From 8c408ebcd7bd9e57d213f8020186de6680d53697 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Tue, 14 Jul 2015 16:40:07 -0300 Subject: [PATCH] Adds support to AUTH_TYPE variable --- src/assay.cc | 5 + src/parser/seclang-scanner.ll | 2 +- src/utils.cc | 14 ++- src/utils.h | 1 + .../regression/variable-AUTH_TYPE.json | 97 +++++++++++++++++++ 5 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 test/test-cases/regression/variable-AUTH_TYPE.json diff --git a/src/assay.cc b/src/assay.cc index 19ab3482..99577023 100644 --- a/src/assay.cc +++ b/src/assay.cc @@ -305,6 +305,11 @@ int Assay::addRequestHeader(const std::string& key, this->store_variable("REQUEST_HEADERS:" + key, value); + if (tolower(key) == tolower("Authorization")) { + std::vector type = split(value, ' '); + this->store_variable("AUTH_TYPE", type[0]); + } + return 1; } diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index d68bef97..b73c6d1a 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -56,7 +56,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim) -VARIABLE (?i:ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX) +VARIABLE (?i:AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX) VARIABLENOCOLON (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE) diff --git a/src/utils.cc b/src/utils.cc index 95905e0d..a4e6eb0c 100644 --- a/src/utils.cc +++ b/src/utils.cc @@ -26,7 +26,7 @@ #include #include #include - +#include #if defined _MSC_VER #include @@ -90,6 +90,18 @@ void chomp(std::string *str) { } +std::string tolower(std::string str) { + std::locale loc; + std::string value; + + for (std::string::size_type i=0; i < str.length(); ++i) { + value.assign(value + std::tolower(str[i], loc)); + } + + return value; +} + + const char SAFE[256] = { /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ /* 0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, diff --git a/src/utils.h b/src/utils.h index 68b8b0e0..6804a4f2 100644 --- a/src/utils.h +++ b/src/utils.h @@ -31,6 +31,7 @@ namespace ModSecurity { std::string dash_if_empty(const std::string& str); void chomp(std::string *str); std::string uri_decode(const std::string & sSrc); + std::string tolower(std::string str); } // namespace ModSecurity #define SRC_UTILS_H_ diff --git a/test/test-cases/regression/variable-AUTH_TYPE.json b/test/test-cases/regression/variable-AUTH_TYPE.json new file mode 100644 index 00000000..71837754 --- /dev/null +++ b/test/test-cases/regression/variable-AUTH_TYPE.json @@ -0,0 +1,97 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: AUTH_TYPE", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded", + "Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" + }, + "uri":"/", + "protocol":"POST", + "body": [ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"Basic\"" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule AUTH_TYPE \"@contains test \" \"phase:3,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: AUTH_TYPE", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded", + "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" + }, + "uri":"/", + "protocol":"POST", + "body": [ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"Basic\"" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule AUTH_TYPE \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] +