From 9c7416da978136ad425904dcf041874d736a798e Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 19 Dec 2016 23:09:57 -0300 Subject: [PATCH] Refactoring the actions classes --- headers/modsecurity/actions/action.h | 1 - headers/modsecurity/intervention.h | 2 +- src/actions/action.cc | 47 +-- src/parser/seclang-parser.yy | 609 ++++++++++++--------------- src/parser/seclang-scanner.ll | 67 ++- src/transaction.cc | 3 +- 6 files changed, 341 insertions(+), 388 deletions(-) diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h index 6caa9a1e..9df52dfc 100644 --- a/headers/modsecurity/actions/action.h +++ b/headers/modsecurity/actions/action.h @@ -67,7 +67,6 @@ class Action { } virtual bool init(std::string *error) { return true; } virtual bool isDisruptive() { return false; } - static Action *instantiate(const std::string& name); void set_name_and_payload(const std::string& data) { diff --git a/headers/modsecurity/intervention.h b/headers/modsecurity/intervention.h index 2b621122..daab9542 100644 --- a/headers/modsecurity/intervention.h +++ b/headers/modsecurity/intervention.h @@ -61,7 +61,7 @@ namespace intervention { freeLog(i); } -} // namespace modsecurity +} // namespace intervention #endif #ifdef __cplusplus diff --git a/src/actions/action.cc b/src/actions/action.cc index 0437787e..c7b0bf3e 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -34,6 +34,7 @@ #include "src/actions/disruptive/pass.h" #include "src/actions/log.h" #include "src/actions/no_log.h" +#include "src/actions/no_audit_log.h" #include "src/actions/multi_match.h" @@ -55,51 +56,5 @@ bool Action::evaluate(Rule *rule, Transaction *transaction) { } -Action *Action::instantiate(const std::string& name) { - std::string status("status:"); - std::string redirect("redirect:"); - std::string block("block"); - std::string phase("phase:"); - std::string rule_id("id:"); - - if (name.compare(0, status.length(), status) == 0) { - return new data::Status(name); - } - if (name.compare(0, redirect.length(), redirect) == 0) { - return new disruptive::Redirect(name); - } - if (name.compare(0, block.length(), block) == 0) { - return new disruptive::Block(name); - } - if (name.compare(0, phase.length(), phase) == 0) { - return new Phase(name); - } - if (name.compare(0, rule_id.length(), rule_id) == 0) { - return new RuleId(name); - } - if (name == "chain") { - return new Chain(name); - } - if (name == "capture") { - return new Capture(name); - } - if (name == "pass") { - return new disruptive::Pass(name); - } - if (name == "deny") { - return new disruptive::Deny(name); - } - if (name == "log") { - return new Log(name); - } - if (name == "nolog") { - return new NoLog(name); - } - if (utils::string::tolower(name) == "multimatch") { - return new MultiMatch(utils::string::tolower(name)); - } - return new Action(name); -} - } // namespace actions } // namespace modsecurity diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 72dddb43..52cd7a46 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -18,12 +18,10 @@ class Driver; } - - #include "src/actions/accuracy.h" -#include "modsecurity/actions/action.h" -#include "src/actions/disruptive/allow.h" #include "src/actions/audit_log.h" +#include "src/actions/capture.h" +#include "src/actions/chain.h" #include "src/actions/ctl/audit_log_parts.h" #include "src/actions/ctl/request_body_access.h" #include "src/actions/ctl/request_body_processor_json.h" @@ -31,24 +29,37 @@ class Driver; #include "src/actions/ctl/rule_remove_by_id.h" #include "src/actions/ctl/rule_remove_target_by_id.h" #include "src/actions/ctl/rule_remove_target_by_tag.h" +#include "src/actions/data/status.h" +#include "src/actions/disruptive/allow.h" +#include "src/actions/disruptive/block.h" +#include "src/actions/disruptive/deny.h" +#include "src/actions/disruptive/pass.h" +#include "src/actions/disruptive/redirect.h" #include "src/actions/init_col.h" #include "src/actions/log_data.h" +#include "src/actions/log.h" #include "src/actions/maturity.h" #include "src/actions/msg.h" +#include "src/actions/multi_match.h" +#include "src/actions/no_audit_log.h" +#include "src/actions/no_log.h" #include "src/actions/phase.h" -#include "src/actions/disruptive/redirect.h" #include "src/actions/rev.h" +#include "src/actions/rule_id.h" #include "src/actions/set_sid.h" #include "src/actions/set_uid.h" #include "src/actions/set_var.h" #include "src/actions/severity.h" -#include "src/actions/skip.h" #include "src/actions/skip_after.h" +#include "src/actions/skip.h" #include "src/actions/tag.h" #include "src/actions/transformations/none.h" #include "src/actions/transformations/transformation.h" #include "src/actions/ver.h" #include "src/actions/xmlns.h" + + + #include "modsecurity/audit_log.h" #include "modsecurity/modsecurity.h" #include "modsecurity/rules_properties.h" @@ -100,27 +111,9 @@ using modsecurity::Variables::Variable; using modsecurity::Variables::Variations::Count; using modsecurity::Variables::Variations::Exclusion; using modsecurity::Variables::XML; -using modsecurity::actions::Accuracy; -using modsecurity::actions::Action; -using modsecurity::actions::disruptive::Allow; -using modsecurity::actions::ctl::AuditLogParts; -using modsecurity::actions::ctl::RequestBodyProcessorJSON; -using modsecurity::actions::ctl::RequestBodyProcessorXML; -using modsecurity::actions::InitCol; -using modsecurity::actions::LogData; -using modsecurity::actions::Maturity; -using modsecurity::actions::Msg; -using modsecurity::actions::Phase; -using modsecurity::actions::disruptive::Redirect; -using modsecurity::actions::Rev; -using modsecurity::actions::SetSID; -using modsecurity::actions::SetUID; -using modsecurity::actions::SetVar; -using modsecurity::actions::Severity; -using modsecurity::actions::Tag; -using modsecurity::actions::Ver; -using modsecurity::actions::transformations::None; -using modsecurity::actions::transformations::Transformation; + +using namespace modsecurity; + using modsecurity::operators::Operator; @@ -141,6 +134,17 @@ using modsecurity::operators::Operator; if (t) +#define ACTION_NOT_SUPPORTED(a, b) \ + driver.error(b, "Action: " + std::string(a) + " is not yet supported."); \ + YYERROR; + +#define ACTION_INIT(a, b) \ + std::string error; \ + if (a->init(&error) == false) { \ + driver.error(b, error); \ + YYERROR; \ + } + /** * %destructor { code } THING * @@ -178,10 +182,13 @@ using modsecurity::operators::Operator; PIPE ; -%token ACTION %token ACTION_ACCURACY %token ACTION_ALLOW +%token ACTION_APPEND %token ACTION_AUDIT_LOG +%token ACTION_BLOCK +%token ACTION_CAPTURE +%token ACTION_CHAIN %token ACTION_CTL_AUDIT_ENGINE %token ACTION_CTL_AUDIT_LOG_PARTS %token ACTION_CTL_BDY_JSON @@ -192,24 +199,45 @@ using modsecurity::operators::Operator; %token ACTION_CTL_RULE_REMOVE_BY_ID %token ACTION_CTL_RULE_REMOVE_TARGET_BY_ID %token ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG +%token ACTION_DENY +%token ACTION_DEPRECATE_VAR +%token ACTION_DROP %token ACTION_EXEC -%token ACTION_EXPIREVAR +%token ACTION_EXPIRE_VAR +%token ACTION_ID %token ACTION_INITCOL +%token ACTION_LOG_DATA +%token ACTION_LOG %token ACTION_MATURITY %token ACTION_MSG +%token ACTION_MULTI_MATCH +%token ACTION_NO_AUDIT_LOG +%token ACTION_NO_LOG +%token ACTION_PASS +%token ACTION_PAUSE %token ACTION_PHASE +%token ACTION_PREPEND +%token ACTION_PROXY %token ACTION_REDIRECT %token ACTION_REV +%token ACTION_SANATISE_ARG +%token ACTION_SANATISE_MATCHED +%token ACTION_SANATISE_MATCHED_BYTES +%token ACTION_SANATISE_REQUEST_HEADER +%token ACTION_SANATISE_RESPONSE_HEADER %token ACTION_SETENV +%token ACTION_SETRSC %token ACTION_SETSID %token ACTION_SETUID %token ACTION_SETVAR %token ACTION_SEVERITY %token ACTION_SKIP %token ACTION_SKIP_AFTER +%token ACTION_STATUS %token ACTION_TAG %token ACTION_VER %token ACTION_XMLNS + %token CONFIG_COMPONENT_SIG %token CONFIG_DIR_AUDIT_DIR %token CONFIG_DIR_AUDIT_DIR_MOD @@ -267,7 +295,7 @@ using modsecurity::operators::Operator; %token DIRECTIVE %token DIRECTIVE_SECRULESCRIPT %token FREE_TEXT -%token LOG_DATA + %token OPERATOR %token OPERATOR_GEOIP %token QUOTATION_MARK @@ -294,11 +322,11 @@ using modsecurity::operators::Operator; %token VARIABLE_TX -%type act +%type act %type op %type var -%type *> actings -%type *> actions +%type *> actings +%type *> actions %type *> variables @@ -533,19 +561,19 @@ expression: } | CONFIG_DIR_SEC_DEFAULT_ACTION actings { - std::vector *actions = $2; - std::vector checkedActions; + std::vector *actions = $2; + std::vector checkedActions; int definedPhase = -1; int secRuleDefinedPhase = -1; - for (Action *a : *actions) { - Phase *phase = dynamic_cast(a); + for (actions::Action *a : *actions) { + actions::Phase *phase = dynamic_cast(a); if (phase != NULL) { definedPhase = phase->m_phase; secRuleDefinedPhase = phase->m_secRulesPhase; delete phase; - } else if (a->action_kind == Action::RunTimeOnlyIfMatchKind || - a->action_kind == Action::RunTimeBeforeMatchAttemptKind) { - None *none = dynamic_cast(a); + } else if (a->action_kind == actions::Action::RunTimeOnlyIfMatchKind || + a->action_kind == actions::Action::RunTimeBeforeMatchAttemptKind) { + actions::transformations::None *none = dynamic_cast(a); if (none != NULL) { driver.error(@0, "The transformation none is not suitable to be part of the SecDefaultActions"); YYERROR; @@ -569,7 +597,7 @@ expression: YYERROR; } - for (Action *a : checkedActions) { + for (actions::Action *a : checkedActions) { driver.defaultActions[definedPhase].push_back(a); } @@ -963,356 +991,279 @@ var: ; act: - ACTION + ACTION_ACCURACY { - std::string error; - $$ = Action::instantiate($1); - - if ($$->init(&error) == false) { - driver.m_parserError << error; - YYERROR; - } + $$ = new actions::Accuracy($1); } | ACTION_ALLOW { - std::string error; - $$ = new Allow($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + $$ = new actions::disruptive::Allow($1); } - | ACTION_PHASE + | ACTION_APPEND { - std::string error; - $$ = new Phase($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_INITCOL - { - std::string error; - $$ = new InitCol($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | TRANSFORMATION - { - std::string error; - $$ = Transformation::instantiate($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_ACCURACY - { - std::string error; - $$ = new Accuracy($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_EXEC - { - /* - - TODO: exec is not implemented yet. - - std::string error; - Allow *exec = new Exec($1); - - if (exec->init(&error) == false) { - driver.parserError << error; - YYERROR; - } - - $$ = exec; - */ - $$ = Action::instantiate($1); - } - | ACTION_REDIRECT - { - std::string error; - $$ = new Redirect($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_SEVERITY - { - std::string error; - $$ = new Severity($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_EXPIREVAR - { - std::string error; - $$ = Action::instantiate($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_SETENV - { - /* - - TODO: setEnv is not implemented yet. - - std::string error; - SetEnv *setEnv = new s($1); - - if (setEnv->init(&error) == false) { - driver.parserError << error; - YYERROR; - } - - $$ = setEnv; - */ - $$ = Action::instantiate($1); - } - | ACTION_SETSID - { - std::string error; - SetSID *setSID = new SetSID($1); - - if (setSID->init(&error) == false) { - driver.m_parserError << error; - YYERROR; - } - - $$ = setSID; - } - | ACTION_SETUID - { - std::string error; - SetUID *setUID = new SetUID($1); - - if (setUID->init(&error) == false) { - driver.m_parserError << error; - YYERROR; - } - - $$ = setUID; - } - | ACTION_SETVAR - { - std::string error; - SetVar *setVar = new SetVar($1); - - if (setVar->init(&error) == false) { - driver.m_parserError << error; - YYERROR; - } - - $$ = setVar; - } - | ACTION_SKIP - { - std::string error; - $$ = new modsecurity::actions::Skip($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_SKIP_AFTER - { - std::string error; - $$ = new modsecurity::actions::SkipAfter($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + ACTION_NOT_SUPPORTED("Append", @0); } | ACTION_AUDIT_LOG { - std::string error; $$ = new modsecurity::actions::AuditLog($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } } - | LOG_DATA + | ACTION_BLOCK { - std::string error; - $$ = new LogData($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + $$ = new actions::disruptive::Block($1); } - | ACTION_MSG + | ACTION_CAPTURE { - std::string error; - $$ = new Msg($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + $$ = new actions::Capture($1); } - | ACTION_TAG + | ACTION_CHAIN { - std::string error; - $$ = new Tag($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + $$ = new actions::Chain($1); } - | ACTION_REV + | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_ON { - std::string error; - $$ = new Rev($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); + $$ = new actions::Action($1); } - | ACTION_VER + | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_OFF { - std::string error; - $$ = new Ver($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); + $$ = new actions::Action($1); } - | ACTION_MATURITY + | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_RELEVANT_ONLY { - std::string error; - $$ = new Maturity($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); + $$ = new actions::Action($1); } - | ACTION_XMLNS + | ACTION_CTL_AUDIT_LOG_PARTS { - std::string error; - $$ = new modsecurity::actions::XmlNS($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_CTL_BDY_XML - { - $$ = new modsecurity::actions::ctl::RequestBodyProcessorXML($1); + $$ = new actions::ctl::AuditLogParts($1); } | ACTION_CTL_BDY_JSON { $$ = new modsecurity::actions::ctl::RequestBodyProcessorJSON($1); } - | ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG + | ACTION_CTL_BDY_XML { - std::string error; - $$ = new modsecurity::actions::ctl::RuleRemoveTargetByTag($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_CTL_RULE_REMOVE_TARGET_BY_ID - { - std::string error; - $$ = new modsecurity::actions::ctl::RuleRemoveTargetById($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_CTL_RULE_REMOVE_BY_ID - { - std::string error; - $$ = new modsecurity::actions::ctl::RuleRemoveById($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_CTL_AUDIT_LOG_PARTS - { - std::string error; - $$ = new AuditLogParts($1); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_CTL_REQUEST_BODY_ACCESS CONFIG_VALUE_ON - { - std::string error; - $$ = new modsecurity::actions::ctl::RequestBodyAccess($1 + "true"); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } - } - | ACTION_CTL_REQUEST_BODY_ACCESS CONFIG_VALUE_OFF - { - std::string error; - $$ = new modsecurity::actions::ctl::RequestBodyAccess($1 + "false"); - if ($$->init(&error) == false) { - driver.error(@0, error); - YYERROR; - } + $$ = new modsecurity::actions::ctl::RequestBodyProcessorXML($1); } | ACTION_CTL_FORCE_REQ_BODY_VAR CONFIG_VALUE_ON { - $$ = Action::instantiate($1); + //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); + $$ = new actions::Action($1); } | ACTION_CTL_FORCE_REQ_BODY_VAR CONFIG_VALUE_OFF { - $$ = Action::instantiate($1); + //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); + $$ = new actions::Action($1); + } + | ACTION_CTL_REQUEST_BODY_ACCESS CONFIG_VALUE_ON + { + $$ = new modsecurity::actions::ctl::RequestBodyAccess($1 + "true"); + } + | ACTION_CTL_REQUEST_BODY_ACCESS CONFIG_VALUE_OFF + { + $$ = new modsecurity::actions::ctl::RequestBodyAccess($1 + "false"); } | ACTION_CTL_RULE_ENGINE CONFIG_VALUE_ON { - $$ = Action::instantiate($1); + //ACTION_NOT_SUPPORTED("CtlRuleEngine", @0); + $$ = new actions::Action($1); } | ACTION_CTL_RULE_ENGINE CONFIG_VALUE_OFF { - $$ = Action::instantiate($1); + //ACTION_NOT_SUPPORTED("CtlRuleEngine", @0); + $$ = new actions::Action($1); } | ACTION_CTL_RULE_ENGINE CONFIG_VALUE_DETC { - $$ = Action::instantiate($1); + //ACTION_NOT_SUPPORTED("CtlRuleEngine", @0); + $$ = new actions::Action($1); } - | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_ON + | ACTION_CTL_RULE_REMOVE_BY_ID { - $$ = Action::instantiate($1); + $$ = new modsecurity::actions::ctl::RuleRemoveById($1); } - | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_OFF + | ACTION_CTL_RULE_REMOVE_TARGET_BY_ID { - $$ = Action::instantiate($1); + $$ = new modsecurity::actions::ctl::RuleRemoveTargetById($1); } - | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_RELEVANT_ONLY + | ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG { - $$ = Action::instantiate($1); + $$ = new modsecurity::actions::ctl::RuleRemoveTargetByTag($1); + } + | ACTION_DENY + { + $$ = new modsecurity::actions::disruptive::Deny($1); + } + | ACTION_DEPRECATE_VAR + { + ACTION_NOT_SUPPORTED("DeprecateVar", @0); + } + | ACTION_DROP + { + //ACTION_NOT_SUPPORTED("Drop", @0); + $$ = new actions::Action($1); + } + | ACTION_EXEC + { + ACTION_NOT_SUPPORTED("Exec", @0); + } + | ACTION_EXPIRE_VAR + { + //ACTION_NOT_SUPPORTED("ExpireVar", @0); + $$ = new actions::Action($1); + } + | ACTION_ID + { + $$ = new actions::RuleId($1); + } + | ACTION_INITCOL + { + $$ = new actions::InitCol($1); + } + | ACTION_LOG_DATA + { + $$ = new actions::LogData($1); + } + | ACTION_LOG + { + $$ = new actions::Log($1); + } + | ACTION_MATURITY + { + $$ = new actions::Maturity($1); + } + | ACTION_MSG + { + $$ = new actions::Msg($1); + } + | ACTION_MULTI_MATCH + { + $$ = new actions::MultiMatch($1); + } + | ACTION_NO_AUDIT_LOG + { + $$ = new actions::NoAuditLog($1); + } + | ACTION_NO_LOG + { + $$ = new actions::NoLog($1); + } + | ACTION_PASS + { + $$ = new actions::disruptive::Pass($1); + } + | ACTION_PAUSE + { + ACTION_NOT_SUPPORTED("Pause", @0); + } + | ACTION_PHASE + { + $$ = new actions::Phase($1); + } + | ACTION_PREPEND + { + ACTION_NOT_SUPPORTED("Prepend", @0); + } + | ACTION_PROXY + { + ACTION_NOT_SUPPORTED("Proxy", @0); + } + | ACTION_REDIRECT + { + $$ = new actions::disruptive::Redirect($1); + } + | ACTION_REV + { + $$ = new actions::Rev($1); + } + | ACTION_SANATISE_ARG + { + ACTION_NOT_SUPPORTED("SanatiseArg", @0); + } + | ACTION_SANATISE_MATCHED + { + ACTION_NOT_SUPPORTED("SanatiseMatched", @0); + } + | ACTION_SANATISE_MATCHED_BYTES + { + ACTION_NOT_SUPPORTED("SanatiseMatchedBytes", @0); + } + | ACTION_SANATISE_REQUEST_HEADER + { + ACTION_NOT_SUPPORTED("SanatiseRequestHeader", @0); + } + | ACTION_SANATISE_RESPONSE_HEADER + { + ACTION_NOT_SUPPORTED("SanatiseResponseHeader", @0); + } + | ACTION_SETENV + { + ACTION_NOT_SUPPORTED("SetEnv", @0); + } + | ACTION_SETRSC + { + ACTION_NOT_SUPPORTED("SetRSC", @0); + } + | ACTION_SETSID + { + $$ = new actions::SetSID($1); + } + | ACTION_SETUID + { + $$ = new actions::SetUID($1); + } + | ACTION_SETVAR + { + $$ = new actions::SetVar($1); + } + | ACTION_SEVERITY + { + $$ = new actions::Severity($1); + } + | ACTION_SKIP + { + $$ = new modsecurity::actions::Skip($1); + } + | ACTION_SKIP_AFTER + { + $$ = new modsecurity::actions::SkipAfter($1); + } + | ACTION_STATUS + { + $$ = new actions::data::Status($1); + } + | ACTION_TAG + { + $$ = new actions::Tag($1); + } + | ACTION_VER + { + $$ = new actions::Ver($1); + } + | ACTION_XMLNS + { + $$ = new modsecurity::actions::XmlNS($1); + } + + | TRANSFORMATION + { + $$ = actions::transformations::Transformation::instantiate($1); } ; actions: actions COMMA act { - std::vector *a = $1; + std::vector *a = $1; + ACTION_INIT($3, @0) a->push_back($3); $$ = $1; } | act { - std::vector *a = new std::vector; + std::vector *a = new std::vector; + ACTION_INIT($1, @0) a->push_back($1); $$ = a; } diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index d529e330..441c7cc7 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -25,10 +25,13 @@ typedef yy::seclang_parser p; %} %option noyywrap nounput batch debug noinput -ACTION (?i:accuracy|append|block|capture|chain|deny|deprecatevar|drop|expirevar|id:[0-9]+|id:'[0-9]+'|log|multiMatch|noauditlog|nolog|pass|pause|prepend|proxy|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setrsc|setenv|status:[0-9]+) ACTION_ACCURACY (?i:accuracy) ACTION_ALLOW ((?i:allow:(?i:REQUEST|PHASE))|(?i:phase:'(?i:REQUEST|PHASE)')|(?i:allow)) +ACTION_APPEND (?i:append) ACTION_AUDIT_LOG (?i:auditlog) +ACTION_BLOCK (?i:block) +ACTION_CAPTURE (?i:capture) +ACTION_CHAIN (?i:chain) ACTION_CTL_AUDIT_ENGINE (?i:ctl:auditEngine) ACTION_CTL_AUDIT_LOG_PARTS (?i:ctl:auditLogParts) ACTION_CTL_BDY_JSON (?i:ctl:requestBodyProcessor=JSON) @@ -39,25 +42,47 @@ ACTION_CTL_RULE_ENGINE (?i:ctl:ruleEngine) ACTION_CTL_RULE_REMOVE_BY_ID (?i:ctl:ruleRemoveById) ACTION_CTL_RULE_REMOVE_TARGET_BY_ID (?i:ctl:ruleRemoveTargetById) ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG (?i:ctl:ruleRemoveTargetByTag) +ACTION_DENY (?i:deny) +ACTION_DEPRECATE_VAR (?i:deprecatevar) +ACTION_DROP (?i:drop) ACTION_EXEC (?i:exec) -ACTION_EXPIREVAR (?i:expirevar) +ACTION_EXPIRE_VAR (?i:expirevar) +ACTION_ID (?i:id:[0-9]+|id:'[0-9]+') ACTION_INITCOL (?i:initcol) +ACTION_LOG_DATA (?i:logdata) +ACTION_LOG (?i:log) ACTION_MATURITY (?i:maturity) ACTION_MSG (?i:msg) +ACTION_MULTI_MATCH (?i:multiMatch) +ACTION_NO_AUDIT_LOG (?i:noauditlog) +ACTION_NO_LOG (?i:nolog) +ACTION_PASS (?i:pass) +ACTION_PAUSE (?i:pause) ACTION_PHASE ((?i:phase:(?i:REQUEST|RESPONSE|LOGGING|[0-9]+))|(?i:phase:'(?i:REQUEST|RESPONSE|LOGGING|[0-9]+)')) +ACTION_PREPEND (?i:prepend) +ACTION_PROXY (?i:proxy) ACTION_REDIRECT (?i:redirect) ACTION_REV (?i:rev) +ACTION_SANATISE_ARG (?i:sanitiseArg) +ACTION_SANATISE_MATCHED_BYTES (?i:sanitiseMatchedBytes) +ACTION_SANATISE_MATCHED (?i:sanitiseMatched) +ACTION_SANATISE_REQUEST_HEADER (?i:sanitiseRequestHeader) +ACTION_SANATISE_RESPONSE_HEADER (?i:sanitiseResponseHeader) ACTION_SETENV (?i:setenv) +ACTION_SETRSC (?i:setrsc) ACTION_SETSID (?i:setsid) ACTION_SETUID (?i:setuid) ACTION_SETVAR (?i:setvar) ACTION_SEVERITY (?i:severity) ACTION_SEVERITY_VALUE (?i:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|[0-9]+) -ACTION_SKIP (?i:skip) ACTION_SKIP_AFTER (?i:skipAfter) +ACTION_SKIP (?i:skip) +ACTION_STATUS (?i:status:[0-9]+) ACTION_TAG (?i:tag) ACTION_VER (?i:ver) ACTION_XMLNS (?i:xmlns) + + AUDIT_PARTS [ABCDEFHJKIZ]+ COL_FREE_TEXT_SPACE_COMMA ([^,"])+ COL_NAME [A-Za-z]+ @@ -129,7 +154,6 @@ FREE_TEXT_QUOTE_COMMA [^,\']+ FREE_TEXT_SPACE [^ \t]+ FREE_TEXT_SPACE_COMMA [^, \t]+ FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"\n\r]+ -LOG_DATA (?i:logdata) NEW_LINE_FREE_TEXT [^, \t\"\n\r]+ OPERATORNOARG (?i:@unconditionalMatch|@detectSQLi|@detectXSS|@validateUrlEncoding|@validateUtf8Encoding) OPERATOR (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@validateHash|@validateSchema|@verifyCC|@verifyCPF|@verifySSN|@gsbLookup|@rsub)|(?:\!{0,1})(?:@within|@containsWord|@contains|@endsWith|@eq|@ge|@gt|@ipMatchF|@ipMatch|@ipMatchFromFile|@le|@lt|@pmf|@pm|@pmFromFile|@rbl|@rx|@streq|@strmatch|@beginsWith)) @@ -179,6 +203,30 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ // Code run each time yylex is called. driver.loc.back()->step(); %} + +{ACTION_APPEND} { return p::make_ACTION_APPEND(yytext, *driver.loc.back()); } +{ACTION_BLOCK} { return p::make_ACTION_BLOCK(yytext, *driver.loc.back()); } +{ACTION_CAPTURE} { return p::make_ACTION_CAPTURE(yytext, *driver.loc.back()); } +{ACTION_CHAIN} { return p::make_ACTION_CHAIN(yytext, *driver.loc.back()); } +{ACTION_DENY} { return p::make_ACTION_DENY(yytext, *driver.loc.back()); } +{ACTION_DEPRECATE_VAR} { return p::make_ACTION_DEPRECATE_VAR(yytext, *driver.loc.back()); } +{ACTION_DROP} { return p::make_ACTION_DROP(yytext, *driver.loc.back()); } +{ACTION_ID} { return p::make_ACTION_ID(yytext, *driver.loc.back()); } +{ACTION_LOG} { return p::make_ACTION_LOG(yytext, *driver.loc.back()); } +{ACTION_MULTI_MATCH} { return p::make_ACTION_MULTI_MATCH(yytext, *driver.loc.back()); } +{ACTION_NO_AUDIT_LOG} { return p::make_ACTION_NO_AUDIT_LOG(yytext, *driver.loc.back()); } +{ACTION_NO_LOG} { return p::make_ACTION_NO_LOG(yytext, *driver.loc.back()); } +{ACTION_PASS} { return p::make_ACTION_PASS(yytext, *driver.loc.back()); } +{ACTION_PAUSE} { return p::make_ACTION_PAUSE(yytext, *driver.loc.back()); } +{ACTION_PREPEND} { return p::make_ACTION_PREPEND(yytext, *driver.loc.back()); } +{ACTION_PROXY} { return p::make_ACTION_PROXY(yytext, *driver.loc.back()); } +{ACTION_SANATISE_ARG} { return p::make_ACTION_SANATISE_ARG(yytext, *driver.loc.back()); } +{ACTION_SANATISE_MATCHED} { return p::make_ACTION_SANATISE_MATCHED(yytext, *driver.loc.back()); } +{ACTION_SANATISE_MATCHED_BYTES} { return p::make_ACTION_SANATISE_MATCHED_BYTES(yytext, *driver.loc.back()); } +{ACTION_SANATISE_REQUEST_HEADER} { return p::make_ACTION_SANATISE_REQUEST_HEADER(yytext, *driver.loc.back()); } +{ACTION_SANATISE_RESPONSE_HEADER} { return p::make_ACTION_SANATISE_RESPONSE_HEADER(yytext, *driver.loc.back()); } +{ACTION_SETRSC} { return p::make_ACTION_SETRSC(yytext, *driver.loc.back()); } +{ACTION_STATUS} { return p::make_ACTION_STATUS(yytext, *driver.loc.back()); } {ACTION_ACCURACY}:'{FREE_TEXT_QUOTE}' { return p::make_ACTION_ACCURACY(yytext, *driver.loc.back()); } {ACTION_ACCURACY}:{FREE_TEXT_QUOTE} { return p::make_ACTION_ACCURACY(yytext, *driver.loc.back()); } {ACTION_ALLOW} { return p::make_ACTION_ALLOW(yytext, *driver.loc.back()); } @@ -195,10 +243,10 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ {ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG}[=]{REMOVE_RULE_BY} { return