mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 11:44:32 +03:00
Adds support for RunTimeString
Using RunTimeStrings instead of runtime parser for macro expansion.
This commit is contained in:
Felipe Zimmerle
@@ -30,17 +30,14 @@ namespace disruptive {
|
||||
|
||||
|
||||
bool Redirect::init(std::string *error) {
|
||||
m_url = m_parser_payload;
|
||||
m_url = utils::string::parserSanitizer(m_url);
|
||||
m_status = 302;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool Redirect::evaluate(Rule *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) {
|
||||
m_urlExpanded = MacroExpansion::expand(m_url, transaction);
|
||||
|
||||
std::shared_ptr<RuleMessage> rm) {
|
||||
std::string m_urlExpanded(m_string->evaluate(transaction));
|
||||
/* if it was changed before, lets keep it. */
|
||||
if (transaction->m_it.status == 200) {
|
||||
transaction->m_it.status = m_status;
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "modsecurity/rule_message.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_
|
||||
#define SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_
|
||||
@@ -36,9 +37,11 @@ class Redirect : public Action {
|
||||
public:
|
||||
explicit Redirect(const std::string &action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_status(0),
|
||||
m_urlExpanded(""),
|
||||
m_url("") { }
|
||||
m_status(0) { }
|
||||
|
||||
explicit Redirect(std::unique_ptr<RunTimeString> z)
|
||||
: Action("redirert", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
@@ -47,8 +50,7 @@ class Redirect : public Action {
|
||||
|
||||
private:
|
||||
int m_status;
|
||||
std::string m_urlExpanded;
|
||||
std::string m_url;
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ namespace actions {
|
||||
bool InitCol::init(std::string *error) {
|
||||
int posEquals = m_parser_payload.find("=");
|
||||
|
||||
if (m_parser_payload.size() < 8) {
|
||||
if (m_parser_payload.size() < 2) {
|
||||
error->assign("Something wrong with initcol format: too small");
|
||||
return false;
|
||||
}
|
||||
@@ -42,7 +42,6 @@ bool InitCol::init(std::string *error) {
|
||||
}
|
||||
|
||||
m_collection_key = std::string(m_parser_payload, 0, posEquals);
|
||||
m_collection_value = std::string(m_parser_payload, posEquals + 1);
|
||||
|
||||
if (m_collection_key != "ip" &&
|
||||
m_collection_key != "global" &&
|
||||
@@ -57,9 +56,7 @@ bool InitCol::init(std::string *error) {
|
||||
|
||||
|
||||
bool InitCol::evaluate(Rule *rule, Transaction *t) {
|
||||
std::string collectionName;
|
||||
collectionName = MacroExpansion::expand(m_collection_value, t);
|
||||
|
||||
std::string collectionName(m_string->evaluate(t));
|
||||
|
||||
if (m_collection_key == "ip") {
|
||||
t->m_collections.m_ip_collection_key = collectionName;
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_INIT_COL_H_
|
||||
#define SRC_ACTIONS_INIT_COL_H_
|
||||
@@ -31,11 +32,15 @@ class InitCol : public Action {
|
||||
public:
|
||||
explicit InitCol(std::string action) : Action(action) { }
|
||||
|
||||
InitCol(std::string action, std::unique_ptr<RunTimeString> z)
|
||||
: Action(action, RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
private:
|
||||
std::string m_collection_key;
|
||||
std::string m_collection_value;
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -39,7 +39,8 @@ bool LogData::evaluate(Rule *rule, Transaction *transaction,
|
||||
}
|
||||
|
||||
std::string LogData::data(Transaction *transaction) {
|
||||
return MacroExpansion::expand(m_parser_payload, transaction);
|
||||
std::string a(m_string->evaluate(transaction));
|
||||
return a;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <memory>
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_LOG_DATA_H_
|
||||
#define SRC_ACTIONS_LOG_DATA_H_
|
||||
@@ -33,10 +34,16 @@ class LogData : public Action {
|
||||
explicit LogData(std::string action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
explicit LogData(std::unique_ptr<RunTimeString> z)
|
||||
: Action("logdata", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
|
||||
std::string data(Transaction *Transaction);
|
||||
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -61,8 +61,9 @@ bool Msg::evaluate(Rule *rule, Transaction *transaction,
|
||||
}
|
||||
|
||||
|
||||
std::string Msg::data(Transaction *transaction) {
|
||||
return MacroExpansion::expand(m_parser_payload, transaction);
|
||||
std::string Msg::data(Transaction *t) {
|
||||
std::string a(m_string->evaluate(t));
|
||||
return a;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "modsecurity/rule_message.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_MSG_H_
|
||||
#define SRC_ACTIONS_MSG_H_
|
||||
