Adds support for the tag action

2025-09-29 19:24:29 +03:00 · 2015-08-07 02:03:07 -03:00
parent f519717bdf
commit ad9393a8c2
7 changed files with 241 additions and 1 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -64,6 +64,7 @@ ACTIONS = \
 	actions/severity.cc \
 	actions/set_var.cc \
 	actions/status.cc \
+	actions/tag.cc \
 	actions/transformations/base64_decode.cc \
 	actions/transformations/base64_decode_ext.cc \
 	actions/transformations/cmd_line.cc \
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@@ -0,0 +1,45 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/tag.h"
+
+#include <iostream>
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/assay.h"
+#include "src/utils.h"
+#include "src/macro_expansion.h"
+
+namespace ModSecurity {
+namespace actions {
+
+Tag::Tag(std::string action)
+    : Action(action, RunTimeOnlyIfMatchKind),
+    m_tag(action) {
+    m_tag.erase(0, 1);
+    m_tag.pop_back();
+}
+
+
+bool Tag::evaluate(Rule *rule, Assay *assay) {
+    std::string tag = MacroExpansion::expand(m_tag, assay);
+    assay->debug(9, "Rule tag: " + tag);
+    assay->ruleTags.push_back(tag);
+    return true;
+}
+
+}  // namespace actions
+}  // namespace ModSecurity
--- a/src/actions/tag.h
+++ b/src/actions/tag.h
@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_TAG_H_
+#define SRC_ACTIONS_TAG_H_
+
+class Assay;
+
+namespace ModSecurity {
+class Assay;
+namespace actions {
+
+
+class Tag : public Action {
+ public:
+    explicit Tag(std::string action);
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+
+ private:
+    std::string m_tag;
+};
+
+
+}  // namespace actions
+}  // namespace ModSecurity
+
+#endif  // SRC_ACTIONS_TAG_H_
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -19,6 +19,7 @@ class Driver;
 #include "actions/action.h"
 #include "actions/set_var.h"
 #include "actions/msg.h"
+#include "actions/tag.h"
 #include "actions/transformations/transformation.h"
 #include "operators/operator.h"
 #include "rule.h"
@@ -43,6 +44,7 @@ class Driver;

 using ModSecurity::actions::Action;
 using ModSecurity::actions::SetVar;
+using ModSecurity::actions::Tag;
 using ModSecurity::actions::Msg;
 using ModSecurity::actions::transformations::Transformation;
 using ModSecurity::operators::Operator;
@@ -189,6 +191,7 @@ using ModSecurity::Variables::Variable;
 %token <std::string> ACTION_SEVERITY
 %token <std::string> ACTION_SETVAR
 %token <std::string> ACTION_MSG
+%token <std::string> ACTION_TAG
 %token <std::string> TRANSFORMATION

 %token <double> CONFIG_VALUE_NUMBER
@@ -668,6 +671,28 @@ actions:
        actions->push_back(msg);
        $$ = actions;
      }
+    | actions COMMA ACTION_TAG
+      {
+        std::vector<Action *> *a = $1;
+        Tag *tag = new Tag($3);
+        a->push_back(tag);
+        $$ = $1;
+      }
+    | SPACE ACTION_TAG
+      {
+        std::vector<Action *> *actions = new std::vector<Action *>;
+        Tag *tag = new Tag($2);
+        actions->push_back(tag);
+        $$ = actions;
+
+      }
+    | ACTION_TAG
+      {
+        std::vector<Action *> *actions = new std::vector<Action *>;
+        Tag *tag = new Tag($1);
+        actions->push_back(tag);
+        $$ = actions;
+      }

 %%
 void
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -23,10 +23,11 @@ using ModSecurity::split;
 %}
 %option noyywrap nounput batch debug noinput

-ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|rev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|tag|ver|xmlns)
+ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|rev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
 ACTION_SEVERITY (?i:severity:[0-9]+|severity:'[0-9]+'|severity:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|severity:'(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)')
 ACTION_SETVAR   (?i:setvar)
 ACTION_MSG      (?i:msg)
+ACTION_TAG      (?i:tag)
 DIRECTIVE       SecRule

 CONFIG_DIRECTIVE SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
@@ -200,6 +201,7 @@ FREE_TEXT_NEW_LINE       [^\"|\n]+
                                    return yy::seclang_parser::make_ACTION_SETVAR(strchr(yytext, ':') + 1, *driver.loc.back());
                                         }
 {ACTION_MSG}:'{FREE_TEXT}'      { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); }
+{ACTION_TAG}:'{FREE_TEXT}'      { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); }

 ["]                             { return yy::seclang_parser::make_QUOTATION_MARK(*driver.loc.back()); }
 [,]                             { return yy::seclang_parser::make_COMMA(*driver.loc.back()); }