From 900af2cd4894e2a8304d2288d77f9bdb309fea95 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Tue, 29 Sep 2015 14:06:13 -0700 Subject: [PATCH] Adds possibility to use include with wildcards and env vars --- src/parser/seclang-scanner.ll | 40 ++++++++++++++++++++--------------- src/utils.cc | 18 ++++++++++++++++ src/utils.h | 1 + 3 files changed, 42 insertions(+), 17 deletions(-) diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 1f2d8343..f73a12a7 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -139,7 +139,7 @@ CONFIG_VALUE_REJECT (?i:Reject) CONFIG_VALUE_ABORT (?i:Abort) CONFIG_VALUE_WARN (?i:Warn) -CONFIG_VALUE_PATH [0-9A-Za-z_/\.\-]+ +CONFIG_VALUE_PATH [0-9A-Za-z_/\.\-\*]+ AUDIT_PARTS [ABCDEFHJKIZ]+ CONFIG_VALUE_NUMBER [0-9]+ @@ -373,31 +373,37 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) %{ /* Include external configurations */ %} {CONFIG_INCLUDE}[ ]{CONFIG_VALUE_PATH} { const char *file = strchr(yytext, ' ') + 1; - yyin = fopen(file, "r" ); - if (!yyin) { - BEGIN(INITIAL); - driver.error (*driver.loc.back(), "", yytext + std::string(": Not able to open file.")); - throw yy::seclang_parser::syntax_error(*driver.loc.back(), ""); + for (auto& s: ModSecurity::expandEnv(file, 0)) { + yyin = fopen(s.c_str(), "r" ); + if (!yyin) { + BEGIN(INITIAL); + driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file.")); + throw yy::seclang_parser::syntax_error(*driver.loc.back(), ""); + } + driver.ref.push_back(file); + driver.loc.push_back(new yy::location()); + yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE )); + } - driver.ref.push_back(file); - driver.loc.push_back(new yy::location()); - yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE )); } {CONFIG_INCLUDE}[ ]["]{CONFIG_VALUE_PATH}["] { const char *file = strchr(yytext, ' ') + 1; char *f = strdup(file + 1); f[strlen(f)-1] = '\0'; - yyin = fopen(f, "r" ); - if (!yyin) { - BEGIN(INITIAL); - driver.error (*driver.loc.back(), "", yytext + std::string(": Not able to open file.")); - throw yy::seclang_parser::syntax_error(*driver.loc.back(), ""); + for (auto& s: ModSecurity::expandEnv(f, 0)) { + yyin = fopen(s.c_str(), "r" ); + if (!yyin) { + BEGIN(INITIAL); + driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file.")); + throw yy::seclang_parser::syntax_error(*driver.loc.back(), ""); + } + driver.ref.push_back(file); + driver.loc.push_back(new yy::location()); + yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE )); + } free(f); - driver.ref.push_back(file); - driver.loc.push_back(new yy::location()); - yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE )); } diff --git a/src/utils.cc b/src/utils.cc index e03e6cd4..cfdb01a0 100644 --- a/src/utils.cc +++ b/src/utils.cc @@ -19,6 +19,7 @@ #include #include #include +#include #include @@ -1022,5 +1023,22 @@ std::string toHexIfNeeded(const std::string &str) { } +std::vector expandEnv(const std::string& var, int flags) +{ + std::vector vars; + + wordexp_t p; + if (wordexp(var.c_str(), &p, flags) == false) { + if (p.we_wordc) { + for (char** exp = p.we_wordv; *exp; ++exp) { + vars.push_back(exp[0]); + } + } + wordfree(&p); + } + return vars; +} + + } // namespace ModSecurity diff --git a/src/utils.h b/src/utils.h index a502ae26..a7926fe1 100644 --- a/src/utils.h +++ b/src/utils.h @@ -47,6 +47,7 @@ namespace ModSecurity { std::string phase_name(int x); std::string limitTo(int amount, const std::string &str); std::string toHexIfNeeded(const std::string &str); + std::vector expandEnv(const std::string& var, int flags); } // namespace ModSecurity #define SRC_UTILS_H_