github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added macro expansion for append/prepend action.

Browse Source
This commit is contained in:
b1v1r
2009-03-06 05:28:12 +00:00
parent 4c7b251236 fa96c349e5
commit 993c718eb0
5 changed files with 87 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,6 +1,8 @@
05 Mar 2009 - 2.5.9-dev1 05 Mar 2009 - 2.5.9-dev1
------------------------ ------------------------
* Added macro expansion for append/prepend action.
* Fixed race condition in concurrent updates of persistent counters. Updates * Fixed race condition in concurrent updates of persistent counters. Updates
are now atomic. are now atomic.

28
apache2/re_actions.c
View File

@@ -1803,8 +1803,18 @@ static apr_status_t msre_action_exec_execute(modsec_rec *msr, apr_pool_t *mptmp,
static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mptmp, static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action) msre_rule *rule, msre_action *action)
{ {
msr->content_prepend = action->param; msc_string *var = NULL;
msr->content_prepend_len = strlen(action->param);
/* Expand any macros in the text */
var = apr_pcalloc(mptmp, sizeof(msc_string));
if (var == NULL) return -1;
var->value = (char *)action->param;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, mptmp);
/* ENH: Verify we really have to dup the data here. */
msr->content_prepend = apr_pstrndup(msr->mp, var->value, var->value_len);
msr->content_prepend_len = var->value_len;
return 1; return 1;
} }
@@ -1813,8 +1823,18 @@ static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mpt
static apr_status_t msre_action_append_execute(modsec_rec *msr, apr_pool_t *mptmp, static apr_status_t msre_action_append_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action) msre_rule *rule, msre_action *action)
{ {
msr->content_append = action->param; msc_string *var = NULL;
msr->content_append_len = strlen(action->param);
/* Expand any macros in the text */
var = apr_pcalloc(mptmp, sizeof(msc_string));
if (var == NULL) return -1;
var->value = (char *)action->param;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, mptmp);
/* ENH: Verify we really have to dup the data here. */
msr->content_append = apr_pstrndup(msr->mp, var->value, var->value_len);
msr->content_append_len = var->value_len;
return 1; return 1;
} }

2
apache2/t/regression/action/00-misc.t
View File

@@ -1,6 +1,5 @@
### Test misc actions ### Test misc actions
# TODO: append
# TODO: block # TODO: block
# TODO: capture # TODO: capture
# TODO: chain # TODO: chain
@@ -10,7 +9,6 @@
# TODO: initcol # TODO: initcol
# TODO: multiMatch # TODO: multiMatch
# TODO: pause # TODO: pause
# TODO: prepend
# TODO: sanitiseArg # TODO: sanitiseArg
# TODO: sanitiseMatched # TODO: sanitiseMatched
# TODO: sanitiseRequestHeader # TODO: sanitiseRequestHeader

49
apache2/t/regression/action/10-append-prepend.t Normal file
View File

@@ -0,0 +1,49 @@
# TODO: Need more tests here
### append
{
type => "action",
comment => "append content",
conf => qq(
SecRuleEngine On
SecContentInjection On
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecAction "phase:1,setvar:tx.test=test"
SecAction "phase:2,append:'APPEND: \%{tx.test}'"
),
match_log => {
debug => [ "Added content to bottom: APPEND: test", 1 ],
},
match_response => {
status => qr/^200$/,
content => qr/APPEND: test$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
### prepend
{
type => "action",
comment => "prepend content",
conf => qq(
SecRuleEngine On
SecContentInjection On
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecAction "phase:1,setvar:tx.test=test"
SecAction "phase:2,prepend:'PREPEND: \%{tx.test}'"
),
match_log => {
debug => [ "Added content to top: PREPEND: test", 1 ],
},
match_response => {
status => qr/^200$/,
content => qr/^PREPEND: test/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},

12
doc/modsecurity2-apache-reference.xml
View File

@@ -4270,6 +4270,12 @@ SecAction phase:3,allow</programlisting>
<para>Example:</para> <para>Example:</para>
<programlisting>SecRule RESPONSE_CONTENT_TYPE "^text/html" "nolog,pass,<emphasis>append:'&lt;hr&gt;Footer'</emphasis>"</programlisting> <programlisting>SecRule RESPONSE_CONTENT_TYPE "^text/html" "nolog,pass,<emphasis>append:'&lt;hr&gt;Footer'</emphasis>"</programlisting>
<note>
<para>While macro expansion is allowed in the additional content,
you are strongly cautioned against inserting user defined data
fields.</para>
</note>
</section> </section>
<section> <section>
@@ -4923,6 +4929,12 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403</programlisting>
<para>Example:</para> <para>Example:</para>
<programlisting>SecRule RESPONSE_CONTENT_TYPE ^text/html "phase:3,nolog,pass,<emphasis>prepend:'Header&lt;br&gt;'</emphasis>"</programlisting> <programlisting>SecRule RESPONSE_CONTENT_TYPE ^text/html "phase:3,nolog,pass,<emphasis>prepend:'Header&lt;br&gt;'</emphasis>"</programlisting>
<note>
<para>While macro expansion is allowed in the additional content,
you are strongly cautioned against inserting user defined data
fields.</para>
</note>
</section> </section>
<section> <section>