Adds support to SecRuleScript directive

2025-08-13 21:36:00 +03:00 · 2017-11-05 18:42:46 -03:00 · 2017-11-05 18:42:46 -03:00 · e52bd7d635
commit e52bd7d635
parent cb3363c7d5
6 changed files with 122 additions and 2 deletions
--- a/2
+++ b/2
@ -2,6 +2,8 @@
 v3.0.????? - ?
 ---------------------------

+ - Adds support to SecRuleScript directive.
+   [Issue #994 - @zimmerle]
 - Adds support for the exec action.
   [Issue #1050 - @zimmerle]
 - Adds support for transformations inside Lua engine
--- a/headers/modsecurity/rule.h
+++ b/headers/modsecurity/rule.h
@ -52,7 +52,7 @@ class Rule {
    explicit Rule(std::string marker);
    ~Rule();

-    bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> rm);
+    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> rm);
    bool evaluateActions(Transaction *transaction);
    std::vector<std::unique_ptr<collection::Variable>>
 	getFinalVars(Transaction *trasn);
--- a/src/parser/driver.cc
+++ b/src/parser/driver.cc
@ -63,6 +63,13 @@ int Driver::addSecAction(Rule *rule) {
    return true;
 }

+
+int Driver::addSecRuleScript(RuleScript *rule) {
+    m_rules[rule->m_phase].push_back(rule);
+    return true;
+}
+
+
 int Driver::addSecRule(Rule *rule) {
    if (rule->m_phase > modsecurity::Phases::NUMBER_OF_PHASES) {
        m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);
--- a/src/parser/driver.h
+++ b/src/parser/driver.h
@ -28,7 +28,7 @@
 #include "modsecurity/rules.h"
 #include "modsecurity/rules_properties.h"
 #include "modsecurity/audit_log.h"
-
+#include "src/rule_script.h"
 #include "src/parser/seclang-parser.hh"

 using modsecurity::Rule;
@ -58,6 +58,7 @@ class Driver : public RulesProperties {
    int addSecRule(Rule *rule);
    int addSecAction(Rule *rule);
    int addSecMarker(std::string marker);
+    int addSecRuleScript(RuleScript *rule);

    bool scan_begin();
    void scan_end();
--- a/src/rule_script.cc
+++ b/src/rule_script.cc
@ -0,0 +1,46 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/rule_script.h"
+
+
+namespace modsecurity {
+
+bool RuleScript::init(std::string *err) {
+    return m_lua.load(m_name, err);
+}
+
+bool RuleScript::evaluate(Transaction *trans,
+    std::shared_ptr<RuleMessage> ruleMessage) {
+    trans->debug(4, " Executing script: " + m_name + ".");
+    bool containsDisruptive = false;
+
+    if (ruleMessage == NULL) {
+        ruleMessage = std::shared_ptr<RuleMessage>(
+            new RuleMessage(this, trans));
+    }
+
+    executeActionsIndependentOfChainedRuleResult(trans,
+        &containsDisruptive, ruleMessage);
+
+    bool ret = m_lua.run(trans);
+    if (ret) {
+        executeActionsAfterFullMatch(trans, containsDisruptive, ruleMessage);
+    }
+
+    return ret;
+}
+
+}  // namespace modsecurity
--- a/src/rule_script.h
+++ b/src/rule_script.h
@ -0,0 +1,64 @@
+
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+#include "modsecurity/rule.h"
+#include "src/engine/lua.h"
+#include "src/operators/operator.h"
+#include "modsecurity/actions/action.h"
+#include "modsecurity/modsecurity.h"
+#include "src/actions/transformations/none.h"
+#include "src/actions/tag.h"
+#include "src/utils/string.h"
+#include "modsecurity/rules.h"
+#include "modsecurity/rule_message.h"
+#include "src/macro_expansion.h"
+#include "src/actions/msg.h"
+#include "src/actions/log_data.h"
+#include "src/actions/severity.h"
+#include "src/variables/variable.h"
+
+#ifndef SRC_RULE_SCRIPT_H_
+#define SRC_RULE_SCRIPT_H_
+
+
+namespace modsecurity {
+
+using actions::Action;
+
+/** @ingroup ModSecurity_CPP_API */
+class RuleScript : public Rule {
+ public:
+    RuleScript(std::string name,
+        std::vector<Action *> *actions,
+        std::string fileName,
+        int lineNumber
+    ) : Rule (NULL, NULL, actions, fileName, lineNumber),
+        m_name(name) { };
+
+    bool init(std::string *err);
+    bool evaluate(Transaction *trans,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
+
+
+    std::string m_name;
+    engine::Lua m_lua;
+};
+
+}  // namespace modsecurity
+
+#endif  // SRC_RULE_SCRIPT_H_
+