github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using shared var for variables names

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-02-02 15:41:13 -03:00
parent 6f7fdd9493
commit de7c5c89bb
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
21 changed files with 183 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
headers/modsecurity/collection/collection.h
View File

@ -40,6 +40,7 @@ namespace collection {
class Collection { class Collection {
public: public:
Collection(std::string a) : m_name(a) { }
virtual ~Collection() { } virtual ~Collection() { }
virtual void store(std::string key, std::string value) = 0; virtual void store(std::string key, std::string value) = 0;

36
headers/modsecurity/collection/variable.h
View File

@ -35,28 +35,60 @@ typedef struct Variable_t Variable;
namespace modsecurity { namespace modsecurity {
namespace collection { namespace collection {
class Collection;
class Variable { class Variable {
public: public:
explicit Variable(const std::string *key) : explicit Variable(const std::string *key) :
m_key(""), m_key(""),
m_value("") { m_value("") {
m_key.assign(*key); m_key.assign(*key);
m_keyWithCollection = std::make_shared<std::string>(*key);
} }
Variable(const std::string *key, const std::string *value) : Variable(const std::string *key, const std::string *value) :
m_key(""), m_key(""),
m_value("") { m_value("") {
m_key.assign(*key); m_key.assign(*key);
m_value.assign(*value); m_value.assign(*value);
m_keyWithCollection = std::make_shared<std::string>(*key);
} }
Variable() : Variable() :
m_key(""), m_key(""),
m_value("") { } m_value("") {
m_keyWithCollection = std::make_shared<std::string>(m_key);
}
Variable(const std::string *a, const std::string *b, const std::string *c) :
m_key(*a + ":" + *b),
m_value(*c) {
m_keyWithCollection = std::make_shared<std::string>(*a + ":" + *b);
}
Variable(std::shared_ptr<std::string> fullName) :
m_key(""),
m_value("") {
m_keyWithCollection = fullName;
m_key.assign(*fullName.get());
}
Variable(std::shared_ptr<std::string> fullName, const std::string *value) :
m_key(""),
m_value("") {
m_value.assign(*value);
m_keyWithCollection = fullName;
m_key.assign(*fullName.get());
}
explicit Variable(const Variable *o) : explicit Variable(const Variable *o) :
m_key(""), m_key(""),
m_value("") { m_value("") {
m_key.assign(o->m_key); m_key.assign(o->m_key);
m_value.assign(o->m_value); m_value.assign(o->m_value);
m_col.assign(o->m_col);
m_keyWithCollection = o->m_keyWithCollection;
for (auto &i : o->m_orign) { for (auto &i : o->m_orign) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin()); std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
origin->m_offset = i->m_offset; origin->m_offset = i->m_offset;
@ -67,6 +99,8 @@ class Variable {
std::string m_key; std::string m_key;
std::string m_value; std::string m_value;
std::string m_col;
std::shared_ptr<std::string> m_keyWithCollection;
std::list<std::unique_ptr<VariableOrigin>> m_orign; std::list<std::unique_ptr<VariableOrigin>> m_orign;
}; };

8
src/anchored_set_variable.cc
View File

@ -53,10 +53,8 @@ void AnchoredSetVariable::set(const std::string &key,
const std::string &value, size_t offset, size_t len) { const std::string &value, size_t offset, size_t len) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin()); std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *v = new std::string(value); std::string *v = new std::string(value);
std::string *k = new std::string(m_name + ":" + key); collection::Variable *var = new collection::Variable(std::make_shared<std::string>(m_name + ":" + key), v);
collection::Variable *var = new collection::Variable(k, v);
delete v; delete v;
delete k;
origin->m_offset = offset; origin->m_offset = offset;
origin->m_length = len; origin->m_length = len;
@ -70,10 +68,8 @@ void AnchoredSetVariable::set(const std::string &key,
const std::string &value, size_t offset) { const std::string &value, size_t offset) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin()); std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *v = new std::string(value); std::string *v = new std::string(value);
std::string *k = new std::string(m_name + ":" + key); collection::Variable *var = new collection::Variable(std::make_shared<std::string>(m_name + ":" + key), v);
collection::Variable *var = new collection::Variable(k, v);
delete v; delete v;
delete k;
origin->m_offset = offset; origin->m_offset = offset;
origin->m_length = value.size(); origin->m_length = value.size();

