diff --git a/src/assay.cc b/src/assay.cc index 0cecadcc..c6c852ae 100644 --- a/src/assay.cc +++ b/src/assay.cc @@ -353,6 +353,20 @@ int Assay::addRequestHeader(const std::string& key, this->store_variable("AUTH_TYPE", type[0]); } + if (tolower(key) == "cookie") { + std::vector cookies = split(value, ';'); + while (cookies.empty() == false) { + std::vector s = split(cookies.back(), '='); + if (s.size() > 1) { + if (s[0].at(0) == ' ') { + s[0].erase(0, 1); + } + this->store_variable("REQUEST_COOKIES:" + s[0], s[1]); + this->store_variable("REQUEST_COOKIES_NAMES:" + s[0], s[0]); + } + cookies.pop_back(); + } + } /** * Simple check to decide the request body content. This is not the right * place, the "body processor" should be able to tell what he is capable diff --git a/test/test-cases/regression/variable-REQUEST_COOKIES.json b/test/test-cases/regression/variable-REQUEST_COOKIES.json new file mode 100644 index 00000000..aa769265 --- /dev/null +++ b/test/test-cases/regression/variable-REQUEST_COOKIES.json @@ -0,0 +1,129 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES (1/3)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b" + }, + "uri":"/?key=value&key=other_value", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"Yes\" \\(Variable: REQUEST_COOKIES:USER_TOKEN\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REQUEST_COOKIES \"@contains test \" \"pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES (2/3)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b" + }, + "uri":"/?key=value&key=other_value", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"z\" \\(Variable: REQUEST_COOKIES:a\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REQUEST_COOKIES \"@contains test \" \"pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES (3/3)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b" + }, + "uri":"/?key=value&key=other_value", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"b\" \\(Variable: REQUEST_COOKIES:t\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REQUEST_COOKIES \"@contains test \" \"pass,t:trim\"" + ] + } +] + diff --git a/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json b/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json new file mode 100644 index 00000000..9b7fd65f --- /dev/null +++ b/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json @@ -0,0 +1,129 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (1/3)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b" + }, + "uri":"/?key=value&key=other_value", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"USER_TOKEN\" \\(Variable: REQUEST_COOKIES_NAMES:USER_TOKEN\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (2/3)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b" + }, + "uri":"/?key=value&key=other_value", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"a\" \\(Variable: REQUEST_COOKIES_NAMES:a\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (3/3)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b" + }, + "uri":"/?key=value&key=other_value", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"t\" \\(Variable: REQUEST_COOKIES_NAMES:t\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"pass,t:trim\"" + ] + } +] +