Adds support to MATCHED_VARS_NAMES variable

2025-08-13 21:36:00 +03:00 · 2015-07-21 14:22:12 -03:00 · 2015-07-21 14:22:12 -03:00 · b089c44c1a
commit b089c44c1a
parent 09867791c7
3 changed files with 94 additions and 1 deletions
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -59,7 +59,7 @@ OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida

 TRANSFORMATION  t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)

-VARIABLE          (?i:MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
+VARIABLE          (?i:MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
 RUN_TIME_VAR_DUR  (?i:DURATION)
 RUN_TIME_VAR_ENV  (?i:ENV)
 RUN_TIME_VAR_BLD  (?i:MODSEC_BUILD)
--- a/src/rule.cc
+++ b/src/rule.cc
@ -123,9 +123,12 @@ bool Rule::evaluate(Assay *assay) {
                        assay->store_variable("MATCHED_VAR", value);
                    }
                    assay->store_variable("MATCHED_VARS:" + v.first, value);
+                    assay->store_variable("MATCHED_VARS_NAMES:" + v.first,
+                        v.first);
                    this->chainedRule->evaluate(assay);
                    assay->update_variable_first("MATCHED_VAR", "");
                    assay->delete_variable("MATCHED_VARS:" + v.first);
+                    assay->delete_variable("MATCHED_VARS_NAMES:" + v.first);
                }
            } else {
                assay->debug(4, "Rule returned 0.");
--- a/test/test-cases/regression/variable-MATCHED_VARS_NAMES.json
+++ b/test/test-cases/regression/variable-MATCHED_VARS_NAMES.json
@ -0,0 +1,90 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: MATCHED_VARS_NAMES (1/2)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*"
+      },
+      "uri":"/?keyI=value&keyII=other_value",
+      "protocol":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"ARGS:keyII\" \\(Variable: MATCHED_VARS_NAMES:ARGS:keyII\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecDebugLogLevel 9",
+      "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"",
+      "SecRule ARGS:keyII \"@contains other_value\" \"chain\"",
+      "SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"pass\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: MATCHED_VARS_NAMES (2/2)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*"
+      },
+      "uri":"/?keyI=value&keyII=other_value",
+      "protocol":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"ARGS:keyI\" \\(Variable: MATCHED_VARS_NAMES:ARGS:keyI\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecDebugLogLevel 9",
+      "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"",
+      "SecRule ARGS:keyII \"@contains other_value\" \"chain\"",
+      "SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"pass\"",
+      "SecRule MATCHED_VARS_NAMES \"@contains value\" \"id:29\""
+    ]
+  }
+]
+