github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using run time string on the operators

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-01-22 18:05:02 -03:00
parent 6a97dbee7a
commit a299997e02
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
74 changed files with 6884 additions and 6111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
headers/modsecurity/rule.h
View File

@ -68,7 +68,6 @@ class Rule {
std::string value, std::shared_ptr<RuleMessage> rm); std::string value, std::shared_ptr<RuleMessage> rm);
void executeActionsIndependentOfChainedRuleResult(Transaction *trasn, void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
bool *b, std::shared_ptr<RuleMessage> ruleMessage); bool *b, std::shared_ptr<RuleMessage> ruleMessage);
std::string resolveMatchMessage(std::string key, std::string value);
void updateMatchedVars(Transaction *trasn, std::string key, void updateMatchedVars(Transaction *trasn, std::string key,
std::string value); std::string value);
void cleanMatchedVars(Transaction *trasn); void cleanMatchedVars(Transaction *trasn);

1
src/actions/disruptive/redirect.h
View File

@ -15,6 +15,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"

2
src/actions/init_col.h
View File

@ -14,6 +14,8 @@
*/ */
#include <string> #include <string>
#include <utility>
#include <memory>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"

1
src/actions/log_data.h
View File

@ -15,6 +15,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"

1
src/actions/msg.h
View File

@ -15,6 +15,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"

2
src/actions/set_rsc.h
View File

@ -14,6 +14,8 @@
*/ */
#include <string> #include <string>
#include <utility>
#include <memory>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"

2
src/actions/set_sid.h
View File

@ -14,6 +14,8 @@
*/ */
#include <string> #include <string>
#include <utility>
#include <memory>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"

2
src/actions/set_uid.h
View File

@ -14,6 +14,8 @@
*/ */
#include <string> #include <string>
#include <memory>
#include <utility>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"

5
src/actions/tag.h
View File

@ -15,6 +15,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"
@ -31,9 +32,6 @@ namespace actions {
class Tag : public Action { class Tag : public Action {
public: public:
explicit Tag(std::string action)
: Action(action, RunTimeOnlyIfMatchKind) { }
explicit Tag(std::unique_ptr<RunTimeString> z) explicit Tag(std::unique_ptr<RunTimeString> z)
: Action("tag", RunTimeOnlyIfMatchKind), : Action("tag", RunTimeOnlyIfMatchKind),
m_string(std::move(z)) { } m_string(std::move(z)) { }
@ -43,6 +41,7 @@ class Tag : public Action {
bool evaluate(Rule *rule, Transaction *transaction, bool evaluate(Rule *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override; std::shared_ptr<RuleMessage> rm) override;
protected:
std::unique_ptr<RunTimeString> m_string; std::unique_ptr<RunTimeString> m_string;
}; };

10
src/operators/begins_with.cc
View File

@ -26,18 +26,16 @@ namespace operators {
bool BeginsWith::evaluate(Transaction *transaction, Rule *rule, bool BeginsWith::evaluate(Transaction *transaction, Rule *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) { const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
bool ret = false; std::string p(m_string->evaluate(transaction));
std::string p = MacroExpansion::expand(m_param, transaction);
if (str.size() < p.size()) { if (str.size() < p.size()) {
ret = false; return false;
} else if (!str.compare(0, p.size(), p)) { } else if (!str.compare(0, p.size(), p)) {
logOffset(ruleMessage, 0, p.size()); logOffset(ruleMessage, 0, p.size());
ret = true; return true;
} }
return ret; return false;
} }

7
src/operators/begins_with.h
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -28,10 +29,8 @@ namespace operators {
class BeginsWith : public Operator { class BeginsWith : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
BeginsWith(std::string op, std::string param, bool negation) explicit BeginsWith(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("BeginsWith", std::move(param)) { }
explicit BeginsWith(std::string param)
: Operator("BeginsWith", param) { }
bool evaluate(Transaction *transaction, Rule *rule, const std::string &str, bool evaluate(Transaction *transaction, Rule *rule, const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override; std::shared_ptr<RuleMessage> ruleMessage) override;

2
src/operators/contains.cc
View File

@ -24,7 +24,7 @@ namespace operators {
bool Contains::evaluate(Transaction *transaction, Rule *rule, bool Contains::evaluate(Transaction *transaction, Rule *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) { const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
size_t offset = input.find(p); size_t offset = input.find(p);
bool contains = offset != std::string::npos; bool contains = offset != std::string::npos;

7
src/operators/contains.h
View File

@ -19,6 +19,7 @@
#include <string> #include <string>
#include <list> #include <list>
#include <memory> #include <memory>
#include <utility>
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"
@ -31,10 +32,8 @@ namespace operators {
class Contains : public Operator { class Contains : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Contains(std::string op, std::string param, bool negation) explicit Contains(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Contains", std::move(param)) { }
explicit Contains(std::string param)
: Operator("Contains", param) { }
bool evaluate(Transaction *transaction, Rule *rule, bool evaluate(Transaction *transaction, Rule *rule,
const std::string &str, const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override; std::shared_ptr<RuleMessage> ruleMessage) override;

2
src/operators/contains_word.cc
View File

@ -39,7 +39,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
bool ContainsWord::evaluate(Transaction *transaction, Rule *rule, bool ContainsWord::evaluate(Transaction *transaction, Rule *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) { const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
std::string paramTarget = MacroExpansion::expand(m_param, transaction); std::string paramTarget(m_string->evaluate(transaction));
if (paramTarget.empty()) { if (paramTarget.empty()) {
return true; return true;

8
src/operators/contains_word.h
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"
@ -28,10 +29,9 @@ namespace operators {
class ContainsWord : public Operator { class ContainsWord : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ContainsWord(std::string op, std::string param, bool negation) explicit ContainsWord(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("ContainsWord", std::move(param)) { }
explicit ContainsWord(std::string param)
: Operator("ContainsWord", param) { }
bool evaluate(Transaction *transaction, Rule *rule, bool evaluate(Transaction *transaction, Rule *rule,
const std::string &str, const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override; std::shared_ptr<RuleMessage> ruleMessage) override;

4
src/operators/detect_sqli.h
View File

@ -27,10 +27,6 @@ namespace operators {
class DetectSQLi : public Operator { class DetectSQLi : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
DetectSQLi(std::string op, std::string param, bool negation)
: Operator(op, param, negation) {
m_match_message.assign("detected SQLi using libinjection.");
}
DetectSQLi() DetectSQLi()
: Operator("DetectSQLi") { : Operator("DetectSQLi") {
m_match_message.assign("detected SQLi using libinjection."); m_match_message.assign("detected SQLi using libinjection.");

4
src/operators/detect_xss.h
View File

@ -26,10 +26,6 @@ namespace operators {
class DetectXSS : public Operator { class DetectXSS : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
DetectXSS(std::string op, std::string param, bool negation)
: Operator(op, param, negation) {
m_match_message.assign("detected XSS using libinjection.");
}
DetectXSS() DetectXSS()
: Operator("DetectXSS") { : Operator("DetectXSS") {
m_match_message.assign("detected XSS using libinjection."); m_match_message.assign("detected XSS using libinjection.");

2
src/operators/ends_with.cc
View File

@ -27,7 +27,7 @@ namespace operators {
bool EndsWith::evaluate(Transaction *transaction, Rule *rule, bool EndsWith::evaluate(Transaction *transaction, Rule *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) { const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
bool ret = false; bool ret = false;
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
if (input.length() >= p.length()) { if (input.length() >= p.length()) {
ret = (0 == input.compare(input.length() - p.length(), ret = (0 == input.compare(input.length() - p.length(),

9
src/operators/ends_with.h
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -28,10 +29,10 @@ namespace operators {
class EndsWith : public Operator { class EndsWith : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
EndsWith(std::string op, std::string param, bool negation) explicit EndsWith(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("EndsWith", std::move(param)) {
explicit EndsWith(std::string param) m_couldContainsMacro = true;
: Operator("EndsWith", param) { } }
bool evaluate(Transaction *transaction, Rule *rule, bool evaluate(Transaction *transaction, Rule *rule,
const std::string &str, const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override; std::shared_ptr<RuleMessage> ruleMessage) override;

7
src/operators/eq.cc
View File

@ -27,8 +27,7 @@ namespace operators {
bool Eq::evaluate(Transaction *transaction, const std::string &input) { bool Eq::evaluate(Transaction *transaction, const std::string &input) {
int p = 0; int p = 0;
int i = 0; int i = 0;
bool eq = false; std::string pt(m_string->evaluate(transaction));
std::string pt = MacroExpansion::expand(m_param, transaction);
try { try {
p = std::stoi(pt); p = std::stoi(pt);
@ -41,9 +40,7 @@ bool Eq::evaluate(Transaction *transaction, const std::string &input) {
i = 0; i = 0;
} }
eq = p == i; return p == i;
return eq;
} }

8
src/operators/eq.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_EQ_H_ #define SRC_OPERATORS_EQ_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,10 +29,8 @@ namespace operators {
class Eq : public Operator { class Eq : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Eq(std::string op, std::string param, bool negation) explicit Eq(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Eq", std::move(param)) { }
explicit Eq(std::string param)
: Operator("Eq", param) { }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
}; };

10
src/operators/fuzzy_hash.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_FUZZY_HASH_H_ #define SRC_OPERATORS_FUZZY_HASH_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#ifdef WITH_SSDEEP #ifdef WITH_SSDEEP
#include <fuzzy.h> #include <fuzzy.h>
@ -36,12 +38,8 @@ struct fuzzy_hash_chunk {
class FuzzyHash : public Operator { class FuzzyHash : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
FuzzyHash(std::string o, std::string p, bool n) explicit FuzzyHash(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n), : Operator("FuzzyHash", std::move(param)),
m_head(NULL),
m_threshold(0) { }
explicit FuzzyHash(std::string param)
: Operator("FuzzyHash", param),
m_head(NULL), m_head(NULL),
m_threshold(0) { } m_threshold(0) { }
~FuzzyHash(); ~FuzzyHash();

4
src/operators/ge.cc
View File

@ -24,8 +24,8 @@ namespace modsecurity {
namespace operators { namespace operators {
bool Ge::evaluate(Transaction *transaction, const std::string &input) { bool Ge::evaluate(Transaction *transaction, const std::string &input) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
std::string i = MacroExpansion::expand(input, transaction); std::string i = input;
bool ge = atoll(i.c_str()) >= atoll(p.c_str()); bool ge = atoll(i.c_str()) >= atoll(p.c_str());

11
src/operators/ge.h
View File

@ -17,20 +17,21 @@
#define SRC_OPERATORS_GE_H_ #define SRC_OPERATORS_GE_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
namespace modsecurity { namespace modsecurity {
namespace operators { namespace operators {
class Ge : public Operator { class Ge : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Ge(std::string op, std::string param, bool negation) explicit Ge(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Ge", std::move(param)) {
explicit Ge(std::string param) m_couldContainsMacro = true;
: Operator("Ge", param) { } }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
}; };

4
src/operators/geo_lookup.h
View File

@ -27,10 +27,6 @@ namespace operators {
class GeoLookup : public Operator { class GeoLookup : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
GeoLookup(std::string op, std::string param, bool negation)
: Operator(op, param, negation) { }
explicit GeoLookup(std::string param)
: Operator("GeoLookup", param) { }
GeoLookup() GeoLookup()
: Operator("GeoLookup") { } : Operator("GeoLookup") { }
bool evaluate(Transaction *transaction, const std::string &exp) override; bool evaluate(Transaction *transaction, const std::string &exp) override;

8
src/operators/gsblookup.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_GSBLOOKUP_H_ #define SRC_OPERATORS_GSBLOOKUP_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -26,10 +28,8 @@ namespace operators {
class GsbLookup : public Operator { class GsbLookup : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
GsbLookup(std::string o, std::string p, bool n) explicit GsbLookup(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n) { } : Operator("GsbLookup", std::move(param)) { }
explicit GsbLookup(std::string param)
: Operator("GsbLookup", param) { }
bool evaluate(Transaction *transaction, const std::string &str); bool evaluate(Transaction *transaction, const std::string &str);
}; };

2
src/operators/gt.cc
View File

@ -24,7 +24,7 @@ namespace modsecurity {
namespace operators { namespace operators {
bool Gt::evaluate(Transaction *transaction, const std::string &input) { bool Gt::evaluate(Transaction *transaction, const std::string &input) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
bool gt = atoll(input.c_str()) > atoll(p.c_str()); bool gt = atoll(input.c_str()) > atoll(p.c_str());