87
src/collection/backend/in_memory-per_process.cc
View File

@ -36,7 +36,8 @@ namespace collection {
namespace backend { namespace backend {
InMemoryPerProcess::InMemoryPerProcess() { InMemoryPerProcess::InMemoryPerProcess(std::string name) :
Collection(name) {
this->reserve(1000); this->reserve(1000);
pthread_mutex_init(&m_lock, NULL); pthread_mutex_init(&m_lock, NULL);
} }
@ -89,7 +90,7 @@ void InMemoryPerProcess::resolveSingleMatch(const std::string& var,
auto range = this->equal_range(var); auto range = this->equal_range(var);
for (auto it = range.first; it != range.second; ++it) { for (auto it = range.first; it != range.second; ++it) {
l->push_back(new Variable(&it->first, &it->second)); l->push_back(new Variable(&m_name, &it->first, &it->second));
} }
} }
@ -99,33 +100,15 @@ void InMemoryPerProcess::resolveMultiMatches(const std::string& var,
size_t keySize = var.size(); size_t keySize = var.size();
l->reserve(15); l->reserve(15);
auto range = this->equal_range(var); if (keySize == 0) {
for (auto &i : *this) {
for (auto it = range.first; it != range.second; ++it) { l->insert(l->begin(), new Variable(&m_name, &i.first, &i.second));
l->insert(l->begin(), new Variable(&var, &it->second));
}
for (const auto& x : *this) {
bool diff = false;
if (x.first.size() <= keySize + 1) {
continue;
} }
if (x.first.at(keySize) != ':') { } else {
continue; auto range = this->equal_range(var);
for (auto it = range.first; it != range.second; ++it) {
l->insert(l->begin(), new Variable(&m_name, &var, &it->second));
} }
for (int i = 0; i < keySize && diff == false; i++) {
if (std::tolower(x.first.at(i)) != std::tolower(var.at(i))) {
diff = true;
}
}
if (diff == true) {
continue;
}
l->insert(l->begin(), new Variable(&x.first, &x.second));
} }
} }
@ -133,36 +116,37 @@ void InMemoryPerProcess::resolveMultiMatches(const std::string& var,
void InMemoryPerProcess::resolveRegularExpression(const std::string& var, void InMemoryPerProcess::resolveRegularExpression(const std::string& var,
std::vector<const Variable *> *l) { std::vector<const Variable *> *l) {
if (var.find(":") == std::string::npos) {
return; //if (var.find(":") == std::string::npos) {
} // return;
if (var.size() < var.find(":") + 3) { //}
return; //if (var.size() < var.find(":") + 3) {
} // return;
std::string col = std::string(var, 0, var.find(":")); //}
std::string name = std::string(var, var.find(":") + 2, //std::string col = std::string(var, 0, var.find(":"));
var.size() - var.find(":") - 3); //std::string name = std::string(var, var.find(":") + 2,
size_t keySize = col.size(); // var.size() - var.find(":") - 3);
Utils::Regex r = Utils::Regex(name); //size_t keySize = col.size();
Utils::Regex r = Utils::Regex(var);
for (const auto& x : *this) { for (const auto& x : *this) {
if (x.first.size() <= keySize + 1) { //if (x.first.size() <= keySize + 1) {
continue; // continue;
} //}
if (x.first.at(keySize) != ':') { //if (x.first.at(keySize) != ':') {
continue; // continue;
} //}
if (std::string(x.first, 0, keySize) != col) { //if (std::string(x.first, 0, keySize) != col) {
continue; // continue;
} //}
std::string content = std::string(x.first, keySize + 1, //std::string content = std::string(x.first, keySize + 1,
x.first.size() - keySize - 1); // x.first.size() - keySize - 1);
int ret = Utils::regex_search(content, r); int ret = Utils::regex_search(x.first, r);
if (ret <= 0) { if (ret <= 0) {
continue; continue;
} }
l->insert(l->begin(), new Variable(&x.first, &x.second)); l->insert(l->begin(), new Variable(&m_name, &x.first, &x.second));
} }
} }
@ -170,7 +154,6 @@ void InMemoryPerProcess::resolveRegularExpression(const std::string& var,
std::unique_ptr<std::string> InMemoryPerProcess::resolveFirst( std::unique_ptr<std::string> InMemoryPerProcess::resolveFirst(
const std::string& var) { const std::string& var) {
auto range = equal_range(var); auto range = equal_range(var);
for (auto it = range.first; it != range.second; ++it) { for (auto it = range.first; it != range.second; ++it) {
return std::unique_ptr<std::string>(new std::string(it->second)); return std::unique_ptr<std::string>(new std::string(it->second));
} }

