Adds variable TX and action "capture".

2025-09-30 11:44:32 +03:00 · 2015-08-05 10:07:47 -03:00
parent be4a0cb41c
commit 4f47651a6f
34 changed files with 338 additions and 30 deletions
--- a/src/actions/action.cc
+++ b/src/actions/action.cc
@@ -19,6 +19,8 @@
 #include <string>

 #include "modsecurity/assay.h"
+#include "src/rule.h"
+
 #include "actions/block.h"
 #include "actions/chain.h"
 #include "actions/redirect.h"
@@ -26,6 +28,7 @@
 #include "actions/rule_id.h"
 #include "actions/phase.h"
 #include "actions/severity.h"
+#include "actions/capture.h"



@@ -42,12 +45,7 @@ std::string Action::evaluate(std::string value,
 }


-bool Action::evaluate(Assay *assay) {
-    return true;
-}
-
-
-bool Action::evaluate(Rule *rule) {
+bool Action::evaluate(Rule *rule, Assay *assay) {
    return true;
 }

@@ -84,6 +82,9 @@ Action *Action::instantiate(const std::string& name) {
    if (name == "chain") {
        return new Chain(name);
    }
+    if (name == "capture") {
+        return new Capture(name);
+    }
    return new Action(name);
 }

--- a/src/actions/action.h
+++ b/src/actions/action.h
@@ -80,8 +80,7 @@ class Action {

    virtual std::string evaluate(std::string exp,
        Assay *assay);
-    virtual bool evaluate(Assay *assay);
-    virtual bool evaluate(Rule *rule);
+    virtual bool evaluate(Rule *rule, Assay *assay);

    static Action *instantiate(const std::string& name);

--- a/src/actions/audit_log.cc
+++ b/src/actions/audit_log.cc
@@ -23,7 +23,7 @@
 namespace ModSecurity {
 namespace actions {

-bool AuditLog::evaluate(Assay *assay) {
+bool AuditLog::evaluate(Rule *rule, Assay *assay) {
    assay->save_in_auditlog = true;
    return true;
 }
--- a/src/actions/audit_log.h
+++ b/src/actions/audit_log.h
@@ -34,7 +34,7 @@ class AuditLog : public Action {
    explicit AuditLog(std::string action)
        : Action(action, RunTimeOnlyIfMatchKind) { }

-    bool evaluate(Assay *assay) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
 };

 }  // namespace actions
--- a/src/actions/block.cc
+++ b/src/actions/block.cc
@@ -30,7 +30,7 @@ Block::Block(std::string action)
 }


-bool Block::evaluate(Assay *assay) {
+bool Block::evaluate(Rule *rule, Assay *assay) {
    assay->actions.push_back(this);
    return true;
 }
--- a/src/actions/block.h
+++ b/src/actions/block.h
@@ -33,7 +33,7 @@ class Block : public Action {
 public:
    explicit Block(std::string action);

-    bool evaluate(Assay *assay) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
    void fill_intervention(ModSecurityIntervention *i) override;
 };

--- a/src/actions/capture.cc
+++ b/src/actions/capture.cc
@@ -0,0 +1,67 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/capture.h"
+
+#include <iostream>
+#include <string>
+#include <list>
+
+#include "modsecurity/assay.h"
+
+#include "src/rule.h"
+#include "operators/operator.h"
+#include "operators/pm.h"
+#include "operators/rx.h"
+
+namespace ModSecurity {
+namespace actions {
+
+bool Capture::evaluate(Rule *rule, Assay *assay) {
+    operators::Operator *op = rule->op;
+    std::list<std::string> match;
+
+    operators::Pm *pm = dynamic_cast<operators::Pm *>(op);
+    operators::Rx *rx = dynamic_cast<operators::Rx *>(op);
+
+    if (pm != NULL) {
+        match = pm->matched;
+    }
+
+    if (rx != NULL) {
+        match = rx->matched;
+    }
+
+    if (match.empty()) {
+        return false;
+    }
+
+    int i = 0;
+    while (match.empty() == false) {
+        std::string varName = "TX:" + std::to_string(i);
+        std::string *a = assay->resolve_variable_first(varName);
+        if (a == NULL) {
+            assay->store_variable(varName, match.back());
+        } else {
+            assay->update_variable_first(varName, match.back());
+        }
+        match.pop_back();
+    }
+
+    return true;
+}
+
+}  // namespace actions
+}  // namespace ModSecurity
--- a/src/actions/capture.h
+++ b/src/actions/capture.h
@@ -0,0 +1,41 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_CAPTURE_H_
+#define SRC_ACTIONS_CAPTURE_H_
+
+
+namespace ModSecurity {
+class Rule;
+namespace actions {
+
+
+class Capture : public Action {
+ public:
+    explicit Capture(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind) { }
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+};
+
+
+}  // namespace actions
+}  // namespace ModSecurity
+
+#endif  // SRC_ACTIONS_CAPTURE_H_
--- a/src/actions/chain.cc
+++ b/src/actions/chain.cc
@@ -26,7 +26,7 @@ namespace actions {



