From 3668024bfa59076f75de1e99391a8fe4114b0241 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Thu, 20 Dec 2018 00:28:37 -0300
Subject: [PATCH] Adds custom driver trail example

---
 configure.ac                                  |   1 +
 examples/Makefile.am                          |   1 +
 .../.custom_driver_trail.cc.kate-swp          | Bin 0 -> 2702 bytes
 examples/custom_parser_trail/Makefile.am      |  34 +++
 .../custom_driver_trail.cc                    |   1 +
 examples/custom_parser_trail/parser           | 228 ++++++++++++++++++
 examples/custom_parser_trail/parser.cc        |  80 ++++++
 headers/modsecurity/parser/driver.h           |  13 +-
 src/parser/driver.h                           |  17 +-
 src/rule_script.cc                            |   1 -
 10 files changed, 373 insertions(+), 3 deletions(-)
 create mode 100644 examples/custom_parser_trail/.custom_driver_trail.cc.kate-swp
 create mode 100644 examples/custom_parser_trail/Makefile.am
 create mode 100644 examples/custom_parser_trail/custom_driver_trail.cc
 create mode 100755 examples/custom_parser_trail/parser
 create mode 100644 examples/custom_parser_trail/parser.cc

diff --git a/configure.ac b/configure.ac
index 4fa3a658..a32a9b7d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -368,6 +368,7 @@ AM_COND_IF([TEST_UTILITIES],
 AM_COND_IF([EXAMPLES],
        [AC_CONFIG_FILES([ \
             examples/Makefile \
+            examples/custom_parser_trail/Makefile \
             examples/simple_example_using_c/Makefile \
             examples/multiprocess_c/Makefile \
             examples/reading_logs_with_offset/Makefile \
diff --git a/examples/Makefile.am b/examples/Makefile.am
index 609cb93e..7036e4f0 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -3,6 +3,7 @@ ACLOCAL_AMFLAGS = -I build
 
 
 SUBDIRS = \
+	custom_parser_trail \
 	multiprocess_c \
 	reading_logs_with_offset \
 	reading_logs_via_rule_message \
diff --git a/examples/custom_parser_trail/.custom_driver_trail.cc.kate-swp b/examples/custom_parser_trail/.custom_driver_trail.cc.kate-swp
new file mode 100644
index 0000000000000000000000000000000000000000..ce809486e560fb0677e906b578e4e16cf88214fc
GIT binary patch
literal 2702
zcmb7G>rNX-6egxnnzjizDVIXYDTac%*x;5+ol*sXE1W<<Hffb#)@D7%qpWwgGh>Vu
z<q7hu50ZE3162K4sc+HqjR)*dQ?*B$^_iLP`_9=jm-WEFK=PSq1eIG}Oh3p#P%g7R
zFfj1&?Sso-+mHT|i|;P~e0KNU>py;b`+NC0&)g~U<H{1*<)59O!1x{4S)pY*j;dwh
zH<dK)RjL~k=d;;XtCeX)Rqe(zkvh*p0K63lB%Hug7TAyCwvy*{LrZ>|a_bwLbf%ix
zw7d&Jhfz?K;kjO=V(4dRsV9KB0%iQDkxfG%vQMEu==2k06Gzu3{(&3c;<zuOCN;b^
zg^{7A7G&yDQw_Bdm%fM%$&gq%4x|_Qf?Cql5d#uih%w}}c38{Q1szFWgj!_iS~+@Y
zJQnd-CT>$y>xGeLpazj0s0}+cmod6F;}6~V21kMQ6u^r;zb<TXgHCLnJu2=Oek>Q(
zczGcY_6FofoQ#u4*UEq7#<38^8hPP$o~VQ-B?8_zRWcEEV(?;+rvx>m*6<@mvPNyL
zWgY9q0*DJ)yAXGs{t4?xTqQ-nG=(-Y3UASl1L5&v_)%y)-`u(r5CqyMc)5>VkX;T^
zl}h*~X!DXHJuHl9crqZbT2(@8y4sXaZfwvDB%!nm$xoc5s~5VqUZ1-0L0Yyu8vQ{q
z?_mPW`*7HjDOszE8dWNO95gi=aF|X4H_8n*mXe_#G^>KX(?)U5-vfr(F~G*S!R~co
z4KKDBOx*(}2>{z@7o)j)uPh3aqd+|Xgsmsw1(zyP7KT|H@Sz29qFu2-YGXl|yAQ3;
z9B4Qt!m6wxV+;+$8OIzz6L8paT!|2+I4tZP6iVgF@yS8Cu>ZVNJbO_&-7A#~rOH96
z_!Iw}mG+89mBR{jK+i#Ek{c|SVi6hgrSQLWK+i#N3L+5v91h$3^()TxY=&%)pQ+D*
z3Bo*>)7)UQ{h6xCXU1^=odstG1h(|Qa4NBiVxf$@rh}CR{R?o}=K9mUW>uO>5S_cQ
zfX{(93liH*m#3AVMT!;eD;XQd0B{D3M}V^}zR!p~rG?7!xe2`Re67>X)H{^{XAvbL
zZnn5z!eN{29KfDp=JO>E{upS0CJ}Rv8*J(pw6<`droc-93*I~&wu#Vd2+bEE-$>mL
z4!s5#m<fOvxWSTL@Tq;N4i3{v5WWHkghe=Px13>2+cUgmQQYCu@YQml<b_aYimw}+
zHl{5u?QlaW5om!>7#TvSWjB>J?O5QD@FmdXi?2tk@?Os>gJpNeilg@&L=4%3xQaQ%
zScAj1`j0dzPjT}l-|U2?(WlqDuu~ZjSD}yroo&Ry^LPggj$k&+4Yq<0)P+>0=>`1t
zG`Ms5zX7C|@StVI&ou4Qx_t}q?B4<W6@jhw7ufUh!RRXi<{EO?0H1BMzr?YpUJ13N
zO*NnIT(kV`$51yLC~QJ12OYNU{!)08vOPdHqmFy?)u6GBB7F@dsD1;7Z2_t_kEoLf
zKZVzzMx}GI3Q9%FmIsUlP&dJ2OT4k;=q8}Og+VymaDd!_!#4hgD4V65`yE(7#)18o
h8*KU}w&x&$0Nga3JU1KVF&wtd&h2kQ{r5Y$@Hc%uQHKBk