10
src/operators/gt.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_GT_H_ #define SRC_OPERATORS_GT_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,10 +29,10 @@ namespace operators {
class Gt : public Operator { class Gt : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Gt(std::string op, std::string param, bool negation) explicit Gt(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Gt", std::move(param)) {
explicit Gt(std::string param) m_couldContainsMacro = true;
: Operator("Gt", param) { } }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
}; };

10
src/operators/inspect_file.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_INSPECT_FILE_H_ #define SRC_OPERATORS_INSPECT_FILE_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/engine/lua.h" #include "src/engine/lua.h"
@ -28,12 +30,8 @@ namespace operators {
class InspectFile : public Operator { class InspectFile : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
InspectFile(std::string o, std::string p, bool n) explicit InspectFile(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n), : Operator("InspectFile", std::move(param)),
m_file(""),
m_isScript(false) { }
explicit InspectFile(std::string param)
: Operator("InspectFile", param),
m_file(""), m_file(""),
m_isScript(false) { } m_isScript(false) { }

13
src/operators/ip_match.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_IP_MATCH_H_ #define SRC_OPERATORS_IP_MATCH_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/ip_tree.h" #include "src/utils/ip_tree.h"
@ -27,12 +29,11 @@ namespace operators {
class IpMatch : public Operator { class IpMatch : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
IpMatch(std::string op, std::string param, bool negation) explicit IpMatch(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("IpMatch", std::move(param)) { }
IpMatch(std::string op, std::string param) IpMatch(std::string n, std::unique_ptr<RunTimeString> param)
: Operator(op, param) { } : Operator(n, std::move(param)) { }
explicit IpMatch(std::string param)
: Operator("IpMatch", param) { }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
bool init(const std::string &file, std::string *error) override; bool init(const std::string &file, std::string *error) override;

8
src/operators/ip_match_f.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_IP_MATCH_F_H_ #define SRC_OPERATORS_IP_MATCH_F_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/ip_match_from_file.h" #include "src/operators/ip_match_from_file.h"
@ -26,10 +28,8 @@ namespace operators {
class IpMatchF : public IpMatchFromFile { class IpMatchF : public IpMatchFromFile {
public: public:
IpMatchF(std::string op, std::string param, bool negation) explicit IpMatchF(std::unique_ptr<RunTimeString> param)
: IpMatchFromFile(op, param, negation) { } : IpMatchFromFile(std::move(param)) { }
explicit IpMatchF(std::string param)
: IpMatchFromFile("IpMatchFromF", param) { }
}; };
} // namespace operators } // namespace operators

13
src/operators/ip_match_from_file.h
View File

@ -16,6 +16,8 @@
#define SRC_OPERATORS_IP_MATCH_FROM_FILE_H_ #define SRC_OPERATORS_IP_MATCH_FROM_FILE_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/ip_match.h" #include "src/operators/ip_match.h"
@ -25,13 +27,10 @@ namespace operators {
class IpMatchFromFile : public IpMatch { class IpMatchFromFile : public IpMatch {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
IpMatchFromFile(std::string op, std::string param, bool negation) explicit IpMatchFromFile(std::unique_ptr<RunTimeString> param)
: IpMatch(op, param, negation) { } : IpMatch("IpMatchFromFile", std::move(param)) { }
IpMatchFromFile(std::string op, std::string param) IpMatchFromFile(std::string n, std::unique_ptr<RunTimeString> param)
: IpMatch(op, param) { } : IpMatch(n, std::move(param)) { }
explicit IpMatchFromFile(std::string param)
: IpMatch("IpMatchFromFile", param) { }
bool init(const std::string& file, std::string *error) override; bool init(const std::string& file, std::string *error) override;
}; };

2
src/operators/le.cc
View File

@ -24,7 +24,7 @@ namespace modsecurity {
namespace operators { namespace operators {
bool Le::evaluate(Transaction *transaction, const std::string &input) { bool Le::evaluate(Transaction *transaction, const std::string &input) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
bool le = atoll(input.c_str()) <= atoll(p.c_str()); bool le = atoll(input.c_str()) <= atoll(p.c_str());

10
src/operators/le.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_LE_H_ #define SRC_OPERATORS_LE_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,10 +29,10 @@ namespace operators {
class Le : public Operator { class Le : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Le(std::string op, std::string param, bool negation) explicit Le(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Le", std::move(param)) {
explicit Le(std::string param) m_couldContainsMacro = true;
: Operator("Le", param) { } }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
}; };

2
src/operators/lt.cc
View File

@ -24,7 +24,7 @@ namespace modsecurity {
namespace operators { namespace operators {
bool Lt::evaluate(Transaction *transaction, const std::string &input) { bool Lt::evaluate(Transaction *transaction, const std::string &input) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
bool lt = atoll(input.c_str()) < atoll(p.c_str()); bool lt = atoll(input.c_str()) < atoll(p.c_str());

10
src/operators/lt.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_LT_H_ #define SRC_OPERATORS_LT_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,10 +29,10 @@ namespace operators {
class Lt : public Operator { class Lt : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Lt(std::string op, std::string param, bool negation) explicit Lt(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Lt", std::move(param)) {
explicit Lt(std::string param) m_couldContainsMacro = true;
: Operator("Lt", param) { } }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
}; };

2
src/operators/no_match.h
View File

@ -29,8 +29,6 @@ namespace operators {
class NoMatch : public Operator { class NoMatch : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
NoMatch(std::string op, std::string param, bool negation)
: Operator(op, param, negation) { }
NoMatch() NoMatch()
: Operator("NoMatch") { } : Operator("NoMatch") { }

101
src/operators/operator.cc
View File

@ -20,7 +20,7 @@
#include <string> #include <string>
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/run_time_string.h"
#include "src/utils/string.h" #include "src/utils/string.h"
#include "src/operators/begins_with.h" #include "src/operators/begins_with.h"
#include "src/operators/contains.h" #include "src/operators/contains.h"
@ -109,6 +109,34 @@ bool Operator::evaluateInternal(Transaction *transaction,
} }
std::string Operator::resolveMatchMessage(Transaction *t,
std::string key, std::string value) {
std::string ret = m_match_message;
if (ret.empty() == true) {
if (m_couldContainsMacro == false) {
ret = "Matched \"Operator `" + m_op + "' with parameter `" +
utils::string::limitTo(200, m_param) +
"' against variable `" + key + "' (Value: `" +
utils::string::limitTo(100,
utils::string::toHexIfNeeded(value)) + \
"' )";
} else {
std::string p(m_string->evaluate(t));
ret = "Matched \"Operator `" + m_op + "' with parameter `" +
utils::string::limitTo(200, p) +
"' against variable `" + key + "' (Value: `" +
utils::string::limitTo(100,
utils::string::toHexIfNeeded(value)) +
"' )";
}
}
return ret;
}
bool Operator::evaluate(Transaction *transaction, const std::string& a) { bool Operator::evaluate(Transaction *transaction, const std::string& a) {
#ifndef NO_LOGS #ifndef NO_LOGS
if (transaction) { if (transaction) {
@ -120,61 +148,62 @@ bool Operator::evaluate(Transaction *transaction, const std::string& a) {
return true; return true;
} }
Operator *Operator::instantiate(std::string op, std::string param) { Operator *Operator::instantiate(std::string op, std::string param_str) {
std::string op_ = utils::string::tolower(op); std::string op_ = utils::string::tolower(op);
std::unique_ptr<RunTimeString> param(new RunTimeString());
param->appendText(param_str);
IF_MATCH(beginswith) { return new BeginsWith(param); } IF_MATCH(beginswith) { return new BeginsWith(std::move(param)); }
IF_MATCH(contains) { return new Contains(param); } IF_MATCH(contains) { return new Contains(std::move(param)); }
IF_MATCH(containsword) { return new ContainsWord(param); } IF_MATCH(containsword) { return new ContainsWord(std::move(param)); }
IF_MATCH(detectsqli) { return new DetectSQLi(); } IF_MATCH(detectsqli) { return new DetectSQLi(); }
IF_MATCH(detectxss) { return new DetectXSS(); } IF_MATCH(detectxss) { return new DetectXSS(); }
IF_MATCH(endswith) { return new EndsWith(param); } IF_MATCH(endswith) { return new EndsWith(std::move(param)); }
IF_MATCH(eq) { return new Eq(param); } IF_MATCH(eq) { return new Eq(std::move(param)); }
IF_MATCH(fuzzyhash) { return new FuzzyHash(param); } IF_MATCH(fuzzyhash) { return new FuzzyHash(std::move(param)); }
IF_MATCH(geolookup) { return new GeoLookup(param); } IF_MATCH(geolookup) { return new GeoLookup(); }
IF_MATCH(ge) { return new Ge(param); } IF_MATCH(ge) { return new Ge(std::move(param)); }
IF_MATCH(gsblookup) { return new GsbLookup(param); } IF_MATCH(gsblookup) { return new GsbLookup(std::move(param)); }
IF_MATCH(gt) { return new Gt(param); } IF_MATCH(gt) { return new Gt(std::move(param)); }
IF_MATCH(inspectfile) { return new InspectFile(param); } IF_MATCH(inspectfile) { return new InspectFile(std::move(param)); }
IF_MATCH(ipmatchf) { return new IpMatchF(param); } IF_MATCH(ipmatchf) { return new IpMatchF(std::move(param)); }
IF_MATCH(ipmatchfromfile) { IF_MATCH(ipmatchfromfile) {
return new IpMatchFromFile(param); return new IpMatchFromFile(std::move(param));
} }
IF_MATCH(ipmatch) { return new IpMatch(param); } IF_MATCH(ipmatch) { return new IpMatch(std::move(param)); }
IF_MATCH(le) { return new Le(param); } IF_MATCH(le) { return new Le(std::move(param)); }
IF_MATCH(lt) { return new Lt(param); } IF_MATCH(lt) { return new Lt(std::move(param)); }
IF_MATCH(nomatch) { return new NoMatch(); } IF_MATCH(nomatch) { return new NoMatch(); }
IF_MATCH(pmfromfile) { return new PmFromFile(param); } IF_MATCH(pmfromfile) { return new PmFromFile(std::move(param)); }
IF_MATCH(pmf) { return new PmF(param); } IF_MATCH(pmf) { return new PmF(std::move(param)); }
IF_MATCH(pm) { return new Pm(param); } IF_MATCH(pm) { return new Pm(std::move(param)); }
IF_MATCH(rbl) { return new Rbl(param); } IF_MATCH(rbl) { return new Rbl(std::move(param)); }
IF_MATCH(rsub) { return new Rsub(param); } IF_MATCH(rsub) { return new Rsub(std::move(param)); }
IF_MATCH(rx) { return new Rx(param); } IF_MATCH(rx) { return new Rx(std::move(param)); }
IF_MATCH(streq) { return new StrEq(param); } IF_MATCH(streq) { return new StrEq(std::move(param)); }
IF_MATCH(strmatch) { return new StrMatch(param); } IF_MATCH(strmatch) { return new StrMatch(std::move(param)); }
IF_MATCH(validatebyterange) { IF_MATCH(validatebyterange) {
return new ValidateByteRange(param); return new ValidateByteRange(std::move(param));
} }
IF_MATCH(validatedtd) { return new ValidateDTD(param); } IF_MATCH(validatedtd) { return new ValidateDTD(std::move(param)); }
IF_MATCH(validatehash) { return new ValidateHash(param); } IF_MATCH(validatehash) { return new ValidateHash(std::move(param)); }
IF_MATCH(validateschema) { return new ValidateSchema(param); } IF_MATCH(validateschema) { return new ValidateSchema(std::move(param)); }
IF_MATCH(validateurlencoding) { IF_MATCH(validateurlencoding) {
return new ValidateUrlEncoding(); return new ValidateUrlEncoding();
} }
IF_MATCH(validateutf8encoding) { IF_MATCH(validateutf8encoding) {
return new ValidateUtf8Encoding(); return new ValidateUtf8Encoding();
} }
IF_MATCH(verifycc) { return new VerifyCC(param); } IF_MATCH(verifycc) { return new VerifyCC(std::move(param)); }
IF_MATCH(verifycpf) { return new VerifyCPF(param); } IF_MATCH(verifycpf) { return new VerifyCPF(std::move(param)); }
IF_MATCH(verifyssn) { return new VerifySSN(param); } IF_MATCH(verifyssn) { return new VerifySSN(std::move(param)); }
IF_MATCH(within) { return new Within(param); } IF_MATCH(within) { return new Within(std::move(param)); }
IF_MATCH(unconditionalmatch) { IF_MATCH(unconditionalmatch) {
return new UnconditionalMatch(); return new UnconditionalMatch();
} }
std::invalid_argument("Operator not found.");
return new Operator(param);
} }
} // namespace operators } // namespace operators

