github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds initial support to initcol action

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-12-15 17:53:27 -03:00
parent fb3696ac04
commit 913e22a77d
6 changed files with 147 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.am
View File

@ -68,6 +68,7 @@ ACTIONS = \
actions/capture.cc \ actions/capture.cc \
actions/chain.cc \ actions/chain.cc \
actions/ctl_audit_log_parts.cc \ actions/ctl_audit_log_parts.cc \
actions/init_col.cc \
actions/deny.cc \ actions/deny.cc \
actions/log_data.cc \ actions/log_data.cc \
actions/msg.cc \ actions/msg.cc \

65
src/actions/init_col.cc Normal file
View File

@ -0,0 +1,65 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "actions/init_col.h"
#include <iostream>
#include <string>
#include "actions/action.h"
#include "modsecurity/assay.h"
#include "src/utils.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
namespace modsecurity {
namespace actions {
InitCol::InitCol(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) {
}
bool InitCol::init(std::string *error) {
int posEquals = action.find("=");
int posInit = strlen("initcol:");
std::cout << "Init collection!!!!!!!!!!!!!" << std::endl;
if (action.size() < 8) {
// return false;
}
if (posEquals == std::string::npos) {
// return false;
}
m_collection_key = std::string(action, posInit, posEquals - posInit);
m_collection_value = std::string(action, posEquals + 1);
}
bool InitCol::evaluate(Rule *rule, Assay *assay) {
std::string collectionName;
collectionName = MacroExpansion::expand(m_collection_value, assay);
std::cout << std::endl;
std::cout << "Evaluate collection!!!!!!!!!!!!!" << std::endl;
std::cout << "Collection key: " << m_collection_key << std::endl;
std::cout << "Collection value: " << m_collection_value << std::endl;
std::cout << "Collection value (expanded): " << collectionName << std::endl;
return true;
}
} // namespace actions
} // namespace modsecurity

45
src/actions/init_col.h Normal file
View File

@ -0,0 +1,45 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "actions/action.h"
#ifndef SRC_ACTIONS_INIT_COL_H_
#define SRC_ACTIONS_INIT_COL_H_
class Assay;
namespace modsecurity {
class Assay;
namespace actions {
class InitCol : public Action {
public:
explicit InitCol(std::string action);
bool evaluate(Rule *rule, Assay *assay) override;
bool init(std::string *error) override;
private:
std::string m_collection_key;
std::string m_collection_value;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_INIT_COL_H_

9
src/parser/seclang-parser.yy
View File

@ -21,6 +21,7 @@ class Driver;
#include "actions/action.h" #include "actions/action.h"
#include "actions/audit_log.h" #include "actions/audit_log.h"
#include "actions/ctl_audit_log_parts.h" #include "actions/ctl_audit_log_parts.h"
#include "actions/init_col.h"
#include "actions/set_var.h" #include "actions/set_var.h"
#include "actions/severity.h" #include "actions/severity.h"
#include "actions/skip_after.h" #include "actions/skip_after.h"
@ -59,6 +60,7 @@ using modsecurity::ModSecurity;
using modsecurity::actions::Action; using modsecurity::actions::Action;
using modsecurity::actions::CtlAuditLogParts; using modsecurity::actions::CtlAuditLogParts;
using modsecurity::actions::InitCol;
using modsecurity::actions::SetVar; using modsecurity::actions::SetVar;
using modsecurity::actions::Severity; using modsecurity::actions::Severity;
using modsecurity::actions::Tag; using modsecurity::actions::Tag;
@ -794,7 +796,12 @@ act:
} }
| ACTION_INITCOL | ACTION_INITCOL
{ {
$$ = Action::instantiate($1); std::string error;
$$ = new InitCol($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;
}
} }
| TRANSFORMATION | TRANSFORMATION
{ {

6
src/parser/seclang-scanner.ll
View File

@ -155,10 +155,14 @@ FREE_TEXT_SPACE [^ \t]+
FREE_TEXT_SPACE_COMMA [^, \t]+ FREE_TEXT_SPACE_COMMA [^, \t]+
FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"]+ FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"]+
COL_NAME [A-Za-z]+
COL_FREE_TEXT_SPACE_COMMA ([^,])+
VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+ VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+
VAR_FREE_TEXT_SPACE [^ \t\"]+ VAR_FREE_TEXT_SPACE [^ \t\"]+
SOMETHING ["]{1}[^@]{1}([^"]|([^\\"]\\\"))*["]{1} SOMETHING ["]{1}[^@]{1}([^"]|([^\\"]\\\"))*["]{1}
CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
@ -333,7 +337,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
{ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); } {ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return yy::seclang_parser::make_ACTION_ACCURACY(strchr(yytext, ':') + 1, *driver.loc.back()); }
{ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); } {ACTION_CTL_BDY_XML} { return yy::seclang_parser::make_ACTION_CTL_BDY_XML(yytext, *driver.loc.back()); }
{ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); } {ACTION_CTL_BDY_JSON} { return yy::seclang_parser::make_ACTION_CTL_BDY_JSON(yytext, *driver.loc.back()); }
{ACTION_INITCOL}:{FREE_TEXT_QUOTE}={FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); } {ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return yy::seclang_parser::make_ACTION_INITCOL(yytext, *driver.loc.back()); }
["] { return yy::seclang_parser::make_QUOTATION_MARK(yytext, *driver.loc.back()); } ["] { return yy::seclang_parser::make_QUOTATION_MARK(yytext, *driver.loc.back()); }
[,] { return yy::seclang_parser::make_COMMA(*driver.loc.back()); } [,] { return yy::seclang_parser::make_COMMA(*driver.loc.back()); }

23
test/test-cases/regression/action-initcol.json Normal file
View File

@ -0,0 +1,23 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing initcol action",
"expected":{
"debug_log": ".*"
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,pass\""
]
}
]