github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to SecRuleScript directive

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-11-05 18:42:46 -03:00
parent cb3363c7d5
commit e52bd7d635
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
6 changed files with 122 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -2,6 +2,8 @@
v3.0.????? - ? v3.0.????? - ?
--------------------------- ---------------------------
- Adds support to SecRuleScript directive.
[Issue #994 - @zimmerle]
- Adds support for the exec action. - Adds support for the exec action.
[Issue #1050 - @zimmerle] [Issue #1050 - @zimmerle]
- Adds support for transformations inside Lua engine - Adds support for transformations inside Lua engine

2
headers/modsecurity/rule.h
View File

@ -52,7 +52,7 @@ class Rule {
explicit Rule(std::string marker); explicit Rule(std::string marker);
~Rule(); ~Rule();
bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> rm); virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> rm);
bool evaluateActions(Transaction *transaction); bool evaluateActions(Transaction *transaction);
std::vector<std::unique_ptr<collection::Variable>> std::vector<std::unique_ptr<collection::Variable>>
getFinalVars(Transaction *trasn); getFinalVars(Transaction *trasn);

7
src/parser/driver.cc
View File

@ -63,6 +63,13 @@ int Driver::addSecAction(Rule *rule) {
return true; return true;
} }
int Driver::addSecRuleScript(RuleScript *rule) {
m_rules[rule->m_phase].push_back(rule);
return true;
}
int Driver::addSecRule(Rule *rule) { int Driver::addSecRule(Rule *rule) {
if (rule->m_phase > modsecurity::Phases::NUMBER_OF_PHASES) { if (rule->m_phase > modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->m_phase); m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);

3
src/parser/driver.h
View File

@ -28,7 +28,7 @@
#include "modsecurity/rules.h" #include "modsecurity/rules.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_properties.h"
#include "modsecurity/audit_log.h" #include "modsecurity/audit_log.h"
#include "src/rule_script.h"
#include "src/parser/seclang-parser.hh" #include "src/parser/seclang-parser.hh"
using modsecurity::Rule; using modsecurity::Rule;
@ -58,6 +58,7 @@ class Driver : public RulesProperties {
int addSecRule(Rule *rule); int addSecRule(Rule *rule);
int addSecAction(Rule *rule); int addSecAction(Rule *rule);
int addSecMarker(std::string marker); int addSecMarker(std::string marker);
int addSecRuleScript(RuleScript *rule);
bool scan_begin(); bool scan_begin();
void scan_end(); void scan_end();

46
src/rule_script.cc Normal file
View File

@ -0,0 +1,46 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/rule_script.h"
namespace modsecurity {
bool RuleScript::init(std::string *err) {
return m_lua.load(m_name, err);
}
bool RuleScript::evaluate(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage) {
trans->debug(4, " Executing script: " + m_name + ".");
bool containsDisruptive = false;
if (ruleMessage == NULL) {
ruleMessage = std::shared_ptr<RuleMessage>(
new RuleMessage(this, trans));
}
executeActionsIndependentOfChainedRuleResult(trans,
&containsDisruptive, ruleMessage);
bool ret = m_lua.run(trans);
if (ret) {
executeActionsAfterFullMatch(trans, containsDisruptive, ruleMessage);
}
return ret;
}
} // namespace modsecurity

64
src/rule_script.h Normal file
View File

@ -0,0 +1,64 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <string>
#include "modsecurity/rule.h"
#include "src/engine/lua.h"
#include "src/operators/operator.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/modsecurity.h"
#include "src/actions/transformations/none.h"
#include "src/actions/tag.h"
#include "src/utils/string.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#include "src/macro_expansion.h"
#include "src/actions/msg.h"
#include "src/actions/log_data.h"
#include "src/actions/severity.h"
#include "src/variables/variable.h"
#ifndef SRC_RULE_SCRIPT_H_
#define SRC_RULE_SCRIPT_H_
namespace modsecurity {
using actions::Action;
/** @ingroup ModSecurity_CPP_API */
class RuleScript : public Rule {
public:
RuleScript(std::string name,
std::vector<Action *> *actions,
std::string fileName,
int lineNumber
) : Rule (NULL, NULL, actions, fileName, lineNumber),
m_name(name) { };
bool init(std::string *err);
bool evaluate(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage) override;
std::string m_name;
engine::Lua m_lua;
};
} // namespace modsecurity
#endif // SRC_RULE_SCRIPT_H_