@@ -34,10 +35,15 @@ class Msg : public Action {
|
||||
explicit Msg(std::string action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
explicit Msg(std::unique_ptr<RunTimeString> z)
|
||||
: Action("msg", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
|
||||
std::string data(Transaction *Transaction);
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -28,20 +28,12 @@ namespace actions {
|
||||
|
||||
|
||||
bool SetRSC::init(std::string *error) {
|
||||
m_collection_key = std::string(m_parser_payload, 0,
|
||||
m_parser_payload.length());
|
||||
|
||||
if (m_collection_key.empty()) {
|
||||
error->assign("Missing collection key");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool SetRSC::evaluate(Rule *rule, Transaction *t) {
|
||||
std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
|
||||
std::string colNameExpanded(m_string->evaluate(t));
|
||||
|
||||
#ifndef NO_LOGS
|
||||
t->debug(8, "RESOURCE initiated with value: \'"
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_SET_RSC_H_
|
||||
#define SRC_ACTIONS_SET_RSC_H_
|
||||
@@ -32,11 +33,15 @@ class SetRSC : public Action {
|
||||
explicit SetRSC(std::string _action)
|
||||
: Action(_action) { }
|
||||
|
||||
explicit SetRSC(std::unique_ptr<RunTimeString> z)
|
||||
: Action("setsrc", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
|
||||
private:
|
||||
std::string m_collection_key;
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -28,20 +28,12 @@ namespace actions {
|
||||
|
||||
|
||||
bool SetSID::init(std::string *error) {
|
||||
m_collection_key = std::string(m_parser_payload, 0,
|
||||
m_parser_payload.length());
|
||||
|
||||
if (m_collection_key.empty()) {
|
||||
error->assign("Missing collection key");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool SetSID::evaluate(Rule *rule, Transaction *t) {
|
||||
std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
|
||||
std::string colNameExpanded(m_string->evaluate(t));
|
||||
|
||||
#ifndef NO_LOGS
|
||||
t->debug(8, "Session ID initiated with value: \'"
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_SET_SID_H_
|
||||
#define SRC_ACTIONS_SET_SID_H_
|
||||
@@ -32,11 +33,15 @@ class SetSID : public Action {
|
||||
explicit SetSID(std::string _action)
|
||||
: Action(_action) { }
|
||||
|
||||
explicit SetSID(std::unique_ptr<RunTimeString> z)
|
||||
: Action("setsid", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
|
||||
private:
|
||||
std::string m_collection_key;
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -28,20 +28,12 @@ namespace actions {
|
||||
|
||||
|
||||
bool SetUID::init(std::string *error) {
|
||||
m_collection_key = std::string(m_parser_payload, 0,
|
||||
m_parser_payload.length());
|
||||
|
||||
if (m_collection_key.empty()) {
|
||||
error->assign("Missing collection key");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool SetUID::evaluate(Rule *rule, Transaction *t) {
|
||||
std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
|
||||
std::string colNameExpanded(m_string->evaluate(t));
|
||||
|
||||
#ifndef NO_LOGS
|
||||
t->debug(8, "User collection initiated with value: \'"
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <string>
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_SET_UID_H_
|
||||
#define SRC_ACTIONS_SET_UID_H_
|
||||
@@ -32,11 +33,15 @@ class SetUID : public Action {
|
||||
explicit SetUID(std::string _action)
|
||||
: Action(_action) { }
|
||||
|
||||
explicit SetUID(std::unique_ptr<RunTimeString> z)
|
||||
: Action("setuid", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
|
||||
private:
|
||||
std::string m_collection_key;
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ namespace actions {
|
||||
|
||||
|
||||
std::string Tag::getName(Transaction *transaction) {
|
||||
std::string tag = MacroExpansion::expand(m_parser_payload, transaction);
|
||||
std::string tag(m_string->evaluate(transaction));
|
||||
return tag;
|
||||
}
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <memory>
|
||||
|
||||
#include "modsecurity/actions/action.h"
|
||||
#include "src/run_time_string.h"
|
||||
|
||||
#ifndef SRC_ACTIONS_TAG_H_
|
||||
#define SRC_ACTIONS_TAG_H_
|
||||
@@ -33,10 +34,16 @@ class Tag : public Action {
|
||||
explicit Tag(std::string action)
|
||||
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||
|
||||
explicit Tag(std::unique_ptr<RunTimeString> z)
|
||||
: Action("tag", RunTimeOnlyIfMatchKind),
|
||||
m_string(std::move(z)) { }
|
||||
|
||||
std::string getName(Transaction *transaction);
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override;
|
||||
|
||||
std::unique_ptr<RunTimeString> m_string;
|
||||
};
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user