github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds partial support to UpdateActionById

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-09-26 15:57:02 -03:00
parent 68398a51f3
commit 74841779f8
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
16 changed files with 922 additions and 712 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
headers/modsecurity/rule.h
View File

@ -74,11 +74,12 @@ class Rule {
void cleanMatchedVars(Transaction *trasn); void cleanMatchedVars(Transaction *trasn);
void updateRulesVariable(Transaction *trasn); void updateRulesVariable(Transaction *trasn);
std::vector<std::string> getActionNames(); //std::vector<std::string> getActionNames();
std::vector<actions::Action *> getActionsByName(const std::string& name); std::vector<actions::Action *> getActionsByName(const std::string& name,
Transaction *t);
bool containsTag(const std::string& name, Transaction *t); bool containsTag(const std::string& name, Transaction *t);
bool containsMsg(const std::string& name, Transaction *t); bool containsMsg(const std::string& name, Transaction *t);
bool containsDisruptiveAction(); bool containsStaticDisruptiveAction();
int refCountDecreaseAndCheck() { int refCountDecreaseAndCheck() {
m_referenceCount--; m_referenceCount--;

17
headers/modsecurity/rules_exceptions.h
View File

@ -35,6 +35,9 @@
namespace modsecurity { namespace modsecurity {
namespace actions {
class Action;
}
namespace Variables { namespace Variables {
class Variable; class Variable;
} }
@ -65,12 +68,20 @@ class RulesExceptions {
std::unique_ptr<std::vector<std::unique_ptr<Variables::Variable> > > v, std::unique_ptr<std::vector<std::unique_ptr<Variables::Variable> > > v,
std::string *error); std::string *error);
bool loadUpdateActionById(double id,
std::unique_ptr<std::vector<std::unique_ptr<actions::Action> > > actions,
std::string *error);
std::unordered_multimap<std::shared_ptr<std::string>, std::unordered_multimap<std::shared_ptr<std::string>,
std::unique_ptr<Variables::Variable>> m_variable_update_target_by_tag; std::unique_ptr<Variables::Variable>> m_variable_update_target_by_tag;
std::unordered_multimap<std::shared_ptr<std::string>, std::unordered_multimap<std::shared_ptr<std::string>,
std::unique_ptr<Variables::Variable>> m_variable_update_target_by_msg; std::unique_ptr<Variables::Variable>> m_variable_update_target_by_msg;
std::unordered_multimap<double, std::unordered_multimap<double,
std::unique_ptr<Variables::Variable>> m_variable_update_target_by_id; std::unique_ptr<Variables::Variable>> m_variable_update_target_by_id;
std::unordered_multimap<double,
std::unique_ptr<actions::Action>> m_action_pre_update_target_by_id;
std::unordered_multimap<double,
std::unique_ptr<actions::Action>> m_action_pos_update_target_by_id;
std::list<std::string> m_remove_rule_by_msg; std::list<std::string> m_remove_rule_by_msg;
std::list<std::string> m_remove_rule_by_tag; std::list<std::string> m_remove_rule_by_tag;

2
src/operators/detect_sqli.cc
View File

@ -41,7 +41,7 @@ bool DetectSQLi::evaluate(Transaction *t, Rule *rule,
input + "'"); input + "'");
#endif #endif
if (rule && t if (rule && t
&& rule->getActionsByName("capture").size() > 0) { && rule->getActionsByName("capture", t).size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(fingerprint)); "0", std::string(fingerprint));
#ifndef NO_LOGS #ifndef NO_LOGS

2
src/operators/detect_xss.cc
View File

@ -37,7 +37,7 @@ bool DetectXSS::evaluate(Transaction *t, Rule *rule,
t->debug(5, "detected XSS using libinjection."); t->debug(5, "detected XSS using libinjection.");
#endif #endif
if (rule && t if (rule && t
&& rule->getActionsByName("capture").size() > 0) { && rule->getActionsByName("capture", t).size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(input)); "0", std::string(input));
#ifndef NO_LOGS #ifndef NO_LOGS

