mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Added support for Lua to the exec action.
This commit is contained in:
ivanr
parent
a45c4bb551
commit
4cecdf4c5b
@ -79,7 +79,7 @@ char *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool) {
|
||||
|
||||
/* Find script. */
|
||||
if (luaL_loadfile(L, filename)) {
|
||||
return apr_psprintf(pool, "ModSecurity: Failed to open script %s: %s",
|
||||
return apr_psprintf(pool, "ModSecurity: Failed to compile script %s: %s",
|
||||
filename, lua_tostring(L, -1));
|
||||
}
|
||||
|
||||
@ -244,7 +244,7 @@ static const struct luaL_Reg mylib[] = {
|
||||
/**
|
||||
*
|
||||
*/
|
||||
int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
|
||||
int lua_execute(msc_script *script, modsec_rec *msr, msre_rule *rule, char **error_msg) {
|
||||
apr_time_t time_before;
|
||||
lua_State *L = NULL;
|
||||
int rc;
|
||||
@ -253,7 +253,7 @@ int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
|
||||
*error_msg = NULL;
|
||||
|
||||
if (msr->txcfg->debuglog_level >= 8) {
|
||||
msr_log(msr, 8, "Lua: Executing script: %s", rule->script->name);
|
||||
msr_log(msr, 8, "Lua: Executing script: %s", script->name);
|
||||
}
|
||||
|
||||
time_before = apr_time_now();
|
||||
@ -268,13 +268,15 @@ int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
|
||||
lua_setglobal(L, "__msr");
|
||||
|
||||
/* Associate rule with the state. */
|
||||
lua_pushlightuserdata(L, (void *)rule);
|
||||
lua_setglobal(L, "__rule");
|
||||
if (rule != NULL) {
|
||||
lua_pushlightuserdata(L, (void *)rule);
|
||||
lua_setglobal(L, "__rule");
|
||||
}
|
||||
|
||||
/* Register functions. */
|
||||
luaL_register(L, "m", mylib);
|
||||
|
||||
rc = lua_restore(L, rule->script);
|
||||
rc = lua_restore(L, script);
|
||||
if (rc) {
|
||||
*error_msg = apr_psprintf(msr->mp, "Lua: Failed to restore script with %i.", rc);
|
||||
return -1;
|
||||
@ -291,8 +293,11 @@ int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
// TODO Who will need to free msg?
|
||||
// Get the response from the script.
|
||||
*error_msg = (char *)lua_tostring(L, -1);
|
||||
if (*error_msg != NULL) {
|
||||
*error_msg = apr_pstrdup(msr->mp, *error_msg);
|
||||
}
|
||||
|
||||
/* Destroy state. */
|
||||
lua_pop(L, 1);
|
||||
|
||||
@ -36,7 +36,7 @@ struct msc_script_part {
|
||||
|
||||
char DSOLOCAL *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool);
|
||||
|
||||
int DSOLOCAL lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg);
|
||||
int DSOLOCAL lua_execute(msc_script *script, modsec_rec *msr, msre_rule *rule, char **error_msg);
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -1966,7 +1966,7 @@ static apr_status_t msre_rule_process_lua(msre_rule *rule, modsec_rec *msr) {
|
||||
acting_actionset = rule->chain_starter->actionset;
|
||||
}
|
||||
|
||||
rc = lua_execute(rule, msr, &my_error_msg);
|
||||
rc = lua_execute(rule->script, msr, rule, &my_error_msg);
|
||||
if (rc < 0) {
|
||||
msr_log(msr, 1, "%s", my_error_msg);
|
||||
return -1;
|
||||
|
||||
@ -1452,15 +1452,50 @@ static apr_status_t msre_action_setuid_execute(modsec_rec *msr, apr_pool_t *mptm
|
||||
}
|
||||
|
||||
/* exec */
|
||||
static char *msre_action_exec_validate(msre_engine *engine, msre_action *action) {
|
||||
char *filename = (char *)action->param;
|
||||
|
||||
/* TODO Support relative filenames. */
|
||||
|
||||
#ifdef WITH_LUA
|
||||
/* Process Lua scripts internally. */
|
||||
if (strlen(filename) > 4) {
|
||||
char *p = filename + strlen(filename) - 4;
|
||||
if ((p[0] == '.')&&(p[1] == 'l')&&(p[2] == 'u')&&(p[3] == 'a')) {
|
||||
/* It's a Lua script. */
|
||||
msc_script *script = NULL;
|
||||
|
||||
/* Compile script. */
|
||||
char *msg = lua_compile(&script, filename, engine->mp);
|
||||
if (msg != NULL) return msg;
|
||||
|
||||
action->param_data = script;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static apr_status_t msre_action_exec_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
msre_rule *rule, msre_action *action)
|
||||
{
|
||||
char *script_output = NULL;
|
||||
if (action->param_data != NULL) { /* Lua */
|
||||
msc_script *script = (msc_script *)action->param_data;
|
||||
char *my_error_msg = NULL;
|
||||
|
||||
int rc = apache2_exec(msr, action->param, NULL, &script_output);
|
||||
if (rc != 1) {
|
||||
msr_log(msr, 1, "Failed to execute: %s", action->param);
|
||||
return 0;
|
||||
if (lua_execute(script, msr, rule, &my_error_msg) < 0) {
|
||||
msr_log(msr, 1, "%s", my_error_msg);
|
||||
return 0;
|
||||
}
|
||||
} else { /* Execute as shell script. */
|
||||
char *script_output = NULL;
|
||||
|
||||
int rc = apache2_exec(msr, action->param, NULL, &script_output);
|
||||
if (rc != 1) {
|
||||
msr_log(msr, 1, "Failed to execute: %s", action->param);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
@ -1932,7 +1967,7 @@ void msre_engine_register_default_actions(msre_engine *engine) {
|
||||
1, 1,
|
||||
NO_PLUS_MINUS,
|
||||
ACTION_CARDINALITY_MANY,
|
||||
NULL,
|
||||
msre_action_exec_validate,
|
||||
NULL,
|
||||
msre_action_exec_execute
|
||||
);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user