mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Add new transformation call phpArgsNames
This commit is contained in:
parent
d72be1c470
commit
4e370dfe8b
2
CHANGES
2
CHANGES
@ -1,6 +1,8 @@
|
|||||||
v3.x.y - YYYY-MMM-DD (to be released)
|
v3.x.y - YYYY-MMM-DD (to be released)
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
|
|
||||||
|
- EXPERIMENTAL: Add new transformation call phpArgsNames
|
||||||
|
[Issue #2387 - @marshal09]
|
||||||
- Fix: Only delete Multipart tmp files after rules have run
|
- Fix: Only delete Multipart tmp files after rules have run
|
||||||
[Issue #2427 - @martinhsv]
|
[Issue #2427 - @martinhsv]
|
||||||
- Fixed MatchedVar on chained rules
|
- Fixed MatchedVar on chained rules
|
||||||
|
@ -318,6 +318,7 @@ TESTS+=test/test-cases/secrules-language-tests/transformations/htmlEntityDecode.
|
|||||||
TESTS+=test/test-cases/secrules-language-tests/transformations/jsDecode.json
|
TESTS+=test/test-cases/secrules-language-tests/transformations/jsDecode.json
|
||||||
TESTS+=test/test-cases/secrules-language-tests/transformations/length.json
|
TESTS+=test/test-cases/secrules-language-tests/transformations/length.json
|
||||||
TESTS+=test/test-cases/secrules-language-tests/transformations/lowercase.json
|
TESTS+=test/test-cases/secrules-language-tests/transformations/lowercase.json
|
||||||
|
TESTS+=test/test-cases/secrules-language-tests/transformations/phpArgsNames.json
|
||||||
TESTS+=test/test-cases/secrules-language-tests/transformations/md5.json
|
TESTS+=test/test-cases/secrules-language-tests/transformations/md5.json
|
||||||
TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePath.json
|
TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePath.json
|
||||||
TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePathWin.json
|
TESTS+=test/test-cases/secrules-language-tests/transformations/normalisePathWin.json
|
||||||
|
@ -166,6 +166,7 @@ ACTIONS = \
|
|||||||
actions/transformations/js_decode.cc \
|
actions/transformations/js_decode.cc \
|
||||||
actions/transformations/length.cc \
|
actions/transformations/length.cc \
|
||||||
actions/transformations/lower_case.cc \
|
actions/transformations/lower_case.cc \
|
||||||
|
actions/transformations/php_args_names.cc \
|
||||||
actions/transformations/md5.cc \
|
actions/transformations/md5.cc \
|
||||||
actions/transformations/none.cc \
|
actions/transformations/none.cc \
|
||||||
actions/transformations/normalise_path.cc \
|
actions/transformations/normalise_path.cc \
|
||||||
|
97
src/actions/transformations/php_args_names.cc
Normal file
97
src/actions/transformations/php_args_names.cc
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
/*
|
||||||
|
* ModSecurity, http://www.modsecurity.org/
|
||||||
|
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||||
|
*
|
||||||
|
* You may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* If any of the files related to licensing are missing or if you have any
|
||||||
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||||
|
* directly using the email address security@modsecurity.org.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "src/actions/transformations/php_args_names.h"
|
||||||
|
|
||||||
|
#include <algorithm>
|
||||||
|