2
src/collection/backend/in_memory-per_process.h
View File

@ -71,7 +71,7 @@ class InMemoryPerProcess :
/*std::hash<std::string>*/MyHash, MyEqual>, /*std::hash<std::string>*/MyHash, MyEqual>,
public Collection { public Collection {
public: public:
InMemoryPerProcess(); InMemoryPerProcess(std::string name);
~InMemoryPerProcess(); ~InMemoryPerProcess();
void store(std::string key, std::string value) override; void store(std::string key, std::string value) override;

3
src/collection/collections.cc
View File

@ -44,7 +44,8 @@ Collections::Collections(Collection *global,
m_ip_collection(ip), m_ip_collection(ip),
m_session_collection(session), m_session_collection(session),
m_user_collection(user), m_user_collection(user),
m_tx_collection(new backend::InMemoryPerProcess()) { } m_tx_collection(new backend::InMemoryPerProcess("TX")) {
}
Collections::~Collections() { } Collections::~Collections() { }

10
src/modsecurity.cc
View File

@ -66,11 +66,11 @@ ModSecurity::ModSecurity()
m_session_collection(new collection::backend::LMDB()), m_session_collection(new collection::backend::LMDB()),
m_user_collection(new collection::backend::LMDB()), m_user_collection(new collection::backend::LMDB()),
#else #else
m_global_collection(new collection::backend::InMemoryPerProcess()), m_global_collection(new collection::backend::InMemoryPerProcess("GLOBAL")),
m_resource_collection(new collection::backend::InMemoryPerProcess()), m_ip_collection(new collection::backend::InMemoryPerProcess("IP")),
m_ip_collection(new collection::backend::InMemoryPerProcess()), m_resource_collection(new collection::backend::InMemoryPerProcess("RESOURCE")),
m_session_collection(new collection::backend::InMemoryPerProcess()), m_session_collection(new collection::backend::InMemoryPerProcess("SESSION")),
m_user_collection(new collection::backend::InMemoryPerProcess()), m_user_collection(new collection::backend::InMemoryPerProcess("USER")),
#endif #endif
m_logCb(NULL) { m_logCb(NULL) {
UniqueId::uniqueId(); UniqueId::uniqueId();

2
src/operators/pm.cc
View File

@ -105,7 +105,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
} }
if (capture && transaction && rc) { if (capture && transaction && rc) {
transaction->m_collections.m_tx_collection->storeOrUpdateFirst("TX:0", transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0",
std::string(match)); std::string(match));
#ifndef NO_LOGS #ifndef NO_LOGS
transaction->debug(7, "Added pm match TX.0: " + \ transaction->debug(7, "Added pm match TX.0: " + \

2
src/operators/rx.cc
View File

@ -59,7 +59,7 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
matches.reverse(); matches.reverse();
for (const SMatch& a : matches) { for (const SMatch& a : matches) {
transaction->m_collections.m_tx_collection->storeOrUpdateFirst( transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
"TX:" + std::to_string(i), a.match); std::to_string(i), a.match);
#ifndef NO_LOGS #ifndef NO_LOGS
transaction->debug(7, "Added regex subexpression TX." + transaction->debug(7, "Added regex subexpression TX." +
std::to_string(i) + ": " + a.match); std::to_string(i) + ": " + a.match);

7
src/variables/env.cc
View File

@ -43,16 +43,15 @@ void Env::evaluate(Transaction *transaction,
} }
std::string key = std::string(env, 0, pos); std::string key = std::string(env, 0, pos);
std::string value = std::string(env, pos+1, env.length() - (pos + 1)); std::string value = std::string(env, pos+1, env.length() - (pos + 1));
std::pair<std::string, std::string> a("ENV:" + key, value); std::pair<std::string, std::string> a(key, value);
transaction->m_variableEnvs.insert(a); transaction->m_variableEnvs.insert(a);
} }
for (auto& x : transaction->m_variableEnvs) { for (auto& x : transaction->m_variableEnvs) {
if ((x.first.substr(0, m_name.size() + 1).compare(m_name + ":") != 0) if (x.first != m_name && m_name.length() > 0) {
&& (x.first != m_name)) {
continue; continue;
} }
l->push_back(new collection::Variable(&x.first, &x.second)); l->push_back(new collection::Variable(&m_collectionName, &x.first, &x.second));
} }
} }