3
src/operators/pm.cc
View File

@ -96,7 +96,8 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
#ifdef MODSEC_MUTEX_ON_PM #ifdef MODSEC_MUTEX_ON_PM
pthread_mutex_unlock(&m_lock); pthread_mutex_unlock(&m_lock);
#endif #endif
bool capture = rule && rule->getActionsByName("capture").size() > 0; bool capture = rule && rule->getActionsByName("capture",
transaction).size() > 0;
if (rc > 0 && transaction) { if (rc > 0 && transaction) {
std::string match_(match); std::string match_(match);

2
src/operators/rbl.cc
View File

@ -223,7 +223,7 @@ bool Rbl::evaluate(Transaction *t, Rule *rule,
freeaddrinfo(info); freeaddrinfo(info);
if (rule && t if (rule && t
&& rule->getActionsByName("capture").size() > 0) { && rule->getActionsByName("capture", t).size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(ipStr)); "0", std::string(ipStr));
#ifndef NO_LOGS #ifndef NO_LOGS

3
src/operators/rx.cc
View File

@ -54,7 +54,8 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
} }
matches = re->searchAll(input); matches = re->searchAll(input);
if (rule && rule->getActionsByName("capture").size() > 0 && transaction) { if (rule && rule->getActionsByName("capture",
transaction).size() > 0 && transaction) {
int i = 0; int i = 0;
matches.reverse(); matches.reverse();
for (const SMatch& a : matches) { for (const SMatch& a : matches) {

2
src/operators/verify_cc.cc
View File

@ -143,7 +143,7 @@ bool VerifyCC::evaluate(Transaction *t, Rule *rule,
if (is_cc) { if (is_cc) {
if (t) { if (t) {
if (rule && t if (rule && t
&& rule->getActionsByName("capture").size() > 0) { && rule->getActionsByName("capture", t).size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(match)); "0", std::string(match));
#ifndef NO_LOGS #ifndef NO_LOGS

2
src/operators/verify_cpf.cc
View File

@ -134,7 +134,7 @@ bool VerifyCPF::evaluate(Transaction *t, Rule *rule,
if (is_cpf) { if (is_cpf) {
logOffset(ruleMessage, i.m_offset, i.m_length); logOffset(ruleMessage, i.m_offset, i.m_length);
if (rule && t if (rule && t
&& rule->getActionsByName("capture").size() > 0) { && rule->getActionsByName("capture", t).size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(i.match)); "0", std::string(i.match));
#ifndef NO_LOGS #ifndef NO_LOGS

2
src/operators/verify_ssn.cc
View File

@ -125,7 +125,7 @@ bool VerifySSN::evaluate(Transaction *t, Rule *rule,
if (is_ssn) { if (is_ssn) {
logOffset(ruleMessage, i.m_offset, i.m_length); logOffset(ruleMessage, i.m_offset, i.m_length);
if (rule && t if (rule && t
&& rule->getActionsByName("capture").size() > 0) { && rule->getActionsByName("capture", t).size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(i.match)); "0", std::string(i.match));
#ifndef NO_LOGS #ifndef NO_LOGS

4
src/parser/driver.cc
View File

@ -81,7 +81,7 @@ int Driver::addSecRule(Rule *rule) {
if (lastRule->m_chainedRule == NULL) { if (lastRule->m_chainedRule == NULL) {
rule->m_phase = lastRule->m_phase; rule->m_phase = lastRule->m_phase;
lastRule->m_chainedRule = rule; lastRule->m_chainedRule = rule;
if (rule->containsDisruptiveAction()) { if (rule->containsStaticDisruptiveAction()) {
m_parserError << "Disruptive actions can only be specified by"; m_parserError << "Disruptive actions can only be specified by";
m_parserError << " chain starter rules."; m_parserError << " chain starter rules.";
return false; return false;
@ -94,7 +94,7 @@ int Driver::addSecRule(Rule *rule) {
} }
if (a->m_chained && a->m_chainedRule == NULL) { if (a->m_chained && a->m_chainedRule == NULL) {
a->m_chainedRule = rule; a->m_chainedRule = rule;
if (a->containsDisruptiveAction()) { if (a->containsStaticDisruptiveAction()) {
m_parserError << "Disruptive actions can only be "; m_parserError << "Disruptive actions can only be ";
m_parserError << "specified by chain starter rules."; m_parserError << "specified by chain starter rules.";
return false; return false;

