From 6f7d3fa67a8c13291e93d64f5c4c86fde7672b77 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 22 Jul 2015 01:06:08 -0300 Subject: [PATCH] Adds support to the TIME* variables --- src/Makefile.am | 13 +- src/parser/seclang-parser.yy | 137 +++++++++++++++++- src/parser/seclang-scanner.ll | 21 +++ src/variables/time.cc | 59 ++++++++ src/variables/time.h | 44 ++++++ src/variables/time_day.cc | 59 ++++++++ src/variables/time_day.h | 43 ++++++ src/variables/time_epoch.cc | 50 +++++++ src/variables/time_epoch.h | 43 ++++++ src/variables/time_hour.cc | 59 ++++++++ src/variables/time_hour.h | 43 ++++++ src/variables/time_min.cc | 59 ++++++++ src/variables/time_min.h | 43 ++++++ src/variables/time_mon.cc | 61 ++++++++ src/variables/time_mon.h | 43 ++++++ src/variables/time_sec.cc | 59 ++++++++ src/variables/time_sec.h | 43 ++++++ src/variables/time_wday.cc | 61 ++++++++ src/variables/time_wday.h | 43 ++++++ src/variables/time_year.cc | 59 ++++++++ src/variables/time_year.h | 43 ++++++ test/test-cases/regression/variable-TIME.json | 45 ++++++ .../regression/variable-TIME_DAY.json | 45 ++++++ .../regression/variable-TIME_EPOCH.json | 45 ++++++ .../regression/variable-TIME_HOUR.json | 45 ++++++ .../regression/variable-TIME_MIN.json | 45 ++++++ .../regression/variable-TIME_MON.json | 45 ++++++ .../regression/variable-TIME_SEC.json | 45 ++++++ .../regression/variable-TIME_WDAY.json | 45 ++++++ .../regression/variable-TIME_YEAR.json | 45 ++++++ 30 files changed, 1488 insertions(+), 2 deletions(-) create mode 100644 src/variables/time.cc create mode 100644 src/variables/time.h create mode 100644 src/variables/time_day.cc create mode 100644 src/variables/time_day.h create mode 100644 src/variables/time_epoch.cc create mode 100644 src/variables/time_epoch.h create mode 100644 src/variables/time_hour.cc create mode 100644 src/variables/time_hour.h create mode 100644 src/variables/time_min.cc create mode 100644 src/variables/time_min.h create mode 100644 src/variables/time_mon.cc create mode 100644 src/variables/time_mon.h create mode 100644 src/variables/time_sec.cc create mode 100644 src/variables/time_sec.h create mode 100644 src/variables/time_wday.cc create mode 100644 src/variables/time_wday.h create mode 100644 src/variables/time_year.cc create mode 100644 src/variables/time_year.h create mode 100644 test/test-cases/regression/variable-TIME.json create mode 100644 test/test-cases/regression/variable-TIME_DAY.json create mode 100644 test/test-cases/regression/variable-TIME_EPOCH.json create mode 100644 test/test-cases/regression/variable-TIME_HOUR.json create mode 100644 test/test-cases/regression/variable-TIME_MIN.json create mode 100644 test/test-cases/regression/variable-TIME_MON.json create mode 100644 test/test-cases/regression/variable-TIME_SEC.json create mode 100644 test/test-cases/regression/variable-TIME_WDAY.json create mode 100644 test/test-cases/regression/variable-TIME_YEAR.json diff --git a/src/Makefile.am b/src/Makefile.am index 6dc198de..e810da35 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -28,6 +28,16 @@ pkginclude_HEADERS = \ ../headers/modsecurity/debug_log.h \ ../headers/modsecurity/intervention.h +VARIABLES = \ + variables/time.cc \ + variables/time_day.cc \ + variables/time_epoch.cc \ + variables/time_hour.cc \ + variables/time_min.cc \ + variables/time_mon.cc \ + variables/time_sec.cc \ + variables/time_wday.cc \ + variables/time_year.cc ACTIONS = \ actions/action.cc \ @@ -141,7 +151,8 @@ libmodsecurity_la_SOURCES = \ operators/str_match.cc \ operators/begins_with.cc \ ${ACTIONS} \ - ${UTILS} + ${UTILS} \ + ${VARIABLES} diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 18ed3e9a..ad087509 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -20,6 +20,15 @@ class Driver; #include "variable_modsec_build.h" #include "variable_highest_severity.h" #include "utils/geo_lookup.h" +#include "variables/time.h" +#include "variables/time_day.h" +#include "variables/time_epoch.h" +#include "variables/time_hour.h" +#include "variables/time_min.h" +#include "variables/time_mon.h" +#include "variables/time_sec.h" +#include "variables/time_wday.h" +#include "variables/time_year.h" using ModSecurity::actions::Action; using ModSecurity::actions::transformations::Transformation; @@ -31,6 +40,15 @@ using ModSecurity::VariableModsecBuild; using ModSecurity::VariableHighestSeverity; using ModSecurity::Rule; using ModSecurity::Utils::GeoLookup; +using ModSecurity::Variables::Time; +using ModSecurity::Variables::TimeDay; +using ModSecurity::Variables::TimeEpoch; +using ModSecurity::Variables::TimeHour; +using ModSecurity::Variables::TimeMin; +using ModSecurity::Variables::TimeMon; +using ModSecurity::Variables::TimeSec; +using ModSecurity::Variables::TimeWDay; +using ModSecurity::Variables::TimeYear; } // The parsing context. @@ -97,6 +115,16 @@ using ModSecurity::Utils::GeoLookup; %token RUN_TIME_VAR_BLD %token RUN_TIME_VAR_HSV +%token RUN_TIME_VAR_TIME +%token RUN_TIME_VAR_TIME_DAY +%token RUN_TIME_VAR_TIME_EPOCH +%token RUN_TIME_VAR_TIME_HOUR +%token RUN_TIME_VAR_TIME_MIN +%token RUN_TIME_VAR_TIME_MON +%token RUN_TIME_VAR_TIME_SEC +%token RUN_TIME_VAR_TIME_WDAY +%token RUN_TIME_VAR_TIME_YEAR + %token CONFIG_DIR_GEO_DB %token OPERATOR @@ -322,8 +350,115 @@ variables: variables->push_back(new VariableHighestSeverity($1)); $$ = variables; } + | RUN_TIME_VAR_TIME + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::Time($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_DAY + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeDay($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_EPOCH + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeEpoch($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_HOUR + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeHour($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_MIN + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeMin($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_MON + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeMon($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_SEC + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeSec($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_WDAY + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeWDay($1)); + $$ = variables; + } + | RUN_TIME_VAR_TIME_YEAR + { + std::vector *variables = new std::vector; + variables->push_back(new ModSecurity::Variables::TimeYear($1)); + $$ = variables; + } + | variables PIPE RUN_TIME_VAR_TIME + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::Time($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_DAY + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeDay($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_EPOCH + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeEpoch($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_HOUR + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeHour($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_MIN + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeMin($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_MON + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeMon($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_SEC + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeSec($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_WDAY + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeWDay($3)); + $$ = $1; + } + | variables PIPE RUN_TIME_VAR_TIME_YEAR + { + std::vector *v = $1; + v->push_back(new ModSecurity::Variables::TimeYear($3)); + $$ = $1; + } - actions: actions COMMA SPACE ACTION { diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 588fa74c..47d0b9b7 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -66,6 +66,16 @@ RUN_TIME_VAR_ENV (?i:ENV) RUN_TIME_VAR_BLD (?i:MODSEC_BUILD) RUN_TIME_VAR_HSV (?i:HIGHEST_SEVERITY) +RUN_TIME_VAR_TIME (?i:TIME) +RUN_TIME_VAR_TIME_DAY (?i:TIME_DAY) +RUN_TIME_VAR_TIME_EPOCH (?i:TIME_EPOCH) +RUN_TIME_VAR_TIME_HOUR (?i:TIME_HOUR) +RUN_TIME_VAR_TIME_MIN (?i:TIME_MIN) +RUN_TIME_VAR_TIME_MON (?i:TIME_MON) +RUN_TIME_VAR_TIME_SEC (?i:TIME_SEC) +RUN_TIME_VAR_TIME_WDAY (?i:TIME_WDAY) +RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR) + VARIABLENOCOLON (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE) CONFIG_VALUE_ON On @@ -122,6 +132,17 @@ FREE_TEXT_NEW_LINE [^\"|\n]+ {RUN_TIME_VAR_BLD} { return yy::seclang_parser::make_RUN_TIME_VAR_BLD(yytext, loc); } {RUN_TIME_VAR_HSV} { return yy::seclang_parser::make_RUN_TIME_VAR_HSV(yytext, loc); } +%{ /* Variables: TIME */ %} +{RUN_TIME_VAR_TIME} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME(yytext, loc); } +{RUN_TIME_VAR_TIME_DAY} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_DAY(yytext, loc); } +{RUN_TIME_VAR_TIME_EPOCH} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_EPOCH(yytext, loc); } +{RUN_TIME_VAR_TIME_HOUR} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_HOUR(yytext, loc); } +{RUN_TIME_VAR_TIME_MIN} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_MIN(yytext, loc); } +{RUN_TIME_VAR_TIME_MON} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_MON(yytext, loc); } +{RUN_TIME_VAR_TIME_SEC} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_SEC(yytext, loc); } +{RUN_TIME_VAR_TIME_WDAY} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_WDAY(yytext, loc); } +{RUN_TIME_VAR_TIME_YEAR} { return yy::seclang_parser::make_RUN_TIME_VAR_TIME_YEAR(yytext, loc); } + %{ /* Geo DB loopkup */ %} {CONFIG_DIR_GEO_DB}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_DIR_GEO_DB(strchr(yytext, ' ') + 1, loc); } diff --git a/src/variables/time.cc b/src/variables/time.cc new file mode 100644 index 00000000..52efd0c5 --- /dev/null +++ b/src/variables/time.cc @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + Time::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%H:%M:%S", &timeinfo); + + pair = std::make_pair(std::string("TIME"), + std::string(tstr)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time.h b/src/variables/time.h new file mode 100644 index 00000000..32e439d8 --- /dev/null +++ b/src/variables/time.h @@ -0,0 +1,44 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_H_ +#define SRC_VARIABLES_TIME_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class Time : public Variable { + public: + explicit Time(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_H_ diff --git a/src/variables/time_day.cc b/src/variables/time_day.cc new file mode 100644 index 00000000..df45ff0e --- /dev/null +++ b/src/variables/time_day.cc @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_day.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeDay::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%d", &timeinfo); + + pair = std::make_pair(std::string("TIME_DAY"), + std::string(tstr)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_day.h b/src/variables/time_day.h new file mode 100644 index 00000000..6b5981a3 --- /dev/null +++ b/src/variables/time_day.