github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Prettier error messages for unsupported configurations (UX)

Browse Source
This commit is contained in:
Victor Hora 2018-03-06 14:13:03 -05:00 committed by Felipe Zimmerle
parent a66acebc05
commit 64ce41280d
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
6 changed files with 9993 additions and 8632 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.x - YYYY-MMM-DD (To be released)
-------------------------------------
- Prettier error messages for unsupported configurations (UX)
[@victorhora]
- Add missing verify*** transformation statements to parser
[Issue #1006 and #1007 - @victorhora]
- Fix a set of compilation warnings

5726
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

1242
src/parser/seclang-parser.hh
View File

File diff suppressed because it is too large Load Diff

186
src/parser/seclang-parser.yy
View File

@ -595,6 +595,7 @@ using modsecurity::operators::Operator;
ACTION_VER "Ver"
ACTION_XMLNS "xmlns"
CONFIG_COMPONENT_SIG "CONFIG_COMPONENT_SIG"
CONFIG_CONN_ENGINE "CONFIG_CONN_ENGINE"
CONFIG_SEC_ARGUMENT_SEPARATOR "CONFIG_SEC_ARGUMENT_SEPARATOR"
CONFIG_SEC_WEB_APP_ID "CONFIG_SEC_WEB_APP_ID"
CONFIG_SEC_SERVER_SIG "CONFIG_SEC_SERVER_SIG"
@ -610,9 +611,21 @@ using modsecurity::operators::Operator;
CONFIG_DIR_DEBUG_LOG "CONFIG_DIR_DEBUG_LOG"
CONFIG_DIR_DEBUG_LVL "CONFIG_DIR_DEBUG_LVL"
CONFIG_SEC_CACHE_TRANSFORMATIONS "CONFIG_SEC_CACHE_TRANSFORMATIONS"
CONFIG_SEC_DISABLE_BACKEND_COMPRESS "CONFIG_SEC_DISABLE_BACKEND_COMPRESS"
CONFIG_SEC_HASH_ENGINE "CONFIG_SEC_HASH_ENGINE"
CONFIG_SEC_HASH_KEY "CONFIG_SEC_HASH_KEY"
CONFIG_SEC_HASH_PARAM "CONFIG_SEC_HASH_PARAM"
CONFIG_SEC_HASH_METHOD_RX "CONFIG_SEC_HASH_METHOD_RX"
CONFIG_SEC_HASH_METHOD_PM "CONFIG_SEC_HASH_METHOD_PM"
CONFIG_SEC_CHROOT_DIR "CONFIG_SEC_CHROOT_DIR"
CONFIG_DIR_GEO_DB "CONFIG_DIR_GEO_DB"
CONFIG_DIR_GSB_DB "CONFIG_DIR_GSB_DB"
CONFIG_SEC_GUARDIAN_LOG "CONFIG_SEC_GUARDIAN_LOG"
CONFIG_DIR_PCRE_MATCH_LIMIT "CONFIG_DIR_PCRE_MATCH_LIMIT"
CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION "CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION"
CONFIG_SEC_CONN_R_STATE_LIMIT "CONFIG_SEC_CONN_R_STATE_LIMIT"
CONFIG_SEC_CONN_W_STATE_LIMIT "CONFIG_SEC_CONN_W_STATE_LIMIT"
CONFIG_SEC_SENSOR_ID "CONFIG_SEC_SENSOR_ID"
CONFIG_DIR_REQ_BODY "CONFIG_DIR_REQ_BODY"
CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
CONFIG_DIR_REQ_BODY_LIMIT "CONFIG_DIR_REQ_BODY_LIMIT"
@ -621,6 +634,8 @@ using modsecurity::operators::Operator;
CONFIG_DIR_RES_BODY "CONFIG_DIR_RES_BODY"
CONFIG_DIR_RES_BODY_LIMIT "CONFIG_DIR_RES_BODY_LIMIT"
CONFIG_DIR_RES_BODY_LIMIT_ACTION "CONFIG_DIR_RES_BODY_LIMIT_ACTION"
CONFIG_SEC_RULE_INHERITANCE "CONFIG_SEC_RULE_INHERITANCE"
CONFIG_SEC_RULE_PERF_TIME "CONFIG_SEC_RULE_PERF_TIME"
CONFIG_DIR_RULE_ENG "CONFIG_DIR_RULE_ENG"
CONFIG_DIR_SEC_ACTION "CONFIG_DIR_SEC_ACTION"
CONFIG_DIR_SEC_DEFAULT_ACTION "CONFIG_DIR_SEC_DEFAULT_ACTION"
@ -628,6 +643,7 @@ using modsecurity::operators::Operator;
CONFIG_DIR_UNICODE_MAP_FILE "CONFIG_DIR_UNICODE_MAP_FILE"
