mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 11:44:32 +03:00
Actions refactoring: now there is a clear definiation on the action name
This commit is contained in:
Felipe Zimmerle
@@ -27,14 +27,16 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Accuracy::Accuracy(std::string action)
|
|
||||||
: Action(action, ConfigurationKind),
|
bool Accuracy::init(std::string *error) {
|
||||||
m_accuracy_str(action) {
|
try {
|
||||||
if (m_accuracy_str.at(0) == '\'') {
|
m_accuracy = std::stoi(m_parser_payload);
|
||||||
m_accuracy_str.erase(0, 1);
|
} catch (...) {
|
||||||
m_accuracy_str.pop_back();
|
error->assign("Accuracy: The input \"" + m_parser_payload + "\" is " \
|
||||||
|
"not a number.");
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
m_accuracy = std::stoi(m_accuracy_str);
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -43,5 +45,6 @@ bool Accuracy::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,12 +29,14 @@ namespace actions {
|
|||||||
|
|
||||||
class Accuracy : public Action {
|
class Accuracy : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Accuracy(std::string action);
|
explicit Accuracy(std::string action)
|
||||||
|
: Action(action, ConfigurationKind),
|
||||||
|
m_accuracy(0) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::string m_accuracy_str;
|
|
||||||
int m_accuracy;
|
int m_accuracy;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ bool Action::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void Action::fill_intervention(ModSecurityIntervention *i) {
|
void Action::fillIntervention(ModSecurityIntervention *i) {
|
||||||
}
|
}
|
||||||
|
|
||||||
Action *Action::instantiate(const std::string& name) {
|
Action *Action::instantiate(const std::string& name) {
|
||||||
|
|||||||
@@ -35,21 +35,43 @@ class Action {
|
|||||||
public:
|
public:
|
||||||
explicit Action(const std::string& _action)
|
explicit Action(const std::string& _action)
|
||||||
: action_kind(2),
|
: action_kind(2),
|
||||||
action(_action),
|
m_name(""),
|
||||||
name(_action),
|
m_parser_payload(""),
|
||||||
m_isNone(false),
|
m_isNone(false),
|
||||||
temporaryAction(false) {
|
temporaryAction(false) {
|
||||||
name.erase(0, 2);
|
set_name_and_payload(_action);
|
||||||
}
|
}
|
||||||
explicit Action(const std::string& _action, int kind)
|
explicit Action(const std::string& _action, int kind)
|
||||||
: action_kind(kind),
|
: action_kind(kind),
|
||||||
action(_action),
|
m_name(""),
|
||||||
name(_action),
|
m_parser_payload(""),
|
||||||
m_isNone(false),
|
m_isNone(false),
|
||||||
temporaryAction(false) {
|
temporaryAction(false) {
|
||||||
name.erase(0, 2);
|
set_name_and_payload(_action);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void set_name_and_payload(const std::string& data) {
|
||||||
|
size_t pos = data.find(":");
|
||||||
|
std::string t = "t:";
|
||||||
|
|
||||||
|
if (data.compare(0, t.length(), t) == 0) {
|
||||||
|
pos = data.find(":", 2);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pos == std::string::npos) {
|
||||||
|
m_name = data;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
m_name = std::string(data, 0, pos);
|
||||||
|
m_parser_payload = std::string(data, pos + 1, data.length());
|
||||||
|
|
||||||
|
if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) {
|
||||||
|
m_parser_payload.erase(0, 1);
|
||||||
|
m_parser_payload.pop_back();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
virtual ~Action() { }
|
virtual ~Action() { }
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
@@ -83,9 +105,6 @@ class Action {
|
|||||||
RunTimeOnlyIfMatchKind,
|
RunTimeOnlyIfMatchKind,
|
||||||
};
|
};
|
||||||
|
|
||||||
std::string action;
|
|
||||||
int action_kind;
|
|
||||||
std::string name;
|
|
||||||
|
|
||||||
virtual std::string evaluate(std::string exp,
|
virtual std::string evaluate(std::string exp,
|
||||||
Transaction *transaction);
|
Transaction *transaction);
|
||||||
@@ -94,14 +113,20 @@ class Action {
|
|||||||
RuleMessage *ruleMessage) {
|
RuleMessage *ruleMessage) {
|
||||||
return evaluate(rule, transaction);
|
return evaluate(rule, transaction);
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual bool init(std::string *error) { return true; }
|
virtual bool init(std::string *error) { return true; }
|
||||||
|
|
||||||
virtual bool isDisruptive() { return false; }
|
virtual bool isDisruptive() { return false; }
|
||||||
|
|
||||||
|
virtual void fillIntervention(ModSecurityIntervention *intervention);
|
||||||
|
|
||||||
static Action *instantiate(const std::string& name);
|
static Action *instantiate(const std::string& name);
|
||||||
|
|
||||||
virtual void fill_intervention(ModSecurityIntervention *intervention);
|
|
||||||
bool temporaryAction;
|
bool temporaryAction;
|
||||||
|
std::string m_name;
|
||||||
|
std::string m_parser_payload;
|
||||||
bool m_isNone;
|
bool m_isNone;
|
||||||
|
int action_kind;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -23,10 +23,12 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
bool AuditLog::evaluate(Rule *rule, Transaction *transaction) {
|
bool AuditLog::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
transaction->m_toBeSavedInAuditlogs = true;
|
transaction->m_toBeSavedInAuditlogs = true;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -37,6 +37,7 @@ class AuditLog : public Action {
|
|||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -25,12 +25,6 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Block::Block(std::string action)
|
|
||||||
: Action(action) {
|
|
||||||
this->action = action;
|
|
||||||
this->action_kind = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool Block::evaluate(Rule *rule, Transaction *transaction) {
|
bool Block::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
@@ -44,9 +38,11 @@ bool Block::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Block::fill_intervention(ModSecurityIntervention *i) {
|
|
||||||
|
void Block::fillIntervention(ModSecurityIntervention *i) {
|
||||||
i->disruptive = true;
|
i->disruptive = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -31,13 +31,14 @@ namespace actions {
|
|||||||
|
|
||||||
class Block : public Action {
|
class Block : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Block(std::string action);
|
explicit Block(std::string action) : Action(action) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
void fill_intervention(ModSecurityIntervention *i) override;
|
void fillIntervention(ModSecurityIntervention *i) override;
|
||||||
bool isDisruptive() override { return true; }
|
bool isDisruptive() override { return true; }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -31,6 +31,7 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
bool Capture::evaluate(Rule *rule, Transaction *transaction) {
|
bool Capture::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
if (transaction->m_matched.empty()) {
|
if (transaction->m_matched.empty()) {
|
||||||
return false;
|
return false;
|
||||||
@@ -46,5 +47,6 @@ bool Capture::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -25,11 +25,11 @@ namespace modsecurity {
|
|||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
bool Chain::evaluate(Rule *rule, Transaction *transaction) {
|
bool Chain::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
rule->chained = true;
|
rule->chained = true;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -23,11 +23,9 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
CtlAuditLogParts::CtlAuditLogParts(std::string action)
|
bool CtlAuditLogParts::init(std::string *error) {
|
||||||
: Action(action, RunTimeOnlyIfMatchKind),
|
std::string what(m_parser_payload, 14, 1);
|
||||||
mPartsAction(0) {
|
mParts = std::string(m_parser_payload, 15, m_parser_payload.length()-15);
|
||||||
std::string what(action, 18, 1);
|
|
||||||
mParts = std::string(action, 19, action.length()-19);
|
|
||||||
if (what == "+") {
|
if (what == "+") {
|
||||||
mPartsAction = 0;
|
mPartsAction = 0;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -27,9 +27,15 @@ namespace actions {
|
|||||||
|
|
||||||
class CtlAuditLogParts : public Action {
|
class CtlAuditLogParts : public Action {
|
||||||
public:
|
public:
|
||||||
explicit CtlAuditLogParts(std::string action);
|
