From a36b2da86a70bf0962216705b303fba3774104e4 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 20 Jun 2016 20:33:50 -0300 Subject: [PATCH] Adds support to the STATUS variable --- Makefile.am | 1 + src/parser/seclang-parser.yy | 11 +++ src/parser/seclang-scanner.ll | 2 + src/transaction.cc | 2 + .../regression/variable-STATUS.json | 97 +++++++++++++++++++ 5 files changed, 113 insertions(+) create mode 100644 test/test-cases/regression/variable-STATUS.json diff --git a/Makefile.am b/Makefile.am index 0d3be836..10141828 100644 --- a/Makefile.am +++ b/Makefile.am @@ -218,3 +218,4 @@ TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR.json TESTS+=test/test-cases/regression/variable-REQBODY_PROCESSOR_ERROR.json TESTS+=test/test-cases/regression/variable-URLENCODED_ERROR.json TESTS+=test/test-cases/regression/variable-RULE.json +TESTS+=test/test-cases/regression/variable-STATUS.json diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index e2be4813..e925a3dc 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -229,6 +229,7 @@ using modsecurity::Variables::XML; %token CONFIG_DIR_SEC_MARKER %token VARIABLE +%token VARIABLE_STATUS %token VARIABLE_TX %token VARIABLE_COL %token RUN_TIME_VAR_DUR @@ -740,6 +741,16 @@ var: if (!var) { var = new Variable(name, Variable::VariableKind::DirectVariable); } $$ = var; } + | VARIABLE_STATUS + { + std::string name($1); + name.pop_back(); + CHECK_VARIATION_DECL + CHECK_VARIATION(&) { var = new Count(new Variable(name, Variable::VariableKind::DirectVariable)); } + CHECK_VARIATION(!) { var = new Exclusion(new Variable(name, Variable::VariableKind::DirectVariable)); } + if (!var) { var = new Variable(name, Variable::VariableKind::DirectVariable); } + $$ = var; + } | VARIABLE_COL { std::string name($1); diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 729cce42..22e771b4 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -128,6 +128,7 @@ TRANSFORMATION t:(?i:(parityZero7bit|parityOdd7bit|parityEven7bit|sqlHexDecode| VARIABLE (?i:(MULTIPART_DATA_AFTER|RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_TMPNAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|USERID|SESSIONID)) VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|REQUEST_COOKIES_NAMES)) +VARIABLE_STATUS (?i:(STATUS[^:])) VARIABLE_TX (?i:TX) VARIABLE_WEBSERVER_ERROR_LOG (?:WEBSERVER_ERROR_LOG) @@ -245,6 +246,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile) [!&]?{VARIABLE_WEBSERVER_ERROR_LOG} { driver.error (*driver.loc.back(), "Variable VARIABLE_WEBSERVER_ERROR_LOG is not supported by libModSecurity", ""); throw yy::seclang_parser::syntax_error(*driver.loc.back(), "");} [!&]?{VARIABLE}(\:{DICT_ELEMENT})? { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE(yytext, *driver.loc.back()); } [!&]?{VARIABLE}(\:[\']{FREE_TEXT_QUOTE}[\'])? { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE(yytext, *driver.loc.back()); } +[!&]?{VARIABLE_STATUS} { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE_STATUS(yytext, *driver.loc.back()); } [!&]?{VARIABLE_COL}(\:{DICT_ELEMENT})? { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE_COL(yytext, *driver.loc.back()); } [!&]?{VARIABLE_COL}(\:[\']{FREE_TEXT_QUOTE}[\'])? { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE_COL(yytext, *driver.loc.back()); } [!&]?{RUN_TIME_VAR_XML}(\:{DICT_ELEMENT})? { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); } diff --git a/src/transaction.cc b/src/transaction.cc index ad386d50..a2b26061 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1136,6 +1136,8 @@ int Transaction::processLogging(int returned_code) { } this->m_httpCodeReturned = returned_code; + this->m_collections.store("STATUS", std::to_string(returned_code)); + this->m_rules->evaluate(ModSecurity::LoggingPhase, this); /* If relevant, save this transaction information at the audit_logs */ diff --git a/test/test-cases/regression/variable-STATUS.json b/test/test-cases/regression/variable-STATUS.json new file mode 100644 index 00000000..ea5f052b --- /dev/null +++ b/test/test-cases/regression/variable-STATUS.json @@ -0,0 +1,97 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: STATUS (1/2)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "method":"GET", + "body": [ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"200\" \\(Variable: STATUS\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule STATUS \"@contains test\" \"id:1,phase:5,rev:1.3,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: STATUS (2/2)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "method":"GET", + "body": [ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"500\" \\(Variable: STATUS\\)", + "http_code": 500 + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule ARGS \"@pm value\" \"id:1,phase:2,t:trim,status:500,deny\"", + "SecRule STATUS \"@contains test\" \"id:2,phase:5,rev:1.3,pass,t:trim\"" + ] + } +] +