github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Actions refactoring: now there is a clear definiation on the action name

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-05-17 14:36:59 -03:00
parent 1b88947d9b
commit 8c714af8e1
62 changed files with 431 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/actions/accuracy.cc
View File

@ -27,14 +27,16 @@
namespace modsecurity {
namespace actions {
Accuracy::Accuracy(std::string action)
: Action(action, ConfigurationKind),
m_accuracy_str(action) {
if (m_accuracy_str.at(0) == '\'') {
m_accuracy_str.erase(0, 1);
m_accuracy_str.pop_back();
bool Accuracy::init(std::string *error) {
try {
m_accuracy = std::stoi(m_parser_payload);
} catch (...) {
error->assign("Accuracy: The input \"" + m_parser_payload + "\" is " \
"not a number.");
return false;
}
m_accuracy = std::stoi(m_accuracy_str);
return true;
}
@ -43,5 +45,6 @@ bool Accuracy::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
} // namespace actions
} // namespace modsecurity

6
src/actions/accuracy.h
View File

@ -29,12 +29,14 @@ namespace actions {
class Accuracy : public Action {
public:
explicit Accuracy(std::string action);
explicit Accuracy(std::string action)
: Action(action, ConfigurationKind),
m_accuracy(0) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_accuracy_str;
int m_accuracy;
};

2
src/actions/action.cc
View File

@ -52,7 +52,7 @@ bool Action::evaluate(Rule *rule, Transaction *transaction) {
}
void Action::fill_intervention(ModSecurityIntervention *i) {
void Action::fillIntervention(ModSecurityIntervention *i) {
}
Action *Action::instantiate(const std::string& name) {

45
src/actions/action.h
View File

@ -35,21 +35,43 @@ class Action {
public:
explicit Action(const std::string& _action)
: action_kind(2),
action(_action),
name(_action),
m_name(""),
m_parser_payload(""),
m_isNone(false),
temporaryAction(false) {
name.erase(0, 2);
set_name_and_payload(_action);
}
explicit Action(const std::string& _action, int kind)
: action_kind(kind),
action(_action),
name(_action),
m_name(""),
m_parser_payload(""),
m_isNone(false),
temporaryAction(false) {
name.erase(0, 2);
set_name_and_payload(_action);
}
void set_name_and_payload(const std::string& data) {
size_t pos = data.find(":");
std::string t = "t:";
if (data.compare(0, t.length(), t) == 0) {
pos = data.find(":", 2);
}
if (pos == std::string::npos) {
m_name = data;
return;
}
m_name = std::string(data, 0, pos);
m_parser_payload = std::string(data, pos + 1, data.length());
if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) {
m_parser_payload.erase(0, 1);
m_parser_payload.pop_back();
}
}
virtual ~Action() { }
/**
*
@ -83,9 +105,6 @@ class Action {
RunTimeOnlyIfMatchKind,
};
std::string action;
int action_kind;
std::string name;
virtual std::string evaluate(std::string exp,
Transaction *transaction);
@ -94,14 +113,20 @@ class Action {
RuleMessage *ruleMessage) {
return evaluate(rule, transaction);
}
virtual bool init(std::string *error) { return true; }
virtual bool isDisruptive() { return false; }
virtual void fillIntervention(ModSecurityIntervention *intervention);
static Action *instantiate(const std::string& name);
virtual void fill_intervention(ModSecurityIntervention *intervention);
bool temporaryAction;
std::string m_name;
std::string m_parser_payload;
bool m_isNone;
int action_kind;
};

2
src/actions/audit_log.cc
View File

@ -23,10 +23,12 @@
namespace modsecurity {
namespace actions {
bool AuditLog::evaluate(Rule *rule, Transaction *transaction) {
transaction->m_toBeSavedInAuditlogs = true;
return true;
}
} // namespace actions
} // namespace modsecurity

1
src/actions/audit_log.h
View File

@ -37,6 +37,7 @@ class AuditLog : public Action {
bool evaluate(Rule *rule, Transaction *transaction) override;
};
} // namespace actions
} // namespace modsecurity
#endif

10
src/actions/block.cc
View File

@ -25,12 +25,6 @@
namespace modsecurity {
namespace actions {
Block::Block(std::string action)
: Action(action) {
this->action = action;
this->action_kind = 2;
}
bool Block::evaluate(Rule *rule, Transaction *transaction) {
#ifndef NO_LOGS
@ -44,9 +38,11 @@ bool Block::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
void Block::fill_intervention(ModSecurityIntervention *i) {
void Block::fillIntervention(ModSecurityIntervention *i) {
i->disruptive = true;
}
} // namespace actions
} // namespace modsecurity

5
src/actions/block.h
View File

@ -31,13 +31,14 @@ namespace actions {
class Block : public Action {
public:
explicit Block(std::string action);
explicit Block(std::string action) : Action(action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
void fill_intervention(ModSecurityIntervention *i) override;
void fillIntervention(ModSecurityIntervention *i) override;
bool isDisruptive() override { return true; }
};
} // namespace actions
} // namespace modsecurity
#endif

2
src/actions/capture.cc
View File

@ -31,6 +31,7 @@
namespace modsecurity {
namespace actions {
bool Capture::evaluate(Rule *rule, Transaction *transaction) {
if (transaction->m_matched.empty()) {
return false;
@ -46,5 +47,6 @@ bool Capture::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
} // namespace actions
} // namespace modsecurity

2
src/actions/chain.cc
View File

@ -25,11 +25,11 @@ namespace modsecurity {
namespace actions {
bool Chain::evaluate(Rule *rule, Transaction *transaction) {
rule->chained = true;
return true;
}
} // namespace actions
} // namespace modsecurity

