Adds support for the exec action

src/Makefile.am

@@ -121,6 +121,7 @@ ACTIONS = \
 	actions/disruptive/deny.cc \
 	actions/disruptive/redirect.cc \
 	actions/disruptive/pass.cc \
+	actions/exec.cc \
 	actions/init_col.cc \
 	actions/log.cc \
 	actions/log_data.cc \
@@ -273,6 +274,7 @@ libmodsecurity_la_SOURCES = \
 	macro_expansion.cc \
 	rule.cc \
 	rule_message.cc \
+	rule_script.cc \
 	unique_id.cc \
 	rules_exceptions.cc \
 	${BODY_PROCESSORS} \

src/actions/exec.cc

@@ -0,0 +1,61 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/exec.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "src/macro_expansion.h"
+#include "src/utils/system.h"
+#include "src/engine/lua.h"
+
+
+namespace modsecurity {
+namespace actions {
+
+
+bool Exec::init(std::string *error) {
+    std::string err;
+
+    m_script = utils::find_resource(m_parser_payload, "", &err);
+
+    if (m_script.size() == 0) {
+        error->assign("exec: Script not found: " + err);
+        return false;
+    }
+
+    if (engine::Lua::isCompatible(m_script, &m_lua, &err) == false) {
+        error->assign("exec: " + err);
+        return false;
+    }
+
+    return true;
+}
+
+
+bool Exec::evaluate(Rule *rule, Transaction *t) {
+    t->debug(8, "Running script... " + m_script);
+
+    m_lua.run(t);
+    return true;
+}
+
+
+}  // namespace actions
+}  // namespace modsecurity

src/actions/exec.h

@@ -0,0 +1,51 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "src/engine/lua.h"
+
+#ifndef SRC_ACTIONS_EXEC_H_
+#define SRC_ACTIONS_EXEC_H_
+
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+namespace actions {
+
+
+class Exec : public Action {
+ public:
+    explicit Exec(std::string action)
+        : Action(action),
+        m_script("") { }
+
+    ~Exec() { }
+
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool init(std::string *error) override;
+
+ private:
+    std::string m_script;
+    engine::Lua m_lua;
+};
+
+
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_EXEC_H_

src/parser/seclang-parser.hh

@@ -51,6 +51,7 @@ class Driver;
 }
 }
 
+#include "src/rule_script.h"
 
 #include "src/actions/accuracy.h"
 #include "src/actions/audit_log.h"
@@ -71,6 +72,7 @@ class Driver;
 #include "src/actions/disruptive/pass.h"
 #include "src/actions/disruptive/redirect.h"
 #include "src/actions/init_col.h"
+#include "src/actions/exec.h"
 #include "src/actions/log_data.h"
 #include "src/actions/log.h"
 #include "src/actions/maturity.h"
@@ -368,7 +370,7 @@ using modsecurity::operators::Operator;
 
 
 
-#line 372 "seclang-parser.hh" // lalr1.cc:377
+#line 374 "seclang-parser.hh" // lalr1.cc:377
 
 # include <cassert>
 # include <cstdlib> // std::abort
@@ -445,7 +447,7 @@ using modsecurity::operators::Operator;
 
 
 namespace yy {
-#line 449 "seclang-parser.hh" // lalr1.cc:377
+#line 451 "seclang-parser.hh" // lalr1.cc:377
 
 
 
@@ -5768,7 +5770,7 @@ namespace yy {
 
 
 } // yy
-#line 5772 "seclang-parser.hh" // lalr1.cc:377
+#line 5774 "seclang-parser.hh" // lalr1.cc:377
 
 
 

src/parser/seclang-parser.yy

@@ -17,6 +17,7 @@ class Driver;
 }
 }
 
+#include "src/rule_script.h"
 
 #include "src/actions/accuracy.h"
 #include "src/actions/audit_log.h"
@@ -37,6 +38,7 @@ class Driver;
 #include "src/actions/disruptive/pass.h"
 #include "src/actions/disruptive/redirect.h"
 #include "src/actions/init_col.h"
+#include "src/actions/exec.h"
 #include "src/actions/log_data.h"
 #include "src/actions/log.h"
 #include "src/actions/maturity.h"
@@ -1109,8 +1111,27 @@ expression:
       }
     | DIRECTIVE_SECRULESCRIPT actions
       {
-        driver.error(@0, "SecRuleScript is not yet supported.");
-        YYERROR;
+        std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
+        for (auto &i : *$2.get()) {
+            a->push_back(i.release());
+        }
+
+        RuleScript *r = new RuleScript(
+            /* path to script */ $1,
+            /* actions */ a,
+            /* file name */ driver.ref.back(),
+            /* line number */ @0.end.line
+            );
+        std::string err;
+        if (r->init(&err) == false) {
+            driver.error(@0, "Failed to load script: " + err);
+            delete r;
+            YYERROR;
+        }
+        if (driver.addSecRuleScript(r) == false) {
+            delete r;
+            YYERROR;
+        }
       }
     | CONFIG_DIR_SEC_DEFAULT_ACTION actions
       {
@@ -2296,7 +2317,7 @@ act:
       }
     | ACTION_EXEC
       {
-        //ACTION_CONTAINER($$, new actions::Exec($1));
+        ACTION_CONTAINER($$, new actions::Exec($1));
       }
     | ACTION_EXPIRE_VAR
       {