From 2d56aa521b47ecc8551621b246991a0d1674a479 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 19 Aug 2015 22:33:48 -0300 Subject: [PATCH] Cosmetics: fix actions on yy file - added action for: ctl:requestBodyProcessor=XML ctl:requestBodyProcessor=JSON - added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT --- headers/modsecurity/rules_properties.h | 3 + src/parser/driver.cc | 4 +- src/parser/seclang-parser.yy | 216 +++++++------------------ src/parser/seclang-scanner.ll | 11 +- 4 files changed, 69 insertions(+), 165 deletions(-) diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index ba438b66..eaf88dd7 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -45,6 +45,7 @@ class RulesProperties { customDebugLog(NULL), remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction), requestBodyLimit(0), + requestBodyNoFilesLimit(0), secRequestBodyAccess(false), secResponseBodyAccess(false), requestBodyLimitAction(ProcessPartialBodyLimitAction), @@ -62,6 +63,7 @@ class RulesProperties { debugLevel(0), requestBodyLimit(0), requestBodyLimitAction(ProcessPartialBodyLimitAction), + requestBodyNoFilesLimit(0), responseBodyLimit(0), responseBodyLimitAction(ProcessPartialBodyLimitAction), secRuleEngine(DetectionOnlyRuleEngine) { } @@ -156,6 +158,7 @@ class RulesProperties { RuleEngine secRuleEngine; + double requestBodyNoFilesLimit; double requestBodyLimit; double responseBodyLimit; BodyLimitAction requestBodyLimitAction; diff --git a/src/parser/driver.cc b/src/parser/driver.cc index dfc5cfd6..91c235c0 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -25,8 +25,8 @@ namespace ModSecurity { namespace Parser { Driver::Driver() - : trace_scanning(false), - trace_parsing(false) { + : trace_scanning(true), + trace_parsing(true) { audit_log = new AuditLog(); } diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 17eca139..0000a0ec 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -129,6 +129,7 @@ using ModSecurity::Variables::Variable; %token QUOTATION_MARK %token DIRECTIVE %token CONFIG_DIR_REQ_BODY_LIMIT +%token CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT %token CONFIG_DIR_RES_BODY_LIMIT %token CONFIG_DIR_REQ_BODY_LIMIT_ACTION %token CONFIG_DIR_RES_BODY_LIMIT_ACTION @@ -190,11 +191,13 @@ using ModSecurity::Variables::Variable; %token ACTION_TAG %token ACTION_REV %token TRANSFORMATION +%token ACTION_CTL_BDY_XML +%token ACTION_CTL_BDY_JSON %type *> actions %type *> variables %type var - +%type act %printer { yyoutput << $$; } <*>; %% @@ -364,6 +367,10 @@ expression: { driver.requestBodyLimit = atoi($1.c_str()); } + | CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT + { + driver.requestBodyNoFilesLimit = atoi($1.c_str()); + } | CONFIG_DIR_RES_BODY_LIMIT { driver.responseBodyLimit = atoi($1.c_str()); @@ -538,116 +545,21 @@ var: } ; -actions: - actions COMMA SPACE ACTION +act: + ACTION { - std::vector *a = $1; - a->push_back(Action::instantiate($4)); - $$ = $1; - } - - | actions COMMA ACTION - { - std::vector *a = $1; - a->push_back(Action::instantiate($3)); - $$ = $1; - } - | SPACE ACTION - { - std::vector *actions = new std::vector; - actions->push_back(Action::instantiate($2)); - $$ = actions; - - } - | ACTION - { - std::vector *actions = new std::vector; - actions->push_back(Action::instantiate($1)); - $$ = actions; - } - | actions COMMA SPACE TRANSFORMATION - { - std::vector *a = $1; - a->push_back(Transformation::instantiate($4)); - $$ = $1; - } - - | actions COMMA TRANSFORMATION - { - std::vector *a = $1; - a->push_back(Transformation::instantiate($3)); - $$ = $1; - } - | SPACE TRANSFORMATION - { - std::vector *actions = new std::vector; - actions->push_back(Transformation::instantiate($2)); - $$ = actions; - - } - | TRANSFORMATION - { - std::vector *actions = new std::vector; - actions->push_back(Transformation::instantiate($1)); - $$ = actions; - } - | actions COMMA SPACE ACTION_SEVERITY - { - std::vector *a = $1; - a->push_back(Action::instantiate($4)); - $$ = $1; - } - | actions COMMA ACTION_SEVERITY - { - std::vector *a = $1; - a->push_back(Action::instantiate($3)); - $$ = $1; - } - | SPACE ACTION_SEVERITY - { - std::vector *actions = new std::vector; - actions->push_back(Action::instantiate($2)); - $$ = actions; - + $$ = Action::instantiate($1); } | ACTION_SEVERITY { - std::vector *actions = new std::vector; - actions->push_back(Action::instantiate($1)); - $$ = actions; + $$ = Action::instantiate($1); } - | actions COMMA ACTION_SETVAR + | TRANSFORMATION { - std::vector *a = $1; - std::string error; - SetVar *setVar = new SetVar($3); - - if (setVar->init(&error) == false) { - driver.parserError << error; - YYERROR; - } - - a->push_back(setVar); - $$ = $1; - } - | SPACE ACTION_SETVAR - { - std::vector *actions = new std::vector; - std::string error; - SetVar *setVar = new SetVar($2); - - if (setVar->init(&error) == false) { - driver.parserError << error; - YYERROR; - } - - actions->push_back(setVar); - $$ = actions; - + $$ = Transformation::instantiate($1); } | ACTION_SETVAR { - std::vector *actions = new std::vector; std::string error; SetVar *setVar = new SetVar($1); @@ -656,74 +568,56 @@ actions: YYERROR; } - actions->push_back(setVar); - $$ = actions; - } - | actions COMMA ACTION_MSG - { - std::vector *a = $1; - Msg *msg = new Msg($3); - a->push_back(msg); - $$ = $1; - } - | SPACE ACTION_MSG - { - std::vector *actions = new std::vector; - Msg *msg = new Msg($2); - actions->push_back(msg); - $$ = actions; - + $$ = setVar; } | ACTION_MSG { - std::vector *actions = new std::vector; - Msg *msg = new Msg($1); - actions->push_back(msg); - $$ = actions; - } - | actions COMMA ACTION_TAG - { - std::vector *a = $1; - Tag *tag = new Tag($3); - a->push_back(tag); - $$ = $1; - } - | SPACE ACTION_TAG - { - std::vector *actions = new std::vector; - Tag *tag = new Tag($2); - actions->push_back(tag); - $$ = actions; - + $$ = new Msg($1); } | ACTION_TAG { - std::vector *actions = new std::vector; - Tag *tag = new Tag($1); - actions->push_back(tag); - $$ = actions; - } - | actions COMMA ACTION_REV - { - std::vector *a = $1; - Rev *rev = new Rev($3); - a->push_back(rev); - $$ = $1; - } - | SPACE ACTION_REV - { - std::vector *actions = new std::vector; - Rev *rev = new Rev($2); - actions->push_back(rev); - $$ = actions; - + $$ = new Tag($1); } | ACTION_REV { - std::vector *actions = new std::vector; - Rev *rev = new Rev($1); - actions->push_back(rev); - $$ = actions; + $$ = new Rev($1); + } + | ACTION_CTL_BDY_XML + { + /* not ready yet. */ + $$ = Action::instantiate($1); + } + | ACTION_CTL_BDY_JSON + { + /* not ready yet. */ + $$ = Action::instantiate($1); + } + ; + +actions: + actions COMMA SPACE act + { + std::vector *a = $1; + a->push_back($4); + $$ = $1; + } + | actions COMMA act + { + std::vector *a = $1; + a->push_back($3); + $$ = $1; + } + | SPACE act + { + std::vector *a = new std::vector; + a->push_back($2); + $$ = a; + } + | act + { + std::vector *a = new std::vector; + a->push_back($1); + $$ = a; } ; diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index f2f725f4..73defb9d 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -23,16 +23,19 @@ using ModSecurity::split; %} %option noyywrap nounput batch debug noinput -ACTION (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns) +ACTION (?i:accuracy|allow|append|auditlog|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns) ACTION_SEVERITY (?i:severity:[0-9]+|severity:'[0-9]+'|severity:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|severity:'(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)') ACTION_SETVAR (?i:setvar) ACTION_MSG (?i:msg) ACTION_TAG (?i:tag) ACTION_REV (?i:rev) +ACTION_CTL_BDY_XML ctl:requestBodyProcessor=XML +ACTION_CTL_BDY_JSON ctl:requestBodyProcessor=JSON DIRECTIVE SecRule -CONFIG_DIRECTIVE SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine +CONFIG_DIRECTIVE SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine +CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT (?i:SecRequestBodyNoFilesLimit) CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit) CONFIG_DIR_RES_BODY_LIMIT (?i:SecResponseBodyLimit) CONFIG_DIR_REQ_BODY_LIMIT_ACTION (?i:SecRequestBodyLimitAction) @@ -175,6 +178,7 @@ FREE_TEXT_NEW_LINE [^\"|\n]+ %{ /* Request body limit */ %} {CONFIG_DIR_REQ_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } +{CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_REQ_BODY_LIMIT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); } %{ /* Reponse body limit */ %} {CONFIG_DIR_RES_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } @@ -211,6 +215,9 @@ FREE_TEXT_NEW_LINE [^\"|\n]+ {ACTION_MSG}:'{FREE_TEXT}' { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); } {ACTION_TAG}:'{FREE_TEXT}' { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); } {ACTION_REV}:'{FREE_TEXT}' { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); } +{ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); } +{ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); } + ["] { return yy::seclang_parser::make_QUOTATION_MARK(yytext, *driver.loc.back()); } [,] { return yy::seclang_parser::make_COMMA(*driver.loc.back()); }