#include <string>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "modsecurity/transaction.h"
|
||||||
|
#include "src/actions/transformations/transformation.h"
|
||||||
|
#include "modsecurity/actions/action.h"
|
||||||
|
|
||||||
|
namespace modsecurity {
|
||||||
|
namespace actions {
|
||||||
|
namespace transformations {
|
||||||
|
|
||||||
|
|
||||||
|
PhpArgsNames::PhpArgsNames(const std::string &a)
|
||||||
|
: Transformation(a) {
|
||||||
|
}
|
||||||
|
|
||||||
|
std::string PhpArgsNames::evaluate(const std::string &val,
|
||||||
|
Transaction *transaction) {
|
||||||
|
//Took the logic from php src code:
|
||||||
|
//https://github.com/php/php-src/blob/master/main/php_variables.c
|
||||||
|
//Function call PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
|
||||||
|
std::string value(val);
|
||||||
|
std::string ret = "";
|
||||||
|
if(value[0] == '[' || value[0] == '=') {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
std::string::size_type i = 0;
|
||||||
|
while(value[i] == ' ') {
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
std::string::size_type val_size = value.length();
|
||||||
|
bool is_array = false;
|
||||||
|
bool is_open_sq_bracket = false;
|
||||||
|
for (; i < val_size; ++i) {
|
||||||
|
if(value[i] == '[' && !is_open_sq_bracket) {
|
||||||
|
if(strchr(&value[i], ']') != NULL) {
|
||||||
|
is_array = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret += '_';
|
||||||
|
is_open_sq_bracket = true;
|
||||||
|
}
|
||||||
|
else if( !is_open_sq_bracket && (value[i] == ' ' || value[i] == '.') ) {
|
||||||
|
ret += '_';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ret += value[i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(is_array) {
|
||||||
|
char* start = &value[0];
|
||||||
|
while(true) {
|
||||||
|
char *tmp = &value[i];
|
||||||
|
char *close_bra = strchr(tmp, ']');
|
||||||
|
if(close_bra == NULL) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
int array_size = (int)(close_bra - start) + 1;
|
||||||
|
if(array_size - i == 3 && value[i+1] == ' ') {
|
||||||
|
ret += '[';
|
||||||
|
i+=2;
|
||||||
|
}
|
||||||
|
for(;i < array_size; ++i) {
|
||||||
|
ret += value[i];
|
||||||
|
}
|
||||||
|
if(i >= val_size || value[i] != '[') {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
} // namespace transformations
|
||||||
|
} // namespace actions
|
||||||
|
} // namespace modsecurity
|
46
src/actions/transformations/php_args_names.h
Normal file
46
src/actions/transformations/php_args_names.h
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
/*
|
||||||
|
* ModSecurity, http://www.modsecurity.org/
|
||||||
|
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||||
|
*
|
||||||
|
* You may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* If any of the files related to licensing are missing or if you have any
|
||||||
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||||
|
* directly using the email address security@modsecurity.org.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <string>
|
||||||
|
#include <unordered_map>
|
||||||
|
|
||||||
|
#include "modsecurity/actions/action.h"
|
||||||
|
#include "src/actions/transformations/transformation.h"
|
||||||
|
|
||||||
|
#ifndef SRC_ACTIONS_TRANSFORMATIONS_PHP_ARGS_NAMES_H_
