github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Testing new approach to tag macro expansion

Browse Source
This commit is contained in:
brenosilva
2011-04-03 21:54:12 +00:00
parent 6b7c138a98
commit b64d28eb5a
3 changed files with 27 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
apache2/re.c
View File

@@ -597,7 +597,6 @@ msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
actionset->id = NOT_SET_P; actionset->id = NOT_SET_P;
actionset->rev = NOT_SET_P; actionset->rev = NOT_SET_P;
actionset->msg = NOT_SET_P; actionset->msg = NOT_SET_P;
actionset->tag = NOT_SET_P;
actionset->logdata = NOT_SET_P; actionset->logdata = NOT_SET_P;
actionset->phase = NOT_SET; actionset->phase = NOT_SET;
actionset->severity = -1; actionset->severity = -1;
@@ -680,7 +679,6 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
if (child->id != NOT_SET_P) merged->id = child->id; if (child->id != NOT_SET_P) merged->id = child->id;
if (child->rev != NOT_SET_P) merged->rev = child->rev; if (child->rev != NOT_SET_P) merged->rev = child->rev;
if (child->msg != NOT_SET_P) merged->msg = child->msg; if (child->msg != NOT_SET_P) merged->msg = child->msg;
if (child->tag != NOT_SET_P) merged->tag = child->tag;
if (child->logdata != NOT_SET_P) merged->logdata = child->logdata; if (child->logdata != NOT_SET_P) merged->logdata = child->logdata;
if (child->severity != NOT_SET) merged->severity = child->severity; if (child->severity != NOT_SET) merged->severity = child->severity;
if (child->phase != NOT_SET) merged->phase = child->phase; if (child->phase != NOT_SET) merged->phase = child->phase;
@@ -737,7 +735,6 @@ void msre_actionset_set_defaults(msre_actionset *actionset) {
if (actionset->id == NOT_SET_P) actionset->id = NULL; if (actionset->id == NOT_SET_P) actionset->id = NULL;
if (actionset->rev == NOT_SET_P) actionset->rev = NULL; if (actionset->rev == NOT_SET_P) actionset->rev = NULL;
if (actionset->msg == NOT_SET_P) actionset->msg = NULL; if (actionset->msg == NOT_SET_P) actionset->msg = NULL;
if (actionset->tag == NOT_SET_P) actionset->tag = NULL;
if (actionset->logdata == NOT_SET_P) actionset->logdata = NULL; if (actionset->logdata == NOT_SET_P) actionset->logdata = NULL;
if (actionset->phase == NOT_SET) actionset->phase = 2; if (actionset->phase == NOT_SET) actionset->phase = 2;
if (actionset->severity == -1) {} /* leave at -1 */ if (actionset->severity == -1) {} /* leave at -1 */
@@ -1059,12 +1056,18 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
if(action->param != NULL) { if(action->param != NULL) {
/* Expand variables in the tag argument. */
msc_string *var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
var->value = (char *)action->param;
var->value_len = strlen(action->param);
expand_macros(msr, var, NULL, msr->mp);
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Checking removal of rule tag=\"%s\" against: %s", (char *)action->param, range); msr_log(msr, 9, "Checking removal of rule tag=\"%s\" against: %s", var->value, range);
} }
if (strncasecmp(action->param, range, strlen(range)) == 0) { if (strncasecmp(var->value, range, strlen(range)) == 0) {
do_process = 0; do_process = 0;
break; break;
} }
@@ -1439,17 +1442,28 @@ static int msre_ruleset_phase_rule_remove_with_exception(msre_ruleset *ruleset,
break; break;
case RULE_EXCEPTION_REMOVE_TAG : case RULE_EXCEPTION_REMOVE_TAG :
if ((rule->actionset != NULL)&&(rule->actionset->tag != NULL)) { if ((rule->actionset != NULL)&&(apr_is_empty_table(rule->actionset->actions) == 0)) {
char *my_error_msg = NULL; char *my_error_msg = NULL;
const apr_array_header_t *tarr = NULL;
const apr_table_entry_t *telts = NULL;
int act;
int rc = msc_regexec(re->param_data, tarr = apr_table_elts(rule->actionset->actions);
rule->actionset->tag, strlen(rule->actionset->tag), telts = (const apr_table_entry_t*)tarr->elts;
&my_error_msg);
if (rc >= 0) { for (act = 0; act < tarr->nelts; act++) {
remove_rule = 1; msre_action *action = (msre_action *)telts[act].val;
if((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) {
int rc = msc_regexec(re->param_data,
action->param, strlen(action->param),
&my_error_msg);
if (rc >= 0) {
remove_rule = 1;
}
}
} }
} }
break; break;
} }
} }

1
apache2/re.h
View File

@@ -297,7 +297,6 @@ struct msre_actionset {
const char *rev; const char *rev;
const char *msg; const char *msg;
const char *logdata; const char *logdata;
const char *tag;
int severity; int severity;
int phase; int phase;
msre_rule *rule; msre_rule *rule;

31
apache2/re_actions.c
View File

@@ -568,35 +568,6 @@ static apr_status_t msre_action_redirect_execute(modsec_rec *msr, apr_pool_t *mp
return 1; return 1;
} }
/* tag */
/*
* \brief Execution function to tag action
*
* \param msr Pointer internal modsec request structure
* \param mptmp Pointer to memory pool
* \param rule Pointer to the rule
* \param action Pointer to action structure
*
* \retval 1 On Success
*/
static apr_status_t msre_action_tag_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
{
msc_string *var = NULL;
var = apr_pcalloc(mptmp, sizeof(msc_string));
if (var == NULL) return -1;
var->value = (char *)action->param;
var->value_len = strlen(var->value);
expand_macros(msr, var, rule, mptmp);
if(rule->actionset != NULL)
rule->actionset->tag = apr_pstrmemdup(msr->mp, var->value, var->value);
return 0;
}
/* proxy */ /* proxy */
static char *msre_action_proxy_validate(msre_engine *engine, msre_action *action) { static char *msre_action_proxy_validate(msre_engine *engine, msre_action *action) {
@@ -2634,7 +2605,7 @@ void msre_engine_register_default_actions(msre_engine *engine) {
ACTION_CGROUP_NONE, ACTION_CGROUP_NONE,
NULL, NULL,
NULL, NULL,
msre_action_tag_execute NULL,
); );
/* prepend */ /* prepend */