github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improves the secrules parser

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-01-11 17:14:02 -03:00
parent ed13cab9f4
commit 3acc013e49
4 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/actions/rev.cc
View File

@ -30,9 +30,11 @@ namespace actions {
Rev::Rev(std::string action)
: Action(action, ConfigurationKind),
m_rev(action) {
if (m_rev.at(0) == '\'') {
m_rev.erase(0, 1);
m_rev.pop_back();
}
}
bool Rev::evaluate(Rule *rule, Assay *assay) {

3
src/actions/transformations/transformation.cc
View File

@ -87,7 +87,10 @@ Transformation* Transformation::instantiate(std::string a) {
IF_MATCH(lowercase) { return new LowerCase(a); }
IF_MATCH(md5) { return new Md5(a); }
IF_MATCH(none) { return new None(a); }
IF_MATCH(normalizePathWin) { return new NormalisePathWin(a); }
IF_MATCH(normalisePathWin) { return new NormalisePathWin(a); }
IF_MATCH(normalizePath) { return new NormalisePath(a); }
IF_MATCH(normalisePath) { return new NormalisePath(a); }
IF_MATCH(normalisePath) { return new NormalisePath(a); }
IF_MATCH(parity_even_7bit) { return new ParityEven7bit(a); }
IF_MATCH(parity_odd_7bit) { return new ParityOdd7bit(a); }

30
src/parser/seclang-parser.yy
View File

@ -229,9 +229,11 @@ using modsecurity::Variables::Tx;
%token <std::string> ACTION_ACCURACY
%token <std::string> ACTION_REDIRECT
%token <std::string> ACTION_SKIP_AFTER
%token <std::string> ACTION_SKIP
%token <std::string> ACTION_AUDIT_LOG
%token <std::string> ACTION_PHASE
%token <std::string> ACTION_SEVERITY
%token <std::string> ACTION_SETENV
%token <std::string> ACTION_SETVAR
%token <std::string> ACTION_EXPIREVAR
%token <std::string> ACTION_INITCOL
@ -834,6 +836,24 @@ act:
{
$$ = Action::instantiate($1);
}
| ACTION_SETENV
{
/*
TODO: setEnv is not implemented yet.
std::string error;
SetEnv *setEnv = new SetEnv($1);
if (setEnv->init(&error) == false) {
driver.parserError << error;
YYERROR;
}
$$ = setEnv;
*/
$$ = Action::instantiate($1);
}
| ACTION_SETVAR
{
std::string error;
@ -846,6 +866,16 @@ act:
$$ = setVar;
}
| ACTION_SKIP
{
/*
TODO: skip is not implemented yet.
$$ = new modsecurity::actions::SkipAfter($1);
*/
$$ = Action::instantiate($1);
}
| ACTION_SKIP_AFTER
{
$$ = new modsecurity::actions::SkipAfter($1);

29
src/parser/seclang-scanner.ll
View File

@ -23,17 +23,19 @@ using modsecurity::split;
%}
%option noyywrap nounput batch debug noinput
ACTION (?i:accuracy|allow|append|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|log|multiMatch|noauditlog|nolog|pass|pause|prepend|proxy|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|status:[0-9]+|xmlns)
ACTION (?i:accuracy|allow|append|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|log|multiMatch|noauditlog|nolog|pass|pause|prepend|proxy|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|status:[0-9]+|xmlns)
ACTION_INITCOL (?i:initcol)
ACTION_ACCURACY (?i:accuracy)
ACTION_REDIRECT (?i:redirect)
ACTION_SKIP (?i:skip)
ACTION_SKIP_AFTER (?i:skipAfter)
ACTION_PHASE ((?i:phase:(?i:REQUEST|RESPONSE|LOGGING|[0-9]+))|(?i:phase:'(?i:REQUEST|RESPONSE|LOGGING|[0-9]+)'))
ACTION_AUDIT_LOG (?i:auditlog)
ACTION_SEVERITY (?i:severity)
ACTION_SEVERITY_VALUE (?i:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|[0-9]+)
ACTION_SETVAR (?i:setvar)
ACTION_SETENV (?i:setenv)
ACTION_EXPIREVAR (?i:expirevar)
ACTION_MSG (?i:msg)
ACTION_TAG (?i:tag)
@ -98,7 +100,7 @@ CONFIG_SEC_REMOTE_RULES (?i:SecRemoteRules)
CONFIG_SEC_REMOTE_RULES_FAIL_ACTION (?i:SecRemoteRulesFailAction)
DICT_ELEMENT [^ \t]+
DICT_ELEMENT [^ \t|]+
OPERATOR (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@validateHash|@validateSchema|@verifyCC|@verifyCPF|@verifySSN|@gsbLookup|@rsub)|(?:\!{0,1})(?:@within|@containsWord|@contains|@endsWith|@eq|@ge|@gt|@ipMatchF|@ipMatch|@ipMatchFromFile|@le|@lt|@pmf|@pm|@pmFromFile|@rbl|@rx|@streq|@strmatch|@beginsWith))
@ -106,10 +108,10 @@ OPERATOR (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@
OPERATORNOARG (?i:@detectSQLi|@detectXSS|@validateUrlEncoding|@validateUtf8Encoding)
OPERATOR_GEOIP (?i:@geoLookup)
TRANSFORMATION t:(sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePath|length|utf8toUnicode|urldecode|removeComments|replaceComments)
TRANSFORMATION t:(?i:(cmdLine|sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeComments|replaceComments))
VARIABLE (?i:(ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR))
VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR))
VARIABLE_COL (?i:(GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|XML|REQUEST_COOKIES_NAMES))
VARIABLE_TX (?i:TX)
@ -156,9 +158,10 @@ FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
FREE_TEXT_SPACE [^ \t]+
FREE_TEXT_SPACE_COMMA [^, \t]+
FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"]+
FREE_TEXT_QUOTE_COMMA [^,\']+
COL_NAME [A-Za-z]+
COL_FREE_TEXT_SPACE_COMMA ([^,])+
COL_FREE_TEXT_SPACE_COMMA ([^,"])+
VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+
@ -294,6 +297,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
{ACTION} { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
{ACTION_PHASE} { return yy::seclang_parser::make_ACTION_PHASE(yytext, *driver.loc.back()); }
{ACTION_SKIP}:{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_ACTION_SKIP(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_AUDIT_LOG} { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }
@ -314,6 +318,18 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
}
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
}
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
}
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
}
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
}
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
@ -332,7 +348,8 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
{ACTION_MSG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REDIRECT}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_REDIRECT(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_TAG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REV}:'{CONFIG_VALUE_NUMBER}' { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}' { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REV}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_VER}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_VER(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_MATURITY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MATURITY(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_MATURITY(strchr(yytext, ':') + 1, *driver.loc.back()); }