github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables

Browse Source 
This variable is a combination from REQUEST_LINE, REQUEST_HEADERS and
REQUEST_BODY (if any). Expects for \n\n in between each of those values.
This commit is contained in:
Felipe Zimmerle
2014-02-27 10:39:07 -08:00
parent 62f3d02894
commit d93ce9ceee
7 changed files with 289 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
apache2/re_variables.c
View File

@@ -1934,6 +1934,87 @@ static int var_request_basename_generate(modsec_rec *msr, msre_var *var, msre_ru
return var_simple_generate(var, vartab, mptmp, value);
}
/* FULL_REQUEST */
static int var_full_request_generate(modsec_rec *msr, msre_var *var,
msre_rule *rule, apr_table_t *vartab, apr_pool_t *mptmp)
{
const apr_array_header_t *arr = NULL;
char *full_request = NULL;
int full_request_length = 0;
int headers_length = 0;
int request_line_length = 0;
arr = apr_table_elts(msr->request_headers);
headers_length = msc_headers_to_buffer(arr, NULL, 0);
if (headers_length < 0) {
msr_log(msr, 9, "Variable FULL_REQUEST failed. Problems to measure " \
"headers length.");
goto failed_measure_buffer;
}
request_line_length = strlen(msr->request_line) + /* \n\n: */ 2;
full_request_length = request_line_length + headers_length +
msr->msc_reqbody_length + /* \0: */1;
full_request = malloc(sizeof(char)*full_request_length);
if (full_request == NULL) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 8, "Variable FULL_REQUEST will not be created, not " \
"enough memory available.");
}
goto failed_not_enough_mem;
}
memset(full_request, '\0', sizeof(char)*msr->msc_full_request_length);
msr->msc_full_request_buffer = full_request;
msr->msc_full_request_length = full_request_length;
apr_snprintf(full_request, request_line_length + 1,
/* +1 here because sprintf will place \0 in the end of the string.*/
"%s\n\n", msr->request_line);
headers_length = msc_headers_to_buffer(arr, full_request +
request_line_length, headers_length);
if (headers_length < 0) {
msr_log(msr, 9, "Variable FULL_REQUEST will not be created, failed " \
"to fill headers buffer.");
goto failed_fill_buffer;
}
if (msr->msc_reqbody_length > 0 && msr->msc_reqbody_buffer != NULL) {
memcpy(full_request + (headers_length + request_line_length),
msr->msc_reqbody_buffer, msr->msc_reqbody_length);
}
full_request[msr->msc_full_request_length-1] = '\0';
return var_simple_generate_ex(var, vartab, mptmp, full_request,
msr->msc_full_request_length);
failed_fill_buffer:
failed_not_enough_mem:
failed_measure_buffer:
no_buffer:
return 0;
}
/* FULL_REQUEST_LENGTH */
static int var_full_request_length_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
const apr_array_header_t *arr = NULL;
char *value = NULL;
int headers_length = 0;
arr = apr_table_elts(msr->request_headers);
headers_length = msc_headers_to_buffer(arr, NULL, 0);
msr->msc_full_request_length = headers_length + msr->msc_reqbody_length + /* \0: */1;
value = apr_psprintf(mptmp, "%d", msr->msc_full_request_length);
return var_simple_generate(var, vartab, mptmp, value);
}
/* REQUEST_BODY */
static int var_request_body_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -3204,12 +3285,35 @@ void msre_engine_register_default_variables(msre_engine *engine) {
PHASE_REQUEST_HEADERS
);
/* REQUEST_BODY */
/* FULL_REQUEST */
msre_engine_variable_register(engine,
"REQUEST_BODY",
"FULL_REQUEST",
VAR_SIMPLE,
0, 0,
NULL,
var_full_request_generate,
VAR_CACHE,
PHASE_REQUEST_BODY
);
/* FULL_REQUEST_LENGTH */
msre_engine_variable_register(engine,
"FULL_REQUEST_LENGTH",
VAR_SIMPLE,
0, 0,
NULL,
var_full_request_length_generate,
VAR_CACHE,
PHASE_REQUEST_BODY
);
/* REQUEST_BODY */
msre_engine_variable_register(engine,
"REQUEST_BODY",
VAR_LIST,
0, 1,
var_generic_list_validate,
var_request_body_generate,
VAR_CACHE,
PHASE_REQUEST_BODY