60
src/operators/operator.h
View File

@ -15,6 +15,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#ifndef SRC_OPERATORS_OPERATOR_H__ #ifndef SRC_OPERATORS_OPERATOR_H__
#define SRC_OPERATORS_OPERATOR_H__ #define SRC_OPERATORS_OPERATOR_H__
@ -22,6 +23,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"
#include "src/run_time_string.h"
namespace modsecurity { namespace modsecurity {
namespace operators { namespace operators {
@ -33,25 +35,70 @@ class Operator {
: m_match_message(""), : m_match_message(""),
m_negation(false), m_negation(false),
m_op(""), m_op(""),
m_param("") { } m_param(""),
m_couldContainsMacro(false) {
if (m_couldContainsMacro == false && m_string) {
m_param = m_string->evaluate();
}
}
Operator(std::string opName, std::string param, bool negation) Operator(std::string opName, std::string param, bool negation)
: m_match_message(""), : m_match_message(""),
m_negation(negation), m_negation(negation),
m_op(opName), m_op(opName),
m_param(param) { } m_param(param),
m_couldContainsMacro(false) {
if (m_couldContainsMacro == false && m_string) {
m_param = m_string->evaluate();
}
}
Operator(std::string opName, std::unique_ptr<RunTimeString> param,
bool negation)
: m_match_message(""),
m_negation(negation),
m_op(opName),
m_param(""),
m_string(std::move(param)),
m_couldContainsMacro(false) {
if (m_couldContainsMacro == false && m_string) {
m_param = m_string->evaluate();
}
}
Operator(std::string opName, std::string param) Operator(std::string opName, std::string param)
: m_match_message(""), : m_match_message(""),
m_negation(false), m_negation(false),
m_op(opName), m_op(opName),
m_param(param) { } m_param(param),
m_couldContainsMacro(false) {
if (m_couldContainsMacro == false && m_string) {
m_param = m_string->evaluate();
}
}
Operator(std::string opName, std::unique_ptr<RunTimeString> param)
: m_match_message(""),
m_negation(false),
m_op(opName),
m_param(""),
m_string(std::move(param)),
m_couldContainsMacro(false) {
if (m_couldContainsMacro == false && m_string) {
m_param = m_string->evaluate();
}
}
explicit Operator(std::string opName) explicit Operator(std::string opName)
: m_match_message(""), : m_match_message(""),
m_negation(false), m_negation(false),
m_op(opName), m_op(opName),
m_param() { } m_param(),
m_couldContainsMacro(false) {
if (m_couldContainsMacro == false && m_string) {
m_param = m_string->evaluate();
}
}
virtual ~Operator() { } virtual ~Operator() { }
static Operator *instantiate(std::string opName, std::string param); static Operator *instantiate(std::string opName, std::string param);
@ -60,6 +107,9 @@ class Operator {
return true; return true;
} }
virtual std::string resolveMatchMessage(Transaction *t,
std::string key, std::string value);
bool evaluateInternal(Transaction *t, const std::string& a); bool evaluateInternal(Transaction *t, const std::string& a);
bool evaluateInternal(Transaction *t, Rule *rule, bool evaluateInternal(Transaction *t, Rule *rule,
const std::string& a); const std::string& a);
@ -90,6 +140,8 @@ class Operator {
bool m_negation; bool m_negation;
std::string m_op; std::string m_op;
std::string m_param; std::string m_param;
std::unique_ptr<RunTimeString> m_string;
bool m_couldContainsMacro;
protected: protected:
bool debug(Transaction *transaction, int x, std::string a); bool debug(Transaction *transaction, int x, std::string a);

13
src/operators/pm.h
View File

@ -19,6 +19,7 @@
#include <string> #include <string>
#include <list> #include <list>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/acmp.h" #include "src/utils/acmp.h"
@ -31,16 +32,12 @@ namespace operators {
class Pm : public Operator { class Pm : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Pm(std::string op, std::string param, bool negation) explicit Pm(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { : Operator("Pm", std::move(param)) {
m_p = acmp_create(0); m_p = acmp_create(0);
} }
Pm(std::string op, std::string param) explicit Pm(std::string n, std::unique_ptr<RunTimeString> param)
: Operator(op, param) { : Operator(n, std::move(param)) {
m_p = acmp_create(0);
}
explicit Pm(std::string param)
: Operator("Pm", param) {
m_p = acmp_create(0); m_p = acmp_create(0);
} }
~Pm(); ~Pm();

8
src/operators/pm_f.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_PM_F_H_ #define SRC_OPERATORS_PM_F_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/pm_from_file.h" #include "src/operators/pm_from_file.h"
@ -28,10 +30,8 @@ namespace operators {
class PmF : public PmFromFile { class PmF : public PmFromFile {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
PmF(std::string op, std::string param, bool negation) explicit PmF(std::unique_ptr<RunTimeString> param)
: PmFromFile(op, param, negation) { } : PmFromFile("PmFromF", std::move(param)) { }
explicit PmF(std::string param)
: PmFromFile("PmFromF", param) { }
}; };

13
src/operators/pm_from_file.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_PM_FROM_FILE_H_ #define SRC_OPERATORS_PM_FROM_FILE_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/pm.h" #include "src/operators/pm.h"
@ -28,12 +30,11 @@ namespace operators {
class PmFromFile : public Pm { class PmFromFile : public Pm {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
PmFromFile(std::string op, std::string param, bool negation) explicit PmFromFile(std::unique_ptr<RunTimeString> param)
: Pm(op, param, negation) { } : Pm("PmFromFile", std::move(param)) { }
PmFromFile(std::string op, std::string param) explicit PmFromFile(std::string n, std::unique_ptr<RunTimeString> param)
: Pm(op, param) { } : Pm(n, std::move(param)) { }
explicit PmFromFile(std::string param)
: Pm("PmFromFile", param) { }
bool init(const std::string &file, std::string *error) override; bool init(const std::string &file, std::string *error) override;
}; };

22
src/operators/rbl.h
View File

@ -23,6 +23,8 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -59,24 +61,10 @@ class Rbl : public Operator {
}; };
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Rbl(std::string op, std::string param, bool negation) explicit Rbl(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation), : Operator("Rbl", std::move(param)),
m_service(param),
m_demandsPassword(false) {
m_provider = RblProvider::UnknownProvider;
if (m_service.find("httpbl.org") != std::string::npos) {
m_demandsPassword = true;
m_provider = RblProvider::httpbl;
} else if (m_service.find("uribl.com") != std::string::npos) {
m_provider = RblProvider::httpbl;
} else if (m_service.find("spamhaus.org") != std::string::npos) {
m_provider = RblProvider::httpbl;
}
}
explicit Rbl(std::string param)
: Operator("Rbl", param),
m_service(param),
m_demandsPassword(false) { m_demandsPassword(false) {
m_service = m_string->evaluate();
m_provider = RblProvider::UnknownProvider; m_provider = RblProvider::UnknownProvider;
if (m_service.find("httpbl.org") != std::string::npos) { if (m_service.find("httpbl.org") != std::string::npos) {
m_demandsPassword = true; m_demandsPassword = true;

8
src/operators/rsub.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_RSUB_H_ #define SRC_OPERATORS_RSUB_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -28,10 +30,8 @@ namespace operators {
class Rsub : public Operator { class Rsub : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Rsub(std::string o, std::string p, bool n) explicit Rsub(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n) { } : Operator("Rsub", std::move(param)) { }
explicit Rsub(std::string param)
: Operator("Rsub", param) { }
bool evaluate(Transaction *transaction, const std::string &str) override; bool evaluate(Transaction *transaction, const std::string &str) override;
}; };

11
src/operators/rx.cc
View File

@ -29,8 +29,7 @@ namespace operators {
bool Rx::init(const std::string &arg, std::string *error) { bool Rx::init(const std::string &arg, std::string *error) {
m_containsMacro = MacroExpansion::containsMacro(m_param); if (m_string->m_containsMacro == false) {
if (m_containsMacro == false) {
m_re = new Regex(m_param); m_re = new Regex(m_param);
} }
@ -44,12 +43,12 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
std::list<SMatch> matches; std::list<SMatch> matches;
Regex *re; Regex *re;
if (m_param.empty()) { if (m_param.empty() && !m_string->m_containsMacro) {
return true; return true;
} }
if (m_containsMacro) { if (m_string->m_containsMacro) {
std::string eparam = MacroExpansion::expand(m_param, transaction); std::string eparam(m_string->evaluate(transaction));
re = new Regex(eparam); re = new Regex(eparam);
} else { } else {
re = m_re; re = m_re;
@ -75,7 +74,7 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
logOffset(ruleMessage, i.m_offset, i.m_length); logOffset(ruleMessage, i.m_offset, i.m_length);
} }
if (m_containsMacro) { if (m_string->m_containsMacro) {
delete re; delete re;
} }

19
src/operators/rx.h
View File

@ -19,6 +19,7 @@
#include <string> #include <string>
#include <list> #include <list>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/regex.h" #include "src/utils/regex.h"
@ -35,21 +36,13 @@ namespace operators {
class Rx : public Operator { class Rx : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Rx(std::string op, std::string param, bool negation) explicit Rx(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation), : Operator("Rx", std::move(param)) {
m_containsMacro(false) { m_couldContainsMacro = true;
} }
Rx(std::string name, std::string param)
: Operator(name, param),
m_containsMacro(false) {
}
explicit Rx(std::string param)
: Operator("Rx", param),
m_containsMacro(false) {
}
~Rx() { ~Rx() {
if (m_containsMacro == false && m_re != NULL) { if (m_string->m_containsMacro == false && m_re != NULL) {
delete m_re; delete m_re;
m_re = NULL; m_re = NULL;
} }
@ -68,8 +61,8 @@ class Rx : public Operator {
std::shared_ptr<RuleMessage> ruleMessage) override; std::shared_ptr<RuleMessage> ruleMessage) override;
bool init(const std::string &arg, std::string *error); bool init(const std::string &arg, std::string *error);
private: private:
bool m_containsMacro;
Regex *m_re; Regex *m_re;
}; };

6
src/operators/str_eq.cc
View File

@ -22,10 +22,8 @@ namespace modsecurity {
namespace operators { namespace operators {
bool StrEq::evaluate(Transaction *transaction, const std::string &str) { bool StrEq::evaluate(Transaction *transaction, const std::string &str) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string pt(m_string->evaluate(transaction));
bool eq = !p.compare(str); return !pt.compare(str);
return eq;
} }

8
src/operators/str_eq.h
View File

@ -14,6 +14,8 @@
*/ */
#include <string> #include <string>
#include <memory>
#include <utility>
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -29,10 +31,8 @@ namespace operators {
class StrEq : public Operator { class StrEq : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
StrEq(std::string op, std::string param, bool negation) explicit StrEq(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("StrEq", std::move(param)) { }
explicit StrEq(std::string param)
: Operator("StrEq", param) { }
bool evaluate(Transaction *transaction, const std::string &str) override; bool evaluate(Transaction *transaction, const std::string &str) override;
}; };

2
src/operators/str_match.cc
View File

@ -25,7 +25,7 @@ namespace operators {
bool StrMatch::evaluate(Transaction *transaction, const std::string &input) { bool StrMatch::evaluate(Transaction *transaction, const std::string &input) {
std::string p = MacroExpansion::expand(m_param, transaction); std::string p(m_string->evaluate(transaction));
bool ret = input.find(p) != std::string::npos; bool ret = input.find(p) != std::string::npos;
return ret; return ret;

10
src/operators/str_match.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_STR_MATCH_H_ #define SRC_OPERATORS_STR_MATCH_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,10 +29,10 @@ namespace operators {
class StrMatch : public Operator { class StrMatch : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
StrMatch(std::string op, std::string param, bool negation) explicit StrMatch(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("StrMatch", std::move(param)) {
explicit StrMatch(std::string param) m_couldContainsMacro = true;
: Operator("StrMatch", param) { } }
bool evaluate(Transaction *transaction, const std::string &input) override; bool evaluate(Transaction *transaction, const std::string &input) override;
}; };

2
src/operators/unconditional_match.h
View File

@ -28,8 +28,6 @@ namespace operators {
class UnconditionalMatch : public Operator { class UnconditionalMatch : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
UnconditionalMatch(std::string op, std::string param, bool negation)
: Operator(op, param, negation) { }
UnconditionalMatch() UnconditionalMatch()
: Operator("UnconditionalMatch") { } : Operator("UnconditionalMatch") { }

