github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-20 02:57:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to USER collection, setuid action and USERID variable

Browse Source 
More details on: #1026, #1024, #1048
This commit is contained in:
Felipe Zimmerle
2016-05-06 17:31:12 -03:00
parent ff9aa5c7cf
commit 758ecb5d6d
10 changed files with 115 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/actions/set_uid.cc Normal file
View File

@@ -0,0 +1,56 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "actions/set_uid.h"
#include <iostream>
#include <string>
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {
bool SetUID::init(std::string *error) {
m_collection_key = std::string(action, 0, action.length());
if (m_collection_key.empty()) {
return false;
}
return true;
}
bool SetUID::evaluate(Rule *rule, Transaction *t) {
std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
#ifndef NO_LOGS
t->debug(8, "User collection initiated with value: \'"
+ colNameExpanded + "\'.");
#endif
t->m_collections.m_user_collection_key = colNameExpanded;
t->m_collections.storeOrUpdateFirst("USERID", colNameExpanded);
return true;
}
} // namespace actions
} // namespace modsecurity

45
src/actions/set_uid.h Normal file
View File

@@ -0,0 +1,45 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "actions/action.h"
#ifndef SRC_ACTIONS_SET_UID_H_
#define SRC_ACTIONS_SET_UID_H_
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class SetUID : public Action {
public:
explicit SetUID(std::string _action)
: Action(_action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_collection_key;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_SET_UID_H_