explicit CtlAuditLogParts(std::string action)
|
||||||
|
: Action(action, RunTimeOnlyIfMatchKind),
|
||||||
|
mPartsAction(0),
|
||||||
|
mParts("") { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
|
protected:
|
||||||
int mPartsAction;
|
int mPartsAction;
|
||||||
std::string mParts;
|
std::string mParts;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -23,12 +23,6 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Deny::Deny(std::string action)
|
|
||||||
: Action(action) {
|
|
||||||
this->action = action;
|
|
||||||
this->action_kind = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool Deny::evaluate(Rule *rule, Transaction *transaction) {
|
bool Deny::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
@@ -38,7 +32,8 @@ bool Deny::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Deny::fill_intervention(ModSecurityIntervention *i) {
|
|
||||||
|
void Deny::fillIntervention(ModSecurityIntervention *i) {
|
||||||
if (i->status == 200) {
|
if (i->status == 200) {
|
||||||
i->status = 403;
|
i->status = 403;
|
||||||
}
|
}
|
||||||
@@ -46,5 +41,6 @@ void Deny::fill_intervention(ModSecurityIntervention *i) {
|
|||||||
i->disruptive = true;
|
i->disruptive = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -27,10 +27,10 @@ namespace actions {
|
|||||||
|
|
||||||
class Deny : public Action {
|
class Deny : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Deny(std::string action);
|
explicit Deny(std::string action) : Action(action) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
void fill_intervention(ModSecurityIntervention *i) override;
|
void fillIntervention(ModSecurityIntervention *i) override;
|
||||||
bool isDisruptive() override { return true; }
|
bool isDisruptive() override { return true; }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -27,24 +27,19 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
InitCol::InitCol(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind) {
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool InitCol::init(std::string *error) {
|
bool InitCol::init(std::string *error) {
|
||||||
int posEquals = action.find("=");
|
int posEquals = m_parser_payload.find("=");
|
||||||
int posInit = strlen("initcol:");
|
|
||||||
|
|
||||||
if (action.size() < 8) {
|
if (m_parser_payload.size() < 8) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (posEquals == std::string::npos) {
|
if (posEquals == std::string::npos) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
m_collection_key = std::string(action, posInit, posEquals - posInit);
|
m_collection_key = std::string(m_parser_payload, 0, posEquals);
|
||||||
m_collection_value = std::string(action, posEquals + 1);
|
m_collection_value = std::string(m_parser_payload, posEquals + 1);
|
||||||
|
|
||||||
if (m_collection_key != "ip" && m_collection_key != "global") {
|
if (m_collection_key != "ip" && m_collection_key != "global") {
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ namespace actions {
|
|||||||
|
|
||||||
class InitCol : public Action {
|
class InitCol : public Action {
|
||||||
public:
|
public:
|
||||||
explicit InitCol(std::string action);
|
explicit InitCol(std::string action) : Action(action) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
bool init(std::string *error) override;
|
bool init(std::string *error) override;
|
||||||
|
|||||||
@@ -23,6 +23,7 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
bool Log::evaluate(Rule *rule, Transaction *transaction) {
|
bool Log::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
transaction->m_toBeSavedInAuditlogs = true;
|
transaction->m_toBeSavedInAuditlogs = true;
|
||||||
/* FIXME: transaction->serverLog("Something...."); */
|
/* FIXME: transaction->serverLog("Something...."); */
|
||||||
@@ -30,5 +31,6 @@ bool Log::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -27,16 +27,9 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
LogData::LogData(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind),
|
|
||||||
m_data(action) {
|
|
||||||
m_data.erase(0, 1);
|
|
||||||
m_data.pop_back();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
|
bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
|
||||||
std::string data = MacroExpansion::expand(m_data, transaction);
|
std::string data = MacroExpansion::expand(m_parser_payload, transaction);
|
||||||
|
|
||||||
rm->m_data = data;
|
rm->m_data = data;
|
||||||
|
|
||||||
|
|||||||
@@ -29,13 +29,11 @@ namespace actions {
|
|||||||
|
|
||||||
class LogData : public Action {
|
class LogData : public Action {
|
||||||
public:
|
public:
|
||||||
explicit LogData(std::string action);
|
explicit LogData(std::string action)
|
||||||
|
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction,
|
bool evaluate(Rule *rule, Transaction *transaction,
|
||||||
RuleMessage *rm) override;
|
RuleMessage *rm) override;
|
||||||
|
|
||||||
private:
|
|
||||||
std::string m_data;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -27,14 +27,16 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Maturity::Maturity(std::string action)
|
|
||||||
: Action(action, ConfigurationKind),
|
bool Maturity::init(std::string *error) {
|
||||||
m_maturity_str(action) {
|
try {
|
||||||
if (m_maturity_str.at(0) == '\'') {
|
m_maturity = std::stoi(m_parser_payload);
|
||||||
m_maturity_str.erase(0, 1);
|
} catch (...) {
|
||||||
m_maturity_str.pop_back();
|
error->assign("Maturity: The input \"" + m_parser_payload + "\" is " \
|
||||||
|
"not a number.");
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
m_maturity = std::stoi(m_maturity_str);
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -43,5 +45,6 @@ bool Maturity::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,12 +29,14 @@ namespace actions {
|
|||||||
|
|
||||||
class Maturity : public Action {
|
class Maturity : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Maturity(std::string action);
|
explicit Maturity(std::string action)
|
||||||
|
: Action(action, ConfigurationKind),
|
||||||
|
m_maturity(0) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::string m_maturity_str;
|
|
||||||
int m_maturity;
|
int m_maturity;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -45,16 +45,9 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Msg::Msg(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind),
|
|
||||||
m_msg(action) {
|
|
||||||
m_msg.erase(0, 1);
|
|
||||||
m_msg.pop_back();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool Msg::evaluate(Rule *rule, Transaction *transaction) {
|
bool Msg::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
std::string msg = MacroExpansion::expand(m_msg, transaction);
|
std::string msg = MacroExpansion::expand(m_parser_payload, transaction);
|
||||||
|
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
transaction->debug(9, "Saving msg: " + msg);
|
transaction->debug(9, "Saving msg: " + msg);
|
||||||
|
|||||||
@@ -29,12 +29,10 @@ namespace actions {
|
|||||||
|
|
||||||
class Msg : public Action {
|
class Msg : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Msg(std::string action);
|
explicit Msg(std::string action)
|
||||||
|
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
|
||||||
private:
|
|
||||||
std::string m_msg;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -23,10 +23,12 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
bool NoAuditLog::evaluate(Rule *rule, Transaction *transaction) {
|
bool NoAuditLog::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
transaction->m_toNotBeSavedInAuditLogs = true;
|
transaction->m_toNotBeSavedInAuditLogs = true;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -24,12 +24,6 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Pass::Pass(std::string action)
|
|
||||||
: Action(action) {
|
|
||||||
this->action = action;
|
|
||||||
this->action_kind = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool Pass::evaluate(Rule *rule, Transaction *transaction) {
|
bool Pass::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
transaction->m_actions.clear();
|
transaction->m_actions.clear();
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ namespace actions {
|
|||||||
|
|
||||||
class Pass : public Action {
|
class Pass : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Pass(std::string action);
