Adds support to severity action and HIGHEST_SEVERITY variable

src/parser/seclang-parser.yy

@@ -18,6 +18,7 @@ class Driver;
 #include "variable_duration.h"
 #include "variable_env.h"
 #include "variable_modsec_build.h"
+#include "variable_highest_severity.h"
 #include "utils/geo_lookup.h"
 
 using ModSecurity::actions::Action;
@@ -27,6 +28,7 @@ using ModSecurity::Variable;
 using ModSecurity::VariableDuration;
 using ModSecurity::VariableEnv;
 using ModSecurity::VariableModsecBuild;
+using ModSecurity::VariableHighestSeverity;
 using ModSecurity::Rule;
 using ModSecurity::Utils::GeoLookup;
 
@@ -91,11 +93,13 @@ using ModSecurity::Utils::GeoLookup;
 %token <std::string> RUN_TIME_VAR_DUR
 %token <std::string> RUN_TIME_VAR_ENV
 %token <std::string> RUN_TIME_VAR_BLD
+%token <std::string> RUN_TIME_VAR_HSV
 
 %token <std::string> CONFIG_DIR_GEO_DB
 
 %token <std::string> OPERATOR
 %token <std::string> ACTION
+%token <std::string> ACTION_SEVERITY
 %token <std::string> TRANSFORMATION
 
 %token <double> CONFIG_VALUE_NUMBER
@@ -296,7 +300,20 @@ variables:
         variables->push_back(new VariableModsecBuild($1));
         $$ = variables;
       }
+    | variables PIPE RUN_TIME_VAR_HSV
+      {
+        std::vector<Variable *> *v = $1;
+        v->push_back(new VariableHighestSeverity($3));
+        $$ = $1;
+      }
+    | RUN_TIME_VAR_HSV
+      {
+        std::vector<Variable *> *variables = new std::vector<Variable *>;
+        variables->push_back(new VariableHighestSeverity($1));
+        $$ = variables;
+      }
 
+      
 actions:
     actions COMMA SPACE ACTION
       {
@@ -350,6 +367,31 @@ actions:
         actions->push_back(Transformation::instantiate($1));
         $$ = actions;
       }
+    | actions COMMA SPACE ACTION_SEVERITY
+      {
+        std::vector<Action *> *a = $1;
+        a->push_back(Action::instantiate($4));
+        $$ = $1;
+      }
+    | actions COMMA ACTION_SEVERITY
+      {
+        std::vector<Action *> *a = $1;
+        a->push_back(Action::instantiate($3));
+        $$ = $1;
+      }
+    | SPACE ACTION_SEVERITY
+      {
+        std::vector<Action *> *actions = new std::vector<Action *>;
+        actions->push_back(Action::instantiate($2));
+        $$ = actions;
+
+      }
+    | ACTION_SEVERITY
+      {
+        std::vector<Action *> *actions = new std::vector<Action *>;
+        actions->push_back(Action::instantiate($1));
+        $$ = actions;
+      }
 
 
 %%

src/parser/seclang-scanner.ll

@@ -17,8 +17,8 @@
 static yy::location loc;
 %}
 %option noyywrap nounput batch debug noinput
-ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|initcol|log|logdata|maturity|msg|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-z0-9_\|\&\:\/\/\.]+|rev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|severity|setuid|setrsc|setsid|setenv|setvar|skip|skipAfter|status:[0-9]+|tag|ver|xmlns|t)
-
+ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|initcol|log|logdata|maturity|msg|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-z0-9_\|\&\:\/\/\.]+|rev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|setvar|skip|skipAfter|status:[0-9]+|tag|ver|xmlns|t)
+ACTION_SEVERITY (?i:severity:[0-9]+|severity:'[0-9]+'|severity:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|severity:'(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)')
 DIRECTIVE       SecRule
 
 CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
@@ -61,6 +61,7 @@ VARIABLE          (?i:FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|
 RUN_TIME_VAR_DUR  (?i:DURATION)
 RUN_TIME_VAR_ENV  (?i:ENV)
 RUN_TIME_VAR_BLD  (?i:MODSEC_BUILD)
+RUN_TIME_VAR_HSV  (?i:HIGHEST_SEVERITY)
 
 VARIABLENOCOLON  (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE)
 
@@ -116,6 +117,7 @@ FREE_TEXT_NEW_LINE       [^\"|\n]+
 {RUN_TIME_VAR_DUR}                      { return yy::seclang_parser::make_RUN_TIME_VAR_DUR(yytext, loc); }
 {RUN_TIME_VAR_ENV}:?{DICT_ELEMENT}?     { return yy::seclang_parser::make_RUN_TIME_VAR_ENV(yytext, loc); }
 {RUN_TIME_VAR_BLD}                      { return yy::seclang_parser::make_RUN_TIME_VAR_BLD(yytext, loc); }
+{RUN_TIME_VAR_HSV}                      { return yy::seclang_parser::make_RUN_TIME_VAR_HSV(yytext, loc); }
 
 %{ /* Geo DB loopkup */ %}
 {CONFIG_DIR_GEO_DB}[ ]{FREE_TEXT_NEW_LINE}      { return yy::seclang_parser::make_CONFIG_DIR_GEO_DB(strchr(yytext, ' ') + 1, loc); }
@@ -131,6 +133,7 @@ FREE_TEXT_NEW_LINE       [^\"|\n]+
 ["]{OPERATOR}[ ]{FREE_TEXT}["]  { return yy::seclang_parser::make_OPERATOR(yytext, loc); }
 ["]{OPERATORNOARG}["]           { return yy::seclang_parser::make_OPERATOR(yytext, loc); }
 {ACTION}                        { return yy::seclang_parser::make_ACTION(yytext, loc); }
+{ACTION_SEVERITY}                        { return yy::seclang_parser::make_ACTION_SEVERITY(yytext, loc); }
 ["]                             { return yy::seclang_parser::make_QUOTATION_MARK(loc); }
 [,]                             { return yy::seclang_parser::make_COMMA(loc); }
 [|]                             { return yy::seclang_parser::make_PIPE(loc); }