1360
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

12
src/parser/seclang-parser.yy
View File

@ -1513,12 +1513,16 @@ expression:
} }
std::vector<actions::Action *> *a = new std::vector<actions::Action *>(); if (driver.m_exceptions.loadUpdateActionById(ruleId, std::move($2), &error) == false) {
for (auto &i : *$2.get()) { std::stringstream ss;
a->push_back(i.release()); ss << "SecRuleUpdateActionById: failed to load:";
ss << $1;
ss << ". ";
ss << error;
driver.error(@0, ss.str());
YYERROR;
} }
driver.error(@0, "SecRuleUpdateActionById is not yet supported");
YYERROR; YYERROR;
} }
/* Debug log: start */ /* Debug log: start */

188
src/rule.cc
View File

@ -161,7 +161,7 @@ Rule::~Rule() {
} }
} }
/*
std::vector<std::string> Rule::getActionNames() { std::vector<std::string> Rule::getActionNames() {
std::vector<std::string> a; std::vector<std::string> a;
for (auto &z : this->m_actionsRuntimePos) { for (auto &z : this->m_actionsRuntimePos) {
@ -173,10 +173,25 @@ std::vector<std::string> Rule::getActionNames() {
for (auto &z : this->m_actionsConf) { for (auto &z : this->m_actionsConf) {
a.push_back(z->m_name); a.push_back(z->m_name);
} }
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *z = dynamic_cast<actions::Action*>(b.second.get());
a.push_back(z->m_name);
}
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *z = dynamic_cast<actions::Action*>(b.second.get());
a.push_back(z->m_name);
}
return a; return a;
} }
*/
bool Rule::evaluateActions(Transaction *trans) { bool Rule::evaluateActions(Transaction *trans) {
return true; return true;
@ -216,21 +231,21 @@ void Rule::updateRulesVariable(Transaction *trans) {
trans->m_variableRule.set("rev", trans->m_variableRule.set("rev",
m_rev, 0); m_rev, 0);
} }
if (getActionsByName("msg").size() > 0) { if (getActionsByName("msg", trans).size() > 0) {
actions::Msg *msg = dynamic_cast<actions::Msg*>( actions::Msg *msg = dynamic_cast<actions::Msg*>(
getActionsByName("msg")[0]); getActionsByName("msg", trans)[0]);
trans->m_variableRule.set("msg", trans->m_variableRule.set("msg",
msg->data(trans), 0); msg->data(trans), 0);
} }
if (getActionsByName("logdata").size() > 0) { if (getActionsByName("logdata", trans).size() > 0) {
actions::LogData *data = dynamic_cast<actions::LogData*>( actions::LogData *data = dynamic_cast<actions::LogData*>(
getActionsByName("logdata")[0]); getActionsByName("logdata", trans)[0]);
trans->m_variableRule.set("logdata", trans->m_variableRule.set("logdata",
data->data(trans), 0); data->data(trans), 0);
} }
if (getActionsByName("severity").size() > 0) { if (getActionsByName("severity", trans).size() > 0) {
actions::Severity *data = dynamic_cast<actions::Severity*>( actions::Severity *data = dynamic_cast<actions::Severity*>(
getActionsByName("severity")[0]); getActionsByName("severity", trans)[0]);
trans->m_variableRule.set("severity", trans->m_variableRule.set("severity",
std::to_string(data->m_severity), 0); std::to_string(data->m_severity), 0);
} }
@ -256,6 +271,30 @@ void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
#ifndef NO_LOGS #ifndef NO_LOGS
trans->debug(4, "Running [independent] (non-disruptive) " \ trans->debug(4, "Running [independent] (non-disruptive) " \
"action: " + a->m_name); "action: " + a->m_name);
#endif
a->evaluate(this, trans, ruleMessage);
}
}
}
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
if (a->isDisruptive() == true) {
if (a->m_name == "block") {
#ifndef NO_LOGS
trans->debug(9, "Rule contains a `block' action");
*containsBlock = true;
#endif
}
} else {
if (a->m_name == "setvar" || a->m_name == "msg"
|| a->m_name == "log") {
#ifndef NO_LOGS
trans->debug(4, "Running [independent] (non-disruptive) " \
"action: " + a->m_name);
#endif #endif
a->evaluate(this, trans, ruleMessage); a->evaluate(this, trans, ruleMessage);
} }
@ -401,6 +440,56 @@ std::list<std::pair<std::shared_ptr<std::string>,
none--; none--;
} }
} }
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
if (a->m_isNone) {
none++;
}
}
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
if (none == 0) {
newValue = std::shared_ptr<std::string>(
new std::string(a->evaluate(*value, trans)));
if (multiMatch == true) {