|
explicit Pass(std::string action) : Action(action) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
bool isDisruptive() override { return true; }
|
bool isDisruptive() override { return true; }
|
||||||
|
|||||||
@@ -26,51 +26,39 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Phase::Phase(std::string action)
|
bool Phase::init(std::string *error) {
|
||||||
: Action(action),
|
std::string a = tolower(m_parser_payload);
|
||||||
m_secRulesPhase(0),
|
|
||||||
phase(0) {
|
|
||||||
this->action_kind = ConfigurationKind;
|
|
||||||
std::string a = action;
|
|
||||||
a.erase(0, 6);
|
|
||||||
if (a.at(0) == '\'') {
|
|
||||||
a.erase(0, 1);
|
|
||||||
a.pop_back();
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
this->phase = std::stoi(a);
|
m_phase = std::stoi(m_parser_payload);
|
||||||
} catch (...) {
|
} catch (...) {
|
||||||
this->phase = 0;
|
m_phase = 0;
|
||||||
if (tolower(a) == "request") {
|
if (a == "request") {
|
||||||
this->phase = ModSecurity::Phases::RequestHeadersPhase;
|
m_phase = ModSecurity::Phases::RequestHeadersPhase;
|
||||||
m_secRulesPhase = 2;
|
m_secRulesPhase = 2;
|
||||||
}
|
}
|
||||||
if (tolower(a) == "response") {
|
if (a == "response") {
|
||||||
this->phase = ModSecurity::Phases::ResponseBodyPhase;
|
m_phase = ModSecurity::Phases::ResponseBodyPhase;
|
||||||
m_secRulesPhase = 4;
|
m_secRulesPhase = 4;
|
||||||
}
|
}
|
||||||
if (tolower(a) == "logging") {
|
if (a == "logging") {
|
||||||
this->phase = ModSecurity::Phases::LoggingPhase;
|
m_phase = ModSecurity::Phases::LoggingPhase;
|
||||||
m_secRulesPhase = 5;
|
m_secRulesPhase = 5;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this->phase == 0) {
|
if (m_phase == 0) {
|
||||||
/* Phase 0 is something new, we want to use as ConnectionPhase */
|
/* Phase 0 is something new, we want to use as ConnectionPhase */
|
||||||
this->phase = ModSecurity::Phases::ConnectionPhase;
|
m_phase = ModSecurity::Phases::ConnectionPhase;
|
||||||
m_secRulesPhase = 1;
|
m_secRulesPhase = 1;
|
||||||
} else {
|
} else {
|
||||||
/* Otherwise we want to shift the rule to the correct phase */
|
/* Otherwise we want to shift the rule to the correct phase */
|
||||||
m_secRulesPhase = phase;
|
m_secRulesPhase = m_phase;
|
||||||
this->phase = phase + 1;
|
m_phase = m_phase + 1;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
if (m_phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
|
||||||
bool Phase::init(std::string *error) {
|
error->assign("Unknown phase: " + std::to_string(m_phase));
|
||||||
if (phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
|
|
||||||
error->assign("Unknown phase: " + std::to_string(phase));
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
@@ -78,7 +66,7 @@ bool Phase::init(std::string *error) {
|
|||||||
|
|
||||||
|
|
||||||
bool Phase::evaluate(Rule *rule, Transaction *transaction) {
|
bool Phase::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
rule->phase = this->phase;
|
rule->phase = m_phase;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -32,11 +32,14 @@ namespace actions {
|
|||||||
|
|
||||||
class Phase : public Action {
|
class Phase : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Phase(std::string action);
|
explicit Phase(std::string action) : Action(action, ConfigurationKind),
|
||||||
|
m_secRulesPhase(0),
|
||||||
|
m_phase(0) { }
|
||||||
|
|
||||||
bool init(std::string *error) override;
|
bool init(std::string *error) override;
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
int phase;
|
|
||||||
|
int m_phase;
|
||||||
int m_secRulesPhase;
|
int m_secRulesPhase;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -24,20 +24,11 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Redirect::~Redirect() {
|
|
||||||
}
|
|
||||||
|
|
||||||
Redirect::Redirect(const std::string& action)
|
bool Redirect::init(std::string *error) {
|
||||||
: Action(action, RunTimeOnlyIfMatchKind),
|
m_url = m_parser_payload;
|
||||||
m_url(action) {
|
|
||||||
// m_url = m_url.erase(0, 9);
|
|
||||||
if (m_url.at(0) == '\'') {
|
|
||||||
m_url.erase(0, 1);
|
|
||||||
if (m_url.size() > 0) {
|
|
||||||
m_url.pop_back();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m_status = 302;
|
m_status = 302;
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -47,7 +38,8 @@ bool Redirect::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Redirect::fill_intervention(ModSecurityIntervention *i) {
|
|
||||||
|
void Redirect::fillIntervention(ModSecurityIntervention *i) {
|
||||||
/* if it was changed before, lets keep it. */
|
/* if it was changed before, lets keep it. */
|
||||||
if (i->status == 200) {
|
if (i->status == 200) {
|
||||||
i->status = m_status;
|
i->status = m_status;
|
||||||
@@ -57,5 +49,6 @@ void Redirect::fill_intervention(ModSecurityIntervention *i) {
|
|||||||
i->disruptive = true;
|
i->disruptive = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -30,12 +30,14 @@ namespace actions {
|
|||||||
|
|
||||||
class Redirect : public Action {
|
class Redirect : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Redirect(const std::string &action);
|
explicit Redirect(const std::string &action)
|
||||||
~Redirect() override;
|
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
void fill_intervention(ModSecurityIntervention *i) override;
|
bool init(std::string *error) override;
|
||||||
|
void fillIntervention(ModSecurityIntervention *i) override;
|
||||||
bool isDisruptive() override { return true; }
|
bool isDisruptive() override { return true; }
|
||||||
|
|
||||||
private:
|
private:
|
||||||
int m_status;
|
int m_status;
|
||||||
std::string m_urlExpanded;
|
std::string m_urlExpanded;
|
||||||
|
|||||||
@@ -27,13 +27,10 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Rev::Rev(std::string action)
|
|
||||||
: Action(action, ConfigurationKind),
|
bool Rev::init(std::string *error) {
|
||||||
m_rev(action) {
|
m_rev = m_parser_payload;
|
||||||
if (m_rev.at(0) == '\'') {
|
return true;
|
||||||
m_rev.erase(0, 1);
|
|
||||||
m_rev.pop_back();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -42,5 +39,6 @@ bool Rev::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,9 +29,10 @@ namespace actions {
|
|||||||
|
|
||||||
class Rev : public Action {
|
class Rev : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Rev(std::string action);
|
explicit Rev(std::string action) : Action(action, ConfigurationKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::string m_rev;
|
std::string m_rev;
|
||||||
|
|||||||
@@ -24,15 +24,11 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
|
|
||||||
bool RuleId::init(std::string *error) {
|
bool RuleId::init(std::string *error) {
|
||||||
std::string a = action;
|
std::string a = m_parser_payload;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
a.erase(0, 3);
|
|
||||||
if (a.at(0) == '\'') {
|
|
||||||
a.erase(0, 1);
|
|
||||||
a.pop_back();
|
|
||||||
}
|
|
||||||
m_ruleId = std::stod(a);
|
m_ruleId = std::stod(a);
|
||||||
} catch (...) {
|
} catch (...) {
|
||||||
m_ruleId = 0;
|
m_ruleId = 0;
|
||||||
@@ -51,10 +47,12 @@ bool RuleId::init(std::string *error) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool RuleId::evaluate(Rule *rule, Transaction *transaction) {
|
bool RuleId::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
rule->rule_id = m_ruleId;
|
rule->rule_id = m_ruleId;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -28,9 +28,11 @@ namespace actions {
|
|||||||
|
|
||||||
|
|
||||||
bool SetSID::init(std::string *error) {
|
bool SetSID::init(std::string *error) {
|
||||||
m_collection_key = std::string(action, 0, action.length());
|
m_collection_key = std::string(m_parser_payload, 0,
|
||||||
|
m_parser_payload.length());
|
||||||
|
|
||||||
if (m_collection_key.empty()) {
|
if (m_collection_key.empty()) {
|
||||||
|
error->assign("Missing collection key");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -34,6 +34,7 @@ class SetSID : public Action {
|
|||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
bool init(std::string *error) override;
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::string m_collection_key;
|
std::string m_collection_key;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -28,9 +28,11 @@ namespace actions {
