diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index b7788364..6324ada2 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -932,152 +932,6 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg, return NULL; } -char *update_rule_target(cmd_parms *cmd, directory_config *dcfg, - msre_ruleset *rset, const char *p1, const char *p2, const char *p3) -{ - msre_var **targets = NULL; - msre_rule *rule = NULL; - msre_ruleset *ruleset = NULL; - const char *curr_targets = NULL; - char *my_error_msg = NULL; - char *p = NULL, *savedptr = NULL; - char *target_list = NULL, *replace = NULL; - int is_negated = 0, is_counting = 0; - int name_len = 0, value_len = 0; - char *name = NULL, *value = NULL; - char *opt = NULL, *param = NULL; - int i, rc, match = 0; - int offset = 0; - - if(p1 == NULL || p2 == NULL || (dcfg == NULL && rset == NULL)) { - return NULL; - } - - if(dcfg != NULL) - ruleset = dcfg->ruleset; - else if (rset != NULL) - ruleset = rset; - - /* Get the ruleset if one exists */ - if ((ruleset == NULL)||(ruleset == NOT_SET_P)) { - return NULL; - } - - rule = msre_ruleset_fetch_rule(ruleset, p1, offset); - if (rule == NULL) { - if (cmd != NULL) { - ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool, - "Update rule id=\"%s\" with targets \"%s\" failed: Rule not found.", p1, p2); - } - return NULL; - } - - target_list = strdup(p2); - if(target_list == NULL) - return NULL; - - if(p3 != NULL) { - replace = strdup(p3); - if(replace == NULL) { - free(target_list); - return NULL; - } - } - - if(replace != NULL) { - - opt = strchr(replace,'!'); - - if(opt != NULL) { - *opt = '\0'; - opt++; - param = opt; - is_negated = 1; - } else if ((opt = strchr(replace,'&')) != NULL) { - *opt = '\0'; - opt++; - param = opt; - is_counting = 1; - } else { - param = replace; - } - - opt = strchr(param,':'); - - if(opt != NULL) { - name = apr_strtok(param,":",&value); - if(strchr(value,':') != NULL) { - goto end; - } - } else { - name = param; - } - - name_len = strlen(name); - - if(value != NULL) - value_len = strlen(value); - - targets = (msre_var **)rule->targets->elts; - // TODO need a good way to remove the element from array, maybe change array by tables or rings - for (i = 0; i < rule->targets->nelts; i++) { - if((strncasecmp(targets[i]->name,name,name_len) == 0) && - (targets[i]->is_negated == is_negated) && - (targets[i]->is_counting == is_counting)) { - - if(value != NULL && targets[i]->param != NULL) { - if(strncasecmp(targets[i]->param,value,value_len) == 0) { - memset(targets[i]->name,0,strlen(targets[i]->name)); - memset(targets[i]->param,0,strlen(targets[i]->param)); - match = 1; - } - } else if (value == NULL && targets[i]->param == NULL){ - memset(targets[i]->name,0,strlen(targets[i]->name)); - match = 1; - } else - continue; - - } - } - } - - p = apr_strtok(target_list, ",", &savedptr); - - while(p != NULL) { - - if(replace != NULL) { - if(match == 1) { - rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); - if (rc < 0) { - goto end; - } - } else { - goto end; - } - } else { - - rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); - if (rc < 0) { - goto end; - } - - } - - p = apr_strtok(NULL,",",&savedptr); - } - - curr_targets = msre_generate_target_string(ruleset->mp, rule); - - rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, curr_targets, NULL, NULL); - -end: - if(target_list != NULL) - free(target_list); - if(replace != NULL) - free(replace); - return NULL; -} - /* -- Configuration directives -- */ static const char *cmd_action(cmd_parms *cmd, void *_dcfg, const char *p1) diff --git a/apache2/msc_gsb.c b/apache2/msc_gsb.c index f57bd54f..3a525716 100644 --- a/apache2/msc_gsb.c +++ b/apache2/msc_gsb.c @@ -92,7 +92,7 @@ int gsb_mal_init(directory_config *dcfg, const char *dbfn, char **error_msg) if ((dcfg->gsb == NULL) || (dcfg->gsb == NOT_SET_P)) { dcfg->gsb = apr_pcalloc(dcfg->mp, sizeof(gsb_db)); if (dcfg->gsb == NULL) { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "GSB 0 : %p",dcfg->gsb); + return -1; } } diff --git a/apache2/re.c b/apache2/re.c index 1803f4d5..ea85709a 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -34,6 +34,147 @@ static const char *const severities[] = { /* -- Actions, variables, functions and operator functions ----------------- */ +char *update_rule_target(cmd_parms *cmd, directory_config *dcfg, + msre_ruleset *rset, const char *p1, const char *p2, const char *p3) +{ + msre_var **targets = NULL; + msre_rule *rule = NULL; + msre_ruleset *ruleset = NULL; + const char *curr_targets = NULL; + char *my_error_msg = NULL; + char *p = NULL, *savedptr = NULL; + char *target_list = NULL, *replace = NULL; + int is_negated = 0, is_counting = 0; + int name_len = 0, value_len = 0; + char *name = NULL, *value = NULL; + char *opt = NULL, *param = NULL; + int i, rc, match = 0; + int offset = 0; + + if(p1 == NULL || p2 == NULL || (dcfg == NULL && rset == NULL)) { + return NULL; + } + + if(dcfg != NULL) + ruleset = dcfg->ruleset; + else if (rset != NULL) + ruleset = rset; + + /* Get the ruleset if one exists */ + if ((ruleset == NULL)||(ruleset == NOT_SET_P)) { + return NULL; + } + rule = msre_ruleset_fetch_rule(ruleset, p1, offset); + if (rule == NULL) { + return NULL; + } + + target_list = strdup(p2); + if(target_list == NULL) + return NULL; + + if(p3 != NULL) { + replace = strdup(p3); + if(replace == NULL) { + free(target_list); + return NULL; + } + } + + if(replace != NULL) { + + opt = strchr(replace,'!'); + + if(opt != NULL) { + *opt = '\0'; + opt++; + param = opt; + is_negated = 1; + } else if ((opt = strchr(replace,'&')) != NULL) { + *opt = '\0'; + opt++; + param = opt; + is_counting = 1; + } else { + param = replace; + } + + opt = strchr(param,':'); + + if(opt != NULL) { + name = apr_strtok(param,":",&value); + if(strchr(value,':') != NULL) { + goto end; + } + } else { + name = param; + } + + name_len = strlen(name); + + if(value != NULL) + value_len = strlen(value); + + targets = (msre_var **)rule->targets->elts; + // TODO need a good way to remove the element from array, maybe change array by tables or rings + for (i = 0; i < rule->targets->nelts; i++) { + if((strncasecmp(targets[i]->name,name,name_len) == 0) && + (targets[i]->is_negated == is_negated) && + (targets[i]->is_counting == is_counting)) { + + if(value != NULL && targets[i]->param != NULL) { + if(strncasecmp(targets[i]->param,value,value_len) == 0) { + memset(targets[i]->name,0,strlen(targets[i]->name)); + memset(targets[i]->param,0,strlen(targets[i]->param)); + match = 1; + } + } else if (value == NULL && targets[i]->param == NULL){ + memset(targets[i]->name,0,strlen(targets[i]->name)); + match = 1; + } else + continue; + + } + } + } + + p = apr_strtok(target_list, ",", &savedptr); + + while(p != NULL) { + + if(replace != NULL) { + if(match == 1) { + rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); + if (rc < 0) { + goto end; + } + } else { + goto end; + } + } else { + + rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); + if (rc < 0) { + goto end; + } + } + + p = apr_strtok(NULL,",",&savedptr); + } + + curr_targets = msre_generate_target_string(ruleset->mp, rule); + + rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, curr_targets, NULL, NULL); + +end: + if(target_list != NULL) + free(target_list); + if(replace != NULL) + free(replace); + return NULL; +} + + /** * Remove actions with the same cardinality group from the actionset. */ diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 7ae88349..2535e640 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -538,6 +538,7 @@ static char *param_remove_escape(msre_rule *rule, char *str, int len) { * \retval 1 On Success * \retval 0 On Fail */ +#if !defined(MSC_TEST) static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) { ap_regex_t *regex; const char *pattern = NULL; @@ -798,6 +799,7 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, return 1; } +#endif /* MSC_TEST */ /* rx */ @@ -3744,11 +3746,13 @@ void msre_engine_register_default_operators(msre_engine *engine) { ); /* rsub */ +#if !defined(MSC_TEST) msre_engine_op_register(engine, "rsub", msre_op_rsub_param_init, msre_op_rsub_execute ); +#endif /* MSC_TEST */ /* rx */ msre_engine_op_register(engine, diff --git a/tests/op/m.t b/tests/op/strmatch.t similarity index 62% rename from tests/op/m.t rename to tests/op/strmatch.t index def6d08f..40ceda55 100644 --- a/tests/op/m.t +++ b/tests/op/strmatch.t @@ -1,51 +1,36 @@ ### Empty { type => "op", - name => "m", - param => "", - input => "", - ret => 1, -}, -{ - type => "op", - name => "m", + name => "strmatch", param => "TestCase", input => "", ret => 0, }, -{ - type => "op", - name => "m", - param => "", - input => "TestCase", - ret => 1, -}, - ### General { type => "op", - name => "m", + name => "strmatch", param => "abc", input => "abcdefghi", ret => 1, }, { type => "op", - name => "m", + name => "strmatch", param => "def", input => "abcdefghi", ret => 1, }, { type => "op", - name => "m", + name => "strmatch", param => "ghi", input => "abcdefghi", ret => 1, }, { type => "op", - name => "m", + name => "strmatch", param => "ghij", input => "abcdefghi", ret => 0,