github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-12-31 21:59:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support for SecRuleRemoveByTag

Browse Source
This commit is contained in:
Felipe Zimmerle
2017-11-07 14:51:38 -03:00
parent 381cf8ac21
commit ec667a4609
12 changed files with 5509 additions and 5229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3513
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

989
src/parser/seclang-parser.hh
View File

File diff suppressed because it is too large Load Diff

14
src/parser/seclang-parser.yy
View File

@@ -574,6 +574,7 @@ using modsecurity::operators::Operator;
CONFIG_SEC_REMOTE_RULES_FAIL_ACTION "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
CONFIG_SEC_RULE_REMOVE_BY_ID "CONFIG_SEC_RULE_REMOVE_BY_ID"
CONFIG_SEC_RULE_REMOVE_BY_MSG "CONFIG_SEC_RULE_REMOVE_BY_MSG"
CONFIG_SEC_RULE_REMOVE_BY_TAG "CONFIG_SEC_RULE_REMOVE_BY_TAG"
CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG"
CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG"
CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID"
@@ -1264,6 +1265,19 @@ expression:
YYERROR;
}
}
| CONFIG_SEC_RULE_REMOVE_BY_TAG
{
std::string error;
if (driver.m_exceptions.loadRemoveRuleByTag($1, &error) == false) {
std::stringstream ss;
ss << "SecRuleRemoveByTag: failed to load:";
ss << $1;
ss << ". ";
ss << error;
driver.error(@0, ss.str());
YYERROR;
}
}
| CONFIG_SEC_RULE_REMOVE_BY_MSG
{
std::string error;

6006
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

4
src/parser/seclang-scanner.ll
View File

@@ -296,6 +296,7 @@ CONFIG_SEC_REMOTE_RULES (?i:SecRemoteRules)
CONFIG_SEC_REMOTE_RULES_FAIL_ACTION (?i:SecRemoteRulesFailAction)
CONFIG_SEC_REMOVE_RULES_BY_ID (?i:SecRuleRemoveById)
CONFIG_SEC_REMOVE_RULES_BY_MSG (?i:SecRuleRemoveByMsg)
CONFIG_SEC_REMOVE_RULES_BY_TAG (?i:SecRuleRemoveByTag)
CONFIG_SEC_UPDATE_TARGET_BY_TAG (?i:SecRuleUpdateTargetByTag)
CONFIG_SEC_UPDATE_TARGET_BY_MSG (?i:SecRuleUpdateTargetByMsg)
CONFIG_SEC_UPDATE_TARGET_BY_ID (?i:SecRuleUpdateTargetById)
@@ -630,6 +631,9 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_TAG}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_REMOVE_RULES_BY_TAG}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return
p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_UPDATE_TARGET_BY_TAG}[ ]+["]{FREE_TEXT_NEW_LINE}["] { state_variable_from = 1; BEGIN(TRANSACTION_TO_VARIABLE); return p::make_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_UPDATE_TARGET_BY_TAG}[ ]+{FREE_TEXT_SPACE_COMMA_QUOTE} { state_variable_from = 1; BEGIN(TRANSACTION_TO_VARIABLE); return p::make_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_SEC_UPDATE_TARGET_BY_MSG}[ ]+["]{FREE_TEXT_NEW_LINE}["] { state_variable_from = 1; BEGIN(TRANSACTION_TO_VARIABLE); return p::make_CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }

25
src/rules.cc
View File

@@ -202,14 +202,27 @@ int Rules::evaluate(int phase, Transaction *transaction) {
} else if (m_exceptions.contains(rule->m_ruleId)) {
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "'. Removed by an SecRuleRemove directive.");
} else if (m_exceptions.m_remove_rule_by_msg.empty() == false) {
for (auto &z : m_exceptions.m_remove_rule_by_msg) {
if (rule->containsMsg(z, transaction) == true) {
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "'. Removed by a SecRuleRemoveByMsg directive.");
} else {
if (m_exceptions.m_remove_rule_by_msg.empty() == false) {
for (auto &z : m_exceptions.m_remove_rule_by_msg) {
if (rule->containsMsg(z, transaction) == true) {
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "'. Removed by a SecRuleRemoveByMsg directive.");
return 1;
}
}
}
} else {
if (m_exceptions.m_remove_rule_by_tag.empty() == false) {
for (auto &z : m_exceptions.m_remove_rule_by_tag) {
if (rule->containsTag(z, transaction) == true) {
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "'. Removed by a SecRuleRemoveByTag directive.");
return 1;
}
}
}
rule->evaluate(transaction, NULL);
if (transaction->m_it.disruptive == true) {
debug(8, "Skipping this phase as this " \

12
src/rules_exceptions.cc
View File

@@ -39,6 +39,14 @@ bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg,
}
bool RulesExceptions::loadRemoveRuleByTag(const std::string &msg,
std::string *error) {
m_remove_rule_by_tag.push_back(msg);
return true;
}
bool RulesExceptions::loadUpdateTargetByMsg(const std::string &msg,
std::unique_ptr<std::vector<std::unique_ptr<Variables::Variable> > > var,
std::string *error) {
@@ -190,6 +198,10 @@ bool RulesExceptions::merge(RulesExceptions& from) {
m_remove_rule_by_msg.push_back(p);
}
for (auto &p : from.m_remove_rule_by_tag) {
m_remove_rule_by_tag.push_back(p);
}
return true;
}