github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds verbose message when a resource is not found.

Browse Source 
Fix #1309
This commit is contained in:
Felipe Zimmerle 2017-05-02 13:38:41 -03:00
parent 77a658c7cd
commit c97db2f361
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
10 changed files with 906 additions and 831 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/operators/pm_from_file.cc
View File

@ -38,11 +38,12 @@ bool PmFromFile::init(const std::string &config, std::string *error) {
}
iss = new std::stringstream(client.content);
} else {
std::string resource = utils::find_resource(m_param, config);
std::string err;
std::string resource = utils::find_resource(m_param, config, &err);
iss = new std::ifstream(resource, std::ios::in);
if (((std::ifstream *)iss)->is_open() == false) {
error->assign("Failed to open file: " + m_param);
error->assign("Failed to open file: " + m_param + ". " + err);
delete iss;
return false;
}

5
src/operators/validate_dtd.cc
View File

@ -26,9 +26,10 @@ namespace operators {
bool ValidateDTD::init(const std::string &file, std::string *error) {
m_resource = utils::find_resource(m_param, file);
std::string err;
m_resource = utils::find_resource(m_param, file, &err);
if (m_resource == "") {
error->assign("XML: File not found: " + m_param + ".");
error->assign("XML: File not found: " + m_param + ". " + err);
return false;
}

5
src/operators/validate_schema.cc
View File

@ -26,9 +26,10 @@ namespace modsecurity {
namespace operators {
bool ValidateSchema::init(const std::string &file, std::string *error) {
m_resource = utils::find_resource(m_param, file);
std::string err;
m_resource = utils::find_resource(m_param, file, &err);
if (m_resource == "") {
error->assign("XML: File not found: " + m_param + ".");
error->assign("XML: File not found: " + m_param + ". " + err);
return false;
}

1596
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

10
src/parser/seclang-parser.yy
View File

@ -1204,8 +1204,16 @@ expression:
| CONFIG_DIR_GEO_DB
{
#ifdef WITH_GEOIP
std::string err;
std::string file = modsecurity::utils::find_resource($1,
driver.ref.back());
driver.ref.back(), &err);
if (file.empty()) {
std::stringstream ss;
ss << "Failed to load locate the GeoDB file from: " << $1 << " ";
ss << err;
driver.error(@0, ss.str());
YYERROR;
}
if (GeoLookup::getInstance().setDataBase(file) == false) {
std::stringstream ss;
ss << "Failed to load the GeoDB from: ";

31
src/parser/seclang-scanner.cc
View File

@ -3903,7 +3903,7 @@ static const flex_int16_t yy_rule_linenum[404] =
814, 815, 817, 818, 823, 828, 829, 830, 831, 836,
840, 844, 845, 846, 850, 851, 852, 857, 859, 860,
885, 909, 936
885, 911, 939
} ;
/* The intent behind this definition is that it'll catch
@ -6490,21 +6490,23 @@ case 401:
YY_RULE_SETUP
#line 885 "seclang-scanner.ll"
{
std::string err;
const char *file = strchr(yytext, ' ') + 1;
std::string fi = modsecurity::utils::find_resource(file, driver.ref.back());
std::string fi = modsecurity::utils::find_resource(file, driver.ref.back(), &err);
if (fi.empty() == true) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse();
for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back());
std::string err;
std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" );
if (!yyin) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
driver.ref.push_back(f);
@ -6515,25 +6517,26 @@ YY_RULE_SETUP
YY_BREAK
case 402:
YY_RULE_SETUP
#line 909 "seclang-scanner.ll"
#line 911 "seclang-scanner.ll"
{
std::string err;
const char *file = strchr(yytext, ' ') + 1;
char *f = strdup(file + 1);
f[strlen(f)-1] = '\0';
std::string fi = modsecurity::utils::find_resource(f, driver.ref.back());
std::string fi = modsecurity::utils::find_resource(f, driver.ref.back(), &err);
if (fi.empty() == true) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse();
for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back());
std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" );
if (!yyin) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
driver.ref.push_back(f.c_str());
@ -6546,7 +6549,7 @@ YY_RULE_SETUP
case 403:
/* rule 403 can match eol */
YY_RULE_SETUP
#line 936 "seclang-scanner.ll"
#line 939 "seclang-scanner.ll"
{
HttpsClient c;
std::string key;
@ -6580,10 +6583,10 @@ YY_RULE_SETUP
YY_BREAK
case 404:
YY_RULE_SETUP
#line 968 "seclang-scanner.ll"
#line 971 "seclang-scanner.ll"
ECHO;
YY_BREAK
#line 6586 "seclang-scanner.cc"
#line 6589 "seclang-scanner.cc"
case YY_END_OF_BUFFER:
{
@ -7684,7 +7687,7 @@ void yyfree (void * ptr )
/* %ok-for-header */
#line 968 "seclang-scanner.ll"
#line 971 "seclang-scanner.ll"
namespace modsecurity {

