Looks for external resources in the same path of the rule

src/parser/driver.cc

@@ -90,7 +90,9 @@ int Driver::addSecRule(Rule *rule) {
      * by other rule
      */
     if (rule->rule_id == 0) {
-        parserError << "Rules must have an ID." << std::endl;
+        parserError << "Rules must have an ID. File: ";
+        parserError << rule->m_fileName << " at line: ";
+        parserError << std::to_string(rule->m_lineNumber) << std::endl;
         return false;
     }
     for (int i = 0; i < ModSecurity::Phases::NUMBER_OF_PHASES; i++) {

src/parser/seclang-parser.yy

@@ -351,7 +351,7 @@ op:
       {
         Operator *op = Operator::instantiate($1);
         const char *error = NULL;
-        if (op->init(&error) == false) {
+        if (op->init(driver.ref.back(), &error) == false) {
             driver.error(@0, error);
             YYERROR;
         }
@@ -361,7 +361,7 @@ op:
       {
         Operator *op = Operator::instantiate("\"@rx " + $1 + "\"");
         const char *error = NULL;
-        if (op->init(&error) == false) {
+        if (op->init(driver.ref.back(), &error) == false) {
             driver.error(@0, error);
             YYERROR;
         }
@@ -375,7 +375,9 @@ expression:
         Rule *rule = new Rule(
             /* op */ $3,
             /* variables */ $2,
-            /* actions */ $4
+            /* actions */ $4,
+            /* file name */ driver.ref.back(),
+            /* line number */ @0.end.line
             );
 
         if (driver.addSecRule(rule) == false) {
@@ -387,7 +389,9 @@ expression:
         Rule *rule = new Rule(
             /* op */ $3,
             /* variables */ $2,
-            /* actions */ NULL
+            /* actions */ NULL,
+            /* file name */ driver.ref.back(),
+            /* line number */ @0.end.line
             );
 
         if (driver.addSecRule(rule) == false) {
@@ -399,7 +403,9 @@ expression:
         Rule *rule = new Rule(
             /* op */ NULL,
             /* variables */ NULL,
-            /* actions */ $2
+            /* actions */ $2,
+            /* file name */ driver.ref.back(),
+            /* line number */ @0.end.line
             );
         driver.addSecAction(rule);
       }
@@ -508,7 +514,14 @@ expression:
     /* Debug log: end */
     | CONFIG_DIR_GEO_DB
       {
-        GeoLookup::getInstance().setDataBase($1);
+        std::string file = ModSecurity::find_resource($1, driver.ref.back());
+        if (GeoLookup::getInstance().setDataBase(file) == false) {
+            std::stringstream ss;
+            ss << "Failed to load the GeoDB from: ";
+            ss << file;
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
       }
     /* Body limits */
     | CONFIG_DIR_REQ_BODY_LIMIT

src/parser/seclang-scanner.ll

@@ -98,7 +98,7 @@ CONFIG_SEC_REMOTE_RULES              (?i:SecRemoteRules)
 CONFIG_SEC_REMOTE_RULES_FAIL_ACTION  (?i:SecRemoteRulesFailAction)
 
 
-DICT_ELEMENT    [^ \|\t]+
+DICT_ELEMENT    [^ \t]+
 
 
 OPERATOR        (?i:(?:@inspectFile|@fuzzyHash|@validateByteRange|@validateDTD|@validateHash|@validateSchema|@verifyCC|@verifyCPF|@verifySSN|@gsbLookup|@rsub)|(?:\!{0,1})(?:@within|@containsWord|@contains|@endsWith|@eq|@ge|@gt|@ipMatchF|@ipMatch|@ipMatchFromFile|@le|@lt|@pmf|@pm|@pmFromFile|@rbl|@rx|@streq|@strmatch|@beginsWith))
@@ -143,17 +143,20 @@ CONFIG_VALUE_PATH    [0-9A-Za-z_/\.\-\*]+
 AUDIT_PARTS [ABCDEFHJKIZ]+
 CONFIG_VALUE_NUMBER [0-9]+
 
-FREE_TEXT       ([^\"]|([^\\]\\\"))+
+FREE_TEXT       ([^\"]|(\\\"))+
 
 FREE_TEXT_NEW_LINE       [^\"|\n]+
 FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
 FREE_TEXT_SPACE [^ \t]+
 FREE_TEXT_SPACE_COMMA [^, \t]+
+FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"]+
 
 VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
 VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+
 VAR_FREE_TEXT_SPACE [^ \t\"]+
 
+SOMETHING ["]{1}[^@]{1}([^"]|([^\\"]\\\"))*["]{1}
+
 CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 
 %x EXPECTING_OPERATOR COMMENT
@@ -266,14 +269,14 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 {CONFIG_DIR_SEC_MARKER}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 
 <EXPECTING_OPERATOR>{
-["][^@]{FREE_TEXT}["]           { BEGIN(INITIAL); return yy::seclang_parser::make_FREE_TEXT(yytext, *driver.loc.back()); }
+{SOMETHING}           { BEGIN(INITIAL); return yy::seclang_parser::make_FREE_TEXT(yytext, *driver.loc.back()); }
 ["]{OPERATOR}[ ]{FREE_TEXT}["]  { BEGIN(INITIAL); return yy::seclang_parser::make_OPERATOR(yytext, *driver.loc.back()); }
 ["]{OPERATORNOARG}[\t ]*["]           { BEGIN(INITIAL); return yy::seclang_parser::make_OPERATOR(yytext, *driver.loc.back()); }
 }
 
 {ACTION}                        { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
 {ACTION_PHASE}                  { return yy::seclang_parser::make_ACTION_PHASE(yytext, *driver.loc.back()); }
-{ACTION_SKIP_AFTER}:{FREE_TEXT} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(strchr(yytext, ':') + 1, *driver.loc.back()); }
+{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return yy::seclang_parser::make_ACTION_SKIP_AFTER(strchr(yytext, ':') + 1, *driver.loc.back()); }
 {ACTION_AUDIT_LOG}              { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }
 
 {ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE}       { return yy::seclang_parser::make_ACTION_SEVERITY(yytext + 9, *driver.loc.back()); }