Initial support for Lua script engine

2025-09-29 19:24:29 +03:00 · 2017-11-05 10:42:40 -03:00
parent 1866a3a9eb
commit a676f313c3
19 changed files with 1270 additions and 59 deletions
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -45,6 +45,7 @@ unit_tests_LDADD = \
 	$(YAJL_LDFLAGS) $(YAJL_LDADD) \
 	$(LMDB_LDFLAGS) $(LMDB_LDADD) \
 	$(SSDEEP_LDFLAGS) $(SSDEEP_LDADD) \
+	$(LUA_LDFLAGS) $(LUA_LDADD) \
 	$(LIBXML2_LDADD) \
 	$(GLOBAL_LDADD)

@@ -82,6 +83,7 @@ regression_tests_LDADD = \
 	$(YAJL_LDFLAGS) $(YAJL_LDADD) \
 	$(LMDB_LDFLAGS) $(LMDB_LDADD) \
 	$(SSDEEP_LDFLAGS) $(SSDEEP_LDADD) \
+	$(LUA_LDFLAGS) $(LUA_LDADD) \
 	$(LIBXML2_LDADD) \
 	$(GLOBAL_LDADD)

@@ -118,6 +120,7 @@ rules_optimization_LDADD = \
 	$(YAJL_LDFLAGS) $(YAJL_LDADD) \
 	$(LMDB_LDFLAGS) $(LMDB_LDADD) \
 	$(SSDEEP_LDFLAGS) $(SSDEEP_LDADD) \
+	$(LUA_LDFLAGS) $(LUA_LDADD) \
 	$(LIBXML2_LDADD) \
 	$(GLOBAL_LDADD)

--- a/test/test-cases/data/match-getvar-transformation.lua
+++ b/test/test-cases/data/match-getvar-transformation.lua
@@ -0,0 +1,20 @@
+function main()
+    ret = nil
+
+    var = m.getvar("tx.test");
+    if var == nil then
+        m.log(9, "Don't know what to say...");
+        return ret
+    end
+
+    if var == "FELIPE"
+        m.log(9, "Ops.");
+    elseif var == "felipe"
+        m.log(9, "Just fine.");
+        ret ="ok";
+    else
+        m.log(9, "Really?");
+    end
+
+    return ret
+end
--- a/test/test-cases/data/match-getvar.lua
+++ b/test/test-cases/data/match-getvar.lua
@@ -0,0 +1,19 @@
+function main()
+    ret = nil
+
+    num = m.getvar("tx.test");
+    if num == nil then
+        m.log(9, "Don't know what to say about this so called number.");
+        return ret
+    end
+    num = tonumber(num)
+
+    if num > 1 then
+        m.log(9, "Number is bigger than one.");
+        ret = "Whee :)"
+    else
+        m.log(9, "Really?");
+    end
+
+    return ret
+end
--- a/test/test-cases/data/match-getvars.lua
+++ b/test/test-cases/data/match-getvars.lua
@@ -0,0 +1,21 @@
+function dump(o)
+   if type(o) == 'table' then
+      local s = '{ '
+      for k,v in pairs(o) do
+         if type(k) ~= 'number' then k = '"'..k..'"' end
+         s = s .. '['..k..'] = ' .. dump(v) .. ','
+      end
+      return s .. '} '
+   else
+      return tostring(o)
+   end
+end
+
+function main()
+    ret = nil
+    m.log(9, "Here I am");
+    z = m.getvars("QUERY_STRING");
+    m.log(9, "Z: " .. dump(z))
+
+    return ret
+end
--- a/test/test-cases/data/match-log.lua
+++ b/test/test-cases/data/match-log.lua
@@ -0,0 +1,4 @@
+function main()
+    m.log(9, "echo 123");
+    return "Lua script matched.";
+end
--- a/test/test-cases/data/match-set.lua
+++ b/test/test-cases/data/match-set.lua
@@ -0,0 +1,5 @@
+function main()
+    m.log(9, "echo 123");
+    m.setvar("tx.test", "whee");
+    return "Lua script matched.";
+end
--- a/test/test-cases/data/match.lua
+++ b/test/test-cases/data/match.lua
@@ -0,0 +1,3 @@
+function main()
+    return "Lua script matched.";
+end
--- a/test/test-cases/data/test.lua
+++ b/test/test-cases/data/test.lua
--- a/test/test-cases/regression/operator-inpectFile.json
+++ b/test/test-cases/regression/operator-inpectFile.json
@@ -112,5 +112,198 @@
      "SecRuleEngine On",
      "SecRule ARGS:res \"@inspectFile /bin/echo\" \"id:1,phase:2,pass,t:trim\""
    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile - lua (1/1)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=whee",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Rule returned 1."
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS:res \"@inspectFile test-cases/data/match.lua\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile - lua (2/2)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=whee",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"echo 123"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS:res \"@inspectFile test-cases/data/match-log.lua\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile - lua (3/3)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=whee",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"whee\" "
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS:res \"@inspectFile test-cases/data/match-set.lua\" \"id:1,phase:2,pass,t:trim\"",
+      "SecRule TX:test \"whee\" \"id:2,phase:2,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile - lua (4/4)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=whee",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Number is bigger than one."
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS \".\" \"id:2,phase:2,setvar:tx.test=2\"",
+      "SecRule ARGS:res \"@inspectFile test-cases/data/match-getvar.lua\" \"id:1,phase:2,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @inspectFile - lua (5/5)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/whee?res=whee&z=z&d=e",
+      "method":"GET",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{},
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Z: \\{ \\[1\\] = \\{ \\[\"value\"\\] = res=whee&z=z&d=e,\\[\"name\"\\] = QUERY_STRING,\\} ,\\}"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule QUERY_STRING \".\" \"id:2,phase:2,setvar:tx.test=2\"",
+      "SecRule ARGS:res \"@inspectFile test-cases/data/match-getvars.lua\" \"id:1,phase:2,pass,t:trim\""
+    ]
  }
 ]