p::make_ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG(yytext, *driver.loc.back()); } {ACTION_EXEC}:'{VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_EXEC(yytext, *driver.loc.back()); } {ACTION_EXEC}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_EXEC(yytext, *driver.loc.back()); } -{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_EXPIREVAR(yytext, *driver.loc.back()); } -{ACTION_EXPIREVAR}:'{VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_EXPIREVAR(yytext, *driver.loc.back()); } -{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_EXPIREVAR(yytext, *driver.loc.back()); } -{ACTION_EXPIREVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_EXPIREVAR(yytext, *driver.loc.back()); } +{ACTION_EXPIRE_VAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_EXPIRE_VAR(yytext, *driver.loc.back()); } +{ACTION_EXPIRE_VAR}:'{VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_EXPIRE_VAR(yytext, *driver.loc.back()); } +{ACTION_EXPIRE_VAR}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_EXPIRE_VAR(yytext, *driver.loc.back()); } +{ACTION_EXPIRE_VAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_EXPIRE_VAR(yytext, *driver.loc.back()); } {ACTION_INITCOL}:{COL_NAME}={COL_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_INITCOL(yytext, *driver.loc.back()); } {ACTION_MATURITY}:'{FREE_TEXT_QUOTE}' { return p::make_ACTION_MATURITY(yytext, *driver.loc.back()); } {ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return p::make_ACTION_MATURITY(yytext, *driver.loc.back()); } @@ -226,7 +274,7 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ {ACTION_TAG}:'{FREE_TEXT_QUOTE}' { return p::make_ACTION_TAG(yytext, *driver.loc.back()); } {ACTION_VER}:'{FREE_TEXT_QUOTE}' { return p::make_ACTION_VER(yytext, *driver.loc.back()); } {ACTION_XMLNS}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return p::make_ACTION_XMLNS(yytext, *driver.loc.back()); } -{ACTION} { return p::make_ACTION(yytext, *driver.loc.back()); } +{ACTION_LOG_DATA}:'{FREE_TEXT_QUOTE}' { return p::make_ACTION_LOG_DATA(yytext, *driver.loc.back()); } {CONFIG_COMPONENT_SIG}[ \t]+["]{FREE_TEXT}["] { return p::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, *driver.loc.back()); } {CONFIG_DIR_AUDIT_DIR_MOD}[ ]{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_AUDIT_DIR_MOD(strchr(yytext, ' ') + 1, *driver.loc.back()); } {CONFIG_DIR_AUDIT_DIR}[ ]{CONFIG_VALUE_PATH} { return p::make_CONFIG_DIR_AUDIT_DIR(strchr(yytext, ' ') + 1, *driver.loc.back()); } @@ -282,7 +330,6 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ {CONGIG_DIR_SEC_TMP_DIR}[ ]{CONFIG_VALUE_PATH} { return p::make_CONGIG_DIR_SEC_TMP_DIR(strchr(yytext, ' ') + 1, *driver.loc.back()); } {DIRECTIVE_SECRULESCRIPT}[ ]{CONFIG_VALUE_PATH} { return p::make_DIRECTIVE_SECRULESCRIPT(yytext, *driver.loc.back()); } {DIRECTIVE} { return p::make_DIRECTIVE(yytext, *driver.loc.back()); } -{LOG_DATA}:'{FREE_TEXT_QUOTE}' { return p::make_LOG_DATA(yytext, *driver.loc.back()); } {TRANSFORMATION} { return p::make_TRANSFORMATION(yytext, *driver.loc.back()); } {CONFIG_SEC_REMOTE_RULES_FAIL_ACTION} { return p::make_CONFIG_SEC_REMOTE_RULES_FAIL_ACTION(yytext, *driver.loc.back()); } {CONFIG_SEC_COLLECTION_TIMEOUT}[ ]{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_SEC_COLLECTION_TIMEOUT(strchr(yytext, ' ') + 1, *driver.loc.back()); } diff --git a/src/transaction.cc b/src/transaction.cc index 62ba7625..4a5972f3 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -882,7 +882,8 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) { "request"); #endif intervention::free(&m_it); - m_it.log = strdup("Request body limit is marked to reject the request"); + m_it.log = strdup("Request body limit is marked to " \ + "reject the request"); m_it.status = 403; m_it.disruptive = true; }