mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 11:16:33 +03:00
Adds sanity check to the rule id action
This commit is contained in:
Felipe Zimmerle
@@ -87,6 +87,7 @@ class Action {
|
||||
virtual std::string evaluate(std::string exp,
|
||||
Assay *assay);
|
||||
virtual bool evaluate(Rule *rule, Assay *assay);
|
||||
virtual bool init(std::string *error) { return true; }
|
||||
|
||||
static Action *instantiate(const std::string& name);
|
||||
|
||||
|
||||
@@ -24,21 +24,33 @@
|
||||
namespace ModSecurity {
|
||||
namespace actions {
|
||||
|
||||
RuleId::RuleId(std::string action)
|
||||
: Action(action) {
|
||||
this->action_kind = ConfigurationKind;
|
||||
bool RuleId::init(std::string *error) {
|
||||
std::string a = action;
|
||||
a.erase(0, 3);
|
||||
if (a.at(0) == '\'') {
|
||||
a.erase(0, 1);
|
||||
a.pop_back();
|
||||
}
|
||||
this->rule_id = std::stod(a);
|
||||
|
||||
try {
|
||||
a.erase(0, 3);
|
||||
if (a.at(0) == '\'') {
|
||||
a.erase(0, 1);
|
||||
a.pop_back();
|
||||
}
|
||||
m_ruleId = std::stod(a);
|
||||
} catch (...) {
|
||||
m_ruleId = 0;
|
||||
error->assign("The input \"" + a + "\" does not seems to be a valid rule id.");
|
||||
return false;
|
||||
}
|
||||
|
||||
std::ostringstream oss;
|
||||
oss << std::setprecision(40) << m_ruleId;
|
||||
if (a != oss.str() || m_ruleId < 0) {
|
||||
error->assign("The input \"" + a + "\" does not seems to be a valid rule id.");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
bool RuleId::evaluate(Rule *rule, Assay *assay) {
|
||||
rule->rule_id = this->rule_id;
|
||||
rule->rule_id = m_ruleId;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -32,10 +32,14 @@ namespace actions {
|
||||
|
||||
class RuleId : public Action {
|
||||
public:
|
||||
explicit RuleId(std::string action);
|
||||
explicit RuleId(std::string action)
|
||||
: Action(action, ConfigurationKind) { }
|
||||
|
||||
bool init(std::string *error) override;
|
||||
bool evaluate(Rule *rule, Assay *assay) override;
|
||||
double rule_id;
|
||||
|
||||
private:
|
||||
double m_ruleId;
|
||||
};
|
||||
|
||||
} // namespace actions
|
||||
|
||||
@@ -604,7 +604,13 @@ var:
|
||||
act:
|
||||
ACTION
|
||||
{
|
||||
std::string error;
|
||||
$$ = Action::instantiate($1);
|
||||
|
||||
if ($$->init(&error) == false) {
|
||||
driver.parserError << error;
|
||||
YYERROR;
|
||||
}
|
||||
}
|
||||
| TRANSFORMATION
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user