8
src/variables/global.h
View File

@ -35,7 +35,7 @@ class Global_DictElement : public Variable {
public: public:
explicit Global_DictElement(std::string dictElement) explicit Global_DictElement(std::string dictElement)
: Variable("GLOBAL"), : Variable("GLOBAL"),
m_dictElement("GLOBAL:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -67,7 +67,7 @@ class Global_DictElementRegexp : public Variable {
explicit Global_DictElementRegexp(std::string dictElement) explicit Global_DictElementRegexp(std::string dictElement)
: Variable("GLOBAL:regex(" + dictElement + ")"), : Variable("GLOBAL:regex(" + dictElement + ")"),
m_r(dictElement), m_r(dictElement),
m_dictElement("GLOBAL:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -92,7 +92,7 @@ class Global_DynamicElement : public Variable {
std::vector<const collection::Variable *> *l) override { std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(t); std::string string = m_string->evaluate(t);
t->m_collections.m_global_collection->resolveMultiMatches( t->m_collections.m_global_collection->resolveMultiMatches(
"GLOBAL:" + string, t->m_collections.m_global_collection_key, l); string, t->m_collections.m_global_collection_key, l);
} }
@ -104,7 +104,7 @@ class Global_DynamicElement : public Variable {
void storeOrUpdateFirst(Transaction *t, std::string var, void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) { std::string value) {
t->m_collections.m_global_collection->storeOrUpdateFirst( t->m_collections.m_global_collection->storeOrUpdateFirst(
"GLOBAL:" + var, t->m_collections.m_global_collection_key, value); var, t->m_collections.m_global_collection_key, value);
} }
std::unique_ptr<RunTimeString> m_string; std::unique_ptr<RunTimeString> m_string;

2
src/variables/highest_severity.cc
View File

@ -31,7 +31,7 @@ void HighestSeverity::evaluate(Transaction *transaction,
std::vector<const collection::Variable *> *l) { std::vector<const collection::Variable *> *l) {
transaction->m_variableHighestSeverityAction.assign( transaction->m_variableHighestSeverityAction.assign(
std::to_string(transaction->m_highestSeverityAction)); std::to_string(transaction->m_highestSeverityAction));
l->push_back(new collection::Variable(&m_retName, l->push_back(new collection::Variable(m_fullName,
&transaction->m_variableHighestSeverityAction)); &transaction->m_variableHighestSeverityAction));
} }

2
src/variables/ip.h
View File

@ -104,7 +104,7 @@ class Ip_DynamicElement : public Variable {
void storeOrUpdateFirst(Transaction *t, std::string var, void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) { std::string value) {
t->m_collections.m_ip_collection->storeOrUpdateFirst( t->m_collections.m_ip_collection->storeOrUpdateFirst(
"IP:" + var, t->m_collections.m_ip_collection_key, value); var, t->m_collections.m_ip_collection_key, value);
} }
std::unique_ptr<RunTimeString> m_string; std::unique_ptr<RunTimeString> m_string;

8
src/variables/resource.h
View File

@ -35,7 +35,7 @@ class Resource_DictElement : public Variable {
public: public:
explicit Resource_DictElement(std::string dictElement) explicit Resource_DictElement(std::string dictElement)
: Variable("RESOURCE:" + dictElement), : Variable("RESOURCE:" + dictElement),
m_dictElement("RESOURCE:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -69,7 +69,7 @@ class Resource_DictElementRegexp : public Variable {
explicit Resource_DictElementRegexp(std::string dictElement) explicit Resource_DictElementRegexp(std::string dictElement)
: Variable("RESOURCE:regex(" + dictElement + ")"), : Variable("RESOURCE:regex(" + dictElement + ")"),
m_r(dictElement), m_r(dictElement),
m_dictElement("RESOURCE:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -95,7 +95,7 @@ class Resource_DynamicElement : public Variable {
std::vector<const collection::Variable *> *l) override { std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(t); std::string string = m_string->evaluate(t);
t->m_collections.m_resource_collection->resolveMultiMatches( t->m_collections.m_resource_collection->resolveMultiMatches(
"RESOURCE:" + string, string,
t->m_collections.m_resource_collection_key, t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, l); t->m_rules->m_secWebAppId.m_value, l);
} }
@ -108,7 +108,7 @@ class Resource_DynamicElement : public Variable {
void storeOrUpdateFirst(Transaction *t, std::string var, void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) { std::string value) {
t->m_collections.m_resource_collection->storeOrUpdateFirst( t->m_collections.m_resource_collection->storeOrUpdateFirst(
"RESOURCE:" + var, var,
t->m_collections.m_resource_collection_key, t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, value); t->m_rules->m_secWebAppId.m_value, value);
} }

