github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to GeoIP operator and variables.

Browse Source
This commit is contained in:
Felipe Zimmerle
2015-07-20 21:04:21 -03:00
parent 41bf1490b7
commit e189055ec3
17 changed files with 890 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/parser/seclang-parser.yy
View File

@@ -18,6 +18,7 @@ class Driver;
#include "variable_duration.h"
#include "variable_env.h"
#include "variable_modsec_build.h"
#include "utils/geo_lookup.h"
using ModSecurity::actions::Action;
using ModSecurity::actions::transformations::Transformation;
@@ -27,6 +28,7 @@ using ModSecurity::VariableDuration;
using ModSecurity::VariableEnv;
using ModSecurity::VariableModsecBuild;
using ModSecurity::Rule;
using ModSecurity::Utils::GeoLookup;
}
// The parsing context.
@@ -90,6 +92,8 @@ using ModSecurity::Rule;
%token <std::string> RUN_TIME_VAR_ENV
%token <std::string> RUN_TIME_VAR_BLD
%token <std::string> CONFIG_DIR_GEO_DB
%token <std::string> OPERATOR
%token <std::string> ACTION
%token <std::string> TRANSFORMATION
@@ -238,6 +242,10 @@ expression:
driver.debug_log_path = $1;
}
/* Debug log: end */
| CONFIG_DIR_GEO_DB
{
GeoLookup::getInstance().setDataBase($1);
}
variables:
variables PIPE VARIABLE

6
src/parser/seclang-scanner.ll
View File

@@ -23,6 +23,7 @@ DIRECTIVE SecRule
CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
CONFIG_DIR_RULE_ENG SecRuleEngine
CONFIG_DIR_REQ_BODY SecRequestBodyAccess
@@ -56,7 +57,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
VARIABLE (?i:FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX)
VARIABLE (?i:FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
RUN_TIME_VAR_DUR (?i:DURATION)
RUN_TIME_VAR_ENV (?i:ENV)
RUN_TIME_VAR_BLD (?i:MODSEC_BUILD)
@@ -75,6 +76,7 @@ AUDIT_PARTS [ABCDEFHJKZ]+
CONFIG_VALUE_NUMBER [0-9]+
FREE_TEXT [^\"]+
FREE_TEXT_NEW_LINE [^\"|\n]+
%{
// Code run each time a pattern is matched.
@@ -115,6 +117,8 @@ FREE_TEXT [^\"]+
{RUN_TIME_VAR_ENV}:?{DICT_ELEMENT}? { return yy::seclang_parser::make_RUN_TIME_VAR_ENV(yytext, loc); }
{RUN_TIME_VAR_BLD} { return yy::seclang_parser::make_RUN_TIME_VAR_BLD(yytext, loc); }
%{ /* Geo DB loopkup */ %}
{CONFIG_DIR_GEO_DB}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_DIR_GEO_DB(strchr(yytext, ' ') + 1, loc); }
{CONFIG_COMPONENT_SIG}[ ]["]{FREE_TEXT}["] { return yy::seclang_parser::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, loc); }