github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds verbose message when a resource is not found.

Browse Source 
Fix #1309
This commit is contained in:
Felipe Zimmerle 2017-05-02 13:38:41 -03:00
parent 77a658c7cd
commit c97db2f361
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
10 changed files with 906 additions and 831 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/operators/pm_from_file.cc
View File

@ -38,11 +38,12 @@ bool PmFromFile::init(const std::string &config, std::string *error) {
} }
iss = new std::stringstream(client.content); iss = new std::stringstream(client.content);
} else { } else {
std::string resource = utils::find_resource(m_param, config); std::string err;
std::string resource = utils::find_resource(m_param, config, &err);
iss = new std::ifstream(resource, std::ios::in); iss = new std::ifstream(resource, std::ios::in);
if (((std::ifstream *)iss)->is_open() == false) { if (((std::ifstream *)iss)->is_open() == false) {
error->assign("Failed to open file: " + m_param); error->assign("Failed to open file: " + m_param + ". " + err);
delete iss; delete iss;
return false; return false;
} }

5
src/operators/validate_dtd.cc
View File

@ -26,9 +26,10 @@ namespace operators {
bool ValidateDTD::init(const std::string &file, std::string *error) { bool ValidateDTD::init(const std::string &file, std::string *error) {
m_resource = utils::find_resource(m_param, file); std::string err;
m_resource = utils::find_resource(m_param, file, &err);
if (m_resource == "") { if (m_resource == "") {
error->assign("XML: File not found: " + m_param + "."); error->assign("XML: File not found: " + m_param + ". " + err);
return false; return false;
} }

5
src/operators/validate_schema.cc
View File

@ -26,9 +26,10 @@ namespace modsecurity {
namespace operators { namespace operators {
bool ValidateSchema::init(const std::string &file, std::string *error) { bool ValidateSchema::init(const std::string &file, std::string *error) {
m_resource = utils::find_resource(m_param, file); std::string err;
m_resource = utils::find_resource(m_param, file, &err);
if (m_resource == "") { if (m_resource == "") {
error->assign("XML: File not found: " + m_param + "."); error->assign("XML: File not found: " + m_param + ". " + err);
return false; return false;
} }

1596
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

10
src/parser/seclang-parser.yy
View File

@ -1204,8 +1204,16 @@ expression:
| CONFIG_DIR_GEO_DB | CONFIG_DIR_GEO_DB
{ {
#ifdef WITH_GEOIP #ifdef WITH_GEOIP
std::string err;
std::string file = modsecurity::utils::find_resource($1, std::string file = modsecurity::utils::find_resource($1,
driver.ref.back()); driver.ref.back(), &err);
if (file.empty()) {
std::stringstream ss;
ss << "Failed to load locate the GeoDB file from: " << $1 << " ";
ss << err;
driver.error(@0, ss.str());
YYERROR;
}
if (GeoLookup::getInstance().setDataBase(file) == false) { if (GeoLookup::getInstance().setDataBase(file) == false) {
std::stringstream ss; std::stringstream ss;
ss << "Failed to load the GeoDB from: "; ss << "Failed to load the GeoDB from: ";