if (*value != *newValue) {
ret.push_back(std::make_pair(
newValue,
transStr));
value = newValue;
}
}
value = newValue;
#ifndef NO_LOGS
trans->debug(9, " T (" + \
std::to_string(transformations) + ") " + \
a->m_name + ": \"" + \
utils::string::limitTo(80, *value) + "\"");
#endif
if (transStr->empty()) {
transStr->append(a->m_name);
} else {
transStr->append("," + a->m_name);
}
transformations++;
}
if (a->m_isNone) {
none--;
}
}
if (multiMatch == true) { if (multiMatch == true) {
// v2 checks the last entry twice. Don't know why. // v2 checks the last entry twice. Don't know why.
ret.push_back(ret.back()); ret.push_back(ret.back());
@ -704,6 +793,36 @@ void Rule::executeActionsAfterFullMatch(Transaction *trans,
continue; continue;
} }
#ifndef NO_LOGS
trans->debug(4, "Not running disruptive action: " + \
a->m_name + ". SecRuleEngine is not On");
#endif
}
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
if (a->isDisruptive() == false) {
if (a->m_name != "setvar" && a->m_name != "log"
&& a->m_name != "msg") {
#ifndef NO_LOGS
trans->debug(4, "Running (non-disruptive) action: " \
+ a->m_name);
#endif
a->evaluate(this, trans, ruleMessage);
}
continue;
}
if (trans->getRuleEngineState() == Rules::EnabledRuleEngine) {
#ifndef NO_LOGS
trans->debug(4, "Running (disruptive) action: " + a->m_name);
#endif
a->evaluate(this, trans, ruleMessage);
continue;
}
#ifndef NO_LOGS #ifndef NO_LOGS
trans->debug(4, "Not running disruptive action: " + \ trans->debug(4, "Not running disruptive action: " + \
a->m_name + ". SecRuleEngine is not On"); a->m_name + ". SecRuleEngine is not On");
@ -789,7 +908,7 @@ bool Rule::evaluate(Transaction *trans,
std::list<std::pair<std::shared_ptr<std::string>, std::list<std::pair<std::shared_ptr<std::string>,
std::shared_ptr<std::string>>> values; std::shared_ptr<std::string>>> values;
bool multiMatch = getActionsByName("multimatch").size() > 0; bool multiMatch = getActionsByName("multimatch", trans).size() > 0;
values = executeDefaultTransformations(trans, value, values = executeDefaultTransformations(trans, value,
multiMatch); multiMatch);
@ -861,7 +980,7 @@ end_exec:
} }
bool Rule::containsDisruptiveAction() { bool Rule::containsStaticDisruptiveAction() {
for (Action *a : m_actionsRuntimePos) { for (Action *a : m_actionsRuntimePos) {
if (a->isDisruptive() == true) { if (a->isDisruptive() == true) {
return true; return true;
@ -877,12 +996,13 @@ bool Rule::containsDisruptiveAction() {
return true; return true;
} }
} }
return false; return false;
} }
std::vector<actions::Action *> Rule::getActionsByName(const std::string& name) {
std::vector<actions::Action *> Rule::getActionsByName(const std::string& name,
Transaction *trans) {
std::vector<actions::Action *> ret; std::vector<actions::Action *> ret;
for (auto &z : m_actionsRuntimePos) { for (auto &z : m_actionsRuntimePos) {
if (z->m_name == name) { if (z->m_name == name) {
@ -899,6 +1019,26 @@ std::vector<actions::Action *> Rule::getActionsByName(const std::string& name) {
ret.push_back(z); ret.push_back(z);
} }
} }
for (auto &b :
trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *z = dynamic_cast<actions::Action*>(b.second.get());
if (z->m_name == name) {
ret.push_back(z);
}
}
for (auto &b :
trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *z = dynamic_cast<actions::Action*>(b.second.get());
if (z->m_name == name) {
ret.push_back(z);
}
}
return ret; return ret;
} }
@ -910,6 +1050,17 @@ bool Rule::containsTag(const std::string& name, Transaction *t) {
return true; return true;
} }
} }
for (auto &b :
t->m_rules->m_exceptions.m_action_pos_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
actions::Tag *tag = dynamic_cast<actions::Tag *> (a);
if (tag != NULL && tag->getName(t) == name) {
return true;
}
}
return false; return false;
} }
@ -921,6 +1072,17 @@ bool Rule::containsMsg(const std::string& name, Transaction *t) {
return true; return true;
} }
} }
for (auto &b :
t->m_rules->m_exceptions.m_action_pos_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
actions::Msg *msg = dynamic_cast<actions::Msg *> (a);
if (msg != NULL && msg->data(t) == name) {
return true;
}
}
return false; return false;
} }

