mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Adds support to USER collection, setuid action and USERID variable
More details on: #1026, #1024, #1048
This commit is contained in:
parent
ff9aa5c7cf
commit
758ecb5d6d
@ -45,7 +45,8 @@ namespace collection {
|
|||||||
class Collections :
|
class Collections :
|
||||||
public std::unordered_map<std::string, Collection *> {
|
public std::unordered_map<std::string, Collection *> {
|
||||||
public:
|
public:
|
||||||
Collections(Collection *global, Collection *ip, Collection *session);
|
Collections(Collection *global, Collection *ip, Collection *session,
|
||||||
|
Collection *user);
|
||||||
~Collections();
|
~Collections();
|
||||||
|
|
||||||
void store(std::string key, std::string value);
|
void store(std::string key, std::string value);
|
||||||
@ -87,10 +88,12 @@ class Collections :
|
|||||||
std::string m_global_collection_key;
|
std::string m_global_collection_key;
|
||||||
std::string m_ip_collection_key;
|
std::string m_ip_collection_key;
|
||||||
std::string m_session_collection_key;
|
std::string m_session_collection_key;
|
||||||
|
std::string m_user_collection_key;
|
||||||
|
|
||||||
Collection *m_global_collection;
|
Collection *m_global_collection;
|
||||||
Collection *m_ip_collection;
|
Collection *m_ip_collection;
|
||||||
Collection *m_session_collection;
|
Collection *m_session_collection;
|
||||||
|
Collection *m_user_collection;
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace collection
|
} // namespace collection
|
||||||
|
@ -225,6 +225,7 @@ class ModSecurity {
|
|||||||
collection::Collection *m_global_collection;
|
collection::Collection *m_global_collection;
|
||||||
collection::Collection *m_ip_collection;
|
collection::Collection *m_ip_collection;
|
||||||
collection::Collection *m_session_collection;
|
collection::Collection *m_session_collection;
|
||||||
|
collection::Collection *m_user_collection;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::string m_connector;
|
std::string m_connector;
|
||||||
|
@ -80,6 +80,7 @@ ACTIONS = \
|
|||||||
actions/rule_id.cc \
|
actions/rule_id.cc \
|
||||||
actions/severity.cc \
|
actions/severity.cc \
|
||||||
actions/set_sid.cc \
|
actions/set_sid.cc \
|
||||||
|
actions/set_uid.cc \
|
||||||
actions/set_var.cc \
|
actions/set_var.cc \
|
||||||
actions/status.cc \
|
actions/status.cc \
|
||||||
actions/skip_after.cc \
|
actions/skip_after.cc \
|
||||||
|
56
src/actions/set_uid.cc
Normal file
56
src/actions/set_uid.cc
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
/*
|
||||||
|
* ModSecurity, http://www.modsecurity.org/
|
||||||
|
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||||
|
*
|
||||||
|
* You may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* If any of the files related to licensing are missing or if you have any
|
||||||
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||||
|
* directly using the email address security@modsecurity.org.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "actions/set_uid.h"
|
||||||
|
|
||||||
|
#include <iostream>
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/transaction.h"
|
||||||
|
#include "modsecurity/rule.h"
|
||||||
|
#include "src/macro_expansion.h"
|
||||||
|
#include "src/utils.h"
|
||||||
|
|
||||||
|
namespace modsecurity {
|
||||||
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
|
bool SetUID::init(std::string *error) {
|
||||||
|
m_collection_key = std::string(action, 0, action.length());
|
||||||
|
|
||||||
|
if (m_collection_key.empty()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool SetUID::evaluate(Rule *rule, Transaction *t) {
|
||||||
|
std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
|
||||||
|
|
||||||
|
#ifndef NO_LOGS
|
||||||
|
t->debug(8, "User collection initiated with value: \'"
|
||||||
|
+ colNameExpanded + "\'.");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
t->m_collections.m_user_collection_key = colNameExpanded;
|
||||||
|
t->m_collections.storeOrUpdateFirst("USERID", colNameExpanded);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
} // namespace actions
|
||||||
|
} // namespace modsecurity
|
45
src/actions/set_uid.h
Normal file
45
src/actions/set_uid.h
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
/*
|
||||||
|
* ModSecurity, http://www.modsecurity.org/
|
||||||
|
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||||
|
*
|
||||||
|
* You may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* If any of the files related to licensing are missing or if you have any
|
||||||
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||||
|
* directly using the email address security@modsecurity.org.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
#include "actions/action.h"
|
||||||
|
|
||||||
|
#ifndef SRC_ACTIONS_SET_UID_H_
|
||||||
|
#define SRC_ACTIONS_SET_UID_H_
|
||||||
|
|
||||||
|
class Transaction;
|
||||||
|
|
||||||
|
namespace modsecurity {
|
||||||
|
class Transaction;
|
||||||
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
|
class SetUID : public Action {
|
||||||
|
public:
|
||||||
|
explicit SetUID(std::string _action)
|
||||||
|
: Action(_action) { }
|
||||||
|
|
||||||
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
bool init(std::string *error) override;
