github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to the collection SESSION and setsid action

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-05-06 14:20:03 -03:00
parent 33a704e918
commit a2a47798e9
11 changed files with 186 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
headers/modsecurity/collection/collections.h
View File

@ -45,7 +45,7 @@ namespace collection {
class Collections :
public std::unordered_map<std::string, Collection *> {
public:
Collections(Collection *global, Collection *ip);
Collections(Collection *global, Collection *ip, Collection *session);
~Collections();
void store(std::string key, std::string value);
@ -86,9 +86,11 @@ class Collections :
std::string m_global_collection_key;
std::string m_ip_collection_key;
std::string m_session_collection_key;
Collection *m_global_collection;
Collection *m_ip_collection;
Collection *m_session_collection;
};
} // namespace collection

1
headers/modsecurity/modsecurity.h
View File

@ -224,6 +224,7 @@ class ModSecurity {
collection::Collection *m_global_collection;
collection::Collection *m_ip_collection;
collection::Collection *m_session_collection;
private:
std::string m_connector;

1
src/Makefile.am
View File

@ -79,6 +79,7 @@ ACTIONS = \
actions/rev.cc \
actions/rule_id.cc \
actions/severity.cc \
actions/set_sid.cc \
actions/set_var.cc \
actions/status.cc \
actions/skip_after.cc \

55
src/actions/set_sid.cc Normal file
View File

@ -0,0 +1,55 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "actions/set_sid.h"
#include <iostream>
#include <string>
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {
bool SetSID::init(std::string *error) {
m_collection_key = std::string(action, 0, action.length());
if (m_collection_key.empty()) {
return false;
}
return true;
}
bool SetSID::evaluate(Rule *rule, Transaction *t) {
std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
#ifndef NO_LOGS
t->debug(8, "Session ID initiated with value: \'"
+ colNameExpanded + "\'.");
#endif
t->m_collections.m_session_collection_key = colNameExpanded;
return true;
}
} // namespace actions
} // namespace modsecurity

45
src/actions/set_sid.h Normal file
View File

@ -0,0 +1,45 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "actions/action.h"
#ifndef SRC_ACTIONS_SET_SID_H_
#define SRC_ACTIONS_SET_SID_H_
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class SetSID : public Action {
public:
explicit SetSID(std::string _action)
: Action(_action) { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_collection_key;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_SET_SID_H_

37
src/collection/collections.cc
View File

@ -34,11 +34,12 @@ namespace collection {
Collections::Collections(Collection *global,
Collection *ip)
Collection *ip, Collection *session)
: m_global_collection_key(""),
m_ip_collection_key(""),
m_global_collection(global),
m_ip_collection(ip),
m_session_collection(session),
m_transient(new backend::InMemoryPerProcess()) {
/* Create collection TX */
this->emplace("TX", new backend::InMemoryPerProcess());
@ -69,6 +70,13 @@ void Collections::storeOrUpdateFirst(const std::string& collectionName,
return;
}
if (tolower(collectionName) == "session"
&& !m_session_collection_key.empty()) {
m_session_collection->storeOrUpdateFirst(collectionName + ":"
+ variableName, m_session_collection_key, targetValue);
return;
}
try {
Collection *collection;
collection = this->at(collectionName);
@ -137,6 +145,12 @@ std::string* Collections::resolveFirst(const std::string& collectionName,
+ ":" + var, m_global_collection_key);
}
if (tolower(collectionName) == "session"
&& !m_session_collection_key.empty()) {
return m_session_collection->resolveFirst(toupper(collectionName)
+ ":" + var, m_session_collection_key);
}
for (auto &a : *this) {
if (tolower(a.first) == tolower(collectionName)) {
std::string *res = a.second->resolveFirst(toupper(a.first)
@ -175,6 +189,13 @@ void Collections::resolveSingleMatch(const std::string& var,
return;
}
if (tolower(collection) == "session"
&& !m_session_collection_key.empty()) {
m_session_collection->resolveSingleMatch(var,
m_session_collection_key, l);
return;
}
try {
this->at(collection)->resolveSingleMatch(var, l);
} catch (...) { }
@ -203,6 +224,13 @@ void Collections::resolveMultiMatches(const std::string& var,
return;
}
if (tolower(collection) == "session"
&& !m_session_collection_key.empty()) {
m_session_collection->resolveMultiMatches(var,
m_session_collection_key, l);
return;
}
try {
this->at(collection)->resolveMultiMatches(var, l);
} catch (...) { }
@ -231,6 +259,13 @@ void Collections::resolveRegularExpression(const std::string& var,
return;
}
if (tolower(collection) == "session"
&& !m_session_collection_key.empty()) {
m_session_collection->resolveRegularExpression(toupper(collection)
+ ":" + var, m_session_collection_key, l);
return;
}
try {
this->at(collection)->resolveRegularExpression(var, l);
} catch (...) { }

