github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Having the Sec[Request|Response]BodyAccess deprecated

Browse Source
This commit is contained in:
Felipe Zimmerle 2020-12-23 12:31:07 -03:00
parent 62d35fbf97
commit ae128ad94d
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
6 changed files with 1086 additions and 938 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modsecurity.conf-recommended
View File

@ -9,11 +9,16 @@ SecRuleEngine DetectionOnly
# -- Request body handling --------------------------------------------------- # -- Request body handling ---------------------------------------------------
#
# Allow ModSecurity to access request bodies. If you don't, ModSecurity # Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security # won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit. # hole for attackers to exploit.
# #
SecRequestBodyAccess On # IMPORTANT: SecRequestBodyAccess is no longer supported. The Request Body
# will be processed whenever a variable depends on it.
#
# SecRequestBodyAccess On
#
# Enable XML request body parser. # Enable XML request body parser.
@ -146,7 +151,13 @@ SecRule TX:/^MSC_/ "!@streq 0" \
# Do keep in mind that enabling this directive does increases both # Do keep in mind that enabling this directive does increases both
# memory consumption and response latency. # memory consumption and response latency.
# #
SecResponseBodyAccess On # IMPORTANT: SecResponseBodyAccess is no longer supported. The Response Body
# will be processed whenever a variable depends on it.
#
# SecResponseBodyAccess On
#
#
# Which response MIME types do you want to inspect? You should adjust the # Which response MIME types do you want to inspect? You should adjust the
# configuration below to catch documents but avoid static files # configuration below to catch documents but avoid static files

1904
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

8
src/parser/seclang-parser.hh
View File

@ -323,6 +323,8 @@ using namespace modsecurity::operators;
} \ } \
if (t) if (t)
#define CONFIG_DEPRECATED(a, b, c) \
driver.warn(c, "Configuration " + std::string(a) + " is deprecated and not working. You can read more info about it at https://github.com/SpiderLabs/ModSecurity/wiki/deprecated#" + b);
#define ACTION_NOT_SUPPORTED(a, b, c) \ #define ACTION_NOT_SUPPORTED(a, b, c) \
std::unique_ptr<actions::Action> d(new actions::ActionNotSupported(b)); \ std::unique_ptr<actions::Action> d(new actions::ActionNotSupported(b)); \
@ -360,7 +362,7 @@ using namespace modsecurity::operators;
a = std::move(c); a = std::move(c);
#line 364 "seclang-parser.hh" #line 366 "seclang-parser.hh"
# include <cassert> # include <cassert>
# include <cstdlib> // std::abort # include <cstdlib> // std::abort
@ -494,7 +496,7 @@ using namespace modsecurity::operators;
#endif #endif
namespace yy { namespace yy {
#line 498 "seclang-parser.hh" #line 500 "seclang-parser.hh"
@ -8635,7 +8637,7 @@ switch (yykind)
} }
} // yy } // yy
#line 8639 "seclang-parser.hh" #line 8641 "seclang-parser.hh"

