github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds references to the collection variables

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-02-02 18:32:00 -03:00 committed by Felipe Zimmerle
parent e95efa05cc
commit d851699529
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
9 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
headers/modsecurity/anchored_variable.h
View File

@ -42,7 +42,7 @@ class Transaction;
class AnchoredVariable { class AnchoredVariable {
public: public:
AnchoredVariable(Transaction* t, std::__cxx11::string name); AnchoredVariable(Transaction* t, std::string name);
~AnchoredVariable(); ~AnchoredVariable();
void unset(); void unset();

2
headers/modsecurity/rule.h
View File

@ -49,7 +49,7 @@ class Rule {
std::vector<actions::Action *> *_actions, std::vector<actions::Action *> *_actions,
std::string fileName, std::string fileName,
int lineNumber); int lineNumber);
explicit Rule(std::__cxx11::string marker); explicit Rule(std::string marker);
~Rule(); ~Rule();
bool evaluate(Transaction *transaction); bool evaluate(Transaction *transaction);

1
headers/modsecurity/rule_message.h
View File

@ -68,7 +68,6 @@ class RuleMessage {
int m_maturity; int m_maturity;
int m_accuracy; int m_accuracy;
std::string m_reference; std::string m_reference;
std::string m_referenceOp;
std::list<std::string> m_tags; std::list<std::string> m_tags;
std::list<std::string> m_server_logs; std::list<std::string> m_server_logs;

7
src/anchored_set_variable.cc
View File

@ -51,12 +51,17 @@ void AnchoredSetVariable::unset() {
void AnchoredSetVariable::set(const std::string &key, void AnchoredSetVariable::set(const std::string &key,
const std::string &value, size_t offset) { const std::string &value, size_t offset) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *v = new std::string(value); std::string *v = new std::string(value);
std::string *k = new std::string(m_name + ":" + key); std::string *k = new std::string(m_name + ":" + key);
collection::Variable *var = new collection::Variable(k, v); collection::Variable *var = new collection::Variable(k, v);
origin->m_offset = offset;
origin->m_length = value.size();
var->m_dynamic_value = true; var->m_dynamic_value = true;
var->m_dynamic = false; var->m_dynamic = false;
var->m_orign.push_back(std::move(origin));
emplace(key, var); emplace(key, var);
} }

13
src/audit_log/writer/parallel.cc
View File

@ -21,6 +21,8 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <fstream> #include <fstream>
#include <mutex> #include <mutex>
@ -100,7 +102,6 @@ bool Parallel::init(std::string *error) {
bool Parallel::write(Transaction *transaction, int parts, std::string *error) { bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
FILE *fp;
int fd; int fd;
std::string log = transaction->toJSON(parts); std::string log = transaction->toJSON(parts);
std::string fileName = logFilePath(&transaction->m_timeStamp, std::string fileName = logFilePath(&transaction->m_timeStamp,
@ -139,9 +140,13 @@ bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
+ strerror(errno)); + strerror(errno));
return false; return false;
} }
fp = fdopen(fd, "w"); close(fd);
fwrite(log.c_str(), log.length(), 1, fp);
fclose(fp); std::ofstream myfile;
std::string a(fileName.c_str());
myfile.open (a);
myfile << log;
myfile.close();
if (m_audit->m_path1.empty() == false if (m_audit->m_path1.empty() == false
&& m_audit->m_path2.empty() == false) { && m_audit->m_path2.empty() == false) {

1
src/macro_expansion.h
View File

@ -13,6 +13,7 @@
* *
*/ */
#include <ctime> #include <ctime>
#include <iostream> #include <iostream>
#include <string> #include <string>

5
src/operators/pm.cc
View File

@ -90,8 +90,9 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
bool capture = rule && rule->getActionsByName("capture").size() > 0; bool capture = rule && rule->getActionsByName("capture").size() > 0;
if (rc > 0 && transaction) { if (rc > 0 && transaction) {
logOffset(ruleMessage, rc, input.size()); std::string match_(match);
transaction->m_matched.push_back(std::string(match)); logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
transaction->m_matched.push_back(match_);
} }
if (capture && transaction && rc) { if (capture && transaction && rc) {

6
src/rule.cc
View File

@ -505,6 +505,12 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
new std::string(*v->m_value))); new std::string(*v->m_value)));
var->m_dynamic_value = true; var->m_dynamic_value = true;
var->m_dynamic_key = true; var->m_dynamic_key = true;
for (auto &i : v->m_orign) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
origin->m_offset = i->m_offset;
origin->m_length = i->m_length;
var->m_orign.push_back(std::move(origin));
}
if (v->m_dynamic) { if (v->m_dynamic) {
delete v; delete v;

