github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix SecUnicodeMapFile support

Browse Source 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
This commit is contained in:
Victor Hora 2018-10-30 18:11:01 -04:00 committed by Felipe Zimmerle
parent 84ece3edcb
commit e3b9f7c913
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
12 changed files with 5885 additions and 5807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -14,7 +14,7 @@ v3.0.3 - YYYY-MMM-DD (to be released)
- Changes debuglogs schema to avoid unecessary str allocation
[0xb2840 - @zimmerle]
- Fix the SecUnicodeMapFile and SecUnicodeCodePage
[0x3094d - @zimmerle]
[0x3094d - @zimmerle, @victorhora]
- Changes the timing to save the rule message
[0xca270 - @zimmerle]
- Fix crash in msc_rules_add_file() when using disruptive action in chain

37
headers/modsecurity/rules_properties.h
View File

@ -21,6 +21,7 @@
#include <vector>
#include <list>
#include <set>
#include <cstring>
#endif
@ -34,6 +35,7 @@
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#define CODEPAGE_SEPARATORS " \t\n\r"
#ifdef __cplusplus
@ -80,14 +82,34 @@ class ConfigSet {
};
class RulesProperties;
class ConfigUnicodeMap {
public:
ConfigUnicodeMap() : m_set(false), m_unicode_map_table(NULL), m_unicode_codepage(0) { }
ConfigUnicodeMap() : m_set(false),
m_unicodeCodePage(0),
m_unicodeMapTable(NULL) { }
static void loadConfig(std::string f, double codePage,
RulesProperties *driver, std::string *errg);
void merge(ConfigUnicodeMap *from) {
if (from->m_set == false) {
return;
}
m_set = true;
m_unicodeCodePage = from->m_unicodeCodePage;
m_unicodeMapTable = from->m_unicodeMapTable;
return;
}
bool m_set;
int *m_unicode_map_table;
unsigned long int m_unicode_codepage;
double m_unicodeCodePage;
std::shared_ptr<int[]> m_unicodeMapTable;
};
class RulesProperties {
public:
RulesProperties() :
@ -350,13 +372,7 @@ class RulesProperties {
to->m_secWebAppId.m_set = true;
}
if (from->m_unicodeMapTable.m_set == true) {
to->m_unicodeMapTable.m_unicode_map_table = \
from->m_unicodeMapTable.m_unicode_map_table;
to->m_unicodeMapTable.m_unicode_codepage = \
from->m_unicodeMapTable.m_unicode_codepage;
to->m_unicodeMapTable.m_set = true;
}
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
if (from->m_httpblKey.m_set == true) {
to->m_httpblKey.m_value = from->m_httpblKey.m_value;
@ -508,6 +524,7 @@ class RulesProperties {
ConfigUnicodeMap m_unicodeMapTable;
};
#endif
#ifdef __cplusplus

1
src/Makefile.am
View File

@ -279,6 +279,7 @@ libmodsecurity_la_SOURCES = \
rule_script.cc \
unique_id.cc \
rules_exceptions.cc \
rules_properties.cc \
${BODY_PROCESSORS} \
${ACTIONS} \
${ENGINES} \

9
src/actions/transformations/url_decode_uni.cc
View File

@ -28,7 +28,10 @@
#include "modsecurity/transaction.h"
#include "src/actions/transformations/transformation.h"
#include "src/utils/string.h"
#include "src/utils/system.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_properties.h"
namespace modsecurity {
namespace actions {
@ -88,8 +91,8 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
if (t
&& t->m_rules->m_unicodeMapTable.m_set == true
&& t->m_rules->m_unicodeMapTable.m_unicode_map_table != NULL
&& t->m_rules->unicode_codepage > 0) {
&& t->m_rules->m_unicodeMapTable.m_unicodeMapTable != NULL
&& t->m_rules->m_unicodeMapTable.m_unicodeCodePage > 0) {
for (j = 5; j >= 2; j--) {
if (isxdigit((input[i+j]))) {
if (input[i+j] >= 97) {
@ -106,7 +109,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
if (Code >= 0 && Code <= 65535) {
Rules *r = t->m_rules;
hmap = r->m_unicodeMapTable.m_unicode_map_table[Code];
hmap = r->m_unicodeMapTable.m_unicodeMapTable[Code];
}
}

3
src/actions/transformations/url_decode_uni.h
View File

@ -16,15 +16,16 @@
#include <string>
#include "modsecurity/actions/action.h"
#include "modsecurity/rules_properties.h"
#include "src/actions/transformations/transformation.h"
#ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_
#define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
namespace actions {
namespace transformations {