10
src/variables/session.h
View File

@ -35,7 +35,7 @@ class Session_DictElement : public Variable {
public: public:
explicit Session_DictElement(std::string dictElement) explicit Session_DictElement(std::string dictElement)
: Variable("SESSION"), : Variable("SESSION"),
m_dictElement("SESSION:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -67,9 +67,9 @@ class Session_NoDictElement : public Variable {
class Session_DictElementRegexp : public Variable { class Session_DictElementRegexp : public Variable {
public: public:
explicit Session_DictElementRegexp(std::string dictElement) explicit Session_DictElementRegexp(std::string dictElement)
: Variable("SESSION"), : Variable("SESSION:regex(" + dictElement + ")"),
m_r(dictElement), m_r(dictElement),
m_dictElement("SESSION:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -95,7 +95,7 @@ class Session_DynamicElement : public Variable {
std::vector<const collection::Variable *> *l) override { std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(t); std::string string = m_string->evaluate(t);
t->m_collections.m_session_collection->resolveMultiMatches( t->m_collections.m_session_collection->resolveMultiMatches(
"SESSION:" + string, string,
t->m_collections.m_session_collection_key, l); t->m_collections.m_session_collection_key, l);
} }
@ -107,7 +107,7 @@ class Session_DynamicElement : public Variable {
void storeOrUpdateFirst(Transaction *t, std::string var, void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) { std::string value) {
t->m_collections.m_session_collection->storeOrUpdateFirst( t->m_collections.m_session_collection->storeOrUpdateFirst(
"SESSION:" + var, t->m_collections.m_session_collection_key, var, t->m_collections.m_session_collection_key,
value); value);
} }

14
src/variables/tx.h
View File

@ -35,7 +35,7 @@ class Tx_DictElement : public Variable {
public: public:
explicit Tx_DictElement(std::string dictElement) explicit Tx_DictElement(std::string dictElement)
: Variable("TX:" + dictElement), : Variable("TX:" + dictElement),
m_dictElement("TX:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -56,7 +56,7 @@ class Tx_NoDictElement : public Variable {
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
std::vector<const collection::Variable *> *l) override { std::vector<const collection::Variable *> *l) override {
t->m_collections.m_tx_collection->resolveMultiMatches(m_name, l); t->m_collections.m_tx_collection->resolveMultiMatches("", l);
} }
}; };
@ -64,9 +64,9 @@ class Tx_NoDictElement : public Variable {
class Tx_DictElementRegexp : public Variable { class Tx_DictElementRegexp : public Variable {
public: public:
explicit Tx_DictElementRegexp(std::string dictElement) explicit Tx_DictElementRegexp(std::string dictElement)
: Variable("TX"), : Variable("TX:regex(" + dictElement + ")"),
m_r(dictElement), m_r(dictElement),
m_dictElement("TX:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -90,8 +90,7 @@ class Tx_DynamicElement : public Variable {
Rule *rule, Rule *rule,
std::vector<const collection::Variable *> *l) override { std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(t); std::string string = m_string->evaluate(t);
t->m_collections.m_tx_collection->resolveMultiMatches( t->m_collections.m_tx_collection->resolveMultiMatches(string, l);
"TX:" + string, l);
} }
void del(Transaction *t, std::string k) { void del(Transaction *t, std::string k) {
@ -100,8 +99,7 @@ class Tx_DynamicElement : public Variable {
void storeOrUpdateFirst(Transaction *t, std::string var, void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) { std::string value) {
t->m_collections.m_tx_collection->storeOrUpdateFirst( t->m_collections.m_tx_collection->storeOrUpdateFirst(var, value);
"TX:" + var, value);
} }
std::unique_ptr<RunTimeString> m_string; std::unique_ptr<RunTimeString> m_string;