|
|||||||
|
|
||||||
|
|
||||||
bool SetUID::init(std::string *error) {
|
bool SetUID::init(std::string *error) {
|
||||||
m_collection_key = std::string(action, 0, action.length());
|
m_collection_key = std::string(m_parser_payload, 0,
|
||||||
|
m_parser_payload.length());
|
||||||
|
|
||||||
if (m_collection_key.empty()) {
|
if (m_collection_key.empty()) {
|
||||||
|
error->assign("Missing collection key");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -34,6 +34,7 @@ class SetUID : public Action {
|
|||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
bool init(std::string *error) override;
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::string m_collection_key;
|
std::string m_collection_key;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -26,65 +26,60 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
SetVar::SetVar(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind) {
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool SetVar::init(std::string *error) {
|
bool SetVar::init(std::string *error) {
|
||||||
size_t pos;
|
size_t pos;
|
||||||
|
|
||||||
if (action.at(0) == '\'' && action.size() > 3) {
|
|
||||||
action.erase(0, 1);
|
|
||||||
action.pop_back();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resolv operation
|
// Resolv operation
|
||||||
operation = setToOne;
|
m_operation = setToOne;
|
||||||
pos = action.find("=");
|
pos = m_parser_payload.find("=");
|
||||||
if (pos != std::string::npos) {
|
if (pos != std::string::npos) {
|
||||||
operation = setOperation;
|
m_operation = setOperation;
|
||||||
}
|
}
|
||||||
pos = action.find("=+");
|
pos = m_parser_payload.find("=+");
|
||||||
if (pos != std::string::npos) {
|
if (pos != std::string::npos) {
|
||||||
operation = sumAndSetOperation;
|
m_operation = sumAndSetOperation;
|
||||||
}
|
}
|
||||||
pos = action.find("=-");
|
pos = m_parser_payload.find("=-");
|
||||||
if (pos != std::string::npos) {
|
if (pos != std::string::npos) {
|
||||||
operation = substractAndSetOperation;
|
m_operation = substractAndSetOperation;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Collection name
|
// Collection name
|
||||||
pos = action.find(".");
|
pos = m_parser_payload.find(".");
|
||||||
if (pos != std::string::npos) {
|
if (pos != std::string::npos) {
|
||||||
collectionName = std::string(action, 0, pos);
|
m_collectionName = std::string(m_parser_payload, 0, pos);
|
||||||
collectionName = toupper(collectionName);
|
m_collectionName = toupper(m_collectionName);
|
||||||
} else {
|
} else {
|
||||||
error->assign("Missing the collection and/or variable name");
|
error->assign("Missing the collection and/or variable name");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Variable name
|
// Variable name
|
||||||
if (operation == setToOne) {
|
if (m_operation == setToOne) {
|
||||||
variableName = std::string(action, pos + 1, action.length()
|
m_variableName = std::string(m_parser_payload, pos + 1,
|
||||||
|
m_parser_payload.length()
|
||||||
- (pos + 1));
|
- (pos + 1));
|
||||||
} else {
|
} else {
|
||||||
size_t pos2 = action.find("=");
|
size_t pos2 = m_parser_payload.find("=");
|
||||||
variableName = std::string(action, pos + 1, pos2 - (pos + 1));
|
m_variableName = std::string(m_parser_payload, pos + 1,
|
||||||
if (pos2 + 2 > action.length()) {
|
pos2 - (pos + 1));
|
||||||
|
if (pos2 + 2 > m_parser_payload.length()) {
|
||||||
error->assign("Something wrong with the input format");
|
error->assign("Something wrong with the input format");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (operation == setOperation) {
|
if (m_operation == setOperation) {
|
||||||
predicate = std::string(action, pos2 + 1, action.length() - (pos2));
|
m_predicate = std::string(m_parser_payload, pos2 + 1,
|
||||||
|
m_parser_payload.length() - (pos2));
|
||||||
} else {
|
} else {
|
||||||
predicate = std::string(action, pos2 + 2, action.length()
|
m_predicate = std::string(m_parser_payload, pos2 + 2,
|
||||||
|
m_parser_payload.length()
|
||||||
- (pos2 + 1));
|
- (pos2 + 1));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (collectionName.empty() || variableName.empty()) {
|
if (m_collectionName.empty() || m_variableName.empty()) {
|
||||||
error->assign("Something wrong with the input format");
|
error->assign("Something wrong with the input format");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@@ -92,22 +87,17 @@ bool SetVar::init(std::string *error) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void SetVar::dump() {
|
|
||||||
std::cout << " Operation: " << std::to_string(operation) << std::endl;
|
|
||||||
std::cout << "Collection: " << collectionName << std::endl;
|
|
||||||
std::cout << " Variable: " << variableName << std::endl;
|
|
||||||
std::cout << " Predicate: " << predicate << std::endl;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
|
bool SetVar::evaluate(Rule *rule, Transaction *transm_parser_payload) {
|
||||||
std::string targetValue;
|
std::string targetValue;
|
||||||
std::string variableNameExpanded = MacroExpansion::expand(variableName,
|
std::string m_variableNameExpanded = MacroExpansion::expand(m_variableName,
|
||||||
transaction);
|
transm_parser_payload);
|
||||||
std::string resolvedPre = MacroExpansion::expand(predicate, transaction);
|
std::string resolvedPre = MacroExpansion::expand(m_predicate,
|
||||||
|
transm_parser_payload);
|
||||||
|
|
||||||
if (operation == setOperation) {
|
if (m_operation == setOperation) {
|
||||||
targetValue = resolvedPre;
|
targetValue = resolvedPre;
|
||||||
} else if (operation == setToOne) {
|
} else if (m_operation == setToOne) {
|
||||||
targetValue = std::string("1");
|
targetValue = std::string("1");
|
||||||
} else {
|
} else {
|
||||||
int pre = 0;
|
int pre = 0;
|
||||||
@@ -121,8 +111,9 @@ bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
std::string *resolvedValue =
|
std::string *resolvedValue =
|
||||||
transaction->m_collections.resolveFirst(collectionName,
|
transm_parser_payload->m_collections.resolveFirst(
|
||||||
variableNameExpanded);
|
m_collectionName,
|
||||||
|
m_variableNameExpanded);
|
||||||
if (resolvedValue == NULL) {
|
if (resolvedValue == NULL) {
|
||||||
value = 0;
|
value = 0;
|
||||||
} else {
|
} else {
|
||||||
@@ -132,7 +123,7 @@ bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
value = 0;
|
value = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (operation) {
|
switch (m_operation) {
|
||||||
case sumAndSetOperation:
|
case sumAndSetOperation:
|
||||||
targetValue = std::to_string(value + pre);
|
targetValue = std::to_string(value + pre);
|
||||||
break;
|
break;
|
||||||
@@ -143,11 +134,11 @@ bool SetVar::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
transaction->debug(8, "Saving variable: " + collectionName + ":" + \
|
transm_parser_payload->debug(8, "Saving variable: " + m_collectionName \
|
||||||
variableNameExpanded + " with value: " + targetValue);
|
+ ":" + m_variableNameExpanded + " with value: " + targetValue);
|
||||||
#endif
|
#endif
|
||||||
transaction->m_collections.storeOrUpdateFirst(collectionName,
|
transm_parser_payload->m_collections.storeOrUpdateFirst(m_collectionName,
|
||||||
variableNameExpanded, targetValue);
|
m_variableNameExpanded, targetValue);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -29,16 +29,11 @@ namespace actions {
|
|||||||
|
|
||||||
class SetVar : public Action {
|
class SetVar : public Action {
|
||||||
public:
|
public:
|
||||||
explicit SetVar(std::string action);
|
explicit SetVar(std::string action) : Action(action) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
void dump();
|
|
||||||
bool init(std::string *error) override;
|
bool init(std::string *error) override;
|
||||||
|
|
||||||
std::string collectionName;
|
|
||||||
std::string variableName;
|
|
||||||
std::string predicate;
|
|
||||||
|
|
||||||
enum SetVarOperation {
|
enum SetVarOperation {
|
||||||
/* Set variable to something */
|
/* Set variable to something */
|
||||||
setOperation,
|
setOperation,
|
||||||
@@ -50,7 +45,11 @@ class SetVar : public Action {
|
|||||||
setToOne
|
setToOne
|
||||||
};
|
};
|
||||||
|
|
||||||
SetVarOperation operation;
|
private:
|
||||||
|
SetVarOperation m_operation;
|
||||||
|
