From 5cc9e94505bd6ff3a86e616bcff3cd5bc173a752 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Fri, 2 Oct 2015 12:07:18 -0300
Subject: [PATCH] Splits operator into OPERATOR and FREE_TEXT on sec lang
 grammar

---
 src/parser/seclang-parser.yy    | 75 +++++++++++++--------------------
 test/benchmark/basic_rules.conf | 26 +++++++++++-
 2 files changed, 54 insertions(+), 47 deletions(-)

diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
index a417c7f8..a497a9fd 100644
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -247,6 +247,7 @@ using ModSecurity::Variables::Variable;
 %type <Variable *> var
 %type <Action *> act
 %type <std::vector<Action *> *> actings
+%type <Operator *> op
 
 
 %printer { yyoutput << $$; } <*>;
@@ -345,19 +346,34 @@ actings:
       }
     ;
 
+op:
+    OPERATOR
+      {
+        Operator *op = Operator::instantiate($1);
+        const char *error = NULL;
+        if (op->init(&error) == false) {
+            driver.error(@0, error);
+            YYERROR;
+        }
+        $$ = op;
+      }
+    | FREE_TEXT
+      {
+        Operator *op = Operator::instantiate("\"@rx " + $1 + "\"");
+        const char *error = NULL;
+        if (op->init(&error) == false) {
+            driver.error(@0, error);
+            YYERROR;
+        }
+        $$ = op;
+      }
 
 expression:
     audit_log
-    | DIRECTIVE variables OPERATOR actings
+    | DIRECTIVE variables op actings
       {
-        Operator *op = Operator::instantiate($3);
-        const char *error = NULL;
-        if (op->init(&error) == false) {
-            driver.error(@0, error);
-            YYERROR;
-        }
         Rule *rule = new Rule(
-            /* op */ op,
+            /* op */ $3,
             /* variables */ $2,
             /* actions */ $4
             );
@@ -366,34 +382,10 @@ expression:
             YYERROR;
         }
       }
-    | DIRECTIVE variables FREE_TEXT actings
+    | DIRECTIVE variables op
       {
-        Operator *op = Operator::instantiate("\"@rx " + $3 + "\"");
-        const char *error = NULL;
-        if (op->init(&error) == false) {
-            driver.error(@0, error);
-            YYERROR;
-        }
         Rule *rule = new Rule(
-            /* op */ op,
-            /* variables */ $2,
-            /* actions */ $4
-            );
-
-        if (driver.addSecRule(rule) == false) {
-            YYERROR;
-        }
-      }
-    | DIRECTIVE variables OPERATOR
-      {
-        Operator *op = Operator::instantiate("\"@rx " + $3 + "\"");
-        const char *error = NULL;
-        if (op->init(&error) == false) {
-            driver.error(@0, error);
-            YYERROR;
-        }
-        Rule *rule = new Rule(
-            /* op */ op,
+            /* op */ $3,
             /* variables */ $2,
             /* actions */ NULL
             );
@@ -402,16 +394,7 @@ expression:
             YYERROR;
         }
       }
-    | CONFIG_DIR_SEC_ACTION QUOTATION_MARK actions QUOTATION_MARK
-      {
-        Rule *rule = new Rule(
-            /* op */ NULL,
-            /* variables */ NULL,
-            /* actions */ $3
-            );
-        driver.addSecAction(rule);
-      }
-    | CONFIG_DIR_SEC_ACTION actions
+    | CONFIG_DIR_SEC_ACTION actings
       {
         Rule *rule = new Rule(
             /* op */ NULL,
@@ -420,9 +403,9 @@ expression:
             );
         driver.addSecAction(rule);
       }
-    | CONFIG_DIR_SEC_DEFAULT_ACTION QUOTATION_MARK actions QUOTATION_MARK
+    | CONFIG_DIR_SEC_DEFAULT_ACTION actings
       {
-        std::vector<Action *> *actions = $3;
+        std::vector<Action *> *actions = $2;
         std::vector<Action *> checkedActions;
         int definedPhase = -1;
         int secRuleDefinedPhase = -1;
diff --git a/test/benchmark/basic_rules.conf b/test/benchmark/basic_rules.conf
index d32552aa..9a6c1141 100644
--- a/test/benchmark/basic_rules.conf
+++ b/test/benchmark/basic_rules.conf
@@ -1,3 +1,27 @@
 
 include "owasp-modsecurity-crs-orig/modsecurity_crs_10_setup.conf"
-include "owasp-modsecurity-crs-orig/rules/*.conf"
+#include "owasp-modsecurity-crs-orig/rules/*.conf"
+#include owasp-modsecurity-crs-orig/rules/RESPONSE-51-DATA-LEAKAGES-SQL.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-01-COMMON-EXCEPTIONS.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-10-IP-REPUTATION.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-11-METHOD-ENFORCEMENT.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-12-DOS-PROTECTION.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-13-SCANNER-DETECTION.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-21-PROTOCOL-ATTACK.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-30-APPLICATION-ATTACK-LFI.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-31-APPLICATION-ATTACK-RFI.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-32-APPLICATION-ATTACK-RCE.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-33-APPLICATION-ATTACK-PHP.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-41-APPLICATION-ATTACK-XSS.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-43-APPLICATION-ATTACK-SESSION-FIXATION.conf
+include owasp-modsecurity-crs-orig/rules/REQUEST-49-BLOCKING-EVALUATION.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-50-DATA-LEAKAGES.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-50-DATA-LEAKAGES-JAVA.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-50-DATA-LEAKAGES-PHP.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-51-DATA-LEAKAGES-SQL.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-59-BLOCKING-EVALUATION.conf
+include owasp-modsecurity-crs-orig/rules/RESPONSE-80-CORRELATION.conf
+