Adds support to SecArgumentSeparator

2025-08-14 05:45:59 +03:00 · 2017-08-16 18:27:51 -03:00 · 2017-08-16 18:27:51 -03:00 · 48f1470269
commit 48f1470269
parent a302538521
7 changed files with 6477 additions and 6324 deletions
--- a/headers/modsecurity/rules_properties.h
+++ b/headers/modsecurity/rules_properties.h
@ -319,6 +319,11 @@ class RulesProperties {
                from->m_uploadTmpDirectory.m_value;
        }

+        if (from->m_secArgumentSeparator.m_set == true) {
+            to->m_secArgumentSeparator.m_value = \
+                from->m_secArgumentSeparator.m_value;
+        }
+
        if (from->m_httpblKey.m_set == true) {
            to->m_httpblKey.m_value = from->m_httpblKey.m_value;
            to->m_httpblKey.m_set = from->m_httpblKey.m_set;
@ -446,6 +451,7 @@ class RulesProperties {
    ConfigString m_httpblKey;
    ConfigString m_uploadDirectory;
    ConfigString m_uploadTmpDirectory;
+    ConfigString m_secArgumentSeparator;
    std::vector<actions::Action *> m_defaultActions[8];
    std::vector<modsecurity::Rule *> m_rules[8];
 };
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -531,6 +531,7 @@ using modsecurity::operators::Operator;
  ACTION_VER                                   "Ver"
  ACTION_XMLNS                                 "xmlns"
  CONFIG_COMPONENT_SIG                         "CONFIG_COMPONENT_SIG"
+  CONFIG_SEC_ARGUMENT_SEPARATOR                "CONFIG_SEC_ARGUMENT_SEPARATOR"
  CONFIG_SEC_WEB_APP_ID                        "CONFIG_SEC_WEB_APP_ID"
  CONFIG_SEC_SERVER_SIG                        "CONFIG_SEC_SERVER_SIG"
  CONFIG_DIR_AUDIT_DIR                         "CONFIG_DIR_AUDIT_DIR"
@ -544,6 +545,7 @@ using modsecurity::operators::Operator;
  CONFIG_DIR_AUDIT_TPE                         "CONFIG_DIR_AUDIT_TPE"
  CONFIG_DIR_DEBUG_LOG                         "CONFIG_DIR_DEBUG_LOG"
  CONFIG_DIR_DEBUG_LVL                         "CONFIG_DIR_DEBUG_LVL"
+  CONFIG_SEC_CACHE_TRANSFORMATIONS             "CONFIG_SEC_CACHE_TRANSFORMATIONS"
  CONFIG_DIR_GEO_DB                            "CONFIG_DIR_GEO_DB"
  CONFIG_DIR_PCRE_MATCH_LIMIT                  "CONFIG_DIR_PCRE_MATCH_LIMIT"
  CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION        "CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION"
@ -1158,6 +1160,15 @@ expression:
      {
        driver.m_secResponseBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean;
      }
+    | CONFIG_SEC_ARGUMENT_SEPARATOR
+      {
+        if ($1.length() != 1) {
+          driver.error(@0, "Argument separator should be set to a single character.");
+          YYERROR;
+        }
+        driver.m_secArgumentSeparator.m_value = $1;
+        driver.m_secArgumentSeparator.m_set = true;
+      }
    | CONFIG_COMPONENT_SIG
      {
        driver.m_components.push_back($1);
@ -1177,6 +1188,11 @@ expression:
        driver.error(@0, "ContentInjection is not yet supported.");
        YYERROR;
      }
+    | CONFIG_SEC_CACHE_TRANSFORMATIONS
+      {
+        driver.error(@0, "SecCacheTransformations is not supported.");
+        YYERROR;
+      }
    | CONFIG_CONTENT_INJECTION CONFIG_VALUE_OFF
      {
        driver.error(@0, "ContentInjection is not yet supported.");
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -258,7 +258,9 @@ COL_NAME                                [A-Za-z]+
 CONFIG_COMPONENT_SIG                    (?i:SecComponentSignature)
 CONFIG_SEC_SERVER_SIG                   (?i:SecServerSignature)
