mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 13:26:01 +03:00
Contionuation of 1 time variable patch
Now we have almost 100% of the transaction variables hosted on the new schema. Variable modifcators (count and exclusion) are not yet supported on the new schema. Notice that setvar is now using the parser.
This commit is contained in:
Felipe Zimmerle
Felipe Zimmerle
parent
703da3c4f0
commit
e95555132e
@ -117,15 +117,133 @@ class AnchoredVariable {
|
||||
l->push_back(new collection::Variable(&m_name,
|
||||
&m_value));
|
||||
}
|
||||
|
||||
std::string *evaluate() {
|
||||
if (m_value.empty() == true) {
|
||||
return NULL;
|
||||
}
|
||||
return &m_value;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class TransactionAnchoredVariables {
|
||||
public:
|
||||
TransactionAnchoredVariables(Transaction *t)
|
||||
: m_variableArgsNames(t, "ARG_NAMES") { }
|
||||
: m_variableArgsNames(t, "ARGS_NAMES"),
|
||||
m_variableArgGetNames(t, "ARGS_GET_NAMES"),
|
||||
m_variableArgPostNames(t, "ARGS_POST_NAMES"),
|
||||
m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
|
||||
m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
|
||||
m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
|
||||
m_variableARGScombinedSize(t, "ARGS_COMBINED_SIZE"),
|
||||
m_variableAuthType(t, "AUTH_TYPE"),
|
||||
m_variableFilesCombinedSize(t, "FILES_COMBINED_SIZE"),
|
||||
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
|
||||
m_variableFullRequest(t, "FULL_REQUEST"),
|
||||
m_variableFullRequestLength(t, "FULL_REQUEST_LENGTH"),
|
||||
m_variableInboundDataError(t, "INBOUND_DATA_ERROR"),
|
||||
m_variableMatchedVar(t, "MATCHED_VAR"),
|
||||
m_variableMatchedVarName(t, "MATCHED_VAR_NAME"),
|
||||
m_variableMultipartCrlfLFLines(t, "MULTIPART_CRLF_LF_LINES"),
|
||||
m_variableMultipartDataAfter(t, "MULTIPART_DATA_AFTER"),
|
||||
m_variableMultipartFileLimitExceeded(t, "MULTIPART_FILE_LIMIT_EXCEEDED"),
|
||||
m_variableMultipartStrictError(t, "MULTIPART_STRICT_ERROR"),
|
||||
m_variableMultipartHeaderFolding(t, "MULTIPART_HEADER_FOLDING"),
|
||||
m_variableMultipartInvalidQuoting(t, "MULTIPART_INVALID_QUOTING"),
|
||||
m_variableMultipartInvalidHeaderFolding(t, "MULTIPART_INVALID_HEADER_FOLDING"),
|
||||
m_variableMultipartUnmatchedBoundary(t, "MULTIPART_UNMATCHED_BOUNDARY"),
|
||||
m_variableOutboundDataError(t, "OUTBOUND_DATA_ERROR"),
|
||||
m_variablePathInfo(t, "PATH_INFO"),
|
||||
m_variableQueryString(t, "QUERY_STRING"),
|
||||
m_variableRemoteAddr(t, "REMOTE_ADDR"),
|
||||
m_variableRemoteHost(t, "REMOTE_HOST"),
|
||||
m_variableRemotePort(t, "REMOTE_PORT"),
|
||||
m_variableReqbodyError(t, "REQBODY_ERROR"),
|
||||
m_variableReqbodyErrorMsg(t, "REQBODY_ERROR_MSG"),
|
||||
m_variableReqbodyProcessorErrorMsg(t, "REQBODY_PROCESSOR_ERROR_MSG"),
|
||||
m_variableReqbodyProcessorError(t, "REQBODY_PROCESSOR_ERROR"),
|
||||
m_variableReqbodyProcessor(t, "REQBODY_PROCESSOR"),
|
||||
m_variableRequestBasename(t, "REQUEST_BASENAME"),
|
||||
m_variableRequestBody(t, "REQUEST_BODY"),
|
||||
m_variableRequestBodyLength(t, "REQUEST_BODY_LENGTH"),
|
||||
m_variableRequestFilename(t, "REQUEST_FILENAME"),
|
||||
m_variableRequestLine(t, "REQUEST_LINE"),
|
||||
m_variableRequestMethod(t, "REQUEST_METHOD"),
|
||||
m_variableRequestProtocol(t, "REQUEST_PROTOCOL"),
|
||||
m_variableRequestURI(t, "REQUEST_URI"),
|
||||
m_variableRequestURIRaw(t, "REQUEST_URI_RAW"),
|
||||
m_variableResource(t, "RESOURCE"),
|
||||
m_variableResponseBody(t, "RESPONSE_BODY"),
|
||||
m_variableResponseContentLength(t, "RESPONSE_CONTENT_LENGTH"),
|
||||
m_variableResponseProtocol(t, "RESPONSE_PROTOCOL"),
|
||||
m_variableResponseStatus(t, "RESPONSE_STATUS"),
|
||||
m_variableServerAddr(t, "SERVER_ADDR"),
|
||||
m_variableServerName(t, "SERVER_NAME"),
|
||||
m_variableServerPort(t, "SERVER_PORT"),
|
||||
m_variableSessionID(t, "SESSIONID"),
|
||||
m_variableUniqueID(t, "UNIQUE_ID"),
|
||||
m_variableUrlEncodedError(t, "URLENCODED_ERROR"),
|
||||
m_variableUserID(t, "USERID")
|
||||
{ }
|
||||
|
||||
AnchoredVariable m_variableArgsNames;
|
||||
AnchoredVariable m_variableArgGetNames;
|
||||
AnchoredVariable m_variableArgPostNames;
|
||||
AnchoredVariable m_variableRequestHeadersNames;
|
||||
AnchoredVariable m_variableResponseContentType;
|
||||
AnchoredVariable m_variableResponseHeadersNames;
|
||||
AnchoredVariable m_variableARGScombinedSize;
|
||||
AnchoredVariable m_variableAuthType;
|
||||
AnchoredVariable m_variableFilesCombinedSize;
|
||||
AnchoredVariable m_variableFilesTmpNames;
|
||||
AnchoredVariable m_variableFullRequest;
|
||||
AnchoredVariable m_variableFullRequestLength;
|
||||
AnchoredVariable m_variableInboundDataError;
|
||||
AnchoredVariable m_variableMatchedVar;
|
||||
AnchoredVariable m_variableMatchedVarName;
|
||||
AnchoredVariable m_variableMultipartCrlfLFLines;
|
||||
AnchoredVariable m_variableMultipartDataAfter;
|
||||
AnchoredVariable m_variableMultipartFileLimitExceeded;
|
||||
AnchoredVariable m_variableMultipartStrictError;
|
||||
AnchoredVariable m_variableMultipartHeaderFolding;
|
||||
AnchoredVariable m_variableMultipartInvalidQuoting;
|
||||
AnchoredVariable m_variableMultipartInvalidHeaderFolding;
|
||||
AnchoredVariable m_variableMultipartUnmatchedBoundary;
|
||||
AnchoredVariable m_variableOutboundDataError;
|
||||
AnchoredVariable m_variablePathInfo;
|
||||
AnchoredVariable m_variableQueryString;
|
||||
AnchoredVariable m_variableRemoteAddr;
|
||||
AnchoredVariable m_variableRemoteHost;
|
||||
AnchoredVariable m_variableRemotePort;
|
||||
AnchoredVariable m_variableReqbodyError;
|
||||
AnchoredVariable m_variableReqbodyErrorMsg;
|
||||
AnchoredVariable m_variableReqbodyProcessorError;
|
||||
AnchoredVariable m_variableReqbodyProcessorErrorMsg;
|
||||
AnchoredVariable m_variableReqbodyProcessor;
|
||||
AnchoredVariable m_variableRequestBasename;
|
||||
AnchoredVariable m_variableRequestBody;
|
||||
AnchoredVariable m_variableRequestBodyLength;
|
||||
AnchoredVariable m_variableRequestFilename;
|
||||
AnchoredVariable m_variableRequestLine;
|
||||
AnchoredVariable m_variableRequestMethod;
|
||||
AnchoredVariable m_variableRequestProtocol;
|
||||
AnchoredVariable m_variableRequestURI;
|
||||
AnchoredVariable m_variableRequestURIRaw;
|
||||
AnchoredVariable m_variableResource;
|
||||
AnchoredVariable m_variableResponseBody;
|
||||
AnchoredVariable m_variableResponseContentLength;
|
||||
AnchoredVariable m_variableResponseProtocol;
|
||||
AnchoredVariable m_variableResponseStatus;
|
||||
AnchoredVariable m_variableServerAddr;
|
||||
AnchoredVariable m_variableServerName;
|
||||
AnchoredVariable m_variableServerPort;
|
||||
AnchoredVariable m_variableSessionID;
|
||||
AnchoredVariable m_variableUniqueID;
|
||||
AnchoredVariable m_variableUrlEncodedError;
|
||||
AnchoredVariable m_variableUserID;
|
||||
|
||||
int m_variableOffset;
|
||||
};
|
||||
|
||||
|
||||
@ -254,7 +372,7 @@ class Transaction : public TransactionAnchoredVariables {
|
||||
* Holds the combined size of all arguments, later used to fill the
|
||||
* variable ARGS_COMBINED_SIZE.
|
||||
*/
|
||||
double m_ARGScombinedSize;
|
||||
double m_ARGScombinedSizeDouble;
|
||||
|
||||
/**
|
||||
* Client tcp port.
|
||||
@ -418,13 +536,6 @@ class Transaction : public TransactionAnchoredVariables {
|
||||
std::string m_variableTimeYear;
|
||||
|
||||
private:
|
||||
std::string *m_ARGScombinedSizeStr;
|
||||
std::string *m_namesArgsGet;
|
||||
std::string *m_namesArgsPost;
|
||||
std::string *m_requestHeadersNames;
|
||||
std::string *m_responseContentType;
|
||||
std::string *m_responseHeadersNames;
|
||||
|
||||
/**
|
||||
* Pointer to the callback function that will be called to fill
|
||||
* the web server (connector) log.