8
src/actions/ctl_audit_log_parts.cc
View File

@ -23,11 +23,9 @@
namespace modsecurity {
namespace actions {
CtlAuditLogParts::CtlAuditLogParts(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
mPartsAction(0) {
std::string what(action, 18, 1);
mParts = std::string(action, 19, action.length()-19);
bool CtlAuditLogParts::init(std::string *error) {
std::string what(m_parser_payload, 14, 1);
mParts = std::string(m_parser_payload, 15, m_parser_payload.length()-15);
if (what == "+") {
mPartsAction = 0;
} else {

8
src/actions/ctl_audit_log_parts.h
View File

@ -27,9 +27,15 @@ namespace actions {
class CtlAuditLogParts : public Action {
public:
explicit CtlAuditLogParts(std::string action);
explicit CtlAuditLogParts(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
mPartsAction(0),
mParts("") { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
protected:
int mPartsAction;
std::string mParts;
};

10
src/actions/deny.cc
View File

@ -23,12 +23,6 @@
namespace modsecurity {
namespace actions {
Deny::Deny(std::string action)
: Action(action) {
this->action = action;
this->action_kind = 2;
}
bool Deny::evaluate(Rule *rule, Transaction *transaction) {
#ifndef NO_LOGS
@ -38,7 +32,8 @@ bool Deny::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
void Deny::fill_intervention(ModSecurityIntervention *i) {
void Deny::fillIntervention(ModSecurityIntervention *i) {
if (i->status == 200) {
i->status = 403;
}
@ -46,5 +41,6 @@ void Deny::fill_intervention(ModSecurityIntervention *i) {
i->disruptive = true;
}
} // namespace actions
} // namespace modsecurity

4
src/actions/deny.h
View File

@ -27,10 +27,10 @@ namespace actions {
class Deny : public Action {
public:
explicit Deny(std::string action);
explicit Deny(std::string action) : Action(action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
void fill_intervention(ModSecurityIntervention *i) override;
void fillIntervention(ModSecurityIntervention *i) override;
bool isDisruptive() override { return true; }
};

13
src/actions/init_col.cc
View File

@ -27,24 +27,19 @@
namespace modsecurity {
namespace actions {
InitCol::InitCol(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) {
}
bool InitCol::init(std::string *error) {
int posEquals = action.find("=");
int posInit = strlen("initcol:");
int posEquals = m_parser_payload.find("=");
if (action.size() < 8) {
if (m_parser_payload.size() < 8) {
return false;
}
if (posEquals == std::string::npos) {
return false;
}
m_collection_key = std::string(action, posInit, posEquals - posInit);
m_collection_value = std::string(action, posEquals + 1);
m_collection_key = std::string(m_parser_payload, 0, posEquals);
m_collection_value = std::string(m_parser_payload, posEquals + 1);
if (m_collection_key != "ip" && m_collection_key != "global") {
return false;

2
src/actions/init_col.h
View File

@ -29,7 +29,7 @@ namespace actions {
class InitCol : public Action {
public:
explicit InitCol(std::string action);
explicit InitCol(std::string action) : Action(action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;

2
src/actions/log.cc
View File

@ -23,6 +23,7 @@
namespace modsecurity {
namespace actions {
bool Log::evaluate(Rule *rule, Transaction *transaction) {
transaction->m_toBeSavedInAuditlogs = true;
/* FIXME: transaction->serverLog("Something...."); */
@ -30,5 +31,6 @@ bool Log::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
} // namespace actions
} // namespace modsecurity

9
src/actions/log_data.cc
View File

@ -27,16 +27,9 @@
namespace modsecurity {
namespace actions {
LogData::LogData(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
m_data(action) {
m_data.erase(0, 1);
m_data.pop_back();
}
bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
std::string data = MacroExpansion::expand(m_data, transaction);
std::string data = MacroExpansion::expand(m_parser_payload, transaction);
rm->m_data = data;

6
src/actions/log_data.h
View File

@ -29,13 +29,11 @@ namespace actions {
class LogData : public Action {
public:
explicit LogData(std::string action);
explicit LogData(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) override;
private:
std::string m_data;
};

17
src/actions/maturity.cc
View File

@ -27,14 +27,16 @@
namespace modsecurity {
namespace actions {
Maturity::Maturity(std::string action)
: Action(action, ConfigurationKind),
m_maturity_str(action) {
if (m_maturity_str.at(0) == '\'') {
m_maturity_str.erase(0, 1);
m_maturity_str.pop_back();
bool Maturity::init(std::string *error) {
try {
m_maturity = std::stoi(m_parser_payload);
} catch (...) {
error->assign("Maturity: The input \"" + m_parser_payload + "\" is " \
"not a number.");
return false;
}
m_maturity = std::stoi(m_maturity_str);
return true;
}
@ -43,5 +45,6 @@ bool Maturity::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
} // namespace actions
} // namespace modsecurity

6
src/actions/maturity.h
View File

@ -29,12 +29,14 @@ namespace actions {
class Maturity : public Action {
public:
explicit Maturity(std::string action);
explicit Maturity(std::string action)
: Action(action, ConfigurationKind),
m_maturity(0) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_maturity_str;
int m_maturity;
};

9
src/actions/msg.cc
View File

@ -45,16 +45,9 @@
namespace modsecurity {
namespace actions {
Msg::Msg(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
m_msg(action) {
m_msg.erase(0, 1);
m_msg.pop_back();
}
bool Msg::evaluate(Rule *rule, Transaction *transaction) {
std::string msg = MacroExpansion::expand(m_msg, transaction);
std::string msg = MacroExpansion::expand(m_parser_payload, transaction);
#ifndef NO_LOGS
transaction->debug(9, "Saving msg: " + msg);