CONFIG_SEC_COLLECTION_TIMEOUT "CONFIG_SEC_COLLECTION_TIMEOUT"
CONFIG_SEC_HTTP_BLKEY "CONFIG_SEC_HTTP_BLKEY"
CONFIG_SEC_INTERCEPT_ON_ERROR "CONFIG_SEC_INTERCEPT_ON_ERROR"
CONFIG_SEC_REMOTE_RULES_FAIL_ACTION "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
CONFIG_SEC_RULE_REMOVE_BY_ID "CONFIG_SEC_RULE_REMOVE_BY_ID"
CONFIG_SEC_RULE_REMOVE_BY_MSG "CONFIG_SEC_RULE_REMOVE_BY_MSG"
@ -656,8 +672,11 @@ using modsecurity::operators::Operator;
CONGIG_DIR_RESPONSE_BODY_MP "CONGIG_DIR_RESPONSE_BODY_MP"
CONGIG_DIR_SEC_ARG_SEP "CONGIG_DIR_SEC_ARG_SEP"
CONGIG_DIR_SEC_COOKIE_FORMAT "CONGIG_DIR_SEC_COOKIE_FORMAT"
CONFIG_SEC_COOKIEV0_SEPARATOR "CONFIG_SEC_COOKIEV0_SEPARATOR"
CONGIG_DIR_SEC_DATA_DIR "CONGIG_DIR_SEC_DATA_DIR"
CONGIG_DIR_SEC_STATUS_ENGINE "CONGIG_DIR_SEC_STATUS_ENGINE"
CONFIG_SEC_STREAM_IN_BODY_INSPECTION "CONFIG_SEC_STREAM_IN_BODY_INSPECTION"
CONFIG_SEC_STREAM_OUT_BODY_INSPECTION "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION"
CONGIG_DIR_SEC_TMP_DIR "CONGIG_DIR_SEC_TMP_DIR"
DIRECTIVE "DIRECTIVE"
DIRECTIVE_SECRULESCRIPT "DIRECTIVE_SECRULESCRIPT"
@ -811,6 +830,11 @@ audit_log:
{
driver.m_uploadKeepFiles = modsecurity::RulesProperties::FalseConfigBoolean;
}
| CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_RELEVANT_ONLY
{
driver.error(@0, "SecUploadKeepFiles RelevantOnly is not currently supported. Accepted values are On or Off");
YYERROR;
}
| CONFIG_UPLOAD_FILE_LIMIT
{
driver.m_uploadFileLimit.m_set = true;
@ -1242,6 +1266,14 @@ expression:
{
driver.m_components.push_back($1);
}
| CONFIG_CONN_ENGINE CONFIG_VALUE_ON
{
driver.error(@0, "SecConnEngine is not yet supported.");
YYERROR;
}
| CONFIG_CONN_ENGINE CONFIG_VALUE_OFF
{
}
| CONFIG_SEC_WEB_APP_ID
{
driver.m_secWebAppId.m_value = $1;
@ -1252,19 +1284,114 @@ expression:
driver.error(@0, "SecServerSignature is not supported.");
YYERROR;
}
| CONFIG_CONTENT_INJECTION CONFIG_VALUE_ON
{
driver.error(@0, "ContentInjection is not yet supported.");
YYERROR;
}
| CONFIG_SEC_CACHE_TRANSFORMATIONS
{
driver.error(@0, "SecCacheTransformations is not supported.");
YYERROR;
}
| CONFIG_SEC_DISABLE_BACKEND_COMPRESS CONFIG_VALUE_ON
{
driver.error(@0, "SecDisableBackendCompression is not supported.");
YYERROR;
}
| CONFIG_SEC_DISABLE_BACKEND_COMPRESS CONFIG_VALUE_OFF
{
}
| CONFIG_CONTENT_INJECTION CONFIG_VALUE_ON
{
driver.error(@0, "SecContentInjection is not yet supported.");
YYERROR;
}
| CONFIG_CONTENT_INJECTION CONFIG_VALUE_OFF
{
driver.error(@0, "ContentInjection is not yet supported.");
}
| CONFIG_SEC_CHROOT_DIR
{
driver.error(@0, "SecChrootDir is not supported.");
YYERROR;
}
| CONFIG_SEC_HASH_ENGINE CONFIG_VALUE_ON
{
driver.error(@0, "SecHashEngine is not yet supported.");
YYERROR;
}
| CONFIG_SEC_HASH_ENGINE CONFIG_VALUE_OFF
{
}
| CONFIG_SEC_HASH_KEY
{
driver.error(@0, "SecHashKey is not yet supported.");
YYERROR;
}
| CONFIG_SEC_HASH_PARAM
{
driver.error(@0, "SecHashParam is not yet supported.");
YYERROR;
}
| CONFIG_SEC_HASH_METHOD_RX
{
driver.error(@0, "SecHashMethodRx is not yet supported.");
YYERROR;
}
| CONFIG_SEC_HASH_METHOD_PM
{
driver.error(@0, "SecHashMethodPm is not yet supported.");