9
src/operators/validate_byte_range.h
View File

@ -20,6 +20,7 @@
#include <vector> #include <vector>
#include <cstring> #include <cstring>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -30,12 +31,8 @@ namespace operators {
class ValidateByteRange : public Operator { class ValidateByteRange : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ValidateByteRange(std::string op, std::string param, bool negation) explicit ValidateByteRange(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { : Operator("ValidadeByteRange", std::move(param)) {
std::memset(table, '\0', sizeof(char) * 32);
}
explicit ValidateByteRange(std::string param)
: Operator("ValidadeByteRange", param) {
std::memset(table, '\0', sizeof(char) * 32); std::memset(table, '\0', sizeof(char) * 32);
} }
~ValidateByteRange() override { } ~ValidateByteRange() override { }

9
src/operators/validate_dtd.h
View File

@ -23,6 +23,8 @@
#include <libxml/xpath.h> #include <libxml/xpath.h>
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -33,11 +35,8 @@ namespace operators {
class ValidateDTD : public Operator { class ValidateDTD : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ValidateDTD(std::string o, std::string p, bool i) explicit ValidateDTD(std::unique_ptr<RunTimeString> param)
: Operator(o, p, i), : Operator("ValidateDTD", std::move(param)) { }
m_dtd(NULL) { }
explicit ValidateDTD(std::string param)
: Operator("ValidateDTD", param) { }
~ValidateDTD() { ~ValidateDTD() {
if (m_dtd != NULL) { if (m_dtd != NULL) {
xmlFreeDtd(m_dtd); xmlFreeDtd(m_dtd);

8
src/operators/validate_hash.h
View File

@ -17,6 +17,8 @@
#define SRC_OPERATORS_VALIDATE_HASH_H_ #define SRC_OPERATORS_VALIDATE_HASH_H_
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,10 +29,8 @@ namespace operators {
class ValidateHash : public Operator { class ValidateHash : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ValidateHash(std::string o, std::string p, bool n) explicit ValidateHash(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n) { } : Operator("ValidateHash", std::move(param)) { }
explicit ValidateHash(std::string param)
: Operator("ValidateHash", param) { }
bool evaluate(Transaction *transaction, const std::string &str) override; bool evaluate(Transaction *transaction, const std::string &str) override;
}; };

11
src/operators/validate_schema.h
View File

@ -23,6 +23,8 @@
#include <libxml/xpath.h> #include <libxml/xpath.h>
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -33,13 +35,8 @@ namespace operators {
class ValidateSchema : public Operator { class ValidateSchema : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ValidateSchema(std::string o, std::string p, bool i) explicit ValidateSchema(std::unique_ptr<RunTimeString> param)
: Operator(o, p, i), : Operator("ValidateSchema", std::move(param)),
m_parserCtx(NULL),
m_validCtx(NULL),
m_schema(NULL) { }
explicit ValidateSchema(std::string param)
: Operator("ValidateSchema", param),
m_parserCtx(NULL), m_parserCtx(NULL),
m_validCtx(NULL), m_validCtx(NULL),
m_schema(NULL) { } m_schema(NULL) { }

2
src/operators/validate_url_encoding.h
View File

@ -28,8 +28,6 @@ namespace operators {
class ValidateUrlEncoding : public Operator { class ValidateUrlEncoding : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ValidateUrlEncoding(std::string op, std::string param, bool negation)
: Operator(op, param, negation) { }
ValidateUrlEncoding() ValidateUrlEncoding()
: Operator("ValidateUrlEncoding") { } : Operator("ValidateUrlEncoding") { }

2
src/operators/validate_utf8_encoding.h
View File

@ -35,8 +35,6 @@ namespace operators {
class ValidateUtf8Encoding : public Operator { class ValidateUtf8Encoding : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
ValidateUtf8Encoding(std::string op, std::string param, bool negation)
: Operator(op, param, negation) { }
ValidateUtf8Encoding() ValidateUtf8Encoding()
: Operator("ValidateUtf8Encoding") { } : Operator("ValidateUtf8Encoding") { }

10
src/operators/verify_cc.h
View File

@ -18,6 +18,8 @@
#include <pcre.h> #include <pcre.h>
#include <string> #include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -27,12 +29,8 @@ namespace operators {
class VerifyCC : public Operator { class VerifyCC : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
VerifyCC(std::string op, std::string param, bool negation) explicit VerifyCC(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation), : Operator("VerifyCC", std::move(param)),
m_pc(NULL),
m_pce(NULL) { }
explicit VerifyCC(std::string param)
: Operator("VerifyCC", param),
m_pc(NULL), m_pc(NULL),
m_pce(NULL) { } m_pce(NULL) { }
~VerifyCC(); ~VerifyCC();

15
src/operators/verify_cpf.h
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/regex.h" #include "src/utils/regex.h"
@ -33,17 +34,9 @@ namespace operators {
class VerifyCPF : public Operator { class VerifyCPF : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
VerifyCPF(std::string o, std::string p, bool n) explicit VerifyCPF(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n) { : Operator("VerifyCPF", std::move(param)) {
m_re = new Regex(p); m_re = new Regex(m_param);
}
VerifyCPF(std::string name, std::string param)
: Operator(name, param) {
m_re = new Regex(param);
}
explicit VerifyCPF(std::string param)
: Operator("VerifyCPF", param) {
m_re = new Regex(param);
} }
~VerifyCPF() { ~VerifyCPF() {

15
src/operators/verify_ssn.h
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/regex.h" #include "src/utils/regex.h"
@ -33,17 +34,9 @@ namespace operators {
class VerifySSN : public Operator { class VerifySSN : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
VerifySSN(std::string o, std::string p, bool n) explicit VerifySSN(std::unique_ptr<RunTimeString> param)
: Operator(o, p, n) { : Operator("VerifySSN", std::move(param)) {
m_re = new Regex(p); m_re = new Regex(m_param);
}
VerifySSN(std::string name, std::string param)
: Operator(name, param) {
m_re = new Regex(param);
}
explicit VerifySSN(std::string param)
: Operator("VerifySSN", param) {
m_re = new Regex(param);
} }
~VerifySSN() { ~VerifySSN() {

2
src/operators/within.cc
View File

@ -27,8 +27,8 @@ namespace operators {
bool Within::evaluate(Transaction *transaction, Rule *rule, bool Within::evaluate(Transaction *transaction, Rule *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) { const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
bool res = false; bool res = false;
std::string paramTarget = MacroExpansion::expand(m_param, transaction);
size_t pos = 0; size_t pos = 0;
std::string paramTarget(m_string->evaluate(transaction));
if (str.empty()) { if (str.empty()) {
return true; return true;

9
src/operators/within.h
View File

@ -18,6 +18,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <utility>
#include "src/operators/operator.h" #include "src/operators/operator.h"
@ -28,10 +29,10 @@ namespace operators {
class Within : public Operator { class Within : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
Within(std::string op, std::string param, bool negation) explicit Within(std::unique_ptr<RunTimeString> param)
: Operator(op, param, negation) { } : Operator("Within", std::move(param)) {
explicit Within(std::string param) m_couldContainsMacro = true;
: Operator("Within", param) { } }
bool evaluate(Transaction *transaction, Rule *rule, bool evaluate(Transaction *transaction, Rule *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage); const std::string &str, std::shared_ptr<RuleMessage> ruleMessage);
}; };

2178
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

2
src/parser/seclang-parser.hh
View File

@ -2759,7 +2759,7 @@ namespace yy {
enum enum
{ {
yyeof_ = 0, yyeof_ = 0,
yylast_ = 1543, ///< Last index in yytable_. yylast_ = 2006, ///< Last index in yytable_.
yynnts_ = 17, ///< Number of nonterminal symbols. yynnts_ = 17, ///< Number of nonterminal symbols.
yyfinal_ = 293, ///< Termination state number. yyfinal_ = 293, ///< Termination state number.
yyterror_ = 1, yyterror_ = 1,

130
src/parser/seclang-parser.yy
View File

@ -885,18 +885,19 @@ op:
YYERROR; YYERROR;
} }
} }
| OPERATOR_RX_CONTENT_ONLY | run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Rx(utils::string::removeBracketsIfNeeded($1))); OPERATOR_CONTAINER($$, new operators::Rx(std::move($1)));
std::string error; std::string error;
if ($$->init(driver.ref.back(), &error) == false) { if ($$->init(driver.ref.back(), &error) == false) {
driver.error(@0, error); driver.error(@0, error);
YYERROR; YYERROR;
} }
} }
| NOT OPERATOR_RX_CONTENT_ONLY | NOT run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Rx("Rx", utils::string::removeBracketsIfNeeded($2), true)); OPERATOR_CONTAINER($$, new operators::Rx(std::move($2)));
$$->m_negation = true;
std::string error; std::string error;
if ($$->init(driver.ref.back(), &error) == false) { if ($$->init(driver.ref.back(), &error) == false) {
driver.error(@0, error); driver.error(@0, error);
@ -926,141 +927,126 @@ op_before_init:
{ {
OPERATOR_CONTAINER($$, new operators::ValidateUtf8Encoding()); OPERATOR_CONTAINER($$, new operators::ValidateUtf8Encoding());
} }
| OPERATOR_INSPECT_FILE FREE_TEXT | OPERATOR_INSPECT_FILE run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::InspectFile($2)); OPERATOR_CONTAINER($$, new operators::InspectFile(std::move($2)));
std::string error;
if ($$->init(driver.ref.back(), &error) == false) {
driver.error(@0, error);
YYERROR;
}
} }
| OPERATOR_FUZZY_HASH FREE_TEXT | OPERATOR_FUZZY_HASH run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::FuzzyHash(utils::string::removeBracketsIfNeeded($2))); OPERATOR_CONTAINER($$, new operators::FuzzyHash(std::move($2)));
std::string error;
if ($$->init(driver.ref.back(), &error) == false) {
driver.error(@0, error);
YYERROR;
}
} }
| OPERATOR_VALIDATE_BYTE_RANGE FREE_TEXT | OPERATOR_VALIDATE_BYTE_RANGE run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::ValidateByteRange($2)); OPERATOR_CONTAINER($$, new operators::ValidateByteRange(std::move($2)));
} }
| OPERATOR_VALIDATE_DTD FREE_TEXT | OPERATOR_VALIDATE_DTD run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::ValidateDTD($2)); OPERATOR_CONTAINER($$, new operators::ValidateDTD(std::move($2)));
} }
| OPERATOR_VALIDATE_HASH FREE_TEXT | OPERATOR_VALIDATE_HASH run_time_string
{ {
/* $$ = new operators::ValidateHash($1); */ /* $$ = new operators::ValidateHash($1); */
OPERATOR_NOT_SUPPORTED("ValidateHash", @0); OPERATOR_NOT_SUPPORTED("ValidateHash", @0);
} }
| OPERATOR_VALIDATE_SCHEMA FREE_TEXT | OPERATOR_VALIDATE_SCHEMA run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::ValidateSchema($2)); OPERATOR_CONTAINER($$, new operators::ValidateSchema(std::move($2)));
} }
| OPERATOR_VERIFY_CC FREE_TEXT | OPERATOR_VERIFY_CC run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::VerifyCC($2)); OPERATOR_CONTAINER($$, new operators::VerifyCC(std::move($2)));
} }
| OPERATOR_VERIFY_CPF FREE_TEXT | OPERATOR_VERIFY_CPF run_time_string
{ {
/* $$ = new operators::VerifyCPF($1); */ /* $$ = new operators::VerifyCPF($1); */
OPERATOR_NOT_SUPPORTED("VerifyCPF", @0); OPERATOR_NOT_SUPPORTED("VerifyCPF", @0);
} }
| OPERATOR_VERIFY_SSN FREE_TEXT | OPERATOR_VERIFY_SSN run_time_string
{ {
/* $$ = new operators::VerifySSN($1); */ /* $$ = new operators::VerifySSN($1); */
OPERATOR_NOT_SUPPORTED("VerifySSN", @0); OPERATOR_NOT_SUPPORTED("VerifySSN", @0);
} }
| OPERATOR_GSB_LOOKUP FREE_TEXT | OPERATOR_GSB_LOOKUP run_time_string
{ {
/* $$ = new operators::GsbLookup($1); */ /* $$ = new operators::GsbLookup($1); */
OPERATOR_NOT_SUPPORTED("GsbLookup", @0); OPERATOR_NOT_SUPPORTED("GsbLookup", @0);
} }
| OPERATOR_RSUB FREE_TEXT | OPERATOR_RSUB run_time_string
{ {
/* $$ = new operators::Rsub($1); */ /* $$ = new operators::Rsub($1); */
OPERATOR_NOT_SUPPORTED("Rsub", @0); OPERATOR_NOT_SUPPORTED("Rsub", @0);
} }
| OPERATOR_WITHIN FREE_TEXT | OPERATOR_WITHIN run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Within($2)); OPERATOR_CONTAINER($$, new operators::Within(std::move($2)));
} }
| OPERATOR_CONTAINS_WORD FREE_TEXT | OPERATOR_CONTAINS_WORD run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::ContainsWord($2)); OPERATOR_CONTAINER($$, new operators::ContainsWord(std::move($2)));
} }
| OPERATOR_CONTAINS FREE_TEXT | OPERATOR_CONTAINS run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Contains($2)); OPERATOR_CONTAINER($$, new operators::Contains(std::move($2)));
} }
| OPERATOR_ENDS_WITH FREE_TEXT | OPERATOR_ENDS_WITH run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::EndsWith($2)); OPERATOR_CONTAINER($$, new operators::EndsWith(std::move($2)));
} }
| OPERATOR_EQ FREE_TEXT | OPERATOR_EQ run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Eq($2)); OPERATOR_CONTAINER($$, new operators::Eq(std::move($2)));
} }
| OPERATOR_GE FREE_TEXT | OPERATOR_GE run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Ge($2)); OPERATOR_CONTAINER($$, new operators::Ge(std::move($2)));
} }
| OPERATOR_GT FREE_TEXT | OPERATOR_GT run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Gt($2)); OPERATOR_CONTAINER($$, new operators::Gt(std::move($2)));
} }
| OPERATOR_IP_MATCH_FROM_FILE FREE_TEXT | OPERATOR_IP_MATCH_FROM_FILE run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::IpMatchF($2)); OPERATOR_CONTAINER($$, new operators::IpMatchF(std::move($2)));
} }
| OPERATOR_IP_MATCH FREE_TEXT | OPERATOR_IP_MATCH run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::IpMatch($2)); OPERATOR_CONTAINER($$, new operators::IpMatch(std::move($2)));
} }
| OPERATOR_LE FREE_TEXT | OPERATOR_LE run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Le($2)); OPERATOR_CONTAINER($$, new operators::Le(std::move($2)));
} }
| OPERATOR_LT FREE_TEXT | OPERATOR_LT run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Lt($2)); OPERATOR_CONTAINER($$, new operators::Lt(std::move($2)));
} }
| OPERATOR_PM_FROM_FILE FREE_TEXT | OPERATOR_PM_FROM_FILE run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::PmFromFile($2)); OPERATOR_CONTAINER($$, new operators::PmFromFile(std::move($2)));
} }
| OPERATOR_PM FREE_TEXT | OPERATOR_PM run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Pm($2)); OPERATOR_CONTAINER($$, new operators::Pm(std::move($2)));
} }
| OPERATOR_RBL FREE_TEXT | OPERATOR_RBL run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Rbl($2)); OPERATOR_CONTAINER($$, new operators::Rbl(std::move($2)));
} }
| OPERATOR_RX FREE_TEXT | OPERATOR_RX run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::Rx($2)); OPERATOR_CONTAINER($$, new operators::Rx(std::move($2)));
std::string error;
if ($$->init(driver.ref.back(), &error) == false) {
driver.error(@0, error);
YYERROR;
}
} }
| OPERATOR_STR_EQ FREE_TEXT | OPERATOR_STR_EQ run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::StrEq($2)); OPERATOR_CONTAINER($$, new operators::StrEq(std::move($2)));
} }
| OPERATOR_STR_MATCH FREE_TEXT | OPERATOR_STR_MATCH run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::StrMatch($2)); OPERATOR_CONTAINER($$, new operators::StrMatch(std::move($2)));
} }
| OPERATOR_BEGINS_WITH FREE_TEXT | OPERATOR_BEGINS_WITH run_time_string
{ {
OPERATOR_CONTAINER($$, new operators::BeginsWith($2)); OPERATOR_CONTAINER($$, new operators::BeginsWith(std::move($2)));
} }
| OPERATOR_GEOLOOKUP | OPERATOR_GEOLOOKUP
{ {

