Adds initial support to SecHttpBlKey

2025-08-14 05:45:59 +03:00 · 2017-07-29 00:12:14 -03:00 · 2017-07-29 00:12:14 -03:00 · 53ff0e1a57
commit 53ff0e1a57
parent 515e073503
7 changed files with 5703 additions and 5639 deletions
--- a/headers/modsecurity/rules_properties.h
+++ b/headers/modsecurity/rules_properties.h
@ -321,6 +321,7 @@ class RulesProperties {

        if (from->m_httpblKey.m_set == true) {
            to->m_httpblKey.m_value = from->m_httpblKey.m_value;
+            to->m_httpblKey.m_set = from->m_httpblKey.m_set;
        }

        to->m_exceptions.merge(from->m_exceptions);
--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@ -33,7 +33,10 @@ namespace operators {
 std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) {
    std::string addr;
    int h0, h1, h2, h3;
-    std::string key = trans->m_rules->m_httpblKey.m_value;
+    std::string key;
+    if (trans->m_rules->m_httpblKey.m_set == true) {
+        key = trans->m_rules->m_httpblKey.m_value;
+    }

    if (sscanf(ipStr.c_str(), "%d.%d.%d.%d", &h0, &h1, &h2, &h3) != 4) {
        debug(trans, 0, std::string("Failed to understand `" + ipStr +
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -558,6 +558,7 @@ using modsecurity::operators::Operator;
  CONFIG_DIR_SEC_MARKER                        "CONFIG_DIR_SEC_MARKER"
  CONFIG_DIR_UNICODE_MAP_FILE                  "CONFIG_DIR_UNICODE_MAP_FILE"
  CONFIG_SEC_COLLECTION_TIMEOUT                "CONFIG_SEC_COLLECTION_TIMEOUT"
+  CONFIG_SEC_HTTP_BLKEY                        "CONFIG_SEC_HTTP_BLKEY"
  CONFIG_SEC_REMOTE_RULES_FAIL_ACTION          "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
  CONFIG_SEC_RULE_REMOVE_BY_ID                 "CONFIG_SEC_RULE_REMOVE_BY_ID"
  CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG         "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG"
@ -1350,6 +1351,11 @@ expression:
    | CONFIG_SEC_COLLECTION_TIMEOUT
      {
      }
+    | CONFIG_SEC_HTTP_BLKEY
+      {
+        driver.m_httpblKey.m_set = true;
+        driver.m_httpblKey.m_value = $1;
+      }
    ;

 variables:
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -285,6 +285,7 @@ CONFIG_DIR_SEC_MARKER                   (?i:SecMarker)
 CONFIG_DIR_UNICODE_MAP_FILE             (?i:SecUnicodeMapFile)
 CONFIG_INCLUDE                          (?i:Include)
 CONFIG_SEC_COLLECTION_TIMEOUT           (?i:SecCollectionTimeout)
+CONFIG_SEC_HTTP_BLKEY                   (?i:SecHttpBlKey)
 CONFIG_SEC_REMOTE_RULES                 (?i:SecRemoteRules)
 CONFIG_SEC_REMOTE_RULES_FAIL_ACTION     (?i:SecRemoteRulesFailAction)
 CONFIG_SEC_REMOVE_RULES_BY_ID           (?i:SecRuleRemoveById)
@ -625,6 +626,7 @@ EQUALS_MINUS                            (?i:=\-)

 {CONFIG_SEC_REMOTE_RULES_FAIL_ACTION}                                   { return p::make_CONFIG_SEC_REMOTE_RULES_FAIL_ACTION(yytext, *driver.loc.back()); }
 {CONFIG_SEC_COLLECTION_TIMEOUT}[ ]{CONFIG_VALUE_NUMBER}                 { return p::make_CONFIG_SEC_COLLECTION_TIMEOUT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
+{CONFIG_SEC_HTTP_BLKEY}[ ]{FREE_TEXT_NEW_LINE}                          { return p::make_CONFIG_SEC_HTTP_BLKEY(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 [ \t]*[\n]                                                              { driver.loc.back()->lines(1); driver.loc.back()->step(); }
 #[ \t]*SecRule[^\\].*\\[ \t]*[\r\n]*                                    { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(COMMENT); }
 #[ \t]*SecAction[^\\].*\\[ \t]*[^\\n]                                   { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(COMMENT);  }