github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds first PoC for the operator offset feature

Browse Source
This commit is contained in:
Felipe Zimmerle
2017-01-19 14:34:48 -03:00
committed by Felipe Zimmerle
parent 9a8fc3116a
commit ecbf292f6d
89 changed files with 2908 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
headers/modsecurity/collection/variable.h
View File

@@ -16,13 +16,15 @@
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <memory>
#endif
#include "modsecurity/variable_origin.h"
#ifndef HEADERS_MODSECURITY_COLLECTION_VARIABLE_H_
#define HEADERS_MODSECURITY_COLLECTION_VARIABLE_H_
#ifndef __cplusplus
typedef struct Variable_t Variable;
#endif
@@ -54,6 +56,7 @@ class Variable {
const std::string *m_value;
bool m_dynamic_value;
bool m_dynamic;
std::list<std::unique_ptr<VariableOrigin>> m_orign;
};
} // namespace collection

9
headers/modsecurity/rule.h
View File

@@ -55,10 +55,15 @@ class Rule {
std::vector<const collection::Variable *> getFinalVars(Transaction *trasn);
void executeActionsAfterFullMatch(Transaction *trasn,
bool containsDisruptive, RuleMessage *ruleMessage);
std::vector<std::string *> executeSecDefaultActionTransofrmations(
std::list<
std::pair<
std::unique_ptr<std::string>,
std::unique_ptr<std::string>
>
> executeSecDefaultActionTransofrmations(
Transaction *trasn, const std::string &value, bool multiMatch);
bool executeOperatorAt(Transaction *trasn, std::string key,
std::string value);
std::string value, RuleMessage *rm);
void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
bool *b, RuleMessage *ruleMessage);
std::string resolveMatchMessage(std::string key, std::string value);

2
headers/modsecurity/rule_message.h
View File

@@ -67,6 +67,8 @@ class RuleMessage {
std::string m_rev;
int m_maturity;
int m_accuracy;
std::string m_reference;
std::string m_referenceOp;
std::list<std::string> m_tags;
std::list<std::string> m_server_logs;

65
headers/modsecurity/transaction.h
View File

@@ -43,6 +43,7 @@ typedef struct Rules_t Rules;
#include "modsecurity/collection/collections.h"
#include "modsecurity/collection/variable.h"
#include "modsecurity/collection/collection.h"
#include "modsecurity/variable_origin.h"
#define LOGFY_ADD(a, b) \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
@@ -86,36 +87,69 @@ class Operator;
}
class VariableOriginRequest : public VariableOrigin {
public:
VariableOriginRequest()
: m_length(0),
m_offset(0) { }
std::string toText() {
#if 0
return "Variable origin was extracted straight from " \
"request/response, offset: " + std::to_string(m_offset) + \
", length: " + std::to_string(m_length) + ".";
#else
return "rr:" + std::to_string(m_offset) + "," \
+ std::to_string(m_length);
#endif
}
int m_length;
int m_offset;
};
class AnchoredVariable {
public:
AnchoredVariable(Transaction *t, std::string name)
: m_offset(0),
m_name(name),
: m_name(""),
m_transaction(t),
m_value("") { }
size_t m_offset;
std::string m_value;
Transaction *m_transaction;
std::string m_name;
m_value("") {
m_name.append(name);
m_var = new collection::Variable(&m_name);
m_var->m_dynamic = false;
m_var->m_value = &m_value;
}
void set(const std::string &a, size_t offset) {
m_value = a;
std::unique_ptr<VariableOriginRequest> origin (new VariableOriginRequest());
m_offset = offset;
m_value.assign(a.c_str(), a.size());
origin->m_offset = offset;
origin->m_length = m_value.size();
m_var->m_orign.push_back(std::move(origin));
}
void append(const std::string &a, size_t offset,
bool spaceSeparator = false) {
std::unique_ptr<VariableOriginRequest> origin (new VariableOriginRequest());
if (spaceSeparator && !m_value.empty()) {
m_value.append(" " + a);
} else {
m_value.append(a);
}
m_offset = offset;
origin->m_offset = offset;
origin->m_length = a.size();
m_var->m_orign.push_back(std::move(origin));
}
void evaluate(std::vector<const collection::Variable *> *l) {
l->push_back(new collection::Variable(&m_name,
&m_value));
if (m_name.empty() || m_var->m_key == NULL
|| m_var->m_value == NULL || m_var->m_key->empty()) {
return;
}
l->push_back(m_var);
}
std::string *evaluate() {
@@ -124,6 +158,12 @@ class AnchoredVariable {
}
return &m_value;
}
int m_offset;
std::string m_value;
Transaction *m_transaction;
std::string m_name;
collection::Variable *m_var;
};
@@ -310,8 +350,9 @@ class Transaction : public TransactionAnchoredVariables {
bool intervention(ModSecurityIntervention *it);
bool addArgument(const std::string& orig, const std::string& key,
const std::string& value);
bool extractArguments(const std::string &orig, const std::string& buf);
const std::string& value, size_t offset);
bool extractArguments(const std::string &orig, const std::string& buf,
size_t offset);
const char *getResponseBody();
int getResponseBodyLenth();

46
headers/modsecurity/variable_origin.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <string>
#endif
#ifndef HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_
#define HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_
#ifndef __cplusplus
typedef struct DebugLog_t DebugLog;
#endif
#ifdef __cplusplus
namespace modsecurity {
/** @ingroup ModSecurity_CPP_API */
class VariableOrigin {
public:
VariableOrigin() { }
virtual std::string toText() = 0;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_VARIABLE_ORIGIN_H_