10
src/variables/user.h
View File

@ -35,7 +35,7 @@ class User_DictElement : public Variable {
public: public:
explicit User_DictElement(std::string dictElement) explicit User_DictElement(std::string dictElement)
: Variable("USER"), : Variable("USER"),
m_dictElement("USER:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -67,9 +67,9 @@ class User_NoDictElement : public Variable {
class User_DictElementRegexp : public Variable { class User_DictElementRegexp : public Variable {
public: public:
explicit User_DictElementRegexp(std::string dictElement) explicit User_DictElementRegexp(std::string dictElement)
: Variable("USER"), : Variable("USER:regex(" + dictElement + ")"),
m_r(dictElement), m_r(dictElement),
m_dictElement("USER:" + dictElement) { } m_dictElement(dictElement) { }
void evaluate(Transaction *t, void evaluate(Transaction *t,
Rule *rule, Rule *rule,
@ -95,7 +95,7 @@ class User_DynamicElement : public Variable {
std::vector<const collection::Variable *> *l) override { std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(t); std::string string = m_string->evaluate(t);
t->m_collections.m_user_collection->resolveMultiMatches( t->m_collections.m_user_collection->resolveMultiMatches(
"USER:" + string, t->m_collections.m_user_collection_key, l); string, t->m_collections.m_user_collection_key, l);
} }
void del(Transaction *t, std::string k) { void del(Transaction *t, std::string k) {
@ -106,7 +106,7 @@ class User_DynamicElement : public Variable {
void storeOrUpdateFirst(Transaction *t, std::string var, void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) { std::string value) {
t->m_collections.m_user_collection->storeOrUpdateFirst( t->m_collections.m_user_collection->storeOrUpdateFirst(
"USER:" + var, t->m_collections.m_user_collection_key, var, t->m_collections.m_user_collection_key,
value); value);
} }

100
src/variables/variable.cc
View File

@ -33,47 +33,18 @@ Variable::Variable(std::string name)
m_collectionName(""), m_collectionName(""),
m_isExclusion(false), m_isExclusion(false),
m_isCount(false) { m_isCount(false) {
if (m_name.find(":") != std::string::npos) { size_t a = m_name.find(":");
std::string col = utils::string::toupper( if (a == std::string::npos) {
std::string(m_name, 0, m_name.find(":"))); a = m_name.find(".");
std::string name = std::string(m_name, m_name.find(":") + 1,
m_name.size());
if (col == "TX" || col == "IP" || col == "GLOBAL"
|| col == "RESOURCE" || col == "SESSION" || col == "USER") {
m_collectionName = col;
}
if ((name.at(0) == '\\') || (name.at(0) == '/')) {
m_type = RegularExpression;
} else {
m_type = SingleMatch;
}
} else {
m_type = MultipleMatches;
} }
if (a != std::string::npos) {
if (utils::string::tolower(m_name) == "tx") { m_collectionName = utils::string::toupper(std::string(m_name, 0, a));
m_collectionName = "TX"; m_name = std::string(m_name, a + 1, m_name.size());
m_type = MultipleMatches; m_fullName = std::make_shared<std::string>(m_collectionName + ":" + m_name);
} else if (utils::string::tolower(m_name) == "ip") {
m_collectionName = "IP";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "global") {
m_collectionName = "GLOBAL";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "resource") {
m_collectionName = "RESOURCE";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "session") {
m_collectionName = "SESSION";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "user") {
m_collectionName = "USER";
m_type = MultipleMatches;
} else if (m_name.find(".") != std::string::npos) {
m_kind = CollectionVarible;
m_collectionName = std::string(m_name, 0, m_name.find("."));
} else { } else {
m_kind = DirectVariable; m_fullName = std::make_shared<std::string>(m_name);
m_collectionName = m_name;
m_name = "";
} }
} }
@ -84,42 +55,18 @@ Variable::Variable(std::string name, VariableKind kind)
m_kind(kind), m_kind(kind),
m_isExclusion(false), m_isExclusion(false),
m_isCount(false) { m_isCount(false) {
if (m_name.find(":") != std::string::npos) { size_t a = m_name.find(":");
std::string col = utils::string::toupper( if (a == std::string::npos) {
std::string(m_name, 0, m_name.find(":"))); a = m_name.find(".");
std::string name = std::string(m_name, m_name.find(":") + 1, }
m_name.size()); if (a != std::string::npos) {
if (col == "TX" || col == "IP" || col == "GLOBAL" m_collectionName = utils::string::toupper(std::string(m_name, 0, a));
|| col == "RESOURCE" || col == "SESSION") { m_name = std::string(m_name, a + 1, m_name.size());
m_collectionName = col; m_fullName = std::make_shared<std::string>(m_collectionName + ":" + m_name);
}
if ((name.at(0) == '\\') || (name.at(0) == '/')) {
m_type = RegularExpression;
} else {
m_type = SingleMatch;
}
} else { } else {
m_type = MultipleMatches; m_fullName = std::make_shared<std::string>(m_name);
} }
if (utils::string::tolower(m_name) == "tx") {
m_collectionName = "TX";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "ip") {
m_collectionName = "IP";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "global") {
m_collectionName = "GLOBAL";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "resource") {
m_collectionName = "RESOURCE";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "session") {
m_collectionName = "SESSION";
m_type = MultipleMatches;
} else if (m_name.find(".") != std::string::npos) {
m_collectionName = std::string(m_name, 0, m_name.find("."));
}
} }
@ -128,22 +75,21 @@ std::string Variable::to_s(
std::string ret; std::string ret;
std::string except(""); std::string except("");
for (int i = 0; i < variables->size() ; i++) { for (int i = 0; i < variables->size() ; i++) {
std::string name = variables->at(i)->m_name;
VariableModificatorExclusion *e = VariableModificatorExclusion *e =
dynamic_cast<VariableModificatorExclusion *>(variables->at(i)); dynamic_cast<VariableModificatorExclusion *>(variables->at(i));
if (e != NULL) { if (e != NULL) {
if (except.empty()) { if (except.empty()) {
except = except + name; except = except + *variables->at(i)->m_fullName.get();
} else { } else {
except = except + "|" + name; except = except + "|" + *variables->at(i)->m_fullName.get();
} }
continue; continue;
} }
if (i == 0) { if (i == 0) {
ret = ret + name; ret = ret + *variables->at(i)->m_fullName.get();
} else { } else {
ret = ret + "|" + name; ret = ret + "|" + *variables->at(i)->m_fullName.get();
} }
} }