std::string m_collectionName;
|
||||||
|
std::string m_variableName;
|
||||||
|
std::string m_predicate;
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
|
|||||||
@@ -26,28 +26,44 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Severity::Severity(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind) {
|
bool Severity::init(std::string *error) {
|
||||||
std::string a = action;
|
std::string a = tolower(m_parser_payload);
|
||||||
if (tolower(a) == "emergency") {
|
if (a == "emergency") {
|
||||||
this->m_severity = 0;
|
m_severity = 0;
|
||||||
} else if (tolower(a) == "alert") {
|
return true;
|
||||||
this->m_severity = 1;
|
} else if (a == "alert") {
|
||||||
} else if (tolower(a) == "critical") {
|
m_severity = 1;
|
||||||
this->m_severity = 2;
|
return true;
|
||||||
} else if (tolower(a) == "error") {
|
} else if (a == "critical") {
|
||||||
this->m_severity = 3;
|
m_severity = 2;
|
||||||
} else if (tolower(a) == "warning") {
|
return true;
|
||||||
this->m_severity = 4;
|
} else if (a == "error") {
|
||||||
} else if (tolower(a) == "notice") {
|
m_severity = 3;
|
||||||
this->m_severity = 5;
|
return true;
|
||||||
} else if (tolower(a) == "info") {
|
} else if (a == "warning") {
|
||||||
this->m_severity = 6;
|
m_severity = 4;
|
||||||
} else if (tolower(a) == "debug") {
|
return true;
|
||||||
this->m_severity = 7;
|
} else if (a == "notice") {
|
||||||
|
m_severity = 5;
|
||||||
|
return true;
|
||||||
|
} else if (a == "info") {
|
||||||
|
m_severity = 6;
|
||||||
|
return true;
|
||||||
|
} else if (a == "debug") {
|
||||||
|
m_severity = 7;
|
||||||
|
return true;
|
||||||
} else {
|
} else {
|
||||||
this->m_severity = std::stod(a);
|
try {
|
||||||
|
m_severity = std::stoi(a);
|
||||||
|
return true;
|
||||||
|
} catch (...) {
|
||||||
|
error->assign("Severity: The input \"" + a + "\" is " \
|
||||||
|
"not a number.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -67,5 +83,6 @@ bool Severity::evaluate(Rule *rule, Transaction *transaction,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -21,7 +21,6 @@
|
|||||||
#define SRC_ACTIONS_SEVERITY_H_
|
#define SRC_ACTIONS_SEVERITY_H_
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
class Transaction;
|
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
class Transaction;
|
class Transaction;
|
||||||
@@ -31,15 +30,19 @@ namespace actions {
|
|||||||
|
|
||||||
class Severity : public Action {
|
class Severity : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Severity(std::string action);
|
explicit Severity(std::string action)
|
||||||
|
: Action(action),
|
||||||
|
m_severity(0) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction,
|
bool evaluate(Rule *rule, Transaction *transaction,
|
||||||
RuleMessage *rm) override;
|
RuleMessage *rm) override;
|
||||||
|
bool init(std::string *error);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
int m_severity;
|
int m_severity;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -25,19 +25,15 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
SkipAfter::SkipAfter(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind),
|
|
||||||
m_marker(action) {
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool SkipAfter::evaluate(Rule *rule, Transaction *transaction) {
|
bool SkipAfter::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
transaction->debug(5, "Setting skipAfter for: " + m_marker);
|
transaction->debug(5, "Setting skipAfter for: " + m_parser_payload);
|
||||||
#endif
|
#endif
|
||||||
transaction->m_marker = m_marker;
|
transaction->m_marker = m_parser_payload;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,12 +29,10 @@ namespace actions {
|
|||||||
|
|
||||||
class SkipAfter : public Action {
|
class SkipAfter : public Action {
|
||||||
public:
|
public:
|
||||||
explicit SkipAfter(std::string action);
|
explicit SkipAfter(std::string action)
|
||||||
|
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
|
||||||
private:
|
|
||||||
std::string m_marker;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -23,13 +23,16 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Status::Status(std::string action)
|
|
||||||
: Action(action) {
|
bool Status::init(std::string *error) {
|
||||||
std::string a = action;
|
try {
|
||||||
a.erase(0, 7);
|
m_status = std::stoi(m_parser_payload);
|
||||||
this->action = action;
|
} catch (...) {
|
||||||
this->action_kind = 2;
|
error->assign("Not a valid number: " + m_parser_payload);
|
||||||
this->status = stoi(a);
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -39,10 +42,11 @@ bool Status::evaluate(Rule *rule, Transaction *transaction) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void Status::fill_intervention(ModSecurityIntervention *i) {
|
void Status::fillIntervention(ModSecurityIntervention *i) {
|
||||||
i->status = this->status;
|
i->status = m_status;
|
||||||
i->log = "Status";
|
i->log = "Status";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,11 +29,14 @@ namespace actions {
|
|||||||
|
|
||||||
class Status : public Action {
|
class Status : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Status(std::string actions);
|
explicit Status(std::string action) : Action(action, 2) { }
|
||||||
|
|
||||||
|
bool init(std::string *error);
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
void fill_intervention(ModSecurityIntervention *i) override;
|
void fillIntervention(ModSecurityIntervention *i) override;
|
||||||
int status;
|
|
||||||
|
protected:
|
||||||
|
int m_status;
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
|
|||||||
@@ -49,16 +49,9 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Tag::Tag(std::string action)
|
|
||||||
: Action(action, RunTimeOnlyIfMatchKind),
|
|
||||||
m_tag(action) {
|
|
||||||
m_tag.erase(0, 1);
|
|
||||||
m_tag.pop_back();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
|
bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
|
||||||
std::string tag = MacroExpansion::expand(m_tag, transaction);
|
std::string tag = MacroExpansion::expand(m_parser_payload, transaction);
|
||||||
|
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
transaction->debug(9, "Rule tag: " + tag);
|
transaction->debug(9, "Rule tag: " + tag);
|
||||||
@@ -69,5 +62,6 @@ bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,13 +29,11 @@ namespace actions {
|
|||||||
|
|
||||||
class Tag : public Action {
|
class Tag : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Tag(std::string action);
|
explicit Tag(std::string action)
|
||||||
|
: Action(action, RunTimeOnlyIfMatchKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction,
|
bool evaluate(Rule *rule, Transaction *transaction,
|
||||||
RuleMessage *rm) override;
|
RuleMessage *rm) override;
|
||||||
|
|
||||||
private:
|
|
||||||
std::string m_tag;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -27,20 +27,12 @@
|
|||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|
||||||
Ver::Ver(std::string action)
|
|
||||||
: Action(action, ConfigurationKind),
|
|
||||||
m_ver(action) {
|
|
||||||
if (m_ver.at(0) == '\'') {
|
|
||||||
m_ver.erase(0, 1);
|
|
||||||
m_ver.pop_back();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool Ver::evaluate(Rule *rule, Transaction *transaction) {
|
bool Ver::evaluate(Rule *rule, Transaction *transaction) {
|
||||||
rule->m_ver = m_ver;
|
rule->m_ver = m_parser_payload;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace actions
|
} // namespace actions
|
||||||
} // namespace modsecurity
|
} // namespace modsecurity
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ namespace actions {
|
|||||||
|
|
||||||
class Ver : public Action {
|
class Ver : public Action {
|
||||||
public:
|
public:
|
||||||
explicit Ver(std::string action);
|
explicit Ver(std::string action) : Action(action, ConfigurationKind) { }
|
||||||
|
|
||||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||||
|
|
||||||
|
|||||||
@@ -30,15 +30,15 @@ bool XmlNS::init(std::string *error) {
|
|||||||
size_t pos;
|
size_t pos;
|
||||||
std::string http = "http://";
|
std::string http = "http://";
|
||||||
|
|
||||||
pos = action.find("=");
|
pos = m_parser_payload.find("=");
|
||||||
if (pos == std::string::npos) {
|
if (pos == std::string::npos) {
|
||||||
