github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Actually fix setvar parsing of quoted data

Browse Source
This commit is contained in:
Victor Hora 2018-05-16 23:56:43 -04:00 committed by Felipe Zimmerle
parent e4c822e663
commit 87e64e3c25
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
5 changed files with 4642 additions and 4591 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -8,7 +8,7 @@ v3.0.3 - YYYY-MMM-DD (to be released)
- Code Cleanup.
[Issue #1757, #1755, #1756, #1761 - @p0pr0ck5]
- Fix setvar parsing of quoted data
[Issue #1733, #1759 - @JaiHarpalani, @victorhora, @defanator]
[Issue #1733, #1759, #1775 - @victorhora, @JaiHarpalani, @defanator]
- Fix LDFLAGS for unit tests.
[Issue #1758 - @smlx]
- Adds time stamp back to the audit logs

1773
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

111
src/parser/seclang-parser.hh
View File

@ -1,8 +1,8 @@
// A Bison parser, made by GNU Bison 3.0.2.
// A Bison parser, made by GNU Bison 3.0.4.
// Skeleton interface for Bison LALR(1) parsers in C++
// Copyright (C) 2002-2013 Free Software Foundation, Inc.
// Copyright (C) 2002-2015 Free Software Foundation, Inc.
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@ -40,7 +40,7 @@
#ifndef YY_YY_SECLANG_PARSER_HH_INCLUDED
# define YY_YY_SECLANG_PARSER_HH_INCLUDED
// // "%code requires" blocks.
#line 10 "seclang-parser.yy" // lalr1.cc:372
#line 10 "seclang-parser.yy" // lalr1.cc:377
#include <string>
#include <iterator>
@ -379,13 +379,14 @@ using modsecurity::operators::Operator;
#line 383 "seclang-parser.hh" // lalr1.cc:372
#line 383 "seclang-parser.hh" // lalr1.cc:377
# include <cassert>
# include <vector>
# include <cstdlib> // std::abort
# include <iostream>
# include <stdexcept>
# include <string>
# include <vector>
# include "stack.hh"
# include "location.hh"
#include <typeinfo>
@ -455,7 +456,7 @@ using modsecurity::operators::Operator;
namespace yy {
#line 459 "seclang-parser.hh" // lalr1.cc:372
#line 460 "seclang-parser.hh" // lalr1.cc:377
@ -472,13 +473,13 @@ namespace yy {
/// Empty construction.
variant ()
: yytname_ (YY_NULLPTR)
: yytypeid_ (YY_NULLPTR)
{}
/// Construct and fill.
template <typename T>
variant (const T& t)
: yytname_ (typeid (T).name ())
: yytypeid_ (&typeid (T))
{
YYASSERT (sizeof (T) <= S);
new (yyas_<T> ()) T (t);
@ -487,7 +488,7 @@ namespace yy {
/// Destruction, allowed only if empty.
~variant ()
{
YYASSERT (!yytname_);
YYASSERT (!yytypeid_);
}
/// Instantiate an empty \a T in here.
@ -495,9 +496,9 @@ namespace yy {
T&
build ()
{
YYASSERT (!yytname_);
YYASSERT (!yytypeid_);
YYASSERT (sizeof (T) <= S);
yytname_ = typeid (T).name ();
yytypeid_ = & typeid (T);
return *new (yyas_<T> ()) T;
}
@ -506,9 +507,9 @@ namespace yy {
T&
build (const T& t)
{
YYASSERT (!yytname_);
YYASSERT (!yytypeid_);
YYASSERT (sizeof (T) <= S);
yytname_ = typeid (T).name ();
yytypeid_ = & typeid (T);
return *new (yyas_<T> ()) T (std::move((T&)t));
}
@ -517,7 +518,7 @@ namespace yy {
T&
as ()
{
YYASSERT (yytname_ == typeid (T).name ());
YYASSERT (*yytypeid_ == typeid (T));
YYASSERT (sizeof (T) <= S);
return *yyas_<T> ();
}
@ -527,7 +528,7 @@ namespace yy {
const T&
as () const
{
YYASSERT (yytname_ == typeid (T).name ());
YYASSERT (*yytypeid_ == typeid (T));
YYASSERT (sizeof (T) <= S);
return *yyas_<T> ();
}
@ -544,8 +545,8 @@ namespace yy {
void
swap (self_type& other)
{
YYASSERT (yytname_);
YYASSERT (yytname_ == other.yytname_);
YYASSERT (yytypeid_);
YYASSERT (*yytypeid_ == *other.yytypeid_);
std::swap (as<T> (), other.as<T> ());
}
@ -575,7 +576,7 @@ namespace yy {
destroy ()
{
as<T> ().~T ();
yytname_ = YY_NULLPTR;
yytypeid_ = YY_NULLPTR;
}
private:
@ -610,7 +611,7 @@ namespace yy {
} yybuffer_;
/// Whether the content is built: if defined, the name of the stored type.
const char *yytname_;
const std::type_info *yytypeid_;
};
@ -1203,9 +1204,12 @@ namespace yy {
/// (External) token type, as returned by yylex.
typedef token::yytokentype token_type;
/// Internal symbol number.
/// Symbol type: an internal symbol number.
typedef int symbol_number_type;
/// The symbol type number to denote an empty symbol.
enum { empty_symbol = -2 };
/// Internal symbol number for tokens (subsumed by symbol_number_type).
typedef unsigned short int token_number_type;
@ -1251,8 +1255,15 @@ namespace yy {
const semantic_type& v,
const location_type& l);
/// Destroy the symbol.
~basic_symbol ();
/// Destroy contents, and record that is empty.
void clear ();