49
src/variables/variable.h
View File

@ -22,6 +22,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "src/utils/string.h" #include "src/utils/string.h"
#include "src/utils/regex.h" #include "src/utils/regex.h"
@ -357,6 +358,23 @@ class Variable {
vv = t->m_variableUrlEncodedError.resolveFirst(); vv = t->m_variableUrlEncodedError.resolveFirst();
} else if (comp(variable, "USERID")) { } else if (comp(variable, "USERID")) {
vv = t->m_variableUserID.resolveFirst(); vv = t->m_variableUserID.resolveFirst();
} else if (comp(variable, "TX")) {
vv = t->m_collections.m_tx_collection->resolveFirst("");
} else if (comp(variable, "RESOURCE")) {
vv = t->m_collections.m_resource_collection->resolveFirst("",
t->m_collections.m_resource_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(variable, "USER")) {
vv = t->m_collections.m_user_collection->resolveFirst("",
t->m_collections.m_user_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(variable, "SESSION")) {
vv = t->m_collections.m_session_collection->resolveFirst("",
t->m_collections.m_session_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(variable, "IP")) {
vv = t->m_collections.m_ip_collection->resolveFirst("",
t->m_collections.m_ip_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(variable, "GLOBAL")) {
vv = t->m_collections.m_global_collection->resolveFirst("",
t->m_collections.m_global_collection_key, t->m_rules->m_secWebAppId.m_value);
} else { } else {
throw std::invalid_argument("Variable not found."); throw std::invalid_argument("Variable not found.");
} }
@ -410,15 +428,36 @@ class Variable {
vv = t->m_variableRequestCookiesNames.resolveFirst(var); vv = t->m_variableRequestCookiesNames.resolveFirst(var);
} else if (comp(col, "FILES_TMPNAMES")) { } else if (comp(col, "FILES_TMPNAMES")) {
vv = t->m_variableFilesTmpNames.resolveFirst(var); vv = t->m_variableFilesTmpNames.resolveFirst(var);
} else if (comp(col, "TX")) {
vv = t->m_collections.m_tx_collection->resolveFirst(var);
} else if (comp(col, "RESOURCE")) {
vv = t->m_collections.m_resource_collection->resolveFirst(var,
t->m_collections.m_resource_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(col, "USER")) {
vv = t->m_collections.m_user_collection->resolveFirst(var,
t->m_collections.m_user_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(col, "SESSION")) {
vv = t->m_collections.m_session_collection->resolveFirst(var,
t->m_collections.m_session_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(col, "IP")) {
vv = t->m_collections.m_ip_collection->resolveFirst(var,
t->m_collections.m_ip_collection_key, t->m_rules->m_secWebAppId.m_value);
} else if (comp(col, "GLOBAL")) {
vv = t->m_collections.m_global_collection->resolveFirst(var,
t->m_collections.m_global_collection_key, t->m_rules->m_secWebAppId.m_value);
} else { } else {
throw std::invalid_argument("Variable not found."); throw std::invalid_argument("Variable not found.");
} }
} }
if (vv == nullptr) {
return std::string("");
}
return std::string(*vv.get()); return std::string(*vv.get());
} }
std::string m_name; std::string m_name;
std::string m_collectionName; std::string m_collectionName;
std::shared_ptr<std::string> m_fullName;
VariableType m_type; VariableType m_type;
VariableKind m_kind; VariableKind m_kind;
@ -430,7 +469,7 @@ class Variable {
class VariableModificatorExclusion : public Variable { class VariableModificatorExclusion : public Variable {
public: public:
explicit VariableModificatorExclusion(std::unique_ptr<Variable> var) explicit VariableModificatorExclusion(std::unique_ptr<Variable> var)
: Variable(var->m_name), : Variable(*var->m_fullName.get()),
m_var(std::move(var)) { m_var(std::move(var)) {
m_isExclusion = true; m_isExclusion = true;
} }
@ -448,7 +487,7 @@ class VariableModificatorExclusion : public Variable {
class VariableModificatorCount : public Variable { class VariableModificatorCount : public Variable {
public: public:
explicit VariableModificatorCount(std::unique_ptr<Variable> var) explicit VariableModificatorCount(std::unique_ptr<Variable> var)
: Variable(var->m_name), : Variable(*var->m_fullName.get()),
m_var(std::move(var)) { m_var(std::move(var)) {
m_isCount = true; m_isCount = true;
} }
@ -463,15 +502,13 @@ class VariableModificatorCount : public Variable {
m_var->evaluate(t, rule, &reslIn); m_var->evaluate(t, rule, &reslIn);
for (const collection::Variable *a : reslIn) { for (const collection::Variable *a : reslIn) {
count++; count++;
delete a; delete a;
a = NULL; a = NULL;
} }
reslIn.clear(); reslIn.clear();
std::string *res = new std::string(std::to_string(count)); std::string *res = new std::string(std::to_string(count));
std::string *name = new std::string(m_name); val = new collection::Variable(m_var->m_fullName, res);
val = new collection::Variable(name, res);
delete name;
delete res; delete res;
l->push_back(val); l->push_back(val);