|
||||||
|
#define SRC_ACTIONS_TRANSFORMATIONS_PHP_ARGS_NAMES_H_
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
|
||||||
|
namespace modsecurity {
|
||||||
|
class Transaction;
|
||||||
|
namespace actions {
|
||||||
|
namespace transformations {
|
||||||
|
|
||||||
|
|
||||||
|
class PhpArgsNames : public Transformation {
|
||||||
|
public:
|
||||||
|
explicit PhpArgsNames(const std::string &action);
|
||||||
|
std::string evaluate(const std::string &exp,
|
||||||
|
Transaction *transaction) override;
|
||||||
|
};
|
||||||
|
|
||||||
|
} // namespace transformations
|
||||||
|
} // namespace actions
|
||||||
|
} // namespace modsecurity
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif // SRC_ACTIONS_TRANSFORMATIONS_PHP_ARGS_NAMES_H_
|
@ -35,6 +35,7 @@
|
|||||||
#include "src/actions/transformations/js_decode.h"
|
#include "src/actions/transformations/js_decode.h"
|
||||||
#include "src/actions/transformations/length.h"
|
#include "src/actions/transformations/length.h"
|
||||||
#include "src/actions/transformations/lower_case.h"
|
#include "src/actions/transformations/lower_case.h"
|
||||||
|
#include "src/actions/transformations/php_args_names.h"
|
||||||
#include "src/actions/transformations/md5.h"
|
#include "src/actions/transformations/md5.h"
|
||||||
#include "src/actions/transformations/none.h"
|
#include "src/actions/transformations/none.h"
|
||||||
#include "src/actions/transformations/normalise_path.h"
|
#include "src/actions/transformations/normalise_path.h"
|
||||||
@ -88,6 +89,7 @@ Transformation* Transformation::instantiate(std::string a) {
|
|||||||
IF_MATCH(jsDecode) { return new JsDecode(a); }
|
IF_MATCH(jsDecode) { return new JsDecode(a); }
|
||||||
IF_MATCH(length) { return new Length(a); }
|
IF_MATCH(length) { return new Length(a); }
|
||||||
IF_MATCH(lowercase) { return new LowerCase(a); }
|
IF_MATCH(lowercase) { return new LowerCase(a); }
|
||||||
|
IF_MATCH(phpArgsNames) { return new PhpArgsNames(a); }
|
||||||
IF_MATCH(md5) { return new Md5(a); }
|
IF_MATCH(md5) { return new Md5(a); }
|
||||||
IF_MATCH(none) { return new None(a); }
|
IF_MATCH(none) { return new None(a); }
|
||||||
IF_MATCH(normalizePathWin) { return new NormalisePathWin(a); }
|
IF_MATCH(normalizePathWin) { return new NormalisePathWin(a); }
|
||||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
@ -77,6 +77,7 @@ class Driver;
|
|||||||
#include "src/actions/transformations/none.h"
|
#include "src/actions/transformations/none.h"
|
||||||
#include "src/actions/transformations/url_decode.h"
|
#include "src/actions/transformations/url_decode.h"
|
||||||
#include "src/actions/transformations/lower_case.h"
|
#include "src/actions/transformations/lower_case.h"
|
||||||
|
#include "src/actions/transformations/php_args_names.h"
|
||||||
#include "src/actions/transformations/upper_case.h"
|
#include "src/actions/transformations/upper_case.h"
|
||||||
#include "src/actions/transformations/hex_decode.h"
|
#include "src/actions/transformations/hex_decode.h"
|
||||||
#include "src/actions/transformations/url_encode.h"
|
#include "src/actions/transformations/url_encode.h"
|
||||||
@ -546,6 +547,7 @@ using namespace modsecurity::operators;
|
|||||||
ACTION_TRANSFORMATION_JS_DECODE "ACTION_TRANSFORMATION_JS_DECODE"
