Adds support to unconditional rules

2025-09-30 03:34:29 +03:00 · 2015-09-04 14:52:18 -03:00
parent 4e8bb276b8
commit b048794f4e
7 changed files with 168 additions and 1 deletions
--- a/src/parser/driver.cc
+++ b/src/parser/driver.cc
@@ -39,6 +39,17 @@ Driver::~Driver() {
    delete loc.back();
 }

+int Driver::addSecAction(Rule *rule) {
+    if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) {
+        parserError << "Unknown phase: " << std::to_string(rule->phase);
+        parserError << std::endl;
+        return false;
+    }
+
+    rules[rule->phase].push_back(rule);
+
+    return true;
+}

 int Driver::addSecRule(Rule *rule) {
    if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) {
--- a/src/parser/driver.h
+++ b/src/parser/driver.h
@@ -57,6 +57,7 @@ class Driver : public RulesProperties {
    virtual ~Driver();

    int addSecRule(Rule *rule);
+    int addSecAction(Rule *rule);

    int result;

--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -190,6 +190,7 @@ using ModSecurity::Variables::Variable;
 %token <std::string> CONFIG_DIR_DEBUG_LOG
 %token <std::string> CONFIG_DIR_DEBUG_LVL

+%token <std::string> CONFIG_DIR_SEC_ACTION
 %token <std::string> CONFIG_DIR_SEC_DEFAULT_ACTION

 %token <std::string> VARIABLE
@@ -356,6 +357,24 @@ expression:
            );
        driver.addSecRule(rule);
      }
+    | CONFIG_DIR_SEC_ACTION SPACE QUOTATION_MARK actions QUOTATION_MARK
+      {
+        Rule *rule = new Rule(
+            /* op */ NULL,
+            /* variables */ NULL,
+            /* actions */ $4
+            );
+        driver.addSecAction(rule);
+      }
+    | CONFIG_DIR_SEC_ACTION SPACE actions
+      {
+        Rule *rule = new Rule(
+            /* op */ NULL,
+            /* variables */ NULL,
+            /* actions */ $3
+            );
+        driver.addSecAction(rule);
+      }
    | CONFIG_DIR_SEC_DEFAULT_ACTION SPACE QUOTATION_MARK actions QUOTATION_MARK
      {
        std::vector<Action *> *actions = $4;
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -39,6 +39,7 @@ DIRECTIVE       (?i:SecRule)
 LOG_DATA        (?i:logdata)

 CONFIG_DIR_SEC_DEFAULT_ACTION (?i:SecDefaultAction)
+CONFIG_DIR_SEC_ACTION (?i:SecAction)

 CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION (?i:SecPcreMatchLimitRecursion)
 CONFIG_DIR_PCRE_MATCH_LIMIT (?i:SecPcreMatchLimit)
@@ -243,6 +244,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 {CONFIG_VALUE_PROCESS_PARTIAL}  { return yy::seclang_parser::make_CONFIG_VALUE_PROCESS_PARTIAL(yytext, *driver.loc.back()); }
 {CONFIG_VALUE_REJECT}           { return yy::seclang_parser::make_CONFIG_VALUE_REJECT(yytext, *driver.loc.back()); }

+{CONFIG_DIR_SEC_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_SEC_ACTION(yytext, *driver.loc.back()); }
 {CONFIG_DIR_SEC_DEFAULT_ACTION} { return yy::seclang_parser::make_CONFIG_DIR_SEC_DEFAULT_ACTION(yytext, *driver.loc.back()); }

 <EXPECTING_OPERATOR>{