From 913e22a77d9dcdd93e94fe53724526353b2cf80f Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Tue, 15 Dec 2015 17:53:27 -0300 Subject: [PATCH] Adds initial support to initcol action --- src/Makefile.am | 1 + src/actions/init_col.cc | 65 +++++++++++++++++++ src/actions/init_col.h | 45 +++++++++++++ src/parser/seclang-parser.yy | 9 ++- src/parser/seclang-scanner.ll | 6 +- .../test-cases/regression/action-initcol.json | 23 +++++++ 6 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 src/actions/init_col.cc create mode 100644 src/actions/init_col.h create mode 100644 test/test-cases/regression/action-initcol.json diff --git a/src/Makefile.am b/src/Makefile.am index f0f71c43..eee795a5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -68,6 +68,7 @@ ACTIONS = \ actions/capture.cc \ actions/chain.cc \ actions/ctl_audit_log_parts.cc \ + actions/init_col.cc \ actions/deny.cc \ actions/log_data.cc \ actions/msg.cc \ diff --git a/src/actions/init_col.cc b/src/actions/init_col.cc new file mode 100644 index 00000000..f632bcbd --- /dev/null +++ b/src/actions/init_col.cc @@ -0,0 +1,65 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "actions/init_col.h" + +#include +#include + +#include "actions/action.h" +#include "modsecurity/assay.h" +#include "src/utils.h" +#include "modsecurity/rule.h" +#include "src/macro_expansion.h" + +namespace modsecurity { +namespace actions { + +InitCol::InitCol(std::string action) + : Action(action, RunTimeOnlyIfMatchKind) { +} + + +bool InitCol::init(std::string *error) { + int posEquals = action.find("="); + int posInit = strlen("initcol:"); +std::cout << "Init collection!!!!!!!!!!!!!" << std::endl; + + if (action.size() < 8) { + // return false; + } + if (posEquals == std::string::npos) { + // return false; + } + + m_collection_key = std::string(action, posInit, posEquals - posInit); + m_collection_value = std::string(action, posEquals + 1); +} + + +bool InitCol::evaluate(Rule *rule, Assay *assay) { + std::string collectionName; + + collectionName = MacroExpansion::expand(m_collection_value, assay); + std::cout << std::endl; + std::cout << "Evaluate collection!!!!!!!!!!!!!" << std::endl; + std::cout << "Collection key: " << m_collection_key << std::endl; + std::cout << "Collection value: " << m_collection_value << std::endl; + std::cout << "Collection value (expanded): " << collectionName << std::endl; + return true; +} + +} // namespace actions +} // namespace modsecurity diff --git a/src/actions/init_col.h b/src/actions/init_col.h new file mode 100644 index 00000000..7a0b03bb --- /dev/null +++ b/src/actions/init_col.h @@ -0,0 +1,45 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include + +#include "actions/action.h" + +#ifndef SRC_ACTIONS_INIT_COL_H_ +#define SRC_ACTIONS_INIT_COL_H_ + +class Assay; + +namespace modsecurity { +class Assay; +namespace actions { + + +class InitCol : public Action { + public: + explicit InitCol(std::string action); + + bool evaluate(Rule *rule, Assay *assay) override; + bool init(std::string *error) override; + private: + std::string m_collection_key; + std::string m_collection_value; +}; + + +} // namespace actions +} // namespace modsecurity + +#endif // SRC_ACTIONS_INIT_COL_H_ diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 55264c7c..11c90ac1 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -21,6 +21,7 @@ class Driver; #include "actions/action.h" #include "actions/audit_log.h" #include "actions/ctl_audit_log_parts.h" +#include "actions/init_col.h" #include "actions/set_var.h" #include "actions/severity.h" #include "actions/skip_after.h" @@ -59,6 +60,7 @@ using modsecurity::ModSecurity; using modsecurity::actions::Action; using modsecurity::actions::CtlAuditLogParts; +using modsecurity::actions::InitCol; using modsecurity::actions::SetVar; using modsecurity::actions::Severity; using modsecurity::actions::Tag; @@ -794,7 +796,12 @@ act: } | ACTION_INITCOL { - $$ = Action::instantiate($1); + std::string error; + $$ = new InitCol($1); + if ($$->init(&error) == false) { + driver.error(@0, error); + YYERROR; + } } | TRANSFORMATION { diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index cab89e01..61b23cc5 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -155,10 +155,14 @@ FREE_TEXT_SPACE [^ \t]+ FREE_TEXT_SPACE_COMMA [^, \t]+ FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"]+ +COL_NAME [A-Za-z]+ +COL_FREE_TEXT_SPACE_COMMA ([^,])+ + VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ VAR_FREE_TEXT_SPACE [^ \t\"]+ + SOMETHING ["]{1}[^@]{1}([^"]|([^\\"]\\\"))*["]{1} CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) @@ -333,7 +337,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) {ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); } {ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); } {ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); } -{ACTION_INITCOL}:{FREE_TEXT_QUOTE}={FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); } +{ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); } ["] { return yy::seclang_parser::make_QUOTATION_MARK(yytext, *driver.loc.back()); } [,] { return yy::seclang_parser::make_COMMA(*driver.loc.back()); } diff --git a/test/test-cases/regression/action-initcol.json b/test/test-cases/regression/action-initcol.json new file mode 100644 index 00000000..38b22192 --- /dev/null +++ b/test/test-cases/regression/action-initcol.json @@ -0,0 +1,23 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing initcol action", + "expected":{ + "debug_log": ".*" + }, + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,pass\"" + ] + } +] \ No newline at end of file