62
src/parser/seclang-parser.yy
View File

@ -284,6 +284,8 @@ using namespace modsecurity::operators;
} \ } \
if (t) if (t)
#define CONFIG_DEPRECATED(a, b, c) \
driver.warn(c, "Configuration " + std::string(a) + " is deprecated and not working. You can read more info about it at https://github.com/SpiderLabs/ModSecurity/wiki/deprecated#" + b);
#define ACTION_NOT_SUPPORTED(a, b, c) \ #define ACTION_NOT_SUPPORTED(a, b, c) \
std::unique_ptr<actions::Action> d(new actions::ActionNotSupported(b)); \ std::unique_ptr<actions::Action> d(new actions::ActionNotSupported(b)); \
@ -1257,19 +1259,19 @@ expression:
} }
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON | CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; CONFIG_DEPRECATED("SecRequestBodyAccess", "requestBodyAccess", @0)
} }
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_OFF | CONFIG_DIR_REQ_BODY CONFIG_VALUE_OFF
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; CONFIG_DEPRECATED("SecRequestBodyAccess", "requestBodyAccess", @0)
} }
| CONFIG_DIR_RES_BODY CONFIG_VALUE_ON | CONFIG_DIR_RES_BODY CONFIG_VALUE_ON
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; CONFIG_DEPRECATED("SecResponseBodyAccess", "responseBodyAccess", @0)
} }
| CONFIG_DIR_RES_BODY CONFIG_VALUE_OFF | CONFIG_DIR_RES_BODY CONFIG_VALUE_OFF
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; CONFIG_DEPRECATED("SecResponseBodyAccess", "responseBodyAccess", @0)
} }
| CONFIG_SEC_ARGUMENT_SEPARATOR | CONFIG_SEC_ARGUMENT_SEPARATOR
{ {
@ -1897,26 +1899,32 @@ variables_may_be_quoted:
var: var:
VARIABLE_ARGS DICT_ELEMENT VARIABLE_ARGS DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::Args_DictElement($2)); VARIABLE_CONTAINER($$, new variables::Args_DictElement($2));
} }
| VARIABLE_ARGS DICT_ELEMENT_REGEXP | VARIABLE_ARGS DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::Args_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::Args_DictElementRegexp($2));
} }
| VARIABLE_ARGS | VARIABLE_ARGS
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::Args_NoDictElement()); VARIABLE_CONTAINER($$, new variables::Args_NoDictElement());
} }
| VARIABLE_ARGS_POST DICT_ELEMENT | VARIABLE_ARGS_POST DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsPost_DictElement($2)); VARIABLE_CONTAINER($$, new variables::ArgsPost_DictElement($2));
} }
| VARIABLE_ARGS_POST DICT_ELEMENT_REGEXP | VARIABLE_ARGS_POST DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsPost_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::ArgsPost_DictElementRegexp($2));
} }
| VARIABLE_ARGS_POST | VARIABLE_ARGS_POST
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsPost_NoDictElement()); VARIABLE_CONTAINER($$, new variables::ArgsPost_NoDictElement());
} }
| VARIABLE_ARGS_GET DICT_ELEMENT | VARIABLE_ARGS_GET DICT_ELEMENT
@ -1933,62 +1941,77 @@ var:
} }
| VARIABLE_FILES_SIZES DICT_ELEMENT | VARIABLE_FILES_SIZES DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesSizes_DictElement($2)); VARIABLE_CONTAINER($$, new variables::FilesSizes_DictElement($2));
} }
| VARIABLE_FILES_SIZES DICT_ELEMENT_REGEXP | VARIABLE_FILES_SIZES DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesSizes_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::FilesSizes_DictElementRegexp($2));
} }
| VARIABLE_FILES_SIZES | VARIABLE_FILES_SIZES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesSizes_NoDictElement()); VARIABLE_CONTAINER($$, new variables::FilesSizes_NoDictElement());
} }
| VARIABLE_FILES_NAMES DICT_ELEMENT | VARIABLE_FILES_NAMES DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesNames_DictElement($2)); VARIABLE_CONTAINER($$, new variables::FilesNames_DictElement($2));
} }
| VARIABLE_FILES_NAMES DICT_ELEMENT_REGEXP | VARIABLE_FILES_NAMES DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesNames_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::FilesNames_DictElementRegexp($2));
} }
| VARIABLE_FILES_NAMES | VARIABLE_FILES_NAMES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesNames_NoDictElement()); VARIABLE_CONTAINER($$, new variables::FilesNames_NoDictElement());
} }
| VARIABLE_FILES_TMP_CONTENT DICT_ELEMENT | VARIABLE_FILES_TMP_CONTENT DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesTmpContent_DictElement($2)); VARIABLE_CONTAINER($$, new variables::FilesTmpContent_DictElement($2));
} }
| VARIABLE_FILES_TMP_CONTENT DICT_ELEMENT_REGEXP | VARIABLE_FILES_TMP_CONTENT DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesTmpContent_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::FilesTmpContent_DictElementRegexp($2));
} }