error->assign("XMLS: Bad format, missing equals sign.");
|
error->assign("XMLS: Bad format, missing equals sign.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
m_name = std::string(action, 0, pos);
|
m_name = std::string(m_parser_payload, 0, pos);
|
||||||
m_value = std::string(action, pos+1, action.size());
|
m_value = std::string(m_parser_payload, pos+1, m_parser_payload.size());
|
||||||
|
|
||||||
if (m_value.empty() or m_name.empty()) {
|
if (m_value.empty() || m_name.empty()) {
|
||||||
error->assign("XMLS: XMLNS is invalid. Expecting a " \
|
error->assign("XMLS: XMLNS is invalid. Expecting a " \
|
||||||
"name=value format.");
|
"name=value format.");
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -481,7 +481,7 @@ expression:
|
|||||||
for (Action *a : *actions) {
|
for (Action *a : *actions) {
|
||||||
Phase *phase = dynamic_cast<Phase *>(a);
|
Phase *phase = dynamic_cast<Phase *>(a);
|
||||||
if (phase != NULL) {
|
if (phase != NULL) {
|
||||||
definedPhase = phase->phase;
|
definedPhase = phase->m_phase;
|
||||||
secRuleDefinedPhase = phase->m_secRulesPhase;
|
secRuleDefinedPhase = phase->m_secRulesPhase;
|
||||||
delete phase;
|
delete phase;
|
||||||
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind ||
|
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind ||
|
||||||
@@ -493,7 +493,7 @@ expression:
|
|||||||
}
|
}
|
||||||
checkedActions.push_back(a);
|
checkedActions.push_back(a);
|
||||||
} else {
|
} else {
|
||||||
driver.error(@0, "The action '" + a->action + "' is not suitable to be part of the SecDefaultActions");
|
driver.error(@0, "The action '" + a->m_name + "' is not suitable to be part of the SecDefaultActions");
|
||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -863,11 +863,21 @@ act:
|
|||||||
}
|
}
|
||||||
| TRANSFORMATION
|
| TRANSFORMATION
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = Transformation::instantiate($1);
|
$$ = Transformation::instantiate($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_ACCURACY
|
| ACTION_ACCURACY
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Accuracy($1);
|
$$ = new Accuracy($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_EXEC
|
| ACTION_EXEC
|
||||||
{
|
{
|
||||||
@@ -907,15 +917,30 @@ act:
|
|||||||
}
|
}
|
||||||
| ACTION_REDIRECT
|
| ACTION_REDIRECT
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Redirect($1);
|
$$ = new Redirect($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_SEVERITY
|
| ACTION_SEVERITY
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Severity($1);
|
$$ = new Severity($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_EXPIREVAR
|
| ACTION_EXPIREVAR
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = Action::instantiate($1);
|
$$ = Action::instantiate($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_SETENV
|
| ACTION_SETENV
|
||||||
{
|
{
|
||||||
@@ -973,6 +998,7 @@ act:
|
|||||||
}
|
}
|
||||||
| ACTION_SKIP
|
| ACTION_SKIP
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
/*
|
/*
|
||||||
|
|
||||||
TODO: skip is not implemented yet.
|
TODO: skip is not implemented yet.
|
||||||
@@ -980,38 +1006,82 @@ act:
|
|||||||
$$ = new modsecurity::actions::SkipAfter($1);
|
$$ = new modsecurity::actions::SkipAfter($1);
|
||||||
*/
|
*/
|
||||||
$$ = Action::instantiate($1);
|
$$ = Action::instantiate($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_SKIP_AFTER
|
| ACTION_SKIP_AFTER
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new modsecurity::actions::SkipAfter($1);
|
$$ = new modsecurity::actions::SkipAfter($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_AUDIT_LOG
|
| ACTION_AUDIT_LOG
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new modsecurity::actions::AuditLog($1);
|
$$ = new modsecurity::actions::AuditLog($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| LOG_DATA
|
| LOG_DATA
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new LogData($1);
|
$$ = new LogData($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_MSG
|
| ACTION_MSG
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Msg($1);
|
$$ = new Msg($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_TAG
|
| ACTION_TAG
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Tag($1);
|
$$ = new Tag($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_REV
|
| ACTION_REV
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Rev($1);
|
$$ = new Rev($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_VER
|
| ACTION_VER
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Ver($1);
|
$$ = new Ver($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_MATURITY
|
| ACTION_MATURITY
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new Maturity($1);
|
$$ = new Maturity($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_XMLNS
|
| ACTION_XMLNS
|
||||||
{
|
{
|
||||||
@@ -1034,7 +1104,12 @@ act:
|
|||||||
}
|
}
|
||||||
| ACTION_CTL_AUDIT_LOG_PARTS
|
| ACTION_CTL_AUDIT_LOG_PARTS
|
||||||
{
|
{
|
||||||
|
std::string error;
|
||||||
$$ = new CtlAuditLogParts($1);
|
$$ = new CtlAuditLogParts($1);
|
||||||
|
if ($$->init(&error) == false) {
|
||||||
|
driver.error(@0, error);
|
||||||
|
YYERROR;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
| ACTION_CTL_FORCE_REQ_BODY_VAR CONFIG_VALUE_ON
|
| ACTION_CTL_FORCE_REQ_BODY_VAR CONFIG_VALUE_ON
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -320,89 +320,89 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
|
|||||||
|
|
||||||
{ACTION} { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
|
{ACTION} { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
|
||||||
{ACTION_PHASE} { return yy::seclang_parser::make_ACTION_PHASE(yytext, *driver.loc.back()); }
|
{ACTION_PHASE} { return yy::seclang_parser::make_ACTION_PHASE(yytext, *driver.loc.back()); }
|
||||||
{ACTION_SKIP}:{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_ACTION_SKIP(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_SKIP}:{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_ACTION_SKIP(yytext, *driver.loc.back()); }
|
||||||
{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(yytext, *driver.loc.back()); }
|
||||||
{ACTION_AUDIT_LOG} { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }
|
{ACTION_AUDIT_LOG} { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }
|
||||||
|
|
||||||
{ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE} { return yy::seclang_parser::make_ACTION_SEVERITY(yytext + 9, *driver.loc.back()); }
|
{ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE} { return yy::seclang_parser::make_ACTION_SEVERITY(yytext, *driver.loc.back()); }
|
||||||
{ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}' { return yy::seclang_parser::make_ACTION_SEVERITY(std::string(yytext, 10, yyleng - 11), *driver.loc.back()); }
|
{ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}' { return yy::seclang_parser::make_ACTION_SEVERITY(yytext, *driver.loc.back()); }
|
||||||
|
|
||||||
{ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_EXEC(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_EXEC(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ACTION_EXEC}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_EXEC}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_EXEC(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_EXEC(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_EXPIREVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_EXPIREVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_SETENV(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETENV(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ACTION_SETSID}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_SETSID}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_SETSID(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETSID(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETSID}:'{VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_SETSID}:'{VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_SETSID(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETSID(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ACTION_SETUID}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_SETUID}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_SETUID(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETUID(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETUID}:'{VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_SETUID}:'{VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_SETUID(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETUID(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}' {
