mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-11-18 02:10:36 +03:00
Adds new method for rule merge
IMPORTANT: SecDefaultAction specified on a child configuration will overwrite the ones specified on the parent; Previously it was concatenating.
This commit is contained in:
Felipe Zimmerle
@@ -81,7 +81,7 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
|
||||
}
|
||||
|
||||
/* is it a chained rule? */
|
||||
if (m_lastRule != nullptr && m_lastRule->isChained()) {
|
||||
if (m_lastRule != nullptr && m_lastRule->hasChainAction()) {
|
||||
r->setPhase(m_lastRule->getPhase());
|
||||
if (r->hasDisruptiveAction()) {
|
||||
m_parserError << "Disruptive actions can only be specified by";
|
||||
@@ -91,6 +91,74 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
|
||||
m_lastRule->m_chainedRuleChild = std::move(r);
|
||||
m_lastRule->m_chainedRuleChild->m_chainedRuleParent = m_lastRule;
|
||||
m_lastRule = m_lastRule->m_chainedRuleChild.get();
|
||||
|
||||
/* Lets set all meta-data to the first rule */
|
||||
RuleWithActions *firstRule = m_lastRule;
|
||||
if (!firstRule->hasChainAction()) {
|
||||
while (firstRule->m_chainedRuleParent != nullptr) {
|
||||
if (firstRule->hasMessageAction()) {
|
||||
firstRule->m_chainedRuleParent->setMessageAction(
|
||||
firstRule->getMessageAction()
|
||||
);
|
||||
firstRule->setMessageAction(nullptr);
|
||||
}
|
||||
if (firstRule->hasLogDataAction()) {
|
||||
firstRule->m_chainedRuleParent->setLogDataAction(
|
||||
firstRule->getLogDataAction()
|
||||
);
|
||||
firstRule->setLogDataAction(nullptr);
|
||||
}
|
||||
if (firstRule->hasSeverityAction()) {
|
||||
firstRule->m_chainedRuleParent->setSeverity(
|
||||
firstRule->getSeverity()
|
||||
);
|
||||
}
|
||||
if (firstRule->hasRevisionAction()) {
|
||||
firstRule->m_chainedRuleParent->setRevision(
|
||||
firstRule->getRevision()
|
||||
);
|
||||
}
|
||||
if (firstRule->hasVersionAction()) {
|
||||
firstRule->m_chainedRuleParent->setVersion(
|
||||
firstRule->getVersion()
|
||||
);
|
||||
}
|
||||
if (firstRule->hasAccuracyAction()) {
|
||||
firstRule->m_chainedRuleParent->setAccuracy(
|
||||
firstRule->getAccuracy()
|
||||
);
|
||||
}
|
||||
if (firstRule->hasMaturityAction()) {
|
||||
firstRule->m_chainedRuleParent->setMaturity(
|
||||
firstRule->getMaturity()
|
||||
);
|
||||
}
|
||||
|
||||
if (firstRule->hasTagAction()) {
|
||||
firstRule->m_chainedRuleParent->setTags(
|
||||
firstRule->getTagsAction()
|
||||
);
|
||||
firstRule->cleanTags();
|
||||
}
|
||||
|
||||
if (firstRule->hasDisruptiveAction()) {
|
||||
firstRule->m_chainedRuleParent->setDisruptiveAction(
|
||||
firstRule->getDisruptiveAction()
|
||||
);
|
||||
firstRule->setDisruptiveAction(nullptr);
|
||||
}
|
||||
firstRule->m_chainedRuleParent->setHasBlockAction(
|
||||
firstRule->hasBlockAction()
|
||||
);
|
||||
firstRule->m_chainedRuleParent->setHasLogAction(
|
||||
firstRule->hasLogAction()
|
||||
);
|
||||
firstRule->m_chainedRuleParent->setHasLogAction(
|
||||
firstRule->hasNoLogAction()
|
||||
);
|
||||
firstRule = firstRule->m_chainedRuleParent;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -119,6 +187,7 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
|
||||
}
|
||||
|
||||
m_lastRule = rule.get();
|
||||
|
||||
m_rulesSetPhases.insert(rule);
|
||||
|
||||
return true;
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1067,10 +1067,12 @@ expression:
|
||||
| DIRECTIVE variables op actions
|
||||
{
|
||||
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
|
||||
std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
|
||||
std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
|
||||
for (auto &i : *$4.get()) {
|
||||
if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
|
||||
t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
|
||||
std::shared_ptr<actions::Action> at = std::move(i);
|
||||
std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
|
||||
t->push_back(std::move(t2));
|
||||
} else {
|
||||
a->push_back(i.release());
|
||||
}
|
||||
@@ -1116,10 +1118,12 @@ expression:
|
||||
| CONFIG_DIR_SEC_ACTION actions
|
||||
{
|
||||
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
|
||||
std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
|
||||
std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
|
||||
for (auto &i : *$2.get()) {
|
||||
if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
|
||||
t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
|
||||
std::shared_ptr<actions::Action> at = std::move(i);
|
||||
std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
|
||||
t->push_back(std::move(t2));
|
||||
} else {
|
||||
a->push_back(i.release());
|
||||
}
|
||||
@@ -1136,10 +1140,12 @@ expression:
|
||||
{
|
||||
std::string err;
|
||||
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
|
||||
std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
|
||||
std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
|
||||
for (auto &i : *$2.get()) {
|
||||
if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
|
||||
t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
|
||||
std::shared_ptr<actions::Action> at = std::move(i);
|
||||
std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
|
||||
t->push_back(std::move(t2));
|
||||
} else {
|
||||
a->push_back(i.release());
|
||||
}
|
||||
@@ -1211,8 +1217,13 @@ expression:
|
||||
}
|
||||
|
||||
for (actions::Action *a : checkedActions) {
|
||||
driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(
|
||||
std::unique_ptr<actions::Action>(a));
|
||||
if (dynamic_cast<actions::transformations::Transformation *>(a)) {
|
||||
driver.m_rulesSetPhases[definedPhase]->m_defaultTransformations.push_back(
|
||||
std::shared_ptr<actions::transformations::Transformation>(
|
||||
dynamic_cast<actions::transformations::Transformation *>(a)));
|
||||
} else {
|
||||
driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(std::unique_ptr<Action>(a));
|
||||
}
|
||||
}
|
||||
|
||||
delete actions;
|
||||
|
||||
Reference in New Issue
Block a user