Adds support to AUTH_TYPE variable

2025-08-14 05:45:59 +03:00 · 2015-07-14 16:40:07 -03:00 · 2015-07-14 16:40:07 -03:00 · 8c408ebcd7
commit 8c408ebcd7
parent d86427f1dd
5 changed files with 117 additions and 2 deletions
--- a/src/assay.cc
+++ b/src/assay.cc
@ -305,6 +305,11 @@ int Assay::addRequestHeader(const std::string& key,

    this->store_variable("REQUEST_HEADERS:" + key, value);

+    if (tolower(key) == tolower("Authorization")) {
+        std::vector<std::string> type = split(value, ' ');
+        this->store_variable("AUTH_TYPE", type[0]);
+    }
+
    return 1;
 }

--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -56,7 +56,7 @@ OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida

 TRANSFORMATION  t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)

-VARIABLE       (?i:ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX)
+VARIABLE       (?i:AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX)

 VARIABLENOCOLON  (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE)

--- a/src/utils.cc
+++ b/src/utils.cc
@ -26,7 +26,7 @@
 #include <string>
 #include <iostream>
 #include <sstream>
-
+#include <cstring>

 #if defined _MSC_VER
 #include <direct.h>
@ -90,6 +90,18 @@ void chomp(std::string *str) {
 }


+std::string tolower(std::string str) {
+    std::locale loc;
+    std::string value;
+
+    for (std::string::size_type i=0; i < str.length(); ++i) {
+        value.assign(value + std::tolower(str[i], loc));
+    }
+
+    return value;
+}
+
+
 const char SAFE[256] = {
    /*      0 1 2 3  4 5 6 7  8 9 A B  C D E F */
    /* 0 */ 0, 0, 0, 0,  0, 0, 0, 0,  0, 0, 0, 0,  0, 0, 0, 0,
--- a/src/utils.h
+++ b/src/utils.h
@ -31,6 +31,7 @@ namespace ModSecurity {
    std::string dash_if_empty(const std::string& str);
    void chomp(std::string *str);
    std::string uri_decode(const std::string & sSrc);
+    std::string tolower(std::string str);
 }  // namespace ModSecurity

 #define SRC_UTILS_H_
--- a/test/test-cases/regression/variable-AUTH_TYPE.json
+++ b/test/test-cases/regression/variable-AUTH_TYPE.json
@ -0,0 +1,97 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: AUTH_TYPE",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+      },
+      "uri":"/",
+      "protocol":"POST",
+      "body": [
+        "param1=value1&param2=value2"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Basic\""
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecDebugLogLevel 9",
+      "SecRule AUTH_TYPE \"@contains test \" \"phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: AUTH_TYPE",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded",
+        "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+      },
+      "uri":"/",
+      "protocol":"POST",
+      "body": [
+        "param1=value1&param2=value2"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Basic\""
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecDebugLogLevel 9",
+      "SecRule AUTH_TYPE \"@contains test \" \"phase:3,pass,t:trim\""
+    ]
+  }
+]
+