Adds support to setenv action

Issue #1044

CHANGES

@@ -1,6 +1,8 @@
 v3.0.3 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Adds support to setenv action.
+   [Issue #1044 - @zimmerle]
  - Adds new transaction constructor that accepts the transaction id
    as parameter.
    [Issue #1627 - @defanator, @zimmerle]

Makefile.am

@@ -117,6 +117,7 @@ TESTS+=test/test-cases/regression/variable-MATCHED_VAR.json
 TESTS+=test/test-cases/regression/variable-REQUEST_URI.json
 TESTS+=test/test-cases/regression/variable-ENV.json
 TESTS+=test/test-cases/regression/variable-URLENCODED_ERROR.json
+TESTS+=test/test-cases/regression/action-setenv.json
 TESTS+=test/test-cases/regression/action-setsid.json
 TESTS+=test/test-cases/regression/variable-AUTH_TYPE.json
 TESTS+=test/test-cases/regression/variable-TIME_DAY.json

src/Makefile.am

@@ -136,6 +136,7 @@ ACTIONS = \
 	actions/rev.cc \
 	actions/rule_id.cc \
 	actions/severity.cc \
+	actions/set_env.cc \
 	actions/set_rsc.cc \
 	actions/set_sid.cc \
 	actions/set_uid.cc \

src/actions/set_env.cc

@@ -0,0 +1,48 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/set_env.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "src/utils/string.h"
+
+namespace modsecurity {
+namespace actions {
+
+
+bool SetENV::init(std::string *error) {
+    return true;
+}
+
+
+bool SetENV::evaluate(Rule *rule, Transaction *t) {
+    std::string colNameExpanded(m_string->evaluate(t));
+
+#ifndef NO_LOGS
+    t->debug(8, "Setting envoriment variable: "
+        + colNameExpanded + ".");
+#endif
+
+    putenv((char *)colNameExpanded.c_str());
+
+    return true;
+}
+
+}  // namespace actions
+}  // namespace modsecurity

src/actions/set_env.h

@@ -0,0 +1,53 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+#include <utility>
+#include <memory>
+
+#include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
+
+#ifndef SRC_ACTIONS_SET_ENV_H_
+#define SRC_ACTIONS_SET_ENV_H_
+
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+namespace actions {
+
+
+class SetENV : public Action {
+ public:
+    explicit SetENV(std::string _action)
+        : Action(_action) { }
+
+    explicit SetENV(std::unique_ptr<RunTimeString> z)
+        : Action("setenv", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool init(std::string *error) override;
+
+ private:
+    std::unique_ptr<RunTimeString> m_string;
+};
+
+
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_SET_ENV_H_

src/parser/seclang-parser.hh

@@ -85,6 +85,7 @@ class Driver;
 #include "src/actions/phase.h"
 #include "src/actions/rev.h"
 #include "src/actions/rule_id.h"
+#include "src/actions/set_env.h"
 #include "src/actions/set_rsc.h"
 #include "src/actions/set_sid.h"
 #include "src/actions/set_uid.h"
@@ -380,7 +381,7 @@ using modsecurity::operators::Operator;
 
 
 
-#line 384 "seclang-parser.hh" // lalr1.cc:379
+#line 385 "seclang-parser.hh" // lalr1.cc:379
 
 # include <cassert>
 # include <cstdlib> // std::abort
@@ -457,7 +458,7 @@ using modsecurity::operators::Operator;
 
 
 namespace yy {
-#line 461 "seclang-parser.hh" // lalr1.cc:379
+#line 462 "seclang-parser.hh" // lalr1.cc:379
 
 
 
@@ -2875,7 +2876,7 @@ namespace yy {
     enum
     {
       yyeof_ = 0,
-      yylast_ = 3320,     ///< Last index in yytable_.
+      yylast_ = 3321,     ///< Last index in yytable_.
       yynnts_ = 16,  ///< Number of nonterminal symbols.
       yyfinal_ = 336, ///< Termination state number.
       yyterror_ = 1,
@@ -6139,7 +6140,7 @@ namespace yy {
 
 
 } // yy
-#line 6143 "seclang-parser.hh" // lalr1.cc:379
+#line 6144 "seclang-parser.hh" // lalr1.cc:379
 
 
 

src/parser/seclang-parser.yy

@@ -51,6 +51,7 @@ class Driver;
 #include "src/actions/phase.h"
 #include "src/actions/rev.h"
 #include "src/actions/rule_id.h"
+#include "src/actions/set_env.h"
 #include "src/actions/set_rsc.h"
 #include "src/actions/set_sid.h"
 #include "src/actions/set_uid.h"
@@ -2749,9 +2750,9 @@ act:
       {
         ACTION_NOT_SUPPORTED("SanitiseResponseHeader", @0);
       }
-    | ACTION_SETENV
+    | ACTION_SETENV run_time_string
       {
-        ACTION_NOT_SUPPORTED("SetEnv", @0);
+        ACTION_CONTAINER($$, new actions::SetENV(std::move($2)));
       }
     | ACTION_SETRSC run_time_string
       {

src/parser/seclang-scanner.ll

@@ -552,10 +552,7 @@ EQUALS_MINUS                            (?i:=\-)
 {ACTION_REDIRECT}:                                                      { BEGIN(EXPECTING_ACTION_PREDICATE); return p::make_ACTION_REDIRECT(yytext, *driver.loc.back()); }
 {ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}'                                  { return p::make_ACTION_REV(yytext, *driver.loc.back()); }
 {ACTION_REV}:{FREE_TEXT_QUOTE_COMMA}                                    { return p::make_ACTION_REV(yytext, *driver.loc.back()); }
-{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}'           { return p::make_ACTION_SETENV(yytext, *driver.loc.back()); }
+{ACTION_SETENV}:                                                         { BEGIN(EXPECTING_ACTION_PREDICATE); return p::make_ACTION_SETENV(yytext, *driver.loc.back()); }
-{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}'                                 { return p::make_ACTION_SETENV(yytext, *driver.loc.back()); }
-{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE_COMMA}                             { return p::make_ACTION_SETENV(yytext, *driver.loc.back()); }
-{ACTION_SETENV}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA}       { return p::make_ACTION_SETENV(yytext, *driver.loc.back()); }
 {ACTION_SETSID}:                                                        { BEGIN(EXPECTING_ACTION_PREDICATE); return p::make_ACTION_SETSID(yytext, *driver.loc.back()); }
 {ACTION_SETUID}:                                                        { BEGIN(EXPECTING_ACTION_PREDICATE); return p::make_ACTION_SETUID(yytext, *driver.loc.back()); }
 

src/variables/inbound_data_error.h

@@ -30,7 +30,8 @@ class Transaction;
 namespace Variables {
 
 
-DEFINE_VARIABLE(InboundDataError, INBOUND_DATA_ERROR, m_variableInboundDataError)
+DEFINE_VARIABLE(InboundDataError, INBOUND_DATA_ERROR,
+    m_variableInboundDataError)
 
 
 }  // namespace Variables

test/test-cases/regression/action-setenv.json

@@ -0,0 +1,64 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setsid action (1/2)",
+    "expected":{
+      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:'variable=%{matched_var}',pass\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setenv action (2/2)",
+    "expected":{
+      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var},pass\""
+    ]
+  }
+]