github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to the @containsWord operator

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-08-10 17:41:44 -03:00
parent 2f81b62d17
commit 64cbb15335
5 changed files with 53 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
src/operators/contains_word.cc
View File

@ -18,47 +18,57 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
if (a.size() - 1 < pos) {
return false;
}
if ((a.at(pos) >= 65 && a.at(pos) <= 90) ||
(a.at(pos) >= 97 && a.at(pos) <= 122)) {
return false;
}
return true;
}
bool ContainsWord::evaluate(Assay *assay, bool ContainsWord::evaluate(Assay *assay,
std::string input) { const std::string& input) {
/** std::string paramTarget = MacroExpansion::expand(param, assay);
* @todo Implement the operator ContainsWord in a performative way.
*/
// FIXME: This is odd logic and should be removed in a future version if (paramTarget.empty()) {
if (this->param == "") { return true;
return 1;
} }
// If our length is too long we will never match if (input.empty()) {
if (this->param.length() > input.length()) { return false;
return 0;
} }
// If they are exact matches shortcut if (input == paramTarget) {
if (this->param == input) { return true;
return 1;
} }
// std::regex r("\\b" + this->param + "\\b"); size_t pos = input.find(paramTarget);
// std::smatch m; while (pos != std::string::npos) {
// if (std::regex_search(input, m, r)) { if (pos == 0 && acceptableChar(input, paramTarget.size())) {
// this won't find anything because 'spoons' is not return true;
// the word you're searching for }
// return 1; if (pos + paramTarget.size() == input.size() &&
// } acceptableChar(input, pos - 1)) {
return true;
}
if (acceptableChar(input, pos - 1) &&
acceptableChar(input, pos + paramTarget.size())) {
return true;
}
pos = input.find(paramTarget, pos + 1);
}
return 0; return false;
} }
ContainsWord::ContainsWord(std::string op,
std::string param, bool negation)
: Operator() {
this->op = op;
this->param = param;
}
} // namespace operators } // namespace operators
} // namespace ModSecurity } // namespace ModSecurity

8
src/operators/contains_word.h
View File

@ -27,8 +27,12 @@ namespace operators {
class ContainsWord : public Operator { class ContainsWord : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ContainsWord(std::string o, std::string p, bool i); ContainsWord(std::string op, std::string param, bool negation)
bool evaluate(Assay *assay, std::string exp); : Operator(op, param, negation) { }
bool evaluate(Assay *assay, const std::string &str);
bool acceptableChar(const std::string& a, size_t pos);
}; };
} // namespace operators } // namespace operators

8
src/operators/operator.cc
View File

@ -59,7 +59,7 @@
#include "operators/begins_with.h" #include "operators/begins_with.h"
#define IF_MATCH(a) \ #define IF_MATCH(a) \
if (op.compare(1, std::strlen(#a), #a) == 0) if (op.compare(1, op.length() - 2, #a) == 0)
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
@ -75,6 +75,9 @@ bool Operator::evaluate(Assay *assay) {
if (assay) { if (assay) {
assay->debug(2, "Operator: " + this->op + \ assay->debug(2, "Operator: " + this->op + \
" is not implemented or malfunctioning."); " is not implemented or malfunctioning.");
} else {
std::cerr << "Operator: " + this->op + \
" is not implemented or malfunctioning.";
} }
return true; return true;
} }
@ -84,6 +87,9 @@ bool Operator::evaluate(Assay *assay, const std::string& a) {
if (assay) { if (assay) {
assay->debug(2, "Operator: " + this->op + \ assay->debug(2, "Operator: " + this->op + \
" is not implemented or malfunctioning."); " is not implemented or malfunctioning.");
} else {
std::cerr << "Operator: " + this->op + \
" is not implemented or malfunctioning.";
} }
return true; return true;

2
test/test-cases/secrules-language-tests

@ -1 +1 @@
Subproject commit a65639f93590edc93ee1c78647cf4b8147e2025d Subproject commit 93eddefff48e295179d6884691ecb24c362735be

2
test/unit/unit_test.cc
View File

@ -93,7 +93,7 @@ UnitTest *UnitTest::from_yajl_node(yajl_val &node) {
u->param = YAJL_GET_STRING(val); u->param = YAJL_GET_STRING(val);
} else if (strcmp(key, "input") == 0) { } else if (strcmp(key, "input") == 0) {
u->input = YAJL_GET_STRING(val); u->input = YAJL_GET_STRING(val);
replaceAll(&(u->input), "\\0", '\0'); replaceAll(&(u->input), "\\0", '\u0000');
replaceAll(&(u->input), "\\xe4", '\xe4'); replaceAll(&(u->input), "\\xe4", '\xe4');
replaceAll(&(u->input), "\\x03", '\x03'); replaceAll(&(u->input), "\\x03", '\x03');
replaceAll(&(u->input), "\\xbf", '\xbf'); replaceAll(&(u->input), "\\xbf", '\xbf');