literal 0
HcmV?d00001

diff --git a/examples/custom_parser_trail/Makefile.am b/examples/custom_parser_trail/Makefile.am
new file mode 100644
index 00000000..1f553b60
--- /dev/null
+++ b/examples/custom_parser_trail/Makefile.am
@@ -0,0 +1,34 @@
+
+
+noinst_PROGRAMS = parser
+
+parser_SOURCES = \
+	parser.cc
+
+parser_LDADD = \
+	$(SSDEEP_LDADD) \
+	$(LUA_LDADD) \
+	$(MAXMIND_LDADD) \
+	$(GLOBAL_LDADD)
+
+parser_LDFLAGS = \
+	-L$(top_builddir)/src/.libs/ \
+	$(GEOIP_LDFLAGS) \
+	-lmodsecurity \
+	-lpthread \
+	-lm \
+	-lstdc++ \
+	$(LUA_LDFLAGS) \
+	$(SSDEEP_LDFLAGS) \
+	$(MAXMIND_LDFLAGS) \
+	$(YAJL_LDFLAGS)
+
+parser_CPPFLAGS = \
+	-I$(top_builddir)/headers \
+	-I$(top_builddir) \
+	$(GLOBAL_CFLAGS)
+
+MAINTAINERCLEANFILES = \
+	Makefile.in
+
+
diff --git a/examples/custom_parser_trail/custom_driver_trail.cc b/examples/custom_parser_trail/custom_driver_trail.cc
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/examples/custom_parser_trail/custom_driver_trail.cc
@@ -0,0 +1 @@
+
diff --git a/examples/custom_parser_trail/parser b/examples/custom_parser_trail/parser
new file mode 100755
index 00000000..3c0d734e
--- /dev/null
+++ b/examples/custom_parser_trail/parser
@@ -0,0 +1,228 @@
+#! /bin/sh
+
+# parser - temporary wrapper script for .libs/parser
+# Generated by libtool (GNU libtool) 2.4.6.42-b88ce
+#
+# The parser program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s|\([`"$\\]\)|\\\1|g'
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command="(cd /home/zimmerle/core-trustwave/ModSecurity/examples/custom_parser_trail; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; { test -z \"\${LD_LIBRARY_PATH+set}\" || unset LD_LIBRARY_PATH || { LD_LIBRARY_PATH=; export LD_LIBRARY_PATH; }; }; PATH=/home/zimmerle/.nvm/versions/node/v8.0.0/bin:/usr/lib/colorgcc/bin/:/home/zimmerle/.gem/ruby/2.5.0/bin:/home/zimmerle/perl5/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/android-ndk:/opt/cuda/bin:/home/zimmerle/.local/share/flatpak/exports/bin:/usr/lib/jvm/default/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/opt/altera/18.0/quartus/bin:/opt/altera/18.0/modelsim_ase/bin; export PATH; g++ -g -O2 -o \$progdir/\$file parser-parser.o  -L../../src/.libs/ /home/zimmerle/core-trustwave/ModSecurity/src/.libs/libmodsecurity.so -L/usr/lib/ -lcurl -lGeoIP -lxml2 -lz -llzma -licui18n -licuuc -licudata -ldl -llmdb -lyajl -lpthread -lm -lstdc++ -lpcre -lfuzzy -llua5.3 -lmaxminddb -lrt -Wl,-rpath -Wl,/home/zimmerle/core-trustwave/ModSecurity/src/.libs -Wl,-rpath -Wl,/usr/local/modsecurity/lib)"
+
+# This environment variable determines our operation mode.
+if test "$libtool_install_magic" = "%%%MAGIC variable%%%"; then
+  # install mode needs the following variables:
+  generated_by_libtool_version='2.4.6.42-b88ce'
+  notinst_deplibs=' /home/zimmerle/core-trustwave/ModSecurity/src/.libs/libmodsecurity.la'
+else
+  # When we are sourced in execute mode, $file and $ECHO are already set.
+  if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then
+    file="$0"
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+  eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+}
+    ECHO="printf %s\\n"
+  fi
+
+# Very basic option parsing. These options are (a) specific to
+# the libtool wrapper, (b) are identical between the wrapper
+# /script/ and the wrapper /executable/ that is used only on
+# windows platforms, and (c) all begin with the string --lt-
+# (application programs are unlikely to have options that match