|
||||
|
||||
@ -66,7 +66,6 @@ noinst_HEADERS = \
|
||||
|
||||
|
||||
VARIABLES = \
|
||||
variables/args_names.cc \
|
||||
variables/duration.cc \
|
||||
variables/env.cc \
|
||||
variables/highest_severity.cc \
|
||||
|
||||
@ -28,7 +28,8 @@ namespace ctl {
|
||||
bool RequestBodyProcessorJSON::evaluate(Rule *rule,
|
||||
Transaction *transaction) {
|
||||
transaction->m_requestBodyProcessor = Transaction::JSONRequestBody;
|
||||
transaction->m_collections.store("REQBODY_PROCESSOR", "JSON");
|
||||
transaction->m_variableReqbodyProcessor.set("JSON",
|
||||
transaction->m_variableOffset);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -28,7 +28,8 @@ namespace ctl {
|
||||
bool RequestBodyProcessorXML::evaluate(Rule *rule,
|
||||
Transaction *transaction) {
|
||||
transaction->m_requestBodyProcessor = Transaction::XMLRequestBody;
|
||||
transaction->m_collections.store("REQBODY_PROCESSOR", "XML");
|
||||
transaction->m_variableReqbodyProcessor.set("XML",
|
||||
transaction->m_variableOffset);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ bool SetSID::evaluate(Rule *rule, Transaction *t) {
|
||||
#endif
|
||||
|
||||
t->m_collections.m_session_collection_key = colNameExpanded;
|
||||
t->m_collections.storeOrUpdateFirst("SESSIONID", colNameExpanded);
|
||||
t->m_variableSessionID.set(colNameExpanded, t->m_variableOffset);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ bool SetUID::evaluate(Rule *rule, Transaction *t) {
|
||||
#endif
|
||||
|
||||
t->m_collections.m_user_collection_key = colNameExpanded;
|
||||
t->m_collections.storeOrUpdateFirst("USERID", colNameExpanded);
|
||||
t->m_variableUserID.set(colNameExpanded, t->m_variableOffset);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -31,6 +31,20 @@ namespace actions {
|
||||
bool SetVar::init(std::string *error) {
|
||||
size_t pos;
|
||||
|
||||
if (m_variableName.empty() == false) {
|
||||
pos = m_variableName.find(".");
|
||||
if (pos != std::string::npos) {
|
||||
m_collectionName = std::string(m_variableName, 0, pos);
|
||||
m_collectionName = utils::string::toupper(m_collectionName);
|
||||
m_variableName = std::string(m_variableName, pos + 1,
|
||||
m_variableName.size() - (pos + 1));
|
||||
} else {
|
||||
error->assign("Missing the collection and/or variable name");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// Resolv operation
|
||||
m_operation = setToOne;
|
||||
pos = m_parser_payload.find("=");
|
||||
|
||||
@ -26,6 +26,16 @@ class Rule;
|
||||
|
||||
namespace actions {
|
||||
|
||||
enum SetVarOperation {
|
||||
/* Set variable to something */
|
||||
setOperation,
|
||||
/* read variable, sum predicate and set */
|
||||
sumAndSetOperation,
|
||||
/* read variable, substract predicate and set */
|
||||
substractAndSetOperation,
|
||||
/* set variable to 1 */
|
||||
setToOne
|
||||
};
|
||||
|
||||
class SetVar : public Action {
|
||||
public:
|
||||
@ -35,20 +45,24 @@ class SetVar : public Action {
|
||||
m_variableName(""),
|
||||
m_predicate("") { }
|
||||
|
||||
SetVar(SetVarOperation operation,
|
||||
std::string variableName,
|
||||
std::string predicate) : Action("setvar"),
|
||||
m_operation(operation),
|
||||
m_predicate(predicate),
|
||||
m_collectionName(""),
|
||||
m_variableName(variableName) { }
|
||||
|
||||
SetVar(SetVarOperation operation,
|
||||
std::string variableName) : Action("setvar"),
|
||||
m_operation(operation),
|
||||
m_predicate(""),
|
||||
m_collectionName(""),
|
||||
m_variableName(variableName) { }
|
||||
|
||||
bool evaluate(Rule *rule, Transaction *transaction) override;
|
||||
bool init(std::string *error) override;
|
||||
|
||||
enum SetVarOperation {
|
||||
/* Set variable to something */
|
||||
setOperation,
|
||||
/* read variable, sum predicate and set */
|
||||
sumAndSetOperation,
|
||||
/* read variable, substract predicate and set */
|
||||
substractAndSetOperation,
|
||||
/* set variable to 1 */
|
||||
setToOne
|
||||
};
|
||||
|
||||
private:
|
||||
SetVarOperation m_operation;
|
||||
std::string m_collectionName;
|
||||
|
||||
@ -66,7 +66,11 @@ std::string MacroExpansion::expand(const std::string& input,
|
||||
std::string *variableValue = NULL;
|
||||
size_t collection = variable.find(".");
|
||||
if (collection == std::string::npos) {
|
||||
variableValue = transaction->m_collections.resolveFirst(variable);
|
||||
if (utils::string::toupper(variable) == "MATCHED_VAR") {
|
||||
variableValue = transaction->m_variableMatchedVar.evaluate();
|
||||
} else {
|
||||
variableValue = transaction->m_collections.resolveFirst(variable);
|
||||
}
|
||||
} else {
|
||||
std::string col = std::string(variable, 0, collection);
|
||||
std::string var = std::string(variable, collection + 1,
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -146,15 +146,67 @@ class Driver;
|
||||
#include "src/utils/system.h"
|
||||
#include "src/variables/args_names.h"
|
||||
#include "src/variables/xml.h"
|
||||
#include "src/variables/args_combined_size.h"
|
||||
#include "src/variables/args_get_names.h"
|
||||
#include "src/variables/args_names.h"
|
||||
#include "src/variables/args_post_names.h"
|
||||
#include "src/variables/auth_type.h"
|
||||
#include "src/variables/duration.h"
|
||||
#include "src/variables/env.h"
|
||||
#include "src/variables/files_combined_size.h"
|
||||
#include "src/variables/files_tmp_names.h"
|
||||
#include "src/variables/full_request.h"
|
||||
#include "src/variables/full_request_length.h"
|
||||
#include "src/variables/highest_severity.h"
|
||||
#include "src/variables/inbound_data_error.h"
|
||||
#include "src/variables/matched_var.h"
|
||||
#include "src/variables/matched_var_name.h"
|
||||
#include "src/variables/modsec_build.h"
|
||||
#include "src/variables/multipart_crlf_lf_line.h"
|
||||
#include "src/variables/multipart_data_after.h"
|
||||
#include "src/variables/multipart_file_limit_exceeded.h"
|
||||
#include "src/variables/multipart_header_folding.h"
|
||||
#include "src/variables/multipart_invalid_header_folding.h"
|
||||
#include "src/variables/multipart_invalid_quoting.h"
|
||||
#include "src/variables/multipart_strict_error.h"
|
||||
#include "src/variables/multipart_unmatched_boundary.h"
|
||||
#include "src/variables/outbound_data_error.h"
|
||||
#include "src/variables/path_info.h"
|
||||
#include "src/variables/query_string.h"
|
||||
#include "src/variables/remote_addr.h"
|
||||
#include "src/variables/remote_host.h"
|
||||
#include "src/variables/remote_port.h"
|
||||
#include "src/variables/remote_user.h"
|
||||
#include "src/variables/reqbody_error.h"
|
||||
#include "src/variables/reqbody_error_msg.h"
|
||||
#include "src/variables/reqbody_processor_error.h"
|
||||
#include "src/variables/reqbody_processor_error_msg.h"
|
||||
#include "src/variables/reqbody_processor.h"
|
||||
#include "src/variables/request_base_name.h"
|
||||
#include "src/variables/request_body.h"
|
||||
#include "src/variables/request_body_length.h"
|
||||
#include "src/variables/request_file_name.h"
|
||||
#include "src/variables/request_headers_names.h"
|
||||
#include "src/variables/request_line.h"
|
||||
#include "src/variables/request_method.h"
|
||||
#include "src/variables/request_protocol.h"
|
||||
#include "src/variables/request_uri.h"
|
||||
#include "src/variables/request_uri_raw.h"
|
||||
#include "src/variables/resources.h"
|
||||
#include "src/variables/response_body.h"
|
||||
#include "src/variables/response_content_length.h"
|
||||
#include "src/variables/response_content_type.h"
|
||||
#include "src/variables/response_headers_names.h"
|
||||
#include "src/variables/response_protocol.h"
|
||||
#include "src/variables/response_status.h"
|
||||
#include "src/variables/rule.h"
|
||||
#include "src/variables/time.h"
|
||||
#include "src/variables/server_addr.h"
|
||||
#include "src/variables/server_name.h"
|
||||
#include "src/variables/server_port.h"
|
||||
#include "src/variables/session_id.h"
|
||||
#include "src/variables/time_day.h"
|
||||
#include "src/variables/time_epoch.h"
|
||||
#include "src/variables/time.h"
|
||||
#include "src/variables/time_hour.h"
|
||||
#include "src/variables/time_min.h"
|
||||
#include "src/variables/time_mon.h"
|
||||
@ -162,6 +214,11 @@ class Driver;
|
||||
#include "src/variables/time_wday.h"
|
||||
#include "src/variables/time_year.h"
|
||||
#include "src/variables/tx.h"
|
||||
#include "src/variables/unique_id.h"
|
||||
#include "src/variables/url_encoded_error.h"
|
||||
#include "src/variables/user_id.h"
|
||||
#include "src/variables/variable.h"
|
||||
#include "src/variables/xml.h"
|
||||
#include "src/variables/variations/count.h"
|
||||
#include "src/variables/variations/exclusion.h"
|
||||
|
||||
@ -258,8 +315,66 @@ using modsecurity::operators::Operator;
|
||||
COMMA ","
|
||||
PIPE
|
||||
NEW_LINE
|
||||
VARIABLE_ARGS_NAMES "Variable ARGS_NAMES"
|
||||
;
|
||||
VARIABLE_ARGS_COMBINED_SIZE
|
||||
VARIABLE_ARGS_GET_NAMES
|
||||
VARIABLE_ARGS_NAMES "Variable ARGS_NAMES"
|
||||
VARIABLE_ARGS_POST_NAMES
|
||||
VARIABLE_AUTH_TYPE "AUTH_TYPE"
|
||||
VARIABLE_FILES_COMBINED_SIZE "FILES_COMBINED_SIZE"
|
||||
VARIABLE_FILES_TMP_NAMES "FILES_TMPNAMES"
|
||||
VARIABLE_FULL_REQUEST "FULL_REQUEST"
|
||||
VARIABLE_FULL_REQUEST_LENGTH "FULL_REQUEST_LENGTH"
|