3424
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

13
src/parser/seclang-parser.hh
View File

@ -96,6 +96,7 @@ class Driver;
#include "src/actions/tag.h"
#include "src/actions/transformations/none.h"
#include "src/actions/transformations/transformation.h"
#include "src/actions/transformations/url_decode_uni.h"
#include "src/actions/ver.h"
#include "src/actions/xmlns.h"
@ -379,10 +380,8 @@ using modsecurity::operators::Operator;
std::unique_ptr<Variable> c(b); \
a = std::move(c);
#define CODEPAGE_SEPARATORS " \t\n\r"
#line 386 "seclang-parser.hh" // lalr1.cc:380
#line 385 "seclang-parser.hh" // lalr1.cc:380
# include <cassert>
# include <cstdlib> // std::abort
@ -466,7 +465,7 @@ using modsecurity::operators::Operator;
namespace yy {
#line 470 "seclang-parser.hh" // lalr1.cc:380
#line 469 "seclang-parser.hh" // lalr1.cc:380
@ -2893,9 +2892,9 @@ namespace yy {
enum
{
yyeof_ = 0,
yylast_ = 3329, ///< Last index in yytable_.
yylast_ = 3295, ///< Last index in yytable_.
yynnts_ = 16, ///< Number of nonterminal symbols.
yyfinal_ = 337, ///< Termination state number.
yyfinal_ = 336, ///< Termination state number.
yyterror_ = 1,
yyerrcode_ = 256,
yyntokens_ = 340 ///< Number of tokens.
@ -6167,7 +6166,7 @@ namespace yy {
} // yy
#line 6171 "seclang-parser.hh" // lalr1.cc:380
#line 6170 "seclang-parser.hh" // lalr1.cc:380

111
src/parser/seclang-parser.yy
View File

@ -62,6 +62,7 @@ class Driver;
#include "src/actions/tag.h"
#include "src/actions/transformations/none.h"
#include "src/actions/transformations/transformation.h"
#include "src/actions/transformations/url_decode_uni.h"
#include "src/actions/ver.h"
#include "src/actions/xmlns.h"
@ -345,8 +346,6 @@ using modsecurity::operators::Operator;
std::unique_ptr<Variable> c(b); \
a = std::move(c);
#define CODEPAGE_SEPARATORS " \t\n\r"
}
// The parsing context.
%param { modsecurity::Parser::Driver& driver }
@ -1709,61 +1708,44 @@ expression:
driver.error(@0, "SecStatusEngine is not yet supported.");
YYERROR;
*/
| CONFIG_DIR_UNICODE_CODE_PAGE
{
long val;
val = atol($1.c_str());
if (val <= 0) {
std::stringstream ss;
ss << "Invalid setting for SecUnicodeCodePage: " << $1 << " ";
driver.error(@0, ss.str());
YYERROR;
}
driver.m_unicodeMapTable.m_unicode_codepage = val;
}
| CONFIG_DIR_UNICODE_MAP_FILE
{
std::string error;
std::vector<std::string> param;
double num = 0;
std::string f;
std::string file;
std::string err;
char *buf = NULL, *p = NULL, *savedptr = NULL;
int found = 0;
int code = 0;
unsigned int codepage = 0;
int Map = 0;
char *ucode = NULL, *hmap = NULL;
int processing = 0;
std::vector<std::string> param = utils::string::ssplit($1, ' ');
param = utils::string::ssplit($1, ' ');
if (param.size() <= 1) {
std::stringstream ss;
ss << "Failed to process unicode map, missing parameter: " << $1 << " ";
ss << err;
ss << "Failed to process unicode map, missing ";
ss << "parameter: " << $1 << " ";
driver.error(@0, ss.str());
YYERROR;
}
int num = 0;
try {
num = std::stod(param.back());
} catch (...) {
std::stringstream ss;
ss << "Failed to process unicode map, last parameter is expected to be a number: " << param.back() << " ";
ss << err;
ss << "Failed to process unicode map, last parameter is ";
ss << "expected to be a number: " << param.back() << " ";
driver.error(@0, ss.str());
YYERROR;
}
param.pop_back();
std::string f;
while (param.size() > 0) {
f = param.back() + " " + f;
if (f.empty()) {
f = param.back();
} else {
f = param.back() + " " + f;
}
param.pop_back();
}
std::string file = modsecurity::utils::find_resource(f,
driver.ref.back(), &err);
file = modsecurity::utils::find_resource(f, driver.ref.back(), &err);
if (file.empty()) {
std::stringstream ss;
ss << "Failed to locate the unicode map file from: " << f << " ";
@ -1772,66 +1754,13 @@ expression:
YYERROR;
}
driver.m_unicodeMapTable.m_set = true;
driver.m_unicodeMapTable.m_unicode_map_table = static_cast<int *>(malloc(sizeof(int) * 65536));
ConfigUnicodeMap::loadConfig(file, num, &driver, &error);
// FIXME: that deservers to have its own file. Too much code to be here.
if (driver.m_unicodeMapTable.m_unicode_map_table == NULL) {
std::stringstream ss;
ss << "Failed to allocate memory for the unicode map file - " << $1 << " ";
ss << err;
driver.error(@0, ss.str());
if (!error.empty()) {
driver.error(@0, error);
YYERROR;
}
memset(driver.m_unicodeMapTable.m_unicode_map_table, -1, (sizeof(int)*65536));
/* Setting some unicode values - http://tools.ietf.org/html/rfc3490#section-3.1 */
/* Set 0x3002 -> 0x2e */
driver.m_unicodeMapTable.m_unicode_map_table[0x3002] = 0x2e;
/* Set 0xFF61 -> 0x2e */
driver.m_unicodeMapTable.m_unicode_map_table[0xff61] = 0x2e;
/* Set 0xFF0E -> 0x2e */
driver.m_unicodeMapTable.m_unicode_map_table[0xff0e] = 0x2e;
/* Set 0x002E -> 0x2e */
driver.m_unicodeMapTable.m_unicode_map_table[0x002e] = 0x2e;
p = strtok_r(buf, CODEPAGE_SEPARATORS, &savedptr);
while (p != NULL) {
codepage = atol(p);
if (codepage == driver.m_unicodeMapTable.m_unicode_codepage) {
found = 1;
}
if (found == 1 && (strchr(p,':') != NULL)) {
char *mapping = strdup(p);
processing = 1;
if (mapping != NULL) {
ucode = strtok_r(mapping, ":", &hmap);
sscanf(ucode, "%x", &code);
sscanf(hmap, "%x", &Map);
if (code >= 0 && code <= 65535) {
driver.m_unicodeMapTable.m_unicode_map_table[code] = Map;
}
free(mapping);
mapping = NULL;
}
}
if (processing == 1 && (strchr(p,':') == NULL)) {
free(buf);
buf = NULL;
break;
}
p = strtok_r(NULL,CODEPAGE_SEPARATORS,&savedptr);
}
}
| CONFIG_SEC_COLLECTION_TIMEOUT
{