+# this pattern).
+#
+# There are only two supported options: --lt-debug and
+# --lt-dump-script. There is, deliberately, no --lt-help.
+#
+# The first argument to this parsing function should be the
+# script's ../../libtool value, followed by no.
+lt_option_debug=
+func_parse_lt_options ()
+{
+  lt_script_arg0=$0
+  shift
+  for lt_opt
+  do
+    case "$lt_opt" in
+    --lt-debug) lt_option_debug=1 ;;
+    --lt-dump-script)
+        lt_dump_D=`$ECHO "X$lt_script_arg0" | /usr/bin/sed -e 's/^X//' -e 's%/[^/]*$%%'`
+        test "X$lt_dump_D" = "X$lt_script_arg0" && lt_dump_D=.
+        lt_dump_F=`$ECHO "X$lt_script_arg0" | /usr/bin/sed -e 's/^X//' -e 's%^.*/%%'`
+        cat "$lt_dump_D/$lt_dump_F"
+        exit 0
+      ;;
+    --lt-*)
+        $ECHO "Unrecognized --lt- option: '$lt_opt'" 1>&2
+        exit 1
+      ;;
+    esac
+  done
+
+  # Print the debug banner immediately:
+  if test -n "$lt_option_debug"; then
+    echo "parser:parser:$LINENO: libtool wrapper (GNU libtool) 2.4.6.42-b88ce" 1>&2
+  fi
+}
+
+# Used when --lt-debug. Prints its arguments to stdout
+# (redirection is the responsibility of the caller)
+func_lt_dump_args ()
+{
+  lt_dump_args_N=1;
+  for lt_arg
+  do
+    $ECHO "parser:parser:$LINENO: newargv[$lt_dump_args_N]: $lt_arg"
+    lt_dump_args_N=`expr $lt_dump_args_N + 1`
+  done
+}
+
+# Core function for launching the target application
+func_exec_program_core ()
+{
+
+      if test -n "$lt_option_debug"; then
+        $ECHO "parser:parser:$LINENO: newargv[0]: $progdir/$program" 1>&2
+        func_lt_dump_args ${1+"$@"} 1>&2
+      fi
+      exec "$progdir/$program" ${1+"$@"}
+
+      $ECHO "$0: cannot exec $program $*" 1>&2
+      exit 1
+}
+
+# A function to encapsulate launching the target application
+# Strips options in the --lt-* namespace from $@ and
+# launches target application with the remaining arguments.
+func_exec_program ()
+{
+  case " $* " in
+  *\ --lt-*)
+    for lt_wr_arg
+    do
+      case $lt_wr_arg in
+      --lt-*) ;;
+      *) set x "$@" "$lt_wr_arg"; shift;;
+      esac
+      shift
+    done ;;
+  esac
+  func_exec_program_core ${1+"$@"}
+}
+
+  # Parse options
+  func_parse_lt_options "$0" ${1+"$@"}
+
+  # Find the directory that this script lives in.
+  thisdir=`$ECHO "$file" | /usr/bin/sed 's%/[^/]*$%%'`
+  test "x$thisdir" = "x$file" && thisdir=.
+
+  # Follow symbolic links until we get to the real thisdir.
+  file=`ls -ld "$file" | /usr/bin/sed -n 's/.*-> //p'`
+  while test -n "$file"; do
+    destdir=`$ECHO "$file" | /usr/bin/sed 's%/[^/]*$%%'`
+
+    # If there was a directory component, then change thisdir.
+    if test "x$destdir" != "x$file"; then
+      case "$destdir" in
+      [\\/]* | [A-Za-z]:[\\/]*) thisdir="$destdir" ;;
+      *) thisdir="$thisdir/$destdir" ;;
+      esac
+    fi
+
+    file=`$ECHO "$file" | /usr/bin/sed 's%^.*/%%'`
+    file=`ls -ld "$thisdir/$file" | /usr/bin/sed -n 's/.*-> //p'`
+  done
+
+  # Usually 'no', except on cygwin/mingw when embedded into
+  # the cwrapper.
+  WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=no
+  if test "$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR" = "yes"; then
+    # special case for '.'
+    if test "$thisdir" = "."; then
+      thisdir=`pwd`
+    fi
+    # remove .libs from thisdir
+    case "$thisdir" in
+    *[\\/].libs ) thisdir=`$ECHO "$thisdir" | /usr/bin/sed 's%[\\/][^\\/]*$%%'` ;;
+    .libs )   thisdir=. ;;
+    esac
+  fi
+