/// Whether empty.
bool empty () const;
/// Destructive move, \a s is emptied into this.
void move (basic_symbol& s);
@ -1282,21 +1293,23 @@ namespace yy {
/// Constructor from (external) token numbers.
by_type (kind_type t);
/// Record that this symbol is empty.
void clear ();
/// Steal the symbol type from \a that.
void move (by_type& that);
/// The (internal) type number (corresponding to \a type).
/// -1 when this symbol is empty.
/// \a empty when empty.
symbol_number_type type_get () const;
/// The token.
token_type token () const;
enum { empty = 0 };
/// The symbol type.
/// -1 when this symbol is empty.
token_number_type type;
/// \a empty_symbol when empty.
/// An int, not token_number_type, to be able to store empty_symbol.
int type;
};
/// "External" symbols: returned by the scanner.
@ -2688,9 +2701,9 @@ namespace yy {
/// Generate an error message.
/// \param yystate the state where the error occurred.
/// \param yytoken the lookahead token type, or yyempty_.
/// \param yyla the lookahead token.
virtual std::string yysyntax_error_ (state_type yystate,
symbol_number_type yytoken) const;
const symbol_type& yyla) const;
/// Compute post-reduction state.
/// \param yystate the current state
@ -2793,16 +2806,21 @@ namespace yy {
/// Copy constructor.
by_state (const by_state& other);
/// Record that this symbol is empty.
void clear ();
/// Steal the symbol type from \a that.
void move (by_state& that);
/// The (internal) type number (corresponding to \a state).
/// "empty" when empty.
/// \a empty_symbol when empty.
symbol_number_type type_get () const;
enum { empty = 0 };
/// The state number used to denote an empty symbol.
enum { empty_state = -1 };
/// The state.
/// \a empty when empty.
state_type state;
};
@ -2843,13 +2861,12 @@ namespace yy {
/// Pop \a n symbols the three stacks.
void yypop_ (unsigned int n = 1);
// Constants.
/// Constants.
enum
{
yyeof_ = 0,
yylast_ = 3310, ///< Last index in yytable_.
yynnts_ = 15, ///< Number of nonterminal symbols.
yyempty_ = -2,
yyfinal_ = 334, ///< Termination state number.
yyterror_ = 1,
yyerrcode_ = 256,
@ -3499,9 +3516,19 @@ namespace yy {
template <typename Base>
inline
seclang_parser::basic_symbol<Base>::~basic_symbol ()
{
clear ();
}
template <typename Base>
inline
void
seclang_parser::basic_symbol<Base>::clear ()
{
// User destructor.
symbol_number_type yytype = this->type_get ();
basic_symbol<Base>& yysym = *this;
(void) yysym;
switch (yytype)
{
default:
@ -3740,6 +3767,15 @@ namespace yy {
break;
}
Base::clear ();
}
template <typename Base>
inline
bool
seclang_parser::basic_symbol<Base>::empty () const
{
return Base::type_get () == empty_symbol;
}
template <typename Base>
@ -3985,7 +4021,7 @@ namespace yy {
// by_type.
inline
seclang_parser::by_type::by_type ()
: type (empty)
: type (empty_symbol)
{}
inline
@ -3998,12 +4034,19 @@ namespace yy {
: type (yytranslate_ (t))
{}
inline
void
seclang_parser::by_type::clear ()
{
type = empty_symbol;
}
inline
void
seclang_parser::by_type::move (by_type& that)
{
type = that.type;
that.type = empty;
that.clear ();
}
inline
@ -6080,7 +6123,7 @@ namespace yy {
} // yy
#line 6084 "seclang-parser.hh" // lalr1.cc:372
#line 6127 "seclang-parser.hh" // lalr1.cc:377

7344
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

3
src/parser/seclang-scanner.ll
View File

@ -428,6 +428,7 @@ COMMA_BUT_SCAPED (,)
FREE_TEXT_QUOTE_MACRO_EXPANSION (([^%'])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][']|[^\\]([\\][\\])+[\\]['])+
FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION ((([^"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
FREE_TEXT_EQUALS_MACRO_EXPANSION ((([^",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\]([\\][\\])+[\\][=])+
FREE_TEXT_EQUALS_QUOTE_MACRO_EXPANSION ((([^'",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\][\\][']|[^\\]([\\][\\])+[\\][=])+
FREE_TEXT_COMMA_MACRO_EXPANSION (([^%,])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][,]|[^\\]([\\][\\])+[\\][,])+
FREE_TEXT_COMMA_DOUBLE_QUOTE_MACRO_EXPANSION ((([^,"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
@ -719,7 +720,7 @@ EQUALS_MINUS (?i:=\-)
<SETVAR_ACTION_QUOTED_WAITING_CONTENT>{
\' { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{FREE_TEXT_EQUALS_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
{FREE_TEXT_EQUALS_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
.|\n { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(0); }
}