From b64d28eb5a7ba51938e907010fd4615edfe77c54 Mon Sep 17 00:00:00 2001 From: brenosilva Date: Sun, 3 Apr 2011 21:54:12 +0000 Subject: [PATCH] Testing new approach to tag macro expansion --- apache2/re.c | 38 ++++++++++++++++++++++++++------------ apache2/re.h | 1 - apache2/re_actions.c | 31 +------------------------------ 3 files changed, 27 insertions(+), 43 deletions(-) diff --git a/apache2/re.c b/apache2/re.c index 6427d71b..b8800856 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -597,7 +597,6 @@ msre_actionset *msre_actionset_create(msre_engine *engine, const char *text, actionset->id = NOT_SET_P; actionset->rev = NOT_SET_P; actionset->msg = NOT_SET_P; - actionset->tag = NOT_SET_P; actionset->logdata = NOT_SET_P; actionset->phase = NOT_SET; actionset->severity = -1; @@ -680,7 +679,6 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent if (child->id != NOT_SET_P) merged->id = child->id; if (child->rev != NOT_SET_P) merged->rev = child->rev; if (child->msg != NOT_SET_P) merged->msg = child->msg; - if (child->tag != NOT_SET_P) merged->tag = child->tag; if (child->logdata != NOT_SET_P) merged->logdata = child->logdata; if (child->severity != NOT_SET) merged->severity = child->severity; if (child->phase != NOT_SET) merged->phase = child->phase; @@ -737,7 +735,6 @@ void msre_actionset_set_defaults(msre_actionset *actionset) { if (actionset->id == NOT_SET_P) actionset->id = NULL; if (actionset->rev == NOT_SET_P) actionset->rev = NULL; if (actionset->msg == NOT_SET_P) actionset->msg = NULL; - if (actionset->tag == NOT_SET_P) actionset->tag = NULL; if (actionset->logdata == NOT_SET_P) actionset->logdata = NULL; if (actionset->phase == NOT_SET) actionset->phase = 2; if (actionset->severity == -1) {} /* leave at -1 */ @@ -1059,12 +1056,18 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) if(action->param != NULL) { + /* Expand variables in the tag argument. */ + msc_string *var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); + + var->value = (char *)action->param; + var->value_len = strlen(action->param); + expand_macros(msr, var, NULL, msr->mp); if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "Checking removal of rule tag=\"%s\" against: %s", (char *)action->param, range); + msr_log(msr, 9, "Checking removal of rule tag=\"%s\" against: %s", var->value, range); } - if (strncasecmp(action->param, range, strlen(range)) == 0) { + if (strncasecmp(var->value, range, strlen(range)) == 0) { do_process = 0; break; } @@ -1439,17 +1442,28 @@ static int msre_ruleset_phase_rule_remove_with_exception(msre_ruleset *ruleset, break; case RULE_EXCEPTION_REMOVE_TAG : - if ((rule->actionset != NULL)&&(rule->actionset->tag != NULL)) { + if ((rule->actionset != NULL)&&(apr_is_empty_table(rule->actionset->actions) == 0)) { char *my_error_msg = NULL; + const apr_array_header_t *tarr = NULL; + const apr_table_entry_t *telts = NULL; + int act; - int rc = msc_regexec(re->param_data, - rule->actionset->tag, strlen(rule->actionset->tag), - &my_error_msg); - if (rc >= 0) { - remove_rule = 1; + tarr = apr_table_elts(rule->actionset->actions); + telts = (const apr_table_entry_t*)tarr->elts; + + for (act = 0; act < tarr->nelts; act++) { + msre_action *action = (msre_action *)telts[act].val; + if((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) { + + int rc = msc_regexec(re->param_data, + action->param, strlen(action->param), + &my_error_msg); + if (rc >= 0) { + remove_rule = 1; + } + } } } - break; } } diff --git a/apache2/re.h b/apache2/re.h index 368cee71..1990b08a 100644 --- a/apache2/re.h +++ b/apache2/re.h @@ -297,7 +297,6 @@ struct msre_actionset { const char *rev; const char *msg; const char *logdata; - const char *tag; int severity; int phase; msre_rule *rule; diff --git a/apache2/re_actions.c b/apache2/re_actions.c index 77cf8cfd..c729d2b0 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -568,35 +568,6 @@ static apr_status_t msre_action_redirect_execute(modsec_rec *msr, apr_pool_t *mp return 1; } -/* tag */ - -/* -* \brief Execution function to tag action -* -* \param msr Pointer internal modsec request structure -* \param mptmp Pointer to memory pool -* \param rule Pointer to the rule -* \param action Pointer to action structure -* -* \retval 1 On Success -*/ -static apr_status_t msre_action_tag_execute(modsec_rec *msr, apr_pool_t *mptmp, - msre_rule *rule, msre_action *action) -{ - msc_string *var = NULL; - - var = apr_pcalloc(mptmp, sizeof(msc_string)); - if (var == NULL) return -1; - var->value = (char *)action->param; - var->value_len = strlen(var->value); - expand_macros(msr, var, rule, mptmp); - - if(rule->actionset != NULL) - rule->actionset->tag = apr_pstrmemdup(msr->mp, var->value, var->value); - - return 0; -} - /* proxy */ static char *msre_action_proxy_validate(msre_engine *engine, msre_action *action) { @@ -2634,7 +2605,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { ACTION_CGROUP_NONE, NULL, NULL, - msre_action_tag_execute + NULL, ); /* prepend */