github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implemented SecComponentSignature.

Browse Source
This commit is contained in:
ivanr
2007-11-26 16:05:56 +00:00
parent e467d3cac0
commit b163864ba7
3 changed files with 130 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
apache2/apache2_config.c
View File

@@ -99,6 +99,8 @@ void *create_directory_config(apr_pool_t *mp, char *path) {
dcfg->cache_trans_min = NOT_SET; dcfg->cache_trans_min = NOT_SET;
dcfg->cache_trans_max = NOT_SET; dcfg->cache_trans_max = NOT_SET;
dcfg->component_signatures = apr_array_make(mp, 16, sizeof(char *));
return dcfg; return dcfg;
} }
@@ -406,6 +408,10 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) {
merged->cache_trans_max = (child->cache_trans_max == (apr_size_t)NOT_SET merged->cache_trans_max = (child->cache_trans_max == (apr_size_t)NOT_SET
? parent->cache_trans_max : child->cache_trans_max); ? parent->cache_trans_max : child->cache_trans_max);
/* Merge component signatures. */
merged->component_signatures = apr_array_append(mp, parent->component_signatures,
child->component_signatures);
return merged; return merged;
} }
@@ -767,6 +773,18 @@ static const char *cmd_chroot_dir(cmd_parms *cmd, void *_dcfg, const char *p1) {
return NULL; return NULL;
} }
/**
* Adds component signature to the list of signatures kept in configuration.
*/
static const char *cmd_component_signature(cmd_parms *cmd, void *_dcfg, const char *p1) {
directory_config *dcfg = (directory_config *)_dcfg;
/* TODO Enforce "Name/VersionX.Y.Z (comment)" format. */
*(char **)apr_array_push(dcfg->component_signatures) = (char *)p1;
return NULL;
}
static const char *cmd_content_injection(cmd_parms *cmd, void *_dcfg, int flag) { static const char *cmd_content_injection(cmd_parms *cmd, void *_dcfg, int flag) {
directory_config *dcfg = (directory_config *)_dcfg; directory_config *dcfg = (directory_config *)_dcfg;
if (dcfg == NULL) return NULL; if (dcfg == NULL) return NULL;
@@ -1056,7 +1074,7 @@ static const char *cmd_rule_import_by_id(cmd_parms *cmd, void *_dcfg, const char
re->type = RULE_EXCEPTION_IMPORT_ID; re->type = RULE_EXCEPTION_IMPORT_ID;
// TODO verify p1 // TODO verify p1
re->param = p1; re->param = p1;
*(rule_exception **)apr_array_push(dcfg->rule_exceptions) = re; *(rule_exception **)apr_array_push(dcfg->rule_exceptions) = re;
return NULL; return NULL;
} }
@@ -1428,12 +1446,28 @@ const command_rec module_directives[] = {
"path to the audit log storage area; absolute, or relative to the root of the server" "path to the audit log storage area; absolute, or relative to the root of the server"
), ),
AP_INIT_TAKE12 (
"SecCacheTransformations",
cmd_cache_transformations,
NULL,
CMD_SCOPE_ANY,
"whether or not to cache transformations. Defaults to true."
),
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecChrootDir", "SecChrootDir",
cmd_chroot_dir, cmd_chroot_dir,
NULL, NULL,
CMD_SCOPE_MAIN, CMD_SCOPE_MAIN,
"Path of the directory to which server will be chrooted" "path of the directory to which server will be chrooted"
),
AP_INIT_TAKE1 (
"SecComponentSignature",
cmd_component_signature,
NULL,
CMD_SCOPE_MAIN,
"component signature to add to ModSecurity signature."
), ),
AP_INIT_FLAG ( AP_INIT_FLAG (
@@ -1485,6 +1519,14 @@ const command_rec module_directives[] = {
"" // TODO "" // TODO
), ),
AP_INIT_TAKE1 (
"SecGeoLookupsDb",
cmd_geo_lookups_db,
NULL,
RSRC_CONF,
"database for geographical lookups module."
),
AP_INIT_TAKE12 ( AP_INIT_TAKE12 (
"SecGuardianLog", "SecGuardianLog",
cmd_guardian_log, cmd_guardian_log,
@@ -1493,6 +1535,54 @@ const command_rec module_directives[] = {
"The filename of the filter debugging log file" "The filename of the filter debugging log file"
), ),
AP_INIT_FLAG (
"SecPdfProtect",
cmd_pdf_protect,
NULL,
RSRC_CONF,
"enable PDF protection module."
),
AP_INIT_TAKE1 (
"SecPdfProtectSecret",
cmd_pdf_protect_secret,
NULL,
RSRC_CONF,
"secret that will be used to construct protection tokens."
),
AP_INIT_TAKE1 (
"SecPdfProtectTimeout",
cmd_pdf_protect_timeout,
NULL,
RSRC_CONF,
"duration for which protection tokens will be valid."
),
AP_INIT_TAKE1 (
"SecPdfProtectTokenName",
cmd_pdf_protect_token_name,
NULL,
RSRC_CONF,
"name of the protection token. The name 'PDFTOKEN' is used by default."
),
AP_INIT_FLAG (
"SecPdfProtectInterceptGETOnly",
cmd_pdf_protect_intercept_get_only,
NULL,
RSRC_CONF,
"whether or not to intercept only GET and HEAD requess. Defaults to true."
),
AP_INIT_TAKE1 (
"SecPdfProtectMethod",
cmd_pdf_protect_method,
NULL,
RSRC_CONF,
"protection method to use. Can be 'TokenRedirection' (default) or 'ForcedDownload'"
),
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecRequestBodyAccess", "SecRequestBodyAccess",
cmd_request_body_access, cmd_request_body_access,
@@ -1573,24 +1663,6 @@ const command_rec module_directives[] = {
"On or Off" "On or Off"
), ),
/*
AP_INIT_TAKE1 (
"SecRuleImportById",
cmd_rule_import_by_id,
NULL,
CMD_SCOPE_ANY,
"" // TODO
),
AP_INIT_TAKE1 (
"SecRuleImportByMsg",
cmd_rule_import_by_msg,
NULL,
CMD_SCOPE_ANY,
"" // TODO
),
*/
AP_INIT_FLAG ( AP_INIT_FLAG (
"SecRuleInheritance", "SecRuleInheritance",
cmd_rule_inheritance, cmd_rule_inheritance,
@@ -1655,69 +1727,5 @@ const command_rec module_directives[] = {
"" // TODO "" // TODO
), ),
AP_INIT_FLAG (
"SecPdfProtect",
cmd_pdf_protect,
NULL,
RSRC_CONF,
"enable PDF protection module."
),
AP_INIT_TAKE1 (
"SecPdfProtectSecret",
cmd_pdf_protect_secret,
NULL,
RSRC_CONF,
"secret that will be used to construct protection tokens."
),
AP_INIT_TAKE1 (
"SecPdfProtectTimeout",
cmd_pdf_protect_timeout,
NULL,
RSRC_CONF,
"duration for which protection tokens will be valid."
),
AP_INIT_TAKE1 (
"SecPdfProtectTokenName",
cmd_pdf_protect_token_name,
NULL,
RSRC_CONF,
"name of the protection token. The name 'PDFTOKEN' is used by default."
),
AP_INIT_FLAG (
"SecPdfProtectInterceptGETOnly",
cmd_pdf_protect_intercept_get_only,
NULL,
RSRC_CONF,
"whether or not to intercept only GET and HEAD requess. Defaults to true."
),
AP_INIT_TAKE1 (
"SecPdfProtectMethod",
cmd_pdf_protect_method,
NULL,
RSRC_CONF,
"protection method to use. Can be 'TokenRedirection' (default) or 'ForcedDownload'"
),
AP_INIT_TAKE1 (
"SecGeoLookupsDb",
cmd_geo_lookups_db,
NULL,
RSRC_CONF,
"database for geographical lookups module."
),
AP_INIT_TAKE12 (
"SecCacheTransformations",
cmd_cache_transformations,
NULL,
CMD_SCOPE_ANY,
"whether or not to cache transformations. Defaults to true."
),
{ NULL } { NULL }
}; };

