diff --git a/src/operators/begins_with.cc b/src/operators/begins_with.cc index 41c52d7a..b53fce8a 100644 --- a/src/operators/begins_with.cc +++ b/src/operators/begins_with.cc @@ -18,6 +18,7 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { @@ -26,9 +27,11 @@ namespace operators { bool BeginsWith::evaluate(Assay *assay, const std::string &str) { bool ret = false; - if (str.size() < param.size()) { + std::string p = MacroExpansion::expand(param, assay); + + if (str.size() < p.size()) { ret = false; - } else if (!str.compare(0, param.size(), param)) { + } else if (!str.compare(0, p.size(), p)) { ret = true; } diff --git a/src/operators/contains.cc b/src/operators/contains.cc index 2aed433d..ea783b67 100644 --- a/src/operators/contains.cc +++ b/src/operators/contains.cc @@ -17,14 +17,17 @@ #include +#include "src/macro_expansion.h" + namespace ModSecurity { namespace operators { bool Contains::evaluate(Assay *assay, const std::string &input) { - bool contains = input.find(param) != std::string::npos; + std::string p = MacroExpansion::expand(param, assay); + bool contains = input.find(p) != std::string::npos; if (contains) { - matched.push_back(param); + matched.push_back(p); } if (negation) { diff --git a/src/operators/detect_xss.cc b/src/operators/detect_xss.cc index 14af2ea3..b8978044 100644 --- a/src/operators/detect_xss.cc +++ b/src/operators/detect_xss.cc @@ -19,6 +19,7 @@ #include "operators/operator.h" #include "others/libinjection/src/libinjection.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { diff --git a/src/operators/ends_with.cc b/src/operators/ends_with.cc index 212c9bd7..50f62d15 100644 --- a/src/operators/ends_with.cc +++ b/src/operators/ends_with.cc @@ -18,6 +18,7 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { @@ -25,9 +26,11 @@ namespace operators { bool EndsWith::evaluate(Assay *assay, const std::string &input) { bool ret = false; - if (input.length() >= param.length()) { - ret = (0 == input.compare(input.length() - param.length(), - param.length(), param)); + std::string p = MacroExpansion::expand(param, assay); + + if (input.length() >= p.length()) { + ret = (0 == input.compare(input.length() - p.length(), + p.length(), p)); } if (negation) { diff --git a/src/operators/eq.cc b/src/operators/eq.cc index 0d28ef8c..07c0f5fd 100644 --- a/src/operators/eq.cc +++ b/src/operators/eq.cc @@ -18,6 +18,7 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { @@ -27,9 +28,10 @@ bool Eq::evaluate(Assay *assay, const std::string &input) { int p = 0; int i = 0; bool eq = false; + std::string pt = MacroExpansion::expand(param, assay); try { - p = std::stoi(param); + p = std::stoi(pt); } catch (...) { p = 0; } diff --git a/src/operators/fuzzy_hash.cc b/src/operators/fuzzy_hash.cc index 8f9242c7..70fb536f 100644 --- a/src/operators/fuzzy_hash.cc +++ b/src/operators/fuzzy_hash.cc @@ -18,6 +18,7 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { diff --git a/src/operators/ge.cc b/src/operators/ge.cc index cc254759..5f41a4ac 100644 --- a/src/operators/ge.cc +++ b/src/operators/ge.cc @@ -18,12 +18,15 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { bool Ge::evaluate(Assay *assay, const std::string &input) { - bool ge = atoll(input.c_str()) >= atoll(param.c_str()); + std::string p = MacroExpansion::expand(param, assay); + + bool ge = atoll(p.c_str()) >= atoll(p.c_str()); if (negation) { return !ge; diff --git a/src/operators/gt.cc b/src/operators/gt.cc index e9eda697..eff4a03e 100644 --- a/src/operators/gt.cc +++ b/src/operators/gt.cc @@ -18,12 +18,15 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { bool Gt::evaluate(Assay *assay, const std::string &input) { - bool gt = atoll(input.c_str()) > atoll(param.c_str()); + std::string