6
src/actions/msg.h
View File

@ -29,12 +29,10 @@ namespace actions {
class Msg : public Action {
public:
explicit Msg(std::string action);
explicit Msg(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
private:
std::string m_msg;
};

2
src/actions/no_audit_log.cc
View File

@ -23,10 +23,12 @@
namespace modsecurity {
namespace actions {
bool NoAuditLog::evaluate(Rule *rule, Transaction *transaction) {
transaction->m_toNotBeSavedInAuditLogs = true;
return true;
}
} // namespace actions
} // namespace modsecurity

6
src/actions/pass.cc
View File

@ -24,12 +24,6 @@
namespace modsecurity {
namespace actions {
Pass::Pass(std::string action)
: Action(action) {
this->action = action;
this->action_kind = 2;
}
bool Pass::evaluate(Rule *rule, Transaction *transaction) {
transaction->m_actions.clear();

2
src/actions/pass.h
View File

@ -27,7 +27,7 @@ namespace actions {
class Pass : public Action {
public:
explicit Pass(std::string action);
explicit Pass(std::string action) : Action(action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool isDisruptive() override { return true; }

46
src/actions/phase.cc
View File

@ -26,51 +26,39 @@
namespace modsecurity {
namespace actions {
Phase::Phase(std::string action)
: Action(action),
m_secRulesPhase(0),
phase(0) {
this->action_kind = ConfigurationKind;
std::string a = action;
a.erase(0, 6);
if (a.at(0) == '\'') {
a.erase(0, 1);
a.pop_back();
}
bool Phase::init(std::string *error) {
std::string a = tolower(m_parser_payload);
try {
this->phase = std::stoi(a);
m_phase = std::stoi(m_parser_payload);
} catch (...) {
this->phase = 0;
if (tolower(a) == "request") {
this->phase = ModSecurity::Phases::RequestHeadersPhase;
m_phase = 0;
if (a == "request") {
m_phase = ModSecurity::Phases::RequestHeadersPhase;
m_secRulesPhase = 2;
}
if (tolower(a) == "response") {
this->phase = ModSecurity::Phases::ResponseBodyPhase;
if (a == "response") {
m_phase = ModSecurity::Phases::ResponseBodyPhase;
m_secRulesPhase = 4;
}
if (tolower(a) == "logging") {
this->phase = ModSecurity::Phases::LoggingPhase;
if (a == "logging") {
m_phase = ModSecurity::Phases::LoggingPhase;
m_secRulesPhase = 5;
}
}
if (this->phase == 0) {
if (m_phase == 0) {
/* Phase 0 is something new, we want to use as ConnectionPhase */
this->phase = ModSecurity::Phases::ConnectionPhase;
m_phase = ModSecurity::Phases::ConnectionPhase;
m_secRulesPhase = 1;
} else {
/* Otherwise we want to shift the rule to the correct phase */
m_secRulesPhase = phase;
this->phase = phase + 1;
m_secRulesPhase = m_phase;
m_phase = m_phase + 1;
}
}
bool Phase::init(std::string *error) {
if (phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
error->assign("Unknown phase: " + std::to_string(phase));
if (m_phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
error->assign("Unknown phase: " + std::to_string(m_phase));
return false;
}
return true;
@ -78,7 +66,7 @@ bool Phase::init(std::string *error) {
bool Phase::evaluate(Rule *rule, Transaction *transaction) {
rule->phase = this->phase;
rule->phase = m_phase;
return true;
}

7
src/actions/phase.h
View File

@ -32,11 +32,14 @@ namespace actions {
class Phase : public Action {
public:
explicit Phase(std::string action);
explicit Phase(std::string action) : Action(action, ConfigurationKind),
m_secRulesPhase(0),
m_phase(0) { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
int phase;
int m_phase;
int m_secRulesPhase;
};

19
src/actions/redirect.cc
View File

@ -24,20 +24,11 @@
namespace modsecurity {
namespace actions {
Redirect::~Redirect() {
}
Redirect::Redirect(const std::string& action)
: Action(action, RunTimeOnlyIfMatchKind),
m_url(action) {
// m_url = m_url.erase(0, 9);
if (m_url.at(0) == '\'') {
m_url.erase(0, 1);
if (m_url.size() > 0) {
m_url.pop_back();
}
}
bool Redirect::init(std::string *error) {
m_url = m_parser_payload;
m_status = 302;
return true;
}
@ -47,7 +38,8 @@ bool Redirect::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
void Redirect::fill_intervention(ModSecurityIntervention *i) {
void Redirect::fillIntervention(ModSecurityIntervention *i) {
/* if it was changed before, lets keep it. */
if (i->status == 200) {
i->status = m_status;
@ -57,5 +49,6 @@ void Redirect::fill_intervention(ModSecurityIntervention *i) {
i->disruptive = true;
}
} // namespace actions
} // namespace modsecurity

8
src/actions/redirect.h
View File

@ -30,12 +30,14 @@ namespace actions {
class Redirect : public Action {
public:
explicit Redirect(const std::string &action);
~Redirect() override;
explicit Redirect(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
void fill_intervention(ModSecurityIntervention *i) override;
bool init(std::string *error) override;
void fillIntervention(ModSecurityIntervention *i) override;
bool isDisruptive() override { return true; }
private:
int m_status;
std::string m_urlExpanded;

12
src/actions/rev.cc
View File

@ -27,13 +27,10 @@
namespace modsecurity {
namespace actions {
Rev::Rev(std::string action)
: Action(action, ConfigurationKind),
m_rev(action) {
if (m_rev.at(0) == '\'') {
m_rev.erase(0, 1);
m_rev.pop_back();
}
bool Rev::init(std::string *error) {
m_rev = m_parser_payload;
return true;
}
@ -42,5 +39,6 @@ bool Rev::evaluate(Rule *rule, Transaction *transaction) {
return true;
}
} // namespace actions
} // namespace modsecurity