||||
VARIABLE_INBOUND_DATA_ERROR "INBOUND_DATA_ERROR"
|
||||
VARIABLE_MATCHED_VAR "MATCHED_VAR"
|
||||
VARIABLE_MATCHED_VAR_NAME "MATCHED_VAR_NAME"
|
||||
VARIABLE_MULTIPART_CRLF_LF_LINES "MULTIPART_CRLF_LF_LINES"
|
||||
VARIABLE_MULTIPART_DATA_AFTER "MULTIPART_DATA_AFTER"
|
||||
VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED "MULTIPART_FILE_LIMIT_EXCEEDED"
|
||||
VARIABLE_MULTIPART_HEADER_FOLDING "MULTIPART_HEADER_FOLDING"
|
||||
VARIABLE_MULTIPART_INVALID_HEADER_FOLDING "MULTIPART_INVALID_HEADER_FOLDING"
|
||||
VARIABLE_MULTIPART_INVALID_QUOTING "MULTIPART_INVALID_QUOTING"
|
||||
VARIABLE_MULTIPART_STRICT_ERROR "MULTIPART_STRICT_ERROR"
|
||||
VARIABLE_MULTIPART_UNMATCHED_BOUNDARY "MULTIPART_UNMATCHED_BOUNDARY"
|
||||
VARIABLE_OUTBOUND_DATA_ERROR "OUTBOUND_DATA_ERROR"
|
||||
VARIABLE_PATH_INFO "PATH_INFO"
|
||||
VARIABLE_QUERY_STRING "QUERY_STRING"
|
||||
VARIABLE_REMOTE_ADDR "REMOTE_ADDR"
|
||||
VARIABLE_REMOTE_HOST "REMOTE_HOST"
|
||||
VARIABLE_REMOTE_PORT "REMOTE_PORT"
|
||||
VARIABLE_REQBODY_ERROR_MSG "REQBODY_ERROR_MSG"
|
||||
VARIABLE_REQBODY_ERROR "REQBODY_ERROR"
|
||||
VARIABLE_REQBODY_PROCESSOR_ERROR_MSG "REQBODY_PROCESSOR_ERROR_MSG"
|
||||
VARIABLE_REQBODY_PROCESSOR_ERROR "REQBODY_PROCESSOR_ERROR"
|
||||
VARIABLE_REQBODY_PROCESSOR "REQBODY_PROCESSOR"
|
||||
VARIABLE_REQUEST_BASENAME "REQUEST_BASENAME"
|
||||
VARIABLE_REQUEST_BODY_LENGTH "REQUEST_BODY_LENGTH"
|
||||
VARIABLE_REQUEST_BODY "REQUEST_BODY"
|
||||
VARIABLE_REQUEST_FILE_NAME "REQUEST_FILENAME"
|
||||
VARIABLE_REQUEST_HEADERS_NAMES
|
||||
VARIABLE_REQUEST_LINE "REQUEST_LINE"
|
||||
VARIABLE_REQUEST_METHOD "REQUEST_METHOD"
|
||||
VARIABLE_REQUEST_PROTOCOL "REQUEST_PROTOCOL"
|
||||
VARIABLE_REQUEST_URI_RAW "REQUEST_URI_RAW"
|
||||
VARIABLE_REQUEST_URI "REQUEST_URI"
|
||||
VARIABLE_RESOURCE "RESOURCE"
|
||||
VARIABLE_RESPONSE_BODY "RESPONSE_BODY"
|
||||
VARIABLE_RESPONSE_CONTENT_LENGTH "RESPONSE_CONTENT_LENGTH"
|
||||
VARIABLE_RESPONSE_CONTENT_TYPE
|
||||
VARIABLE_RESPONSE_HEADERS_NAMES
|
||||
VARIABLE_RESPONSE_PROTOCOL "RESPONSE_PROTOCOL"
|
||||
VARIABLE_RESPONSE_STATUS "RESPONSE_STATUS"
|
||||
VARIABLE_SERVER_ADDR "SERVER_ADDR"
|
||||
VARIABLE_SERVER_NAME "SERVER_NAME"
|
||||
VARIABLE_SERVER_PORT "SERVER_PORT"
|
||||
VARIABLE_SESSION_ID "SESSIONID"
|
||||
VARIABLE_UNIQUE_ID "UNIQUE_ID"
|
||||
VARIABLE_URL_ENCODED_ERROR "URLENCODED_ERROR"
|
||||
VARIABLE_USER_ID "USERID"
|
||||
ACTION_SETVAR "SetVar"
|
||||
SETVAR_OPERATION_EQUALS
|
||||
SETVAR_OPERATION_EQUALS_PLUS
|
||||
SETVAR_OPERATION_EQUALS_MINUS
|
||||
;
|
||||
|
||||
%token <std::string>
|
||||
ACTION_ACCURACY "Accuracy"
|
||||
@ -309,7 +424,6 @@ using modsecurity::operators::Operator;
|
||||
ACTION_SETRSC "SetSrc"
|
||||
ACTION_SETSID "SetSid"
|
||||
ACTION_SETUID "SetUID"
|
||||
ACTION_SETVAR "SetVar"
|
||||
ACTION_SEVERITY "Severity"
|
||||
ACTION_SKIP "Skip"
|
||||
ACTION_SKIP_AFTER "SkipAfter"
|
||||
@ -1142,22 +1256,275 @@ var:
|
||||
std::unique_ptr<Variable> c(new Variables::ArgsNames());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE
|
||||
| VARIABLE_ARGS_GET_NAMES
|
||||
{
|
||||
std::string name($1);
|
||||
char z = name.at(0);
|
||||
if (z == '&') {
|
||||
name.erase(0, 1);
|
||||
std::unique_ptr<Variable> c(new Count(new Variable(name, Variable::VariableKind::DirectVariable)));
|
||||
$$ = std::move(c);
|
||||
} else if (z == '!') {
|
||||
name.erase(0, 1);
|
||||
std::unique_ptr<Variable> c(new Exclusion(new Variable(name, Variable::VariableKind::DirectVariable)));
|
||||
$$ = std::move(c);
|
||||
} else {
|
||||
std::unique_ptr<Variable> c(new Variable(name, Variable::VariableKind::DirectVariable));
|
||||
$$ = std::move(c);
|
||||
}
|
||||
std::unique_ptr<Variable> c(new Variables::ArgsGetNames());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_ARGS_POST_NAMES
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ArgsPostNames());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_HEADERS_NAMES
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestHeadersNames());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESPONSE_CONTENT_TYPE
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ResponseContentType());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESPONSE_HEADERS_NAMES
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ResponseHeadersNames());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_ARGS_COMBINED_SIZE
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ArgsCombinedSize());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_AUTH_TYPE
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::AuthType());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_FILES_COMBINED_SIZE
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::FilesCombinedSize());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_FILES_TMP_NAMES
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::FilesTmpNames());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_FULL_REQUEST
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::FullRequest());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_FULL_REQUEST_LENGTH
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::FullRequestLength());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_INBOUND_DATA_ERROR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::InboundDataError());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MATCHED_VAR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MatchedVar());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MATCHED_VAR_NAME
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MatchedVarName());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_CRLF_LF_LINES
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartCrlfLFLines());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_DATA_AFTER
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartDateAfter());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartFileLimitExceeded());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_HEADER_FOLDING
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartHeaderFolding());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_INVALID_HEADER_FOLDING
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartInvalidHeaderFolding());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_INVALID_QUOTING
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartInvalidQuoting());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_STRICT_ERROR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartStrictError());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_MULTIPART_UNMATCHED_BOUNDARY
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::MultipartUnmatchedBoundary());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_OUTBOUND_DATA_ERROR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::OutboundDataError());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_PATH_INFO
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::PathInfo());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_QUERY_STRING
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::QueryString());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REMOTE_ADDR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RemoteAddr());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REMOTE_HOST
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RemoteHost());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REMOTE_PORT
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RemotePort());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQBODY_ERROR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ReqbodyError());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQBODY_ERROR_MSG
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ReqbodyErrorMsg());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQBODY_PROCESSOR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ReqbodyProcessor());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQBODY_PROCESSOR_ERROR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ReqbodyProcessorError());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQBODY_PROCESSOR_ERROR_MSG
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ReqbodyProcessorErrorMsg());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_BASENAME
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestBasename());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_BODY
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestBody());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_BODY_LENGTH
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestBodyLength());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_FILE_NAME
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestFilename());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_LINE
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestLine());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_METHOD
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestMethod());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_PROTOCOL
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestProtocol());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_URI