-bool Chain::evaluate(Rule *rule) {
+bool Chain::evaluate(Rule *rule, Assay *assay) {
    rule->chained = true;
    return true;
 }
--- a/src/actions/chain.h
+++ b/src/actions/chain.h
@@ -35,7 +35,7 @@ class Chain : public Action {
    explicit Chain(std::string action)
        : Action(action, ConfigurationKind) { }

-    bool evaluate(Rule *rule) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
 };

 }  // namespace actions
--- a/src/actions/no_audit_log.cc
+++ b/src/actions/no_audit_log.cc
@@ -23,7 +23,7 @@
 namespace ModSecurity {
 namespace actions {

-bool NoAuditLog::evaluate(Assay *assay) {
+bool NoAuditLog::evaluate(Rule *rule, Assay *assay) {
    assay->do_not_save_in_auditlog = true;
    return true;
 }
--- a/src/actions/no_audit_log.h
+++ b/src/actions/no_audit_log.h
@@ -34,7 +34,7 @@ class NoAuditLog : public Action {
    explicit NoAuditLog(std::string action)
        : Action(action, RunTimeOnlyIfMatchKind) { }

-    bool evaluate(Assay *assay) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
 };

 }  // namespace actions
--- a/src/actions/phase.cc
+++ b/src/actions/phase.cc
@@ -41,7 +41,7 @@ Phase::Phase(std::string action)
    }
 }

-bool Phase::evaluate(Rule *rule) {
+bool Phase::evaluate(Rule *rule, Assay *assay) {
    rule->phase = this->phase;
    return true;
 }
--- a/src/actions/phase.h
+++ b/src/actions/phase.h
@@ -34,7 +34,7 @@ class Phase : public Action {
 public:
    explicit Phase(std::string action);

-    bool evaluate(Rule *rule) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
    int phase;
 };

--- a/src/actions/redirect.cc
+++ b/src/actions/redirect.cc
@@ -34,7 +34,7 @@ Redirect::Redirect(const std::string& action)
 }


-bool Redirect::evaluate(Assay *assay) {
+bool Redirect::evaluate(Rule *rule, Assay *assay) {
    assay->actions.push_back(this);
    return true;
 }
--- a/src/actions/redirect.h
+++ b/src/actions/redirect.h
@@ -33,7 +33,7 @@ class Redirect : public Action {
    explicit Redirect(const std::string &action);
    ~Redirect() override;

-    bool evaluate(Assay *assay) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
    int status;
    std::string url;
    void fill_intervention(ModSecurityIntervention *i) override;
--- a/src/actions/rule_id.cc
+++ b/src/actions/rule_id.cc
@@ -37,7 +37,7 @@ RuleId::RuleId(std::string action)
    }


-bool RuleId::evaluate(Rule *rule) {
+bool RuleId::evaluate(Rule *rule, Assay *assay) {
    rule->rule_id = this->rule_id;
    return true;
 }
--- a/src/actions/rule_id.h
+++ b/src/actions/rule_id.h
@@ -34,7 +34,7 @@ class RuleId : public Action {
 public:
    explicit RuleId(std::string action);

-    bool evaluate(Rule *rule) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
    double rule_id;
 };

--- a/src/actions/severity.cc
+++ b/src/actions/severity.cc
@@ -51,7 +51,7 @@ Severity::Severity(std::string action)
 }


-bool Severity::evaluate(Assay *assay) {
+bool Severity::evaluate(Rule *rule, Assay *assay) {
    assay->debug(9, "This rule severity is: " + \
        std::to_string(this->m_severity) + " current assay is: " + \
        std::to_string(assay->highest_severity));
--- a/src/actions/severity.h
+++ b/src/actions/severity.h
@@ -33,7 +33,7 @@ class Severity : public Action {
 public:
    explicit Severity(std::string action);

-    bool evaluate(Assay *assay) override;
+    bool evaluate(Rule *rule, Assay *assay) override;

 private:
    int m_severity;
--- a/src/actions/status.cc
+++ b/src/actions/status.cc
@@ -33,7 +33,7 @@ Status::Status(std::string action)
 }


-bool Status::evaluate(Assay *assay) {
+bool Status::evaluate(Rule *rule, Assay *assay) {
    assay->actions.push_back(this);
    return true;
 }
--- a/src/actions/status.h
+++ b/src/actions/status.h
@@ -31,7 +31,7 @@ class Status : public Action {
 public:
    explicit Status(std::string actions);

-    bool evaluate(Assay *assay) override;
+    bool evaluate(Rule *rule, Assay *assay) override;
    void fill_intervention(ModSecurityIntervention *i) override;
    int status;
 };