3
src/actions/rev.h
View File

@ -29,9 +29,10 @@ namespace actions {
class Rev : public Action {
public:
explicit Rev(std::string action);
explicit Rev(std::string action) : Action(action, ConfigurationKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_rev;

10
src/actions/rule_id.cc
View File

@ -24,15 +24,11 @@
namespace modsecurity {
namespace actions {
bool RuleId::init(std::string *error) {
std::string a = action;
std::string a = m_parser_payload;
try {
a.erase(0, 3);
if (a.at(0) == '\'') {
a.erase(0, 1);
a.pop_back();
}
m_ruleId = std::stod(a);
} catch (...) {
m_ruleId = 0;
@ -51,10 +47,12 @@ bool RuleId::init(std::string *error) {
return true;
}
bool RuleId::evaluate(Rule *rule, Transaction *transaction) {
rule->rule_id = m_ruleId;
return true;
}
} // namespace actions
} // namespace modsecurity

4
src/actions/set_sid.cc
View File

@ -28,9 +28,11 @@ namespace actions {
bool SetSID::init(std::string *error) {
m_collection_key = std::string(action, 0, action.length());
m_collection_key = std::string(m_parser_payload, 0,
m_parser_payload.length());
if (m_collection_key.empty()) {
error->assign("Missing collection key");
return false;
}

1
src/actions/set_sid.h
View File

@ -34,6 +34,7 @@ class SetSID : public Action {
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_collection_key;
};

4
src/actions/set_uid.cc
View File

@ -28,9 +28,11 @@ namespace actions {
bool SetUID::init(std::string *error) {
m_collection_key = std::string(action, 0, action.length());
m_collection_key = std::string(m_parser_payload, 0,
m_parser_payload.length());
if (m_collection_key.empty()) {
error->assign("Missing collection key");
return false;
}

1
src/actions/set_uid.h
View File

@ -34,6 +34,7 @@ class SetUID : public Action {
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_collection_key;
};

85
src/actions/set_var.cc
View File

@ -26,65 +26,60 @@
namespace modsecurity {
namespace actions {
SetVar::SetVar(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) {
}
bool SetVar::init(std::string *error) {
size_t pos;
if (action.at(0) == '\'' && action.size() > 3) {
action.erase(0, 1);
action.pop_back();
}
// Resolv operation
operation = setToOne;
pos = action.find("=");
m_operation = setToOne;
pos = m_parser_payload.find("=");
if (pos != std::string::npos) {
operation = setOperation;
m_operation = setOperation;
}
pos = action.find("=+");
pos = m_parser_payload.find("=+");
if (pos != std::string::npos) {
operation = sumAndSetOperation;
m_operation = sumAndSetOperation;
}
pos = action.find("=-");
pos = m_parser_payload.find("=-");
if (pos != std::string::npos) {
operation = substractAndSetOperation;
m_operation = substractAndSetOperation;
}
// Collection name
pos = action.find(".");
pos = m_parser_payload.find(".");
if (pos != std::string::npos) {
collectionName = std::string(action, 0, pos);
collectionName = toupper(collectionName);
m_collectionName = std::string(m_parser_payload, 0, pos);
m_collectionName = toupper(m_collectionName);
} else {
error->assign("Missing the collection and/or variable name");
return false;
}
// Variable name
if (operation == setToOne) {
variableName = std::string(action, pos + 1, action.length()
if (m_operation == setToOne) {
m_variableName = std::string(m_parser_payload, pos + 1,
m_parser_payload.length()
- (pos + 1));
} else {
size_t pos2 = action.find("=");
variableName = std::string(action, pos + 1, pos2 - (pos + 1));
if (pos2 + 2 > action.length()) {
size_t pos2 = m_parser_payload.find("=");
m_variableName = std::string(m_parser_payload, pos + 1,
pos2 - (pos + 1));
if (pos2 + 2 > m_parser_payload.length()) {
error->assign("Something wrong with the input format");
return false;
}
if (operation == setOperation) {
predicate = std::string(action, pos2 + 1, action.length() - (pos2));
if (m_operation == setOperation) {
m_predicate = std::string(m_parser_payload, pos2 + 1,
m_parser_payload.length() - (pos2));
} else {
predicate = std::string(action, pos2 + 2, action.length()
m_predicate = std::string(m_parser_payload, pos2 + 2,
m_parser_payload.length()
- (pos2 + 1));
}
}
if (collectionName.empty() || variableName.empty()) {
if (m_collectionName.empty() || m_variableName.empty()) {
error->assign("Something wrong with the input format");
return false;
}
@ -92,22 +87,17 @@ bool SetVar::init(std::string *error) {
return true;
}
void SetVar::dump() {
std::cout << " Operation: " << std::to_string(operation) << std::endl;
std::cout << "Collection: " << collectionName << std::endl;
std::cout << " Variable: " << variableName << std::endl;
std::cout << " Predicate: " << predicate << std::endl;
}
bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
bool SetVar::evaluate(Rule *rule, Transaction *transm_parser_payload) {
std::string targetValue;
std::string variableNameExpanded = MacroExpansion::expand(variableName,
transaction);
std::string resolvedPre = MacroExpansion::expand(predicate, transaction);
std::string m_variableNameExpanded = MacroExpansion::expand(m_variableName,
transm_parser_payload);
std::string resolvedPre = MacroExpansion::expand(m_predicate,
transm_parser_payload);
if (operation == setOperation) {
if (m_operation == setOperation) {
targetValue = resolvedPre;
} else if (operation == setToOne) {
} else if (m_operation == setToOne) {
targetValue = std::string("1");
} else {
int pre = 0;
@ -121,8 +111,9 @@ bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
try {
std::string *resolvedValue =
transaction->m_collections.resolveFirst(collectionName,
variableNameExpanded);
transm_parser_payload->m_collections.resolveFirst(
m_collectionName,
m_variableNameExpanded);
if (resolvedValue == NULL) {
value = 0;
} else {
@ -132,7 +123,7 @@ bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
value = 0;
}
switch (operation) {
switch (m_operation) {
case sumAndSetOperation:
targetValue = std::to_string(value + pre);
break;
@ -143,11 +134,11 @@ bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
}
#ifndef NO_LOGS
transaction->debug(8, "Saving variable: " + collectionName + ":" + \
variableNameExpanded + " with value: " + targetValue);
transm_parser_payload->debug(8, "Saving variable: " + m_collectionName \
+ ":" + m_variableNameExpanded + " with value: " + targetValue);
#endif
transaction->m_collections.storeOrUpdateFirst(collectionName,
variableNameExpanded, targetValue);
transm_parser_payload->m_collections.storeOrUpdateFirst(m_collectionName,
m_variableNameExpanded, targetValue);
return true;
}