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestURI());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_REQUEST_URI_RAW
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::RequestURIRaw());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESOURCE
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::Resource());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESPONSE_BODY
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ResponseBody());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESPONSE_CONTENT_LENGTH
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ResponseContentLength());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESPONSE_PROTOCOL
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ResponseProtocol());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_RESPONSE_STATUS
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ResponseStatus());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_SERVER_ADDR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ServerAddr());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_SERVER_NAME
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ServerName());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_SERVER_PORT
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::ServerPort());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_SESSION_ID
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::SessionID());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_UNIQUE_ID
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::UniqueID());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_URL_ENCODED_ERROR
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::UrlEncodedError());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_USER_ID
|
||||
{
|
||||
std::unique_ptr<Variable> c(new Variables::UserID());
|
||||
$$ = std::move(c);
|
||||
}
|
||||
| VARIABLE_STATUS
|
||||
{
|
||||
@ -1450,20 +1817,9 @@ var:
|
||||
}
|
||||
| RUN_TIME_VAR_XML
|
||||
{
|
||||
std::string name($1);
|
||||
char z = name.at(0);
|
||||
if (z == '&') {
|
||||
name.erase(0, 1);
|
||||
std::unique_ptr<Variable> c(new Count(new XML(name)));
|
||||
$$ = std::move(c);
|
||||
} else if (z == '!') {
|
||||
name.erase(0, 1);
|
||||
std::unique_ptr<Variable> c(new Exclusion(new XML(name)));
|
||||
$$ = std::move(c);
|
||||
} else {
|
||||
std::string name($1);
|
||||
std::unique_ptr<Variable> c(new XML(name));
|
||||
$$ = std::move(c);
|
||||
}
|
||||
}
|
||||
| RUN_TIME_VAR_RULE
|
||||
{
|
||||
@ -1707,9 +2063,21 @@ act:
|
||||
{
|
||||
ACTION_CONTAINER($$, new actions::SetUID($1));
|
||||
}
|
||||
| ACTION_SETVAR
|
||||
| ACTION_SETVAR VARIABLE
|
||||
{
|
||||
ACTION_CONTAINER($$, new actions::SetVar($1));
|
||||
ACTION_CONTAINER($$, new actions::SetVar(actions::SetVarOperation::setToOne, $2));
|
||||
}
|
||||
| ACTION_SETVAR VARIABLE SETVAR_OPERATION_EQUALS FREE_TEXT
|
||||
{
|
||||
ACTION_CONTAINER($$, new actions::SetVar(actions::SetVarOperation::setOperation, $2, $4));
|
||||
}
|
||||
| ACTION_SETVAR VARIABLE SETVAR_OPERATION_EQUALS_PLUS FREE_TEXT
|
||||
{
|
||||
ACTION_CONTAINER($$, new actions::SetVar(actions::SetVarOperation::sumAndSetOperation, $2, $4));
|
||||
}
|
||||
| ACTION_SETVAR VARIABLE SETVAR_OPERATION_EQUALS_MINUS FREE_TEXT
|
||||
{
|
||||
ACTION_CONTAINER($$, new actions::SetVar(actions::SetVarOperation::substractAndSetOperation, $2, $4));
|
||||
}
|
||||
| ACTION_SEVERITY
|
||||
{
|
||||
|
||||
@ -172,6 +172,8 @@ CONGIG_DIR_SEC_DATA_DIR (?i:SecDataDir)
|
||||
CONGIG_DIR_SEC_STATUS_ENGINE (?i:SecStatusEngine)
|
||||
CONGIG_DIR_SEC_TMP_DIR (?i:SecTmpDir)
|
||||
DICT_ELEMENT [^ \t|]+
|
||||
DICT_ELEMENT_TWO [^\"\=]+
|
||||
DICT_ELEMENT_TWO2 [A-Za-z_ -\%\{\.\}\-\/]+
|
||||
DIRECTIVE (?i:SecRule)
|
||||
DIRECTIVE_SECRULESCRIPT (?i:SecRuleScript)
|
||||
FREE_TEXT_NEW_LINE [^\"|\n]+
|
||||
@ -180,6 +182,7 @@ FREE_TEXT_QUOTE_COMMA [^,\']+
|
||||
FREE_TEXT_SPACE [^ \t]+
|
||||
FREE_TEXT_SPACE_COMMA [^, \t]+
|
||||
FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"\n\r]+
|
||||
FREE_TEXT_COMMA_QUOTE [^,\"\\n\\r]+
|
||||
NEW_LINE_FREE_TEXT [^, \t\"\n\r]+
|
||||
|
||||
OPERATOR_UNCONDITIONAL_MATCH (?i:@unconditionalMatch)
|
||||
@ -243,19 +246,87 @@ RUN_TIME_VAR_TIME_SEC (?i:TIME_SEC)
|
||||
RUN_TIME_VAR_TIME_WDAY (?i:TIME_WDAY)
|
||||
RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR)
|
||||
RUN_TIME_VAR_XML (?i:XML)
|
||||
VARIABLENOCOLON (?i:URLENCODED_ERROR|REQBODY_PROCESSOR_ERROR_MSG|REQBODY_PROCESSOR_ERROR|REQBODY_PROCESSOR|REQBODY_ERROR_MSG|REQBODY_ERROR|MULTIPART_FILE_LIMIT_EXCEEDED|MULTIPART_INVALID_QUOTING|MULTIPART_HEADER_FOLDING|MULTIPART_INVALID_HEADER_FOLDING|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE)
|
||||
VARIABLE (?i:(SERVER_NAME|MULTIPART_DATA_AFTER|RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_TMPNAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|USERID|SESSIONID))
|
||||
VARIABLE_ARGS_NAMES (?i:ARGS_NAMES)
|
||||
VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|REQUEST_COOKIES_NAMES))
|
||||
|
||||
|
||||
VARIABLE_ARGS_COMBINED_SIZE (?i:ARGS_COMBINED_SIZE)
|
||||
VARIABLE_ARGS_GET_NAMES (?i:ARGS_GET_NAMES)
|
||||
VARIABLE_ARGS_NAMES (?i:ARGS_NAMES)
|
||||
VARIABLE_ARGS_POST_NAMES (?i:ARGS_POST_NAMES)
|
||||
VARIABLE_AUTH_TYPE (?i:AUTH_TYPE)
|
||||
VARIABLE_FILES_COMBINED_SIZE (?i:FILES_COMBINED_SIZE)
|
||||
VARIABLE_FILES_TMP_NAMES (?i:FILES_TMPNAMES)
|
||||
VARIABLE_FULL_REQUEST (?i:FULL_REQUEST)
|
||||
VARIABLE_FULL_REQUEST_LENGTH (?i:FULL_REQUEST_LENGTH)
|
||||
VARIABLE_INBOUND_DATA_ERROR (?i:INBOUND_DATA_ERROR)
|
||||
VARIABLE_MATCHED_VAR (?i:MATCHED_VAR)
|
||||
VARIABLE_MATCHED_VAR_NAME (?i:MATCHED_VAR_NAME)
|
||||
VARIABLE_MULTIPART_CRLF_LF_LINES (?i:MULTIPART_CRLF_LF_LINES)
|
||||
VARIABLE_MULTIPART_DATA_AFTER (?i:MULTIPART_DATA_AFTER)
|
||||
VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED (?i:MULTIPART_FILE_LIMIT_EXCEEDED)
|
||||
VARIABLE_MULTIPART_HEADER_FOLDING (?i:MULTIPART_HEADER_FOLDING)
|
||||
VARIABLE_MULTIPART_INVALID_HEADER_FOLDING (?i:MULTIPART_INVALID_HEADER_FOLDING)
|
||||
VARIABLE_MULTIPART_INVALID_QUOTING (?i:MULTIPART_INVALID_QUOTING)
|
||||
VARIABLE_MULTIPART_STRICT_ERROR (?i:MULTIPART_STRICT_ERROR)
|
||||
VARIABLE_MULTIPART_UNMATCHED_BOUNDARY (?i:MULTIPART_UNMATCHED_BOUNDARY)
|
||||
VARIABLE_OUTBOUND_DATA_ERROR (?i:OUTBOUND_DATA_ERROR)
|
||||
VARIABLE_PATH_INFO (?i:PATH_INFO)
|
||||
VARIABLE_QUERY_STRING (?i:QUERY_STRING)
|
||||
VARIABLE_REMOTE_ADDR (?i:REMOTE_ADDR)
|
||||
VARIABLE_REMOTE_HOST (?i:REMOTE_HOST)
|
||||
VARIABLE_REMOTE_PORT (?i:REMOTE_PORT)
|
||||
VARIABLE_REQBODY_ERROR (?i:REQBODY_ERROR)
|
||||
VARIABLE_REQBODY_ERROR_MSG (?i:REQBODY_ERROR_MSG)
|
||||
VARIABLE_REQBODY_PROCESSOR_ERROR (?i:REQBODY_PROCESSOR_ERROR)
|
||||
VARIABLE_REQBODY_PROCESSOR_ERROR_MSG (?i:REQBODY_PROCESSOR_ERROR_MSG)
|
||||
VARIABLE_REQBODY_PROCESSOR (?i:REQBODY_PROCESSOR)
|
||||
VARIABLE_REQUEST_BASENAME (?i:REQUEST_BASENAME)
|
||||
VARIABLE_REQUEST_BODY (?i:REQUEST_BODY)
|
||||
VARIABLE_REQUEST_BODY_LENGTH (?i:REQUEST_BODY_LENGTH)
|
||||
VARIABLE_REQUEST_FILE_NAME (?i:REQUEST_FILENAME)
|
||||
VARIABLE_REQUEST_HEADERS_NAMES (?i:REQUEST_HEADERS_NAMES)
|
||||
VARIABLE_REQUEST_LINE (?i:REQUEST_LINE)
|
||||
VARIABLE_REQUEST_METHOD (?i:REQUEST_METHOD)
|
||||
VARIABLE_REQUEST_PROTOCOL (?i:REQUEST_PROTOCOL)
|
||||
VARIABLE_REQUEST_URI (?i:REQUEST_URI)
|
||||
VARIABLE_REQUEST_URI_RAW (?i:REQUEST_URI_RAW)
|
||||
VARIABLE_RESOURCE (?i:RESOURCE)
|
||||
VARIABLE_RESPONSE_BODY (?i:RESPONSE_BODY)
|
||||
VARIABLE_RESPONSE_CONTENT_LENGTH (?i:RESPONSE_CONTENT_LENGTH)
|
||||
VARIABLE_RESPONSE_CONTENT_TYPE (?i:RESPONSE_CONTENT_TYPE)
|
||||
VARIABLE_RESPONSE_HEADERS_NAMES (?i:RESPONSE_HEADERS_NAMES)
|
||||
VARIABLE_RESPONSE_PROTOCOL (?i:RESPONSE_PROTOCOL)
|
||||
VARIABLE_RESPONSE_STATUS (?i:RESPONSE_STATUS)
|
||||
VARIABLE_SERVER_ADDR (?i:SERVER_ADDR)
|
||||
VARIABLE_SERVER_NAME (?i:SERVER_NAME)
|
||||
VARIABLE_SERVER_PORT (?i:SERVER_PORT)
|
||||
VARIABLE_SESSION_ID (?i:SESSIONID)
|
||||
VARIABLE_UNIQUE_ID (?i:UNIQUE_ID)
|
||||
VARIABLE_URL_ENCODED_ERROR (?i:URLENCODED_ERROR)
|
||||
VARIABLE_USER_ID (?i:USERID)
|
||||
VARIABLE_WEBSERVER_ERROR_LOG (?:WEBSERVER_ERROR_LOG)
|
||||
|
||||
|
||||
|
||||
|
||||
VARIABLE_COL (?i:(GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|REQUEST_COOKIES_NAMES))
|
||||
VARIABLE_SESSION (?i:(SESSION))
|
||||
VARIABLE_IP (?i:(IP))
|
||||
VARIABLE_USER (?i:(USER))
|
||||
|
||||
VARIABLE_STATUS (?i:(STATUS[^:]))
|
||||
VARIABLE_TX (?i:TX)
|
||||
VARIABLE_WEBSERVER_ERROR_LOG (?:WEBSERVER_ERROR_LOG)
|
||||
VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
|
||||
VAR_FREE_TEXT_SPACE [^ \t\"]+
|
||||
VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+
|
||||
|
||||
NEW_LINE [\n\r]+
|
||||
|
||||
EQUALS (?i:=)
|
||||
EQUALS_PLUS (?i:=\+)
|
||||
EQUALS_MINUS (?i:=\-)
|
||||
|
||||
|
||||
|
||||
%x TRANSACTION_TO_VARIABLE
|
||||
%x EXPECTING_VARIABLE
|
||||
%x TRANSACTION_FROM_VARIABLE_TO_OPERATOR
|
||||
@ -269,6 +340,9 @@ NEW_LINE [\n\r]+
|
||||
%x FINISH_ACTIONS
|
||||
%x LEXING_ERROR
|
||||
%x LEXING_ERROR_ACTION
|
||||
%x SETVAR_ACTION_WAITING_VARIABLE
|
||||
%x SETVAR_ACTION_WAITING_OPERATION
|
||||
%x SETVAR_ACTION_WAITING_CONTENT
|
||||
|
||||
%{
|
||||
// Code run each time a pattern is matched.