+  # Try to get the absolute directory name.
+  absdir=`cd "$thisdir" && pwd`
+  test -n "$absdir" && thisdir="$absdir"
+
+  program=lt-'parser'
+  progdir="$thisdir/.libs"
+
+  if test ! -f "$progdir/$program" ||
+     { file=`ls -1dt "$progdir/$program" "$progdir/../$program" 2>/dev/null | /usr/bin/sed 1q`; \
+       test "X$file" != "X$progdir/$program"; }; then
+
+    file="$$-$program"
+
+    if test ! -d "$progdir"; then
+      mkdir "$progdir"
+    else
+      rm -f "$progdir/$file"
+    fi
+
+    # relink executable if necessary
+    if test -n "$relink_command"; then
+      if relink_command_output=`eval $relink_command 2>&1`; then :
+      else
+	$ECHO "$relink_command_output" >&2
+	rm -f "$progdir/$file"
+	exit 1
+      fi
+    fi
+
+    mv -f "$progdir/$file" "$progdir/$program" 2>/dev/null ||
+    { rm -f "$progdir/$program";
+      mv -f "$progdir/$file" "$progdir/$program"; }
+    rm -f "$progdir/$file"
+  fi
+
+  if test -f "$progdir/$program"; then
+    if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then
+      # Run the actual program with our arguments.
+      func_exec_program ${1+"$@"}
+    fi
+  else
+    # The program doesn't exist.
+    $ECHO "$0: error: '$progdir/$program' does not exist" 1>&2
+    $ECHO "This script is just a wrapper for $program." 1>&2
+    $ECHO "See the libtool documentation for more information." 1>&2
+    exit 1
+  fi
+fi
diff --git a/examples/custom_parser_trail/parser.cc b/examples/custom_parser_trail/parser.cc
new file mode 100644
index 00000000..1c0f5158
--- /dev/null
+++ b/examples/custom_parser_trail/parser.cc
@@ -0,0 +1,80 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+
+
+#include <modsecurity/modsecurity.h>
+#include <modsecurity/rules.h>
+#include <modsecurity/rule_message.h>
+#include <modsecurity/parser/driver_trail.h>
+#include <modsecurity/parser/driver.h>
+
+#include <string>
+#include <memory>
+
+
+class CustomDriverTrail : public modsecurity::Parser::DriverTrail {
+ public:
+    int addSecRule(Rule *rule) { 
+        std::cout << "Adding: " << std::to_string(rule->m_ruleId) << std::endl;
+        return true;
+    };
+    int addSecAction(Rule *rule) { return 0; };
+    int addSecMarker(std::string marker) { return 0; };
+    int addSecRuleScript(Rule *rule) { return 0; };
+
+    Rule *m_lastRule;
+};
+
+
+int main(int argc, char **argv) {
+    modsecurity::ModSecurity *modsec;
+    //modsecurity::Parser::Driver *driver = new modsecurity::Parser::Driver(new CustomDriverTrail());
+    //if (argc < 2) {
+        //std::cout << "Use " << *argv << " test-case-file.conf";
+        //std::cout << std::endl << std::endl;
+        //return -1;
+    //}
+    //*(argv++);
+
+    std::string rules_arg(*argv);
+
+    /**
+     * ModSecurity initial setup
+     *
+     */
+    modsec = new modsecurity::ModSecurity();
+    modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
+        " (ModSecurity test)");
+
+    /**
+     * loading the rules....
+     *
+     */
+
+
+    //if (driver->parseFile(rules_arg.c_str()) < 0) {
+        //std::cout << "Problems loading the rules..." << std::endl;
+        //return -1;
+    //}
+
+    //delete driver;
+    delete modsec;
+}
+
+
diff --git a/headers/modsecurity/parser/driver.h b/headers/modsecurity/parser/driver.h
index e3013449..0cfa4416 100644
--- a/headers/modsecurity/parser/driver.h
+++ b/headers/modsecurity/parser/driver.h
@@ -35,6 +35,9 @@
 using modsecurity::Rule;
 using modsecurity::Rules;
 