13
src/actions/set_var.h
View File

@ -29,16 +29,11 @@ namespace actions {
class SetVar : public Action {
public:
explicit SetVar(std::string action);
explicit SetVar(std::string action) : Action(action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
void dump();
bool init(std::string *error) override;
std::string collectionName;
std::string variableName;
std::string predicate;
enum SetVarOperation {
/* Set variable to something */
setOperation,
@ -50,7 +45,11 @@ class SetVar : public Action {
setToOne
};
SetVarOperation operation;
private:
SetVarOperation m_operation;
std::string m_collectionName;
std::string m_variableName;
std::string m_predicate;
};
} // namespace actions

57
src/actions/severity.cc
View File

@ -26,28 +26,44 @@
namespace modsecurity {
namespace actions {
Severity::Severity(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) {
std::string a = action;
if (tolower(a) == "emergency") {
this->m_severity = 0;
} else if (tolower(a) == "alert") {
this->m_severity = 1;
} else if (tolower(a) == "critical") {
this->m_severity = 2;
} else if (tolower(a) == "error") {
this->m_severity = 3;
} else if (tolower(a) == "warning") {
this->m_severity = 4;
} else if (tolower(a) == "notice") {
this->m_severity = 5;
} else if (tolower(a) == "info") {
this->m_severity = 6;
} else if (tolower(a) == "debug") {
this->m_severity = 7;
bool Severity::init(std::string *error) {
std::string a = tolower(m_parser_payload);
if (a == "emergency") {
m_severity = 0;
return true;
} else if (a == "alert") {
m_severity = 1;
return true;
} else if (a == "critical") {
m_severity = 2;
return true;
} else if (a == "error") {
m_severity = 3;
return true;
} else if (a == "warning") {
m_severity = 4;
return true;
} else if (a == "notice") {
m_severity = 5;
return true;
} else if (a == "info") {
m_severity = 6;
return true;
} else if (a == "debug") {
m_severity = 7;
return true;
} else {
this->m_severity = std::stod(a);
try {
m_severity = std::stoi(a);
return true;
} catch (...) {
error->assign("Severity: The input \"" + a + "\" is " \
"not a number.");
}
}
return false;
}
@ -67,5 +83,6 @@ bool Severity::evaluate(Rule *rule, Transaction *transaction,
return true;
}
} // namespace actions
} // namespace modsecurity

7
src/actions/severity.h
View File

@ -21,7 +21,6 @@
#define SRC_ACTIONS_SEVERITY_H_
#ifdef __cplusplus
class Transaction;
namespace modsecurity {
class Transaction;
@ -31,15 +30,19 @@ namespace actions {
class Severity : public Action {
public:
explicit Severity(std::string action);
explicit Severity(std::string action)
: Action(action),
m_severity(0) { }
bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) override;
bool init(std::string *error);
private:
int m_severity;
};
} // namespace actions
} // namespace modsecurity
#endif

10
src/actions/skip_after.cc
View File

@ -25,19 +25,15 @@
namespace modsecurity {
namespace actions {
SkipAfter::SkipAfter(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
m_marker(action) {
}
bool SkipAfter::evaluate(Rule *rule, Transaction *transaction) {
#ifndef NO_LOGS
transaction->debug(5, "Setting skipAfter for: " + m_marker);
transaction->debug(5, "Setting skipAfter for: " + m_parser_payload);
#endif
transaction->m_marker = m_marker;
transaction->m_marker = m_parser_payload;
return true;
}
} // namespace actions
} // namespace modsecurity

6
src/actions/skip_after.h
View File

@ -29,12 +29,10 @@ namespace actions {
class SkipAfter : public Action {
public:
explicit SkipAfter(std::string action);
explicit SkipAfter(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
private:
std::string m_marker;
};

22
src/actions/status.cc
View File

@ -23,13 +23,16 @@
namespace modsecurity {
namespace actions {
Status::Status(std::string action)
: Action(action) {
std::string a = action;
a.erase(0, 7);
this->action = action;
this->action_kind = 2;
this->status = stoi(a);
bool Status::init(std::string *error) {
try {
m_status = std::stoi(m_parser_payload);
} catch (...) {
error->assign("Not a valid number: " + m_parser_payload);
return false;
}
return true;
}
@ -39,10 +42,11 @@ bool Status::evaluate(Rule *rule, Transaction *transaction) {
}
void Status::fill_intervention(ModSecurityIntervention *i) {
i->status = this->status;
void Status::fillIntervention(ModSecurityIntervention *i) {
i->status = m_status;
i->log = "Status";
}
} // namespace actions
} // namespace modsecurity