26
src/rules_exceptions.cc
View File

@ -31,6 +31,32 @@ RulesExceptions::~RulesExceptions() {
} }
bool RulesExceptions::loadUpdateActionById(double id,
std::unique_ptr<std::vector<std::unique_ptr<actions::Action> > > actions,
std::string *error) {
for (auto &a : *actions) {
if (a->action_kind == actions::Action::ConfigurationKind) {
std::cout << "General failure, action: " << a->m_name;
std::cout << " has not expected to be used with UpdateActionByID.";
std::cout << std::endl;
} else if (a->action_kind
== actions::Action::RunTimeBeforeMatchAttemptKind) {
m_action_pre_update_target_by_id.emplace(std::pair<double,
std::unique_ptr<actions::Action>>(id , std::move(a)));
} else if (a->action_kind == actions::Action::RunTimeOnlyIfMatchKind) {
m_action_pos_update_target_by_id.emplace(std::pair<double,
std::unique_ptr<actions::Action>>(id , std::move(a)));
} else {
std::cout << "General failure, action: " << a->m_name;
std::cout << " has an unknown type." << std::endl;
}
}
return true;
}
bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg, bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg,
std::string *error) { std::string *error) {
m_remove_rule_by_msg.push_back(msg); m_remove_rule_by_msg.push_back(msg);

2
src/variables/xml.cc
View File

@ -93,7 +93,7 @@ void XML::evaluate(Transaction *t,
t->debug(2, "XML: Can't look for xmlns, internal error."); t->debug(2, "XML: Can't look for xmlns, internal error.");
#endif #endif
} else { } else {
std::vector<actions::Action *> acts = rule->getActionsByName("xmlns"); std::vector<actions::Action *> acts = rule->getActionsByName("xmlns", t);
for (auto &x : acts) { for (auto &x : acts) {
actions::XmlNS *z = (actions::XmlNS *)x; actions::XmlNS *z = (actions::XmlNS *)x;
if (xmlXPathRegisterNs(xpathCtx, (const xmlChar*)z->m_scope.c_str(), if (xmlXPathRegisterNs(xpathCtx, (const xmlChar*)z->m_scope.c_str(),