From 9cda4c0be035e43e449c53f499d8cac069451e08 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 2 Jan 2017 14:33:59 -0300 Subject: [PATCH] cosmetics: Having the parser in a better shape regarding operators 1/2 --- src/operators/detect_sqli.h | 4 ++ src/operators/detect_xss.h | 4 ++ src/operators/geo_lookup.cc | 6 -- src/operators/geo_lookup.h | 5 +- src/operators/operator.h | 17 ++++- src/operators/rx.h | 4 ++ src/operators/unconditional_match.cc | 4 +- src/operators/unconditional_match.h | 4 +- src/operators/validate_url_encoding.h | 2 + src/operators/validate_utf8_encoding.h | 2 + src/parser/seclang-parser.yy | 96 +++++++++++++++++++++----- src/parser/seclang-scanner.ll | 13 +++- 12 files changed, 126 insertions(+), 35 deletions(-) diff --git a/src/operators/detect_sqli.h b/src/operators/detect_sqli.h index b4da8687..b7edbd66 100644 --- a/src/operators/detect_sqli.h +++ b/src/operators/detect_sqli.h @@ -31,6 +31,10 @@ class DetectSQLi : public Operator { : Operator(op, param, negation) { m_match_message.assign("detected SQLi using libinjection."); } + DetectSQLi() + : Operator("DetectSQLi") { + m_match_message.assign("detected SQLi using libinjection."); + } bool evaluate(Transaction *transaction, const std::string &input); }; diff --git a/src/operators/detect_xss.h b/src/operators/detect_xss.h index 76cb1386..9b65df24 100644 --- a/src/operators/detect_xss.h +++ b/src/operators/detect_xss.h @@ -30,6 +30,10 @@ class DetectXSS : public Operator { : Operator(op, param, negation) { m_match_message.assign("detected XSS using libinjection."); } + DetectXSS() + : Operator("DetectXSS") { + m_match_message.assign("detected XSS using libinjection."); + } bool evaluate(Transaction *transaction, const std::string &input); }; diff --git a/src/operators/geo_lookup.cc b/src/operators/geo_lookup.cc index e1f8f521..954c6c70 100644 --- a/src/operators/geo_lookup.cc +++ b/src/operators/geo_lookup.cc @@ -93,12 +93,6 @@ bool GeoLookup::evaluate(Transaction *trans, const std::string &exp) { return ret; } -GeoLookup::GeoLookup(std::string op, std::string param, -bool negation) - : Operator() { - this->m_op = op; - this->m_param = param; -} } // namespace operators } // namespace modsecurity diff --git a/src/operators/geo_lookup.h b/src/operators/geo_lookup.h index 45c1c8ff..fa1d70c7 100644 --- a/src/operators/geo_lookup.h +++ b/src/operators/geo_lookup.h @@ -27,7 +27,10 @@ namespace operators { class GeoLookup : public Operator { public: /** @ingroup ModSecurity_Operator */ - GeoLookup(std::string o, std::string p, bool i); + GeoLookup(std::string op, std::string param, bool negation) + : Operator(op, param, negation) { } + GeoLookup(std::string param) + : Operator("GeoLookup", param) { } bool evaluate(Transaction *transaction, const std::string &exp) override; }; diff --git a/src/operators/operator.h b/src/operators/operator.h index 857789e9..74945c6c 100644 --- a/src/operators/operator.h +++ b/src/operators/operator.h @@ -35,12 +35,25 @@ class Operator { m_negation(false), m_op(""), m_param("") { } - Operator(std::string op, std::string param, bool negation) + + Operator(std::string opName, std::string param, bool negation) : m_match_message(""), m_negation(negation), - m_op(op), + m_op(opName), m_param(param) { } + Operator(std::string opName, std::string param) + : m_match_message(""), + m_negation(false), + m_op(opName), + m_param(param) { } + + Operator(std::string opName) + : m_match_message(""), + m_negation(false), + m_op(opName), + m_param() { } + virtual ~Operator() { } static Operator *instantiate(std::string opName); diff --git a/src/operators/rx.h b/src/operators/rx.h index 6b197e7b..2da5fe67 100644 --- a/src/operators/rx.h +++ b/src/operators/rx.h @@ -38,6 +38,10 @@ class Rx : public Operator { : Operator(op, param, negation) { m_re = new Regex(param); } + Rx(std::string name, std::string param) + : Operator(name, param) { + m_re = new Regex(param); + } ~Rx() { delete m_re; diff --git a/src/operators/unconditional_match.cc b/src/operators/unconditional_match.cc index 0325df8e..b71e89d1 100644 --- a/src/operators/unconditional_match.cc +++ b/src/operators/unconditional_match.cc @@ -20,9 +20,7 @@ namespace operators { bool UnconditionalMatch::evaluate(Transaction *transaction, const std::string &input) { - bool contains = true; - - return contains; + return true; } } // namespace operators diff --git a/src/operators/unconditional_match.h b/src/operators/unconditional_match.h index 1e31cdc9..e9a4310f 100644 --- a/src/operators/unconditional_match.h +++ b/src/operators/unconditional_match.h @@ -22,7 +22,6 @@ #include "modsecurity/transaction.h" #include "src/operators/operator.h" -#ifdef __cplusplus namespace modsecurity { namespace operators { @@ -31,13 +30,14 @@ class UnconditionalMatch : public Operator { /** @ingroup ModSecurity_Operator */ UnconditionalMatch(std::string op, std::string param, bool negation) : Operator(op, param, negation) { } + UnconditionalMatch() + : Operator("UnconditionalMatch") { } bool evaluate(Transaction *transaction, const std::string &exp) override; }; } // namespace operators } // namespace modsecurity -#endif #endif // SRC_OPERATORS_UNCONDITIONAL_MATCH_H_ diff --git a/src/operators/validate_url_encoding.h b/src/operators/validate_url_encoding.h index d0f9d324..dbf37f7e 100644 --- a/src/operators/validate_url_encoding.h +++ b/src/operators/validate_url_encoding.h @@ -29,6 +29,8 @@ class ValidateUrlEncoding : public Operator { /** @ingroup ModSecurity_Operator */ ValidateUrlEncoding(std::string op, std::string param, bool negation) : Operator(op, param, negation) { } + ValidateUrlEncoding() + : Operator("ValidateUrlEncoding") { } bool evaluate(Transaction *transaction, const std::string &input) override; int validate_url_encoding(const char *input, uint64_t input_length); diff --git a/src/operators/validate_utf8_encoding.h b/src/operators/validate_utf8_encoding.h index ceeccca4..a5488baf 100644 --- a/src/operators/validate_utf8_encoding.h +++ b/src/operators/validate_utf8_encoding.h @@ -36,6 +36,8 @@ class ValidateUtf8Encoding : public Operator { /** @ingroup ModSecurity_Operator */ ValidateUtf8Encoding(std::string op, std::string param, bool negation) : Operator(op, param, negation) { } + ValidateUtf8Encoding() + : Operator("ValidateUtf8Encoding") { } bool evaluate(Transaction *transaction, const std::string &input) override; diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index c2af1a9c..495816a8 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -95,6 +95,45 @@ class Driver; #include "src/actions/transformations/remove_whitespace.h" #include "src/actions/transformations/css_decode.h" +#include "src/operators/begins_with.h" +#include "src/operators/contains.h" +#include "src/operators/contains_word.h" +#include "src/operators/detect_sqli.h" +#include "src/operators/detect_xss.h" +#include "src/operators/ends_with.h" +#include "src/operators/eq.h" +#include "src/operators/fuzzy_hash.h" +#include "src/operators/ge.h" +#include "src/operators/geo_lookup.h" +#include "src/operators/gsblookup.h" +#include "src/operators/gt.h" +#include "src/operators/inspect_file.h" +#include "src/operators/ip_match_f.h" +#include "src/operators/ip_match_from_file.h" +#include "src/operators/ip_match.h" +#include "src/operators/le.h" +#include "src/operators/lt.h" +#include "src/operators/no_match.h" +#include "src/operators/operator.h" +#include "src/operators/pm_f.h" +#include "src/operators/pm_from_file.h" +#include "src/operators/pm.h" +#include "src/operators/rbl.h" +#include "src/operators/rsub.h" +#include "src/operators/rx.h" +#include "src/operators/str_eq.h" +#include "src/operators/str_match.h" +#include "src/operators/unconditional_match.h" +#include "src/operators/validate_byte_range.h" +#include "src/operators/validate_dtd.h" +#include "src/operators/validate_hash.h" +#include "src/operators/validate_schema.h" +#include "src/operators/validate_url_encoding.h" +#include "src/operators/validate_utf8_encoding.h" +#include "src/operators/verify_cc.h" +#include "src/operators/verify_cpf.h" +#include "src/operators/verify_ssn.h" +#include "src/operators/within.h" #include "modsecurity/audit_log.h" @@ -364,6 +403,11 @@ using