| VARIABLE_FILES_TMP_CONTENT | VARIABLE_FILES_TMP_CONTENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesTmpContent_NoDictElement()); VARIABLE_CONTAINER($$, new variables::FilesTmpContent_NoDictElement());
} }
| VARIABLE_MULTIPART_FILENAME DICT_ELEMENT | VARIABLE_MULTIPART_FILENAME DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultiPartFileName_DictElement($2)); VARIABLE_CONTAINER($$, new variables::MultiPartFileName_DictElement($2));
} }
| VARIABLE_MULTIPART_FILENAME DICT_ELEMENT_REGEXP | VARIABLE_MULTIPART_FILENAME DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultiPartFileName_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::MultiPartFileName_DictElementRegexp($2));
} }
| VARIABLE_MULTIPART_FILENAME | VARIABLE_MULTIPART_FILENAME
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultiPartFileName_NoDictElement()); VARIABLE_CONTAINER($$, new variables::MultiPartFileName_NoDictElement());
} }
| VARIABLE_MULTIPART_NAME DICT_ELEMENT | VARIABLE_MULTIPART_NAME DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultiPartName_DictElement($2)); VARIABLE_CONTAINER($$, new variables::MultiPartName_DictElement($2));
} }
| VARIABLE_MULTIPART_NAME DICT_ELEMENT_REGEXP | VARIABLE_MULTIPART_NAME DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultiPartName_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::MultiPartName_DictElementRegexp($2));
} }
| VARIABLE_MULTIPART_NAME | VARIABLE_MULTIPART_NAME
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultiPartName_NoDictElement()); VARIABLE_CONTAINER($$, new variables::MultiPartName_NoDictElement());
} }
| VARIABLE_MATCHED_VARS_NAMES DICT_ELEMENT | VARIABLE_MATCHED_VARS_NAMES DICT_ELEMENT
@ -2017,14 +2040,17 @@ var:
} }
| VARIABLE_FILES DICT_ELEMENT | VARIABLE_FILES DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::Files_DictElement($2)); VARIABLE_CONTAINER($$, new variables::Files_DictElement($2));
} }
| VARIABLE_FILES DICT_ELEMENT_REGEXP | VARIABLE_FILES DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::Files_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::Files_DictElementRegexp($2));
} }
| VARIABLE_FILES | VARIABLE_FILES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::Files_NoDictElement()); VARIABLE_CONTAINER($$, new variables::Files_NoDictElement());
} }
| VARIABLE_REQUEST_COOKIES DICT_ELEMENT | VARIABLE_REQUEST_COOKIES DICT_ELEMENT
@ -2125,14 +2151,17 @@ var:
} }
| VARIABLE_FILES_TMP_NAMES DICT_ELEMENT | VARIABLE_FILES_TMP_NAMES DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesTmpNames_DictElement($2)); VARIABLE_CONTAINER($$, new variables::FilesTmpNames_DictElement($2));
} }
| VARIABLE_FILES_TMP_NAMES DICT_ELEMENT_REGEXP | VARIABLE_FILES_TMP_NAMES DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesTmpNames_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::FilesTmpNames_DictElementRegexp($2));
} }
| VARIABLE_FILES_TMP_NAMES | VARIABLE_FILES_TMP_NAMES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesTmpNames_NoDictElement()); VARIABLE_CONTAINER($$, new variables::FilesTmpNames_NoDictElement());
} }
| VARIABLE_RESOURCE run_time_string | VARIABLE_RESOURCE run_time_string
@ -2233,14 +2262,17 @@ var:
} }
| VARIABLE_ARGS_NAMES DICT_ELEMENT | VARIABLE_ARGS_NAMES DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsNames_DictElement($2)); VARIABLE_CONTAINER($$, new variables::ArgsNames_DictElement($2));
} }
| VARIABLE_ARGS_NAMES DICT_ELEMENT_REGEXP | VARIABLE_ARGS_NAMES DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsNames_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::ArgsNames_DictElementRegexp($2));
} }
| VARIABLE_ARGS_NAMES | VARIABLE_ARGS_NAMES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsNames_NoDictElement()); VARIABLE_CONTAINER($$, new variables::ArgsNames_NoDictElement());
} }
| VARIABLE_ARGS_GET_NAMES DICT_ELEMENT | VARIABLE_ARGS_GET_NAMES DICT_ELEMENT
@ -2258,14 +2290,17 @@ var:
| VARIABLE_ARGS_POST_NAMES DICT_ELEMENT | VARIABLE_ARGS_POST_NAMES DICT_ELEMENT
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsPostNames_DictElement($2)); VARIABLE_CONTAINER($$, new variables::ArgsPostNames_DictElement($2));
} }
| VARIABLE_ARGS_POST_NAMES DICT_ELEMENT_REGEXP | VARIABLE_ARGS_POST_NAMES DICT_ELEMENT_REGEXP
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsPostNames_DictElementRegexp($2)); VARIABLE_CONTAINER($$, new variables::ArgsPostNames_DictElementRegexp($2));
} }
| VARIABLE_ARGS_POST_NAMES | VARIABLE_ARGS_POST_NAMES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsPostNames_NoDictElement()); VARIABLE_CONTAINER($$, new variables::ArgsPostNames_NoDictElement());