5
src/variables/xml.cc
View File

@ -56,13 +56,14 @@ void XML::evaluate(Transaction *t,
size_t pos; size_t pos;
param = m_name; param = m_name;
/*
pos = m_name.find_first_of(":"); pos = m_name.find_first_of(":");
if (pos == std::string::npos) { if (pos == std::string::npos) {
param = ""; param = "";
} else { } else {
param = std::string(m_name, pos+1, m_name.length() - (pos + 1)); param = std::string(m_name, pos+1, m_name.length() - (pos + 1));
} }
*/
/* Is there an XML document tree at all? */ /* Is there an XML document tree at all? */
if (t->m_xml->m_data.doc == NULL) { if (t->m_xml->m_data.doc == NULL) {
/* Sorry, we've got nothing to give! */ /* Sorry, we've got nothing to give! */
@ -126,7 +127,7 @@ void XML::evaluate(Transaction *t,
xmlNodeGetContent(nodes->nodeTab[i])); xmlNodeGetContent(nodes->nodeTab[i]));
if (content != NULL) { if (content != NULL) {
std::string *a = new std::string(content); std::string *a = new std::string(content);
collection::Variable *var = new collection::Variable(&m_name, collection::Variable *var = new collection::Variable(m_fullName,
a); a);
delete a; delete a;
l->push_back(var); l->push_back(var);

4
test/test-cases/regression/collection-resource.json
View File

@ -40,7 +40,7 @@
}, },
"expected":{ "expected":{
"audit_log":"", "audit_log":"",
"debug_log":"Target value: \"123\" \\(Variable: whee::::RESOURCE:test\\)", "debug_log":"Target value: \"123\" \\(Variable: RESOURCE:whee::::test\\)",
"error_log":"" "error_log":""
}, },
"rules":[ "rules":[
@ -92,7 +92,7 @@
}, },
"expected":{ "expected":{
"audit_log":"", "audit_log":"",
"debug_log":"whee::webappid::RESOURCE:test", "debug_log":"RESOURCE:whee::webappid::test",
"error_log":"" "error_log":""
}, },
"rules":[ "rules":[