mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 03:34:29 +03:00
Handling key exceptions on the variable itself
This is the first step towords to solve #1697
This commit is contained in:
Felipe Zimmerle
@@ -53,7 +53,7 @@ class Args_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgs.resolve(l);
|
||||
transaction->m_variableArgs.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -68,7 +68,8 @@ class Args_DictElementRegexp : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgs.resolveRegularExpression(&m_r, l);
|
||||
transaction->m_variableArgs.resolveRegularExpression(&m_r, l,
|
||||
m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class ArgsGet_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsGet.resolve(l);
|
||||
transaction->m_variableArgsGet.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,8 @@ class ArgsGet_DictElementRegexp : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsGet.resolveRegularExpression(&m_r, l);
|
||||
transaction->m_variableArgsGet.resolveRegularExpression(&m_r, l,
|
||||
m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class ArgsGetNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsGetNames.resolve(l);
|
||||
transaction->m_variableArgsGetNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,7 @@ class ArgsGetNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsGetNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class ArgsNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsNames.resolve(l);
|
||||
transaction->m_variableArgsNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,7 @@ class ArgsNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class ArgsPost_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsPost.resolve(l);
|
||||
transaction->m_variableArgsPost.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,8 @@ class ArgsPost_DictElementRegexp : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsPost.resolveRegularExpression(&m_r, l);
|
||||
transaction->m_variableArgsPost.resolveRegularExpression(&m_r, l,
|
||||
m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class ArgsPostNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsPostNames.resolve(l);
|
||||
transaction->m_variableArgsPostNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,7 @@ class ArgsPostNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableArgsPostNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -51,7 +51,10 @@ void Env::evaluate(Transaction *transaction,
|
||||
if (x.first != m_name && m_name.length() > 0) {
|
||||
continue;
|
||||
}
|
||||
l->push_back(new VariableValue(&m_collectionName, &x.first, &x.second));
|
||||
if (!m_keyExclusion.toOmit(x.first)) {
|
||||
l->push_back(new VariableValue(&m_collectionName, &x.first,
|
||||
&x.second));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -38,7 +38,6 @@ class Env : public Variable {
|
||||
std::vector<const VariableValue *> *l) override;
|
||||
};
|
||||
|
||||
|
||||
} // namespace Variables
|
||||
} // namespace modsecurity
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ class Files_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFiles.resolve(l);
|
||||
transaction->m_variableFiles.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class Files_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFiles.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class FilesNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesNames.resolve(l);
|
||||
transaction->m_variableFilesNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -70,7 +70,7 @@ class FilesNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class FilesSizes_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesSizes.resolve(l);
|
||||
transaction->m_variableFilesSizes.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class FilesSizes_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesSizes.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class FilesTmpContent_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesTmpContent.resolve(l);
|
||||
transaction->m_variableFilesTmpContent.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class FilesTmpContent_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesTmpContent.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class FilesTmpNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesTmpNames.resolve(l);
|
||||
transaction->m_variableFilesTmpNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -68,7 +68,7 @@ class FilesTmpNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableFilesTmpNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class Geo_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableGeo.resolve(l);
|
||||
transaction->m_variableGeo.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class Geo_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableGeo.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -14,10 +14,11 @@
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#ifndef SRC_VARIABLES_GLOBAL_H_
