Adds macro expansion for all operators

2025-08-14 13:56:01 +03:00 · 2015-09-16 11:25:07 -03:00 · 2015-09-16 11:25:07 -03:00 · 9d60dc6df8
commit 9d60dc6df8
parent 320bcde89e
15 changed files with 49 additions and 19 deletions
--- a/src/operators/begins_with.cc
+++ b/src/operators/begins_with.cc
@ -18,6 +18,7 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {
@ -26,9 +27,11 @@ namespace operators {
 bool BeginsWith::evaluate(Assay *assay, const std::string &str) {
    bool ret = false;

-    if (str.size() < param.size()) {
+    std::string p = MacroExpansion::expand(param, assay);
+
+    if (str.size() < p.size()) {
        ret = false;
-    } else if (!str.compare(0, param.size(), param)) {
+    } else if (!str.compare(0, p.size(), p)) {
         ret = true;
    }

--- a/src/operators/contains.cc
+++ b/src/operators/contains.cc
@ -17,14 +17,17 @@

 #include <string>

+#include "src/macro_expansion.h"
+
 namespace ModSecurity {
 namespace operators {

 bool Contains::evaluate(Assay *assay, const std::string &input) {
-    bool contains = input.find(param) != std::string::npos;
+    std::string p = MacroExpansion::expand(param, assay);
+    bool contains = input.find(p) != std::string::npos;

    if (contains) {
-        matched.push_back(param);
+        matched.push_back(p);
    }

    if (negation) {
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@ -19,6 +19,7 @@

 #include "operators/operator.h"
 #include "others/libinjection/src/libinjection.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {
--- a/src/operators/ends_with.cc
+++ b/src/operators/ends_with.cc
@ -18,6 +18,7 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {
@ -25,9 +26,11 @@ namespace operators {

 bool EndsWith::evaluate(Assay *assay, const std::string &input) {
    bool ret = false;
-    if (input.length() >= param.length()) {
-        ret = (0 == input.compare(input.length() - param.length(),
-            param.length(), param));
+    std::string p = MacroExpansion::expand(param, assay);
+
+    if (input.length() >= p.length()) {
+        ret = (0 == input.compare(input.length() - p.length(),
+            p.length(), p));
    }

    if (negation) {
--- a/src/operators/eq.cc
+++ b/src/operators/eq.cc
@ -18,6 +18,7 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {
@ -27,9 +28,10 @@ bool Eq::evaluate(Assay *assay, const std::string &input) {
    int p = 0;
    int i = 0;
    bool eq = false;
+    std::string pt = MacroExpansion::expand(param, assay);

    try {
-        p = std::stoi(param);
+        p = std::stoi(pt);
    } catch (...) {
        p = 0;
    }
--- a/src/operators/fuzzy_hash.cc
+++ b/src/operators/fuzzy_hash.cc
@ -18,6 +18,7 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {
--- a/src/operators/ge.cc
+++ b/src/operators/ge.cc
@ -18,12 +18,15 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {

 bool Ge::evaluate(Assay *assay, const std::string &input) {
-    bool ge = atoll(input.c_str()) >= atoll(param.c_str());
+    std::string p = MacroExpansion::expand(param, assay);
+
+    bool ge = atoll(p.c_str()) >= atoll(p.c_str());

    if (negation) {
        return !ge;
--- a/src/operators/gt.cc
+++ b/src/operators/gt.cc
@ -18,12 +18,15 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {

 bool Gt::evaluate(Assay *assay, const std::string &input) {
-    bool gt = atoll(input.c_str()) > atoll(param.c_str());
+    std::string p = MacroExpansion::expand(param, assay);
+
+    bool gt = atoll(input.c_str()) > atoll(p.c_str());

    if (negation) {
        return !gt;
--- a/src/operators/le.cc
+++ b/src/operators/le.cc
@ -18,12 +18,15 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {

 bool Le::evaluate(Assay *assay, const std::string &input) {
-    bool le = atoll(input.c_str()) <= atoll(param.c_str());
+    std::string p = MacroExpansion::expand(param, assay);
+
+    bool le = atoll(input.c_str()) <= atoll(p.c_str());

    if (negation) {
        return !le;
--- a/src/operators/lt.cc
+++ b/src/operators/lt.cc
@ -18,12 +18,15 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {

 bool Lt::evaluate(Assay *assay, const std::string &input) {
-    bool lt = atoll(input.c_str()) < atoll(param.c_str());
+    std::string p = MacroExpansion::expand(param, assay);
+
+    bool lt = atoll(input.c_str()) < atoll(p.c_str());

    if (negation) {
        return !lt;
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@ -19,6 +19,7 @@
 #include <list>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {
@ -28,8 +29,8 @@ namespace operators {
 bool Rx::evaluate(Assay *assay, const std::string& input) {
    SMatch match;

-    std::string i = input;
-    if (regex_search(i, &match, m_re) && match.size() >= 1) {
+    Regex re(MacroExpansion::expand(param, assay));
+    if (regex_search(input, &match, re) && match.size() >= 1) {
        this->matched.push_back(match.match);
        return true;
    }
--- a/src/operators/rx.h
+++ b/src/operators/rx.h
@ -36,13 +36,13 @@ class Rx : public Operator {
    /** @ingroup ModSecurity_Operator */
    Rx(std::string op, std::string param, bool negation)
        : Operator(op, param, negation),
-        m_re(param) { }
+        m_param(param) { }

    bool evaluate(Assay *assay, const std::string &input);

    std::list<std::string> matched;
 private:
-    Regex m_re;
+    std::string m_param;
 };


--- a/src/operators/str_eq.cc
+++ b/src/operators/str_eq.cc
@ -16,12 +16,14 @@
 #include "operators/str_eq.h"

 #include <string>
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {

 bool StrEq::evaluate(Assay *assay, const std::string &str) {
-    bool eq = !this->param.compare(str);
+    std::string p = MacroExpansion::expand(param, assay);
+    bool eq = !p.compare(str);

    if (negation) {
        return !eq;
--- a/src/operators/str_match.cc
+++ b/src/operators/str_match.cc
@ -18,13 +18,15 @@
 #include <string>

 #include "operators/operator.h"
+#include "src/macro_expansion.h"

 namespace ModSecurity {
 namespace operators {


 bool StrMatch::evaluate(Assay *assay, const std::string &input) {
-    bool ret = input.find(param) != std::string::npos;
+    std::string p = MacroExpansion::expand(param, assay);
+    bool ret = input.find(p) != std::string::npos;

    if (negation) {
        return !ret;
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -357,7 +357,7 @@ expression:
    | DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions SPACE QUOTATION_MARK
    | DIRECTIVE SPACE variables SPACE FREE_TEXT SPACE QUOTATION_MARK actions QUOTATION_MARK
      {
-        Operator *op = Operator::instantiate("@rx " + $5);
+        Operator *op = Operator::instantiate("\"@rx " + $5 + "\"");
        const char *error = NULL;
        if (op->init(&error) == false) {
            driver.parserError << error;