5
apache2/modsecurity.h
View File

@@ -446,6 +446,11 @@ struct directory_config {
int cache_trans; int cache_trans;
apr_size_t cache_trans_min; apr_size_t cache_trans_min;
apr_size_t cache_trans_max; apr_size_t cache_trans_max;
/* Array to hold signatures of components, which will
* appear in the ModSecurity signature in the audit log.
*/
apr_array_header_t *component_signatures;
}; };
struct error_message { struct error_message {

35
apache2/msc_logging.c
View File

@@ -307,6 +307,37 @@ static void sanitise_request_line(modsec_rec *msr) {
} }
} }
/**
* Output the Producer header.
*/
static void sec_auditlog_write_producer_header(modsec_rec *msr) {
char **signatures = NULL;
char *text = NULL;
int i;
/* Try to write everything in one go. */
if (msr->txcfg->component_signatures->nelts == 0) {
text = apr_psprintf(msr->mp, "Producer: %s.\n", MODULE_NAME_FULL);
sec_auditlog_write(msr, text, strlen(text));
return;
}
/* Start with the ModSecurity signature. */
text = apr_psprintf(msr->mp, "Producer: %s", MODULE_NAME_FULL);
sec_auditlog_write(msr, text, strlen(text));
/* Then loop through the components and output individual signatures. */
signatures = (char **)msr->txcfg->component_signatures->elts;
for(i = 0; i < msr->txcfg->component_signatures->nelts; i++) {
text = apr_psprintf(msr->mp, "; %s", (char *)signatures[i]);
sec_auditlog_write(msr, text, strlen(text));
}
sec_auditlog_write(msr, ".\n", 2);
}
/** /**
* Produce an audit log entry. * Produce an audit log entry.
*/ */
@@ -742,9 +773,7 @@ void sec_audit_logger(modsec_rec *msr) {
sec_auditlog_write(msr, text, strlen(text)); sec_auditlog_write(msr, text, strlen(text));
} }
/* Producer */ sec_auditlog_write_producer_header(msr);
text = apr_psprintf(msr->mp, "Producer: %s.\n", MODULE_NAME_FULL);
sec_auditlog_write(msr, text, strlen(text));
/* Server */ /* Server */
if (msr->server_software != NULL) { if (msr->server_software != NULL) {