31
src/parser/seclang-scanner.cc
View File

@ -3903,7 +3903,7 @@ static const flex_int16_t yy_rule_linenum[404] =
814, 815, 817, 818, 823, 828, 829, 830, 831, 836, 814, 815, 817, 818, 823, 828, 829, 830, 831, 836,
840, 844, 845, 846, 850, 851, 852, 857, 859, 860, 840, 844, 845, 846, 850, 851, 852, 857, 859, 860,
885, 909, 936 885, 911, 939
} ; } ;
/* The intent behind this definition is that it'll catch /* The intent behind this definition is that it'll catch
@ -6490,21 +6490,23 @@ case 401:
YY_RULE_SETUP YY_RULE_SETUP
#line 885 "seclang-scanner.ll" #line 885 "seclang-scanner.ll"
{ {
std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *file = strchr(yytext, ' ') + 1;
std::string fi = modsecurity::utils::find_resource(file, driver.ref.back()); std::string fi = modsecurity::utils::find_resource(file, driver.ref.back(), &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0); std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse(); files.reverse();
for (auto& s: files) { for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back()); std::string err;
std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" ); yyin = fopen(f.c_str(), "r" );
if (!yyin) { if (!yyin) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
driver.ref.push_back(f); driver.ref.push_back(f);
@ -6515,25 +6517,26 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 402: case 402:
YY_RULE_SETUP YY_RULE_SETUP
#line 909 "seclang-scanner.ll" #line 911 "seclang-scanner.ll"
{ {
std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *file = strchr(yytext, ' ') + 1;
char *f = strdup(file + 1); char *f = strdup(file + 1);
f[strlen(f)-1] = '\0'; f[strlen(f)-1] = '\0';
std::string fi = modsecurity::utils::find_resource(f, driver.ref.back()); std::string fi = modsecurity::utils::find_resource(f, driver.ref.back(), &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0); std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse(); files.reverse();
for (auto& s: files) { for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back()); std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" ); yyin = fopen(f.c_str(), "r" );
if (!yyin) { if (!yyin) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
driver.ref.push_back(f.c_str()); driver.ref.push_back(f.c_str());
@ -6546,7 +6549,7 @@ YY_RULE_SETUP
case 403: case 403:
/* rule 403 can match eol */ /* rule 403 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 936 "seclang-scanner.ll" #line 939 "seclang-scanner.ll"
{ {
HttpsClient c; HttpsClient c;
std::string key; std::string key;
@ -6580,10 +6583,10 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 404: case 404:
YY_RULE_SETUP YY_RULE_SETUP
#line 968 "seclang-scanner.ll" #line 971 "seclang-scanner.ll"
ECHO; ECHO;
YY_BREAK YY_BREAK
#line 6586 "seclang-scanner.cc" #line 6589 "seclang-scanner.cc"
case YY_END_OF_BUFFER: case YY_END_OF_BUFFER:
{ {
@ -7684,7 +7687,7 @@ void yyfree (void * ptr )
/* %ok-for-header */ /* %ok-for-header */
#line 968 "seclang-scanner.ll" #line 971 "seclang-scanner.ll"
namespace modsecurity { namespace modsecurity {

19
src/parser/seclang-scanner.ll
View File

@ -882,21 +882,23 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_INCLUDE}[ ]{CONFIG_VALUE_PATH} { {CONFIG_INCLUDE}[ ]{CONFIG_VALUE_PATH} {
std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *file = strchr(yytext, ' ') + 1;
std::string fi = modsecurity::utils::find_resource(file, driver.ref.back()); std::string fi = modsecurity::utils::find_resource(file, driver.ref.back(), &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0); std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse(); files.reverse();
for (auto& s: files) { for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back()); std::string err;
std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" ); yyin = fopen(f.c_str(), "r" );
if (!yyin) { if (!yyin) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
driver.ref.push_back(f); driver.ref.push_back(f);
@ -906,23 +908,24 @@ EQUALS_MINUS (?i:=\-)
} }
{CONFIG_INCLUDE}[ ]["]{CONFIG_VALUE_PATH}["] { {CONFIG_INCLUDE}[ ]["]{CONFIG_VALUE_PATH}["] {
std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *file = strchr(yytext, ' ') + 1;
char *f = strdup(file + 1); char *f = strdup(file + 1);
f[strlen(f)-1] = '\0'; f[strlen(f)-1] = '\0';
std::string fi = modsecurity::utils::find_resource(f, driver.ref.back()); std::string fi = modsecurity::utils::find_resource(f, driver.ref.back(), &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", file + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0); std::list<std::string> files = modsecurity::utils::expandEnv(fi, 0);
files.reverse(); files.reverse();
for (auto& s: files) { for (auto& s: files) {
std::string f = modsecurity::utils::find_resource(s, driver.ref.back()); std::string f = modsecurity::utils::find_resource(s, driver.ref.back(), &err);
yyin = fopen(f.c_str(), "r" ); yyin = fopen(f.c_str(), "r" );
if (!yyin) { if (!yyin) {
BEGIN(INITIAL); BEGIN(INITIAL);
driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file.")); driver.error (*driver.loc.back(), "", s + std::string(": Not able to open file. ") + err);
throw p::syntax_error(*driver.loc.back(), ""); throw p::syntax_error(*driver.loc.back(), "");
} }
driver.ref.push_back(f.c_str()); driver.ref.push_back(f.c_str());