YYERROR;
}
| CONFIG_DIR_GSB_DB
{
driver.error(@0, "SecGsbLookupDb is not supported.");
YYERROR;
}
| CONFIG_SEC_GUARDIAN_LOG
{
driver.error(@0, "SecGuardianLog is not supported.");
YYERROR;
}
| CONFIG_SEC_INTERCEPT_ON_ERROR CONFIG_VALUE_ON
{
driver.error(@0, "SecInterceptOnError is not yet supported.");
YYERROR;
}
| CONFIG_SEC_INTERCEPT_ON_ERROR CONFIG_VALUE_OFF
{
}
| CONFIG_SEC_CONN_R_STATE_LIMIT
{
driver.error(@0, "SecConnReadStateLimit is not yet supported.");
YYERROR;
}
| CONFIG_SEC_CONN_W_STATE_LIMIT
{
driver.error(@0, "SecConnWriteStateLimit is not yet supported.");
YYERROR;
}
| CONFIG_SEC_SENSOR_ID
{
driver.error(@0, "SecSensorId is not yet supported.");
YYERROR;
}
| CONFIG_SEC_RULE_INHERITANCE CONFIG_VALUE_ON
{
driver.error(@0, "SecRuleInheritance is not yet supported.");
YYERROR;
}
| CONFIG_SEC_RULE_INHERITANCE CONFIG_VALUE_OFF
{
}
| CONFIG_SEC_RULE_PERF_TIME
{
driver.error(@0, "SecRulePerfTime is not yet supported.");
YYERROR;
}
| CONFIG_SEC_STREAM_IN_BODY_INSPECTION
{
driver.error(@0, "SecStreamInBodyInspection is not supported.");
YYERROR;
}
| CONFIG_SEC_STREAM_OUT_BODY_INSPECTION
{
driver.error(@0, "SecStreamOutBodyInspection is not supported.");
YYERROR;
}
| CONFIG_SEC_RULE_REMOVE_BY_ID
@ -1493,7 +1620,15 @@ expression:
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
}
| CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
driver.error(@0, "SecPcreMatchLimitRecursion is not currently supported. Default PCRE values are being used for now");
YYERROR;
*/
| CONFIG_DIR_PCRE_MATCH_LIMIT
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
driver.error(@0, "SecPcreMatchLimit is not currently supported. Default PCRE values are being used for now");
YYERROR;
*/
| CONGIG_DIR_RESPONSE_BODY_MP
{
std::istringstream buf($1);
@ -1521,13 +1656,52 @@ expression:
driver.m_secXMLExternalEntity = modsecurity::RulesProperties::TrueConfigBoolean;
}
| CONGIG_DIR_SEC_TMP_DIR
{
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
std::stringstream ss;
ss << "As of ModSecurity version 3.0, SecTmpDir is no longer supported.";
ss << " Instead, you can use your web server configurations to control when";
ss << "and where to swap. ModSecurity will follow the web server decision.";
driver.error(@0, ss.str());
YYERROR;
*/
}
| CONGIG_DIR_SEC_DATA_DIR
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
std::stringstream ss;
ss << "SecDataDir is not currently supported.";
ss << " Collections are kept in memory (in_memory-per_process) for now.";
ss << " When using a backend such as LMDB, temp data path is currently defined by the backend.";
driver.error(@0, ss.str());
YYERROR;
*/
| CONGIG_DIR_SEC_ARG_SEP
| CONGIG_DIR_SEC_COOKIE_FORMAT
{
if (atoi($1.c_str()) == 1) {
driver.error(@0, "SecCookieFormat 1 is not yet supported.");
YYERROR;
}
}
| CONFIG_SEC_COOKIEV0_SEPARATOR
{
driver.error(@0, "SecCookieV0Separator is not yet supported.");
YYERROR;
}
| CONGIG_DIR_SEC_STATUS_ENGINE
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
driver.error(@0, "SecStatusEngine is not yet supported.");
YYERROR;
