Adds support to the INBOUND_DATA_ERROR variable and SecRequestBodyLimit direc.

src/assay.cc

@@ -414,6 +414,10 @@ int Assay::addRequestHeader(const unsigned char *key, size_t key_n,
 int Assay::processRequestBody() {
     debug(4, "Starting phase REQUEST_BODY. (SecRules 2)");
 
+    if (resolve_variable_first("INBOUND_DATA_ERROR") == NULL) {
+        store_variable("INBOUND_DATA_ERROR", "0");
+    }
+
     if (m_requestBody.tellp() <= 0) {
         return true;
     }
@@ -522,10 +526,16 @@ int Assay::processRequestBody() {
  *
  */
 int Assay::appendRequestBody(const unsigned char *buf, size_t len) {
-    /**
-     * as part of the confiurations or rules it is expected to 
-     * set a higher value for this. Will not handle it for now.
-     */
+    int current_size = this->m_requestBody.tellp();
+
+    debug(9, "Appending request body: " + std::to_string(len) + " bytes. " \
+        "Limit set to: " + std::to_string(this->m_rules->requestBodyLimit));
+
+    if (this->m_rules->requestBodyLimit > 0
+        && this->m_rules->requestBodyLimit < len + current_size) {
+        store_variable("INBOUND_DATA_ERROR", "1");
+    }
+
     this->m_requestBody.write(reinterpret_cast<const char*>(buf), len);
 
     return 0;

src/parser/driver.cc

@@ -20,6 +20,7 @@
 Driver::Driver()
   : trace_scanning(false),
   trace_parsing(false),
+  requestBodyLimit(0),
   audit_log(new ModSecurity::AuditLog()) {
 }
 

src/parser/driver.h

@@ -87,6 +87,7 @@ class Driver {
     bool sec_audit_engine;
     bool sec_request_body_access;
     bool sec_response_body_access;
+    int requestBodyLimit;
 
     std::string debug_log_path;
     std::list<std::string> components;

src/parser/seclang-parser.yy

@@ -63,6 +63,7 @@ using ModSecurity::Utils::GeoLookup;
 %left ARGS CONFIG_VALUE_RELEVANT_ONLY CONFIG_VALUE_ON CONFIG_VALUE_OFF CONFIG_VALUE
 %token <std::string> DIRECTIVE
 %token <std::string> CONFIG_DIRECTIVE
+%token <std::string> CONFIG_DIR_REQ_BODY_LIMIT
 %token <std::string> CONFIG_DIR_RULE_ENG
 %token <std::string> CONFIG_DIR_REQ_BODY
 %token <std::string> CONFIG_DIR_RES_BODY
@@ -250,6 +251,10 @@ expression:
       {
         GeoLookup::getInstance().setDataBase($1);
       }
+    | CONFIG_DIR_REQ_BODY_LIMIT
+      {
+        driver.requestBodyLimit = atoi($1.c_str());
+      }
 
 variables:
     variables PIPE VARIABLE

src/parser/seclang-scanner.ll

@@ -21,7 +21,9 @@ ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|
 ACTION_SEVERITY (?i:severity:[0-9]+|severity:'[0-9]+'|severity:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|severity:'(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)')
 DIRECTIVE       SecRule
 
-CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
+CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
+CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit)
+
 
 CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
 
@@ -57,7 +59,7 @@ OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
 
 TRANSFORMATION  t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
 
-VARIABLE          (?i:FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
+VARIABLE          (?i:INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
 RUN_TIME_VAR_DUR  (?i:DURATION)
 RUN_TIME_VAR_ENV  (?i:ENV)
 RUN_TIME_VAR_BLD  (?i:MODSEC_BUILD)
@@ -122,6 +124,9 @@ FREE_TEXT_NEW_LINE       [^\"|\n]+
 %{ /* Geo DB loopkup */ %}
 {CONFIG_DIR_GEO_DB}[ ]{FREE_TEXT_NEW_LINE}      { return yy::seclang_parser::make_CONFIG_DIR_GEO_DB(strchr(yytext, ' ') + 1, loc); }
 
+%{ /* Request body limit */ %}
+{CONFIG_DIR_REQ_BODY_LIMIT}[ ]{CONFIG_VALUE_NUMBER}  { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY_LIMIT(strchr(yytext, ' ') + 1, loc); }
+
 {CONFIG_COMPONENT_SIG}[ ]["]{FREE_TEXT}["] { return yy::seclang_parser::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, loc); }
 
 {CONFIG_VALUE_ON}               { return yy::seclang_parser::make_CONFIG_VALUE_ON(yytext, loc); }

src/rules.cc

@@ -167,6 +167,7 @@ int Rules::merge(Driver *from) {
     this->debug_log_path = from->debug_log_path;
     this->debug_level = from->debug_level;
     this->components = from->components;
+    this->requestBodyLimit = from->requestBodyLimit;
 
     if (m_custom_debug_log) {
         this->debug_log = m_custom_debug_log->new_instance();
@@ -201,6 +202,7 @@ int Rules::merge(Rules *from) {
     this->sec_request_body_access = from->sec_request_body_access;
     this->sec_response_body_access = from->sec_response_body_access;
     this->components = from->components;
+    this->requestBodyLimit = from->requestBodyLimit;
 
     this->debug_log = from->debug_log;