github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-12-31 13:49:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Draft for SecBinaryRules

Browse Source
This commit is contained in:
Felipe Zimmerle
2017-06-14 14:58:10 -03:00
committed by John Doe
parent dccb5e9e5f
commit 8599e5eb72
15 changed files with 11197 additions and 8135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
src/parser/location.hh
View File

@@ -1,4 +1,4 @@
// A Bison parser, made by GNU Bison 3.1.
// A Bison parser, made by GNU Bison 3.2.
// Locations for Bison parsers in C++
@@ -38,11 +38,144 @@
#ifndef YY_YY_LOCATION_HH_INCLUDED
# define YY_YY_LOCATION_HH_INCLUDED
# include "position.hh"
# include <algorithm> // std::max
# include <iostream>
# include <string>
# ifndef YY_NULLPTR
# if defined __cplusplus
# if 201103L <= __cplusplus
# define YY_NULLPTR nullptr
# else
# define YY_NULLPTR 0
# endif
# else
# define YY_NULLPTR ((void*)0)
# endif
# endif
namespace yy {
#line 46 "location.hh" // location.cc:290
#line 60 "location.hh" // location.cc:339
/// Abstract a position.
class position
{
public:
/// Construct a position.
explicit position (std::string* f = YY_NULLPTR,
unsigned l = 1u,
unsigned c = 1u)
: filename (f)
, line (l)
, column (c)
{}
/// Initialization.
void initialize (std::string* fn = YY_NULLPTR,
unsigned l = 1u,
unsigned c = 1u)
{
filename = fn;
line = l;
column = c;
}
/** \name Line and Column related manipulators
** \{ */
/// (line related) Advance to the COUNT next lines.
void lines (int count = 1)
{
if (count)
{
column = 1u;
line = add_ (line, count, 1);
}
}
/// (column related) Advance to the COUNT next columns.
void columns (int count = 1)
{
column = add_ (column, count, 1);
}
/** \} */
/// File name to which this position refers.
std::string* filename;
/// Current line number.
unsigned line;
/// Current column number.
unsigned column;
private:
/// Compute max (min, lhs+rhs).
static unsigned add_ (unsigned lhs, int rhs, int min)
{
return static_cast<unsigned> (std::max (min,
static_cast<int> (lhs) + rhs));
}
};
/// Add \a width columns, in place.
inline position&
operator+= (position& res, int width)
{
res.columns (width);
return res;
}
/// Add \a width columns.
inline position
operator+ (position res, int width)
{
return res += width;
}
/// Subtract \a width columns, in place.
inline position&
operator-= (position& res, int width)
{
return res += -width;
}
/// Subtract \a width columns.
inline position
operator- (position res, int width)
{
return res -= width;
}
/// Compare two position objects.
inline bool
operator== (const position& pos1, const position& pos2)
{
return (pos1.line == pos2.line
&& pos1.column == pos2.column
&& (pos1.filename == pos2.filename
|| (pos1.filename && pos2.filename
&& *pos1.filename == *pos2.filename)));
}
/// Compare two position objects.
inline bool
operator!= (const position& pos1, const position& pos2)
{
return !(pos1 == pos2);
}
/** \brief Intercept output stream redirection.
** \param ostr the destination output stream
** \param pos a reference to the position to redirect
*/
template <typename YYChar>
std::basic_ostream<YYChar>&
operator<< (std::basic_ostream<YYChar>& ostr, const position& pos)
{
if (pos.filename)
ostr << *pos.filename << ':';
return ostr << pos.line << '.' << pos.column;
}
/// Abstract a location.
class location
{
@@ -185,5 +318,5 @@ namespace yy {
} // yy
#line 189 "location.hh" // location.cc:290
#line 322 "location.hh" // location.cc:339
#endif // !YY_YY_LOCATION_HH_INCLUDED