} }
@ -2284,6 +2319,7 @@ var:
| VARIABLE_RESPONSE_CONTENT_TYPE | VARIABLE_RESPONSE_CONTENT_TYPE
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ResponseContentType()); VARIABLE_CONTAINER($$, new variables::ResponseContentType());
} }
@ -2301,6 +2337,7 @@ var:
} }
| VARIABLE_ARGS_COMBINED_SIZE | VARIABLE_ARGS_COMBINED_SIZE
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ArgsCombinedSize()); VARIABLE_CONTAINER($$, new variables::ArgsCombinedSize());
} }
| VARIABLE_AUTH_TYPE | VARIABLE_AUTH_TYPE
@ -2309,18 +2346,22 @@ var:
} }
| VARIABLE_FILES_COMBINED_SIZE | VARIABLE_FILES_COMBINED_SIZE
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FilesCombinedSize()); VARIABLE_CONTAINER($$, new variables::FilesCombinedSize());
} }
| VARIABLE_FULL_REQUEST | VARIABLE_FULL_REQUEST
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FullRequest()); VARIABLE_CONTAINER($$, new variables::FullRequest());
} }
| VARIABLE_FULL_REQUEST_LENGTH | VARIABLE_FULL_REQUEST_LENGTH
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::FullRequestLength()); VARIABLE_CONTAINER($$, new variables::FullRequestLength());
} }
| VARIABLE_INBOUND_DATA_ERROR | VARIABLE_INBOUND_DATA_ERROR
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::InboundDataError()); VARIABLE_CONTAINER($$, new variables::InboundDataError());
} }
| VARIABLE_MATCHED_VAR | VARIABLE_MATCHED_VAR
@ -2341,6 +2382,7 @@ var:
} }
| VARIABLE_MULTIPART_CRLF_LF_LINES | VARIABLE_MULTIPART_CRLF_LF_LINES
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultipartCrlfLFLines()); VARIABLE_CONTAINER($$, new variables::MultipartCrlfLFLines());
} }
| VARIABLE_MULTIPART_DATA_AFTER | VARIABLE_MULTIPART_DATA_AFTER
@ -2385,14 +2427,17 @@ var:
} }
| VARIABLE_MULTIPART_STRICT_ERROR | VARIABLE_MULTIPART_STRICT_ERROR
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultipartStrictError()); VARIABLE_CONTAINER($$, new variables::MultipartStrictError());
} }
| VARIABLE_MULTIPART_UNMATCHED_BOUNDARY | VARIABLE_MULTIPART_UNMATCHED_BOUNDARY
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::MultipartUnmatchedBoundary()); VARIABLE_CONTAINER($$, new variables::MultipartUnmatchedBoundary());
} }
| VARIABLE_OUTBOUND_DATA_ERROR | VARIABLE_OUTBOUND_DATA_ERROR
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::OutboundDataError()); VARIABLE_CONTAINER($$, new variables::OutboundDataError());
} }
| VARIABLE_PATH_INFO | VARIABLE_PATH_INFO
@ -2417,22 +2462,27 @@ var:
} }
| VARIABLE_REQBODY_ERROR | VARIABLE_REQBODY_ERROR
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ReqbodyError()); VARIABLE_CONTAINER($$, new variables::ReqbodyError());
} }
| VARIABLE_REQBODY_ERROR_MSG | VARIABLE_REQBODY_ERROR_MSG
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ReqbodyErrorMsg()); VARIABLE_CONTAINER($$, new variables::ReqbodyErrorMsg());
} }
| VARIABLE_REQBODY_PROCESSOR | VARIABLE_REQBODY_PROCESSOR
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ReqbodyProcessor()); VARIABLE_CONTAINER($$, new variables::ReqbodyProcessor());
} }
| VARIABLE_REQBODY_PROCESSOR_ERROR | VARIABLE_REQBODY_PROCESSOR_ERROR
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ReqbodyProcessorError()); VARIABLE_CONTAINER($$, new variables::ReqbodyProcessorError());
} }
| VARIABLE_REQBODY_PROCESSOR_ERROR_MSG | VARIABLE_REQBODY_PROCESSOR_ERROR_MSG
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ReqbodyProcessorErrorMsg()); VARIABLE_CONTAINER($$, new variables::ReqbodyProcessorErrorMsg());
} }
| VARIABLE_REQUEST_BASENAME | VARIABLE_REQUEST_BASENAME
@ -2441,10 +2491,12 @@ var:
} }
| VARIABLE_REQUEST_BODY | VARIABLE_REQUEST_BODY
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::RequestBody()); VARIABLE_CONTAINER($$, new variables::RequestBody());
} }
| VARIABLE_REQUEST_BODY_LENGTH | VARIABLE_REQUEST_BODY_LENGTH
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::RequestBodyLength()); VARIABLE_CONTAINER($$, new variables::RequestBodyLength());
} }
| VARIABLE_REQUEST_FILE_NAME | VARIABLE_REQUEST_FILE_NAME
@ -2473,10 +2525,12 @@ var:
} }
| VARIABLE_RESPONSE_BODY | VARIABLE_RESPONSE_BODY
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ResponseBody()); VARIABLE_CONTAINER($$, new variables::ResponseBody());
} }
| VARIABLE_RESPONSE_CONTENT_LENGTH | VARIABLE_RESPONSE_CONTENT_LENGTH
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
VARIABLE_CONTAINER($$, new variables::ResponseContentLength()); VARIABLE_CONTAINER($$, new variables::ResponseContentLength());
} }
| VARIABLE_RESPONSE_PROTOCOL | VARIABLE_RESPONSE_PROTOCOL

