github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser

Browse Source
This commit is contained in:
Victor Hora 2018-04-23 16:14:49 -04:00 committed by Felipe Zimmerle
parent a939d19fad
commit bb2ecdf4db
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
6 changed files with 7989 additions and 7796 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.3 - YYYY-MMM-DD (to be released)
-------------------------------------
- Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser
[Issue #1752 - @victorhora]
- Fix STATUS var parsing and accept STATUS_LINE var for v2 backward comp.
[Issue #1738 - @victorhora]
- Fix memory leak in modsecurity::utils::expandEnv()

3963
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

1479
src/parser/seclang-parser.hh
View File

File diff suppressed because it is too large Load Diff

20
src/parser/seclang-parser.yy
View File

@ -570,6 +570,7 @@ using modsecurity::operators::Operator;
ACTION_TRANSFORMATION_CMD_LINE "ACTION_TRANSFORMATION_CMD_LINE"
ACTION_TRANSFORMATION_COMPRESS_WHITESPACE "ACTION_TRANSFORMATION_COMPRESS_WHITESPACE"
ACTION_TRANSFORMATION_CSS_DECODE "ACTION_TRANSFORMATION_CSS_DECODE"
ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE "ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE"
ACTION_TRANSFORMATION_HEX_ENCODE "ACTION_TRANSFORMATION_HEX_ENCODE"
ACTION_TRANSFORMATION_HEX_DECODE "ACTION_TRANSFORMATION_HEX_DECODE"
ACTION_TRANSFORMATION_HTML_ENTITY_DECODE "ACTION_TRANSFORMATION_HTML_ENTITY_DECODE"
@ -592,7 +593,10 @@ using modsecurity::operators::Operator;
ACTION_TRANSFORMATION_SHA1 "ACTION_TRANSFORMATION_SHA1"
ACTION_TRANSFORMATION_SQL_HEX_DECODE "ACTION_TRANSFORMATION_SQL_HEX_DECODE"
ACTION_TRANSFORMATION_TRIM "ACTION_TRANSFORMATION_TRIM"
ACTION_TRANSFORMATION_TRIM_LEFT "ACTION_TRANSFORMATION_TRIM_LEFT"
ACTION_TRANSFORMATION_TRIM_RIGHT "ACTION_TRANSFORMATION_TRIM_RIGHT"
ACTION_TRANSFORMATION_UPPERCASE "ACTION_TRANSFORMATION_UPPERCASE"
ACTION_TRANSFORMATION_URL_ENCODE "ACTION_TRANSFORMATION_URL_ENCODE"
ACTION_TRANSFORMATION_URL_DECODE "ACTION_TRANSFORMATION_URL_DECODE"
ACTION_TRANSFORMATION_URL_DECODE_UNI "ACTION_TRANSFORMATION_URL_DECODE_UNI"
ACTION_TRANSFORMATION_UTF8_TO_UNICODE "ACTION_TRANSFORMATION_UTF8_TO_UNICODE"
@ -2790,6 +2794,10 @@ act:
{
ACTION_CONTAINER($$, new actions::transformations::Md5($1));
}
| ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE
{
ACTION_CONTAINER($$, new actions::transformations::EscapeSeqDecode($1));
}
| ACTION_TRANSFORMATION_HEX_ENCODE
{
ACTION_CONTAINER($$, new actions::transformations::HexEncode($1));
@ -2814,6 +2822,10 @@ act:
{
ACTION_CONTAINER($$, new actions::transformations::UrlDecode($1));
}
| ACTION_TRANSFORMATION_URL_ENCODE
{
ACTION_CONTAINER($$, new actions::transformations::UrlEncode($1));
}
| ACTION_TRANSFORMATION_NONE
{
ACTION_CONTAINER($$, new actions::transformations::None($1));
@ -2850,6 +2862,14 @@ act:
{
ACTION_CONTAINER($$, new actions::transformations::Trim($1));
}
| ACTION_TRANSFORMATION_TRIM_LEFT
{
ACTION_CONTAINER($$, new actions::transformations::TrimLeft($1));
}
| ACTION_TRANSFORMATION_TRIM_RIGHT
{
ACTION_CONTAINER($$, new actions::transformations::TrimRight($1));
}
| ACTION_TRANSFORMATION_NORMALISE_PATH_WIN
{
ACTION_CONTAINER($$, new actions::transformations::NormalisePathWin($1));