184
src/parser/position.hh
View File

@@ -1,177 +1,11 @@
// A Bison parser, made by GNU Bison 3.1.
// A Bison parser, made by GNU Bison 3.2.
// Positions for Bison parsers in C++
// Starting with Bison 3.2, this file is useless: the structure it
// used to define is now defined in "location.hh".
//
// To get rid of this file:
// 1. add 'require "3.2"' (or newer) to your grammar file
// 2. remove references to this file from your build system
// 3. if you used to include it, include "location.hh" instead.
// Copyright (C) 2002-2015, 2018 Free Software Foundation, Inc.
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// As a special exception, you may create a larger work that contains
// part or all of the Bison parser skeleton and distribute that work
// under terms of your choice, so long as that work isn't itself a
// parser generator using the skeleton or a modified version thereof
// as a parser skeleton. Alternatively, if you modify or redistribute
// the parser skeleton itself, you may (at your option) remove this
// special exception, which will cause the skeleton and the resulting
// Bison output files to be licensed under the GNU General Public
// License without this special exception.
// This special exception was added by the Free Software Foundation in
// version 2.2 of Bison.
/**
** \file position.hh
** Define the yy::position class.
*/
#ifndef YY_YY_POSITION_HH_INCLUDED
# define YY_YY_POSITION_HH_INCLUDED
# include <algorithm> // std::max
# include <iostream>
# include <string>
# ifndef YY_NULLPTR
# if defined __cplusplus && 201103L <= __cplusplus
# define YY_NULLPTR nullptr
# else
# define YY_NULLPTR 0
# endif
# endif
namespace yy {
#line 56 "position.hh" // location.cc:290
/// Abstract a position.
class position
{
public:
/// Construct a position.
explicit position (std::string* f = YY_NULLPTR,
unsigned l = 1u,
unsigned c = 1u)
: filename (f)
, line (l)
, column (c)
{}
/// Initialization.
void initialize (std::string* fn = YY_NULLPTR,
unsigned l = 1u,
unsigned c = 1u)
{
filename = fn;
line = l;
column = c;
}
/** \name Line and Column related manipulators
** \{ */
/// (line related) Advance to the COUNT next lines.
void lines (int count = 1)
{
if (count)
{
column = 1u;
line = add_ (line, count, 1);
}
}
/// (column related) Advance to the COUNT next columns.
void columns (int count = 1)
{
column = add_ (column, count, 1);
}
/** \} */
/// File name to which this position refers.
std::string* filename;
/// Current line number.
unsigned line;
/// Current column number.
unsigned column;
private:
/// Compute max(min, lhs+rhs).
static unsigned add_ (unsigned lhs, int rhs, int min)
{
return static_cast<unsigned>(std::max(min, static_cast<int>(lhs) + rhs));
}
};
/// Add \a width columns, in place.
inline position&
operator+= (position& res, int width)
{
res.columns (width);
return res;
}
/// Add \a width columns.
inline position
operator+ (position res, int width)
{
return res += width;
}
/// Subtract \a width columns, in place.
inline position&
operator-= (position& res, int width)
{
return res += -width;
}
/// Subtract \a width columns.
inline position
operator- (position res, int width)
{
return res -= width;
}
/// Compare two position objects.
inline bool
operator== (const position& pos1, const position& pos2)
{
return (pos1.line == pos2.line
&& pos1.column == pos2.column
&& (pos1.filename == pos2.filename
|| (pos1.filename && pos2.filename
&& *pos1.filename == *pos2.filename)));
}
/// Compare two position objects.
inline bool
operator!= (const position& pos1, const position& pos2)
{
return !(pos1 == pos2);
}
/** \brief Intercept output stream redirection.
** \param ostr the destination output stream
** \param pos a reference to the position to redirect
*/
template <typename YYChar>
std::basic_ostream<YYChar>&
operator<< (std::basic_ostream<YYChar>& ostr, const position& pos)
{
if (pos.filename)
ostr << *pos.filename << ':';
return ostr << pos.line << '.' << pos.column;
}
} // yy
#line 177 "position.hh" // location.cc:290
#endif // !YY_YY_POSITION_HH_INCLUDED
#include "location.hh"