19
src/parser/seclang-scanner.ll
View File

@ -882,21 +882,23 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_INCLUDE}[ ]{CONFIG_VALUE_PATH} {
std::string err;
const char *file = strchr(yytext, ' ') + 1;
std::string fi = modsecurity::utils::find_resource(file, driver.ref.back());
std::string fi = modsecurity::utils::find_resource(file, driver.ref.back(), &err);
if (fi.empty() == true) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse();
for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back());
std::string err;
std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" );
if (!yyin) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
driver.ref.push_back(f);
@ -906,23 +908,24 @@ EQUALS_MINUS (?i:=\-)
}
{CONFIG_INCLUDE}[ ]["]{CONFIG_VALUE_PATH}["] {
std::string err;
const char *file = strchr(yytext, ' ') + 1;
char *f = strdup(file + 1);
f[strlen(f)-1] = '\0';
std::string fi = modsecurity::utils::find_resource(f, driver.ref.back());
std::string fi = modsecurity::utils::find_resource(f, driver.ref.back(), &err);
if (fi.empty() == true) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse();
for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back());
std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" );
if (!yyin) {
BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file."));
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), "");
}
driver.ref.push_back(f.c_str());

11
src/utils/system.cc
View File

@ -59,21 +59,26 @@ double cpu_seconds(void) {
std::string find_resource(const std::string& resource,
const std::string& config) {
const std::string& config, std::string *err) {
std::ifstream *iss;
err->assign("Looking at: ");
// Trying absolute or relative to the current dir.
iss = new std::ifstream(resource, std::ios::in);
if (iss->is_open()) {
iss->close();
delete iss;
return resource;
} else {
err->append("'" + resource + "', ");
}
delete iss;
// What about `*' ?
if (utils::expandEnv(resource, 0).size() > 1) {
return resource;
} else {
err->append("'" + resource + "', ");
}
// Trying the same path of the configuration file.
@ -83,12 +88,16 @@ std::string find_resource(const std::string& resource,
iss->close();
delete iss;
return f;
} else {
err->append("'" + f + "', ");
}
delete iss;
// What about `*' ?
if (utils::expandEnv(f, 0).size() > 1) {
return f;
} else {
err->append("'" + f + "'.");
}
return std::string("");

3
src/utils/system.h
View File

@ -29,7 +29,8 @@ namespace utils {
double cpu_seconds(void);
std::string find_resource(const std::string& file, const std::string& param);
std::string find_resource(const std::string& file, const std::string& param,
std::string *err);
std::string get_path(const std::string& file);
std::list<std::string> expandEnv(const std::string& var, int flags);
bool createDir(std::string dir, int mode, std::string *error);

52
test/test-cases/regression/config-include.json
View File

@ -2,7 +2,7 @@
{
"enabled":1,
"version_min":300000,
"title":"Include (1/6)",
"title":"Include (1/7)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -42,7 +42,7 @@
{
"enabled":1,
"version_min":300000,
"title":"Include (2/6)",
"title":"Include (2/7)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -82,7 +82,7 @@
{
"enabled":1,
"version_min":300000,
"title":"Include (3/6)",
"title":"Include (3/7)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -122,7 +122,7 @@
{
"enabled":1,
"version_min":300000,
"title":"Include (4/6)",
"title":"Include (4/7)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -162,7 +162,7 @@
{
"enabled":1,
"version_min":300000,
"title":"Include (5/6)",
"title":"Include (5/7)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -203,7 +203,7 @@
{
"enabled":1,
"version_min":300000,
"title":"Include (6/6)",
"title":"Include (6/7)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -239,5 +239,45 @@
"Include test-cases/data/config_example2.txt",
"SecRule ARGS \"@contains test\" \"id:9,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Include (7/7)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"parser_error":"Looking at: 'test-cases/data/conasdffig_example2.txt'"
},
"rules":[
"SecRuleEngine On",
"Include test-cases/data/conasdffig_example2.txt",
"SecRule ARGS \"@contains test\" \"id:9,pass,t:trim\""
]
}
]