Add IS_NEW and IS_EXPIRED collection variables. See #345.

2025-08-13 21:36:00 +03:00 · 2007-12-12 22:52:08 +00:00 · 2007-12-12 22:52:08 +00:00 · 54cac6461b
commit 54cac6461b
parent 2203428507
4 changed files with 72 additions and 8 deletions
--- a/5
+++ b/5
@ -1,7 +1,8 @@
-
-29 Nov 2007 - 2.5.0-dev3
+12 Dec 2007 - 2.5.0-dev3
 ------------------------

+ * Added IS_NEW and IS_EXPIRED built-in collection variables.
+
 * Added SecMarker <id> directive to allow a fixed target for skipAfter.

 * The invoked rule is now logged in the debug log at level 5.
--- a/apache2/persist_dbm.c
+++ b/apache2/persist_dbm.c
@ -72,6 +72,7 @@ apr_table_t *collection_retrieve(modsec_rec *msr, const char *col_name,
    apr_table_t *col = NULL;
    const apr_array_header_t *arr;
    apr_table_entry_t *te;
+    int expired = 0;
    int i;

    if (msr->txcfg->data_dir == NULL) {
@ -119,11 +120,16 @@ apr_table_t *collection_retrieve(modsec_rec *msr, const char *col_name,
                msc_string *var = (msc_string *)te[i].val;
                int expiry_time = atoi(var->value);

-                /* Do not remove the record itself. */
-                if (strcmp(te[i].key, "__expire_KEY") == 0) continue;                
-
                if (expiry_time <= apr_time_sec(msr->request_time)) {
+                    // TODO Why dup this?
                    char *key_to_expire = apr_pstrdup(msr->mp, te[i].key);
+
+                    /* Do not remove the record itself. */
+                    if (strcmp(te[i].key, "__expire_KEY") == 0) {
+                        expired = 1;
+                        continue;
+                    }
+
                    msr_log(msr, 9, "Removing key \"%s\" from collection.", key_to_expire + 9);
                    apr_table_unset(col, key_to_expire + 9);
                    msr_log(msr, 9, "Removing key \"%s\" from collection.", key_to_expire);
@ -135,6 +141,19 @@ apr_table_t *collection_retrieve(modsec_rec *msr, const char *col_name,
        }
    } while(i != arr->nelts);
    
+   /* Set IS_EXPIRED if expired */
+    if (expired) {
+        msc_string *var = (msc_string *)apr_table_get(col, "IS_EXPIRED");
+        if (var == NULL) {
+            var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
+            var->name = "IS_EXPIRED";
+            var->name_len = strlen(var->name);
+        }
+        if (var != NULL) {
+            var->value = "1";
+            var->value_len = strlen(var->value);
+        }
+    }

    /* Update UPDATE_RATE */
    {
@ -176,8 +195,8 @@ apr_table_t *collection_retrieve(modsec_rec *msr, const char *col_name,

    apr_sdbm_close(dbm);

-    msr_log(msr, 4, "Retrieved collection (name \"%s\", key \"%s\").",
-            log_escape(msr->mp, col_name), log_escape(msr->mp, col_key));
+    msr_log(msr, 4, "Retrieved collection (name \"%s\", key \"%s\", expired \"%d\").",
+            log_escape(msr->mp, col_name), log_escape(msr->mp, col_key), expired);

    return col;
 }
@ -272,6 +291,24 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
        return 1;
    }

+    /* Set IS_NEW to 0 on store. */
+    {
+        msc_string *var = (msc_string *)apr_table_get(col, "IS_NEW");
+        if (var != NULL) {
+            var->value = "0";
+            var->value_len = strlen(var->value);
+        }
+    }
+
+    /* Set IS_EXPIRED to 0 on store. */
+    {
+        msc_string *var = (msc_string *)apr_table_get(col, "IS_EXPIRED");
+        if (var != NULL) {
+            var->value = "0";
+            var->value_len = strlen(var->value);
+        }
+    }
+
    /* Update the timeout value. */
    {
        msc_string *var = (msc_string *)apr_table_get(col, "TIMEOUT");
--- a/apache2/re_actions.c
+++ b/apache2/re_actions.c
@ -1322,6 +1322,22 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
        var->value = "0";
        var->value_len = strlen(var->value);
        apr_table_setn(table, var->name, (void *)var);
+
+        /* This is a new collection. */
+        var = apr_pcalloc(msr->mp, sizeof(msc_string));
+        var->name = "IS_NEW";
+        var->name_len = strlen(var->name);
+        var->value = "1";
+        var->value_len = strlen(var->value);
+        apr_table_setn(table, var->name, (void *)var);
+
+        /* It has not yet expired. */
+        var = apr_pcalloc(msr->mp, sizeof(msc_string));
+        var->name = "IS_EXPIRED";
+        var->name_len = strlen(var->name);
+        var->value = "0";
+        var->value_len = strlen(var->value);
+        apr_table_setn(table, var->name, (void *)var);
    }

    /* Add the collection to the list. */
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@ -3934,6 +3934,16 @@ SecRule REQUEST_URI "^/cgi-bin/script\.pl" \
          the creation of the collection.</para>
        </listitem>

+        <listitem>
+          <para><literal moreinfo="none">IS_EXPIRED</literal> - set to 1 if
+          the collection is expired otherwise set to 0.</para>
+        </listitem>
+
+        <listitem>
+          <para><literal moreinfo="none">IS_NEW</literal> - set to 1 if the
+          collection is new (not yet persisted) otherwise set to 0.</para>
+        </listitem>
+
        <listitem>
          <para><literal moreinfo="none">KEY</literal> - the value of the
          initcol variable (the client's IP address in the example).</para>
@ -5146,4 +5156,4 @@ SecRule REQUEST_METHOD "!<emphasis>@within %{tx.allowed_methods}</emphasis>" t:l
      </section>
    </section>
  </section>
-</article>
+</article>