|
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}' {
|
||||||
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE_COMMA} {
|
||||||
return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
|
return yy::seclang_parser::make_ACTION_SETVAR(yytext, *driver.loc.back());
|
||||||
}
|
}
|
||||||
{ACTION_XMLNS}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_XMLNS(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_XMLNS}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_XMLNS(yytext, *driver.loc.back()); }
|
||||||
|
|
||||||
{LOG_DATA}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_LOG_DATA(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{LOG_DATA}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_LOG_DATA(yytext, *driver.loc.back()); }
|
||||||
{ACTION_MSG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_MSG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MSG(yytext, *driver.loc.back()); }
|
||||||
{ACTION_ALLOW}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ALLOW(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_ALLOW}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ALLOW(yytext, *driver.loc.back()); }
|
||||||
{ACTION_ALLOW}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_ALLOW(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_ALLOW}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_ALLOW(yytext, *driver.loc.back()); }
|
||||||
{ACTION_ALLOW} { return yy::seclang_parser::make_ACTION_ALLOW("", *driver.loc.back()); }
|
{ACTION_ALLOW} { return yy::seclang_parser::make_ACTION_ALLOW("", *driver.loc.back()); }
|
||||||
{ACTION_REDIRECT}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_REDIRECT(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_REDIRECT}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_REDIRECT(yytext, *driver.loc.back()); }
|
||||||
{ACTION_TAG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_TAG}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_TAG(yytext, *driver.loc.back()); }
|
||||||
{ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}' { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}' { return yy::seclang_parser::make_ACTION_REV(yytext, *driver.loc.back()); }
|
||||||
{ACTION_REV}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_REV}:{FREE_TEXT_QUOTE_COMMA} { return yy::seclang_parser::make_ACTION_REV(yytext, *driver.loc.back()); }
|
||||||
{ACTION_VER}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_VER(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_VER}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_VER(yytext, *driver.loc.back()); }
|
||||||
{ACTION_MATURITY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MATURITY(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_MATURITY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_MATURITY(yytext, *driver.loc.back()); }
|
||||||
{ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_MATURITY(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_MATURITY(yytext, *driver.loc.back()); }
|
||||||
{ACTION_ACCURACY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_ACCURACY}:'{FREE_TEXT_QUOTE}' { return yy::seclang_parser::make_ACTION_ACCURACY(yytext, *driver.loc.back()); }
|
||||||
{ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); }
|
{ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(yytext, *driver.loc.back()); }
|
||||||
{ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); }
|
{ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); }
|
||||||
{ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); }
|
{ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); }
|
||||||
{ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); }
|
{ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); }
|
||||||
|
|||||||
41
src/rule.cc
41
src/rule.cc
@@ -116,7 +116,7 @@ Rule::Rule(Operator *_op,
|
|||||||
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
|
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
|
||||||
actions_runtime_pos.push_back(a);
|
actions_runtime_pos.push_back(a);
|
||||||
} else {
|
} else {
|
||||||
std::cout << "General failure, action: " << a->name;
|
std::cout << "General failure, action: " << a->m_name;
|
||||||
std::cout << " has an unknown type." << std::endl;
|
std::cout << " has an unknown type." << std::endl;
|
||||||
delete a;
|
delete a;
|
||||||
}
|
}
|
||||||
@@ -141,13 +141,13 @@ Rule::Rule(Operator *_op,
|
|||||||
std::vector<std::string> Rule::getActionNames() {
|
std::vector<std::string> Rule::getActionNames() {
|
||||||
std::vector<std::string> a;
|
std::vector<std::string> a;
|
||||||
for (auto &z : this->actions_runtime_pos) {
|
for (auto &z : this->actions_runtime_pos) {
|
||||||
a.push_back(z->action);
|
a.push_back(z->m_name);
|
||||||
}
|
}
|
||||||
for (auto &z : this->actions_runtime_pre) {
|
for (auto &z : this->actions_runtime_pre) {
|
||||||
a.push_back(z->action);
|
a.push_back(z->m_name);
|
||||||
}
|
}
|
||||||
for (auto &z : this->actions_conf) {
|
for (auto &z : this->actions_conf) {
|
||||||
a.push_back(z->action);
|
a.push_back(z->m_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
return a;
|
return a;
|
||||||
@@ -201,7 +201,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
|||||||
if (a->isDisruptive() == false) {
|
if (a->isDisruptive() == false) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "Running (_non_ disruptive) action: " +
|
trasn->debug(4, "Running (_non_ disruptive) action: " +
|
||||||
a->action);
|
a->m_name);
|
||||||
#endif
|
#endif
|
||||||
a->evaluate(this, trasn);
|
a->evaluate(this, trasn);
|
||||||
} else {
|
} else {
|
||||||
@@ -215,7 +215,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
|||||||
if (containsDisruptive) {
|
if (containsDisruptive) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) " \
|
trasn->debug(4, "(SecDefaultAction) " \
|
||||||
"_ignoring_ action: " + a->action + \
|
"_ignoring_ action: " + a->m_name + \
|
||||||
" (rule contains a disruptive action)");
|
" (rule contains a disruptive action)");
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
@@ -223,7 +223,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
|||||||
== Rules::EnabledRuleEngine) {
|
== Rules::EnabledRuleEngine) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) " \
|
trasn->debug(4, "(SecDefaultAction) " \
|
||||||
"Running action: " + a->action + \
|
"Running action: " + a->m_name + \
|
||||||
" (rule _does not_ contains a " \
|
" (rule _does not_ contains a " \
|
||||||
"disruptive action)");
|
"disruptive action)");
|
||||||
#endif
|
#endif
|
||||||
@@ -231,7 +231,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
|||||||
} else {
|
} else {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) " \
|
trasn->debug(4, "(SecDefaultAction) " \
|
||||||
"_Not_ running action: " + a->action + \
|
"_Not_ running action: " + a->m_name + \
|
||||||
". Rule _does not_ contains a " \
|
". Rule _does not_ contains a " \
|
||||||
"disruptive action, but SecRuleEngine is not On.");
|
"disruptive action, but SecRuleEngine is not On.");
|
||||||
#endif
|
#endif
|
||||||
@@ -240,7 +240,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
|||||||
} else {
|
} else {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) Running action: " + \
|
trasn->debug(4, "(SecDefaultAction) Running action: " + \
|
||||||
a->action);
|
a->m_name);
|
||||||
a->evaluate(this, trasn);
|
a->evaluate(this, trasn);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -252,13 +252,13 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
|||||||
&& trasn->m_rules->secRuleEngine
|
&& trasn->m_rules->secRuleEngine
|
||||||
== Rules::EnabledRuleEngine) {
|
== Rules::EnabledRuleEngine) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "Running (disruptive) action: " + a->action);
|
trasn->debug(4, "Running (disruptive) action: " + a->m_name);
|
||||||
#endif
|
#endif
|
||||||
a->evaluate(this, trasn);
|
a->evaluate(this, trasn);
|
||||||
} else if (a->isDisruptive()) {