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_DAY_H_ +#define SRC_VARIABLES_TIME_DAY_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeDay : public Variable { + public: + explicit TimeDay(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_DAY_H_ diff --git a/src/variables/time_epoch.cc b/src/variables/time_epoch.cc new file mode 100644 index 00000000..9ddc9a70 --- /dev/null +++ b/src/variables/time_epoch.cc @@ -0,0 +1,50 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_epoch.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeEpoch::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + + pair = std::make_pair(std::string("TIME_EPOCH"), + std::to_string(std::time(nullptr))); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_epoch.h b/src/variables/time_epoch.h new file mode 100644 index 00000000..3dc5b06d --- /dev/null +++ b/src/variables/time_epoch.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_EPOCH_H_ +#define SRC_VARIABLES_TIME_EPOCH_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeEpoch : public Variable { + public: + explicit TimeEpoch(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_EPOCH_H_ diff --git a/src/variables/time_hour.cc b/src/variables/time_hour.cc new file mode 100644 index 00000000..bc56e50b --- /dev/null +++ b/src/variables/time_hour.cc @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_hour.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeHour::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%H", &timeinfo); + + pair = std::make_pair(std::string("TIME_HOUR"), + std::string(tstr)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_hour.h b/src/variables/time_hour.h new file mode 100644 index 00000000..bfc6c9c5 --- /dev/null +++ b/src/variables/time_hour.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_HOUR_H_ +#define SRC_VARIABLES_TIME_HOUR_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeHour : public Variable { + public: + explicit TimeHour(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_HOUR_H_ diff --git a/src/variables/time_min.cc b/src/variables/time_min.cc new file mode 100644 index 00000000..5400d049 --- /dev/null +++ b/src/variables/time_min.cc @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_min.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeMin::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%M", &timeinfo); + + pair = std::make_pair(std::string("TIME_MIN"), + std::string(tstr)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_min.h b/src/variables/time_min.h new file mode 100644 index 00000000..20255472 --- /dev/null +++ b/src/variables/time_min.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_MIN_H_ +#define SRC_VARIABLES_TIME_MIN_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeMin : public Variable { + public: + explicit TimeMin(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_MIN_H_ diff --git a/src/variables/time_mon.cc b/src/variables/time_mon.cc new file mode 100644 index 00000000..a4e68310 --- /dev/null +++ b/src/variables/time_mon.cc @@ -0,0 +1,61 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_mon.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeMon::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%m", &timeinfo); + int a = atoi(tstr); + a--; + + pair = std::make_pair(std::string("TIME_MON"), + std::to_string(a)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_mon.h b/src/variables/time_mon.h new file mode 100644 index 00000000..e5ac6e6b --- /dev/null +++ b/src/variables/time_mon.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_MON_H_ +#define SRC_VARIABLES_TIME_MON_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeMon : public Variable { + public: + explicit TimeMon(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_MON_H_ diff --git a/src/variables/time_sec.cc b/src/variables/time_sec.cc new file mode 100644 index 00000000..27c6fc6a --- /dev/null +++ b/src/variables/time_sec.cc @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_sec.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeSec::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%S", &timeinfo); + + pair = std::make_pair(std::string("TIME_SEC"), + std::string(tstr)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_sec.h b/src/variables/time_sec.h new file mode 100644 index 00000000..db918268 --- /dev/null +++ b/src/variables/time_sec.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_SEC_H_ +#define SRC_VARIABLES_TIME_SEC_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeSec : public Variable { + public: + explicit TimeSec(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_SEC_H_ diff --git a/src/variables/time_wday.cc b/src/variables/time_wday.cc new file mode 100644 index 00000000..045aec89 --- /dev/null +++ b/src/variables/time_wday.cc @@ -0,0 +1,61 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_wday.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeWDay::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%u", &timeinfo); + int a = atoi(tstr); + a--; + + pair = std::make_pair(std::string("TIME_WDAY"), + std::to_string(a)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_wday.h b/src/variables/time_wday.h new file mode 100644 index 00000000..3abb6936 --- /dev/null +++ b/src/variables/time_wday.