mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 21:36:00 +03:00
fix: remove target by {id,tag} are now considering collections
Fix issue #1409
This commit is contained in:
Felipe Zimmerle
parent
7c2dbf48cf
commit
337216fd87
28
src/rule.cc
28
src/rule.cc
@ -502,7 +502,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
!= exclusions_update_by_tag_remove.end()) {
|
||||
#ifndef NO_LOGS
|
||||
trans->debug(9, "Variable: " + *key +
|
||||
" is part of the exclusion list (from update by tag " +
|
||||
" is part of the exclusion list (from update by tag" +
|
||||
"), skipping...");
|
||||
#endif
|
||||
if (v->m_dynamic) {
|
||||
@ -530,15 +530,27 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
for (auto &i : trans->m_ruleRemoveTargetByTag) {
|
||||
std::string tag = i.first;
|
||||
std::string args = i.second;
|
||||
size_t posa = key->find(":");
|
||||
|
||||
if (containsTag(tag, trans) == false) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (args == *key) {
|
||||
trans->debug(9, "Variable: " + *key +
|
||||
" was excluded by ruleRemoteTargetByTag...");
|
||||
ignoreVariable = true;
|
||||
break;
|
||||
}
|
||||
if (posa != std::string::npos) {
|
||||
std::string var = std::string(*key, posa);
|
||||
if (var == args) {
|
||||
trans->debug(9, "Variable: " + *key +
|
||||
" was excluded by ruleRemoteTargetByTag...");
|
||||
ignoreVariable = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ignoreVariable) {
|
||||
if (v->m_dynamic) {
|
||||
@ -551,15 +563,29 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
|
||||
for (auto &i : trans->m_ruleRemoveTargetById) {
|
||||
int id = i.first;
|
||||
std::string args = i.second;
|
||||
size_t posa = key->find(":");
|
||||
|
||||
if (m_ruleId != id) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (args == *key) {
|
||||
trans->debug(9, "Variable: " + *key +
|
||||
" was excluded by ruleRemoveTargetById...");
|
||||
ignoreVariable = true;
|
||||
break;
|
||||
}
|
||||
if (posa != std::string::npos) {
|
||||
if (key->size() > posa) {
|
||||
std::string var = std::string(*key, 0, posa);
|
||||
if (var == args) {
|
||||
trans->debug(9, "Variable: " + var +
|
||||
" was excluded by ruleRemoveTargetById...");
|
||||
ignoreVariable = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ignoreVariable) {
|
||||
if (v->m_dynamic) {
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
{
|
||||
"enabled":1,
|
||||
"version_min":300000,
|
||||
"title":"Testing CtlRuleRemoteTargetById (1)",
|
||||
"title":"Testing CtlRuleRemoveTargetById (1)",
|
||||
"expected":{
|
||||
"debug_log": "Variable: ARGS:pwd was excluded by ruleRemoteTargetById..."
|
||||
"debug_log": "Variable: ARGS:pwd was excluded by ruleRemoveTargetById..."
|
||||
},
|
||||
"client":{
|
||||
"ip":"200.249.12.31",
|
||||
@ -34,7 +34,7 @@
|
||||
{
|
||||
"enabled":1,
|
||||
"version_min":300000,
|
||||
"title":"Testing CtlRuleRemoteTargetById (2)",
|
||||
"title":"Testing CtlRuleRemoveTargetById (2)",
|
||||
"expected":{
|
||||
"debug_log": "Target value: .*Variable: ARGS:pwd"
|
||||
},
|
||||
@ -62,5 +62,37 @@
|
||||
"SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=123;ARGS:pwd\"",
|
||||
"SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\""
|
||||
]
|
||||
},
|
||||
{
|
||||
"enabled":1,
|
||||
"version_min":300000,
|
||||
"title":"Testing CtlRuleRemoveTargetById (3)",
|
||||
"expected":{
|
||||
"debug_log": "Variable: ARGS was excluded by ruleRemoveTargetById..."
|
||||
},
|
||||
"client":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":123
|
||||
},
|
||||
"request":{
|
||||
"headers":{
|
||||
"Host":"localhost",
|
||||
"User-Agent":"curl/7.38.0",
|
||||
"Accept":"*/*",
|
||||
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
|
||||
"Content-Type": "text/xml"
|
||||
},
|
||||
"uri":"/wp-login.php?whee&pwd=lhebs",
|
||||
"method":"GET",
|
||||
"body": [ ]
|
||||
},
|
||||
"server":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":80
|
||||
},
|
||||
"rules":[
|
||||
"SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=1;ARGS\"",
|
||||
"SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS'\""
|
||||
]
|
||||
}
|
||||
]
|
||||
|
||||
@ -62,5 +62,37 @@
|
||||
"SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd\"",
|
||||
"SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\""
|
||||
]
|
||||
},
|
||||
{
|
||||
"enabled":1,
|
||||
"version_min":300000,
|
||||
"title":"Testing CtlRuleRemoteTargetByTag (3)",
|
||||
"expected":{
|
||||
"debug_log": "Target value: .*Variable: ARGS:pwd"
|
||||
},
|
||||
"client":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":123
|
||||
},
|
||||
"request":{
|
||||
"headers":{
|
||||
"Host":"localhost",
|
||||
"User-Agent":"curl/7.38.0",
|
||||
"Accept":"*/*",
|
||||
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
|
||||
"Content-Type": "text/xml"
|
||||
},
|
||||
"uri":"/wp-login.php?whee&pwd=lhebs",
|
||||
"method":"GET",
|
||||
"body": [ ]
|
||||
},
|
||||
"server":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":80
|
||||
},
|
||||
"rules":[
|
||||
"SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=CRS;ARGS\"",
|
||||
"SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\""
|
||||
]
|
||||
}
|
||||
]
|
||||
|
||||
@ -1 +1 @@
|
||||
Subproject commit 1a572362156de9c570e2589c36d382bf59dcc1a0
|
||||
Subproject commit add8f637703ac2c069f1b650164b70cd35675228
|
||||
Loading…
x
Reference in New Issue
Block a user