github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds macro expansion for all operators

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-09-16 11:25:07 -03:00
parent 320bcde89e
commit 9d60dc6df8
15 changed files with 49 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/operators/begins_with.cc
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
@ -26,9 +27,11 @@ namespace operators {
bool BeginsWith::evaluate(Assay *assay, const std::string &str) { bool BeginsWith::evaluate(Assay *assay, const std::string &str) {
bool ret = false; bool ret = false;
if (str.size() < param.size()) { std::string p = MacroExpansion::expand(param, assay);
if (str.size() < p.size()) {
ret = false; ret = false;
} else if (!str.compare(0, param.size(), param)) { } else if (!str.compare(0, p.size(), p)) {
ret = true; ret = true;
} }

7
src/operators/contains.cc
View File

@ -17,14 +17,17 @@
#include <string> #include <string>
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool Contains::evaluate(Assay *assay, const std::string &input) { bool Contains::evaluate(Assay *assay, const std::string &input) {
bool contains = input.find(param) != std::string::npos; std::string p = MacroExpansion::expand(param, assay);
bool contains = input.find(p) != std::string::npos;
if (contains) { if (contains) {
matched.push_back(param); matched.push_back(p);
} }
if (negation) { if (negation) {

1
src/operators/detect_xss.cc
View File

@ -19,6 +19,7 @@
#include "operators/operator.h" #include "operators/operator.h"
#include "others/libinjection/src/libinjection.h" #include "others/libinjection/src/libinjection.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {

9
src/operators/ends_with.cc
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
@ -25,9 +26,11 @@ namespace operators {
bool EndsWith::evaluate(Assay *assay, const std::string &input) { bool EndsWith::evaluate(Assay *assay, const std::string &input) {
bool ret = false; bool ret = false;
if (input.length() >= param.length()) { std::string p = MacroExpansion::expand(param, assay);
ret = (0 == input.compare(input.length() - param.length(),
param.length(), param)); if (input.length() >= p.length()) {
ret = (0 == input.compare(input.length() - p.length(),
p.length(), p));
} }
if (negation) { if (negation) {

4
src/operators/eq.cc
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
@ -27,9 +28,10 @@ bool Eq::evaluate(Assay *assay, const std::string &input) {
int p = 0; int p = 0;
int i = 0; int i = 0;
bool eq = false; bool eq = false;
std::string pt = MacroExpansion::expand(param, assay);
try { try {
p = std::stoi(param); p = std::stoi(pt);
} catch (...) { } catch (...) {
p = 0; p = 0;
} }

1
src/operators/fuzzy_hash.cc
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {

5
src/operators/ge.cc
View File

@ -18,12 +18,15 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool Ge::evaluate(Assay *assay, const std::string &input) { bool Ge::evaluate(Assay *assay, const std::string &input) {
bool ge = atoll(input.c_str()) >= atoll(param.c_str()); std::string p = MacroExpansion::expand(param, assay);
bool ge = atoll(p.c_str()) >= atoll(p.c_str());
if (negation) { if (negation) {
return !ge; return !ge;

5
src/operators/gt.cc
View File

@ -18,12 +18,15 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool Gt::evaluate(Assay *assay, const std::string &input) { bool Gt::evaluate(Assay *assay, const std::string &input) {
bool gt = atoll(input.c_str()) > atoll(param.c_str()); std::string p = MacroExpansion::expand(param, assay);
bool gt = atoll(input.c_str()) > atoll(p.c_str());
if (negation) { if (negation) {
return !gt; return !gt;

5
src/operators/le.cc
View File

@ -18,12 +18,15 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool Le::evaluate(Assay *assay, const std::string &input) { bool Le::evaluate(Assay *assay, const std::string &input) {
bool le = atoll(input.c_str()) <= atoll(param.c_str()); std::string p = MacroExpansion::expand(param, assay);
bool le = atoll(input.c_str()) <= atoll(p.c_str());
if (negation) { if (negation) {
return !le; return !le;

5
src/operators/lt.cc
View File

@ -18,12 +18,15 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool Lt::evaluate(Assay *assay, const std::string &input) { bool Lt::evaluate(Assay *assay, const std::string &input) {
bool lt = atoll(input.c_str()) < atoll(param.c_str()); std::string p = MacroExpansion::expand(param, assay);
bool lt = atoll(input.c_str()) < atoll(p.c_str());
if (negation) { if (negation) {
return !lt; return !lt;

5
src/operators/rx.cc
View File

@ -19,6 +19,7 @@
#include <list> #include <list>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
@ -28,8 +29,8 @@ namespace operators {
bool Rx::evaluate(Assay *assay, const std::string& input) { bool Rx::evaluate(Assay *assay, const std::string& input) {
SMatch match; SMatch match;
std::string i = input; Regex re(MacroExpansion::expand(param, assay));
if (regex_search(i, &match, m_re) && match.size() >= 1) { if (regex_search(input, &match, re) && match.size() >= 1) {
this->matched.push_back(match.match); this->matched.push_back(match.match);
return true; return true;
} }

4
src/operators/rx.h
View File

@ -36,13 +36,13 @@ class Rx : public Operator {
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Rx(std::string op, std::string param, bool negation) Rx(std::string op, std::string param, bool negation)
: Operator(op, param, negation), : Operator(op, param, negation),
m_re(param) { } m_param(param) { }
bool evaluate(Assay *assay, const std::string &input); bool evaluate(Assay *assay, const std::string &input);
std::list<std::string> matched; std::list<std::string> matched;
private: private:
Regex m_re; std::string m_param;
}; };

4
src/operators/str_eq.cc
View File

@ -16,12 +16,14 @@
#include "operators/str_eq.h" #include "operators/str_eq.h"
#include <string> #include <string>
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool StrEq::evaluate(Assay *assay, const std::string &str) { bool StrEq::evaluate(Assay *assay, const std::string &str) {
bool eq = !this->param.compare(str); std::string p = MacroExpansion::expand(param, assay);
bool eq = !p.compare(str);
if (negation) { if (negation) {
return !eq; return !eq;

4
src/operators/str_match.cc
View File

@ -18,13 +18,15 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "src/macro_expansion.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool StrMatch::evaluate(Assay *assay, const std::string &input) { bool StrMatch::evaluate(Assay *assay, const std::string &input) {
bool ret = input.find(param) != std::string::npos; std::string p = MacroExpansion::expand(param, assay);
bool ret = input.find(p) != std::string::npos;
if (negation) { if (negation) {
return !ret; return !ret;

2
src/parser/seclang-parser.yy
View File

@ -357,7 +357,7 @@ expression:
| DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions SPACE QUOTATION_MARK | DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions SPACE QUOTATION_MARK
| DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions QUOTATION_MARK | DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions QUOTATION_MARK
{ {
Operator *op = Operator::instantiate("@rx " + $5); Operator *op = Operator::instantiate("\"@rx " + $5 + "\"");
const char *error = NULL; const char *error = NULL;
if (op->init(&error) == false) { if (op->init(&error) == false) {
driver.parserError << error; driver.parserError << error;