github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds PoC about 1-time variable resolution and draft for offset

Browse Source 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
This commit is contained in:
Felipe Zimmerle
2017-01-12 15:27:42 -03:00
committed by Felipe Zimmerle
parent 6abbb7e91e
commit 703da3c4f0
7 changed files with 2389 additions and 2301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.am
View File

@@ -66,6 +66,7 @@ noinst_HEADERS = \
VARIABLES = \
variables/args_names.cc \
variables/duration.cc \
variables/env.cc \
variables/highest_severity.cc \

2539
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

2077
src/parser/seclang-parser.hh
View File

File diff suppressed because it is too large Load Diff

9
src/parser/seclang-parser.yy
View File

@@ -144,6 +144,7 @@ class Driver;
#include "src/utils/geo_lookup.h"
#include "src/utils/string.h"
#include "src/utils/system.h"
#include "src/variables/args_names.h"
#include "src/variables/xml.h"
#include "src/variables/duration.h"
#include "src/variables/env.h"
@@ -257,6 +258,7 @@ using modsecurity::operators::Operator;
COMMA ","
PIPE
NEW_LINE
VARIABLE_ARGS_NAMES "Variable ARGS_NAMES"
;
%token <std::string>
@@ -1135,7 +1137,12 @@ variables:
;
var:
VARIABLE
VARIABLE_ARGS_NAMES
{
std::unique_ptr<Variable> c(new Variables::ArgsNames());
$$ = std::move(c);
}
| VARIABLE
{
std::string name($1);
char z = name.at(0);

5
src/parser/seclang-scanner.ll
View File

@@ -244,7 +244,8 @@ RUN_TIME_VAR_TIME_WDAY (?i:TIME_WDAY)
RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR)
RUN_TIME_VAR_XML (?i:XML)
VARIABLENOCOLON (?i:URLENCODED_ERROR|REQBODY_PROCESSOR_ERROR_MSG|REQBODY_PROCESSOR_ERROR|REQBODY_PROCESSOR|REQBODY_ERROR_MSG|REQBODY_ERROR|MULTIPART_FILE_LIMIT_EXCEEDED|MULTIPART_INVALID_QUOTING|MULTIPART_HEADER_FOLDING|MULTIPART_INVALID_HEADER_FOLDING|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE)
VARIABLE (?i:(SERVER_NAME|MULTIPART_DATA_AFTER|RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_TMPNAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|USERID|SESSIONID))
VARIABLE (?i:(SERVER_NAME|MULTIPART_DATA_AFTER|RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_TMPNAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|USERID|SESSIONID))
VARIABLE_ARGS_NAMES (?i:ARGS_NAMES)
VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|REQUEST_COOKIES_NAMES))
VARIABLE_STATUS (?i:(STATUS[^:]))
VARIABLE_TX (?i:TX)
@@ -487,6 +488,8 @@ NEW_LINE [\n\r]+
<EXPECTING_VARIABLE>{
{VARIABLE_ARGS_NAMES} { return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
[!&]?{RUN_TIME_VAR_BLD} { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_DUR} { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_ENV}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }

13
src/transaction.cc
View File

@@ -111,7 +111,6 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
m_highestSeverityAction(255),
m_ARGScombinedSize(0),
m_ARGScombinedSizeStr(NULL),
m_namesArgs(NULL),
m_namesArgsPost(NULL),
m_namesArgsGet(NULL),
m_requestBodyType(UnknownFormat),
@@ -130,15 +129,14 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
ms->m_session_collection, ms->m_user_collection,
ms->m_resource_collection),
m_json(new RequestBodyProcessor::JSON(this)),
m_xml(new RequestBodyProcessor::XML(this)) {
m_xml(new RequestBodyProcessor::XML(this)),
TransactionAnchoredVariables(this) {
m_id = std::to_string(this->m_timeStamp) + \
std::to_string(modsecurity::utils::generate_transaction_unique_id());
m_rules->incrementReferenceCount();
m_collections.store("ARGS_COMBINED_SIZE", std::string("0"));
m_ARGScombinedSizeStr = m_collections.resolveFirst("ARGS_COMBINED_SIZE");
m_collections.store("ARGS_NAMES", std::string(""));
this->m_namesArgs = m_collections.resolveFirst("ARGS_NAMES");
m_collections.store("ARGS_POST_NAMES", std::string(""));
this->m_namesArgsPost = m_collections.resolveFirst("ARGS_POST_NAMES");
m_collections.store("ARGS_GET_NAMES", std::string(""));
@@ -328,11 +326,8 @@ bool Transaction::addArgument(const std::string& orig, const std::string& key,
}
}
if (m_namesArgs->empty()) {
m_namesArgs->assign(key);
} else {
m_namesArgs->assign(*m_namesArgs + " " + key);
}
m_variableArgsNames.append(key, 0, true);
this->m_ARGScombinedSize = this->m_ARGScombinedSize + \
key.length() + value.length();