github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

move 2.5.13 into trunk

Browse Source
This commit is contained in:
brenosilva
2010-12-08 18:58:18 +00:00
parent df61af4627
commit 549f059480
50 changed files with 550 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
apache2/re_actions.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2008 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "re.h"
@@ -1212,35 +1212,19 @@ static apr_status_t msre_action_setenv_execute(modsec_rec *msr, apr_pool_t *mptm
}
/* setvar */
static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, char *var_name, char *var_value)
{
char *data = apr_pstrdup(mptmp, action->param);
char *col_name = NULL, *var_name = NULL, *var_value = NULL;
char *col_name = NULL;
char *s = NULL;
apr_table_t *target_col = NULL;
int is_negated = 0;
msc_string *var = NULL;
/* Extract the name and the value. */
/* IMP1 We have a function for this now, parse_name_eq_value? */
s = strstr(data, "=");
if (s == NULL) {
var_name = data;
var_value = "1";
} else {
var_name = data;
var_value = s + 1;
*s = '\0';
while ((*var_value != '\0')&&(isspace(*var_value))) var_value++;
}
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Setting variable: %s=%s", var_name, var_value);
}
/* Expand and escape any macros in the name */
var = apr_palloc(msr->mp, sizeof(msc_string));
if (var == NULL) {
@@ -1269,10 +1253,10 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm
msr_log(msr, 3, "Asked to set variable \"%s\", but no collection name specified. ",
log_escape(msr->mp, var_name));
}
return 0;
}
col_name = var_name;
var_name = s + 1;
*s = '\0';
@@ -1287,7 +1271,7 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm
msr_log(msr, 3, "Could not set variable \"%s.%s\" as the collection does not exist.",
log_escape(msr->mp, col_name), log_escape(msr->mp, var_name));
}
return 0;
}
}
@@ -1386,6 +1370,42 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm
return 1;
}
/*
* \brief Parse fuction for setvar input
*
* \param msr Pointer to the engine
* \param mptmp Pointer to the pool
* \param rule Pointer to rule struct
* \param action input data
*
* \retval -1 On failure
* \retval 0 On Collection failure
* \retval 1 On Success
*/
static apr_status_t msre_action_setvar_parse(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
{
char *data = apr_pstrdup(mptmp, action->param);
char *var_name = NULL, *var_value = NULL;
char *s = NULL;
/* Extract the name and the value. */
/* IMP1 We have a function for this now, parse_name_eq_value? */
s = strstr(data, "=");
if (s == NULL) {
var_name = data;
var_value = "1";
} else {
var_name = data;
var_value = s + 1;
*s = '\0';
while ((*var_value != '\0')&&(isspace(*var_value))) var_value++;
}
return msre_action_setvar_execute(msr,mptmp,rule,var_name,var_value);
}
/* expirevar */
static apr_status_t msre_action_expirevar_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
@@ -2388,7 +2408,7 @@ void msre_engine_register_default_actions(msre_engine *engine) {
ACTION_CGROUP_NONE,
NULL,
NULL,
msre_action_setvar_execute
msre_action_setvar_parse
);
/* expirevar */