11
src/utils/system.cc
View File

@ -59,21 +59,26 @@ double cpu_seconds(void) {
std::string find_resource(const std::string& resource, std::string find_resource(const std::string& resource,
const std::string& config) { const std::string& config, std::string *err) {
std::ifstream *iss; std::ifstream *iss;
err->assign("Looking at: ");
// Trying absolute or relative to the current dir. // Trying absolute or relative to the current dir.
iss = new std::ifstream(resource, std::ios::in); iss = new std::ifstream(resource, std::ios::in);
if (iss->is_open()) { if (iss->is_open()) {
iss->close(); iss->close();
delete iss; delete iss;
return resource; return resource;
} else {
err->append("'" + resource + "', ");
} }
delete iss; delete iss;
// What about `*' ? // What about `*' ?
if (utils::expandEnv(resource, 0).size() > 1) { if (utils::expandEnv(resource, 0).size() > 1) {
return resource; return resource;
} else {
err->append("'" + resource + "', ");
} }
// Trying the same path of the configuration file. // Trying the same path of the configuration file.
@ -83,12 +88,16 @@ std::string find_resource(const std::string& resource,
iss->close(); iss->close();
delete iss; delete iss;
return f; return f;
} else {
err->append("'" + f + "', ");
} }
delete iss; delete iss;
// What about `*' ? // What about `*' ?
if (utils::expandEnv(f, 0).size() > 1) { if (utils::expandEnv(f, 0).size() > 1) {
return f; return f;
} else {
err->append("'" + f + "'.");
} }
return std::string(""); return std::string("");

3
src/utils/system.h
View File

@ -29,7 +29,8 @@ namespace utils {
double cpu_seconds(void); double cpu_seconds(void);
std::string find_resource(const std::string& file, const std::string& param); std::string find_resource(const std::string& file, const std::string& param,
std::string *err);
std::string get_path(const std::string& file); std::string get_path(const std::string& file);
std::list<std::string> expandEnv(const std::string& var, int flags); std::list<std::string> expandEnv(const std::string& var, int flags);
bool createDir(std::string dir, int mode, std::string *error); bool createDir(std::string dir, int mode, std::string *error);

52
test/test-cases/regression/config-include.json
View File

@ -2,7 +2,7 @@
{ {
"enabled":1, "enabled":1,
"version_min":300000, "version_min":300000,
"title":"Include (1/6)", "title":"Include (1/7)",
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",
"port":123 "port":123
@ -42,7 +42,7 @@
{ {
"enabled":1, "enabled":1,
"version_min":300000, "version_min":300000,
"title":"Include (2/6)", "title":"Include (2/7)",
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",
"port":123 "port":123
@ -82,7 +82,7 @@
{ {
"enabled":1, "enabled":1,
"version_min":300000, "version_min":300000,
"title":"Include (3/6)", "title":"Include (3/7)",
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",
"port":123 "port":123
@ -122,7 +122,7 @@
{ {
"enabled":1, "enabled":1,
"version_min":300000, "version_min":300000,
"title":"Include (4/6)", "title":"Include (4/7)",
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",
"port":123 "port":123
@ -162,7 +162,7 @@
{ {
"enabled":1, "enabled":1,
"version_min":300000, "version_min":300000,
"title":"Include (5/6)", "title":"Include (5/7)",
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",
"port":123 "port":123
@ -203,7 +203,7 @@
{ {
"enabled":1, "enabled":1,
"version_min":300000, "version_min":300000,
"title":"Include (6/6)", "title":"Include (6/7)",
"client":{ "client":{
"ip":"200.249.12.31", "ip":"200.249.12.31",
"port":123 "port":123
@ -239,5 +239,45 @@
"Include test-cases/data/config_example2.txt", "Include test-cases/data/config_example2.txt",
"SecRule ARGS \"@contains test\" \"id:9,pass,t:trim\"" "SecRule ARGS \"@contains test\" \"id:9,pass,t:trim\""
] ]
},
{
"enabled":1,
"version_min":300000,
"title":"Include (7/7)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"parser_error":"Looking at: 'test-cases/data/conasdffig_example2.txt'"
},
"rules":[
"SecRuleEngine On",
"Include test-cases/data/conasdffig_example2.txt",
"SecRule ARGS \"@contains test\" \"id:9,pass,t:trim\""
]
} }
] ]