|
||||
#define SRC_VARIABLES_GLOBAL_H_
|
||||
@@ -42,7 +43,7 @@ class Global_DictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_global_collection->resolveMultiMatches(
|
||||
m_name, t->m_collections.m_global_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -59,7 +60,7 @@ class Global_NoDictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_global_collection->resolveMultiMatches("",
|
||||
t->m_collections.m_global_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -77,7 +78,7 @@ class Global_DictElementRegexp : public Variable {
|
||||
t->m_collections.m_global_collection->resolveRegularExpression(
|
||||
m_dictElement,
|
||||
t->m_collections.m_global_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
@@ -98,8 +99,7 @@ class Global_DynamicElement : public Variable {
|
||||
t->m_collections.m_global_collection->resolveMultiMatches(
|
||||
string,
|
||||
t->m_collections.m_global_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
void del(Transaction *t, std::string k) {
|
||||
|
||||
@@ -14,10 +14,11 @@
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#ifndef SRC_VARIABLES_IP_H_
|
||||
#define SRC_VARIABLES_IP_H_
|
||||
@@ -42,7 +43,7 @@ class Ip_DictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_ip_collection->resolveMultiMatches(
|
||||
m_name, t->m_collections.m_ip_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -59,7 +60,7 @@ class Ip_NoDictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_ip_collection->resolveMultiMatches("",
|
||||
t->m_collections.m_ip_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -74,9 +75,9 @@ class Ip_DictElementRegexp : public Variable {
|
||||
void evaluate(Transaction *t,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_ip_collection->resolveRegularExpression(m_dictElement,
|
||||
t->m_collections.m_ip_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_collections.m_ip_collection->resolveRegularExpression(
|
||||
m_dictElement, t->m_collections.m_ip_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
@@ -97,7 +98,7 @@ class Ip_DynamicElement : public Variable {
|
||||
t->m_collections.m_ip_collection->resolveMultiMatches(
|
||||
string,
|
||||
t->m_collections.m_ip_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
void del(Transaction *t, std::string k) {
|
||||
|
||||
@@ -54,7 +54,7 @@ class MatchedVars_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMatchedVars.resolve(l);
|
||||
transaction->m_variableMatchedVars.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class MatchedVars_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMatchedVars.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class MatchedVarsNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMatchedVarsNames.resolve(l);
|
||||
transaction->m_variableMatchedVarsNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class MatchedVarsNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMatchedVarsNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class MultiPartFileName_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMultipartFileName.resolve(l);
|
||||
transaction->m_variableMultipartFileName.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class MultiPartFileName_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMultipartFileName.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class MultiPartName_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMultipartName.resolve(l);
|
||||
transaction->m_variableMultipartName.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class MultiPartName_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableMultipartName.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class RequestCookies_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestCookies.resolve(l);
|
||||
transaction->m_variableRequestCookies.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -63,13 +63,15 @@ class RequestCookies_DictElementRegexp : public Variable {
|
||||
public:
|
||||
explicit RequestCookies_DictElementRegexp(std::string dictElement)
|
||||
: Variable("REQUEST_COOKIES:regex(" + dictElement + ")"),
|
||||
m_r(dictElement) { }
|
||||
m_r(dictElement) {
|
||||
m_regex = dictElement;
|
||||
}
|
||||
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestCookies.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class RequestCookiesNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestCookiesNames.resolve(l);
|
||||
transaction->m_variableRequestCookiesNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class RequestCookiesNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestCookiesNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -54,7 +54,7 @@ class RequestHeaders_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestHeaders.resolve(l);
|
||||