|
} else if (a->isDisruptive()) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "Not running disruptive action: " + \
|
trasn->debug(4, "Not running disruptive action: " + \
|
||||||
a->action + ". SecRuleEngine is not On");
|
a->m_name + ". SecRuleEngine is not On");
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -353,7 +353,7 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(9, "(SecDefaultAction) T (" + \
|
trasn->debug(9, "(SecDefaultAction) T (" + \
|
||||||
std::to_string(transformations) + ") " + \
|
std::to_string(transformations) + ") " + \
|
||||||
a->name + ": \"" + value +"\"");
|
a->m_name + ": \"" + value +"\"");
|
||||||
#endif
|
#endif
|
||||||
transformations++;
|
transformations++;
|
||||||
}
|
}
|
||||||
@@ -366,7 +366,7 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(9, " T (" + \
|
trasn->debug(9, " T (" + \
|
||||||
std::to_string(transformations) + ") " + \
|
std::to_string(transformations) + ") " + \
|
||||||
a->name + ": \"" + value +"\"");
|
a->m_name + ": \"" + value +"\"");
|
||||||
#endif
|
#endif
|
||||||
transformations++;
|
transformations++;
|
||||||
}
|
}
|
||||||
@@ -439,7 +439,7 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4,
|
trasn->debug(4,
|
||||||
"(SecDefaultAction) _ignoring_ " \
|
"(SecDefaultAction) _ignoring_ " \
|
||||||
"action: " + a->action + \
|
"action: " + a->m_name + \
|
||||||
" (rule contains a disruptive action)");
|
" (rule contains a disruptive action)");
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
@@ -447,7 +447,7 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
== Rules::EnabledRuleEngine) {
|
== Rules::EnabledRuleEngine) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) " \
|
trasn->debug(4, "(SecDefaultAction) " \
|
||||||
"Running action: " + a->action + \
|
"Running action: " + a->m_name + \
|
||||||
" (rule _does not_ contains a " \
|
" (rule _does not_ contains a " \
|
||||||
"disruptive action)");
|
"disruptive action)");
|
||||||
#endif
|
#endif
|
||||||
@@ -456,7 +456,7 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) " \
|
trasn->debug(4, "(SecDefaultAction) " \
|
||||||
"_Not_ running action: " \
|
"_Not_ running action: " \
|
||||||
+ a->action + ". Rule _does not_" \
|
+ a->m_name + ". Rule _does not_" \
|
||||||
+ " contains a disruptive action,"\
|
+ " contains a disruptive action,"\
|
||||||
+ " but SecRuleEngine is not On.");
|
+ " but SecRuleEngine is not On.");
|
||||||
#endif
|
#endif
|
||||||
@@ -465,7 +465,7 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
} else {
|
} else {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "(SecDefaultAction) Running " \
|
trasn->debug(4, "(SecDefaultAction) Running " \
|
||||||
"action: " + a->action + "!!" \
|
"action: " + a->m_name + "!!" \
|
||||||
+ std::to_string(a->isDisruptive()));
|
+ std::to_string(a->isDisruptive()));
|
||||||
#endif
|
#endif
|
||||||
a->evaluate(this, trasn);
|
a->evaluate(this, trasn);
|
||||||
@@ -479,19 +479,20 @@ bool Rule::evaluate(Transaction *trasn) {
|
|||||||
== Rules::EnabledRuleEngine) {
|
== Rules::EnabledRuleEngine) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "Running (disruptive) " \
|
trasn->debug(4, "Running (disruptive) " \
|
||||||
"action: " + a->action);
|
"action: " + a->m_name);
|
||||||
#endif
|
#endif
|
||||||
a->evaluate(this, trasn);
|
a->evaluate(this, trasn);
|
||||||
} else if (a->isDisruptive()) {
|
} else if (a->isDisruptive()) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4,
|
trasn->debug(4,
|
||||||
"Not running disruptive action: " + \
|
"Not running disruptive action: " + \
|
||||||
a->action + ". SecRuleEngine is not On");
|
a->m_name + ". SecRuleEngine " + \
|
||||||
|
"is not On");
|
||||||
#endif
|
#endif
|
||||||
} else if (!a->isDisruptive()) {
|
} else if (!a->isDisruptive()) {
|
||||||
#ifndef NO_LOGS
|
#ifndef NO_LOGS
|
||||||
trasn->debug(4, "Running (_non_ disruptive) " \
|
trasn->debug(4, "Running (_non_ disruptive) " \
|
||||||
"action: " + a->action);
|
"action: " + a->m_name);
|
||||||
#endif
|
#endif
|
||||||
a->evaluate(this, trasn, ruleMessage);
|
a->evaluate(this, trasn, ruleMessage);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1268,7 +1268,7 @@ bool Transaction::intervention(ModSecurityIntervention *it) {
|
|||||||
if (m_actions.size() > 0) {
|
if (m_actions.size() > 0) {
|
||||||
for (Action *a : m_actions) {
|
for (Action *a : m_actions) {
|
||||||
if (a->action_kind == Action::Kind::RunTimeOnlyIfMatchKind) {
|
if (a->action_kind == Action::Kind::RunTimeOnlyIfMatchKind) {
|
||||||
a->fill_intervention(it);
|
a->fillIntervention(it);
|
||||||
}
|
}
|
||||||
if (a->temporaryAction) {
|
if (a->temporaryAction) {
|
||||||
delete a;
|
delete a;
|
||||||
|
|||||||
@@ -128,7 +128,7 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"expected":{
|
"expected":{
|
||||||
"debug_log": " trim: \"value2\""
|
"debug_log": " t:trim: \"value2\""
|
||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
@@ -174,7 +174,7 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"expected":{
|
"expected":{
|
||||||
"debug_log": " trim: \"value2\""
|
"debug_log": " t:trim: \"value2\""
|
||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
|
|||||||
@@ -49,7 +49,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 403
|
"http_code": 403
|
||||||
},
|
},
|
||||||
@@ -110,7 +110,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 302,
|
"http_code": 302,
|
||||||
"redirect_url": "http://www.google.com"
|
"redirect_url": "http://www.google.com"
|
||||||
@@ -172,7 +172,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 500,
|
"http_code": 500,
|
||||||
"redirect_url": "http://www.google.com"
|
"redirect_url": "http://www.google.com"
|
||||||
@@ -234,7 +234,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 500
|
"http_code": 500
|
||||||
},
|
},
|
||||||
@@ -295,7 +295,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 500
|
"http_code": 500
|
||||||
},
|
},
|
||||||
@@ -356,7 +356,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 500
|
"http_code": 500
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -40,7 +40,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 403
|
"http_code": 403
|
||||||
},
|
},
|
||||||
@@ -99,7 +99,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 403
|
"http_code": 403
|
||||||
},
|
},
|
||||||
@@ -159,7 +159,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": "\\[9\\] T \\(0\\) trim: \"test",
|
"debug_log": "\\[9\\] T \\(0\\) t:trim: \"test",
|
||||||
"error_log": "",
|
"error_log": "",
|
||||||
"http_code": 403
|
"http_code": 403
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -31,7 +31,7 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"expected":{
|
"expected":{
|
||||||
"debug_log":"T \\(0\\) trim: \"no need.\""
|
"debug_log":"T \\(0\\) t:trim: \"no need.\""
|
||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
|
|||||||
@@ -205,7 +205,7 @@
|
|||||||
"version_max":0,
|
"version_max":0,
|
||||||
"title":"Testing action :: SecDefaultAction: action not suitable",
|
"title":"Testing action :: SecDefaultAction: action not suitable",
|
||||||
"expected":{
|
"expected":{
|
||||||
"parser_error":"The action 'id:1' is not suitable to be part of the SecDefaultActions"
|
"parser_error":"The action 'id' is not suitable to be part of the SecDefaultActions"
|
||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
|
|||||||
@@ -49,7 +49,7 @@
|
|||||||
},
|
},
|
||||||
"expected": {
|
"expected": {
|
||||||
"audit_log": "",
|
"audit_log": "",
|
||||||
"debug_log": " trim: \"test\"",
|
"debug_log": " t:trim: \"test\"",
|
||||||
"error_log": ""
|
"error_log": ""
|
||||||
},
|
},
|
||||||
"rules": [
|
"rules": [
|
||||||
|
|||||||
@@ -51,7 +51,7 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"expected":{
|
"expected":{
|
||||||
"debug_log":"T \\(1\\) trim: \"small_text_file"
|
"debug_log":"T \\(1\\) t:trim: \"small_text_file"
|
||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
|
|||||||
@@ -51,7 +51,7 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"expected":{
|
"expected":{
|
||||||
"debug_log":"T \\(1\\) trim: \"filedata"
|
"debug_log":"T \\(1\\) t:trim: \"filedata"
|
||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
|
|||||||
Reference in New Issue
Block a user