github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for Lua to the exec action.

Browse Source
This commit is contained in:
ivanr 2007-12-20 12:06:30 +00:00
parent a45c4bb551
commit 4cecdf4c5b
4 changed files with 55 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apache2/msc_lua.c
View File

@ -79,7 +79,7 @@ char *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool) {
/* Find script. */ /* Find script. */
if (luaL_loadfile(L, filename)) { if (luaL_loadfile(L, filename)) {
return apr_psprintf(pool, "ModSecurity: Failed to open script %s: %s", return apr_psprintf(pool, "ModSecurity: Failed to compile script %s: %s",
filename, lua_tostring(L, -1)); filename, lua_tostring(L, -1));
} }
@ -244,7 +244,7 @@ static const struct luaL_Reg mylib[] = {
/** /**
* *
*/ */
int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) { int lua_execute(msc_script *script, modsec_rec *msr, msre_rule *rule, char **error_msg) {
apr_time_t time_before; apr_time_t time_before;
lua_State *L = NULL; lua_State *L = NULL;
int rc; int rc;
@ -253,7 +253,7 @@ int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
*error_msg = NULL; *error_msg = NULL;
if (msr->txcfg->debuglog_level >= 8) { if (msr->txcfg->debuglog_level >= 8) {
msr_log(msr, 8, "Lua: Executing script: %s", rule->script->name); msr_log(msr, 8, "Lua: Executing script: %s", script->name);
} }
time_before = apr_time_now(); time_before = apr_time_now();
@ -268,13 +268,15 @@ int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
lua_setglobal(L, "__msr"); lua_setglobal(L, "__msr");
/* Associate rule with the state. */ /* Associate rule with the state. */
lua_pushlightuserdata(L, (void *)rule); if (rule != NULL) {
lua_setglobal(L, "__rule"); lua_pushlightuserdata(L, (void *)rule);
lua_setglobal(L, "__rule");
}
/* Register functions. */ /* Register functions. */
luaL_register(L, "m", mylib); luaL_register(L, "m", mylib);
rc = lua_restore(L, rule->script); rc = lua_restore(L, script);
if (rc) { if (rc) {
*error_msg = apr_psprintf(msr->mp, "Lua: Failed to restore script with %i.", rc); *error_msg = apr_psprintf(msr->mp, "Lua: Failed to restore script with %i.", rc);
return -1; return -1;
@ -291,8 +293,11 @@ int lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg) {
return -1; return -1;
} }
// TODO Who will need to free msg? // Get the response from the script.
*error_msg = (char *)lua_tostring(L, -1); *error_msg = (char *)lua_tostring(L, -1);
if (*error_msg != NULL) {
*error_msg = apr_pstrdup(msr->mp, *error_msg);
}
/* Destroy state. */ /* Destroy state. */
lua_pop(L, 1); lua_pop(L, 1);

2
apache2/msc_lua.h
View File

@ -36,7 +36,7 @@ struct msc_script_part {
char DSOLOCAL *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool); char DSOLOCAL *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool);
int DSOLOCAL lua_execute(msre_rule *rule, modsec_rec *msr, char **error_msg); int DSOLOCAL lua_execute(msc_script *script, modsec_rec *msr, msre_rule *rule, char **error_msg);
#endif #endif
#endif #endif

2
apache2/re.c
View File

@ -1966,7 +1966,7 @@ static apr_status_t msre_rule_process_lua(msre_rule *rule, modsec_rec *msr) {
acting_actionset = rule->chain_starter->actionset; acting_actionset = rule->chain_starter->actionset;
} }
rc = lua_execute(rule, msr, &my_error_msg); rc = lua_execute(rule->script, msr, rule, &my_error_msg);
if (rc < 0) { if (rc < 0) {
msr_log(msr, 1, "%s", my_error_msg); msr_log(msr, 1, "%s", my_error_msg);
return -1; return -1;

47
apache2/re_actions.c
View File

@ -1452,15 +1452,50 @@ static apr_status_t msre_action_setuid_execute(modsec_rec *msr, apr_pool_t *mptm
} }
/* exec */ /* exec */
static char *msre_action_exec_validate(msre_engine *engine, msre_action *action) {
char *filename = (char *)action->param;
/* TODO Support relative filenames. */
#ifdef WITH_LUA
/* Process Lua scripts internally. */
if (strlen(filename) > 4) {
char *p = filename + strlen(filename) - 4;
if ((p[0] == '.')&&(p[1] == 'l')&&(p[2] == 'u')&&(p[3] == 'a')) {
/* It's a Lua script. */
msc_script *script = NULL;
/* Compile script. */
char *msg = lua_compile(&script, filename, engine->mp);
if (msg != NULL) return msg;
action->param_data = script;
}
}
#endif
return NULL;
}
static apr_status_t msre_action_exec_execute(modsec_rec *msr, apr_pool_t *mptmp, static apr_status_t msre_action_exec_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action) msre_rule *rule, msre_action *action)
{ {
char *script_output = NULL; if (action->param_data != NULL) { /* Lua */
msc_script *script = (msc_script *)action->param_data;
char *my_error_msg = NULL;
int rc = apache2_exec(msr, action->param, NULL, &script_output); if (lua_execute(script, msr, rule, &my_error_msg) < 0) {
if (rc != 1) { msr_log(msr, 1, "%s", my_error_msg);
msr_log(msr, 1, "Failed to execute: %s", action->param); return 0;
return 0; }
} else { /* Execute as shell script. */
char *script_output = NULL;
int rc = apache2_exec(msr, action->param, NULL, &script_output);
if (rc != 1) {
msr_log(msr, 1, "Failed to execute: %s", action->param);
return 0;
}
} }
return 1; return 1;
@ -1932,7 +1967,7 @@ void msre_engine_register_default_actions(msre_engine *engine) {
1, 1, 1, 1,
NO_PLUS_MINUS, NO_PLUS_MINUS,
ACTION_CARDINALITY_MANY, ACTION_CARDINALITY_MANY,
NULL, msre_action_exec_validate,
NULL, NULL,
msre_action_exec_execute msre_action_exec_execute
); );