modsecurity::operators::Operator; %token FREE_TEXT %token OPERATOR +%token OPERATOR_UNCONDITIONAL_MATCH +%token OPERATOR_DETECT_SQLI +%token OPERATOR_DETECT_XSS +%token OPERATOR_VALIDATE_URL_ENCODING +%token OPERATOR_VALIDATE_UTF8_ENCODING %token OPERATOR_GEOIP %token QUOTATION_MARK %token RUN_TIME_VAR_BLD @@ -392,6 +436,7 @@ using modsecurity::operators::Operator; %type *> actions %type *> variables +%type op_before_init %type op %type var @@ -550,28 +595,47 @@ actions: } ; - op: - OPERATOR + op_before_init { - Operator *op = Operator::instantiate($1); + $$ = $1; std::string error; - if (op->init(driver.ref.back(), &error) == false) { + if ($$->init(driver.ref.back(), &error) == false) { driver.error(@0, error); YYERROR; } - $$ = op; + } + ; + +op_before_init: + OPERATOR + { + $$ = Operator::instantiate($1); + } + | OPERATOR_UNCONDITIONAL_MATCH + { + $$ = new operators::UnconditionalMatch(); + } + | OPERATOR_DETECT_SQLI + { + $$ = new operators::DetectSQLi(); + } + | OPERATOR_DETECT_XSS + { + $$ = new operators::DetectXSS(); + } + | OPERATOR_VALIDATE_URL_ENCODING + { + $$ = new operators::ValidateUrlEncoding(); + } + | OPERATOR_VALIDATE_UTF8_ENCODING + { + $$ = new operators::ValidateUtf8Encoding(); } | OPERATOR_GEOIP { #ifdef WITH_GEOIP - Operator *op = Operator::instantiate($1); - std::string error; - if (op->init(driver.ref.back(), &error) == false) { - driver.error(@0, error); - YYERROR; - } - $$ = op; + $$ = $$ = new operators::GeoLookup($1); #else std::stringstream ss; ss << "This version of ModSecurity was not compiled with GeoIP support."; @@ -584,13 +648,7 @@ op: std::string text = std::string($1); text.pop_back(); text.erase(0, 1); - Operator *op = Operator::instantiate("\"@rx " + text + "\""); - std::string error; - if (op->init(driver.ref.back(), &error) == false) { - driver.error(@0, error); - YYERROR; - } - $$ = op; + $$ = new operators::Rx("rx", text); } ; diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index cb7d8dc2..c6bb0131 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -183,7 +183,12 @@ FREE_TEXT_SPACE [^ \t]+ FREE_TEXT_SPACE_COMMA [^, \t]+ FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"\n\r]+ NEW_LINE_FREE_TEXT [^, \t\"\n\r]+ -OPERATORNOARG (?i:@unconditionalMatch|@detectSQLi|@detectXSS|@validateUrlEncoding|@validateUtf8Encoding) +OPERATOR_UNCONDITIONAL_MATCH (?i:@unconditionalMatch) +OPERATOR_DETECT_SQLI (?i:@detectSQLi) +OPERATOR_DETECT_XSS (?i:@detectXSS) +OPERATOR_VALIDATE_URL_ENCODING (?i:@validateUrlEncoding) +OPERATOR_VALIDATE_UTF8_ENCODING (?i:@validateUtf8Encoding) + OPERATOR (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@validateHash|@validateSchema|@verifyCC|@verifyCPF|@verifySSN|@gsbLookup|@rsub)|(?:\!{0,1})(?:@within|@containsWord|@contains|@endsWith|@eq|@ge|@gt|@ipMatchF|@ipMatch|@ipMatchFromFile|@le|@lt|@pmf|@pm|@pmFromFile|@rbl|@rx|@streq|@strmatch|@beginsWith)) OPERATOR_GEOIP (?i:@geoLookup) REMOVE_RULE_BY [0-9A-Za-z_\/\.\-\*\:\;\]\[]+ @@ -450,7 +455,11 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ { ["]{OPERATOR}[ ]{FREE_TEXT}["] { BEGIN(INITIAL); return p::make_OPERATOR(yytext, *driver.loc.back()); } -["]{OPERATORNOARG}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR(yytext, *driver.loc.back()); } +["]{OPERATOR_UNCONDITIONAL_MATCH}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR_UNCONDITIONAL_MATCH(yytext, *driver.loc.back()); } +["]{OPERATOR_DETECT_SQLI}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR_DETECT_SQLI(yytext, *driver.loc.back()); } +["]{OPERATOR_DETECT_XSS}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR_DETECT_XSS(yytext, *driver.loc.back()); } +["]{OPERATOR_VALIDATE_URL_ENCODING}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR_VALIDATE_URL_ENCODING(yytext, *driver.loc.back()); } +["]{OPERATOR_VALIDATE_UTF8_ENCODING}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR_VALIDATE_UTF8_ENCODING(yytext, *driver.loc.back()); } ["]{OPERATOR_GEOIP}[\t ]*["] { BEGIN(INITIAL); return p::make_OPERATOR_GEOIP(yytext, *driver.loc.back()); } {SOMETHING} { BEGIN(INITIAL); return p::make_FREE_TEXT(yytext, *driver.loc.back()); } }