|
||||
@ -343,10 +417,10 @@ NEW_LINE [\n\r]+
|
||||
{ACTION_SETSID}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_SETSID(yytext, *driver.loc.back()); }
|
||||
{ACTION_SETUID}:'{VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_SETUID(yytext, *driver.loc.back()); }
|
||||
{ACTION_SETUID}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_SETUID(yytext, *driver.loc.back()); }
|
||||
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_SETVAR(yytext, *driver.loc.back()); }
|
||||
{ACTION_SETVAR}:'{VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_SETVAR(yytext, *driver.loc.back()); }
|
||||
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_SETVAR(yytext, *driver.loc.back()); }
|
||||
{ACTION_SETVAR}:{VAR_FREE_TEXT_SPACE}={VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_SETVAR(yytext, *driver.loc.back()); }
|
||||
|
||||
{ACTION_SETVAR}: { BEGIN(SETVAR_ACTION_WAITING_VARIABLE); return p::make_ACTION_SETVAR(*driver.loc.back()); }
|
||||
|
||||
|
||||
{ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}' { return p::make_ACTION_SEVERITY(yytext, *driver.loc.back()); }
|
||||
{ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE} { return p::make_ACTION_SEVERITY(yytext, *driver.loc.back()); }
|
||||
{ACTION_SKIP_AFTER}:{FREE_TEXT_SPACE_COMMA_QUOTE} { return p::make_ACTION_SKIP_AFTER(yytext, *driver.loc.back()); }
|
||||
@ -402,6 +476,51 @@ NEW_LINE [\n\r]+
|
||||
. { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
|
||||
}
|
||||
|
||||
<SETVAR_ACTION_WAITING_VARIABLE>{
|
||||
\'* { }
|
||||
\"* { }
|
||||
{VARIABLE_TX}(\:[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_TX}(\:{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_TX}(\.[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_TX}(\.{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_SESSION}(\:[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_SESSION}(\:{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_SESSION}(\.[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_SESSION}(\.{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_IP}(\:[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_IP}(\:{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_IP}(\.[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_IP}(\.{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_USER}(\:[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_USER}(\:{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_USER}(\.[\']{DICT_ELEMENT_TWO}[\'])? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
{VARIABLE_USER}(\.{DICT_ELEMENT_TWO})? { BEGIN(SETVAR_ACTION_WAITING_OPERATION); return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
. { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
|
||||
[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
|
||||
[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); }
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
<SETVAR_ACTION_WAITING_OPERATION>{
|
||||
[ \t]*\n { BEGIN(INITIAL); yyless(1); }
|
||||
[ \t]*\r\n { BEGIN(INITIAL); driver.loc.back()->lines(1); driver.loc.back()->step(); }
|
||||
[ \t]*\n { BEGIN(EXPECTING_ACTIONS); yyless(yyleng); driver.loc.back()->lines(1); driver.loc.back()->step(); }
|
||||
[ \t]*\r\n { BEGIN(EXPECTING_ACTIONS); yyless(yyleng); driver.loc.back()->lines(1); driver.loc.back()->step(); }
|
||||
[ \t]*\"[ \t]* { }
|
||||
[ \t]*\'[ \t]* { }
|
||||
\"[ \t]*\n { BEGIN(EXPECTING_ACTIONS); yyless(1); }
|
||||
\"[ \t]*\r\n { BEGIN(EXPECTING_ACTIONS); driver.loc.back()->lines(1); driver.loc.back()->step(); }
|
||||
{EQUALS_PLUS} { BEGIN(SETVAR_ACTION_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_PLUS(*driver.loc.back()); }
|
||||
{EQUALS_MINUS} { BEGIN(SETVAR_ACTION_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS_MINUS(*driver.loc.back()); }
|
||||
{EQUALS} { BEGIN(SETVAR_ACTION_WAITING_CONTENT); return p::make_SETVAR_OPERATION_EQUALS(*driver.loc.back()); }
|
||||
. { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
|
||||
}
|
||||
|
||||
<SETVAR_ACTION_WAITING_CONTENT>{
|
||||
[^,"\n]+ { BEGIN(EXPECTING_ACTIONS); return p::make_FREE_TEXT(yytext, *driver.loc.back()); }
|
||||
}
|
||||
|
||||
<FINISH_ACTIONS>{
|
||||
<<EOF>> { BEGIN(INITIAL); yyless(0); p::make_NEW_LINE(*driver.loc.back()); }
|
||||
@ -488,7 +607,6 @@ NEW_LINE [\n\r]+
|
||||
|
||||
|
||||
<EXPECTING_VARIABLE>{
|
||||
{VARIABLE_ARGS_NAMES} { return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
|
||||
|
||||
[!&]?{RUN_TIME_VAR_BLD} { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
|
||||
[!&]?{RUN_TIME_VAR_DUR} { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
|
||||
@ -508,15 +626,18 @@ NEW_LINE [\n\r]+
|
||||
[!&]?{RUN_TIME_VAR_TIME} { return p::make_RUN_TIME_VAR_TIME(yytext, *driver.loc.back()); }
|
||||
[!&]?{RUN_TIME_VAR_XML}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
|
||||
[!&]?{RUN_TIME_VAR_XML}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLENOCOLON} { return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_COL}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_COL}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_SESSION}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_SESSION}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_IP}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_IP}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_USER}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_USER}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_STATUS} { return p::make_VARIABLE_STATUS(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_TX}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_TX}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE_WEBSERVER_ERROR_LOG} { driver.error (*driver.loc.back(), "Variable VARIABLE_WEBSERVER_ERROR_LOG is not supported by libModSecurity", ""); throw p::syntax_error(*driver.loc.back(), "");}
|
||||
[!&]?{VARIABLE}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
[!&]?{VARIABLE}(\:{DICT_ELEMENT})? { return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
["][!&]?{RUN_TIME_VAR_BLD}["] { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
|
||||
["][!&]?{RUN_TIME_VAR_DUR}["] { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
|
||||
["][!&]?{RUN_TIME_VAR_ENV}(\:\'{FREE_TEXT_QUOTE}[\'])?["] { return p::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
|
||||
@ -526,14 +647,75 @@ NEW_LINE [\n\r]+
|
||||
["][!&]?{RUN_TIME_VAR_RULE}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_RULE(yytext, *driver.loc.back()); }
|
||||
["][!&]?{RUN_TIME_VAR_XML}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
|
||||
["][!&]?{RUN_TIME_VAR_XML}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLENOCOLON}["] { return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_COL}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_COL}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_SESSION}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_SESSION}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_IP}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_IP}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_USER}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_USER}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_TX}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE_TX}(\:{DICT_ELEMENT})?["] { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
["][!&]?{VARIABLE}(\:{DICT_ELEMENT})?["] { return p::make_VARIABLE(yytext, *driver.loc.back()); }
|
||||
[&]?{RUN_TIME_VAR_TIME_WDAY} { return p::make_RUN_TIME_VAR_TIME_WDAY(yytext, *driver.loc.back()); }
|
||||
|
||||
{VARIABLE_ARGS_COMBINED_SIZE} { return p::make_VARIABLE_ARGS_COMBINED_SIZE(*driver.loc.back()); }
|
||||
{VARIABLE_ARGS_GET_NAMES} { return p::make_VARIABLE_ARGS_GET_NAMES(*driver.loc.back()); }
|
||||
{VARIABLE_ARGS_NAMES} { return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
|
||||
{VARIABLE_ARGS_POST_NAMES} { return p::make_VARIABLE_ARGS_POST_NAMES(*driver.loc.back()); }
|
||||
{VARIABLE_AUTH_TYPE} { return p::make_VARIABLE_AUTH_TYPE(*driver.loc.back()); }
|
||||
{VARIABLE_FILES_COMBINED_SIZE} { return p::make_VARIABLE_FILES_COMBINED_SIZE(*driver.loc.back()); }
|
||||
{VARIABLE_FILES_TMP_NAMES} { return p::make_VARIABLE_FILES_TMP_NAMES(*driver.loc.back()); }
|
||||
{VARIABLE_FULL_REQUEST_LENGTH} { return p::make_VARIABLE_FULL_REQUEST_LENGTH(*driver.loc.back()); }
|
||||
{VARIABLE_FULL_REQUEST} { return p::make_VARIABLE_FULL_REQUEST(*driver.loc.back()); }
|
||||
{VARIABLE_INBOUND_DATA_ERROR} { return p::make_VARIABLE_INBOUND_DATA_ERROR(*driver.loc.back()); }
|
||||
{VARIABLE_MATCHED_VAR_NAME} { return p::make_VARIABLE_MATCHED_VAR_NAME(*driver.loc.back()); }
|
||||
{VARIABLE_MATCHED_VAR} { return p::make_VARIABLE_MATCHED_VAR(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_CRLF_LF_LINES} { return p::make_VARIABLE_MULTIPART_CRLF_LF_LINES(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_DATA_AFTER} { return p::make_VARIABLE_MULTIPART_DATA_AFTER(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED} { return p::make_VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_INVALID_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_INVALID_HEADER_FOLDING(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_INVALID_QUOTING} { return p::make_VARIABLE_MULTIPART_INVALID_QUOTING(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_STRICT_ERROR} { return p::make_VARIABLE_MULTIPART_STRICT_ERROR(*driver.loc.back()); }
|
||||
{VARIABLE_MULTIPART_UNMATCHED_BOUNDARY} { return p::make_VARIABLE_MULTIPART_UNMATCHED_BOUNDARY(*driver.loc.back()); }
|
||||
{VARIABLE_OUTBOUND_DATA_ERROR} { return p::make_VARIABLE_OUTBOUND_DATA_ERROR(*driver.loc.back()); }
|
||||
{VARIABLE_PATH_INFO} { return p::make_VARIABLE_PATH_INFO(*driver.loc.back()); }
|
||||
{VARIABLE_QUERY_STRING} { return p::make_VARIABLE_QUERY_STRING(*driver.loc.back()); }
|
||||
{VARIABLE_REMOTE_ADDR} { return p::make_VARIABLE_REMOTE_ADDR(*driver.loc.back()); }
|
||||
{VARIABLE_REMOTE_HOST} { return p::make_VARIABLE_REMOTE_HOST(*driver.loc.back()); }
|
||||
{VARIABLE_REMOTE_PORT} { return p::make_VARIABLE_REMOTE_PORT(*driver.loc.back()); }
|
||||
{VARIABLE_REQBODY_ERROR_MSG} { return p::make_VARIABLE_REQBODY_ERROR_MSG(*driver.loc.back()); }
|
||||
{VARIABLE_REQBODY_ERROR} { return p::make_VARIABLE_REQBODY_ERROR(*driver.loc.back()); }
|
||||
{VARIABLE_REQBODY_PROCESSOR_ERROR_MSG} { return p::make_VARIABLE_REQBODY_PROCESSOR_ERROR_MSG(*driver.loc.back()); }
|
||||
{VARIABLE_REQBODY_PROCESSOR_ERROR} { return p::make_VARIABLE_REQBODY_PROCESSOR_ERROR(*driver.loc.back()); }
|
||||
{VARIABLE_REQBODY_PROCESSOR} { return p::make_VARIABLE_REQBODY_PROCESSOR(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_BASENAME} { return p::make_VARIABLE_REQUEST_BASENAME(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_BODY_LENGTH} { return p::make_VARIABLE_REQUEST_BODY_LENGTH(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_BODY} { return p::make_VARIABLE_REQUEST_BODY(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_FILE_NAME} { return p::make_VARIABLE_REQUEST_FILE_NAME(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_HEADERS_NAMES} { return p::make_VARIABLE_REQUEST_HEADERS_NAMES(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_LINE} { return p::make_VARIABLE_REQUEST_LINE(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_METHOD} { return p::make_VARIABLE_REQUEST_METHOD(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_PROTOCOL} { return p::make_VARIABLE_REQUEST_PROTOCOL(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_URI_RAW} { return p::make_VARIABLE_REQUEST_URI_RAW(*driver.loc.back()); }
|
||||
{VARIABLE_REQUEST_URI} { return p::make_VARIABLE_REQUEST_URI(*driver.loc.back()); }
|
||||
{VARIABLE_RESOURCE} { return p::make_VARIABLE_RESOURCE(*driver.loc.back()); }
|
||||
{VARIABLE_RESPONSE_BODY} { return p::make_VARIABLE_RESPONSE_BODY(*driver.loc.back()); }
|
||||
{VARIABLE_RESPONSE_CONTENT_LENGTH} { return p::make_VARIABLE_RESPONSE_CONTENT_LENGTH(*driver.loc.back()); }
|
||||
{VARIABLE_RESPONSE_CONTENT_TYPE} { return p::make_VARIABLE_RESPONSE_CONTENT_TYPE(*driver.loc.back()); }
|
||||
{VARIABLE_RESPONSE_HEADERS_NAMES} { return p::make_VARIABLE_RESPONSE_HEADERS_NAMES(*driver.loc.back()); }
|
||||
{VARIABLE_RESPONSE_PROTOCOL} { return p::make_VARIABLE_RESPONSE_PROTOCOL(*driver.loc.back()); }
|
||||
{VARIABLE_RESPONSE_STATUS} { return p::make_VARIABLE_RESPONSE_STATUS(*driver.loc.back()); }
|
||||
{VARIABLE_SERVER_ADDR} { return p::make_VARIABLE_SERVER_ADDR(*driver.loc.back()); }
|
||||
{VARIABLE_SERVER_NAME} { return p::make_VARIABLE_SERVER_NAME(*driver.loc.back()); }
|
||||
{VARIABLE_SERVER_PORT} { return p::make_VARIABLE_SERVER_PORT(*driver.loc.back()); }
|
||||
{VARIABLE_SESSION_ID} { return p::make_VARIABLE_SESSION_ID(*driver.loc.back()); }
|
||||
{VARIABLE_UNIQUE_ID} { return p::make_VARIABLE_UNIQUE_ID(*driver.loc.back()); }
|
||||
{VARIABLE_URL_ENCODED_ERROR} { return p::make_VARIABLE_URL_ENCODED_ERROR(*driver.loc.back()); }
|
||||
{VARIABLE_USER_ID} { return p::make_VARIABLE_USER_ID(*driver.loc.back()); }
|
||||
|
||||
|
||||
}
|
||||
|
||||
<EXPECTING_VARIABLE,TRANSACTION_FROM_VARIABLE_TO_OPERATOR>{
|
||||
|
||||
@ -859,8 +859,9 @@ int Multipart::process_boundary(int last_part) {
|
||||
* is clear that there is no more data to be processed.