9
src/transaction.cc
View File

@ -913,7 +913,8 @@ int Transaction::processRequestBody() {
if (m_rules->m_secRequestBodyAccess == RulesSetProperties::FalseConfigBoolean) { if (m_rules->m_secRequestBodyAccess == RulesSetProperties::FalseConfigBoolean) {
if (m_requestBodyAccess != RulesSetProperties::TrueConfigBoolean) { if (m_requestBodyAccess != RulesSetProperties::TrueConfigBoolean) {
ms_dbg(4, "Request body processing is disabled"); ms_dbg(4, "Request body processing is disabled, evaluating rules on the phase and returning...");
this->m_rules->evaluate(modsecurity::RequestBodyPhase, this);
return true; return true;
} else { } else {
ms_dbg(4, "Request body processing is disabled, but " \ ms_dbg(4, "Request body processing is disabled, but " \
@ -924,7 +925,8 @@ int Transaction::processRequestBody() {
if (m_requestBodyAccess == RulesSetProperties::FalseConfigBoolean) { if (m_requestBodyAccess == RulesSetProperties::FalseConfigBoolean) {
ms_dbg(4, "Request body processing is enabled, but " \ ms_dbg(4, "Request body processing is enabled, but " \
"disabled to this transaction due to ctl:requestBodyAccess " \ "disabled to this transaction due to ctl:requestBodyAccess " \
"action"); "action. Evaluating rules on the phase and returning...");
this->m_rules->evaluate(modsecurity::RequestBodyPhase, this);
return true; return true;
} }
} }
@ -1209,7 +1211,8 @@ int Transaction::processResponseBody() {
} }
if (m_rules->m_secResponseBodyAccess != RulesSetProperties::TrueConfigBoolean) { if (m_rules->m_secResponseBodyAccess != RulesSetProperties::TrueConfigBoolean) {
ms_dbg(4, "Response body is disabled, returning... " + std::to_string(m_rules->m_secResponseBodyAccess)); ms_dbg(4, "Response body is disabled, evaluating rules on the phase and returning...");
m_rules->evaluate(modsecurity::ResponseBodyPhase, this);
return true; return true;
} }

26
test/test-cases/regression/config-warning.json
View File

@ -59,5 +59,31 @@
"SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5,ctl:forceRequestBodyVariable=Off\"", "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5,ctl:forceRequestBodyVariable=Off\"",
"SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:7,ctl:forceRequestBodyVariable=On\"" "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:7,ctl:forceRequestBodyVariable=On\""
] ]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing parser warning (4/n)",
"expected":{
"parser_warn": "Configuration SecRequestBodyAccess is deprecated and not working. You can read more info about it at https://github.com/SpiderLabs/ModSecurity/wiki/deprecated#requestBodyAccess"
},
"client":{
"ip":"200.249.12.31",
"port":12300
},
"request":{
"headers":{
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
},
"uri":"/path1",
"method":"GET"
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRequestBodyAccess On"
]
} }
] ]