diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index eb9f70ec..752794a9 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -215,6 +215,11 @@ class RulesProperties { std::string m_httpbl_key; std::ostringstream parserError; + bool uploadKeepFiles; + int uploadFileLimit; + int uploadFileMode; + std::string uploadDirectory; + audit_log::AuditLog *audit_log; OnFailedRemoteRulesAction remoteRulesActionOnFailed; diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index dd80bd34..980fdde5 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -210,6 +210,11 @@ using modsecurity::Variables::XML; %token CONFIG_DIR_AUDIT_STS %token CONFIG_DIR_AUDIT_TPE +%token CONFIG_UPDLOAD_KEEP_FILES +%token CONFIG_UPLOAD_FILE_LIMIT +%token CONFIG_UPLOAD_FILE_MODE +%token CONFIG_UPLOAD_DIR + %token CONFIG_COMPONENT_SIG %token CONFIG_DIR_DEBUG_LOG @@ -376,6 +381,28 @@ audit_log: { driver.audit_log->setType(modsecurity::audit_log::AuditLog::HttpsAuditLogType); } + + /* Upload */ + | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_ON + { + driver.uploadKeepFiles = true; + } + | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_OFF + { + driver.uploadKeepFiles = false; + } + | CONFIG_UPLOAD_FILE_LIMIT + { + driver.uploadFileLimit = strtol($1.c_str(), NULL, 10); + } + | CONFIG_UPLOAD_FILE_MODE + { + driver.uploadFileMode = strtol($1.c_str(), NULL, 8); + } + | CONFIG_UPLOAD_DIR + { + driver.uploadDirectory = $1; + } ; actings: diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 9e86ad6b..dc0b852d 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -95,6 +95,13 @@ CONFIG_DIR_AUDIT_LOG (?i:SecAuditLog) CONFIG_DIR_AUDIT_STS (?i:SecAuditLogRelevantStatus) CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType) + +CONFIG_UPLOAD_FILE_LIMIT (?i:SecUploadFileLimit) +CONFIG_UPLOAD_FILE_MODE (?i:SecUploadFileMode) +CONFIG_UPDLOAD_KEEP_FILES (?i:SecUploadKeepFiles) +CONFIG_UPLOAD_DIR (?i:SecUploadDir) + + CONFIG_SEC_COLLECTION_TIMEOUT (?i:SecCollectionTimeout) CONFIG_DIR_DEBUG_LOG (?i:SecDebugLog) @@ -118,7 +125,7 @@ OPERATOR_GEOIP (?i:@geoLookup) TRANSFORMATION t:(?i:(parityZero7bit|parityOdd7bit|parityEven7bit|sqlHexDecode|cmdLine|sha1|md5|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeCommentsChar|removeComments|replaceComments)) -VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|USERID|SESSIONID)) +VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|USERID|SESSIONID)) VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|REQUEST_COOKIES_NAMES)) VARIABLE_TX (?i:TX) @@ -141,7 +148,7 @@ RUN_TIME_VAR_TIME_WDAY (?i:TIME_WDAY) RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR) RUN_TIME_VAR_XML (?i:XML) -VARIABLENOCOLON (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE) +VARIABLENOCOLON (?i:REQBODY_ERROR|REQBODY_PROCESSOR_ERROR|MULTIPART_HEADER_FOLDING|MULTIPART_INVALID_HEADER_FOLDING|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE) CONFIG_VALUE_ON (?i:On) CONFIG_VALUE_OFF (?i:Off) @@ -219,6 +226,11 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) {ACTION_CTL_AUDIT_ENGINE}= { return yy::seclang_parser::make_ACTION_CTL_AUDIT_ENGINE(yytext, *driver.loc.back()); } {ACTION_CTL_FORCE_REQ_BODY_VAR}= { return yy::seclang_parser::make_ACTION_CTL_FORCE_REQ_BODY_VAR(yytext, *driver.loc.back()); } +%{ /* Upload */ %} +{CONFIG_UPLOAD_FILE_LIMIT}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); } +{CONFIG_UPLOAD_FILE_MODE}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_UPLOAD_FILE_MODE(strchr(yytext, ' ') + 1, *driver.loc.back()); } +{CONFIG_UPDLOAD_KEEP_FILES} { return yy::seclang_parser::make_CONFIG_UPDLOAD_KEEP_FILES(yytext, *driver.loc.back()); } +{CONFIG_UPLOAD_DIR}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_UPLOAD_DIR(strchr(yytext, ' ') + 1, *driver.loc.back()); } %{ /* Debug log entries */ %} {CONFIG_DIR_DEBUG_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LOG(strchr(yytext, ' ') + 1, *driver.loc.back()); }