github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to MATCHED_VARS_NAMES variable

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-07-21 14:22:12 -03:00
parent 09867791c7
commit b089c44c1a
3 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/parser/seclang-scanner.ll
View File

@ -59,7 +59,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim) TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
VARIABLE (?i:MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO) VARIABLE (?i:MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
RUN_TIME_VAR_DUR (?i:DURATION) RUN_TIME_VAR_DUR (?i:DURATION)
RUN_TIME_VAR_ENV (?i:ENV) RUN_TIME_VAR_ENV (?i:ENV)
RUN_TIME_VAR_BLD (?i:MODSEC_BUILD) RUN_TIME_VAR_BLD (?i:MODSEC_BUILD)

3
src/rule.cc
View File

@ -123,9 +123,12 @@ bool Rule::evaluate(Assay *assay) {
assay->store_variable("MATCHED_VAR", value); assay->store_variable("MATCHED_VAR", value);
} }
assay->store_variable("MATCHED_VARS:" + v.first, value); assay->store_variable("MATCHED_VARS:" + v.first, value);
assay->store_variable("MATCHED_VARS_NAMES:" + v.first,
v.first);
this->chainedRule->evaluate(assay); this->chainedRule->evaluate(assay);
assay->update_variable_first("MATCHED_VAR", ""); assay->update_variable_first("MATCHED_VAR", "");
assay->delete_variable("MATCHED_VARS:" + v.first); assay->delete_variable("MATCHED_VARS:" + v.first);
assay->delete_variable("MATCHED_VARS_NAMES:" + v.first);
} }
} else { } else {
assay->debug(4, "Rule returned 0."); assay->debug(4, "Rule returned 0.");

90
test/test-cases/regression/variable-MATCHED_VARS_NAMES.json Normal file
View File

@ -0,0 +1,90 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing Variables :: MATCHED_VARS_NAMES (1/2)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?keyI=value&keyII=other_value",
"protocol":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"ARGS:keyII\" \\(Variable: MATCHED_VARS_NAMES:ARGS:keyII\\)"
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"",
"SecRule ARGS:keyII \"@contains other_value\" \"chain\"",
"SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"pass\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing Variables :: MATCHED_VARS_NAMES (2/2)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?keyI=value&keyII=other_value",
"protocol":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"ARGS:keyI\" \\(Variable: MATCHED_VARS_NAMES:ARGS:keyI\\)"
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"",
"SecRule ARGS:keyII \"@contains other_value\" \"chain\"",
"SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"pass\"",
"SecRule MATCHED_VARS_NAMES \"@contains value\" \"id:29\""
]
}
]