Added macro expansion for append/prepend action.

2026-01-13 23:17:10 +03:00 · 2009-03-06 05:28:12 +00:00
parent 4c7b251236 fa96c349e5
commit 993c718eb0
5 changed files with 87 additions and 6 deletions
--- a/apache2/re_actions.c
+++ b/apache2/re_actions.c
@@ -1803,8 +1803,18 @@ static apr_status_t msre_action_exec_execute(modsec_rec *msr, apr_pool_t *mptmp,
 static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mptmp,
    msre_rule *rule, msre_action *action)
 {
-    msr->content_prepend = action->param;
-    msr->content_prepend_len = strlen(action->param);
+    msc_string *var = NULL;
+
+    /* Expand any macros in the text */
+    var = apr_pcalloc(mptmp, sizeof(msc_string));
+    if (var == NULL) return -1;
+    var->value = (char *)action->param;
+    var->value_len = strlen(var->value);
+    expand_macros(msr, var, rule, mptmp);
+
+    /* ENH: Verify we really have to dup the data here. */
+    msr->content_prepend = apr_pstrndup(msr->mp, var->value, var->value_len);
+    msr->content_prepend_len = var->value_len;

    return 1;
 }
@@ -1813,8 +1823,18 @@ static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mpt
 static apr_status_t msre_action_append_execute(modsec_rec *msr, apr_pool_t *mptmp,
    msre_rule *rule, msre_action *action)
 {
-    msr->content_append = action->param;
-    msr->content_append_len = strlen(action->param);
+    msc_string *var = NULL;
+
+    /* Expand any macros in the text */
+    var = apr_pcalloc(mptmp, sizeof(msc_string));
+    if (var == NULL) return -1;
+    var->value = (char *)action->param;
+    var->value_len = strlen(var->value);
+    expand_macros(msr, var, rule, mptmp);
+
+    /* ENH: Verify we really have to dup the data here. */
+    msr->content_append = apr_pstrndup(msr->mp, var->value, var->value_len);
+    msr->content_append_len = var->value_len;

    return 1;
 }
--- a/apache2/t/regression/action/00-misc.t
+++ b/apache2/t/regression/action/00-misc.t
@@ -1,6 +1,5 @@
 ### Test misc actions

-# TODO: append
 # TODO: block
 # TODO: capture
 # TODO: chain
@@ -10,7 +9,6 @@
 # TODO: initcol
 # TODO: multiMatch
 # TODO: pause
-# TODO: prepend
 # TODO: sanitiseArg
 # TODO: sanitiseMatched
 # TODO: sanitiseRequestHeader
--- a/apache2/t/regression/action/10-append-prepend.t
+++ b/apache2/t/regression/action/10-append-prepend.t
@@ -0,0 +1,49 @@
+# TODO: Need more tests here
+
+### append
+{
+	type => "action",
+	comment => "append content",
+	conf => qq(
+		SecRuleEngine On
+        SecContentInjection On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+		SecAction "phase:1,setvar:tx.test=test"
+		SecAction "phase:2,append:'APPEND: \%{tx.test}'"
+	),
+	match_log => {
+        debug => [ "Added content to bottom: APPEND: test", 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/APPEND: test$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+### prepend
+{
+	type => "action",
+	comment => "prepend content",
+	conf => qq(
+		SecRuleEngine On
+        SecContentInjection On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+		SecAction "phase:1,setvar:tx.test=test"
+		SecAction "phase:2,prepend:'PREPEND: \%{tx.test}'"
+	),
+	match_log => {
+        debug => [ "Added content to top: PREPEND: test", 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^PREPEND: test/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},