|
||||||
|
private:
|
||||||
|
std::string m_collection_key;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
} // namespace actions
|
||||||
|
} // namespace modsecurity
|
||||||
|
|
||||||
|
#endif // SRC_ACTIONS_SET_UID_H_
|
@ -34,12 +34,13 @@ namespace collection {
|
|||||||
|
|
||||||
|
|
||||||
Collections::Collections(Collection *global,
|
Collections::Collections(Collection *global,
|
||||||
Collection *ip, Collection *session)
|
Collection *ip, Collection *session, Collection *user)
|
||||||
: m_global_collection_key(""),
|
: m_global_collection_key(""),
|
||||||
m_ip_collection_key(""),
|
m_ip_collection_key(""),
|
||||||
m_global_collection(global),
|
m_global_collection(global),
|
||||||
m_ip_collection(ip),
|
m_ip_collection(ip),
|
||||||
m_session_collection(session),
|
m_session_collection(session),
|
||||||
|
m_user_collection(user),
|
||||||
m_transient(new backend::InMemoryPerProcess()) {
|
m_transient(new backend::InMemoryPerProcess()) {
|
||||||
/* Create collection TX */
|
/* Create collection TX */
|
||||||
this->emplace("TX", new backend::InMemoryPerProcess());
|
this->emplace("TX", new backend::InMemoryPerProcess());
|
||||||
|
@ -49,6 +49,7 @@ ModSecurity::ModSecurity()
|
|||||||
m_global_collection(new collection::backend::InMemoryPerProcess()),
|
m_global_collection(new collection::backend::InMemoryPerProcess()),
|
||||||
m_ip_collection(new collection::backend::InMemoryPerProcess()),
|
m_ip_collection(new collection::backend::InMemoryPerProcess()),
|
||||||
m_session_collection(new collection::backend::InMemoryPerProcess()),
|
m_session_collection(new collection::backend::InMemoryPerProcess()),
|
||||||
|
m_user_collection(new collection::backend::InMemoryPerProcess()),
|
||||||
m_logCb(NULL) {
|
m_logCb(NULL) {
|
||||||
UniqueId::uniqueId();
|
UniqueId::uniqueId();
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
|
@ -25,6 +25,7 @@ class Driver;
|
|||||||
#include "actions/ctl_audit_log_parts.h"
|
#include "actions/ctl_audit_log_parts.h"
|
||||||
#include "actions/init_col.h"
|
#include "actions/init_col.h"
|
||||||
#include "actions/set_sid.h"
|
#include "actions/set_sid.h"
|
||||||
|
#include "actions/set_uid.h"
|
||||||
#include "actions/set_var.h"
|
#include "actions/set_var.h"
|
||||||
#include "actions/severity.h"
|
#include "actions/severity.h"
|
||||||
#include "actions/skip_after.h"
|
#include "actions/skip_after.h"
|
||||||
@ -68,6 +69,7 @@ using modsecurity::actions::Action;
|
|||||||
using modsecurity::actions::CtlAuditLogParts;
|
using modsecurity::actions::CtlAuditLogParts;
|
||||||
using modsecurity::actions::InitCol;
|
using modsecurity::actions::InitCol;
|
||||||
using modsecurity::actions::SetSID;
|
using modsecurity::actions::SetSID;
|
||||||
|
using modsecurity::actions::SetUID;
|
||||||
using modsecurity::actions::SetVar;
|
using modsecurity::actions::SetVar;
|
||||||
using modsecurity::actions::Severity;
|
using modsecurity::actions::Severity;
|
||||||
using modsecurity::actions::Tag;
|
using modsecurity::actions::Tag;
|
||||||
@ -933,12 +935,8 @@ act:
|
|||||||
}
|
}
|
||||||
| ACTION_SETUID
|
| ACTION_SETUID
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
|
|
||||||
TODO: setUID is not implemented yet.
|
|
||||||
|
|
||||||
std::string error;
|
std::string error;
|
||||||
SetEnv *setUID = new SetUID($1);
|
SetUID *setUID = new SetUID($1);
|
||||||
|
|
||||||
if (setUID->init(&error) == false) {
|
if (setUID->init(&error) == false) {
|
||||||
driver.parserError << error;
|
driver.parserError << error;
|
||||||
@ -946,8 +944,6 @@ act:
|
|||||||
}
|
}
|
||||||
|
|
||||||
$$ = setUID;
|
$$ = setUID;
|
||||||
*/
|
|
||||||
$$ = Action::instantiate($1);
|
|
||||||
}
|
}
|
||||||
| ACTION_SETVAR
|
| ACTION_SETVAR
|
||||||
{
|
{
|
||||||
|
@ -116,7 +116,7 @@ OPERATOR_GEOIP (?i:@geoLookup)
|
|||||||
TRANSFORMATION t:(?i:(cmdLine|sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeCommentsChar|removeComments|replaceComments))
|
TRANSFORMATION t:(?i:(cmdLine|sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeCommentsChar|removeComments|replaceComments))
|
||||||
|
|
||||||
|
|
||||||
VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|SESSIONID))
|
VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|USERID|SESSIONID))
|
||||||
VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|XML|REQUEST_COOKIES_NAMES))
|
VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|XML|REQUEST_COOKIES_NAMES))
|
||||||
|
|
||||||
VARIABLE_TX (?i:TX)
|
VARIABLE_TX (?i:TX)
|
||||||
|
@ -113,7 +113,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
|
|||||||
m_logCbData(logCbData),
|
m_logCbData(logCbData),
|
||||||
m_ms(ms),
|
m_ms(ms),
|
||||||
m_collections(ms->m_global_collection, ms->m_ip_collection,
|
m_collections(ms->m_global_collection, ms->m_ip_collection,
|
||||||
ms->m_session_collection) {
|
ms->m_session_collection, ms->m_user_collection) {
|
||||||
m_id = std::to_string(this->m_timeStamp) + \
|
m_id = std::to_string(this->m_timeStamp) + \
|
||||||
std::to_string(generate_transaction_unique_id());
|
std::to_string(generate_transaction_unique_id());
|
||||||
m_rules->incrementReferenceCount();
|
m_rules->incrementReferenceCount();
|
||||||
|
Loading…
x
Reference in New Issue
Block a user