|
||||
*/
|
||||
int Multipart::multipart_complete(std::string *error) {
|
||||
m_transaction->m_collections.store("MULTIPART_UNMATCHED_BOUNDARY",
|
||||
std::to_string(m_flag_unmatched_boundary));
|
||||
m_transaction->m_variableMultipartUnmatchedBoundary.set(
|
||||
std::to_string(m_flag_unmatched_boundary),
|
||||
m_transaction->m_variableOffset);
|
||||
|
||||
m_transaction->m_collections.store("MULTIPART_DATA_BEFORE",
|
||||
std::to_string(m_flag_data_before));
|
||||
@ -868,8 +869,9 @@ int Multipart::multipart_complete(std::string *error) {
|
||||
debug(4, "Multipart: Warning: seen data before first boundary.");
|
||||
}
|
||||
|
||||
m_transaction->m_collections.store("MULTIPART_DATA_AFTER",
|
||||
std::to_string(m_flag_data_after));
|
||||
m_transaction->m_variableMultipartDataAfter.set(
|
||||
std::to_string(m_flag_data_after),
|
||||
m_transaction->m_variableOffset);
|
||||
if (m_flag_data_after) {
|
||||
debug(4, "Multipart: Warning: seen data after last boundary.");
|
||||
}
|
||||
@ -886,8 +888,9 @@ int Multipart::multipart_complete(std::string *error) {
|
||||
debug(4, "Multipart: Warning: boundary whitespace in C-T header.");
|
||||
}
|
||||
|
||||
m_transaction->m_collections.store("MULTIPART_HEADER_FOLDING",
|
||||
std::to_string(m_flag_header_folding));
|
||||
m_transaction->m_variableMultipartHeaderFolding.set(
|
||||
std::to_string(m_flag_header_folding),
|
||||
m_transaction->m_variableOffset);
|
||||
if (m_flag_header_folding) {
|
||||
debug(4, "Multipart: Warning: header folding used.");
|
||||
}
|
||||
@ -896,8 +899,9 @@ int Multipart::multipart_complete(std::string *error) {
|
||||
std::to_string(m_flag_crlf_line));
|
||||
m_transaction->m_collections.store("MULTIPART_LF_LINE",
|
||||
std::to_string(m_flag_lf_line));
|
||||
m_transaction->m_collections.store("MULTIPART_CRLF_LF_LINES",
|
||||
std::to_string(m_flag_crlf_line && m_flag_lf_line));
|
||||
m_transaction->m_variableMultipartCrlfLFLines.set(
|
||||
std::to_string(m_flag_crlf_line && m_flag_lf_line),
|
||||
m_transaction->m_variableOffset);
|
||||
if (m_flag_crlf_line && m_flag_lf_line) {
|
||||
debug(4, "Multipart: Warning: mixed line endings used (CRLF/LF).");
|
||||
} else if (m_flag_lf_line) {
|
||||
@ -910,8 +914,9 @@ int Multipart::multipart_complete(std::string *error) {
|
||||
debug(4, "Multipart: Warning: missing semicolon in C-T header.");
|
||||
}
|
||||
|
||||
m_transaction->m_collections.store("MULTIPART_INVALID_QUOTING",
|
||||
std::to_string(m_flag_invalid_quoting));
|
||||
m_transaction->m_variableMultipartInvalidQuoting.set(
|
||||
std::to_string(m_flag_invalid_quoting),
|
||||
m_transaction->m_variableOffset);
|
||||
if (m_flag_invalid_quoting) {
|
||||
debug(4, "Multipart: Warning: invalid quoting used.");
|
||||
}
|
||||
@ -922,20 +927,21 @@ int Multipart::multipart_complete(std::string *error) {
|
||||
debug(4, "Multipart: Warning: invalid part parsing.");
|
||||
}
|
||||
|
||||
m_transaction->m_collections.store("MULTIPART_INVALID_HEADER_FOLDING",
|
||||
std::to_string(m_flag_invalid_header_folding));
|
||||
m_transaction->m_variableMultipartInvalidHeaderFolding.set(
|
||||
std::to_string(m_flag_invalid_header_folding),
|
||||
m_transaction->m_variableOffset);
|
||||
if (m_flag_invalid_header_folding) {
|
||||
debug(4, "Multipart: Warning: invalid header folding used.");
|
||||
}
|
||||
|
||||
m_transaction->m_collections.store("MULTIPART_STRICT_ERROR",
|
||||
m_transaction->m_variableMultipartStrictError.set(
|
||||
std::to_string(m_flag_error || m_flag_boundary_quoted != 0
|
||||
|| m_flag_boundary_whitespace != 0 || m_flag_data_before != 0
|
||||
|| m_flag_data_after != 0 || m_flag_header_folding != 0
|
||||
|| m_flag_lf_line != 0 || m_flag_missing_semicolon != 0
|
||||
|| m_flag_invalid_quoting != 0 || m_flag_invalid_part != 0
|
||||
|| m_flag_invalid_header_folding != 0
|
||||
|| m_flag_file_limit_exceeded != 0));
|
||||
|| m_flag_file_limit_exceeded != 0), m_transaction->m_variableOffset);
|
||||
|
||||
|
||||
if ((m_seen_data != 0) && (m_is_complete == 0)) {
|
||||
@ -1031,8 +1037,9 @@ int Multipart::multipart_complete(std::string *error) {
|
||||
std::to_string(m_transaction->->m_ARGScombinedSize));
|
||||
#endif
|
||||
}
|
||||
m_transaction->m_collections.store("FILES_COMBINED_SIZE",
|
||||
std::to_string(file_combined_size));
|
||||
m_transaction->m_variableFilesCombinedSize.set(
|
||||
std::to_string(file_combined_size),
|
||||
m_transaction->m_variableOffset);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -173,8 +173,8 @@ bool Rule::evaluateActions(Transaction *trasn) {
|
||||
void Rule::updateMatchedVars(Transaction *trasn, std::string key,
|
||||
std::string value) {
|
||||
trasn->debug(4, "Matched vars updated.");
|
||||
trasn->m_collections.storeOrUpdateFirst("MATCHED_VAR", value);
|
||||
trasn->m_collections.storeOrUpdateFirst("MATCHED_VAR_NAME", key);
|
||||
trasn->m_variableMatchedVar.set(value, trasn->m_variableOffset);
|
||||
trasn->m_variableMatchedVarName.set(key, trasn->m_variableOffset);
|
||||
trasn->m_collections.store("MATCHED_VARS:" + key, value);
|
||||
trasn->m_collections.store("MATCHED_VARS_NAMES:" + key, key);
|
||||
}
|
||||
@ -183,6 +183,7 @@ void Rule::updateMatchedVars(Transaction *trasn, std::string key,
|
||||
void Rule::cleanMatchedVars(Transaction *trasn) {
|
||||
trasn->debug(4, "Matched vars cleaned.");
|
||||
trasn->m_collections.storeOrUpdateFirst("MATCHED_VAR", "");
|
||||
trasn->m_variableMatchedVar.set("", trasn->m_variableOffset);
|
||||
trasn->m_collections.del("MATCHED_VARS_NAME");
|
||||
trasn->m_collections.del("MATCHED_VARS");
|
||||
trasn->m_collections.del("MATCHED_VARS_NAMES");
|
||||
|
||||
@ -109,15 +109,9 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
|
||||
m_timeStamp(std::time(NULL)),
|
||||
m_httpCodeReturned(200),
|
||||
m_highestSeverityAction(255),
|
||||
m_ARGScombinedSize(0),
|
||||
m_ARGScombinedSizeStr(NULL),
|
||||
m_namesArgsPost(NULL),
|
||||
m_namesArgsGet(NULL),
|
||||
m_ARGScombinedSizeDouble(0),
|
||||
m_requestBodyType(UnknownFormat),
|
||||
m_requestBodyProcessor(UnknownFormat),
|
||||
m_requestHeadersNames(NULL),
|
||||
m_responseHeadersNames(NULL),
|
||||
m_responseContentType(NULL),
|
||||
m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
|
||||
m_marker(""),
|
||||
m_allowType(modsecurity::actions::disruptive::NoneAllowType),
|
||||
@ -135,23 +129,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
|
||||
std::to_string(modsecurity::utils::generate_transaction_unique_id());
|
||||
m_rules->incrementReferenceCount();
|
||||
|
||||
m_collections.store("ARGS_COMBINED_SIZE", std::string("0"));
|
||||
m_ARGScombinedSizeStr = m_collections.resolveFirst("ARGS_COMBINED_SIZE");
|
||||
m_collections.store("ARGS_POST_NAMES", std::string(""));
|
||||
this->m_namesArgsPost = m_collections.resolveFirst("ARGS_POST_NAMES");
|
||||
m_collections.store("ARGS_GET_NAMES", std::string(""));
|
||||
this->m_namesArgsGet = m_collections.resolveFirst("ARGS_GET_NAMES");
|
||||
m_collections.store("REQUEST_HEADERS_NAMES", std::string(""));
|
||||
this->m_requestHeadersNames = m_collections.resolveFirst(
|
||||
"REQUEST_HEADERS_NAMES");
|
||||
m_collections.store("RESPONSE_HEADERS_NAMES", std::string(""));
|
||||
this->m_responseHeadersNames = m_collections.resolveFirst(
|
||||
"RESPONSE_HEADERS_NAMES");
|
||||
m_collections.store("RESPONSE_CONTENT_TYPE", std::string(""));
|
||||
this->m_responseContentType = m_collections.resolveFirst(
|
||||
"RESPONSE_CONTENT_TYPE");
|
||||
|
||||
m_collections.storeOrUpdateFirst("URLENCODED_ERROR", "0");
|
||||
m_variableUrlEncodedError.set("0", 0);
|
||||
|
||||
#ifndef NO_LOGS
|
||||
this->debug(4, "Initializing transaction");
|
||||
@ -233,14 +211,13 @@ int Transaction::processConnection(const char *client, int cPort,
|
||||
debug(4, "Starting phase CONNECTION. (SecRules 0)");
|
||||
#endif
|
||||
|
||||
this->m_collections.store("REMOTE_HOST", m_clientIpAddress);
|
||||
this->m_collections.store("UNIQUE_ID", m_id);
|
||||
this->m_collections.store("REMOTE_ADDR", m_clientIpAddress);
|
||||
this->m_collections.store("SERVER_ADDR", m_serverIpAddress);
|
||||
this->m_collections.store("SERVER_PORT",
|
||||
std::to_string(this->m_serverPort));
|
||||
this->m_collections.store("REMOTE_PORT",
|
||||
std::to_string(this->m_clientPort));
|
||||
m_variableRemoteHost.set(m_clientIpAddress, m_variableOffset);
|
||||
