github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support for the exec action

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-11-05 11:46:29 -03:00
parent 7bec78a5a5
commit cb3363c7d5
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
9 changed files with 1026 additions and 722 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -2,6 +2,8 @@
v3.0.????? - ?
---------------------------
- Adds support for the exec action.
[Issue #1050 - @zimmerle]
- Adds support for transformations inside Lua engine
[Issue #994 - @zimmerle]
- Adds initial support for Lua engine.

1
Makefile.am
View File

@ -287,4 +287,5 @@ TESTS+=test/test-cases/regression/misc-variable-under-quotes.json
TESTS+=test/test-cases/regression/operator-fuzzyhash.json
TESTS+=test/test-cases/regression/collection-resource.json
TESTS+=test/test-cases/regression/operator-inpectFile.json
TESTS+=test/test-cases/regression/action-exec.json

2
src/Makefile.am
View File

@ -121,6 +121,7 @@ ACTIONS = \
actions/disruptive/deny.cc \
actions/disruptive/redirect.cc \
actions/disruptive/pass.cc \
actions/exec.cc \
actions/init_col.cc \
actions/log.cc \
actions/log_data.cc \
@ -273,6 +274,7 @@ libmodsecurity_la_SOURCES = \
macro_expansion.cc \
rule.cc \
rule_message.cc \
rule_script.cc \
unique_id.cc \
rules_exceptions.cc \
${BODY_PROCESSORS} \

61
src/actions/exec.cc Normal file
View File

@ -0,0 +1,61 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/actions/exec.h"
#include <iostream>
#include <string>
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
#include "src/utils/system.h"
#include "src/engine/lua.h"
namespace modsecurity {
namespace actions {
bool Exec::init(std::string *error) {
std::string err;
m_script = utils::find_resource(m_parser_payload, "", &err);
if (m_script.size() == 0) {
error->assign("exec: Script not found: " + err);
return false;
}
if (engine::Lua::isCompatible(m_script, &m_lua, &err) == false) {
error->assign("exec: " + err);
return false;
}
return true;
}
bool Exec::evaluate(Rule *rule, Transaction *t) {
t->debug(8, "Running script... " + m_script);
m_lua.run(t);
return true;
}
} // namespace actions
} // namespace modsecurity

51
src/actions/exec.h Normal file
View File

@ -0,0 +1,51 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "modsecurity/actions/action.h"
#include "src/engine/lua.h"
#ifndef SRC_ACTIONS_EXEC_H_
#define SRC_ACTIONS_EXEC_H_
class Transaction;
namespace modsecurity {
class Transaction;
namespace actions {
class Exec : public Action {
public:
explicit Exec(std::string action)
: Action(action),
m_script("") { }
~Exec() { }
bool evaluate(Rule *rule, Transaction *transaction) override;
bool init(std::string *error) override;
private:
std::string m_script;
engine::Lua m_lua;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_EXEC_H_

1451
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

8
src/parser/seclang-parser.hh
View File

@ -51,6 +51,7 @@ class Driver;
}
}
#include "src/rule_script.h"
#include "src/actions/accuracy.h"
#include "src/actions/audit_log.h"
@ -71,6 +72,7 @@ class Driver;
#include "src/actions/disruptive/pass.h"
#include "src/actions/disruptive/redirect.h"
#include "src/actions/init_col.h"
#include "src/actions/exec.h"
#include "src/actions/log_data.h"
#include "src/actions/log.h"
#include "src/actions/maturity.h"
@ -368,7 +370,7 @@ using modsecurity::operators::Operator;
#line 372 "seclang-parser.hh" // lalr1.cc:377
#line 374 "seclang-parser.hh" // lalr1.cc:377
# include <cassert>
# include <cstdlib> // std::abort
@ -445,7 +447,7 @@ using modsecurity::operators::Operator;
namespace yy {
#line 449 "seclang-parser.hh" // lalr1.cc:377
#line 451 "seclang-parser.hh" // lalr1.cc:377
@ -5768,7 +5770,7 @@ namespace yy {
} // yy
#line 5772 "seclang-parser.hh" // lalr1.cc:377
#line 5774 "seclang-parser.hh" // lalr1.cc:377

