github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Actually fix setvar parsing of quoted data

Browse Source
This commit is contained in:
Victor Hora 2018-05-16 23:56:43 -04:00 committed by Felipe Zimmerle
parent e4c822e663
commit 87e64e3c25
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
5 changed files with 4642 additions and 4591 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -8,7 +8,7 @@ v3.0.3 - YYYY-MMM-DD (to be released)
- Code Cleanup. - Code Cleanup.
[Issue #1757, #1755, #1756, #1761 - @p0pr0ck5] [Issue #1757, #1755, #1756, #1761 - @p0pr0ck5]
- Fix setvar parsing of quoted data - Fix setvar parsing of quoted data
[Issue #1733, #1759 - @JaiHarpalani, @victorhora, @defanator] [Issue #1733, #1759, #1775 - @victorhora, @JaiHarpalani, @defanator]
- Fix LDFLAGS for unit tests. - Fix LDFLAGS for unit tests.
[Issue #1758 - @smlx] [Issue #1758 - @smlx]
- Adds time stamp back to the audit logs - Adds time stamp back to the audit logs

1773
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

111
src/parser/seclang-parser.hh
View File

@ -1,8 +1,8 @@
// A Bison parser, made by GNU Bison 3.0.2. // A Bison parser, made by GNU Bison 3.0.4.
// Skeleton interface for Bison LALR(1) parsers in C++ // Skeleton interface for Bison LALR(1) parsers in C++
// Copyright (C) 2002-2013 Free Software Foundation, Inc. // Copyright (C) 2002-2015 Free Software Foundation, Inc.
// This program is free software: you can redistribute it and/or modify // This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
@ -40,7 +40,7 @@
#ifndef YY_YY_SECLANG_PARSER_HH_INCLUDED #ifndef YY_YY_SECLANG_PARSER_HH_INCLUDED
# define YY_YY_SECLANG_PARSER_HH_INCLUDED # define YY_YY_SECLANG_PARSER_HH_INCLUDED
// // "%code requires" blocks. // // "%code requires" blocks.
#line 10 "seclang-parser.yy" // lalr1.cc:372 #line 10 "seclang-parser.yy" // lalr1.cc:377
#include <string> #include <string>
#include <iterator> #include <iterator>
@ -379,13 +379,14 @@ using modsecurity::operators::Operator;
#line 383 "seclang-parser.hh" // lalr1.cc:372 #line 383 "seclang-parser.hh" // lalr1.cc:377
# include <cassert> # include <cassert>
# include <vector> # include <cstdlib> // std::abort
# include <iostream> # include <iostream>
# include <stdexcept> # include <stdexcept>
# include <string> # include <string>
# include <vector>
# include "stack.hh" # include "stack.hh"
# include "location.hh" # include "location.hh"
#include <typeinfo> #include <typeinfo>
@ -455,7 +456,7 @@ using modsecurity::operators::Operator;
namespace yy { namespace yy {
#line 459 "seclang-parser.hh" // lalr1.cc:372 #line 460 "seclang-parser.hh" // lalr1.cc:377
@ -472,13 +473,13 @@ namespace yy {
/// Empty construction. /// Empty construction.
variant () variant ()
: yytname_ (YY_NULLPTR) : yytypeid_ (YY_NULLPTR)
{} {}
/// Construct and fill. /// Construct and fill.
template <typename T> template <typename T>
variant (const T& t) variant (const T& t)
: yytname_ (typeid (T).name ()) : yytypeid_ (&typeid (T))
{ {
YYASSERT (sizeof (T) <= S); YYASSERT (sizeof (T) <= S);
new (yyas_<T> ()) T (t); new (yyas_<T> ()) T (t);
@ -487,7 +488,7 @@ namespace yy {
/// Destruction, allowed only if empty. /// Destruction, allowed only if empty.
~variant () ~variant ()
{ {
YYASSERT (!yytname_); YYASSERT (!yytypeid_);
} }
/// Instantiate an empty \a T in here. /// Instantiate an empty \a T in here.
@ -495,9 +496,9 @@ namespace yy {
T& T&
build () build ()
{ {
YYASSERT (!yytname_); YYASSERT (!yytypeid_);
YYASSERT (sizeof (T) <= S); YYASSERT (sizeof (T) <= S);
yytname_ = typeid (T).name (); yytypeid_ = & typeid (T);
return *new (yyas_<T> ()) T; return *new (yyas_<T> ()) T;
} }
@ -506,9 +507,9 @@ namespace yy {
T& T&
build (const T& t) build (const T& t)
{ {
YYASSERT (!yytname_); YYASSERT (!yytypeid_);
YYASSERT (sizeof (T) <= S); YYASSERT (sizeof (T) <= S);
yytname_ = typeid (T).name (); yytypeid_ = & typeid (T);
return *new (yyas_<T> ()) T (std::move((T&)t)); return *new (yyas_<T> ()) T (std::move((T&)t));
} }
@ -517,7 +518,7 @@ namespace yy {
T& T&
as () as ()
{ {
YYASSERT (yytname_ == typeid (T).name ()); YYASSERT (*yytypeid_ == typeid (T));
YYASSERT (sizeof (T) <= S); YYASSERT (sizeof (T) <= S);
return *yyas_<T> (); return *yyas_<T> ();
} }
@ -527,7 +528,7 @@ namespace yy {
const T& const T&
as () const as () const
{ {
YYASSERT (yytname_ == typeid (T).name ()); YYASSERT (*yytypeid_ == typeid (T));
YYASSERT (sizeof (T) <= S); YYASSERT (sizeof (T) <= S);
return *yyas_<T> (); return *yyas_<T> ();
} }
@ -544,8 +545,8 @@ namespace yy {
void void
swap (self_type& other) swap (self_type& other)
{ {
YYASSERT (yytname_); YYASSERT (yytypeid_);
YYASSERT (yytname_ == other.yytname_); YYASSERT (*yytypeid_ == *other.yytypeid_);
std::swap (as<T> (), other.as<T> ()); std::swap (as<T> (), other.as<T> ());
} }
@ -575,7 +576,7 @@ namespace yy {
destroy () destroy ()
{ {
as<T> ().~T (); as<T> ().~T ();
yytname_ = YY_NULLPTR; yytypeid_ = YY_NULLPTR;
} }
private: private:
@ -610,7 +611,7 @@ namespace yy {
} yybuffer_; } yybuffer_;
/// Whether the content is built: if defined, the name of the stored type. /// Whether the content is built: if defined, the name of the stored type.
const char *yytname_; const std::type_info *yytypeid_;
}; };
@ -1203,9 +1204,12 @@ namespace yy {
/// (External) token type, as returned by yylex. /// (External) token type, as returned by yylex.
typedef token::yytokentype token_type; typedef token::yytokentype token_type;
