Adds support to SecMarker and skipAfter

2025-09-30 03:34:29 +03:00 · 2015-09-04 17:36:57 -03:00
parent b048794f4e
commit 5c3a4b608d
14 changed files with 288 additions and 4 deletions
--- a/src/parser/driver.cc
+++ b/src/parser/driver.cc
@@ -39,6 +39,16 @@ Driver::~Driver() {
    delete loc.back();
 }

+
+int Driver::addSecMarker(std::string marker) {
+    for (int i = 0; i < ModSecurity::Phases::NUMBER_OF_PHASES; i++) {
+        Rule *rule = new Rule(marker);
+        rule->phase = i;
+        rules[i].push_back(rule);
+    }
+}
+
+
 int Driver::addSecAction(Rule *rule) {
    if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) {
        parserError << "Unknown phase: " << std::to_string(rule->phase);
--- a/src/parser/driver.h
+++ b/src/parser/driver.h
@@ -58,6 +58,7 @@ class Driver : public RulesProperties {

    int addSecRule(Rule *rule);
    int addSecAction(Rule *rule);
+    int addSecMarker(std::string marker);

    int result;

--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -23,6 +23,7 @@ class Driver;
 #include "actions/ctl_audit_log_parts.h"
 #include "actions/set_var.h"
 #include "actions/severity.h"
+#include "actions/skip_after.h"
 #include "actions/msg.h"
 #include "actions/phase.h"
 #include "actions/log_data.h"
@@ -192,6 +193,7 @@ using ModSecurity::Variables::Variable;

 %token <std::string> CONFIG_DIR_SEC_ACTION
 %token <std::string> CONFIG_DIR_SEC_DEFAULT_ACTION
+%token <std::string> CONFIG_DIR_SEC_MARKER

 %token <std::string> VARIABLE
 %token <std::string> RUN_TIME_VAR_DUR
@@ -216,6 +218,7 @@ using ModSecurity::Variables::Variable;
 %token <std::string> OPERATOR
 %token <std::string> FREE_TEXT
 %token <std::string> ACTION
+%token <std::string> ACTION_SKIP_AFTER
 %token <std::string> ACTION_AUDIT_LOG
 %token <std::string> ACTION_SEVERITY
 %token <std::string> ACTION_SETVAR
@@ -412,6 +415,10 @@ expression:
            driver.defaultActions[definedPhase].push_back(a);
        }
      }
+    | CONFIG_DIR_SEC_MARKER
+      {
+        driver.addSecMarker($1);
+      }
    | CONFIG_DIR_RULE_ENG SPACE CONFIG_VALUE_OFF
      {
        driver.secRuleEngine = ModSecurity::Rules::DisabledRuleEngine;
@@ -699,6 +706,10 @@ act:

        $$ = setVar;
      }
+    | ACTION_SKIP_AFTER
+      {
+        $$ = new ModSecurity::actions::SkipAfter($1);
+      }
    | ACTION_AUDIT_LOG
      {
        $$ = new ModSecurity::actions::AuditLog($1);
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -23,7 +23,8 @@ using ModSecurity::split;
 %}
 %option noyywrap nounput batch debug noinput

-ACTION          (?i:accuracy|allow|append|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|maturity|multiMatch|noauditlog|nolog|pass|pause|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
+ACTION          (?i:accuracy|allow|append|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|maturity|multiMatch|noauditlog|nolog|pass|pause|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|status:[0-9]+|ver|xmlns)
+ACTION_SKIP_AFTER (?i:skipAfter)
 ACTION_PHASE    ((?i:phase:(?i:REQUEST|RESPONSE|LOGGING|[0-9]+))|(?i:phase:'(?i:REQUEST|RESPONSE|LOGGING|[0-9]+)'))
 ACTION_AUDIT_LOG (?i:auditlog)
 ACTION_SEVERITY (?i:severity)
@@ -40,6 +41,7 @@ LOG_DATA        (?i:logdata)

 CONFIG_DIR_SEC_DEFAULT_ACTION (?i:SecDefaultAction)
 CONFIG_DIR_SEC_ACTION (?i:SecAction)
+CONFIG_DIR_SEC_MARKER (?i:SecMarker)

 CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION (?i:SecPcreMatchLimitRecursion)
 CONFIG_DIR_PCRE_MATCH_LIMIT (?i:SecPcreMatchLimit)
@@ -246,6 +248,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)

 {CONFIG_DIR_SEC_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_SEC_ACTION(yytext, *driver.loc.back()); }
 {CONFIG_DIR_SEC_DEFAULT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_SEC_DEFAULT_ACTION(yytext, *driver.loc.back()); }
+{CONFIG_DIR_SEC_MARKER}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }

 <EXPECTING_OPERATOR>{
 ["][^@]{FREE_TEXT}["]           { BEGIN(INITIAL); return yy::seclang_parser::make_FREE_TEXT(yytext, *driver.loc.back()); }
@@ -255,6 +258,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)

 {ACTION}                        { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
 {ACTION_PHASE}                  { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
+{ACTION_SKIP_AFTER}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(strchr(yytext, ':') + 1, *driver.loc.back()); }
 {ACTION_AUDIT_LOG}              { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }

 {ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE}       { return yy::seclang_parser::make_ACTION_SEVERITY(yytext + 9, *driver.loc.back()); }