From c06179f18e2858585ce8b2a2b1ea2607cc88597b Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Fri, 7 Aug 2015 02:29:24 -0300
Subject: [PATCH] Adds support for Log and Rev actions

---
 src/Makefile.am               |  1 +
 src/actions/log.cc            | 34 +++++++++++++++++++++++++++
 src/actions/log.h             | 42 +++++++++++++++++++++++++++++++++
 src/actions/rev.cc            | 44 +++++++++++++++++++++++++++++++++++
 src/actions/rev.h             | 44 +++++++++++++++++++++++++++++++++++
 src/parser/seclang-parser.yy  | 25 ++++++++++++++++++++
 src/parser/seclang-scanner.ll |  4 +++-
 src/rule.h                    |  3 +++
 8 files changed, 196 insertions(+), 1 deletion(-)
 create mode 100644 src/actions/log.cc
 create mode 100644 src/actions/log.h
 create mode 100644 src/actions/rev.cc
 create mode 100644 src/actions/rev.h

diff --git a/src/Makefile.am b/src/Makefile.am
index 1d16bb51..82e44796 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -60,6 +60,7 @@ ACTIONS = \
 	actions/no_audit_log.cc \
 	actions/phase.cc \
 	actions/redirect.cc \
+	actions/rev.cc \
 	actions/rule_id.cc \
 	actions/severity.cc \
 	actions/set_var.cc \
diff --git a/src/actions/log.cc b/src/actions/log.cc
new file mode 100644
index 00000000..7547c3e5
--- /dev/null
+++ b/src/actions/log.cc
@@ -0,0 +1,34 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/log.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/assay.h"
+
+namespace ModSecurity {
+namespace actions {
+
+bool Log::evaluate(Rule *rule, Assay *assay) {
+    assay->save_in_auditlog = true;
+    /* FIXME: assay->serverLog("Something...."); */
+    assay->debug(9, "Saving transaction to logs");
+    return true;
+}
+
+}  // namespace actions
+}  // namespace ModSecurity
diff --git a/src/actions/log.h b/src/actions/log.h
new file mode 100644
index 00000000..ab117e5f
--- /dev/null
+++ b/src/actions/log.h
@@ -0,0 +1,42 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_LOG_H_
+#define SRC_ACTIONS_LOG_H_
+
+class Assay;
+
+namespace ModSecurity {
+class Assay;
+namespace actions {
+
+
+class Log : public Action {
+ public:
+    explicit Log(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind) { }
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+};
+
+}  // namespace actions
+}  // namespace ModSecurity
+
+
+#endif  // SRC_ACTIONS_LOG_H_
diff --git a/src/actions/rev.cc b/src/actions/rev.cc
new file mode 100644
index 00000000..ae7b8b13
--- /dev/null
+++ b/src/actions/rev.cc
@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/rev.h"
+
+#include <iostream>
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/assay.h"
+#include "src/utils.h"
+#include "src/rule.h"
+#include "src/macro_expansion.h"
+
+namespace ModSecurity {
+namespace actions {
+
+Rev::Rev(std::string action)
+    : Action(action, ConfigurationKind),
+    m_rev(action) {
+    m_rev.erase(0, 1);
+    m_rev.pop_back();
+}
+
+
+bool Rev::evaluate(Rule *rule, Assay *assay) {
+    rule->rev = m_rev;
+    return true;
+}
+
+}  // namespace actions
+}  // namespace ModSecurity
diff --git a/src/actions/rev.h b/src/actions/rev.h
new file mode 100644
index 00000000..a77536a0
--- /dev/null
+++ b/src/actions/rev.h
@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_REV_H_
+#define SRC_ACTIONS_REV_H_
+
+class Assay;
+
+namespace ModSecurity {
+class Assay;
+namespace actions {
+
+
+class Rev : public Action {
+ public:
+    explicit Rev(std::string action);
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+
+ private:
+    std::string m_rev;
+};
+
+
+}  // namespace actions
+}  // namespace ModSecurity
+
+#endif  // SRC_ACTIONS_REV_H_
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
index fdfdca18..bd73886e 100644
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -19,6 +19,7 @@ class Driver;
 #include "actions/action.h"
 #include "actions/set_var.h"
 #include "actions/msg.h"
+#include "actions/rev.h"
 #include "actions/tag.h"
 #include "actions/transformations/transformation.h"
 #include "operators/operator.h"
@@ -45,6 +46,7 @@ class Driver;
 using ModSecurity::actions::Action;
 using ModSecurity::actions::SetVar;
 using ModSecurity::actions::Tag;
+using ModSecurity::actions::Rev;
 using ModSecurity::actions::Msg;
 using ModSecurity::actions::transformations::Transformation;
 using ModSecurity::operators::Operator;
@@ -192,6 +194,7 @@ using ModSecurity::Variables::Variable;
 %token <std::string> ACTION_SETVAR
 %token <std::string> ACTION_MSG
 %token <std::string> ACTION_TAG
+%token <std::string> ACTION_REV
 %token <std::string> TRANSFORMATION
 
