github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Handling key exceptions on the variable itself

Browse Source 
This is the first step towords to solve #1697
This commit is contained in:
Felipe Zimmerle
2018-09-20 09:08:08 -03:00
parent 0d53111cb0
commit ee50fea266
54 changed files with 2337 additions and 2080 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
headers/modsecurity/anchored_set_variable.h
View File

@@ -41,6 +41,9 @@ class Transaction;
namespace Utils {
class Regex;
}
namespace Variables {
class KeyExclusions;
}
struct MyEqual {
@@ -82,6 +85,8 @@ class AnchoredSetVariable : public std::unordered_multimap<std::string,
void setCopy(std::string key, std::string value, size_t offset);
void resolve(std::vector<const VariableValue *> *l);
void resolve(std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke);
void resolve(const std::string &key,
std::vector<const VariableValue *> *l);
@@ -89,6 +94,10 @@ class AnchoredSetVariable : public std::unordered_multimap<std::string,
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l);
void resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke);
std::unique_ptr<std::string> resolveFirst(const std::string &key);
Transaction *m_transaction;

30
headers/modsecurity/collection/collection.h
View File

@@ -37,11 +37,14 @@ typedef struct Variable_t Variables;
#ifdef __cplusplus
namespace modsecurity {
namespace Variables {
class KeyExclusions;
}
namespace collection {
class Collection {
public:
Collection(std::string a) : m_name(a) { }
explicit Collection(std::string a) : m_name(a) { }
virtual ~Collection() { }
virtual void store(std::string key, std::string value) = 0;
@@ -59,9 +62,11 @@ class Collection {
virtual void resolveSingleMatch(const std::string& var,
std::vector<const VariableValue *> *l) = 0;
virtual void resolveMultiMatches(const std::string& var,
std::vector<const VariableValue *> *l) = 0;
std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) = 0;
virtual void resolveRegularExpression(const std::string& var,
std::vector<const VariableValue *> *l) = 0;
std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) = 0;
/* store */
@@ -157,33 +162,36 @@ class Collection {
/* resolveMultiMatches */
virtual void resolveMultiMatches(const std::string& var,
std::string compartment, std::vector<const VariableValue *> *l) {
std::string compartment, std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + var;
resolveMultiMatches(nkey, l);
resolveMultiMatches(nkey, l, ke);
}
virtual void resolveMultiMatches(const std::string& var,
std::string compartment, std::string compartment2,
std::vector<const VariableValue *> *l) {
std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + compartment2 + "::" + var;
resolveMultiMatches(nkey, l);
resolveMultiMatches(nkey, l, ke);
}
/* resolveRegularExpression */
virtual void resolveRegularExpression(const std::string& var,
std::string compartment, std::vector<const VariableValue *> *l) {
std::string compartment, std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + var;
resolveRegularExpression(nkey, l);
resolveRegularExpression(nkey, l, ke);
}
virtual void resolveRegularExpression(const std::string& var,
std::string compartment, std::string compartment2,
std::vector<const VariableValue *> *l) {
std::vector<const VariableValue *> *l, Variables::KeyExclusions &ke) {
std::string nkey = compartment + "::" + compartment2 + "::" + var;
resolveRegularExpression(nkey, l);
resolveRegularExpression(nkey, l, ke);
}
std::string m_name;

11
headers/modsecurity/rules_properties.h
View File

@@ -371,8 +371,9 @@ class RulesProperties {
from->m_responseBodyTypeToBeInspected.m_value.clear();
} else {
for (std::set<std::string>::iterator
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end(); ++it) {
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end();
++it) {
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
}
}
@@ -433,7 +434,7 @@ class RulesProperties {
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_to = to+i;
std::vector<modsecurity::Rule *> *rules_from = from+i;
// TODO: std::vector could be replaced with something more efficient.
// FIXME: std::vector could be replaced with something more efficient.
std::vector<int64_t> v;
v.reserve(rules_to->size());
for (size_t z = 0; z < rules_to->size(); z++) {
@@ -443,11 +444,11 @@ class RulesProperties {
}
v.push_back(rule_ckc->m_ruleId);
}
std::sort (v.begin(), v.end());
std::sort(v.begin(), v.end());
for (size_t j = 0; j < rules_from->size(); j++) {
Rule *rule = rules_from->at(j);
if (std::binary_search (v.begin(), v.end(), rule->m_ruleId)) {
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " \
<< std::to_string(rule->m_ruleId) \

4
headers/modsecurity/transaction.h
View File

@@ -40,8 +40,8 @@ typedef struct Transaction_t Transaction;
typedef struct Rules_t Rules;
#endif
#include "anchored_set_variable.h"
#include "anchored_variable.h"
#include "modsecurity/anchored_set_variable.h"
#include "modsecurity/anchored_variable.h"
#include "modsecurity/intervention.h"
#include "modsecurity/collection/collections.h"
#include "modsecurity/variable_value.h"

32
headers/modsecurity/variable_value.h
View File

@@ -24,8 +24,8 @@
#include "modsecurity/variable_origin.h"
#ifndef HEADERS_MODSECURITY_VARIABLE_H_
#define HEADERS_MODSECURITY_VARIABLE_H_
#ifndef HEADERS_MODSECURITY_VARIABLE_VALUE_H_
#define HEADERS_MODSECURITY_VARIABLE_VALUE_H_
#ifndef __cplusplus
typedef struct Variable_t VariableValue;
@@ -37,42 +37,44 @@ namespace modsecurity {
class Collection;
class VariableValue {
public:
explicit VariableValue(const std::string *key) :
m_key(""),
explicit VariableValue(const std::string *key)
: m_key(""),
m_value("") {
m_key.assign(*key);
m_keyWithCollection = std::make_shared<std::string>(*key);
}
VariableValue(const std::string *key, const std::string *value) :
m_key(""),
VariableValue(const std::string *key, const std::string *value)
: m_key(""),
m_value("") {
m_key.assign(*key);
m_value.assign(*value);
m_keyWithCollection = std::make_shared<std::string>(*key);
}
VariableValue() :
m_key(""),
VariableValue()
: m_key(""),
m_value("") {
m_keyWithCollection = std::make_shared<std::string>(m_key);
}
VariableValue(const std::string *a, const std::string *b, const std::string *c) :
m_key(*a + ":" + *b),
VariableValue(const std::string *a, const std::string *b,
const std::string *c)
: m_key(*a + ":" + *b),
m_value(*c) {
m_keyWithCollection = std::make_shared<std::string>(*a + ":" + *b);
}
VariableValue(std::shared_ptr<std::string> fullName) :
m_key(""),
explicit VariableValue(std::shared_ptr<std::string> fullName)
: m_key(""),
m_value("") {
m_keyWithCollection = fullName;
m_key.assign(*fullName.get());
}
VariableValue(std::shared_ptr<std::string> fullName, const std::string *value) :
m_key(""),
VariableValue(std::shared_ptr<std::string> fullName,
const std::string *value)
: m_key(""),
m_value("") {
m_value.assign(*value);
m_keyWithCollection = fullName;
@@ -106,4 +108,4 @@ class VariableValue {
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_VARIABLE_H_
#endif // HEADERS_MODSECURITY_VARIABLE_VALUE_H_