Adds possibility to use include with wildcards and env vars

src/parser/seclang-scanner.ll

@@ -139,7 +139,7 @@ CONFIG_VALUE_REJECT (?i:Reject)
 CONFIG_VALUE_ABORT   (?i:Abort)
 CONFIG_VALUE_WARN    (?i:Warn)
 
-CONFIG_VALUE_PATH    [0-9A-Za-z_/\.\-]+
+CONFIG_VALUE_PATH    [0-9A-Za-z_/\.\-\*]+
 AUDIT_PARTS [ABCDEFHJKIZ]+
 CONFIG_VALUE_NUMBER [0-9]+
 
@@ -373,31 +373,37 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 %{ /* Include external configurations */ %}
 {CONFIG_INCLUDE}[ ]{CONFIG_VALUE_PATH} {
     const char *file = strchr(yytext, ' ') + 1;
-    yyin = fopen(file, "r" );
+    for (auto& s: ModSecurity::expandEnv(file, 0)) {
-    if (!yyin) {
+        yyin = fopen(s.c_str(), "r" );
-        BEGIN(INITIAL);
+        if (!yyin) {
-        driver.error (*driver.loc.back(), "", yytext + std::string(": Not able to open file."));
+            BEGIN(INITIAL);
-        throw yy::seclang_parser::syntax_error(*driver.loc.back(), "");
+            driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file."));
+            throw yy::seclang_parser::syntax_error(*driver.loc.back(), "");
+        }
+        driver.ref.push_back(file);
+        driver.loc.push_back(new yy::location());
+        yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE ));
+
     }
-    driver.ref.push_back(file);
-    driver.loc.push_back(new yy::location());
-    yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE ));
 }
 
 {CONFIG_INCLUDE}[ ]["]{CONFIG_VALUE_PATH}["] {
     const char *file = strchr(yytext, ' ') + 1;
     char *f = strdup(file + 1);
     f[strlen(f)-1] = '\0';
-    yyin = fopen(f, "r" );
+    for (auto& s: ModSecurity::expandEnv(f, 0)) {
-    if (!yyin) {
+        yyin = fopen(s.c_str(), "r" );
-        BEGIN(INITIAL);
+        if (!yyin) {
-        driver.error (*driver.loc.back(), "", yytext + std::string(": Not able to open file."));
+            BEGIN(INITIAL);
-        throw yy::seclang_parser::syntax_error(*driver.loc.back(), "");
+            driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file."));
+            throw yy::seclang_parser::syntax_error(*driver.loc.back(), "");
+        }
+        driver.ref.push_back(file);
+        driver.loc.push_back(new yy::location());
+        yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE ));
+
     }
     free(f);
-    driver.ref.push_back(file);
-    driver.loc.push_back(new yy::location());
-    yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE ));
 }
 
 

src/utils.cc

@@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <stddef.h>
 #include <string.h>
+#include <wordexp.h>
 
 
 #include <stdint.h>
@@ -1022,5 +1023,22 @@ std::string toHexIfNeeded(const std::string &str) {
 }
 
 
+std::vector<std::string> expandEnv(const std::string& var, int flags)
+{
+    std::vector<std::string> vars;
+
+    wordexp_t p;
+    if (wordexp(var.c_str(), &p, flags) == false) {
+        if (p.we_wordc) {
+            for (char** exp = p.we_wordv; *exp; ++exp) {
+                vars.push_back(exp[0]);
+            }
+        }
+        wordfree(&p);
+    }
+    return vars;
+}
+
+
 }  // namespace ModSecurity
 

src/utils.h

@@ -47,6 +47,7 @@ namespace ModSecurity {
     std::string phase_name(int x);
     std::string limitTo(int amount, const std::string &str);
     std::string toHexIfNeeded(const std::string &str);
+    std::vector<std::string> expandEnv(const std::string& var, int flags);
 }  // namespace ModSecurity
 
 #define SRC_UTILS_H_