2309
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

5040
src/parser/seclang-parser.hh
View File

File diff suppressed because it is too large Load Diff

8594
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

40
src/parser/seclang-scanner.ll
View File

@@ -8,6 +8,7 @@
#include "src/parser/seclang-parser.hh"
#include "src/utils/https_client.h"
#include "src/utils/string.h"
#include "others/mbedtls/aes.h"
using modsecurity::Parser::Driver;
using modsecurity::Utils::HttpsClient;
@@ -376,6 +377,7 @@ CONFIG_INCLUDE (?i:Include)
CONFIG_SEC_COLLECTION_TIMEOUT (?i:SecCollectionTimeout)
CONFIG_SEC_HTTP_BLKEY (?i:SecHttpBlKey)
CONFIG_SEC_REMOTE_RULES (?i:SecRemoteRules)
CONFIG_SEC_BINARY_RULES (?i:SecBinaryRules)
CONFIG_SEC_REMOTE_RULES_FAIL_ACTION (?i:SecRemoteRulesFailAction)
CONFIG_SEC_REMOVE_RULES_BY_ID (?i:SecRuleRemoveById)
CONFIG_SEC_REMOVE_RULES_BY_MSG (?i:SecRuleRemoveByMsg)
@@ -1285,6 +1287,44 @@ EQUALS_MINUS (?i:=\-)
free(f);
}
{CONFIG_SEC_BINARY_RULES}[ ]+[^\n\r ]+ {
// https://tls.mbed.org/kb/how-to/encrypt-with-aes-cbc
mbedtls_aes_context aes;
std::vector<std::string> conf = modsecurity::utils::string::split(yytext, ' ');
if (conf.size() < 2) {
driver.error (*driver.loc.back(), "", "SecRemoteRules demands a key and a URI");
throw p::syntax_error(*driver.loc.back(), "");
}
std::ifstream t(conf[1]);
std::string str;
std::cout << conf[1] << std::endl;
t.seekg(0, std::ios::end);
str.reserve(t.tellg());
t.seekg(0, std::ios::beg);
str.assign((std::istreambuf_iterator<char>(t)),
std::istreambuf_iterator<char>());
std::cout << str << std::endl;
driver.ref.push_back(conf[1]);
driver.loc.push_back(new yy::location());
YY_BUFFER_STATE temp = YY_CURRENT_BUFFER;
yypush_buffer_state(temp);
unsigned char key[32] = { 0 };
unsigned char iv[16] = { 0 };
unsigned char *output = (unsigned char *)malloc(str.size() + 1);
mbedtls_aes_setkey_enc( &aes, key, 256 );
mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_DECRYPT, 24, iv, (unsigned char *) str.c_str(), output );
yy_scan_string(str.c_str());
}
{CONFIG_SEC_REMOTE_RULES}[ ][^ ]+[ ][^\n\r ]+ {
HttpsClient c;
std::string key;

163
src/parser/stack.hh
View File

@@ -1,157 +1,8 @@
// A Bison parser, made by GNU Bison 3.1.
// A Bison parser, made by GNU Bison 3.2.
// Stack handling for Bison parsers in C++
// Copyright (C) 2002-2015, 2018 Free Software Foundation, Inc.
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// As a special exception, you may create a larger work that contains
// part or all of the Bison parser skeleton and distribute that work
// under terms of your choice, so long as that work isn't itself a
// parser generator using the skeleton or a modified version thereof
// as a parser skeleton. Alternatively, if you modify or redistribute
// the parser skeleton itself, you may (at your option) remove this
// special exception, which will cause the skeleton and the resulting
// Bison output files to be licensed under the GNU General Public
// License without this special exception.
// This special exception was added by the Free Software Foundation in
// version 2.2 of Bison.
/**
** \file stack.hh
** Define the yy::stack class.
*/
#ifndef YY_YY_STACK_HH_INCLUDED
# define YY_YY_STACK_HH_INCLUDED
# include <vector>
namespace yy {
#line 46 "stack.hh" // stack.hh:132
/// A stack with random access from its top.
template <class T, class S = std::vector<T> >
class stack
{
public:
// Hide our reversed order.
typedef typename S::reverse_iterator iterator;
typedef typename S::const_reverse_iterator const_iterator;
typedef typename S::size_type size_type;
stack ()
{
seq_.reserve (200);
}
stack (size_type n)
: seq_ (n)
{}
/// Random access.
///
/// Index 0 returns the topmost element.
T&
operator[] (size_type i)
{
return seq_[seq_.size () - 1 - i];
}
/// Random access.
///
/// Index 0 returns the topmost element.
const T&
operator[] (size_type i) const
{
return seq_[seq_.size () - 1 - i];
}
/// Steal the contents of \a t.
///
/// Close to move-semantics.
void
push (T& t)
{
seq_.push_back (T());
operator[](0).move (t);
}
void
pop (size_type n = 1)
{
for (; n; --n)
seq_.pop_back ();
}
void
clear ()
{
seq_.clear ();
}
size_type
size () const
{
return seq_.size ();
}
const_iterator
begin () const
{
return seq_.rbegin ();
}
const_iterator
end () const
{
return seq_.rend ();
}
private:
stack (const stack&);
stack& operator= (const stack&);
/// The wrapped container.
S seq_;
};
/// Present a slice of the top of a stack.
template <class T, class S = stack<T> >
class slice
{
public:
typedef typename S::size_type size_type;
slice (const S& stack, size_type range)
: stack_ (stack)
, range_ (range)
{}
const T&
operator[] (size_type i) const
{
return stack_[range_ - i];
}
private:
const S& stack_;
size_type range_;
};
} // yy
#line 156 "stack.hh" // stack.hh:132
#endif // !YY_YY_STACK_HH_INCLUDED
// Starting with Bison 3.2, this file is useless: the structure it
// used to define is now defined with the parser itself.
//
// To get rid of this file:
// 1. add 'require "3.2"' (or newer) to your grammar file
// 2. remove references to this file from your build system.