9751
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

272
src/parser/seclang-scanner.ll
View File

@ -15,7 +15,7 @@ using modsecurity::utils::string::parserSanitizer;
typedef yy::seclang_parser p; typedef yy::seclang_parser p;
static int state_variable_from = 0; static int state_variable_from = 0;
static std::stack<int> YY_PREVIOUS_STATE = 0; static std::stack<int> YY_PREVIOUS_STATE;
// Work around an incompatibility in flex (at least versions // Work around an incompatibility in flex (at least versions
// 2.5.31 through 2.5.33): it generates code that does // 2.5.31 through 2.5.33): it generates code that does
@ -25,6 +25,9 @@ static std::stack<int> YY_PREVIOUS_STATE = 0;
# define yywrap() 1 # define yywrap() 1
#define BEGINX(z) { YY_PREVIOUS_STATE.push(YY_START); BEGIN(z); } #define BEGINX(z) { YY_PREVIOUS_STATE.push(YY_START); BEGIN(z); }
#define BEGIN_PARAMETER() { if (YY_START == EXPECTING_OPERATOR_ENDS_WITH_SPACE) { BEGIN(TRANSITION_FROM_OP_TO_EXPECTING_PARAMETER_ENDS_WITH_SPACE); } else { BEGIN(TRANSITION_FROM_OP_TO_EXPECTING_PARAMETER_ENDS_WITH_QUOTE); } }
#define BEGIN_NO_OP_INFORMED() { if (YY_START == EXPECTING_OPERATOR_ENDS_WITH_SPACE) { BEGIN(NO_OP_INFORMED_ENDS_WITH_SPACE); } else { BEGIN(NO_OP_INFORMED_ENDS_WITH_QUOTE); } }
#define BEGIN_PREVIOUS() { BEGIN(YY_PREVIOUS_STATE.top()); YY_PREVIOUS_STATE.pop(); } #define BEGIN_PREVIOUS() { BEGIN(YY_PREVIOUS_STATE.top()); YY_PREVIOUS_STATE.pop(); }
// The location of the current token. // The location of the current token.
@ -352,9 +355,12 @@ FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
QUOTE_BUT_SCAPED (') QUOTE_BUT_SCAPED (')
DOUBLE_QUOTE_BUT_SCAPED (") DOUBLE_QUOTE_BUT_SCAPED (")
COMMA_BUT_SCAPED (,) COMMA_BUT_SCAPED (,)
FREE_TEXT_QUOTE_MACRO_EXPANSION (([^%'\b])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][']|[^\\]([\\][\\])+[\\]['])+ FREE_TEXT_QUOTE_MACRO_EXPANSION (([^%'])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][']|[^\\]([\\][\\])+[\\]['])+
FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION (([^%"])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+ FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION ((([^"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
FREE_TEXT_COMMA_MACRO_EXPANSION (([^%,])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][,]|[^\\]([\\][\\])+[\\][,])+ FREE_TEXT_COMMA_MACRO_EXPANSION (([^%,])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][,]|[^\\]([\\][\\])+[\\][,])+
FREE_TEXT_COMMA_DOUBLE_QUOTE_MACRO_EXPANSION ((([^,"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
FREE_TEXT_SPACE_MACRO_EXPANSION (([^% ])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][ ]|[^\\]([\\][\\])+[\\][ ])+
START_MACRO_VARIABLE (\%\{) START_MACRO_VARIABLE (\%\{)
FREE_TEXT_QUOTE_COMMA [^,\']+ FREE_TEXT_QUOTE_COMMA [^,\']+
FREE_TEXT_SPACE [^ \t]+ FREE_TEXT_SPACE [^ \t]+
@ -383,15 +389,17 @@ EQUALS_MINUS (?i:=\-)
%x EXPECTING_ACTION_PREDICATE_VARIABLE %x EXPECTING_ACTION_PREDICATE_VARIABLE
%x TRANSACTION_TO_VARIABLE %x TRANSACTION_TO_VARIABLE
%x EXPECTING_VARIABLE %x EXPECTING_VARIABLE
%x EXPECTING_OPERATOR %x EXPECTING_OPERATOR_ENDS_WITH_SPACE EXPECTING_OPERATOR_ENDS_WITH_QUOTE
%x EXPECTING_ACTION_PREDICATE ACTION_PREDICATE_ENDS_WITH_QUOTE ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE ACTION_PREDICATE_ENDS_WITH_COMMA %x EXPECTING_ACTION_PREDICATE ACTION_PREDICATE_ENDS_WITH_QUOTE ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE ACTION_PREDICATE_ENDS_WITH_COMMA_OR_DOUBLE_QUOTE
%x COMMENT %x COMMENT
%x TRANSITION_FROM_OP_TO_EXPECTING_PARAMETER_ENDS_WITH_QUOTE TRANSITION_FROM_OP_TO_EXPECTING_PARAMETER_ENDS_WITH_SPACE
%x EXPECTING_VAR_PARAMETER %x EXPECTING_VAR_PARAMETER
%x EXPECTING_PARAMETER %x EXPECTING_PARAMETER_ENDS_WITH_QUOTE EXPECTING_PARAMETER_ENDS_WITH_SPACE
%x EXPECTING_ACTIONS %x EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE EXPECTING_ACTIONS_ONLY_ONE
%x TRANSACTION_FROM_OPERATOR_TO_ACTIONS %x TRANSACTION_FROM_OPERATOR_TO_ACTIONS
%x TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS
%x TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS %x TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS
%x NO_OP_INFORMED %x NO_OP_INFORMED_ENDS_WITH_SPACE NO_OP_INFORMED_ENDS_WITH_QUOTE
%x FINISH_ACTIONS %x FINISH_ACTIONS
%x LEXING_ERROR %x LEXING_ERROR
%x LEXING_ERROR_ACTION %x LEXING_ERROR_ACTION
@ -417,8 +425,7 @@ EQUALS_MINUS (?i:=\-)
// Code run each time yylex is called. // Code run each time yylex is called.
driver.loc.back()->step(); driver.loc.back()->step();
%} %}
<EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE,EXPECTING_ACTIONS_ONLY_ONE>{
<EXPECTING_ACTIONS>{
{ACTION_APPEND} { return p::make_ACTION_APPEND(yytext, *driver.loc.back()); } {ACTION_APPEND} { return p::make_ACTION_APPEND(yytext, *driver.loc.back()); }
{ACTION_BLOCK} { return p::make_ACTION_BLOCK(yytext, *driver.loc.back()); } {ACTION_BLOCK} { return p::make_ACTION_BLOCK(yytext, *driver.loc.back()); }
{ACTION_CAPTURE} { return p::make_ACTION_CAPTURE(yytext, *driver.loc.back()); } {ACTION_CAPTURE} { return p::make_ACTION_CAPTURE(yytext, *driver.loc.back()); }
@ -524,28 +531,46 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_VALUE_DETC} { return p::make_CONFIG_VALUE_DETC(yytext, *driver.loc.back()); } {CONFIG_VALUE_DETC} { return p::make_CONFIG_VALUE_DETC(yytext, *driver.loc.back()); }
{CONFIG_VALUE_OFF} { return p::make_CONFIG_VALUE_OFF(yytext, *driver.loc.back()); } {CONFIG_VALUE_OFF} { return p::make_CONFIG_VALUE_OFF(yytext, *driver.loc.back()); }
{CONFIG_VALUE_ON} { return p::make_CONFIG_VALUE_ON(yytext, *driver.loc.back()); } {CONFIG_VALUE_ON} { return p::make_CONFIG_VALUE_ON(yytext, *driver.loc.back()); }
[ \t]*[,][ \t]* { return p::make_COMMA(*driver.loc.back()); }
[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
}
\"[ \t]* { BEGIN(INITIAL); yyless(yyleng); } <EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE>{
[ \t]*[,][ \t]* { return p::make_COMMA(*driver.loc.back()); }
}
<EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE>{
[ \t]*\n { BEGIN(INITIAL); yyless(yyleng); driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\n { BEGIN(INITIAL); yyless(yyleng); driver.loc.back()->lines(1); driver.loc.back()->step(); }
[ \t]*\r\n { BEGIN(INITIAL); yyless(yyleng); driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\r\n { BEGIN(INITIAL); yyless(yyleng); driver.loc.back()->lines(1); driver.loc.back()->step(); }
\"[ \t]*\n { BEGIN(INITIAL); yyless(1); } }
\"[ \t]*\r\n { BEGIN(INITIAL); driver.loc.back()->lines(1); driver.loc.back()->step(); }
<EXPECTING_ACTIONS_ONLY_ONE>{
[ ][ \t]* { BEGIN(INITIAL); yyless(yyleng); }
[ ]*[ \t]*\n { BEGIN(INITIAL); yyless(1); }
[ ]*[ \t]*\r\n { BEGIN(INITIAL); driver.loc.back()->lines(1); driver.loc.back()->step(); }
}
<EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE>{
["][ \t]* { BEGIN(INITIAL); yyless(yyleng); }
["][ \t]*\n { BEGIN(INITIAL); yyless(1); }
["][ \t]*\r\n { BEGIN(INITIAL); driver.loc.back()->lines(1); driver.loc.back()->step(); }
["] { BEGIN(INITIAL); p::make_NEW_LINE(*driver.loc.back()); }
}
<EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE,EXPECTING_ACTIONS_ONLY_ONE>{
. { BEGIN(LEXING_ERROR_ACTION); yyless(0); } . { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
} }
<EXPECTING_ACTION_PREDICATE>{ <EXPECTING_ACTION_PREDICATE>{
['] { BEGIN(ACTION_PREDICATE_ENDS_WITH_QUOTE); } ['] { BEGIN(ACTION_PREDICATE_ENDS_WITH_QUOTE); }
["] { BEGIN(ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE); } ["] { BEGIN(ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE); }
. { BEGIN(ACTION_PREDICATE_ENDS_WITH_COMMA); yyless(0); } . { BEGIN(ACTION_PREDICATE_ENDS_WITH_COMMA_OR_DOUBLE_QUOTE); yyless(0); }
} }
<EXPECTING_ACTION_PREDICATE_VARIABLE,ACTION_PREDICATE_ENDS_WITH_QUOTE,ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE,ACTION_PREDICATE_ENDS_WITH_COMMA>{ <EXPECTING_ACTION_PREDICATE_VARIABLE,ACTION_PREDICATE_ENDS_WITH_QUOTE,ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE,ACTION_PREDICATE_ENDS_WITH_COMMA_OR_DOUBLE_QUOTE,EXPECTING_PARAMETER_ENDS_WITH_QUOTE,EXPECTING_PARAMETER_ENDS_WITH_SPACE>{
[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
} }
@ -556,21 +581,22 @@ EQUALS_MINUS (?i:=\-)
} }
<ACTION_PREDICATE_ENDS_WITH_QUOTE>{ <ACTION_PREDICATE_ENDS_WITH_QUOTE>{
['] { BEGIN(EXPECTING_ACTIONS); yyless(yyleng); } ['] { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(yyleng); }
{FREE_TEXT_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); } {FREE_TEXT_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
} }
<ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE>{ <ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE>{
["] { BEGIN(EXPECTING_ACTIONS); yyless(yyleng); } ["] { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(yyleng); }
{FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); } {FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
} }
<ACTION_PREDICATE_ENDS_WITH_COMMA>{ <ACTION_PREDICATE_ENDS_WITH_COMMA_OR_DOUBLE_QUOTE>{
[,] { yyless(0); BEGIN(EXPECTING_ACTIONS); } [,] { yyless(0); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{FREE_TEXT_COMMA_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); } ["] { yyless(0); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE);}
{FREE_TEXT_COMMA_DOUBLE_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
} }
<ACTION_PREDICATE_ENDS_WITH_QUOTE,ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE,ACTION_PREDICATE_ENDS_WITH_COMMA>{ <ACTION_PREDICATE_ENDS_WITH_QUOTE,ACTION_PREDICATE_ENDS_WITH_DOUBLE_QUOTE,ACTION_PREDICATE_ENDS_WITH_COMMA_OR_DOUBLE_QUOTE>{
{START_MACRO_VARIABLE} { BEGINX(EXPECTING_ACTION_PREDICATE_VARIABLE); } {START_MACRO_VARIABLE} { BEGINX(EXPECTING_ACTION_PREDICATE_VARIABLE); }
. { BEGIN(LEXING_ERROR_VARIABLE); yyless(0); } . { BEGIN(LEXING_ERROR_VARIABLE); yyless(0); }
} }
@ -592,13 +618,13 @@ EQUALS_MINUS (?i:=\-)
{EQUALS_PLUS} { BEGIN(SETVAR_ACTION_NONQUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_PLUS(*driver.loc.back()); } {EQUALS_PLUS} { BEGIN(SETVAR_ACTION_NONQUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_PLUS(*driver.loc.back()); }
{EQUALS_MINUS} { BEGIN(SETVAR_ACTION_NONQUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_MINUS(*driver.loc.back()); } {EQUALS_MINUS} { BEGIN(SETVAR_ACTION_NONQUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_MINUS(*driver.loc.back()); }
{EQUALS} { BEGIN(SETVAR_ACTION_NONQUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS(*driver.loc.back()); } {EQUALS} { BEGIN(SETVAR_ACTION_NONQUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS(*driver.loc.back()); }
.|\n { BEGIN(EXPECTING_ACTIONS); yyless(0);} .|\n { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(0);}
} }
<SETVAR_ACTION_NONQUOTED_WAITING_CONTENT>{ <SETVAR_ACTION_NONQUOTED_WAITING_CONTENT>{