*/
| CONFIG_DIR_UNICODE_MAP_FILE
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
driver.error(@0, "SecUnicodeMapFile is not yet supported. utils::string::x2c");
YYERROR;
*/
| CONFIG_SEC_COLLECTION_TIMEOUT
{
driver.error(@0, "SecCollectionTimeout is not yet supported.");
YYERROR;
}
| CONFIG_SEC_HTTP_BLKEY
{

11422
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

47
src/parser/seclang-scanner.ll
View File

@ -316,6 +316,13 @@ CONFIG_COMPONENT_SIG (?i:SecComponentSignature)
CONFIG_SEC_SERVER_SIG (?i:SecServerSignature)
CONFIG_SEC_WEB_APP_ID (?i:SecWebAppId)
CONFIG_SEC_CACHE_TRANSFORMATIONS (?i:SecCacheTransformations)
CONFIG_SEC_CHROOT_DIR (?i:SecChrootDir)
CONFIG_CONN_ENGINE (?i:SecConnEngine)
CONFIG_SEC_HASH_ENGINE (?i:SecHashEngine)
CONFIG_SEC_HASH_KEY (?i:SecHashKey)
CONFIG_SEC_HASH_PARAM (?i:SecHashParam)
CONFIG_SEC_HASH_METHOD_RX (?i:SecHashMethodRx)
CONFIG_SEC_HASH_METHOD_PM (?i:SecHashMethodPm)
CONFIG_CONTENT_INJECTION (?i:SecContentInjection)
CONFIG_SEC_ARGUMENT_SEPARATOR (?i:SecArgumentSeparator)
CONFIG_DIR_AUDIT_DIR (?i:SecAuditLogStorageDir)
@ -331,6 +338,16 @@ CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType)
CONFIG_DIR_DEBUG_LOG (?i:SecDebugLog)
CONFIG_DIR_DEBUG_LVL (?i:SecDebugLogLevel)
CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
CONFIG_DIR_GSB_DB (?i:SecGsbLookupDb)
CONFIG_SEC_GUARDIAN_LOG (?i:SecGuardianLog)
CONFIG_SEC_INTERCEPT_ON_ERROR (?i:SecInterceptOnError)
CONFIG_SEC_CONN_R_STATE_LIMIT (?i:SecConnReadStateLimit)
CONFIG_SEC_CONN_W_STATE_LIMIT (?i:SecConnWriteStateLimit)
CONFIG_SEC_SENSOR_ID (?i:SecSensorId)
CONFIG_SEC_RULE_INHERITANCE (?i:SecRuleInheritance)
CONFIG_SEC_RULE_PERF_TIME (?i:SecRulePerfTime)
CONFIG_SEC_STREAM_IN_BODY_INSPECTION (?i:SecStreamInBodyInspection)
CONFIG_SEC_STREAM_OUT_BODY_INSPECTION (?i:SecStreamOutBodyInspection)
CONFIG_DIR_PCRE_MATCH_LIMIT (?i:SecPcreMatchLimit)
CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION (?i:SecPcreMatchLimitRecursion)
CONFIG_DIR_REQ_BODY (?i:SecRequestBodyAccess)
@ -344,6 +361,7 @@ CONFIG_DIR_RES_BODY_LIMIT_ACTION (?i:SecResponseBodyLimitAction)
CONFIG_DIR_RULE_ENG (?i:SecRuleEngine)
CONFIG_DIR_SEC_ACTION (?i:SecAction)
CONFIG_DIR_SEC_DEFAULT_ACTION (?i:SecDefaultAction)
CONFIG_SEC_DISABLE_BACKEND_COMPRESS (?i:SecDisableBackendCompression)
CONFIG_DIR_SEC_MARKER (?i:SecMarker)
CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
CONFIG_INCLUDE (?i:Include)
@ -381,6 +399,7 @@ CONGIG_DIR_RESPONSE_BODY_MP (?i:SecResponseBodyMimeType)
CONGIG_DIR_RESPONSE_BODY_MP_CLEAR (?i:SecResponseBodyMimeTypesClear)
CONGIG_DIR_SEC_ARG_SEP (?i:SecArgumentSeparator)
CONGIG_DIR_SEC_COOKIE_FORMAT (?i:SecCookieFormat)
CONFIG_SEC_COOKIEV0_SEPARATOR (?i:SecCookieV0Separator)
CONGIG_DIR_SEC_DATA_DIR (?i:SecDataDir)
CONGIG_DIR_SEC_STATUS_ENGINE (?i:SecStatusEngine)
CONGIG_DIR_SEC_TMP_DIR (?i:SecTmpDir)
@ -704,7 +723,7 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_COMPONENT_SIG}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, *driver.loc.back()); }