1
src/modsecurity.cc
View File

@ -48,6 +48,7 @@ ModSecurity::ModSecurity()
: m_connector(""),
m_global_collection(new collection::backend::InMemoryPerProcess()),
m_ip_collection(new collection::backend::InMemoryPerProcess()),
m_session_collection(new collection::backend::InMemoryPerProcess()),
m_logCb(NULL) {
UniqueId::uniqueId();
srand(time(NULL));

12
src/parser/seclang-parser.yy
View File

@ -24,6 +24,7 @@ class Driver;
#include "actions/audit_log.h"
#include "actions/ctl_audit_log_parts.h"
#include "actions/init_col.h"
#include "actions/set_sid.h"
#include "actions/set_var.h"
#include "actions/severity.h"
#include "actions/skip_after.h"
@ -66,6 +67,7 @@ using modsecurity::actions::Accuracy;
using modsecurity::actions::Action;
using modsecurity::actions::CtlAuditLogParts;
using modsecurity::actions::InitCol;
using modsecurity::actions::SetSID;
using modsecurity::actions::SetVar;
using modsecurity::actions::Severity;
using modsecurity::actions::Tag;
@ -906,7 +908,7 @@ act:
TODO: setEnv is not implemented yet.
std::string error;
SetEnv *setEnv = new SetEnv($1);
SetEnv *setEnv = new s($1);
if (setEnv->init(&error) == false) {
driver.parserError << error;
@ -919,12 +921,8 @@ act:
}
| ACTION_SETSID
{
/*
TODO: setSID is not implemented yet.
std::string error;
SetEnv *setSID = new SetSID($1);
SetSID *setSID = new SetSID($1);
if (setSID->init(&error) == false) {
driver.parserError << error;
@ -932,8 +930,6 @@ act:
}
$$ = setSID;
*/
$$ = Action::instantiate($1);
}
| ACTION_SETUID
{

3
src/transaction.cc
View File

@ -112,7 +112,8 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
m_creationTimeStamp(cpu_seconds()),
m_logCbData(logCbData),
m_ms(ms),
m_collections(ms->m_global_collection, ms->m_ip_collection) {
m_collections(ms->m_global_collection, ms->m_ip_collection,
ms->m_session_collection) {
m_id = std::to_string(this->m_timeStamp) + \
std::to_string(generate_transaction_unique_id());
m_rules->incrementReferenceCount();

37
test/test-cases/regression/action-setsid.json Normal file
View File

@ -0,0 +1,37 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing setsid action",
"expected":{
"debug_log": "Saving variable: SESSION:score with value: 5"
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"User-Agent":"My sweet little browser",
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}%,nolog,pass\"",
"SecRule REQUEST_HEADERS \".*\" \"id:'900021',phase:1,setvar:SESSION.score=+10\"",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900068',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}2,nolog,pass\"",
"SecRule REQUEST_HEADERS \".*\" \"id:'900022',phase:1,setvar:SESSION.score=+5\""
]
}
]

2
test/test-cases/secrules-language-tests

@ -1 +1 @@
Subproject commit ee477d117430f695fd556afa7132de923ccd5d76
Subproject commit 8089e2ef12e8572c7d9feb8463e608b20de928ba