17
src/transaction.cc
View File

@ -288,13 +288,14 @@ bool Transaction::addArgument(const std::string& orig, const std::string& key,
debug(4, "Adding request argument (" + orig + "): name \"" + \ debug(4, "Adding request argument (" + orig + "): name \"" + \
key + "\", value \"" + value + "\""); key + "\", value \"" + value + "\"");
m_variableArgs.set(key, value, m_variableOffset); offset = offset + key.size() + 1;
m_variableArgs.set(key, value, offset);
if (orig == "GET") { if (orig == "GET") {
m_variableArgsGet.set(key, value, m_variableOffset); m_variableArgsGet.set(key, value, offset);
m_variableArgGetNames.append(key, offset, true); m_variableArgGetNames.append(key, offset, true);
} else if (orig == "POST") { } else if (orig == "POST") {
m_variableArgsPost.set(key, value, m_variableOffset); m_variableArgsPost.set(key, value, offset);
m_variableArgPostNames.append(key, offset, true); m_variableArgPostNames.append(key, offset, true);
} }
m_variableArgsNames.append(key, offset, true); m_variableArgsNames.append(key, offset, true);
@ -379,7 +380,7 @@ int Transaction::processURI(const char *uri, const char *method,
path_info.length() - (offset + 1)); path_info.length() - (offset + 1));
m_variableRequestBasename.set(basename, m_variableOffset); m_variableRequestBasename.set(basename, m_variableOffset);
} }
m_variableRequestMethod.set(method, m_variableOffset); m_variableRequestMethod.set(method, 0);
m_variableRequestProtocol.set("HTTP/" + std::string(http_version), m_variableRequestProtocol.set("HTTP/" + std::string(http_version),
m_variableOffset); m_variableOffset);
@ -414,6 +415,8 @@ int Transaction::processURI(const char *uri, const char *method,
extractArguments("GET", m_variableQueryString.m_value, extractArguments("GET", m_variableQueryString.m_value,
m_variableQueryString.m_offset); m_variableQueryString.m_offset);
} }
m_variableOffset = m_variableOffset + 1;
return true; return true;
} }
@ -471,7 +474,9 @@ int Transaction::addRequestHeader(const std::string& key,
const std::string& value) { const std::string& value) {
m_variableRequestHeadersNames.append(key, 0, true); m_variableRequestHeadersNames.append(key, 0, true);
m_variableOffset = m_variableOffset + key.size() + 2;
m_variableRequestHeaders.set(key, value, m_variableOffset); m_variableRequestHeaders.set(key, value, m_variableOffset);
m_variableOffset = m_variableOffset + value.size() + 1;
std::string keyl = utils::string::tolower(key); std::string keyl = utils::string::tolower(key);
@ -1427,6 +1432,7 @@ std::string Transaction::toJSON(int parts) {
const unsigned char *buf; const unsigned char *buf;
size_t len; size_t len;
yajl_gen g; yajl_gen g;
std::string log;
std::string ts = utils::string::ascTime(&m_timeStamp).c_str(); std::string ts = utils::string::ascTime(&m_timeStamp).c_str();
std::string uniqueId = UniqueId::uniqueId(); std::string uniqueId = UniqueId::uniqueId();
@ -1561,6 +1567,7 @@ std::string Transaction::toJSON(int parts) {
strlen("details")); strlen("details"));
yajl_gen_map_open(g); yajl_gen_map_open(g);
LOGFY_ADD("match", a.m_match.c_str()); LOGFY_ADD("match", a.m_match.c_str());
LOGFY_ADD("reference", a.m_reference.c_str());
LOGFY_ADD("ruleId", std::to_string(a.m_ruleId).c_str()); LOGFY_ADD("ruleId", std::to_string(a.m_ruleId).c_str());
LOGFY_ADD("file", a.m_ruleFile.c_str()); LOGFY_ADD("file", a.m_ruleFile.c_str());
LOGFY_ADD("lineNumber", std::to_string(a.m_ruleLine).c_str()); LOGFY_ADD("lineNumber", std::to_string(a.m_ruleLine).c_str());
@ -1597,7 +1604,7 @@ std::string Transaction::toJSON(int parts) {
yajl_gen_get_buf(g, &buf, &len); yajl_gen_get_buf(g, &buf, &len);
std::string log(reinterpret_cast<const char*>(buf), len); log.assign(reinterpret_cast<const char*>(buf), len);
yajl_gen_free(g); yajl_gen_free(g);