transaction->m_variableRequestHeaders.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class RequestHeaders_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestHeaders.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class RequestHeadersNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestHeadersNames.resolve(l);
|
||||
transaction->m_variableRequestHeadersNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,7 @@ class RequestHeadersNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRequestHeadersNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -14,10 +14,11 @@
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#ifndef SRC_VARIABLES_RESOURCE_H_
|
||||
#define SRC_VARIABLES_RESOURCE_H_
|
||||
@@ -42,7 +43,7 @@ class Resource_DictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_resource_collection->resolveMultiMatches(
|
||||
m_name, t->m_collections.m_resource_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -59,7 +60,7 @@ class Resource_NoDictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_resource_collection->resolveMultiMatches(m_name,
|
||||
t->m_collections.m_resource_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -76,7 +77,7 @@ class Resource_DictElementRegexp : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_resource_collection->resolveRegularExpression(
|
||||
m_dictElement, t->m_collections.m_resource_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
@@ -97,7 +98,7 @@ class Resource_DynamicElement : public Variable {
|
||||
t->m_collections.m_resource_collection->resolveMultiMatches(
|
||||
string,
|
||||
t->m_collections.m_resource_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
void del(Transaction *t, std::string k) {
|
||||
|
||||
@@ -54,7 +54,7 @@ class ResponseHeaders_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableResponseHeaders.resolve(l);
|
||||
transaction->m_variableResponseHeaders.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -69,7 +69,7 @@ class ResponseHeaders_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableResponseHeaders.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -53,7 +53,7 @@ class ResponseHeadersNames_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableResponseHeadersNames.resolve(l);
|
||||
transaction->m_variableResponseHeadersNames.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,7 @@ class ResponseHeadersNames_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableResponseHeadersNames.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -52,7 +52,7 @@ class Rule_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *transaction,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRule.resolve(l);
|
||||
transaction->m_variableRule.resolve(l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -67,7 +67,7 @@ class Rule_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
transaction->m_variableRule.resolveRegularExpression(
|
||||
&m_r, l);
|
||||
&m_r, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
|
||||
@@ -14,10 +14,11 @@
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#ifndef SRC_VARIABLES_SESSION_H_
|
||||
#define SRC_VARIABLES_SESSION_H_
|
||||
@@ -42,7 +43,7 @@ class Session_DictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_session_collection->resolveMultiMatches(
|
||||
m_name, t->m_collections.m_session_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -59,7 +60,7 @@ class Session_NoDictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_session_collection->resolveMultiMatches("",
|
||||
t->m_collections.m_session_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -74,9 +75,9 @@ class Session_DictElementRegexp : public Variable {
|
||||
void evaluate(Transaction *t,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_session_collection->resolveRegularExpression(m_dictElement,
|
||||
t->m_collections.m_session_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_collections.m_session_collection->resolveRegularExpression(
|
||||
m_dictElement, t->m_collections.m_session_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
@@ -97,7 +98,7 @@ class Session_DynamicElement : public Variable {
|
||||
t->m_collections.m_session_collection->resolveMultiMatches(
|
||||
string,
|
||||
t->m_collections.m_session_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
void del(Transaction *t, std::string k) {
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <utility>
|
||||
#include <memory>
|
||||
|
||||
#ifndef SRC_VARIABLES_TX_H_
|
||||
#define SRC_VARIABLES_TX_H_
|
||||
@@ -41,7 +42,7 @@ class Tx_DictElement : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_tx_collection->resolveMultiMatches(
|
||||
m_name, l);
|
||||
m_name, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -56,7 +57,8 @@ class Tx_NoDictElement : public Variable {
|
||||
void evaluate(Transaction *t,
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_tx_collection->resolveMultiMatches("", l);
|
||||
t->m_collections.m_tx_collection->resolveMultiMatches("", l,
|
||||
m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -72,7 +74,7 @@ class Tx_DictElementRegexp : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_tx_collection->resolveRegularExpression(