9
src/actions/status.h
View File

@ -29,11 +29,14 @@ namespace actions {
class Status : public Action {
public:
explicit Status(std::string actions);
explicit Status(std::string action) : Action(action, 2) { }
bool init(std::string *error);
bool evaluate(Rule *rule, Transaction *transaction) override;
void fill_intervention(ModSecurityIntervention *i) override;
int status;
void fillIntervention(ModSecurityIntervention *i) override;
protected:
int m_status;
};
} // namespace actions

10
src/actions/tag.cc
View File

@ -49,16 +49,9 @@
namespace modsecurity {
namespace actions {
Tag::Tag(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
m_tag(action) {
m_tag.erase(0, 1);
m_tag.pop_back();
}
bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
std::string tag = MacroExpansion::expand(m_tag, transaction);
std::string tag = MacroExpansion::expand(m_parser_payload, transaction);
#ifndef NO_LOGS
transaction->debug(9, "Rule tag: " + tag);
@ -69,5 +62,6 @@ bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
return true;
}
} // namespace actions
} // namespace modsecurity

6
src/actions/tag.h
View File

@ -29,13 +29,11 @@ namespace actions {
class Tag : public Action {
public:
explicit Tag(std::string action);
explicit Tag(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) override;
private:
std::string m_tag;
};

12
src/actions/ver.cc
View File

@ -27,20 +27,12 @@
namespace modsecurity {
namespace actions {
Ver::Ver(std::string action)
: Action(action, ConfigurationKind),
m_ver(action) {
if (m_ver.at(0) == '\'') {
m_ver.erase(0, 1);
m_ver.pop_back();
}
}
bool Ver::evaluate(Rule *rule, Transaction *transaction) {
rule->m_ver = m_ver;
rule->m_ver = m_parser_payload;
return true;
}
} // namespace actions
} // namespace modsecurity

2
src/actions/ver.h
View File

@ -29,7 +29,7 @@ namespace actions {
class Ver : public Action {
public:
explicit Ver(std::string action);
explicit Ver(std::string action) : Action(action, ConfigurationKind) { }
bool evaluate(Rule *rule, Transaction *transaction) override;

8
src/actions/xmlns.cc
View File

@ -30,15 +30,15 @@ bool XmlNS::init(std::string *error) {
size_t pos;
std::string http = "http://";
pos = action.find("=");
pos = m_parser_payload.find("=");
if (pos == std::string::npos) {
error->assign("XMLS: Bad format, missing equals sign.");
return false;
}
m_name = std::string(action, 0, pos);
m_value = std::string(action, pos+1, action.size());
m_name = std::string(m_parser_payload, 0, pos);
m_value = std::string(m_parser_payload, pos+1, m_parser_payload.size());
if (m_value.empty() or m_name.empty()) {
if (m_value.empty() || m_name.empty()) {
error->assign("XMLS: XMLNS is invalid. Expecting a " \
"name=value format.");
return false;

79
src/parser/seclang-parser.yy
View File

@ -481,7 +481,7 @@ expression:
for (Action *a : *actions) {
Phase *phase = dynamic_cast<Phase *>(a);
if (phase != NULL) {
definedPhase = phase->phase;
definedPhase = phase->m_phase;
secRuleDefinedPhase = phase->m_secRulesPhase;
delete phase;
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind ||
@ -493,7 +493,7 @@ expression:
}
checkedActions.push_back(a);
} else {
driver.error(@0, "The action '" + a->action + "' is not suitable to be part of the SecDefaultActions");
driver.error(@0, "The action '" + a->m_name + "' is not suitable to be part of the SecDefaultActions");
YYERROR;
}
}
@ -863,11 +863,21 @@ act:
}
| TRANSFORMATION
{
std::string error;
$$ = Transformation::instantiate($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_ACCURACY
{
std::string error;
$$ = new Accuracy($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_EXEC
{
@ -907,15 +917,30 @@ act:
}
| ACTION_REDIRECT
{
std::string error;
$$ = new Redirect($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_SEVERITY
{
std::string error;
$$ = new Severity($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_EXPIREVAR
{
std::string error;
$$ = Action::instantiate($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_SETENV
{
@ -973,6 +998,7 @@ act:
}
| ACTION_SKIP
{
std::string error;
/*
TODO: skip is not implemented yet.
@ -980,38 +1006,82 @@ act:
$$ = new modsecurity::actions::SkipAfter($1);
*/
$$ = Action::instantiate($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_SKIP_AFTER
{
std::string error;
$$ = new modsecurity::actions::SkipAfter($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_AUDIT_LOG
{
std::string error;
$$ = new modsecurity::actions::AuditLog($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| LOG_DATA
{
std::string error;
$$ = new LogData($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_MSG
{
std::string error;
$$ = new Msg($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_TAG
{
std::string error;
$$ = new Tag($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_REV
{
std::string error;
$$ = new Rev($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_VER
{
std::string error;
$$ = new Ver($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_MATURITY
{
std::string error;
$$ = new Maturity($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_XMLNS
{
@ -1034,7 +1104,12 @@ act:
}
| ACTION_CTL_AUDIT_LOG_PARTS
{
std::string error;
$$ = new CtlAuditLogParts($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
}
| ACTION_CTL_FORCE_REQ_BODY_VAR CONFIG_VALUE_ON
{