 %token <double> CONFIG_VALUE_NUMBER
@@ -693,6 +696,28 @@ actions:
         actions->push_back(tag);
         $$ = actions;
       }
+    | actions COMMA ACTION_REV
+      {
+        std::vector<Action *> *a = $1;
+        Rev *rev = new Rev($3);
+        a->push_back(rev);
+        $$ = $1;
+      }
+    | SPACE ACTION_REV
+      {
+        std::vector<Action *> *actions = new std::vector<Action *>;
+        Rev *rev = new Rev($2);
+        actions->push_back(rev);
+        $$ = actions;
+
+      }
+    | ACTION_REV
+      {
+        std::vector<Action *> *actions = new std::vector<Action *>;
+        Rev *rev = new Rev($1);
+        actions->push_back(rev);
+        $$ = actions;
+      }
 
 %%
 void
diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll
index 9918bf5c..dce2c82d 100755
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -23,11 +23,12 @@ using ModSecurity::split;
 %}
 %option noyywrap nounput batch debug noinput
 
-ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|rev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
+ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|logdata|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
 ACTION_SEVERITY (?i:severity:[0-9]+|severity:'[0-9]+'|severity:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|severity:'(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)')
 ACTION_SETVAR   (?i:setvar)
 ACTION_MSG      (?i:msg)
 ACTION_TAG      (?i:tag)
+ACTION_REV      (?i:rev)
 DIRECTIVE       SecRule
 
 CONFIG_DIRECTIVE SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
@@ -202,6 +203,7 @@ FREE_TEXT_NEW_LINE       [^\"|\n]+
                                          }
 {ACTION_MSG}:'{FREE_TEXT}'      { return yy::seclang_parser::make_ACTION_MSG(strchr(yytext, ':') + 1, *driver.loc.back()); }
 {ACTION_TAG}:'{FREE_TEXT}'      { return yy::seclang_parser::make_ACTION_TAG(strchr(yytext, ':') + 1, *driver.loc.back()); }
+{ACTION_REV}:'{FREE_TEXT}'      { return yy::seclang_parser::make_ACTION_REV(strchr(yytext, ':') + 1, *driver.loc.back()); }
 
 ["]                             { return yy::seclang_parser::make_QUOTATION_MARK(*driver.loc.back()); }
 [,]                             { return yy::seclang_parser::make_COMMA(*driver.loc.back()); }
diff --git a/src/rule.h b/src/rule.h
index 7f81a60a..a7286b83 100644
--- a/src/rule.h
+++ b/src/rule.h
@@ -16,6 +16,7 @@
 #ifdef __cplusplus
 #include <stack>
 #include <vector>
+#include <string>
 #endif
 
 #ifndef SRC_RULE_H_
@@ -60,6 +61,8 @@ class Rule {
         this->m_referenceCount++;
     }
 
+    std::string rev;
+
  private:
     int m_referenceCount;
 };