+namespace yy {
+class location;
+}
 
 namespace modsecurity {
 namespace Parser {
@@ -69,25 +72,32 @@ class Driver {
         }
         return m_trail->addSecRule(rule);
     }
+
+
     int addSecAction(Rule *rule) {
         if (!m_trail) {
             return -1;
         }
         return m_trail->addSecAction(rule);
     }
+
+
     int addSecMarker(std::string marker) {
         if (!m_trail) {
             return -1;
         }
         return m_trail->addSecMarker(marker);
     }
-    int addSecRuleScript(RuleScript *rule) {
+
+
+    int addSecRuleScript(Rule *rule) {
         if (!m_trail) {
             return -1;
         }
         return m_trail->addSecRuleScript(rule);
     }
 
+
     DriverTrail *m_trail;
 
     bool m_traceScanning;
@@ -103,4 +113,5 @@ class Driver {
 }  // namespace Parser
 }  // namespace modsecurity
 
+
 #endif  // HEADERS_MODSECURITY_PARSER_DRIVER_H_
diff --git a/src/parser/driver.h b/src/parser/driver.h
index eea025c8..4eaa8414 100644
--- a/src/parser/driver.h
+++ b/src/parser/driver.h
@@ -25,10 +25,14 @@
 #include "modsecurity/rules.h"
 #include "modsecurity/rules_properties.h"
 #include "modsecurity/audit_log.h"
-#include "src/rule_script.h"
 #include "src/parser/seclang-parser.hh"
+#include "src/rule_script.h"
+#include "modsecurity/parser/driver_trail.h"
 
 
+using modsecurity::Rule;
+using modsecurity::Rules;
+
 #ifndef SRC_PARSER_DRIVER_H_
 #define SRC_PARSER_DRIVER_H_
 
@@ -37,6 +41,17 @@
 
 YY_DECL;
 
+namespace modsecurity {
+namespace Parser {
+
+#ifdef __cplusplus
+class Driver;
+#else
+typedef struct Driver_t Driver;
+#endif
+
+}  // namespace Parser
+}  // namespace modsecurity
 
 #include "modsecurity/parser/driver.h"
 
diff --git a/src/rule_script.cc b/src/rule_script.cc
index 03205322..99d66b3e 100644
--- a/src/rule_script.cc
+++ b/src/rule_script.cc
@@ -15,7 +15,6 @@
 
 #include "src/rule_script.h"
 
-
 namespace modsecurity {
 
 bool RuleScript::init(std::string *err) {