72
src/parser/seclang-scanner.ll
View File

@ -320,89 +320,89 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
{ACTION} { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
{ACTION_PHASE} { return yy::seclang_parser::make_ACTION_PHASE(yytext, *driver.loc.back()); }
{ACTION_SKIP}:{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_ACTION_SKIP(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_SKIP}:{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_ACTION_SKIP(yytext, *driver.loc.back()); }
{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(yytext, *driver.loc.back()); }
{ACTION_AUDIT_LOG} { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }
{ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE} { return yy::seclang_parser::make_ACTION_SEVERITY(yytext + 9, *driver.loc.back()); }
{ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}' { return yy::seclang_parser::make_ACTION_SEVERITY(std::string(yytext, 10, yyleng - 11), *driver.loc.back()); }
{ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE} { return yy::seclang_parser::make_ACTION_SEVERITY(yytext, *driver.loc.back()); }
{ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}' { return yy::seclang_parser::make_ACTION_SEVERITY(yytext, *driver.loc.back()); }
{ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_EXEC(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_EXEC(yytext, *driver.loc.back());
}
{ACTION_EXEC}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_EXEC(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_EXEC(yytext, *driver.loc.back());
}
{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
}
{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
}
{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
}
{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
}
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
}
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
}
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
}
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
}
{ACTION_SETSID}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETSID(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETSID(yytext, *driver.loc.back());
}
{ACTION_SETSID}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETSID(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETSID(yytext, *driver.loc.back());
}
{ACTION_SETUID}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETUID(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETUID(yytext, *driver.loc.back());
}
{ACTION_SETUID}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETUID(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETUID(yytext, *driver.loc.back());
}
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
}
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}' {
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
}
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
}
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE_COMMA} {
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
}
{ACTION_XMLNS}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_XMLNS(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_XMLNS}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_XMLNS(yytext, *driver.loc.back()); }
{LOG_DATA}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_LOG_DATA(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_MSG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_ALLOW}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ALLOW(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_ALLOW}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_ALLOW(strchr(yytext, ':') + 1, *driver.loc.back()); }
{LOG_DATA}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_LOG_DATA(yytext, *driver.loc.back()); }
{ACTION_MSG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MSG(yytext, *driver.loc.back()); }
{ACTION_ALLOW}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ALLOW(yytext, *driver.loc.back()); }
{ACTION_ALLOW}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_ALLOW(yytext, *driver.loc.back()); }
{ACTION_ALLOW} { return yy::seclang_parser::make_ACTION_ALLOW("", *driver.loc.back()); }
{ACTION_REDIRECT}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_REDIRECT(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_TAG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}' { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REV}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_VER}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_VER(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_MATURITY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MATURITY(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_MATURITY(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_ACCURACY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_REDIRECT}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_REDIRECT(yytext, *driver.loc.back()); }
{ACTION_TAG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_TAG(yytext, *driver.loc.back()); }
{ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}' { return yy::seclang_parser::make_ACTION_REV(yytext, *driver.loc.back()); }
{ACTION_REV}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_REV(yytext, *driver.loc.back()); }
{ACTION_VER}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_VER(yytext, *driver.loc.back()); }
{ACTION_MATURITY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MATURITY(yytext, *driver.loc.back()); }
{ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_MATURITY(yytext, *driver.loc.back()); }
{ACTION_ACCURACY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ACCURACY(yytext, *driver.loc.back()); }
{ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(yytext, *driver.loc.back()); }
{ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); }
{ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); }
{ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); }

41
src/rule.cc
View File

@ -116,7 +116,7 @@ Rule::Rule(Operator *_op,
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
actions_runtime_pos.push_back(a);
} else {
std::cout << "General failure, action: " << a->name;
std::cout << "General failure, action: " << a->m_name;
std::cout << " has an unknown type." << std::endl;
delete a;
}
@ -141,13 +141,13 @@ Rule::Rule(Operator *_op,
std::vector<std::string> Rule::getActionNames() {
std::vector<std::string> a;
for (auto &z : this->actions_runtime_pos) {
a.push_back(z->action);
a.push_back(z->m_name);
}
for (auto &z : this->actions_runtime_pre) {
a.push_back(z->action);
a.push_back(z->m_name);
}
for (auto &z : this->actions_conf) {
a.push_back(z->action);
a.push_back(z->m_name);
}
return a;
@ -201,7 +201,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
if (a->isDisruptive() == false) {
#ifndef NO_LOGS
trasn->debug(4, "Running (_non_ disruptive) action: " +
a->action);
a->m_name);
#endif
a->evaluate(this, trasn);
} else {
@ -215,7 +215,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
if (containsDisruptive) {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) " \
"_ignoring_ action: " + a->action + \
"_ignoring_ action: " + a->m_name + \
" (rule contains a disruptive action)");
#endif
} else {
@ -223,7 +223,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
== Rules::EnabledRuleEngine) {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) " \
"Running action: " + a->action + \
"Running action: " + a->m_name + \
" (rule _does not_ contains a " \
"disruptive action)");
#endif
@ -231,7 +231,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
} else {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) " \
"_Not_ running action: " + a->action + \
"_Not_ running action: " + a->m_name + \
". Rule _does not_ contains a " \
"disruptive action, but SecRuleEngine is not On.");
#endif
@ -240,7 +240,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
} else {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) Running action: " + \
a->action);
a->m_name);
a->evaluate(this, trasn);
#endif
}
@ -252,13 +252,13 @@ bool Rule::evaluateActions(Transaction *trasn) {
&& trasn->m_rules->secRuleEngine
== Rules::EnabledRuleEngine) {
#ifndef NO_LOGS
trasn->debug(4, "Running (disruptive) action: " + a->action);
trasn->debug(4, "Running (disruptive) action: " + a->m_name);
#endif
a->evaluate(this, trasn);
} else if (a->isDisruptive()) {
#ifndef NO_LOGS
trasn->debug(4, "Not running disruptive action: " + \
a->action + ". SecRuleEngine is not On");
a->m_name + ". SecRuleEngine is not On");
#endif
}
}
@ -353,7 +353,7 @@ bool Rule::evaluate(Transaction *trasn) {
#ifndef NO_LOGS
trasn->debug(9, "(SecDefaultAction) T (" + \
std::to_string(transformations) + ") " + \
a->name + ": \"" + value +"\"");
a->m_name + ": \"" + value +"\"");
#endif
transformations++;
}
@ -366,7 +366,7 @@ bool Rule::evaluate(Transaction *trasn) {
#ifndef NO_LOGS
trasn->debug(9, " T (" + \
std::to_string(transformations) + ") " + \
a->name + ": \"" + value +"\"");
a->m_name + ": \"" + value +"\"");
#endif
transformations++;
}
@ -439,7 +439,7 @@ bool Rule::evaluate(Transaction *trasn) {
#ifndef NO_LOGS
trasn->debug(4,
"(SecDefaultAction) _ignoring_ " \
"action: " + a->action + \
"action: " + a->m_name + \
" (rule contains a disruptive action)");
#endif
} else {
@ -447,7 +447,7 @@ bool Rule::evaluate(Transaction *trasn) {
== Rules::EnabledRuleEngine) {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) " \
"Running action: " + a->action + \
"Running action: " + a->m_name + \
" (rule _does not_ contains a " \
"disruptive action)");
#endif
@ -456,7 +456,7 @@ bool Rule::evaluate(Transaction *trasn) {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) " \
"_Not_ running action: " \
+ a->action + ". Rule _does not_" \
+ a->m_name + ". Rule _does not_" \
+ " contains a disruptive action,"\
+ " but SecRuleEngine is not On.");
#endif
@ -465,7 +465,7 @@ bool Rule::evaluate(Transaction *trasn) {
} else {
#ifndef NO_LOGS
trasn->debug(4, "(SecDefaultAction) Running " \
"action: " + a->action + "!!" \
"action: " + a->m_name + "!!" \
+ std::to_string(a->isDisruptive()));
#endif
a->evaluate(this, trasn);
@ -479,19 +479,20 @@ bool Rule::evaluate(Transaction *trasn) {
== Rules::EnabledRuleEngine) {
#ifndef NO_LOGS
trasn->debug(4, "Running (disruptive) " \
"action: " + a->action);
"action: " + a->m_name);
#endif
a->evaluate(this, trasn);
} else if (a->isDisruptive()) {
#ifndef NO_LOGS
trasn->debug(4,
"Not running disruptive action: " + \
a->action + ". SecRuleEngine is not On");
a->m_name + ". SecRuleEngine " + \
"is not On");
#endif
} else if (!a->isDisruptive()) {
#ifndef NO_LOGS
trasn->debug(4, "Running (_non_ disruptive) " \
"action: " + a->action);
"action: " + a->m_name);
#endif
a->evaluate(this, trasn, ruleMessage);
}