7824
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

2
src/parser/seclang-scanner.ll
View File

@ -372,7 +372,6 @@ CONFIG_DIR_SEC_DEFAULT_ACTION (?i:SecDefaultAction)
CONFIG_SEC_DISABLE_BACKEND_COMPRESS (?i:SecDisableBackendCompression)
CONFIG_DIR_SEC_MARKER (?i:SecMarker)
CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
CONFIG_DIR_UNICODE_CODE_PAGE (?i:SecUnicodeCodePage)
CONFIG_INCLUDE (?i:Include)
CONFIG_SEC_COLLECTION_TIMEOUT (?i:SecCollectionTimeout)
CONFIG_SEC_HTTP_BLKEY (?i:SecHttpBlKey)
@ -775,7 +774,6 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_DIR_SEC_MARKER}[ \t]+["]{NEW_LINE_FREE_TEXT}["] { return p::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_SEC_MARKER}[ \t]+{NEW_LINE_FREE_TEXT} { return p::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_UNICODE_MAP_FILE}[ ]+{FREE_TEXT_NEW_LINE}[ ]+{CONFIG_VALUE_NUMBER} { return p::make_CONFIG_DIR_UNICODE_MAP_FILE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_DIR_UNICODE_CODE_PAGE}[ ]{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_DIR_UNICODE_CODE_PAGE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }

133
src/rules_properties.cc Normal file
View File

@ -0,0 +1,133 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/rules_properties.h"
#include <string>
#include "src/utils/string.h"
#include "src/variables/variable.h"
namespace modsecurity {
void ConfigUnicodeMap::loadConfig(std::string f, double configCodePage,
RulesProperties *driver, std::string *errg) {
char *buf = NULL;
char *hmap = NULL;
char *p = NULL;
char *savedptr = NULL;
char *ucode = NULL;
int code = 0;
int found = 0;
int length = 0;
int Map = 0;
int processing = 0;
unsigned int codepage = 0;
driver->m_unicodeMapTable.m_set = true;
driver->m_unicodeMapTable.m_unicodeCodePage = configCodePage;
std::unique_ptr<int[]> a(new int[65536], std::default_delete<int[]>());
driver->m_unicodeMapTable.m_unicodeMapTable = std::move(a);
memset(driver->m_unicodeMapTable.m_unicodeMapTable.get(), -1,
(sizeof(int)*65536));
/* Setting some unicode values - http://tools.ietf.org/html/rfc3490#section-3.1 */
/* Set 0x3002 -> 0x2e */
driver->m_unicodeMapTable.m_unicodeMapTable[0x3002] = 0x2e;
/* Set 0xFF61 -> 0x2e */
driver->m_unicodeMapTable.m_unicodeMapTable[0xff61] = 0x2e;
/* Set 0xFF0E -> 0x2e */
driver->m_unicodeMapTable.m_unicodeMapTable[0xff0e] = 0x2e;
/* Set 0x002E -> 0x2e */
driver->m_unicodeMapTable.m_unicodeMapTable[0x002e] = 0x2e;
std::ifstream file_stream(f, std::ios::in | std::ios::binary);
if (file_stream) {
file_stream.seekg (0, file_stream.end);
length = file_stream.tellg();
file_stream.seekg (0, file_stream.beg);
} else {
std::stringstream ss;
ss << "Failed to open the unicode map file from: " << f << " ";
errg->assign(ss.str());
return;
}
if (length <= 0) {
std::stringstream ss;
ss << "Failed to open the unicode map file from: " << f << " ";
errg->assign(ss.str());
return;
}
buf = new char[length+1];
if (!buf) {
std::stringstream ss;
ss << "Failed to open the unicode map file from: " << f << " ";
errg->assign(ss.str());
return;
}
memset(buf, '\0', (sizeof(char)*(length+1)));
file_stream.read(buf, length);
file_stream.close();
p = strtok_r(buf, CODEPAGE_SEPARATORS, &savedptr);
while (p != NULL) {
codepage = atol(p);
if (codepage == configCodePage) {
found = 1;
}
if (found == 1 && (strchr(p,':') != NULL)) {
char *mapping = strdup(p);
processing = 1;
if (mapping != NULL) {
ucode = strtok_r(mapping, ":", &hmap);
sscanf(ucode, "%x", &code);
sscanf(hmap, "%x", &Map);
if (code >= 0 && code <= 65535) {
driver->m_unicodeMapTable.m_unicodeMapTable[code] = Map;
}
free(mapping);
mapping = NULL;
}
}
if (processing == 1 && (strchr(p,':') == NULL)) {
break;
}
if (!savedptr) {
break;
}
p = strtok_r(NULL, CODEPAGE_SEPARATORS, &savedptr);
}
delete[] buf;
}
} // namespace modsecurity

133
test/test-cases/regression/issue-1941.json
View File

@ -41,26 +41,119 @@
"SecUnicodeMapFile does-not-exist-unicode.mapping eita"
]
},
{
"enabled":1,
"version_min":209000,
"version_max":-1,
"title":"Test SecUnicodeMapFile: ... 4/n",
"url":"https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1941",
"request":{
"uri":"/?param=дор",
"headers":"",
"body":"",
"method":"GET",
"http_version":1.1
},
"expected":{
"debug_log": "Target value: \"dop\""
},
"rules":[
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "Failed to load locate the unicode map file from: ... 4/n",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2&pparam=дор",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
},
"body": [
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r",
"<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r",
" <soap:Body>\n\r",
" <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r",
" <EnlightenResult>string<\/EnlightenResult>\n\r",
" <\/EnlightenResponse>\n\r",
" <\/soap:Body>\n\r",
"<\/soap:Envelope>\n\r"
]
},
"expected": {
"debug_log": "Target value: \"dop\"",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecUnicodeMapFile test-cases/data/unicode.mapping-reduced 1251",
"SecRule ARGS \"@contains dop\" \"phase:1,id:999,deny,log,auditlog,t:none,t:utf8toUnicode,t:urlDecodeUni,multiMatch\""
]
}
]
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "Failed to load locate the unicode map file from: ... 5/n",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2&pparam=дор",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
},
"body": [
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r",
"<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r",
" <soap:Body>\n\r",
" <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r",
" <EnlightenResult>string<\/EnlightenResult>\n\r",
" <\/EnlightenResponse>\n\r",
" <\/soap:Body>\n\r",
"<\/soap:Envelope>\n\r"
]
},
"expected": {
"debug_log": "Target value: \"4>@\"",
"http_code": 200
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@contains dop\" \"phase:1,id:999,deny,log,auditlog,t:none,t:utf8toUnicode,t:urlDecodeUni,multiMatch\""
]
}
]