{CONFIG_SEC_SERVER_SIG}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_SEC_SERVER_SIG(strchr(yytext, ' ') + 2, *driver.loc.back()); }
{CONFIG_SEC_WEB_APP_ID}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_SEC_WEB_APP_ID(parserSanitizer(strchr(yytext, ' ') + 2), *driver.loc.back()); }
{CONFIG_SEC_WEB_APP_ID}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_WEB_APP_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_WEB_APP_ID}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_WEB_APP_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_CONTENT_INJECTION} { return p::make_CONFIG_CONTENT_INJECTION(*driver.loc.back()); }
{CONFIG_DIR_AUDIT_DIR_MOD}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_AUDIT_DIR_MOD(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_AUDIT_DIR_MOD}[ \t]+["]{CONFIG_VALUE_NUMBER}["] { return p::make_CONFIG_DIR_AUDIT_DIR_MOD(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
@ -747,8 +766,7 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_TAG}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_TAG}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return
p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_TAG}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_UPDATE_TARGET_BY_TAG}[ ]+["]{FREE_TEXT_NEW_LINE}["] { state_variable_from = 1; BEGIN(TRANSACTION_TO_VARIABLE); return p::make_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_UPDATE_TARGET_BY_TAG}[ ]+{FREE_TEXT_SPACE_COMMA_QUOTE} { state_variable_from = 1; BEGIN(TRANSACTION_TO_VARIABLE); return p::make_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_UPDATE_TARGET_BY_MSG}[ ]+["]{FREE_TEXT_NEW_LINE}["] { state_variable_from = 1; BEGIN(TRANSACTION_TO_VARIABLE); return p::make_CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
@ -779,6 +797,8 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
{CONGIG_DIR_RESPONSE_BODY_MP_CLEAR} { return p::make_CONGIG_DIR_RESPONSE_BODY_MP_CLEAR(*driver.loc.back()); }
{CONGIG_DIR_SEC_ARG_SEP}[ ]{FREE_TEXT_NEW_LINE} { return p::make_CONGIG_DIR_SEC_ARG_SEP(yytext, *driver.loc.back()); }
{CONGIG_DIR_SEC_COOKIE_FORMAT}[ ]{CONFIG_VALUE_NUMBER} { return p::make_CONGIG_DIR_SEC_COOKIE_FORMAT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_SEC_COOKIEV0_SEPARATOR}[ \t]+["]{NEW_LINE_FREE_TEXT}["] { return p::make_CONFIG_SEC_COOKIEV0_SEPARATOR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_COOKIEV0_SEPARATOR}[ \t]+{NEW_LINE_FREE_TEXT} { return p::make_CONFIG_SEC_COOKIEV0_SEPARATOR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONGIG_DIR_SEC_DATA_DIR}[ \t]+{CONFIG_VALUE_PATH} { return p::make_CONGIG_DIR_SEC_DATA_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONGIG_DIR_SEC_DATA_DIR}[ \t]+["]{CONFIG_VALUE_PATH}["] { return p::make_CONGIG_DIR_SEC_DATA_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONGIG_DIR_SEC_STATUS_ENGINE}[ ]{FREE_TEXT_NEW_LINE} { return p::make_CONGIG_DIR_SEC_STATUS_ENGINE(yytext, *driver.loc.back()); }
@ -787,7 +807,26 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
