github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix pass action behaviour: now only ingore actions within the same rule

Browse Source 
More details on issue #1152
This commit is contained in:
Felipe Zimmerle 2016-07-01 11:01:51 -03:00
parent b332018cc2
commit 3d1d0514fd
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
3 changed files with 124 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/actions/pass.cc
View File

@ -26,7 +26,6 @@ namespace actions {
bool Pass::evaluate(Rule *rule, Transaction *transaction) {
transaction->m_actions.clear();
return true;
}

22
src/rule.cc
View File

@ -201,7 +201,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
if (a->isDisruptive() == false) {
#ifndef NO_LOGS
trasn->debug(4, "Running (_non_ disruptive) action: " +
a->m_name);
a->m_name + ".");
#endif
a->evaluate(this, trasn);
} else {
@ -395,6 +395,7 @@ bool Rule::evaluate(Transaction *trasn) {
if (ret) {
bool containsDisruptive = false;
bool chainResult = false;
bool containsPassAction = false;
ruleMessage->m_match = "Operator `" + this->op->op +
"' with parameter `" + this->op->param + "' against" \
@ -415,6 +416,10 @@ bool Rule::evaluate(Transaction *trasn) {
this->actions_runtime_pos) {
if (a->isDisruptive() == true) {
containsDisruptive = true;
if (a->m_name == "pass") {
containsPassAction = true;
trasn->debug(4, "Rule contains a `pass' action");
}
}
}
@ -477,19 +482,30 @@ bool Rule::evaluate(Transaction *trasn) {
this->actions_runtime_pos) {
if (a->isDisruptive()
&& trasn->m_rules->secRuleEngine
== Rules::EnabledRuleEngine) {
== Rules::EnabledRuleEngine
&& containsPassAction == false) {
#ifndef NO_LOGS
trasn->debug(4, "Running (disruptive) " \
"action: " + a->m_name);
#endif
a->evaluate(this, trasn);
} else if (a->isDisruptive()) {
} else if (a->isDisruptive()
&& containsPassAction == false) {
#ifndef NO_LOGS
trasn->debug(4,
"Not running disruptive action: " + \
a->m_name + ". SecRuleEngine " + \
"is not On");
#endif
} else if (a->isDisruptive() &&
containsPassAction == true) {
if (a->m_name != "pass") {
#ifndef NO_LOGS
trasn->debug(4, "Not running disruptive " \
"action: " + a->m_name + ". It was " \
"silenced by an `pass' action.");
#endif
}
} else if (!a->isDisruptive()) {
#ifndef NO_LOGS
trasn->debug(4, "Running (_non_ disruptive) " \

106
test/test-cases/regression/issue-1152.json
View File

@ -39,7 +39,7 @@
}
},
"expected": {
"http_code": 200
"http_code": 403
},
"rules": [
"SecRuleEngine On",
@ -96,5 +96,109 @@
"SecRule ARGS:foo \"bar\" \"id:'900017',phase:1,t:none,deny,nolog,msg:'foo = bar'\"",
"SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog\""
]
},
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Should libmodsec pass action clear m_actions?",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1152",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?foo=bar",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
},
"body": [
]
},
"expected": {
"http_code": 200
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS:foo \"bar\" \"id:'900017',phase:1,t:none,nolog,msg:'foo = bar'\"",
"SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,deny,pass\""
]
},
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Should libmodsec pass action clear m_actions?",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1152",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?a=test&b=test&c=test&d=test",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
},
"body": [
]
},
"expected": {
"http_code": 200,
"debug_log": "Target value: \"4\" \\(Variable: TX:test\\)"
},
"rules": [
"SecRuleEngine On",
"# Set TX.test to zero",
"SecAction \"phase:2,nolog,pass,setvar:TX.test=0,id:123\"",
"# Increment TX.test for every request parameter",
"SecRule ARGS \"test\" \"phase:2,log,pass,setvar:TX.test=+1,id:124\"",
"SecRule TX:test \"test\" \"phase:2,log,pass,id:125\""
]
}
]