27
src/parser/seclang-parser.yy
View File

@ -17,6 +17,7 @@ class Driver;
}
}
#include "src/rule_script.h"
#include "src/actions/accuracy.h"
#include "src/actions/audit_log.h"
@ -37,6 +38,7 @@ class Driver;
#include "src/actions/disruptive/pass.h"
#include "src/actions/disruptive/redirect.h"
#include "src/actions/init_col.h"
#include "src/actions/exec.h"
#include "src/actions/log_data.h"
#include "src/actions/log.h"
#include "src/actions/maturity.h"
@ -1109,8 +1111,27 @@ expression:
}
| DIRECTIVE_SECRULESCRIPT actions
{
driver.error(@0, "SecRuleScript is not yet supported.");
YYERROR;
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
for (auto &i : *$2.get()) {
a->push_back(i.release());
}
RuleScript *r = new RuleScript(
/* path to script */ $1,
/* actions */ a,
/* file name */ driver.ref.back(),
/* line number */ @0.end.line
);
std::string err;
if (r->init(&err) == false) {
driver.error(@0, "Failed to load script: " + err);
delete r;
YYERROR;
}
if (driver.addSecRuleScript(r) == false) {
delete r;
YYERROR;
}
}
| CONFIG_DIR_SEC_DEFAULT_ACTION actions
{
@ -2296,7 +2317,7 @@ act:
}
| ACTION_EXEC
{
//ACTION_CONTAINER($$, new actions::Exec($1));
ACTION_CONTAINER($$, new actions::Exec($1));
}
| ACTION_EXPIRE_VAR
{

145
test/test-cases/regression/action-exec.json Normal file
View File

@ -0,0 +1,145 @@
[
{
"enabled":1,
"version_min":300000,
"version_max":0,
"title":"Testing action :: exec (1/3)",
"client":{
"ip":"200.249.12.31",
"port":2313
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language":"en-us,en;q=0.5",
"Accept-Encoding":"gzip,deflate",
"Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive":"300",
"Connection":"keep-alive",
"Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
"Pragma":"no-cache",
"Cache-Control":"no-cache"
},
"uri":"\/test.pl?param1= test &param2=test2",
"method":"GET",
"http_version":1.1,
"body":""
},
"response":{
"headers":{
"Content-Type":"text\/xml; charset=utf-8\n\r",
"Content-Length":"length\n\r"
}
},
"expected":{
"audit_log":"",
"debug_log":"Saving msg: This is a test, text\/html,application",
"error_log":"",
"parser_error":"exec: Expecting a Lua script: /bin/ech"
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"id:1,t:lowercase,t:none,exec:/bin/echo\""
]
},
{
"enabled":1,
"version_min":300000,
"version_max":0,
"title":"Testing action :: exec (2/2)",
"client":{
"ip":"200.249.12.31",
"port":2313
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language":"en-us,en;q=0.5",
"Accept-Encoding":"gzip,deflate",
"Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive":"300",
"Connection":"keep-alive",
"Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
"Pragma":"no-cache",
"Cache-Control":"no-cache"
},
"uri":"\/test.pl?param1= test &param2=test2",
"method":"GET",
"http_version":1.1,
"body":""
},
"response":{
"headers":{
"Content-Type":"text\/xml; charset=utf-8\n\r",
"Content-Length":"length\n\r"
}
},
"expected":{
"audit_log":"",
"debug_log":"Running script... test-cases/data/test.lua",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:Cookie \"@contains PHPSESSID\" \"id:1,exec:test-cases/data/test.lua\""
]
},
{
"enabled":1,
"version_min":300000,
"version_max":0,
"title":"Testing action :: exec (3/3)",
"client":{
"ip":"200.249.12.31",
"port":2313
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language":"en-us,en;q=0.5",
"Accept-Encoding":"gzip,deflate",
"Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive":"300",
"Connection":"keep-alive",
"Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
"Pragma":"no-cache",
"Cache-Control":"no-cache"
},
"uri":"\/test.pl?param1= test &param2=test2",
"method":"GET",
"http_version":1.1,
"body":""
},
"response":{
"headers":{
"Content-Type":"text\/xml; charset=utf-8\n\r",
"Content-Length":"length\n\r"
}
},
"expected":{
"audit_log":"",
"debug_log":"Running script... test-cases/data/match.lua",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:Cookie \"@contains PHPSESSID\" \"id:1,exec:test-cases/data/match.lua\""
]
}
]