{DIRECTIVE_SECRULESCRIPT}[ \t]+{CONFIG_VALUE_PATH} { BEGIN(TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS); return p::make_DIRECTIVE_SECRULESCRIPT(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{DIRECTIVE_SECRULESCRIPT}[ \t]+["]{FREE_TEXT_SPACE_COMMA_QUOTE}["] { BEGIN(TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS); return p::make_DIRECTIVE_SECRULESCRIPT(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_CACHE_TRANSFORMATIONS}{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_CACHE_TRANSFORMATIONS(yytext, *driver.loc.back()); }
{CONFIG_SEC_CHROOT_DIR}[ \t]+{CONFIG_VALUE_PATH} { return p::make_CONFIG_SEC_CHROOT_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_CHROOT_DIR}[ \t]+["]{CONFIG_VALUE_PATH}["] { return p::make_CONFIG_SEC_CHROOT_DIR(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_CONN_ENGINE} { return p::make_CONFIG_CONN_ENGINE(yytext, *driver.loc.back()); }
{CONFIG_SEC_HASH_ENGINE} { return p::make_CONFIG_SEC_HASH_ENGINE(yytext, *driver.loc.back()); }
{CONFIG_SEC_HASH_KEY} { return p::make_CONFIG_SEC_HASH_KEY(yytext, *driver.loc.back()); }
{CONFIG_SEC_HASH_PARAM} { return p::make_CONFIG_SEC_HASH_PARAM(yytext, *driver.loc.back()); }
{CONFIG_SEC_HASH_METHOD_RX} { return p::make_CONFIG_SEC_HASH_METHOD_RX(yytext, *driver.loc.back()); }
{CONFIG_SEC_HASH_METHOD_PM} { return p::make_CONFIG_SEC_HASH_METHOD_PM(yytext, *driver.loc.back()); }
{CONFIG_DIR_GSB_DB}[ \t]+{CONFIG_VALUE_PATH} { return p::make_CONFIG_DIR_GSB_DB(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_GSB_DB}[ \t]+["]{CONFIG_VALUE_PATH}["] { return p::make_CONFIG_DIR_GSB_DB(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_GUARDIAN_LOG} { return p::make_CONFIG_SEC_GUARDIAN_LOG(yytext, *driver.loc.back()); }
{CONFIG_SEC_INTERCEPT_ON_ERROR} { return p::make_CONFIG_SEC_INTERCEPT_ON_ERROR(yytext, *driver.loc.back()); }
{CONFIG_SEC_CONN_R_STATE_LIMIT}{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_CONN_R_STATE_LIMIT(yytext, *driver.loc.back()); }
{CONFIG_SEC_CONN_W_STATE_LIMIT}{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_CONN_W_STATE_LIMIT(yytext, *driver.loc.back()); }
{CONFIG_SEC_SENSOR_ID}{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_SENSOR_ID(yytext, *driver.loc.back()); }
{CONFIG_SEC_RULE_INHERITANCE} { return p::make_CONFIG_SEC_RULE_INHERITANCE(yytext, *driver.loc.back()); }
{CONFIG_SEC_RULE_PERF_TIME}[ ]{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_SEC_RULE_PERF_TIME(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_SEC_STREAM_IN_BODY_INSPECTION} { return p::make_CONFIG_SEC_STREAM_IN_BODY_INSPECTION(yytext, *driver.loc.back()); }
{CONFIG_SEC_STREAM_OUT_BODY_INSPECTION} { return p::make_CONFIG_SEC_STREAM_OUT_BODY_INSPECTION(yytext, *driver.loc.back()); }
{CONFIG_SEC_DISABLE_BACKEND_COMPRESS} { return p::make_CONFIG_SEC_DISABLE_BACKEND_COMPRESS(yytext, *driver.loc.back()); }
{DIRECTIVE} { BEGIN(TRANSACTION_TO_VARIABLE); return p::make_DIRECTIVE(yytext, *driver.loc.back()); }
{CONFIG_DIR_SEC_DEFAULT_ACTION} { BEGIN(TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS); return p::make_CONFIG_DIR_SEC_DEFAULT_ACTION(yytext, *driver.loc.back()); }