/// Internal symbol number. /// Symbol type: an internal symbol number.
typedef int symbol_number_type; typedef int symbol_number_type;
/// The symbol type number to denote an empty symbol.
enum { empty_symbol = -2 };
/// Internal symbol number for tokens (subsumed by symbol_number_type). /// Internal symbol number for tokens (subsumed by symbol_number_type).
typedef unsigned short int token_number_type; typedef unsigned short int token_number_type;
@ -1251,8 +1255,15 @@ namespace yy {
const semantic_type& v, const semantic_type& v,
const location_type& l); const location_type& l);
/// Destroy the symbol.
~basic_symbol (); ~basic_symbol ();
/// Destroy contents, and record that is empty.
void clear ();
/// Whether empty.
bool empty () const;
/// Destructive move, \a s is emptied into this. /// Destructive move, \a s is emptied into this.
void move (basic_symbol& s); void move (basic_symbol& s);
@ -1282,21 +1293,23 @@ namespace yy {
/// Constructor from (external) token numbers. /// Constructor from (external) token numbers.
by_type (kind_type t); by_type (kind_type t);
/// Record that this symbol is empty.
void clear ();
/// Steal the symbol type from \a that. /// Steal the symbol type from \a that.
void move (by_type& that); void move (by_type& that);
/// The (internal) type number (corresponding to \a type). /// The (internal) type number (corresponding to \a type).
/// -1 when this symbol is empty. /// \a empty when empty.
symbol_number_type type_get () const; symbol_number_type type_get () const;
/// The token. /// The token.
token_type token () const; token_type token () const;
enum { empty = 0 };
/// The symbol type. /// The symbol type.
/// -1 when this symbol is empty. /// \a empty_symbol when empty.
token_number_type type; /// An int, not token_number_type, to be able to store empty_symbol.
int type;
}; };
/// "External" symbols: returned by the scanner. /// "External" symbols: returned by the scanner.
@ -2688,9 +2701,9 @@ namespace yy {
/// Generate an error message. /// Generate an error message.
/// \param yystate the state where the error occurred. /// \param yystate the state where the error occurred.
/// \param yytoken the lookahead token type, or yyempty_. /// \param yyla the lookahead token.
virtual std::string yysyntax_error_ (state_type yystate, virtual std::string yysyntax_error_ (state_type yystate,
symbol_number_type yytoken) const; const symbol_type& yyla) const;
/// Compute post-reduction state. /// Compute post-reduction state.
/// \param yystate the current state /// \param yystate the current state
@ -2793,16 +2806,21 @@ namespace yy {
/// Copy constructor. /// Copy constructor.
by_state (const by_state& other); by_state (const by_state& other);
/// Record that this symbol is empty.
void clear ();
/// Steal the symbol type from \a that. /// Steal the symbol type from \a that.
void move (by_state& that); void move (by_state& that);
/// The (internal) type number (corresponding to \a state). /// The (internal) type number (corresponding to \a state).
/// "empty" when empty. /// \a empty_symbol when empty.
symbol_number_type type_get () const; symbol_number_type type_get () const;
enum { empty = 0 }; /// The state number used to denote an empty symbol.
enum { empty_state = -1 };
/// The state. /// The state.
/// \a empty when empty.
state_type state; state_type state;
}; };
@ -2843,13 +2861,12 @@ namespace yy {
/// Pop \a n symbols the three stacks. /// Pop \a n symbols the three stacks.
void yypop_ (unsigned int n = 1); void yypop_ (unsigned int n = 1);
// Constants. /// Constants.
enum enum
{ {
yyeof_ = 0, yyeof_ = 0,
yylast_ = 3310, ///< Last index in yytable_. yylast_ = 3310, ///< Last index in yytable_.
yynnts_ = 15, ///< Number of nonterminal symbols. yynnts_ = 15, ///< Number of nonterminal symbols.
yyempty_ = -2,
yyfinal_ = 334, ///< Termination state number. yyfinal_ = 334, ///< Termination state number.
yyterror_ = 1, yyterror_ = 1,
yyerrcode_ = 256, yyerrcode_ = 256,
@ -3499,9 +3516,19 @@ namespace yy {
template <typename Base> template <typename Base>
inline inline
seclang_parser::basic_symbol<Base>::~basic_symbol () seclang_parser::basic_symbol<Base>::~basic_symbol ()
{
clear ();
}
template <typename Base>
inline
void
seclang_parser::basic_symbol<Base>::clear ()
{ {
// User destructor. // User destructor.
symbol_number_type yytype = this->type_get (); symbol_number_type yytype = this->type_get ();
basic_symbol<Base>& yysym = *this;
(void) yysym;
switch (yytype) switch (yytype)
{ {
default: default:
@ -3740,6 +3767,15 @@ namespace yy {
break; break;
} }
Base::clear ();
}
template <typename Base>
inline
bool
seclang_parser::basic_symbol<Base>::empty () const
{
return Base::type_get () == empty_symbol;
} }
template <typename Base> template <typename Base>
@ -3985,7 +4021,7 @@ namespace yy {
// by_type. // by_type.
inline inline
seclang_parser::by_type::by_type () seclang_parser::by_type::by_type ()
: type (empty) : type (empty_symbol)
{} {}
inline inline
@ -3998,12 +4034,19 @@ namespace yy {
: type (yytranslate_ (t)) : type (yytranslate_ (t))
{} {}
inline
void
seclang_parser::by_type::clear ()
{
type = empty_symbol;
}
inline inline
void void
seclang_parser::by_type::move (by_type& that) seclang_parser::by_type::move (by_type& that)
{ {
type = that.type; type = that.type;
that.type = empty; that.clear ();
} }
inline inline
@ -6080,7 +6123,7 @@ namespace yy {
} // yy } // yy
#line 6084 "seclang-parser.hh" // lalr1.cc:372 #line 6127 "seclang-parser.hh" // lalr1.cc:377