2
src/transaction.cc
View File

@ -1268,7 +1268,7 @@ bool Transaction::intervention(ModSecurityIntervention *it) {
if (m_actions.size() > 0) {
for (Action *a : m_actions) {
if (a->action_kind == Action::Kind::RunTimeOnlyIfMatchKind) {
a->fill_intervention(it);
a->fillIntervention(it);
}
if (a->temporaryAction) {
delete a;

4
test/test-cases/regression/action-id.json
View File

@ -128,7 +128,7 @@
]
},
"expected":{
"debug_log": " trim: \"value2\""
"debug_log": " t:trim: \"value2\""
},
"rules":[
"SecRuleEngine On",
@ -174,7 +174,7 @@
]
},
"expected":{
"debug_log": " trim: \"value2\""
"debug_log": " t:trim: \"value2\""
},
"rules":[
"SecRuleEngine On",

12
test/test-cases/regression/actions.json
View File

@ -49,7 +49,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 403
},
@ -110,7 +110,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 302,
"redirect_url": "http://www.google.com"
@ -172,7 +172,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 500,
"redirect_url": "http://www.google.com"
@ -234,7 +234,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 500
},
@ -295,7 +295,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 500
},
@ -356,7 +356,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 500
},

6
test/test-cases/regression/auditlog.json
View File

@ -40,7 +40,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 403
},
@ -99,7 +99,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 403
},
@ -159,7 +159,7 @@
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
"error_log": "",
"http_code": 403
},

2
test/test-cases/regression/config-response_type.json
View File

@ -31,7 +31,7 @@
]
},
"expected":{
"debug_log":"T \\(0\\) trim: \"no need.\""
"debug_log":"T \\(0\\) t:trim: \"no need.\""
},
"rules":[
"SecRuleEngine On",

2
test/test-cases/regression/config-secdefaultaction.json
View File

@ -205,7 +205,7 @@
"version_max":0,
"title":"Testing action :: SecDefaultAction: action not suitable",
"expected":{
"parser_error":"The action 'id:1' is not suitable to be part of the SecDefaultActions"
"parser_error":"The action 'id' is not suitable to be part of the SecDefaultActions"
},
"rules":[
"SecRuleEngine On",

2
test/test-cases/regression/transformations.json
View File

@ -49,7 +49,7 @@
},
"expected": {
"audit_log": "",
"debug_log": " trim: \"test\"",
"debug_log": " t:trim: \"test\"",
"error_log": ""
},
"rules": [

2
test/test-cases/regression/variable-FILES.json
View File

@ -51,7 +51,7 @@
]
},
"expected":{
"debug_log":"T \\(1\\) trim: \"small_text_file"
"debug_log":"T \\(1\\) t:trim: \"small_text_file"
},
"rules":[
"SecRuleEngine On",

2
test/test-cases/regression/variable-FILES_NAMES.json
View File

@ -51,7 +51,7 @@
]
},
"expected":{
"debug_log":"T \\(1\\) trim: \"filedata"
"debug_log":"T \\(1\\) t:trim: \"filedata"
},
"rules":[
"SecRuleEngine On",