github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 19:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Support configurable limit on depth of JSON parsing

Browse Source
This commit is contained in:
Martin Vierula
2021-11-15 18:51:25 -08:00
parent ec86b242e1
commit ac79c1c29b
11 changed files with 5749 additions and 5554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3779
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

362
src/parser/seclang-parser.hh
View File

File diff suppressed because one or more lines are too long

6
src/parser/seclang-parser.yy
View File

@@ -604,6 +604,7 @@ using namespace modsecurity::operators;
CONFIG_SEC_CONN_W_STATE_LIMIT "CONFIG_SEC_CONN_W_STATE_LIMIT"
CONFIG_SEC_SENSOR_ID "CONFIG_SEC_SENSOR_ID"
CONFIG_DIR_ARGS_LIMIT "CONFIG_DIR_ARGS_LIMIT"
CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT "CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT"
CONFIG_DIR_REQ_BODY "CONFIG_DIR_REQ_BODY"
CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
CONFIG_DIR_REQ_BODY_LIMIT "CONFIG_DIR_REQ_BODY_LIMIT"
@@ -1582,6 +1583,11 @@ expression:
driver.m_argumentsLimit.m_set = true;
driver.m_argumentsLimit.m_value = atoi($1.c_str());
}
| CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT
{
driver.m_requestBodyJsonDepthLimit.m_set = true;
driver.m_requestBodyJsonDepthLimit.m_value = atoi($1.c_str());
}
/* Body limits */
| CONFIG_DIR_REQ_BODY_LIMIT
{

7017
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

2
src/parser/seclang-scanner.ll
View File

@@ -361,6 +361,7 @@ CONFIG_SEC_STREAM_OUT_BODY_INSPECTION (?i:SecStreamOutBodyInspection)
CONFIG_DIR_PCRE_MATCH_LIMIT (?i:SecPcreMatchLimit)
CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION (?i:SecPcreMatchLimitRecursion)
CONFIG_DIR_ARGS_LIMIT (?i:SecArgumentsLimit)
CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT (?i:SecRequestBodyJsonDepthLimit)
CONFIG_DIR_REQ_BODY (?i:SecRequestBodyAccess)
CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT (?i:SecRequestBodyInMemoryLimit)
CONFIG_DIR_REQ_BODY_LIMIT (?i:SecRequestBodyLimit)
@@ -769,6 +770,7 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_PCRE_MATCH_LIMIT}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_PCRE_MATCH_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_ARGS_LIMIT}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_ARGS_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT}[ \t]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_REQ_BODY_LIMIT_ACTION} { return p::make_CONFIG_DIR_REQ_BODY_LIMIT_ACTION(yytext, *driver.loc.back()); }