From 348cf3bfabb55b9d4085a2ea9543f0d7f3c066f1 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Mon, 23 May 2016 18:29:54 -0300
Subject: [PATCH] Adds support to the REMOTE_USER variable

---
 src/variables/remote_user.cc                  | 67 +++++++++++++++++++
 src/variables/remote_user.h                   | 46 +++++++++++++
 .../regression/variable-REMOTE_USER.json      | 46 +++++++++++++
 3 files changed, 159 insertions(+)
 create mode 100644 src/variables/remote_user.cc
 create mode 100644 src/variables/remote_user.h
 create mode 100644 test/test-cases/regression/variable-REMOTE_USER.json

diff --git a/src/variables/remote_user.cc b/src/variables/remote_user.cc
new file mode 100644
index 00000000..8464ef14
--- /dev/null
+++ b/src/variables/remote_user.cc
@@ -0,0 +1,67 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "variables/remote_user.h"
+
+#include <time.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#include "modsecurity/transaction.h"
+#include "utils/base64.h"
+
+namespace modsecurity {
+namespace Variables {
+
+
+void RemoteUser::evaluateInternal(Transaction *transaction,
+    std::vector<const collection::Variable *> *l) {
+    size_t pos;
+    std::string base64;
+
+    std::string *header = transaction->m_collections.resolveFirst(
+        "REQUEST_HEADERS:Authorization");
+
+    if (header == NULL) {
+        return;
+    }
+
+    if (header->compare(0, 6, "Basic ") == 0) {
+        base64 = std::string(*header, 6, header->length());
+    }
+
+    base64 = Utils::Base64::decode(base64);
+
+    pos = base64.find(":");
+    if (pos == std::string::npos) {
+        return;
+    }
+    base64 = std::string(base64, 0, pos);
+
+    l->push_back(new collection::Variable("REMOTE_USER", base64));
+}
+
+
+}  // namespace Variables
+}  // namespace modsecurity
diff --git a/src/variables/remote_user.h b/src/variables/remote_user.h
new file mode 100644
index 00000000..8a969761
--- /dev/null
+++ b/src/variables/remote_user.h
@@ -0,0 +1,46 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_REMOTE_USER_H_
+#define SRC_VARIABLES_REMOTE_USER_H_
+
+#include "variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+
+class RemoteUser : public Variable {
+ public:
+    explicit RemoteUser(std::string _name)
+        : Variable(_name) { }
+
+    void evaluateInternal(Transaction *transaction,
+        std::vector<const collection::Variable *> *l) override;
+};
+
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_REMOTE_USER_H_
\ No newline at end of file
diff --git a/test/test-cases/regression/variable-REMOTE_USER.json b/test/test-cases/regression/variable-REMOTE_USER.json
new file mode 100644
index 00000000..965fd83e
--- /dev/null
+++ b/test/test-cases/regression/variable-REMOTE_USER.json
@@ -0,0 +1,46 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REMOTE_USER",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"27",
+        "Content-Type":"application/x-www-form-urlencoded",
+        "Authorization": "Basic QWxhZGRpbjpPcGVuU2VzYW1l"
+      },
+      "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"t:trim: \"Aladdin\""
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecDebugLogLevel 9",
+      "SecRule REMOTE_USER \"@contains test \" \"id:1,phase:3,pass,t:trim\""
+    ]
+  }
+]
\ No newline at end of file