m_variableUniqueID.set(m_id, m_variableOffset);
|
||||
m_variableRemoteAddr.set(m_clientIpAddress, m_variableOffset);
|
||||
m_variableServerAddr.set(m_serverIpAddress, m_variableOffset);
|
||||
m_variableServerPort.set(std::to_string(this->m_serverPort), m_variableOffset);
|
||||
m_variableRemotePort.set(std::to_string(this->m_clientPort), m_variableOffset);
|
||||
|
||||
this->m_rules->evaluate(modsecurity::ConnectionPhase, this);
|
||||
return true;
|
||||
}
|
||||
@ -289,7 +266,7 @@ bool Transaction::extractArguments(const std::string &orig,
|
||||
&invalid, &changed);
|
||||
|
||||
if (invalid) {
|
||||
m_collections.storeOrUpdateFirst("URLENCODED_ERROR", "1");
|
||||
m_variableUrlEncodedError.set("1", m_variableOffset);
|
||||
}
|
||||
|
||||
addArgument(orig, std::string(reinterpret_cast<char *>(key_c), key_s-1),
|
||||
@ -309,30 +286,20 @@ bool Transaction::addArgument(const std::string& orig, const std::string& key,
|
||||
key + "\", value \"" + value + "\"");
|
||||
|
||||
m_collections.store("ARGS:" + key, value);
|
||||
|
||||
if (orig == "GET") {
|
||||
m_collections.store("ARGS_GET:" + key, value);
|
||||
if (m_namesArgsGet->empty()) {
|
||||
m_namesArgsGet->assign(key);
|
||||
} else {
|
||||
m_namesArgsGet->assign(*m_namesArgsGet + " " + key);
|
||||
}
|
||||
}
|
||||
if (orig == "POST") {
|
||||
m_variableArgGetNames.append(key, 0, true);
|
||||
} else if (orig == "POST") {
|
||||
m_collections.store("ARGS_POST:" + key, value);
|
||||
if (m_namesArgsPost->empty()) {
|
||||
m_namesArgsPost->assign(key);
|
||||
} else {
|
||||
m_namesArgsPost->assign(*m_namesArgsPost + " " + key);
|
||||
}
|
||||
m_variableArgPostNames.append(key, 0, true);
|
||||
}
|
||||
|
||||
m_variableArgsNames.append(key, 0, true);
|
||||
|
||||
|
||||
this->m_ARGScombinedSize = this->m_ARGScombinedSize + \
|
||||
m_ARGScombinedSizeDouble = m_ARGScombinedSizeDouble + \
|
||||
key.length() + value.length();
|
||||
this->m_ARGScombinedSizeStr->assign(
|
||||
std::to_string(this->m_ARGScombinedSize));
|
||||
|
||||
m_variableARGScombinedSize.set(std::to_string(m_ARGScombinedSizeDouble), 0);
|
||||
|
||||
return true;
|
||||
}
|
||||
@ -377,8 +344,8 @@ int Transaction::processURI(const char *uri, const char *method,
|
||||
size_t pos = m_uri_decoded.find("?");
|
||||
size_t pos_raw = uri_s.find("?");
|
||||
|
||||
m_collections.store("REQUEST_LINE", std::string(method) + " " +
|
||||
std::string(uri) + " HTTP/" + std::string(http_version));
|
||||
m_variableRequestLine.set(std::string(method) + " " + std::string(uri)
|
||||
+ " HTTP/" + std::string(http_version), m_variableOffset);
|
||||
|
||||
if (pos != std::string::npos) {
|
||||
m_uri_no_query_string_decoded = std::string(m_uri_decoded, 0, pos);
|
||||
@ -387,8 +354,9 @@ int Transaction::processURI(const char *uri, const char *method,
|
||||
}
|
||||
|
||||
if (pos_raw != std::string::npos) {
|
||||
m_collections.store("QUERY_STRING", std::string(uri_s, pos_raw + 1,
|
||||
uri_s.length() - (pos_raw + 1)));
|
||||
std::string qry = std::string(uri_s, pos_raw + 1,
|
||||
uri_s.length() - (pos_raw + 1));
|
||||
m_variableQueryString.set(qry, m_variableOffset);
|
||||
}
|
||||
|
||||
std::string path_info;
|
||||
@ -397,18 +365,18 @@ int Transaction::processURI(const char *uri, const char *method,
|
||||
} else {
|
||||
path_info = std::string(m_uri_decoded, 0, pos);
|
||||
}
|
||||
m_collections.store("PATH_INFO", path_info);
|
||||
m_collections.store("REQUEST_FILENAME", path_info);
|
||||
m_variablePathInfo.set(path_info, m_variableOffset);
|
||||
m_variableRequestFilename.set(path_info, m_variableOffset);
|
||||
|
||||
size_t offset = path_info.find_last_of("/\\");
|
||||
if (offset != std::string::npos && path_info.length() > offset + 1) {
|
||||
std::string basename = std::string(path_info, offset + 1,
|
||||
path_info.length() - (offset + 1));
|
||||
m_collections.store("REQUEST_BASENAME", basename);
|
||||
m_variableRequestBasename.set(basename, m_variableOffset);
|
||||
}
|
||||
m_collections.store("REQUEST_METHOD", method);
|
||||
m_collections.store("REQUEST_PROTOCOL",
|
||||
"HTTP/" + std::string(http_version));
|
||||
m_variableRequestMethod.set(method, m_variableOffset);
|
||||
m_variableRequestProtocol.set("HTTP/" + std::string(http_version),
|
||||
m_variableOffset);
|
||||
|
||||
std::string parsedURI = m_uri_decoded;
|
||||
// The more popular case is without domain
|
||||
@ -434,8 +402,8 @@ int Transaction::processURI(const char *uri, const char *method,
|
||||
}
|
||||
}
|
||||
|
||||
m_collections.store("REQUEST_URI", parsedURI);
|
||||
m_collections.store("REQUEST_URI_RAW", uri);
|
||||
m_variableRequestURI.set(parsedURI, m_variableOffset);
|
||||
m_variableRequestURIRaw.set(uri, m_variableOffset);
|
||||
|
||||
if (pos != std::string::npos && (m_uri_decoded.length() - pos) > 2) {
|
||||
extractArguments("GET", std::string(uri_s, pos_raw + 1,
|
||||
@ -496,14 +464,14 @@ int Transaction::processRequestHeaders() {
|
||||
*/
|
||||
int Transaction::addRequestHeader(const std::string& key,
|
||||
const std::string& value) {
|
||||
m_requestHeadersNames->assign(*m_requestHeadersNames + " " + key);
|
||||
m_variableRequestHeadersNames.append(key, 0, true);
|
||||
|
||||
this->m_collections.store("REQUEST_HEADERS:" + key, value);
|
||||
|
||||
std::string keyl = utils::string::tolower(key);
|
||||
if (keyl == "authorization") {
|
||||
std::vector<std::string> type = utils::string::split(value, ' ');
|
||||
this->m_collections.store("AUTH_TYPE", type[0]);
|
||||
m_variableAuthType.set(type[0], m_variableOffset);
|
||||
}
|
||||
|
||||
if (keyl == "cookie") {
|
||||
@ -535,18 +503,18 @@ int Transaction::addRequestHeader(const std::string& key,
|
||||
std::string l = utils::string::tolower(value);
|
||||
if (l.compare(0, multipart.length(), multipart) == 0) {
|
||||
this->m_requestBodyType = MultiPartRequestBody;
|
||||
m_collections.store("REQBODY_PROCESSOR", "MULTIPART");
|
||||
m_variableReqbodyProcessor.set("MULTIPART", m_variableOffset);
|
||||
}
|
||||
|
||||
if (l == "application/x-www-form-urlencoded") {
|
||||
this->m_requestBodyType = WWWFormUrlEncoded;
|
||||
m_collections.store("REQBODY_PROCESSOR", "URLENCODED");
|
||||
m_variableReqbodyProcessor.set("URLENCODED", m_variableOffset);
|
||||
}
|
||||
}
|
||||
|
||||
if (keyl == "host") {
|
||||
std::vector<std::string> host = utils::string::split(value, ':');
|
||||
m_collections.store("SERVER_NAME", host[0]);
|
||||
m_variableServerName.set(host[0], m_variableOffset);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
@ -637,8 +605,8 @@ int Transaction::processRequestBody() {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (m_collections.resolveFirst("INBOUND_DATA_ERROR") == NULL) {
|
||||
m_collections.store("INBOUND_DATA_ERROR", "0");
|
||||
if (m_variableInboundDataError.m_value.empty() == true) {
|
||||
m_variableInboundDataError.set("0", m_variableOffset);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -658,15 +626,15 @@ int Transaction::processRequestBody() {
|
||||
m_xml->complete(&error);
|
||||
}
|
||||
if (error.empty() == false) {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR_MSG",
|
||||
"XML parsing error: " + error);
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR_MSG",
|
||||
"XML parsing error: " + error);
|
||||
m_variableReqbodyError.set("1", m_variableOffset);
|
||||
m_variableReqbodyErrorMsg.set("XML parsing error: " + error,
|
||||
m_variableOffset);
|
||||
m_variableReqbodyProcessorErrorMsg.set("XML parsing error: " \
|
||||
+ error, m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("1", m_variableOffset);
|
||||
} else {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "0");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "0");
|
||||
m_variableReqbodyError.set("1", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("0", m_variableOffset);
|
||||
}
|
||||
} else if (m_requestBodyProcessor == JSONRequestBody) {
|
||||
std::string error;
|
||||
@ -677,15 +645,15 @@ int Transaction::processRequestBody() {
|
||||
m_json->complete(&error);
|
||||
}
|
||||
if (error.empty() == false) {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR_MSG",
|
||||
"XML parsing error: " + error);
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR_MSG",
|
||||
"XML parsing error: " + error);
|
||||
m_variableReqbodyError.set("1", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("1", m_variableOffset);