7344
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

3
src/parser/seclang-scanner.ll
View File

@ -428,6 +428,7 @@ COMMA_BUT_SCAPED (,)
FREE_TEXT_QUOTE_MACRO_EXPANSION (([^%'])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][']|[^\\]([\\][\\])+[\\]['])+ FREE_TEXT_QUOTE_MACRO_EXPANSION (([^%'])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][']|[^\\]([\\][\\])+[\\]['])+
FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION ((([^"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+ FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION ((([^"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
FREE_TEXT_EQUALS_MACRO_EXPANSION ((([^",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\]([\\][\\])+[\\][=])+ FREE_TEXT_EQUALS_MACRO_EXPANSION ((([^",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\]([\\][\\])+[\\][=])+
FREE_TEXT_EQUALS_QUOTE_MACRO_EXPANSION ((([^'",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\][\\][']|[^\\]([\\][\\])+[\\][=])+
FREE_TEXT_COMMA_MACRO_EXPANSION (([^%,])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][,]|[^\\]([\\][\\])+[\\][,])+ FREE_TEXT_COMMA_MACRO_EXPANSION (([^%,])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][,]|[^\\]([\\][\\])+[\\][,])+
FREE_TEXT_COMMA_DOUBLE_QUOTE_MACRO_EXPANSION ((([^,"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+ FREE_TEXT_COMMA_DOUBLE_QUOTE_MACRO_EXPANSION ((([^,"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
@ -719,7 +720,7 @@ EQUALS_MINUS (?i:=\-)
<SETVAR_ACTION_QUOTED_WAITING_CONTENT>{ <SETVAR_ACTION_QUOTED_WAITING_CONTENT>{
\' { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); } \' { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{FREE_TEXT_EQUALS_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); } {FREE_TEXT_EQUALS_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
.|\n { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(0); } .|\n { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(0); }
} }