github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to the `skip' action

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-06-30 10:34:55 -03:00
parent f00e625c8e
commit b0f69b1262
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
7 changed files with 224 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
headers/modsecurity/transaction.h
View File

@ -304,9 +304,15 @@ class Transaction {
*/
std::string m_marker;
/**
* Holds the amount of rules that should be skipped. If bigger than 0 the
* current rule should be skipped and the number needs to be decreased.
*/
int m_skip_next;
/**
* Holds the decode URI. Notice that m_uri holds the raw version
* of the URI.
* of the URI.
*/
std::string m_uri_decoded;

1
src/Makefile.am
View File

@ -101,6 +101,7 @@ ACTIONS = \
actions/set_uid.cc \
actions/set_var.cc \
actions/status.cc \
actions/skip.cc \
actions/skip_after.cc \
actions/tag.cc \
actions/transformations/base64_decode.cc \

53
src/actions/skip.cc Normal file
View File

@ -0,0 +1,53 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "actions/skip.h"
#include <iostream>
#include <string>
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {
bool Skip::init(std::string *error) {
try {
m_skip_next = std::stoi(m_parser_payload);
} catch (...) {
error->assign("Skip: The input \"" + m_parser_payload + "\" is " \
"not a number.");
return false;
}
return true;
}
bool Skip::evaluate(Rule *rule, Transaction *transaction) {
#ifndef NO_LOGS
transaction->debug(5, "Skipping the next " + std::to_string(m_skip_next) \
+ " rules.");
#endif
transaction->m_skip_next = m_skip_next;
return true;
}
} // namespace actions
} // namespace modsecurity

46
src/actions/skip.h Normal file
View File

@ -0,0 +1,46 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "actions/action.h"
#ifndef SRC_ACTIONS_SKIP_H_
#define SRC_ACTIONS_SKIP_H_
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class Skip : public Action {
public:
explicit Skip(std::string action)
: Action(action, RunTimeOnlyIfMatchKind),
m_skip_next(0) { }
bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override;
int m_skip_next;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_SKIP_H_

9
src/parser/seclang-parser.yy
View File

@ -30,6 +30,7 @@ class Driver;
#include "actions/set_uid.h"
#include "actions/set_var.h"
#include "actions/severity.h"
#include "actions/skip.h"
#include "actions/skip_after.h"
#include "actions/msg.h"
#include "actions/phase.h"
@ -1087,13 +1088,7 @@ act:
| ACTION_SKIP
{
std::string error;
/*
TODO: skip is not implemented yet.
$$ = new modsecurity::actions::SkipAfter($1);
*/
$$ = Action::instantiate($1);
$$ = new modsecurity::actions::Skip($1);
if ($$->init(&error) == false) {
driver.error(@0, error);
YYERROR;

11
src/rules.cc
View File

@ -185,9 +185,7 @@ int Rules::evaluate(int phase, Transaction *transaction) {
for (int i = 0; i < rules.size(); i++) {
Rule *rule = rules[i];
if (transaction->m_marker.empty()) {
rule->evaluate(transaction);
} else {
if (transaction->m_marker.empty() == false) {
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
+ "' due to a SecMarker: " + transaction->m_marker);
m_secmarker_skipped++;
@ -198,6 +196,13 @@ int Rules::evaluate(int phase, Transaction *transaction) {
transaction->m_marker.clear();
m_secmarker_skipped = 0;
}
} else if (transaction->m_skip_next > 0) {
transaction->m_skip_next--;
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
+ "' due to `skip' action. Still " + \
std::to_string(transaction->m_skip_next) + " to be skipped.");
} else {
rule->evaluate(transaction);
}
}
return 1;

107
test/test-cases/regression/action-skip.json Normal file
View File

@ -0,0 +1,107 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing skip action 1/3",
"expected":{
"debug_log": "\\[9\\] Skipped rule id \\'2\\' due to \\`skip\\' action."
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"User-Agent":"My sweet little browser",
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'1',phase:1,skip:1\"",
"SecRule REQUEST_HEADERS \"should be skipped\" \"id:'2',phase:1,setvar:SESSION.score=+10\"",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'3',phase:1,t:none,nolog,pass\"",
"SecRule REQUEST_HEADERS \".*\" \"id:'4',phase:1,setvar:SESSION.score=+5\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing skip action 2/3",
"expected":{
"parser_error": "Rules error. File: action-skip.json. Line: 3. Column: 61. invalid character s"
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"User-Agent":"My sweet little browser",
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'1',phase:1,skip:abc\"",
"SecRule REQUEST_HEADERS \"should be skipped\" \"id:'2',phase:1,setvar:SESSION.score=+10\"",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'3',phase:1,t:none,nolog,pass\"",
"SecRule REQUEST_HEADERS \".*\" \"id:'4',phase:1,setvar:SESSION.score=+5\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing skip action 3/3",
"expected":{
"debug_log": "\\[9\\] Skipped rule id \\'3\\' due to \\`skip\\' action."
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"User-Agent":"My sweet little browser",
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'1',phase:1,skip:2\"",
"SecRule REQUEST_HEADERS \"should be skipped\" \"id:'2',phase:1,setvar:SESSION.score=+10\"",
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'3',phase:1,t:none,nolog,pass\"",
"SecRule REQUEST_HEADERS \".*\" \"id:'4',phase:1,setvar:SESSION.score=+5\""
]
}
]