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_WDAY_H_ +#define SRC_VARIABLES_TIME_WDAY_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeWDay : public Variable { + public: + explicit TimeWDay(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_WDAY_H_ diff --git a/src/variables/time_year.cc b/src/variables/time_year.cc new file mode 100644 index 00000000..2e223124 --- /dev/null +++ b/src/variables/time_year.cc @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "variables/time_year.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace Variables { + +std::list> + TimeYear::evaluate(Assay *assay) { + std::list> resl; + std::pair pair; + char tstr[200]; + struct tm timeinfo; + time_t timer; + + time(&timer); + memset(tstr, '\0', 200); + + localtime_r(&timer, &timeinfo); + strftime(tstr, 200, "%Y", &timeinfo); + + pair = std::make_pair(std::string("TIME_YEAR"), + std::string(tstr)); + resl.push_back(pair); + + return resl; +} + + +} // namespace Variables +} // namespace ModSecurity diff --git a/src/variables/time_year.h b/src/variables/time_year.h new file mode 100644 index 00000000..4fc21dc9 --- /dev/null +++ b/src/variables/time_year.h @@ -0,0 +1,43 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#ifndef SRC_VARIABLES_TIME_YEAR_H_ +#define SRC_VARIABLES_TIME_YEAR_H_ + +#include "src/variable.h" + +namespace ModSecurity { + +class Assay; +namespace Variables { + +class TimeYear : public Variable { + public: + explicit TimeYear(std::string _name) + : Variable(_name) { } + + std::list> + evaluate(Assay *assay) override; +}; + +} // namespace Variables +} // namespace ModSecurity + +#endif // SRC_VARIABLES_TIME_YEAR_H_ diff --git a/test/test-cases/regression/variable-TIME.json b/test/test-cases/regression/variable-TIME.json new file mode 100644 index 00000000..da5e1399 --- /dev/null +++ b/test/test-cases/regression/variable-TIME.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+):([0-9]+):([0-9]+)\" \\(Variable: TIME\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_DAY.json b/test/test-cases/regression/variable-TIME_DAY.json new file mode 100644 index 00000000..5344a530 --- /dev/null +++ b/test/test-cases/regression/variable-TIME_DAY.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_DAY", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_DAY\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_DAY \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_EPOCH.json b/test/test-cases/regression/variable-TIME_EPOCH.json new file mode 100644 index 00000000..91a8884c --- /dev/null +++ b/test/test-cases/regression/variable-TIME_EPOCH.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_EPOCH", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_EPOCH\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_EPOCH \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_HOUR.json b/test/test-cases/regression/variable-TIME_HOUR.json new file mode 100644 index 00000000..53a61e8a --- /dev/null +++ b/test/test-cases/regression/variable-TIME_HOUR.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_HOUR", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_HOUR\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_HOUR \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_MIN.json b/test/test-cases/regression/variable-TIME_MIN.json new file mode 100644 index 00000000..a876c69d --- /dev/null +++ b/test/test-cases/regression/variable-TIME_MIN.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_MIN", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_MIN\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_MIN \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_MON.json b/test/test-cases/regression/variable-TIME_MON.json new file mode 100644 index 00000000..13f8e560 --- /dev/null +++ b/test/test-cases/regression/variable-TIME_MON.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_MON", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_MON\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_MON \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_SEC.json b/test/test-cases/regression/variable-TIME_SEC.json new file mode 100644 index 00000000..32cceca6 --- /dev/null +++ b/test/test-cases/regression/variable-TIME_SEC.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_SEC", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_SEC\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_SEC \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_WDAY.json b/test/test-cases/regression/variable-TIME_WDAY.json new file mode 100644 index 00000000..cf70d802 --- /dev/null +++ b/test/test-cases/regression/variable-TIME_WDAY.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_WDAY", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_WDAY\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_WDAY \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file diff --git a/test/test-cases/regression/variable-TIME_YEAR.json b/test/test-cases/regression/variable-TIME_YEAR.json new file mode 100644 index 00000000..451b24f3 --- /dev/null +++ b/test/test-cases/regression/variable-TIME_YEAR.json @@ -0,0 +1,45 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: TIME_YEAR", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.11", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_YEAR\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule TIME_YEAR \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] \ No newline at end of file