\\(.|\n) { return p::make_SETVAR_CONTENT_PART(yytext + 1, *driver.loc.back()); } \\(.|\n) { return p::make_SETVAR_CONTENT_PART(yytext + 1, *driver.loc.back()); }
[^,"\n\r\t \\]+ { return p::make_SETVAR_CONTENT_PART(yytext, *driver.loc.back()); } [^,"\n\r\t \\]+ { return p::make_SETVAR_CONTENT_PART(yytext, *driver.loc.back()); }
.|\n { BEGIN(EXPECTING_ACTIONS); yyless(0); } .|\n { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(0); }
} }
<SETVAR_ACTION_QUOTED>{ <SETVAR_ACTION_QUOTED>{
@ -618,14 +644,14 @@ EQUALS_MINUS (?i:=\-)
{EQUALS_PLUS} { BEGIN(SETVAR_ACTION_QUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_PLUS(*driver.loc.back()); } {EQUALS_PLUS} { BEGIN(SETVAR_ACTION_QUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_PLUS(*driver.loc.back()); }
{EQUALS_MINUS} { BEGIN(SETVAR_ACTION_QUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_MINUS(*driver.loc.back()); } {EQUALS_MINUS} { BEGIN(SETVAR_ACTION_QUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_MINUS(*driver.loc.back()); }
{EQUALS} { BEGIN(SETVAR_ACTION_QUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS(*driver.loc.back()); } {EQUALS} { BEGIN(SETVAR_ACTION_QUOTED_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS(*driver.loc.back()); }
\' { BEGIN(EXPECTING_ACTIONS); } \' { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
.|\n { BEGIN(LEXING_ERROR_ACTION); yyless(0); } .|\n { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
} }
<SETVAR_ACTION_QUOTED_WAITING_CONTENT>{ <SETVAR_ACTION_QUOTED_WAITING_CONTENT>{
\\(.|\n) { return p::make_SETVAR_CONTENT_PART(yytext + 1, *driver.loc.back()); } \\(.|\n) { return p::make_SETVAR_CONTENT_PART(yytext + 1, *driver.loc.back()); }
[^"\'\n\r\\]* { return p::make_SETVAR_CONTENT_PART(yytext, *driver.loc.back()); } [^"\'\n\r\\]* { return p::make_SETVAR_CONTENT_PART(yytext, *driver.loc.back()); }
\' { BEGIN(EXPECTING_ACTIONS); } \' { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
.|\n { BEGIN(LEXING_ERROR_ACTION); yyless(0); } .|\n { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
} }
@ -742,29 +768,31 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
[ \t]* { BEGIN(EXPECTING_VARIABLE); } [ \t]* { BEGIN(EXPECTING_VARIABLE); }
} }
<TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS>{
[ \t]* { }
[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); }
[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); }
[ \t]*\\\r\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); }
}
<EXPECTING_VARIABLE>{ <EXPECTING_VARIABLE>{
[|] { return p::make_PIPE(*driver.loc.back()); } [|] { return p::make_PIPE(*driver.loc.back()); }
[,] { return p::make_PIPE(*driver.loc.back()); } [,] { return p::make_PIPE(*driver.loc.back()); }
["] { return p::make_QUOTATION_MARK(yytext, *driver.loc.back()); } ["] { return p::make_QUOTATION_MARK(yytext, *driver.loc.back()); }
[ \t]+ { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*\" { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\n]*[ \t]* { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\n]*[ \t]*\" { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\r\n]*[ \t]* { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\r\n]*[ \t]*\" { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR); } else { state_variable_from = 0; BEGIN(INITIAL);} }
{VAR_EXCLUSION} { return p::make_VAR_EXCLUSION(*driver.loc.back()); } {VAR_EXCLUSION} { return p::make_VAR_EXCLUSION(*driver.loc.back()); }
{VAR_COUNT} { return p::make_VAR_COUNT(*driver.loc.back()); } {VAR_COUNT} { return p::make_VAR_COUNT(*driver.loc.back()); }
} }
<EXPECTING_VARIABLE>{
[ \t]+ { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR_ENDS_WITH_SPACE); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*\" { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR_ENDS_WITH_QUOTE); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\n]*[ \t]* { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR_ENDS_WITH_SPACE); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\n]*[ \t]*\" { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR_ENDS_WITH_QUOTE); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\r\n]*[ \t]* { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR_ENDS_WITH_SPACE); } else { state_variable_from = 0; BEGIN(INITIAL);} }
[ \t]*[\\\r\n]*[ \t]*\" { if (state_variable_from == 0) { BEGIN(EXPECTING_OPERATOR_ENDS_WITH_QUOTE); } else { state_variable_from = 0; BEGIN(INITIAL);} }
}
<TRANSACTION_FROM_DIRECTIVE_TO_ACTIONS>{
[ \t]* { }
[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\r\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
}
<EXPECTING_VARIABLE,EXPECTING_ACTION_PREDICATE_VARIABLE>{ <EXPECTING_VARIABLE,EXPECTING_ACTION_PREDICATE_VARIABLE>{
. { BEGIN(LEXING_ERROR_VARIABLE); yyless(0); } . { BEGIN(LEXING_ERROR_VARIABLE); yyless(0); }
{VARIABLE_ARGS_COMBINED_SIZE} { return p::make_VARIABLE_ARGS_COMBINED_SIZE(*driver.loc.back()); } {VARIABLE_ARGS_COMBINED_SIZE} { return p::make_VARIABLE_ARGS_COMBINED_SIZE(*driver.loc.back()); }
@ -785,19 +813,15 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
{VARIABLE_MULTIPART_BOUNDARY_WHITESPACE} { return p::make_VARIABLE_MULTIPART_BOUNDARY_WHITESPACE(*driver.loc.back()); } {VARIABLE_MULTIPART_BOUNDARY_WHITESPACE} { return p::make_VARIABLE_MULTIPART_BOUNDARY_WHITESPACE(*driver.loc.back()); }
{VARIABLE_MULTIPART_CRLF_LF_LINES} { return p::make_VARIABLE_MULTIPART_CRLF_LF_LINES(*driver.loc.back()); } {VARIABLE_MULTIPART_CRLF_LF_LINES} { return p::make_VARIABLE_MULTIPART_CRLF_LF_LINES(*driver.loc.back()); }
{VARIABLE_MULTIPART_DATA_AFTER} { return p::make_VARIABLE_MULTIPART_DATA_AFTER(*driver.loc.back()); } {VARIABLE_MULTIPART_DATA_AFTER} { return p::make_VARIABLE_MULTIPART_DATA_AFTER(*driver.loc.back()); }
{VARIABLE_MULTIPART_DATA_AFTER} { return p::make_VARIABLE_MULTIPART_DATA_AFTER(*driver.loc.back()); }
{VARIABLE_MULTIPART_DATA_BEFORE} { return p::make_VARIABLE_MULTIPART_DATA_BEFORE(*driver.loc.back()); } {VARIABLE_MULTIPART_DATA_BEFORE} { return p::make_VARIABLE_MULTIPART_DATA_BEFORE(*driver.loc.back()); }
{VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED} { return p::make_VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED(*driver.loc.back()); } {VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED} { return p::make_VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED(*driver.loc.back()); }
{VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED} { return p::make_VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED(*driver.loc.back()); }
{VARIABLE_MULTIPART_FILENAME}[:.] { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); } {VARIABLE_MULTIPART_FILENAME}[:.] { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
{VARIABLE_MULTIPART_FILENAME} { return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); } {VARIABLE_MULTIPART_FILENAME} { return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
{VARIABLE_MULTIPART_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); } {VARIABLE_MULTIPART_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); }
{VARIABLE_MULTIPART_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); } {VARIABLE_MULTIPART_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); }
{VARIABLE_MULTIPART_INVALID_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_INVALID_HEADER_FOLDING(*driver.loc.back()); } {VARIABLE_MULTIPART_INVALID_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_INVALID_HEADER_FOLDING(*driver.loc.back()); }
{VARIABLE_MULTIPART_INVALID_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_INVALID_HEADER_FOLDING(*driver.loc.back()); }
{VARIABLE_MULTIPART_INVALID_PART} { return p::make_VARIABLE_MULTIPART_INVALID_PART(*driver.loc.back()); } {VARIABLE_MULTIPART_INVALID_PART} { return p::make_VARIABLE_MULTIPART_INVALID_PART(*driver.loc.back()); }
{VARIABLE_MULTIPART_INVALID_QUOTING} { return p::make_VARIABLE_MULTIPART_INVALID_QUOTING(*driver.loc.back()); } {VARIABLE_MULTIPART_INVALID_QUOTING} { return p::make_VARIABLE_MULTIPART_INVALID_QUOTING(*driver.loc.back()); }
{VARIABLE_MULTIPART_INVALID_QUOTING} { return p::make_VARIABLE_MULTIPART_INVALID_QUOTING(*driver.loc.back()); }
{VARIABLE_MULTIPART_LF_LINE} { return p::make_VARIABLE_MULTIPART_LF_LINE(*driver.loc.back()); } {VARIABLE_MULTIPART_LF_LINE} { return p::make_VARIABLE_MULTIPART_LF_LINE(*driver.loc.back()); }
{VARIABLE_MULTIPART_MISSING_SEMICOLON} { return p::make_VARIABLE_MULTIPART_MISSING_SEMICOLON(*driver.loc.back()); } {VARIABLE_MULTIPART_MISSING_SEMICOLON} { return p::make_VARIABLE_MULTIPART_MISSING_SEMICOLON(*driver.loc.back()); }
{VARIABLE_MULTIPART_NAME}[:.] { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); } {VARIABLE_MULTIPART_NAME}[:.] { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
@ -927,68 +951,116 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
["] { return p::make_QUOTATION_MARK(yytext, *driver.loc.back()); } ["] { return p::make_QUOTATION_MARK(yytext, *driver.loc.back()); }
} }
<EXPECTING_OPERATOR_ENDS_WITH_SPACE>{
<EXPECTING_OPERATOR>{ {OPERATOR_GEOLOOKUP}[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_GEOLOOKUP(yytext, *driver.loc.back()); }
{OPERATOR_GEOLOOKUP} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_GEOLOOKUP(yytext, *driver.loc.back()); } {OPERATOR_UNCONDITIONAL_MATCH}[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_UNCONDITIONAL_MATCH(yytext, *driver.loc.back()); }
{OPERATOR_WITHIN} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_WITHIN(yytext, *driver.loc.back()); } {OPERATOR_DETECT_SQLI}[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_DETECT_SQLI(yytext, *driver.loc.back()); }
{OPERATOR_CONTAINS_WORD} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_CONTAINS_WORD(yytext, *driver.loc.back()); } {OPERATOR_DETECT_XSS}[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_DETECT_XSS(yytext, *driver.loc.back()); }
{OPERATOR_CONTAINS} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_CONTAINS(yytext, *driver.loc.back()); } {OPERATOR_VALIDATE_URL_ENCODING}[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_VALIDATE_URL_ENCODING(yytext, *driver.loc.back()); }
{OPERATOR_ENDS_WITH} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_ENDS_WITH(yytext, *driver.loc.back()); } {OPERATOR_VALIDATE_UTF8_ENCODING}[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_VALIDATE_UTF8_ENCODING(yytext, *driver.loc.back()); }
{OPERATOR_EQ} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_EQ(yytext, *driver.loc.back()); } }
{OPERATOR_GE} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_GE(yytext, *driver.loc.back()); } <EXPECTING_OPERATOR_ENDS_WITH_QUOTE>{
{OPERATOR_GT} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_GT(yytext, *driver.loc.back()); } {OPERATOR_GEOLOOKUP}[ ]*["] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_GEOLOOKUP(yytext, *driver.loc.back()); }