10313
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

8
src/parser/seclang-scanner.ll
View File

@ -139,6 +139,7 @@ ACTION_TRANSFORMATION_BASE_64_DECODE (?i:t:base64Decode)
ACTION_TRANSFORMATION_BASE_64_DECODE_EXT (?i:t:base64DecodeExt)
ACTION_TRANSFORMATION_CMD_LINE (?i:t:cmdLine)
ACTION_TRANSFORMATION_COMPRESS_WHITESPACE (?i:t:compressWhitespace)
ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE (?i:t:escapeSeqDecode)
ACTION_TRANSFORMATION_CSS_DECODE (?i:t:cssDecode)
ACTION_TRANSFORMATION_HEX_ENCODE (?i:t:hexEncode)
ACTION_TRANSFORMATION_HEX_DECODE (?i:t:hexDecode)
@ -162,7 +163,10 @@ ACTION_TRANSFORMATION_REPLACE_NULLS (?i:t:replaceNulls)
ACTION_TRANSFORMATION_SHA1 (?i:t:sha1)
ACTION_TRANSFORMATION_SQL_HEX_DECODE (?i:t:sqlHexDecode)
ACTION_TRANSFORMATION_TRIM (?i:t:trim)
ACTION_TRANSFORMATION_TRIM_LEFT (?i:t:trimLeft)
ACTION_TRANSFORMATION_TRIM_RIGHT (?i:t:trimRight)
ACTION_TRANSFORMATION_UPPERCASE (?i:t:uppercase)
ACTION_TRANSFORMATION_URL_ENCODE (?i:t:urlEncode)
ACTION_TRANSFORMATION_URL_DECODE (?i:t:urlDecode)
ACTION_TRANSFORMATION_URL_DECODE_UNI (?i:t:urlDecodeUni)
ACTION_TRANSFORMATION_UTF8_TO_UNICODE (?i:t:utf8toUnicode)
@ -574,10 +578,12 @@ EQUALS_MINUS (?i:=\-)
{ACTION_TRANSFORMATION_CMD_LINE} { return p::make_ACTION_TRANSFORMATION_CMD_LINE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_SHA1} { return p::make_ACTION_TRANSFORMATION_SHA1(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_MD5} { return p::make_ACTION_TRANSFORMATION_MD5(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE} { return p::make_ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_HEX_ENCODE} { return p::make_ACTION_TRANSFORMATION_HEX_ENCODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_HEX_DECODE} { return p::make_ACTION_TRANSFORMATION_HEX_DECODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_LOWERCASE} { return p::make_ACTION_TRANSFORMATION_LOWERCASE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_UPPERCASE} { return p::make_ACTION_TRANSFORMATION_UPPERCASE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_URL_ENCODE} { return p::make_ACTION_TRANSFORMATION_URL_ENCODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_URL_DECODE_UNI} { return p::make_ACTION_TRANSFORMATION_URL_DECODE_UNI(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_URL_DECODE} { return p::make_ACTION_TRANSFORMATION_URL_DECODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_NONE} { return p::make_ACTION_TRANSFORMATION_NONE(yytext, *driver.loc.back()); }
@ -589,6 +595,8 @@ EQUALS_MINUS (?i:=\-)
{ACTION_TRANSFORMATION_JS_DECODE} { return p::make_ACTION_TRANSFORMATION_JS_DECODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_CSS_DECODE} { return p::make_ACTION_TRANSFORMATION_CSS_DECODE(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_TRIM} { return p::make_ACTION_TRANSFORMATION_TRIM(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_TRIM_LEFT} { return p::make_ACTION_TRANSFORMATION_TRIM_LEFT(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_TRIM_RIGHT} { return p::make_ACTION_TRANSFORMATION_TRIM_RIGHT(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_NORMALISE_PATH_WIN} { return p::make_ACTION_TRANSFORMATION_NORMALISE_PATH_WIN(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_NORMALISE_PATH} { return p::make_ACTION_TRANSFORMATION_NORMALISE_PATH(yytext, *driver.loc.back()); }
{ACTION_TRANSFORMATION_LENGTH} { return p::make_ACTION_TRANSFORMATION_LENGTH(yytext, *driver.loc.back()); }