|
ACTION_TRANSFORMATION_JS_DECODE "ACTION_TRANSFORMATION_JS_DECODE"
|
||||||
ACTION_TRANSFORMATION_LENGTH "ACTION_TRANSFORMATION_LENGTH"
|
ACTION_TRANSFORMATION_LENGTH "ACTION_TRANSFORMATION_LENGTH"
|
||||||
ACTION_TRANSFORMATION_LOWERCASE "ACTION_TRANSFORMATION_LOWERCASE"
|
ACTION_TRANSFORMATION_LOWERCASE "ACTION_TRANSFORMATION_LOWERCASE"
|
||||||
|
ACTION_TRANSFORMATION_PHP_ARGS_NAMES "ACTION_TRANSFORMATION_PHP_ARGS_NAMES"
|
||||||
ACTION_TRANSFORMATION_MD5 "ACTION_TRANSFORMATION_MD5"
|
ACTION_TRANSFORMATION_MD5 "ACTION_TRANSFORMATION_MD5"
|
||||||
ACTION_TRANSFORMATION_NONE "ACTION_TRANSFORMATION_NONE"
|
ACTION_TRANSFORMATION_NONE "ACTION_TRANSFORMATION_NONE"
|
||||||
ACTION_TRANSFORMATION_NORMALISE_PATH "ACTION_TRANSFORMATION_NORMALISE_PATH"
|
ACTION_TRANSFORMATION_NORMALISE_PATH "ACTION_TRANSFORMATION_NORMALISE_PATH"
|
||||||
@ -2903,6 +2905,10 @@ act:
|
|||||||
{
|
{
|
||||||
ACTION_CONTAINER($$, new actions::transformations::LowerCase($1));
|
ACTION_CONTAINER($$, new actions::transformations::LowerCase($1));
|
||||||
}
|
}
|
||||||
|
| ACTION_TRANSFORMATION_PHP_ARGS_NAMES
|
||||||
|
{
|
||||||
|
ACTION_CONTAINER($$, new actions::transformations::PhpArgsNames($1));
|
||||||
|
}
|
||||||
| ACTION_TRANSFORMATION_UPPERCASE
|
| ACTION_TRANSFORMATION_UPPERCASE
|
||||||
{
|
{
|
||||||
ACTION_CONTAINER($$, new actions::transformations::UpperCase($1));
|
ACTION_CONTAINER($$, new actions::transformations::UpperCase($1));
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -148,6 +148,7 @@ ACTION_TRANSFORMATION_HTML_ENTITY_DECODE (?i:t:htmlEntityDecode)
|
|||||||
ACTION_TRANSFORMATION_JS_DECODE (?i:t:jsDecode)
|
ACTION_TRANSFORMATION_JS_DECODE (?i:t:jsDecode)
|
||||||
ACTION_TRANSFORMATION_LENGTH (?i:t:length)
|
ACTION_TRANSFORMATION_LENGTH (?i:t:length)
|
||||||
ACTION_TRANSFORMATION_LOWERCASE (?i:t:lowercase)
|
ACTION_TRANSFORMATION_LOWERCASE (?i:t:lowercase)
|
||||||
|
ACTION_TRANSFORMATION_PHP_ARGS_NAMES (?i:t:phpArgsNames)
|
||||||
ACTION_TRANSFORMATION_MD5 (?i:t:md5)
|
ACTION_TRANSFORMATION_MD5 (?i:t:md5)
|
||||||
ACTION_TRANSFORMATION_NONE (?i:t:none)
|
ACTION_TRANSFORMATION_NONE (?i:t:none)
|
||||||
ACTION_TRANSFORMATION_NORMALISE_PATH (?i:t:(normalisePath|normalizePath))
|
ACTION_TRANSFORMATION_NORMALISE_PATH (?i:t:(normalisePath|normalizePath))
|
||||||
@ -585,6 +586,7 @@ EQUALS_MINUS (?i:=\-)
|
|||||||
{ACTION_TRANSFORMATION_HEX_ENCODE} { return p::make_ACTION_TRANSFORMATION_HEX_ENCODE(yytext, *driver.loc.back()); }
|
{ACTION_TRANSFORMATION_HEX_ENCODE} { return p::make_ACTION_TRANSFORMATION_HEX_ENCODE(yytext, *driver.loc.back()); }
|
||||||
{ACTION_TRANSFORMATION_HEX_DECODE} { return p::make_ACTION_TRANSFORMATION_HEX_DECODE(yytext, *driver.loc.back()); }
|
{ACTION_TRANSFORMATION_HEX_DECODE} { return p::make_ACTION_TRANSFORMATION_HEX_DECODE(yytext, *driver.loc.back()); }
|
||||||
{ACTION_TRANSFORMATION_LOWERCASE} { return p::make_ACTION_TRANSFORMATION_LOWERCASE(yytext, *driver.loc.back()); }
|
{ACTION_TRANSFORMATION_LOWERCASE} { return p::make_ACTION_TRANSFORMATION_LOWERCASE(yytext, *driver.loc.back()); }
|
||||||
|
{ACTION_TRANSFORMATION_PHP_ARGS_NAMES} { return p::make_ACTION_TRANSFORMATION_PHP_ARGS_NAMES(yytext, *driver.loc.back()); }
|
||||||
