Handling key exceptions on the variable itself

This is the first step towords to solve #1697
2025-09-29 19:24:29 +03:00 · 2018-09-20 09:08:08 -03:00
parent 0d53111cb0
commit ee50fea266
54 changed files with 2337 additions and 2080 deletions
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
@@ -836,6 +836,7 @@ namespace yy {
      char dummy5[sizeof(std::unique_ptr<actions::Action>)];

      // variables
+      // variables_pre_process
      // variables_may_be_quoted
      char dummy6[sizeof(std::unique_ptr<std::vector<std::unique_ptr<Variable> > > )];

@@ -2874,9 +2875,9 @@ namespace yy {
    enum
    {
      yyeof_ = 0,
-      yylast_ = 3319,     ///< Last index in yytable_.
-      yynnts_ = 15,  ///< Number of nonterminal symbols.
-      yyfinal_ = 335, ///< Termination state number.
+      yylast_ = 3320,     ///< Last index in yytable_.
+      yynnts_ = 16,  ///< Number of nonterminal symbols.
+      yyfinal_ = 336, ///< Termination state number.
      yyterror_ = 1,
      yyerrcode_ = 256,
      yyntokens_ = 339  ///< Number of tokens.
@@ -3191,21 +3192,22 @@ namespace yy {
        value.copy< std::unique_ptr<Operator> > (other.value);
        break;

-      case 353: // run_time_string
+      case 354: // run_time_string
        value.copy< std::unique_ptr<RunTimeString> > (other.value);
        break;

-      case 350: // var
+      case 351: // var
        value.copy< std::unique_ptr<Variable> > (other.value);
        break;

-      case 351: // act
-      case 352: // setvar_action
+      case 352: // act
+      case 353: // setvar_action
        value.copy< std::unique_ptr<actions::Action> > (other.value);
        break;

      case 348: // variables
-      case 349: // variables_may_be_quoted
+      case 349: // variables_pre_process
+      case 350: // variables_may_be_quoted
        value.copy< std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > (other.value);
        break;

@@ -3432,21 +3434,22 @@ namespace yy {
        value.copy< std::unique_ptr<Operator> > (v);
        break;

-      case 353: // run_time_string
+      case 354: // run_time_string
        value.copy< std::unique_ptr<RunTimeString> > (v);
        break;

-      case 350: // var
+      case 351: // var
        value.copy< std::unique_ptr<Variable> > (v);
        break;

-      case 351: // act
-      case 352: // setvar_action
+      case 352: // act
+      case 353: // setvar_action
        value.copy< std::unique_ptr<actions::Action> > (v);
        break;

      case 348: // variables
-      case 349: // variables_may_be_quoted
+      case 349: // variables_pre_process
+      case 350: // variables_may_be_quoted
        value.copy< std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > (v);
        break;

@@ -3746,21 +3749,22 @@ namespace yy {
        value.template destroy< std::unique_ptr<Operator> > ();
        break;

-      case 353: // run_time_string
+      case 354: // run_time_string
        value.template destroy< std::unique_ptr<RunTimeString> > ();
        break;

-      case 350: // var
+      case 351: // var
        value.template destroy< std::unique_ptr<Variable> > ();
        break;

-      case 351: // act
-      case 352: // setvar_action
+      case 352: // act
+      case 353: // setvar_action
        value.template destroy< std::unique_ptr<actions::Action> > ();
        break;

      case 348: // variables
-      case 349: // variables_may_be_quoted
+      case 349: // variables_pre_process
+      case 350: // variables_may_be_quoted
        value.template destroy< std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ();
        break;

@@ -3993,21 +3997,22 @@ namespace yy {
        value.move< std::unique_ptr<Operator> > (s.value);
        break;

-      case 353: // run_time_string
+      case 354: // run_time_string
        value.move< std::unique_ptr<RunTimeString> > (s.value);
        break;

-      case 350: // var
+      case 351: // var
        value.move< std::unique_ptr<Variable> > (s.value);
        break;

-      case 351: // act
-      case 352: // setvar_action
+      case 352: // act
+      case 353: // setvar_action
        value.move< std::unique_ptr<actions::Action> > (s.value);
        break;

      case 348: // variables
-      case 349: // variables_may_be_quoted
+      case 349: // variables_pre_process
+      case 350: // variables_may_be_quoted
        value.move< std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > (s.value);
        break;

@@ -6134,7 +6139,7 @@ namespace yy {


 } // yy
-#line 6138 "seclang-parser.hh" // lalr1.cc:379
+#line 6143 "seclang-parser.hh" // lalr1.cc:379



--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -725,7 +725,7 @@ using modsecurity::operators::Operator;
  op
 ;

-
+%type <std::unique_ptr<std::vector<std::unique_ptr<Variable> > > > variables_pre_process
 %type <std::unique_ptr<std::vector<std::unique_ptr<Variable> > > > variables_may_be_quoted
 %type <std::unique_ptr<std::vector<std::unique_ptr<Variable> > > > variables
 %type <std::unique_ptr<Variable>> var
@@ -1443,7 +1443,7 @@ expression:
            YYERROR;
        }
      }
-    | CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG variables
+    | CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG variables_pre_process
      {
        std::string error;
        if (driver.m_exceptions.loadUpdateTargetByTag($1, std::move($2), &error) == false) {
@@ -1456,7 +1456,7 @@ expression:
            YYERROR;
        }
      }
-    | CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG variables
+    | CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG variables_pre_process
      {
        std::string error;
        if (driver.m_exceptions.loadUpdateTargetByMsg($1, std::move($2), &error) == false) {
@@ -1469,7 +1469,7 @@ expression:
            YYERROR;
        }
      }
-    | CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID variables
+    | CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID variables_pre_process
      {
        std::string error;
        double ruleId;
@@ -1723,6 +1723,43 @@ expression:
    ;

 variables:
+    variables_pre_process
+      {
+        std::unique_ptr<std::vector<std::unique_ptr<Variable> > > originalList = std::move($1);
+        std::unique_ptr<std::vector<std::unique_ptr<Variable>>> newList(new std::vector<std::unique_ptr<Variable>>());
+        std::unique_ptr<std::vector<std::unique_ptr<Variable>>> newNewList(new std::vector<std::unique_ptr<Variable>>());
+        std::unique_ptr<std::vector<std::unique_ptr<Variable>>> exclusionVars(new std::vector<std::unique_ptr<Variable>>());
+        while (!originalList->empty()) {
+            std::unique_ptr<Variable> var = std::move(originalList->back());
+            originalList->pop_back();
+            if (var->m_isExclusion) {
+                exclusionVars->push_back(std::move(var));
+            } else {
+                newList->push_back(std::move(var));
+            }
+        }
+
+        while (!newList->empty()) {
+            bool doNotAdd = false;
+            std::unique_ptr<Variable> var = std::move(newList->back());
+            newList->pop_back();
+            for (auto &i : *exclusionVars) {
+                if (*var == *i) {
+                    doNotAdd = true;
+                }
+                if (i->belongsToCollection(var.get())) {
+                    var->addsKeyExclusion(i.get());
+                }
+            }
+            if (!doNotAdd) {
+                newNewList->push_back(std::move(var));
+            }
+        }
+        $$ = std::move(newNewList);
+      }
+    ;
+
+variables_pre_process:
    variables_may_be_quoted
      {
        $$ = std::move($1);