p = MacroExpansion::expand(param, assay); + + bool gt = atoll(input.c_str()) > atoll(p.c_str()); if (negation) { return !gt; diff --git a/src/operators/le.cc b/src/operators/le.cc index cfa33b6d..39379471 100644 --- a/src/operators/le.cc +++ b/src/operators/le.cc @@ -18,12 +18,15 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { bool Le::evaluate(Assay *assay, const std::string &input) { - bool le = atoll(input.c_str()) <= atoll(param.c_str()); + std::string p = MacroExpansion::expand(param, assay); + + bool le = atoll(input.c_str()) <= atoll(p.c_str()); if (negation) { return !le; diff --git a/src/operators/lt.cc b/src/operators/lt.cc index fb8de468..5eb86c80 100644 --- a/src/operators/lt.cc +++ b/src/operators/lt.cc @@ -18,12 +18,15 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { bool Lt::evaluate(Assay *assay, const std::string &input) { - bool lt = atoll(input.c_str()) < atoll(param.c_str()); + std::string p = MacroExpansion::expand(param, assay); + + bool lt = atoll(input.c_str()) < atoll(p.c_str()); if (negation) { return !lt; diff --git a/src/operators/rx.cc b/src/operators/rx.cc index 1f2b3a46..50f26dda 100644 --- a/src/operators/rx.cc +++ b/src/operators/rx.cc @@ -19,6 +19,7 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { @@ -28,8 +29,8 @@ namespace operators { bool Rx::evaluate(Assay *assay, const std::string& input) { SMatch match; - std::string i = input; - if (regex_search(i, &match, m_re) && match.size() >= 1) { + Regex re(MacroExpansion::expand(param, assay)); + if (regex_search(input, &match, re) && match.size() >= 1) { this->matched.push_back(match.match); return true; } diff --git a/src/operators/rx.h b/src/operators/rx.h index af04b10e..1f99bc67 100644 --- a/src/operators/rx.h +++ b/src/operators/rx.h @@ -36,13 +36,13 @@ class Rx : public Operator { /** @ingroup ModSecurity_Operator */ Rx(std::string op, std::string param, bool negation) : Operator(op, param, negation), - m_re(param) { } + m_param(param) { } bool evaluate(Assay *assay, const std::string &input); std::list matched; private: - Regex m_re; + std::string m_param; }; diff --git a/src/operators/str_eq.cc b/src/operators/str_eq.cc index 2b6494aa..84f93442 100644 --- a/src/operators/str_eq.cc +++ b/src/operators/str_eq.cc @@ -16,12 +16,14 @@ #include "operators/str_eq.h" #include +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { bool StrEq::evaluate(Assay *assay, const std::string &str) { - bool eq = !this->param.compare(str); + std::string p = MacroExpansion::expand(param, assay); + bool eq = !p.compare(str); if (negation) { return !eq; diff --git a/src/operators/str_match.cc b/src/operators/str_match.cc index 1d58e30f..ecbd0745 100644 --- a/src/operators/str_match.cc +++ b/src/operators/str_match.cc @@ -18,13 +18,15 @@ #include #include "operators/operator.h" +#include "src/macro_expansion.h" namespace ModSecurity { namespace operators { bool StrMatch::evaluate(Assay *assay, const std::string &input) { - bool ret = input.find(param) != std::string::npos; + std::string p = MacroExpansion::expand(param, assay); + bool ret = input.find(p) != std::string::npos; if (negation) { return !ret; diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index cf756c8a..cf781d33 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -357,7 +357,7 @@ expression: | DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions SPACE QUOTATION_MARK | DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions QUOTATION_MARK { - Operator *op = Operator::instantiate("@rx " + $5); + Operator *op = Operator::instantiate("\"@rx " + $5 + "\""); const char *error = NULL; if (op->init(&error) == false) { driver.parserError << error;