github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Parser: Pipes are no longer welcomed inside regex dict element selection.

Browse Source 
Issue #1591
This commit is contained in:
Felipe Zimmerle 2017-10-17 11:46:14 -03:00
parent 1518c43d61
commit 30797a458b
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
5 changed files with 2371 additions and 2279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -2,6 +2,8 @@
v3.0.????? - ? v3.0.????? - ?
--------------------------- ---------------------------
- Parser: Pipes are no longer welcomed inside regex dict element selection.
[Issue #1591 - @zimmerle, @slabber]
- Avoids unicode initialization on every rules object - Avoids unicode initialization on every rules object
[Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias, [Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias,
@intelbg] @intelbg]

1
Makefile.am
View File

@ -104,6 +104,7 @@ TESTS+=test/test-cases/regression/operator-rx.json
TESTS+=test/test-cases/regression/variable-ARGS.json TESTS+=test/test-cases/regression/variable-ARGS.json
TESTS+=test/test-cases/regression/issue-394.json TESTS+=test/test-cases/regression/issue-394.json
TESTS+=test/test-cases/regression/issue-1565.json TESTS+=test/test-cases/regression/issue-1565.json
TESTS+=test/test-cases/regression/issue-1591.json
TESTS+=test/test-cases/regression/variable-TIME_MON.json TESTS+=test/test-cases/regression/variable-TIME_MON.json
TESTS+=test/test-cases/regression/misc.json TESTS+=test/test-cases/regression/misc.json
TESTS+=test/test-cases/regression/collection-regular_expression_selection.json TESTS+=test/test-cases/regression/collection-regular_expression_selection.json

4546
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

20
src/parser/seclang-scanner.ll
View File

@ -327,7 +327,7 @@ CONGIG_DIR_SEC_STATUS_ENGINE (?i:SecStatusEngine)
CONGIG_DIR_SEC_TMP_DIR (?i:SecTmpDir) CONGIG_DIR_SEC_TMP_DIR (?i:SecTmpDir)
DICT_ELEMENT ([^\"|,\n \t]|([^\\]\\\"))+ DICT_ELEMENT ([^\"|,\n \t]|([^\\]\\\"))+
DICT_ELEMENT_WITH_PIPE [^ \t"]+ DICT_ELEMENT_WITH_PIPE [^ \t"]+
DICT_ELEMENT_NO_PIPE [^ \|\t"]+
DICT_ELEMENT_TWO [^\"\=, \t\r\n\\]* DICT_ELEMENT_TWO [^\"\=, \t\r\n\\]*
DICT_ELEMENT_TWO_QUOTED [^\"\'\=\r\n\\]* DICT_ELEMENT_TWO_QUOTED [^\"\'\=\r\n\\]*
@ -844,17 +844,17 @@ EQUALS_MINUS (?i:=\-)
<EXPECTING_VAR_PARAMETER>{ <EXPECTING_VAR_PARAMETER>{
[\/]{DICT_ELEMENT_WITH_PIPE}[\/][ ] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); } [\/]{DICT_ELEMENT_NO_PIPE}[\/][ ] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
[\/]{DICT_ELEMENT_WITH_PIPE}[\/][|] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); } [\/]{DICT_ELEMENT_NO_PIPE}[\/][|] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
['][\/]{DICT_ELEMENT_WITH_PIPE}[\/]['] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 0); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); } ['][\/]{DICT_ELEMENT_NO_PIPE}[\/]['] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 0); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
['][\/]{DICT_ELEMENT_WITH_PIPE}[\/]['][|] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); } ['][\/]{DICT_ELEMENT_NO_PIPE}[\/]['][|] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
{DICT_ELEMENT} { BEGIN(EXPECTING_VARIABLE); return p::make_DICT_ELEMENT(yytext, *driver.loc.back()); } {DICT_ELEMENT} { BEGIN(EXPECTING_VARIABLE); return p::make_DICT_ELEMENT(yytext, *driver.loc.back()); }
[\/]{DICT_ELEMENT_WITH_PIPE}[\/][,] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); } [\/]{DICT_ELEMENT_NO_PIPE}[\/][,] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
['][\/]{DICT_ELEMENT_WITH_PIPE}[\/]['][,] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); } ['][\/]{DICT_ELEMENT_NO_PIPE}[\/]['][,] { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
. { BEGIN(LEXING_ERROR_ACTION); yyless(0); } . { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
["] { return p::make_QUOTATION_MARK(yytext, *driver.loc.back()); } ["] { return p::make_QUOTATION_MARK(yytext, *driver.loc.back()); }
} }

81
test/test-cases/regression/issue-1591.json Normal file
View File

@ -0,0 +1,81 @@
[
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Regular expressions in rule targets not respected (1/2)",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1591",
"gihub_issue": 394,
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "1539",
"Cookie": "__utma=1.32168570.12572608.1259628772.2&__utmb=1.4.10.1259628772&"
},
"body": "",
"method": "GET",
"http_version": 1.1
},
"response": {
"headers": "",
"body": ""
},
"expected": {
"debug_log": "Rule returned 0."
},
"rules": [
"SecRuleEngine On",
"SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/ \"321\" \"id:1,log\""
]
},
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Regular expressions in rule targets not respected (2/2)",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1591",
"gihub_issue": 394,
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "1539",
"Cookie": "__utma=1.32168570.12572608.1259628772.2&__utmb=1.4.10.1259628772&"
},
"body": "",
"method": "GET",
"http_version": 1.1
},
"response": {
"headers": "",
"body": ""
},
"expected": {
"debug_log": "Rule returned 1."
},
"rules": [
"SecRuleEngine On",
"SecRule REQUEST_COOKIES \"321\" \"id:1,log\""
]
}
]