github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to SecRuleRemoveById

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-07-17 00:35:12 -03:00
parent d781b00f70
commit 37079ef668
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
6 changed files with 154 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
headers/modsecurity/rules_properties.h
View File

@ -28,11 +28,13 @@
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rules_exceptions.h"
#ifdef __cplusplus #ifdef __cplusplus
namespace modsecurity { namespace modsecurity {
class Rule; class Rule;
class RulesExceptions;
namespace audit_log { namespace audit_log {
class AuditLog; class AuditLog;
} }
@ -232,6 +234,8 @@ class RulesProperties {
audit_log::AuditLog *audit_log; audit_log::AuditLog *audit_log;
OnFailedRemoteRulesAction remoteRulesActionOnFailed; OnFailedRemoteRulesAction remoteRulesActionOnFailed;
RulesExceptions m_exceptions;
}; };
#endif #endif

1
src/Makefile.am
View File

@ -244,6 +244,7 @@ libmodsecurity_la_SOURCES = \
macro_expansion.cc \ macro_expansion.cc \
rule.cc \ rule.cc \
unique_id.cc \ unique_id.cc \
rules_exceptions.cc \
${BODY_PROCESSORS} \ ${BODY_PROCESSORS} \
${ACTIONS} \ ${ACTIONS} \
${COLLECTION} \ ${COLLECTION} \

15
src/parser/seclang-parser.yy
View File

@ -217,6 +217,8 @@ using modsecurity::Variables::XML;
%token <std::string> CONFIG_DIR_AUDIT_STS %token <std::string> CONFIG_DIR_AUDIT_STS
%token <std::string> CONFIG_DIR_AUDIT_TPE %token <std::string> CONFIG_DIR_AUDIT_TPE
%token <std::string> CONFIG_SEC_RULE_REMOVE_BY_ID
%token <std::string> CONFIG_UPDLOAD_KEEP_FILES %token <std::string> CONFIG_UPDLOAD_KEEP_FILES
%token <std::string> CONFIG_UPDLOAD_SAVE_TMP_FILES %token <std::string> CONFIG_UPDLOAD_SAVE_TMP_FILES
%token <std::string> CONFIG_UPLOAD_FILE_LIMIT %token <std::string> CONFIG_UPLOAD_FILE_LIMIT
@ -605,6 +607,19 @@ expression:
{ {
driver.components.push_back($1); driver.components.push_back($1);
} }
| CONFIG_SEC_RULE_REMOVE_BY_ID
{
std::string error;
if (driver.m_exceptions.load($1, &error) == false) {
std::stringstream ss;
ss << "SecRuleRemoveById: failed to load:";
ss << $1;
ss << ". ";
ss << error;
driver.error(@0, ss.str());
YYERROR;
}
}
/* Debug log: start */ /* Debug log: start */
| CONFIG_DIR_DEBUG_LVL | CONFIG_DIR_DEBUG_LVL
{ {

4
src/parser/seclang-scanner.ll
View File

@ -114,6 +114,7 @@ CONFIG_INCLUDE (?i:Include)
CONFIG_SEC_REMOTE_RULES (?i:SecRemoteRules) CONFIG_SEC_REMOTE_RULES (?i:SecRemoteRules)
CONFIG_SEC_REMOTE_RULES_FAIL_ACTION (?i:SecRemoteRulesFailAction) CONFIG_SEC_REMOTE_RULES_FAIL_ACTION (?i:SecRemoteRulesFailAction)
CONFIG_SEC_REMOVE_RULES_BY_ID (?i:SecRuleRemoveById)
DICT_ELEMENT [^ \t|]+ DICT_ELEMENT [^ \t|]+
@ -230,6 +231,9 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
{ACTION_CTL_AUDIT_ENGINE}= { return yy::seclang_parser::make_ACTION_CTL_AUDIT_ENGINE(yytext, *driver.loc.back()); } {ACTION_CTL_AUDIT_ENGINE}= { return yy::seclang_parser::make_ACTION_CTL_AUDIT_ENGINE(yytext, *driver.loc.back()); }
{ACTION_CTL_FORCE_REQ_BODY_VAR}= { return yy::seclang_parser::make_ACTION_CTL_FORCE_REQ_BODY_VAR(yytext, *driver.loc.back()); } {ACTION_CTL_FORCE_REQ_BODY_VAR}= { return yy::seclang_parser::make_ACTION_CTL_FORCE_REQ_BODY_VAR(yytext, *driver.loc.back()); }
%{ /* Remove Rules */ %}
{CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_SEC_RULE_REMOVE_BY_ID(strchr(yytext, ' ') + 1, *driver.loc.back()); }
%{ /* Upload */ %} %{ /* Upload */ %}
{CONFIG_UPLOAD_FILE_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_UPLOAD_FILE_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_UPLOAD_FILE_MODE}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_MODE(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_UPLOAD_FILE_MODE}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_MODE(strchr(yytext, ' ') + 1, *driver.loc.back()); }

5
src/rules.cc
View File

@ -220,6 +220,9 @@ int Rules::evaluate(int phase, Transaction *transaction) {
} else if (transaction->m_allowType != actions::NoneAllowType) { } else if (transaction->m_allowType != actions::NoneAllowType) {
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \ debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
+ "' as request trough the utilization of an `allow' action."); + "' as request trough the utilization of an `allow' action.");
} else if (m_exceptions.contains(rule->rule_id)) {
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
+ "'. Removed by an SecRuleRemove directive.");
} else { } else {
rule->evaluate(transaction); rule->evaluate(transaction);
} }
@ -271,6 +274,8 @@ int Rules::merge(Driver *from) {
m_responseBodyTypeToBeInspected.insert(*it); m_responseBodyTypeToBeInspected.insert(*it);
} }
this->m_exceptions = from->m_exceptions;
/* /*
* *
* default Actions is something per configuration context, there is * default Actions is something per configuration context, there is

125
test/test-cases/regression/config-remove_by_id.json Normal file
View File

@ -0,0 +1,125 @@
[
{
"enabled":1,
"version_min":300000,
"title":"SecRuleRemoveById (1/3)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Skipped rule id '2'. Removed by an SecRuleRemove directive."
},
"rules":[
"SecRuleRemoveById 2",
"SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"",
"SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"",
"SecRule ARGS \"@contains test\" \"id:3,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"SecRuleRemoveById (2/3)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Skipped rule id '2'. Removed by an SecRuleRemove directive."
},
"rules":[
"SecRuleRemoveById 1-3",
"SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"",
"SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"",
"SecRule ARGS \"@contains test\" \"id:3,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"SecRuleRemoveById (3/3)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Skipped rule id '2'. Removed by an SecRuleRemove directive."
},
"rules":[
"SecRuleRemoveById 1 2-3",
"SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"",
"SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"",
"SecRule ARGS \"@contains test\" \"id:3,pass,t:trim\""
]
}
]