Adds initial support to initcol action

2025-08-14 05:45:59 +03:00 · 2015-12-15 17:53:27 -03:00 · 2015-12-15 17:53:27 -03:00 · 913e22a77d
commit 913e22a77d
parent fb3696ac04
6 changed files with 147 additions and 2 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -68,6 +68,7 @@ ACTIONS = \
 	actions/capture.cc \
 	actions/chain.cc \
 	actions/ctl_audit_log_parts.cc \
+	actions/init_col.cc \
 	actions/deny.cc \
 	actions/log_data.cc \
 	actions/msg.cc \
--- a/src/actions/init_col.cc
+++ b/src/actions/init_col.cc
@ -0,0 +1,65 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/init_col.h"
+
+#include <iostream>
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/assay.h"
+#include "src/utils.h"
+#include "modsecurity/rule.h"
+#include "src/macro_expansion.h"
+
+namespace modsecurity {
+namespace actions {
+
+InitCol::InitCol(std::string action)
+    : Action(action, RunTimeOnlyIfMatchKind) {
+}
+
+
+bool InitCol::init(std::string *error) {
+        int posEquals = action.find("=");
+        int posInit = strlen("initcol:");
+std::cout << "Init collection!!!!!!!!!!!!!" << std::endl;
+
+        if (action.size() < 8) {
+            // return false;
+        }
+        if (posEquals == std::string::npos) {
+            // return false;
+        }
+
+        m_collection_key = std::string(action, posInit,  posEquals - posInit);
+        m_collection_value = std::string(action, posEquals + 1);
+}
+
+
+bool InitCol::evaluate(Rule *rule, Assay *assay) {
+    std::string collectionName;
+
+    collectionName = MacroExpansion::expand(m_collection_value, assay);
+    std::cout << std::endl;
+    std::cout << "Evaluate collection!!!!!!!!!!!!!" << std::endl;
+    std::cout << "Collection key: " << m_collection_key << std::endl;
+    std::cout << "Collection value: " << m_collection_value << std::endl;
+    std::cout << "Collection value (expanded): " << collectionName << std::endl;
+    return true;
+}
+
+}  // namespace actions
+}  // namespace modsecurity
--- a/src/actions/init_col.h
+++ b/src/actions/init_col.h
@ -0,0 +1,45 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_INIT_COL_H_
+#define SRC_ACTIONS_INIT_COL_H_
+
+class Assay;
+
+namespace modsecurity {
+class Assay;
+namespace actions {
+
+
+class InitCol : public Action {
+ public:
+    explicit InitCol(std::string action);
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+    bool init(std::string *error) override;
+ private:
+    std::string m_collection_key;
+    std::string m_collection_value;
+};
+
+
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_INIT_COL_H_
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -21,6 +21,7 @@ class Driver;
 #include "actions/action.h"
 #include "actions/audit_log.h"
 #include "actions/ctl_audit_log_parts.h"
+#include "actions/init_col.h"
 #include "actions/set_var.h"
 #include "actions/severity.h"
 #include "actions/skip_after.h"
@ -59,6 +60,7 @@ using modsecurity::ModSecurity;

 using modsecurity::actions::Action;
 using modsecurity::actions::CtlAuditLogParts;
+using modsecurity::actions::InitCol;
 using modsecurity::actions::SetVar;
 using modsecurity::actions::Severity;
 using modsecurity::actions::Tag;
@ -794,7 +796,12 @@ act:
      }
    | ACTION_INITCOL
      {
-        $$ = Action::instantiate($1);
+        std::string error;
+        $$ = new InitCol($1);
+        if ($$->init(&error) == false) {
+            driver.error(@0, error);
+            YYERROR;
+        }
      }
    | TRANSFORMATION
      {
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -155,10 +155,14 @@ FREE_TEXT_SPACE [^ \t]+
 FREE_TEXT_SPACE_COMMA [^, \t]+
 FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"]+

+COL_NAME [A-Za-z]+
+COL_FREE_TEXT_SPACE_COMMA ([^,])+
+
 VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
 VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+
 VAR_FREE_TEXT_SPACE [^ \t\"]+

+
 SOMETHING ["]{1}[^@]{1}([^"]|([^\\"]\\\"))*["]{1}

 CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
@ -333,7 +337,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 {ACTION_ACCURACY}:{FREE_TEXT_QUOTE}      { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); }
 {ACTION_CTL_BDY_XML}              { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); }
 {ACTION_CTL_BDY_JSON}             { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); }
-{ACTION_INITCOL}:{FREE_TEXT_QUOTE}={FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); }
+{ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); }

 ["]                             { return yy::seclang_parser::make_QUOTATION_MARK(yytext, *driver.loc.back()); }
 [,]                             { return yy::seclang_parser::make_COMMA(*driver.loc.back()); }
--- a/test/test-cases/regression/action-initcol.json
+++ b/test/test-cases/regression/action-initcol.json
@ -0,0 +1,23 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing initcol action",
+    "expected":{
+      "debug_log": ".*"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,pass\""
+    ]
+  }
+]