{OPERATOR_IP_MATCH_FROM_FILE} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_IP_MATCH_FROM_FILE(yytext, *driver.loc.back()); } {OPERATOR_UNCONDITIONAL_MATCH}[ ]*["] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_UNCONDITIONAL_MATCH(yytext, *driver.loc.back()); }
{OPERATOR_IP_MATCH} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_IP_MATCH(yytext, *driver.loc.back()); } {OPERATOR_DETECT_SQLI}[ ]*["] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_DETECT_SQLI(yytext, *driver.loc.back()); }
{OPERATOR_LE} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_LE(yytext, *driver.loc.back()); } {OPERATOR_DETECT_XSS}[ ]*["] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_DETECT_XSS(yytext, *driver.loc.back()); }
{OPERATOR_LT} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_LT(yytext, *driver.loc.back()); } {OPERATOR_VALIDATE_URL_ENCODING}[ ]*["] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_VALIDATE_URL_ENCODING(yytext, *driver.loc.back()); }
{OPERATOR_PM_FROM_FILE} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_PM_FROM_FILE(yytext, *driver.loc.back()); } {OPERATOR_VALIDATE_UTF8_ENCODING}[ ]*["] { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_VALIDATE_UTF8_ENCODING(yytext, *driver.loc.back()); }
{OPERATOR_PM} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_PM(yytext, *driver.loc.back()); }
{OPERATOR_RBL} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_RBL(yytext, *driver.loc.back()); }
{OPERATOR_RX} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_RX(yytext, *driver.loc.back()); }
{OPERATOR_STR_EQ} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_STR_EQ(yytext, *driver.loc.back()); }
{OPERATOR_STR_MATCH} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_STR_MATCH(yytext, *driver.loc.back()); }
{OPERATOR_BEGINS_WITH} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_BEGINS_WITH(yytext, *driver.loc.back()); }
{OPERATOR_INSPECT_FILE} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_INSPECT_FILE(yytext, *driver.loc.back()); }
{OPERATOR_FUZZY_HASH} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_FUZZY_HASH(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_BYTE_RANGE} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VALIDATE_BYTE_RANGE(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_DTD} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VALIDATE_DTD(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_HASH} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VALIDATE_HASH(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_SCHEMA} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VALIDATE_SCHEMA(yytext, *driver.loc.back()); }
{OPERATOR_VERIFY_CC} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VERIFY_CC(yytext, *driver.loc.back()); }
{OPERATOR_VERIFY_CPF} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VERIFY_CPF(yytext, *driver.loc.back()); }
{OPERATOR_VERIFY_SSN} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_VERIFY_SSN(yytext, *driver.loc.back()); }
{OPERATOR_GSB_LOOKUP} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_GSB_LOOKUP(yytext, *driver.loc.back()); }
{OPERATOR_RSUB} { BEGIN(EXPECTING_PARAMETER); return p::make_OPERATOR_RSUB(yytext, *driver.loc.back()); }
{OPERATOR_UNCONDITIONAL_MATCH} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_UNCONDITIONAL_MATCH(yytext, *driver.loc.back()); }
{OPERATOR_DETECT_SQLI} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_DETECT_SQLI(yytext, *driver.loc.back()); }
{OPERATOR_DETECT_XSS} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_DETECT_XSS(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_URL_ENCODING} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_VALIDATE_URL_ENCODING(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_UTF8_ENCODING} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_VALIDATE_UTF8_ENCODING(yytext, *driver.loc.back()); }
{NOT} { BEGIN(EXPECTING_OPERATOR); return p::make_NOT(*driver.loc.back()); }
. { BEGIN(NO_OP_INFORMED); yyless(0); }
} }
<NO_OP_INFORMED>{ <EXPECTING_OPERATOR_ENDS_WITH_SPACE,EXPECTING_OPERATOR_ENDS_WITH_QUOTE>{
{FREE_TEXT} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_OPERATOR_RX_CONTENT_ONLY(yytext, *driver.loc.back()); } {OPERATOR_WITHIN} { BEGIN_PARAMETER(); return p::make_OPERATOR_WITHIN(yytext, *driver.loc.back()); }
{OPERATOR_CONTAINS_WORD} { BEGIN_PARAMETER(); return p::make_OPERATOR_CONTAINS_WORD(yytext, *driver.loc.back()); }
{OPERATOR_CONTAINS} { BEGIN_PARAMETER(); return p::make_OPERATOR_CONTAINS(yytext, *driver.loc.back()); }
{OPERATOR_ENDS_WITH} { BEGIN_PARAMETER(); return p::make_OPERATOR_ENDS_WITH(yytext, *driver.loc.back()); }
{OPERATOR_EQ} { BEGIN_PARAMETER(); return p::make_OPERATOR_EQ(yytext, *driver.loc.back()); }
{OPERATOR_GE} { BEGIN_PARAMETER(); return p::make_OPERATOR_GE(yytext, *driver.loc.back()); }
{OPERATOR_GT} { BEGIN_PARAMETER(); return p::make_OPERATOR_GT(yytext, *driver.loc.back()); }
{OPERATOR_IP_MATCH_FROM_FILE} { BEGIN_PARAMETER(); return p::make_OPERATOR_IP_MATCH_FROM_FILE(yytext, *driver.loc.back()); }
{OPERATOR_IP_MATCH} { BEGIN_PARAMETER(); return p::make_OPERATOR_IP_MATCH(yytext, *driver.loc.back()); }
{OPERATOR_LE} { BEGIN_PARAMETER(); return p::make_OPERATOR_LE(yytext, *driver.loc.back()); }
{OPERATOR_LT} { BEGIN_PARAMETER(); return p::make_OPERATOR_LT(yytext, *driver.loc.back()); }
{OPERATOR_PM_FROM_FILE} { BEGIN_PARAMETER(); return p::make_OPERATOR_PM_FROM_FILE(yytext, *driver.loc.back()); }
{OPERATOR_PM} { BEGIN_PARAMETER(); return p::make_OPERATOR_PM(yytext, *driver.loc.back()); }
{OPERATOR_RBL} { BEGIN_PARAMETER(); return p::make_OPERATOR_RBL(yytext, *driver.loc.back()); }
{OPERATOR_RX} { BEGIN_PARAMETER(); return p::make_OPERATOR_RX(yytext, *driver.loc.back()); }
{OPERATOR_STR_EQ} { BEGIN_PARAMETER(); return p::make_OPERATOR_STR_EQ(yytext, *driver.loc.back()); }
{OPERATOR_STR_MATCH} { BEGIN_PARAMETER(); return p::make_OPERATOR_STR_MATCH(yytext, *driver.loc.back()); }
{OPERATOR_BEGINS_WITH} { BEGIN_PARAMETER(); return p::make_OPERATOR_BEGINS_WITH(yytext, *driver.loc.back()); }
{OPERATOR_INSPECT_FILE} { BEGIN_PARAMETER(); return p::make_OPERATOR_INSPECT_FILE(yytext, *driver.loc.back()); }
{OPERATOR_FUZZY_HASH} { BEGIN_PARAMETER(); return p::make_OPERATOR_FUZZY_HASH(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_BYTE_RANGE} { BEGIN_PARAMETER(); return p::make_OPERATOR_VALIDATE_BYTE_RANGE(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_DTD} { BEGIN_PARAMETER(); return p::make_OPERATOR_VALIDATE_DTD(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_HASH} { BEGIN_PARAMETER(); return p::make_OPERATOR_VALIDATE_HASH(yytext, *driver.loc.back()); }
{OPERATOR_VALIDATE_SCHEMA} { BEGIN_PARAMETER(); return p::make_OPERATOR_VALIDATE_SCHEMA(yytext, *driver.loc.back()); }
{OPERATOR_VERIFY_CC} { BEGIN_PARAMETER(); return p::make_OPERATOR_VERIFY_CC(yytext, *driver.loc.back()); }
{OPERATOR_VERIFY_CPF} { BEGIN_PARAMETER(); return p::make_OPERATOR_VERIFY_CPF(yytext, *driver.loc.back()); }
{OPERATOR_VERIFY_SSN} { BEGIN_PARAMETER(); return p::make_OPERATOR_VERIFY_SSN(yytext, *driver.loc.back()); }
{OPERATOR_GSB_LOOKUP} { BEGIN_PARAMETER(); return p::make_OPERATOR_GSB_LOOKUP(yytext, *driver.loc.back()); }
{OPERATOR_RSUB} { BEGIN_PARAMETER(); return p::make_OPERATOR_RSUB(yytext, *driver.loc.back()); }
{NOT} { return p::make_NOT(*driver.loc.back()); }
. { BEGIN_NO_OP_INFORMED(); yyless(0); }
} }
<TRANSACTION_FROM_OPERATOR_TO_ACTIONS>{ <TRANSITION_FROM_OP_TO_EXPECTING_PARAMETER_ENDS_WITH_SPACE>{
[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); } [ ] { BEGIN(EXPECTING_PARAMETER_ENDS_WITH_SPACE); }
[ \t]*\"[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); } }
[ \t]*\"[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); }
[ \t]*\"[ \t]*\\\r\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS); } <TRANSITION_FROM_OP_TO_EXPECTING_PARAMETER_ENDS_WITH_QUOTE>{
[ ] { BEGIN(EXPECTING_PARAMETER_ENDS_WITH_QUOTE); }
}
<NO_OP_INFORMED_ENDS_WITH_QUOTE>{
["] { BEGIN(TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS); }
{FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
}
<NO_OP_INFORMED_ENDS_WITH_SPACE>{
[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS); }
{FREE_TEXT_SPACE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
}
<NO_OP_INFORMED_ENDS_WITH_QUOTE,NO_OP_INFORMED_ENDS_WITH_SPACE>{
{START_MACRO_VARIABLE} { BEGINX(EXPECTING_ACTION_PREDICATE_VARIABLE); }
. { BEGIN(LEXING_ERROR); yyless(0); }
} }
<EXPECTING_PARAMETER>{ <EXPECTING_PARAMETER_ENDS_WITH_QUOTE>{
[ ]{FREE_TEXT} { BEGIN(TRANSACTION_FROM_OPERATOR_TO_ACTIONS); return p::make_FREE_TEXT(yytext+1, *driver.loc.back()); } ["] { BEGIN(TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS); }
{FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
}
<EXPECTING_PARAMETER_ENDS_WITH_SPACE>{
[ ] { BEGIN(TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS); }
{FREE_TEXT_SPACE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
}
<EXPECTING_PARAMETER_ENDS_WITH_QUOTE,EXPECTING_PARAMETER_ENDS_WITH_SPACE>{
{START_MACRO_VARIABLE} { BEGINX(EXPECTING_ACTION_PREDICATE_VARIABLE); }
. { BEGIN(LEXING_ERROR_VARIABLE); yyless(0); }
} }
<INITIAL,EXPECTING_OPERATOR>{ <TRANSACTION_FROM_OPERATOR_TO_ACTIONS,TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS>{
[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\\\r\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\\\r\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ ]+ { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\r\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
}
<INITIAL,EXPECTING_OPERATOR_ENDS_WITH_SPACE,EXPECTING_OPERATOR_ENDS_WITH_QUOTE>{
[ \t]+ { } [ \t]+ { }
[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); } [ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
@ -1005,8 +1077,8 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
. { BEGIN(LEXING_ERROR); yyless(0); } . { BEGIN(LEXING_ERROR); yyless(0); }
<LEXING_ERROR>.+ { driver.error (*driver.loc.back(), "Invalid input: ", yytext); throw p::syntax_error(*driver.loc.back(), ""); } <LEXING_ERROR>.+ { driver.error (*driver.loc.back(), "Invalid input: ", yytext); throw p::syntax_error(*driver.loc.back(), ""); }
<LEXING_ERROR_ACTION>.+ { driver.error (*driver.loc.back(), "Invalid action: ", yytext); throw p::syntax_error(*driver.loc.back(), ""); } <LEXING_ERROR_ACTION>.+ { driver.error (*driver.loc.back(), "Expecting an action, got: ", yytext); throw p::syntax_error(*driver.loc.back(), ""); }
<LEXING_ERROR_VARIABLE>.+ { driver.error (*driver.loc.back(), "Invalid variable: ", yytext); throw p::syntax_error(*driver.loc.back(), ""); } <LEXING_ERROR_VARIABLE>.+ { driver.error (*driver.loc.back(), "Expecting a variable, got: : ", yytext); throw p::syntax_error(*driver.loc.back(), ""); }
<<EOF>> { <<EOF>> {

