github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Expand macros in expirevar and deprecatevar. See #477.

Browse Source 
Cleaned up debug logs in actions.
Warn on mismatched curly braces in macro expansion.
This commit is contained in:
brectanus 2008-04-24 16:23:35 +00:00
parent d37ab94824
commit b4f473f87f
2 changed files with 54 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@ -1,11 +1,7 @@
11 Apr 2008 - trunk
24 Apr 2008 - 2.5.3
-------------------
* Allow HTTP_* targets as an alias for REQUEST_HEADERS:*.
* Make sure temporary filehandles are closed after a transaction.
* Fixed issue where the exec action may not be able to execute shell scripts.
* Macros are now expanded in expirevar and deprecatevar.
02 Apr 2008 - 2.5.2

53
apache2/re_actions.c
View File

@ -203,6 +203,12 @@ int expand_macros(modsec_rec *msr, msc_string *var, msre_rule *rule, apr_pool_t
next_text_start = t + 1; /* *t was '}' */
} else {
/* Warn about a possiblly forgotten '}' */
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Warning: Possibly unterminated macro: \"%s\"",
log_escape_ex(mptmp, var_start - 2, t - var_start + 2));
}
next_text_start = t; /* *t was '\0' */
}
}
@ -1023,7 +1029,7 @@ static apr_status_t msre_action_setenv_execute(modsec_rec *msr, apr_pool_t *mptm
}
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Setting env enviable: %s=%s", env_name, env_value);
msr_log(msr, 9, "Setting env variable: %s=%s", env_name, env_value);
}
/* Expand and escape any macros in the name */
@ -1259,6 +1265,21 @@ static apr_status_t msre_action_expirevar_execute(modsec_rec *msr, apr_pool_t *m
*s = '\0';
}
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Expiring variable: %s=%s", var_name, var_value);
}
/* Expand and escape any macros in the name */
var = apr_palloc(msr->mp, sizeof(msc_string));
if (var == NULL) {
msr_log(msr, 1, "Failed to allocate space to expand name macros");
return -1;
}
var->value = var_name;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, mptmp);
var_name = log_escape_ex(msr->mp, var->value, var->value_len);
/* Choose the collection to work with. */
s = strstr(var_name, ".");
if (s != NULL) {
@ -1289,9 +1310,18 @@ static apr_status_t msre_action_expirevar_execute(modsec_rec *msr, apr_pool_t *m
var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
var->name = apr_psprintf(msr->mp, "__expire_%s", var_name);
var->name_len = strlen(var->name);
/* Expand macros in value */
var->value = var_value;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, msr->mp);
var_value = var->value;
/* Calculate with the expanded value */
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)(apr_time_sec(msr->request_time)
+ atoi(var_value)));
var->value_len = strlen(var->value);
apr_table_setn(target_col, var->name, (void *)var);
msr_log(msr, 4, "Variable \"%s.%s\" set to expire in %s seconds.", col_name,
@ -1326,6 +1356,27 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t
*s = '\0';
}
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Deprecating variable: %s=%s", var_name, var_value);
}
/* Expand and escape any macros in the name */
var = apr_palloc(msr->mp, sizeof(msc_string));
if (var == NULL) {
msr_log(msr, 1, "Failed to allocate space to expand name macros");
return -1;
}
var->value = var_name;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, mptmp);
var_name = log_escape_ex(msr->mp, var->value, var->value_len);
/* Expand macros in value */
var->value = var_value;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, msr->mp);
var_value = var->value;
/* Choose the collection to work with. */
s = strstr(var_name, ".");
if (s != NULL) {