{ACTION_TRANSFORMATION_UPPERCASE} { return p::make_ACTION_TRANSFORMATION_UPPERCASE(yytext, *driver.loc.back()); }
|
{ACTION_TRANSFORMATION_UPPERCASE} { return p::make_ACTION_TRANSFORMATION_UPPERCASE(yytext, *driver.loc.back()); }
|
||||||
{ACTION_TRANSFORMATION_URL_ENCODE} { return p::make_ACTION_TRANSFORMATION_URL_ENCODE(yytext, *driver.loc.back()); }
|
{ACTION_TRANSFORMATION_URL_ENCODE} { return p::make_ACTION_TRANSFORMATION_URL_ENCODE(yytext, *driver.loc.back()); }
|
||||||
{ACTION_TRANSFORMATION_URL_DECODE_UNI} { return p::make_ACTION_TRANSFORMATION_URL_DECODE_UNI(yytext, *driver.loc.back()); }
|
{ACTION_TRANSFORMATION_URL_DECODE_UNI} { return p::make_ACTION_TRANSFORMATION_URL_DECODE_UNI(yytext, *driver.loc.back()); }
|
||||||
|
@ -114,5 +114,64 @@
|
|||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowercase\""
|
"SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowercase\""
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled": 1,
|
||||||
|
"version_min": 300000,
|
||||||
|
"version_max": 0,
|
||||||
|
"title": "Testing transformations :: block,t:none,t:phpArgsNames",
|
||||||
|
"client": {
|
||||||
|
"ip": "200.249.12.31",
|
||||||
|
"port": 2313
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "200.249.12.31",
|
||||||
|
"port": 80
|
||||||
|
},
|
||||||
|
"request": {
|
||||||
|
"headers": {
|
||||||
|
"Host": "net.tutsplus.com",
|
||||||
|
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
|
||||||
|
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
|
||||||
|
"Accept-Language": "en-us,en;q=0.5",
|
||||||
|
"Accept-Encoding": "gzip,deflate",
|
||||||
|
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
|
||||||
|
"Keep-Alive": "300",
|
||||||
|
"Connection": "keep-alive",
|
||||||
|
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
|
||||||
|
"Pragma": "no-cache",
|
||||||
|
"Cache-Control": "no-cache"
|
||||||
|
},
|
||||||
|
"uri": "\/test.pl?param1=fdsfsd&s%252bc%20r.%2b+ipt._[a[_xss]]iaaa=1",
|
||||||
|
"method": "GET",
|
||||||
|
"http_version": 1.1,
|
||||||
|
"body": ""
|
||||||
|
},
|
||||||
|
"response": {
|
||||||
|
"headers": {
|
||||||
|
"Content-Type": "text\/xml; charset=utf-8\n\r",
|
||||||
|
"Content-Length": "length\n\r"
|
||||||
|
},
|
||||||
|
"body": [
|
||||||
|
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r",
|
||||||
|
"<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r",
|
||||||
|
" <soap:Body>\n\r",
|
||||||
|
" <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r",
|
||||||
|
" <EnlightenResult>string<\/EnlightenResult>\n\r",
|
||||||
|
" <\/EnlightenResponse>\n\r",
|
||||||
|
" <\/soap:Body>\n\r",
|
||||||
|
"<\/soap:Envelope>\n\r"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"expected": {
|
||||||
|
"audit_log": "",
|
||||||
|
"debug_log": "phpArgsNames: \"s%2bc_r_[+]_ipt__[a[_xss]",
|
||||||
|
"error_log": "",
|
||||||
|
"http_code": 403
|
||||||
|
},
|
||||||
|
"rules": [
|
||||||
|
"SecRuleEngine On",
|
||||||
|
"SecRule ARGS_NAMES \"@streq s%2bc_r_+_ipt__[a[_xss]\" \"id:1,phase:2,deny,status:403,t:none,t:phpArgsNames\""
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit d03f4c1e930440df46c1faa37d820a919704d9da
|
Subproject commit a3d4405e5a2c90488c387e589c5534974575e35b
|
Loading…
x
Reference in New Issue
Block a user