std::vector<Action *> *actions = new std::vector<Action *>;
Tag *tag = new Tag($2);
actions->push_back(tag);
$$ = actions;
$$ = new Msg($1);
}
| ACTION_TAG
{
std::vector<Action *> *actions = new std::vector<Action *>;
Tag *tag = new Tag($1);
actions->push_back(tag);
$$ = actions;
}
| actions COMMA ACTION_REV
{
std::vector<Action *> *a = $1;
Rev *rev = new Rev($3);
a->push_back(rev);
$$ = $1;
}
| SPACE ACTION_REV
{
std::vector<Action *> *actions = new std::vector<Action *>;
Rev *rev = new Rev($2);
actions->push_back(rev);
$$ = actions;
$$ = new Tag($1);
}
| ACTION_REV
{
std::vector<Action *> *actions = new std::vector<Action *>;
Rev *rev = new Rev($1);
actions->push_back(rev);
$$ = actions;
$$ = new Rev($1);
}
| ACTION_CTL_BDY_XML
{
/* not ready yet. */
$$ = Action::instantiate($1);
}
| ACTION_CTL_BDY_JSON
{
/* not ready yet. */
$$ = Action::instantiate($1);
}
;
actions:
actions COMMA SPACE act
{
std::vector<Action *> *a = $1;
a->push_back($4);
$$ = $1;
}
| actions COMMA act
{
std::vector<Action *> *a = $1;
a->push_back($3);
$$ = $1;
}
| SPACE act
{
std::vector<Action *> *a = new std::vector<Action *>;
a->push_back($2);
$$ = a;
}
| act
{
std::vector<Action *> *a = new std::vector<Action *>;
a->push_back($1);
$$ = a;
}
;

11
src/parser/seclang-scanner.ll
View File

@ -23,16 +23,19 @@ using ModSecurity::split;
%}
%option noyywrap nounput batch debug noinput
ACTION (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
ACTION (?i:accuracy|allow|append|auditlog|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
ACTION_SEVERITY (?i:severity:[0-9]+|severity:'[0-9]+'|severity:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|severity:'(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)')
ACTION_SETVAR (?i:setvar)
ACTION_MSG (?i:msg)
ACTION_TAG (?i:tag)
ACTION_REV (?i:rev)
ACTION_CTL_BDY_XML ctl:requestBodyProcessor=XML
ACTION_CTL_BDY_JSON ctl:requestBodyProcessor=JSON
DIRECTIVE SecRule
CONFIG_DIRECTIVE SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
CONFIG_DIRECTIVE SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT (?i:SecRequestBodyNoFilesLimit)
CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit)
CONFIG_DIR_RES_BODY_LIMIT (?i:SecResponseBodyLimit)
CONFIG_DIR_REQ_BODY_LIMIT_ACTION (?i:SecRequestBodyLimitAction)
@ -175,6 +178,7 @@ FREE_TEXT_NEW_LINE [^\"|\n]+
%{ /* Request body limit */ %}
{CONFIG_DIR_REQ_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); }
%{ /* Reponse body limit */ %}
{CONFIG_DIR_RES_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
@ -211,6 +215,9 @@ FREE_TEXT_NEW_LINE [^\"|\n]+
{ACTION_MSG}:'{FREE_TEXT}' { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_TAG}:'{FREE_TEXT}' { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REV}:'{FREE_TEXT}' { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); }
{ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); }
["] { return yy::seclang_parser::make_QUOTATION_MARK(yytext, *driver.loc.back()); }
[,] { return yy::seclang_parser::make_COMMA(*driver.loc.back()); }