 CONFIG_SEC_WEB_APP_ID                   (?i:SecWebAppId)
+CONFIG_SEC_CACHE_TRANSFORMATIONS        (?i:SecCacheTransformations)
 CONFIG_CONTENT_INJECTION                (?i:SecContentInjection)
+CONFIG_SEC_ARGUMENT_SEPARATOR           (?i:SecArgumentSeparator)
 CONFIG_DIR_AUDIT_DIR                    (?i:SecAuditLogStorageDir)
 CONFIG_DIR_AUDIT_DIR_MOD                (?i:SecAuditLogDirMode)
 CONFIG_DIR_AUDIT_ENG                    (?i:SecAuditEngine)
@ -576,6 +578,8 @@ EQUALS_MINUS                            (?i:=\-)
 {CONFIG_DIR_AUDIT_DIR_MOD}[ \t]+["]{CONFIG_VALUE_NUMBER}["]             { return p::make_CONFIG_DIR_AUDIT_DIR_MOD(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_DIR}[ \t]+{CONFIG_VALUE_PATH}                         { return p::make_CONFIG_DIR_AUDIT_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_DIR}[ \t]+["]{CONFIG_VALUE_PATH}["]                   { return p::make_CONFIG_DIR_AUDIT_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
+{CONFIG_SEC_ARGUMENT_SEPARATOR}[ \t]+["]{NEW_LINE_FREE_TEXT}["]         { return p::make_CONFIG_SEC_ARGUMENT_SEPARATOR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
+{CONFIG_SEC_ARGUMENT_SEPARATOR}[ \t]+{NEW_LINE_FREE_TEXT}               { return p::make_CONFIG_SEC_ARGUMENT_SEPARATOR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_ENG}                                                  { return p::make_CONFIG_DIR_AUDIT_ENG(yytext, *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_FLE_MOD}[ ]{CONFIG_VALUE_NUMBER}                      { return p::make_CONFIG_DIR_AUDIT_FLE_MOD(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG2}[ ]{CONFIG_VALUE_PATH}                           { return p::make_CONFIG_DIR_AUDIT_LOG2(strchr(yytext, ' ') + 1, *driver.loc.back()); }
@ -637,6 +641,8 @@ EQUALS_MINUS                            (?i:=\-)
 {CONGIG_DIR_SEC_TMP_DIR}[ \t]+["]{CONFIG_VALUE_PATH}["]                 { return p::make_CONGIG_DIR_SEC_TMP_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {DIRECTIVE_SECRULESCRIPT}[ \t]+{CONFIG_VALUE_PATH}                      { BEGIN(TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS); return p::make_DIRECTIVE_SECRULESCRIPT(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {DIRECTIVE_SECRULESCRIPT}[ \t]+["]{FREE_TEXT_SPACE_COMMA_QUOTE}["]      { BEGIN(TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS); return p::make_DIRECTIVE_SECRULESCRIPT(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
+{CONFIG_SEC_CACHE_TRANSFORMATIONS}{FREE_TEXT_NEW_LINE}                  { return p::make_CONFIG_SEC_CACHE_TRANSFORMATIONS(yytext, *driver.loc.back()); }
+

 {DIRECTIVE}                                                             { BEGIN(TRANSACTION_TO_VARIABLE); return p::make_DIRECTIVE(yytext, *driver.loc.back()); }
 {CONFIG_DIR_SEC_DEFAULT_ACTION}                                         { BEGIN(TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS); return p::make_CONFIG_DIR_SEC_DEFAULT_ACTION(yytext, *driver.loc.back()); }
--- a/src/transaction.cc
+++ b/src/transaction.cc
@ -236,6 +236,9 @@ int Transaction::processConnection(const char *client, int cPort,
 bool Transaction::extractArguments(const std::string &orig,
    const std::string& buf, size_t offset) {
    char sep1 = '&';
+    if (m_rules->m_secArgumentSeparator.m_set) {
+        sep1 = m_rules->m_secArgumentSeparator.m_value.at(0);
+    }
    std::vector<std::string> key_value_sets = utils::string::ssplit(buf, sep1);

    for (std::string t : key_value_sets) {