Adds support to SecRuleRemoveById

2025-09-29 19:24:29 +03:00 · 2016-07-17 00:35:12 -03:00
parent d781b00f70
commit 37079ef668
6 changed files with 154 additions and 0 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -244,6 +244,7 @@ libmodsecurity_la_SOURCES = \
 	macro_expansion.cc \
 	rule.cc \
 	unique_id.cc \
+	rules_exceptions.cc \
 	${BODY_PROCESSORS} \
 	${ACTIONS} \
 	${COLLECTION} \
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -217,6 +217,8 @@ using modsecurity::Variables::XML;
 %token <std::string> CONFIG_DIR_AUDIT_STS
 %token <std::string> CONFIG_DIR_AUDIT_TPE

+%token <std::string> CONFIG_SEC_RULE_REMOVE_BY_ID
+
 %token <std::string> CONFIG_UPDLOAD_KEEP_FILES
 %token <std::string> CONFIG_UPDLOAD_SAVE_TMP_FILES
 %token <std::string> CONFIG_UPLOAD_FILE_LIMIT
@@ -605,6 +607,19 @@ expression:
      {
        driver.components.push_back($1);
      }
+    | CONFIG_SEC_RULE_REMOVE_BY_ID
+      {
+        std::string error;
+        if (driver.m_exceptions.load($1, &error) == false) {
+            std::stringstream ss;
+            ss << "SecRuleRemoveById: failed to load:";
+            ss << $1;
+            ss << ". ";
+            ss << error;
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
+      }
    /* Debug log: start */
    | CONFIG_DIR_DEBUG_LVL
      {
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -114,6 +114,7 @@ CONFIG_INCLUDE                       (?i:Include)
 CONFIG_SEC_REMOTE_RULES              (?i:SecRemoteRules)
 CONFIG_SEC_REMOTE_RULES_FAIL_ACTION  (?i:SecRemoteRulesFailAction)

+CONFIG_SEC_REMOVE_RULES_BY_ID        (?i:SecRuleRemoveById)

 DICT_ELEMENT    [^ \t|]+

@@ -230,6 +231,9 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 {ACTION_CTL_AUDIT_ENGINE}=                         { return yy::seclang_parser::make_ACTION_CTL_AUDIT_ENGINE(yytext, *driver.loc.back()); }
 {ACTION_CTL_FORCE_REQ_BODY_VAR}=                   { return yy::seclang_parser::make_ACTION_CTL_FORCE_REQ_BODY_VAR(yytext, *driver.loc.back()); }

+%{ /* Remove Rules */ %}
+{CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]{FREE_TEXT_NEW_LINE}      { return yy::seclang_parser::make_CONFIG_SEC_RULE_REMOVE_BY_ID(strchr(yytext, ' ') + 1, *driver.loc.back()); }
+
 %{ /* Upload */ %}
 {CONFIG_UPLOAD_FILE_LIMIT}[ ]{CONFIG_VALUE_NUMBER}  { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_UPLOAD_FILE_MODE}[ ]{CONFIG_VALUE_NUMBER}  { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_MODE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
--- a/src/rules.cc
+++ b/src/rules.cc
@@ -220,6 +220,9 @@ int Rules::evaluate(int phase, Transaction *transaction) {
        } else if (transaction->m_allowType != actions::NoneAllowType) {
            debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
                + "' as request trough the utilization of an `allow' action.");
+        } else if (m_exceptions.contains(rule->rule_id)) {
+            debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
+                + "'. Removed by an SecRuleRemove directive.");
        } else {
            rule->evaluate(transaction);
        }
@@ -271,6 +274,8 @@ int Rules::merge(Driver *from) {
        m_responseBodyTypeToBeInspected.insert(*it);
    }

+    this->m_exceptions = from->m_exceptions;
+
    /*
     *
     * default Actions is something per configuration context, there is