diff --git a/headers/modsecurity/collection/collections.h b/headers/modsecurity/collection/collections.h index 6e83c1e7..113c959c 100644 --- a/headers/modsecurity/collection/collections.h +++ b/headers/modsecurity/collection/collections.h @@ -45,7 +45,8 @@ namespace collection { class Collections : public std::unordered_map { public: - Collections(Collection *global, Collection *ip, Collection *session); + Collections(Collection *global, Collection *ip, Collection *session, + Collection *user); ~Collections(); void store(std::string key, std::string value); @@ -87,10 +88,12 @@ class Collections : std::string m_global_collection_key; std::string m_ip_collection_key; std::string m_session_collection_key; + std::string m_user_collection_key; Collection *m_global_collection; Collection *m_ip_collection; Collection *m_session_collection; + Collection *m_user_collection; }; } // namespace collection diff --git a/headers/modsecurity/modsecurity.h b/headers/modsecurity/modsecurity.h index 094fcb66..e8de6c36 100644 --- a/headers/modsecurity/modsecurity.h +++ b/headers/modsecurity/modsecurity.h @@ -225,6 +225,7 @@ class ModSecurity { collection::Collection *m_global_collection; collection::Collection *m_ip_collection; collection::Collection *m_session_collection; + collection::Collection *m_user_collection; private: std::string m_connector; diff --git a/src/Makefile.am b/src/Makefile.am index 8f5c5e56..57113a2b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -80,6 +80,7 @@ ACTIONS = \ actions/rule_id.cc \ actions/severity.cc \ actions/set_sid.cc \ + actions/set_uid.cc \ actions/set_var.cc \ actions/status.cc \ actions/skip_after.cc \ diff --git a/src/actions/set_uid.cc b/src/actions/set_uid.cc new file mode 100644 index 00000000..b3380df3 --- /dev/null +++ b/src/actions/set_uid.cc @@ -0,0 +1,56 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "actions/set_uid.h" + +#include +#include + +#include "modsecurity/transaction.h" +#include "modsecurity/rule.h" +#include "src/macro_expansion.h" +#include "src/utils.h" + +namespace modsecurity { +namespace actions { + + +bool SetUID::init(std::string *error) { + m_collection_key = std::string(action, 0, action.length()); + + if (m_collection_key.empty()) { + return false; + } + + return true; +} + + +bool SetUID::evaluate(Rule *rule, Transaction *t) { + std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t); + +#ifndef NO_LOGS + t->debug(8, "User collection initiated with value: \'" + + colNameExpanded + "\'."); +#endif + + t->m_collections.m_user_collection_key = colNameExpanded; + t->m_collections.storeOrUpdateFirst("USERID", colNameExpanded); + + return true; +} + +} // namespace actions +} // namespace modsecurity diff --git a/src/actions/set_uid.h b/src/actions/set_uid.h new file mode 100644 index 00000000..6cbd5418 --- /dev/null +++ b/src/actions/set_uid.h @@ -0,0 +1,45 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include + +#include "actions/action.h" + +#ifndef SRC_ACTIONS_SET_UID_H_ +#define SRC_ACTIONS_SET_UID_H_ + +class Transaction; + +namespace modsecurity { +class Transaction; +namespace actions { + + +class SetUID : public Action { + public: + explicit SetUID(std::string _action) + : Action(_action) { } + + bool evaluate(Rule *rule, Transaction *transaction) override; + bool init(std::string *error) override; + private: + std::string m_collection_key; +}; + + +} // namespace actions +} // namespace modsecurity + +#endif // SRC_ACTIONS_SET_UID_H_ diff --git a/src/collection/collections.cc b/src/collection/collections.cc index f242985f..de6d91d5 100644 --- a/src/collection/collections.cc +++ b/src/collection/collections.cc @@ -34,12 +34,13 @@ namespace collection { Collections::Collections(Collection *global, - Collection *ip, Collection *session) + Collection *ip, Collection *session, Collection *user) : m_global_collection_key(""), m_ip_collection_key(""), m_global_collection(global), m_ip_collection(ip), m_session_collection(session), + m_user_collection(user), m_transient(new backend::InMemoryPerProcess()) { /* Create collection TX */ this->emplace("TX", new backend::InMemoryPerProcess()); diff --git a/src/modsecurity.cc b/src/modsecurity.cc index 47467189..13726768 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -49,6 +49,7 @@ ModSecurity::ModSecurity() m_global_collection(new collection::backend::InMemoryPerProcess()), m_ip_collection(new collection::backend::InMemoryPerProcess()), m_session_collection(new collection::backend::InMemoryPerProcess()), + m_user_collection(new collection::backend::InMemoryPerProcess()), m_logCb(NULL) { UniqueId::uniqueId(); srand(time(NULL)); diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index fa73fa39..11309764 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -25,6 +25,7 @@ class Driver; #include "actions/ctl_audit_log_parts.h" #include "actions/init_col.h" #include "actions/set_sid.h" +#include "actions/set_uid.h" #include "actions/set_var.h" #include "actions/severity.h" #include "actions/skip_after.h" @@ -68,6 +69,7 @@ using modsecurity::actions::Action; using modsecurity::actions::CtlAuditLogParts; using modsecurity::actions::InitCol; using modsecurity::actions::SetSID; +using modsecurity::actions::SetUID; using modsecurity::actions::SetVar; using modsecurity::actions::Severity; using modsecurity::actions::Tag; @@ -933,12 +935,8 @@ act: } | ACTION_SETUID { - /* - - TODO: setUID is not implemented yet. - std::string error; - SetEnv *setUID = new SetUID($1); + SetUID *setUID = new SetUID($1); if (setUID->init(&error) == false) { driver.parserError << error; @@ -946,8 +944,6 @@ act: } $$ = setUID; - */ - $$ = Action::instantiate($1); } | ACTION_SETVAR { diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 884715d5..4f2d1b53 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -116,7 +116,7 @@ OPERATOR_GEOIP (?i:@geoLookup) TRANSFORMATION t:(?i:(cmdLine|sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeCommentsChar|removeComments|replaceComments)) -VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|SESSIONID)) +VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|USERID|SESSIONID)) VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|XML|REQUEST_COOKIES_NAMES)) VARIABLE_TX (?i:TX) diff --git a/src/transaction.cc b/src/transaction.cc index b69dd1cd..6a1926ca 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -113,7 +113,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData) m_logCbData(logCbData), m_ms(ms), m_collections(ms->m_global_collection, ms->m_ip_collection, - ms->m_session_collection) { + ms->m_session_collection, ms->m_user_collection) { m_id = std::to_string(this->m_timeStamp) + \ std::to_string(generate_transaction_unique_id()); m_rules->incrementReferenceCount();