|
||||
m_variableReqbodyErrorMsg.set("XML parsing error: " + error,
|
||||
m_variableOffset);
|
||||
m_variableReqbodyProcessorErrorMsg.set("XML parsing error: " \
|
||||
+ error, m_variableOffset);
|
||||
} else {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "0");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "0");
|
||||
m_variableReqbodyError.set("0", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("0", m_variableOffset);
|
||||
}
|
||||
} else if (m_requestBodyType == MultiPartRequestBody) {
|
||||
std::string error;
|
||||
@ -700,15 +668,15 @@ int Transaction::processRequestBody() {
|
||||
m.multipart_complete(&error);
|
||||
}
|
||||
if (error.empty() == false) {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR_MSG",
|
||||
"Multipart parsing error: " + error);
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR_MSG",
|
||||
"Multipart parsing error: " + error);
|
||||
m_variableReqbodyError.set("1", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("1", m_variableOffset);
|
||||
m_variableReqbodyErrorMsg.set("Multipart parsing error: " + error,
|
||||
m_variableOffset);
|
||||
m_variableReqbodyProcessorErrorMsg.set("Multipart parsing " \
|
||||
"error: " + error, m_variableOffset);
|
||||
} else {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "0");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "0");
|
||||
m_variableReqbodyError.set("0", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("0", m_variableOffset);
|
||||
}
|
||||
} else if (m_requestBodyType == WWWFormUrlEncoded) {
|
||||
extractArguments("POST", m_requestBody.str());
|
||||
@ -720,15 +688,15 @@ int Transaction::processRequestBody() {
|
||||
if (a != NULL && a->empty() == false) {
|
||||
error.assign(*a);
|
||||
}
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "1");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR_MSG",
|
||||
"Unknown request body processor: " + error);
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR_MSG",
|
||||
"Unknown request body processor: " + error);
|
||||
m_variableReqbodyError.set("1", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("1", m_variableOffset);
|
||||
m_variableReqbodyErrorMsg.set("Unknown request body processor: " \
|
||||
+ error, m_variableOffset);
|
||||
m_variableReqbodyProcessorErrorMsg.set("Unknown request body " \
|
||||
"processor: " + error, m_variableOffset);
|
||||
} else {
|
||||
m_collections.storeOrUpdateFirst("REQBODY_ERROR", "0");
|
||||
m_collections.storeOrUpdateFirst("REQBODY_PROCESSOR_ERROR", "0");
|
||||
m_variableReqbodyError.set("0", m_variableOffset);
|
||||
m_variableReqbodyProcessorError.set("0", m_variableOffset);
|
||||
}
|
||||
|
||||
#if 1
|
||||
@ -774,14 +742,15 @@ int Transaction::processRequestBody() {
|
||||
|
||||
fullRequest = fullRequest + "\n\n";
|
||||
fullRequest = fullRequest + m_requestBody.str();
|
||||
m_collections.store("FULL_REQUEST", fullRequest);
|
||||
m_collections.store("FULL_REQUEST_LENGTH",
|
||||
std::to_string(fullRequest.size()));
|
||||
m_variableFullRequest.set(fullRequest, m_variableOffset);
|
||||
m_variableFullRequestLength.set(std::to_string(fullRequest.size()),
|
||||
m_variableOffset);
|
||||
|
||||
if (m_requestBody.tellp() > 0) {
|
||||
m_collections.store("REQUEST_BODY", m_requestBody.str());
|
||||
m_collections.store("REQUEST_BODY_LENGTH",
|
||||
std::to_string(m_requestBody.str().size()));
|
||||
m_variableRequestBody.set(m_requestBody.str(), m_variableOffset);
|
||||
m_variableRequestBodyLength.set(std::to_string(
|
||||
m_requestBody.str().size()),
|
||||
m_variableOffset);
|
||||
}
|
||||
|
||||
this->m_rules->evaluate(modsecurity::RequestBodyPhase, this);
|
||||
@ -853,7 +822,7 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
|
||||
|
||||
if (this->m_rules->m_requestBodyLimit.m_value > 0
|
||||
&& this->m_rules->m_requestBodyLimit.m_value < len + current_size) {
|
||||
m_collections.store("INBOUND_DATA_ERROR", "1");
|
||||
m_variableInboundDataError.set("1", m_variableOffset);
|
||||
#ifndef NO_LOGS
|
||||
debug(5, "Request body is bigger than the maximum expected.");
|
||||
#endif
|
||||
@ -913,8 +882,8 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
|
||||
#endif
|
||||
|
||||
this->m_httpCodeReturned = code;
|
||||
this->m_collections.store("RESPONSE_STATUS", std::to_string(code));
|
||||
m_collections.store("RESPONSE_PROTOCOL", proto);
|
||||
m_variableResponseStatus.set(std::to_string(code), m_variableOffset);
|
||||
m_variableResponseProtocol.set(proto, m_variableOffset);
|
||||
|
||||
if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {
|
||||
#ifndef NO_LOGS
|
||||
@ -948,7 +917,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
|
||||
*/
|
||||
int Transaction::addResponseHeader(const std::string& key,
|
||||
const std::string& value) {
|
||||
m_responseHeadersNames->assign(*m_responseHeadersNames + " " + key);
|
||||
m_variableResponseHeadersNames.append(key, 0, true);
|
||||
|
||||
this->m_collections.store("RESPONSE_HEADERS:" + key, value);
|
||||
|
||||
@ -957,7 +926,7 @@ int Transaction::addResponseHeader(const std::string& key,
|
||||
// Content-Type: text/html; charset=UTF-8
|
||||
std::vector<std::string> val = utils::string::split(value, ';');
|
||||
if (val.size() > 0) {
|
||||
this->m_responseContentType->assign(val[0]);
|
||||
m_variableResponseContentType.set(val[0], 0);
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
@ -1050,10 +1019,10 @@ int Transaction::processResponseBody() {
|
||||
}
|
||||
|
||||
std::set<std::string> &bi = this->m_rules->m_responseBodyTypeToBeInspected;
|
||||
auto t = bi.find(*m_responseContentType);
|
||||
auto t = bi.find(m_variableResponseContentType.m_value);
|
||||
if (t == bi.end() && bi.empty() == false) {
|
||||
#ifndef NO_LOGS
|
||||
debug(5, "Response Content-Type is " + *m_responseContentType + \
|
||||
debug(5, "Response Content-Type is " + m_variableResponseContentType.m_value + \
|
||||
". It is not marked to be inspected.");
|
||||
std::string validContetTypes("");
|
||||
for (std::set<std::string>::iterator i = bi.begin();
|
||||
@ -1064,13 +1033,12 @@ int Transaction::processResponseBody() {
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
if (m_collections.resolveFirst("OUTBOUND_DATA_ERROR") == NULL) {
|
||||
m_collections.store("OUTBOUND_DATA_ERROR", "0");
|
||||
if (m_variableOutboundDataError.m_value.empty() == true) {
|
||||
m_variableOutboundDataError.set("0", m_variableOffset);
|
||||
}
|
||||
|
||||
m_collections.store("RESPONSE_BODY", m_responseBody.str());
|
||||
m_collections.store("RESPONSE_CONTENT_LENGTH",
|
||||
std::to_string(m_responseBody.str().size()));
|
||||
m_variableResponseBody.set(m_responseBody.str(), m_variableOffset);
|
||||
m_variableResponseContentLength.set(std::to_string(m_responseBody.str().size()), m_variableOffset);
|
||||
|
||||
this->m_rules->evaluate(modsecurity::ResponseBodyPhase, this);
|
||||
return true;
|
||||
@ -1099,11 +1067,11 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
|
||||
int current_size = this->m_responseBody.tellp();
|
||||
|
||||
std::set<std::string> &bi = this->m_rules->m_responseBodyTypeToBeInspected;
|
||||
auto t = bi.find(*m_responseContentType);
|
||||
auto t = bi.find(m_variableResponseContentType.m_value);
|
||||
if (t == bi.end() && bi.empty() == false) {
|
||||
#ifndef NO_LOGS
|
||||
debug(4, "Not appending response body. " \
|
||||
"Response Content-Type is " + *m_responseContentType + \
|
||||
"Response Content-Type is " + m_variableResponseContentType.m_value + \
|
||||
". It is not marked to be inspected.");
|
||||
#endif
|
||||
return true;
|
||||
@ -1117,7 +1085,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
|
||||
|
||||
if (this->m_rules->m_responseBodyLimit.m_value > 0
|
||||
&& this->m_rules->m_responseBodyLimit.m_value < len + current_size) {
|
||||
m_collections.store("OUTBOUND_DATA_ERROR", "1");
|
||||
m_variableOutboundDataError.set("1", m_variableOffset);
|
||||
#ifndef NO_LOGS
|
||||
debug(5, "Response body is bigger than the maximum expected.");
|
||||
#endif
|
||||
|
||||
@ -38,7 +38,7 @@ class XML : public Variable {
|
||||
|
||||
void evaluateInternal(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const collection::Variable *> *l) override;
|
||||
std::vector<const collection::Variable *> *l);
|
||||
std::string m_plain;
|
||||
};
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user