38
src/rule.cc
View File

@ -238,19 +238,7 @@ void Rule::updateRulesVariable(Transaction *trans) {
} }
std::string Rule::resolveMatchMessage(std::string key, std::string value) {
std::string ret = this->m_op->m_match_message;
if (ret.empty() == true) {
ret = "Matched \"Operator `" + this->m_op->m_op + "' with parameter `" +
utils::string::limitTo(200, this->m_op->m_param) +
"' against variable `" + key + "' (Value: `" +
utils::string::limitTo(100, utils::string::toHexIfNeeded(value)) +
"' )";
}
return ret;
}
void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans, void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
@ -784,14 +772,15 @@ bool Rule::evaluate(Transaction *trans,
return true; return true;
} }
eparam = MacroExpansion::expand(this->m_op->m_param, trans); if (m_op->m_string) {
eparam = m_op->m_string->evaluate(trans);
if (this->m_op->m_param != eparam) {
eparam = "\"" + eparam + "\" Was: \"" + this->m_op->m_param + "\"";
} else {
eparam = "\"" + eparam + "\"";
}
if (m_op->m_string->containsMacro()) {
eparam = "\"" + eparam + "\" Was: \"" \
+ m_op->m_string->evaluate(NULL) + "\"";
} else {
eparam = "\"" + eparam + "\"";
}
#ifndef NO_LOGS #ifndef NO_LOGS
trans->debug(4, "(Rule: " + std::to_string(m_ruleId) \ trans->debug(4, "(Rule: " + std::to_string(m_ruleId) \
+ ") Executing operator \"" + this->m_op->m_op \ + ") Executing operator \"" + this->m_op->m_op \
@ -800,6 +789,14 @@ bool Rule::evaluate(Transaction *trans,
+ " against " \ + " against " \
+ Variable::to_s(variables) + "."); + Variable::to_s(variables) + ".");
#endif #endif
} else {
#ifndef NO_LOGS
trans->debug(4, "(Rule: " + std::to_string(m_ruleId) \
+ ") Executing operator \"" + this->m_op->m_op \
+ " against " \
+ Variable::to_s(variables) + ".");
#endif
}
updateRulesVariable(trans); updateRulesVariable(trans);
@ -823,7 +820,8 @@ bool Rule::evaluate(Transaction *trans,
ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage); ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage);
if (ret == true) { if (ret == true) {
ruleMessage->m_match = resolveMatchMessage(key, value); ruleMessage->m_match = m_op->resolveMatchMessage(trans,
key, value);
for (auto &i : v->m_orign) { for (auto &i : v->m_orign) {
ruleMessage->m_reference.append(i->toText()); ruleMessage->m_reference.append(i->toText());
} }

14
src/run_time_string.cc
View File

@ -23,34 +23,34 @@
#include "src/variables/tx.h" #include "src/variables/tx.h"
#include "src/variables/highest_severity.h" #include "src/variables/highest_severity.h"
#include "src/utils/string.h" #include "src/utils/string.h"
#include "src/variables/variable.h"
namespace modsecurity { namespace modsecurity {
void RunTimeString::appendText(std::string &text) { void RunTimeString::appendText(std::string text) {
std::unique_ptr<RunTimeElementHolder> r(new RunTimeElementHolder); std::unique_ptr<RunTimeElementHolder> r(new RunTimeElementHolder);
r->m_string = text; r->m_string = text;
m_elements.push_back(std::move(r)); m_elements.push_back(std::move(r));
} }
void RunTimeString::appendVar(std::unique_ptr<modsecurity::Variables::Variable> var) { void RunTimeString::appendVar(
std::unique_ptr<modsecurity::Variables::Variable> var) {
std::unique_ptr<RunTimeElementHolder> r(new RunTimeElementHolder); std::unique_ptr<RunTimeElementHolder> r(new RunTimeElementHolder);
r->m_var = std::move(var); r->m_var = std::move(var);
m_elements.push_back(std::move(r)); m_elements.push_back(std::move(r));
m_containsMacro = true;
} }
std::string RunTimeString::evaluate(Transaction *t) { std::string RunTimeString::evaluate(Transaction *t) {
std::string s; std::string s;
//int i = 0;
for (auto &z : m_elements) { for (auto &z : m_elements) {
//s.append("Element: " + std::to_string(i) + " value: ");
if (z->m_string.size() > 0) { if (z->m_string.size() > 0) {
s.append(z->m_string); s.append(z->m_string);
} else if (z->m_var != NULL) { } else if (z->m_var != NULL && t != NULL) {
std::vector<const collection::Variable *> l; std::vector<const collection::Variable *> l;
z->m_var->evaluate(t, NULL, &l); z->m_var->evaluate(t, NULL, &l);
if (l.size() > 0) { if (l.size() > 0) {
@ -60,9 +60,9 @@ std::string RunTimeString::evaluate(Transaction *t) {
delete i; delete i;
} }
} }
//s.append(" -- ");
} }
return s; return s;
} }
} // namespace modsecurity } // namespace modsecurity

17
src/run_time_string.h
View File

@ -18,11 +18,15 @@
#include <iostream> #include <iostream>
#include <string> #include <string>
#include <vector> #include <vector>
#include <memory>
#include <list>
#include <utility>
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/variables/variable.h" #include "src/variables/variable.h"
#ifndef SRC_RUN_TIME_STRING_H_ #ifndef SRC_RUN_TIME_STRING_H_
#define SRC_RUN_TIME_STRING_H_ #define SRC_RUN_TIME_STRING_H_
@ -33,18 +37,23 @@ class RunTimeElementHolder {
RunTimeElementHolder() : RunTimeElementHolder() :
m_string("") { m_string("") {
m_var.reset(NULL); m_var.reset(NULL);
}; }
std::unique_ptr<modsecurity::Variables::Variable> m_var; std::unique_ptr<modsecurity::Variables::Variable> m_var;
std::string m_string; std::string m_string;
}; };
class RunTimeString { class RunTimeString {
public: public:
RunTimeString() { RunTimeString() :
}; m_containsMacro(false) { }
void appendText(std::string &text); void appendText(std::string text);
void appendVar(std::unique_ptr<modsecurity::Variables::Variable> var); void appendVar(std::unique_ptr<modsecurity::Variables::Variable> var);
std::string evaluate(Transaction *t); std::string evaluate(Transaction *t);
std::string evaluate() {
return evaluate(NULL);
}
inline bool containsMacro() { return m_containsMacro; }
bool m_containsMacro;
protected: protected:
std::list<std::unique_ptr<RunTimeElementHolder>> m_elements; std::list<std::unique_ptr<RunTimeElementHolder>> m_elements;

6
test/test-cases/regression/action-id.json
View File

@ -80,7 +80,7 @@
] ]
}, },
"expected":{ "expected":{
"parser_error": "File: action-id.json. Line: 2. Column: 56. Invalid action: id:-1,phase:2,pass,t:trim\"" "parser_error": "File: action-id.json. Line: 2. Column: 56. Expecting an action, got: id:-1,phase:2,pass,t:trim\""
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",
@ -212,7 +212,7 @@
] ]
}, },
"expected":{ "expected":{
"parser_error": "action-id.json. Line: 2. Column: 56. Invalid action: id:'1,phase:2,pass,t:trim\"" "parser_error": "action-id.json. Line: 2. Column: 56. Expecting an action, got: id:'1,phase:2,pass,t:trim\""
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",
@ -256,7 +256,7 @@
] ]
}, },
"expected":{ "expected":{
"parser_error": "action-id.json. Line: 2. Column: 56. Invalid action: ',phase:2,pass,t:trim\"" "parser_error": "action-id.json. Line: 2. Column: 56. Expecting an action, got: ',phase:2,pass,t:trim\""
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",

2
test/test-cases/regression/action-skip.json
View File

@ -38,7 +38,7 @@
"version_min":300000, "version_min":300000,
"title":"Testing skip action 2/3", "title":"Testing skip action 2/3",
"expected":{ "expected":{
"parser_error": "Rules error. File: action-skip.json. Line: 2. Column: 71. Invalid action: skip:abc" "parser_error": "Rules error. File: action-skip.json. Line: 2. Column: 71. Expecting an action, got: skip:abc"
}, },
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",

2
test/test-cases/regression/config-include-bad.json
View File

@ -4,7 +4,7 @@
"version_min":300000, "version_min":300000,
"title":"Include - bad rule", "title":"Include - bad rule",
"expected":{ "expected":{
"parser_error": "Rules error. File: test-cases/data/config_example3.txt. Line: 2. Column: 66. Invalid action: ops \"id:1000,pass,t:trim\"" "parser_error": "Rules error. File: test-cases/data/config_example3.txt. Line: 2. Column: 66. Expecting an action, got: ops \"id:1000,pass,t:trim\""
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",

2
test/test-cases/regression/issue-1528.json
View File

@ -27,7 +27,7 @@
}, },
"expected": { "expected": {
"debug_log": "Rule returned 1", "debug_log": "Rule returned 1",
"error_log": "Matched \"Operator `Rx' with parameter `\\^%{tx\\.bad_value}\\$' against variable `ARGS:param' \\(Value: `attack' " "error_log": "Matched \"Operator `Rx' with parameter `\\^attack\\$'"
}, },
"rules": [ "rules": [
"SecRuleEngine On", "SecRuleEngine On",