|
||||
m_dictElement, l);
|
||||
m_dictElement, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
@@ -90,7 +92,8 @@ class Tx_DynamicElement : public Variable {
|
||||
Rule *rule,
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
std::string string = m_string->evaluate(t);
|
||||
t->m_collections.m_tx_collection->resolveMultiMatches(string, l);
|
||||
t->m_collections.m_tx_collection->resolveMultiMatches(string, l,
|
||||
m_keyExclusion);
|
||||
}
|
||||
|
||||
void del(Transaction *t, std::string k) {
|
||||
|
||||
@@ -14,10 +14,11 @@
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#ifndef SRC_VARIABLES_USER_H_
|
||||
#define SRC_VARIABLES_USER_H_
|
||||
@@ -42,7 +43,7 @@ class User_DictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_user_collection->resolveMultiMatches(
|
||||
m_name, t->m_collections.m_user_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
std::string m_dictElement;
|
||||
@@ -59,7 +60,7 @@ class User_NoDictElement : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_user_collection->resolveMultiMatches(m_name,
|
||||
t->m_collections.m_user_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -76,7 +77,7 @@ class User_DictElementRegexp : public Variable {
|
||||
std::vector<const VariableValue *> *l) override {
|
||||
t->m_collections.m_user_collection->resolveRegularExpression(
|
||||
m_dictElement, t->m_collections.m_user_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
Utils::Regex m_r;
|
||||
@@ -97,7 +98,7 @@ class User_DynamicElement : public Variable {
|
||||
t->m_collections.m_user_collection->resolveMultiMatches(
|
||||
string,
|
||||
t->m_collections.m_user_collection_key,
|
||||
t->m_rules->m_secWebAppId.m_value, l);
|
||||
t->m_rules->m_secWebAppId.m_value, l, m_keyExclusion);
|
||||
}
|
||||
|
||||
void del(Transaction *t, std::string k) {
|
||||
|
||||
@@ -32,7 +32,8 @@ Variable::Variable(std::string name)
|
||||
: m_name(name),
|
||||
m_collectionName(""),
|
||||
m_isExclusion(false),
|
||||
m_isCount(false) {
|
||||
m_isCount(false),
|
||||
m_regex("") {
|
||||
size_t a = m_name.find(":");
|
||||
if (a == std::string::npos) {
|
||||
a = m_name.find(".");
|
||||
@@ -40,7 +41,8 @@ Variable::Variable(std::string name)
|
||||
if (a != std::string::npos) {
|
||||
m_collectionName = utils::string::toupper(std::string(m_name, 0, a));
|
||||
m_name = std::string(m_name, a + 1, m_name.size());
|
||||
m_fullName = std::make_shared<std::string>(m_collectionName + ":" + m_name);
|
||||
m_fullName = std::make_shared<std::string>(m_collectionName
|
||||
+ ":" + m_name);
|
||||
} else {
|
||||
m_fullName = std::make_shared<std::string>(m_name);
|
||||
m_collectionName = m_name;
|
||||
@@ -49,6 +51,9 @@ Variable::Variable(std::string name)
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
std::string Variable::to_s(
|
||||
std::vector<Variable *> *variables) {
|
||||
std::string ret;
|
||||
|
||||
@@ -13,12 +13,12 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <utility>
|
||||
#include <memory>
|
||||
#include <exception>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/rule.h"
|
||||
@@ -35,6 +35,55 @@ class Transaction;
|
||||
namespace Variables {
|
||||
|
||||
|
||||
class KeyExclusion {
|
||||
public:
|
||||
virtual bool match(std::string &a) = 0;
|
||||
};
|
||||
|
||||
|
||||
// FIXME: use pre built regex.
|
||||
class KeyExclusionRegex : public KeyExclusion {
|
||||
public:
|
||||
KeyExclusionRegex(std::string &re)
|
||||
: m_re(re) { };
|
||||
|
||||
bool match(std::string &a) override {
|
||||
return m_re.searchAll(a).size() > 0;
|
||||
}
|
||||
|
||||
Utils::Regex m_re;
|
||||
};
|
||||
|
||||
|
||||
class KeyExclusionString : public KeyExclusion {
|
||||
public:
|
||||
KeyExclusionString(std::string &a)
|
||||
: m_key(utils::string::toupper(a)) { };
|
||||
|
||||
bool match(std::string &a) override {
|
||||
return a.size() == m_key.size() && std::equal(a.begin(), a.end(), m_key.begin(),
|
||||
[](char aa, char bb) {
|
||||
return (char) toupper(aa) == (char) bb;
|
||||
});
|
||||
}
|
||||
|
||||
std::string m_key;
|
||||
};
|
||||
|
||||
|
||||
class KeyExclusions : public std::deque<std::unique_ptr<KeyExclusion>> {
|
||||
public:
|
||||
bool toOmit(std::string a) {
|
||||
for (auto &z : *this) {
|
||||
if (z->match(a)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
class Variable {
|
||||
public:
|
||||
explicit Variable(std::string _name);
|
||||
@@ -54,6 +103,34 @@ class Variable {
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
bool inline belongsToCollection(Variable *var) {
|
||||
return m_collectionName.size() == var->m_collectionName.size()
|
||||
&& std::equal(m_collectionName.begin(), m_collectionName.end(), var->m_collectionName.begin(),
|
||||
[](char aa, char bb) {
|
||||
return toupper(aa) == bb;
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
void inline addsKeyExclusion(Variable *v) {
|
||||
if (v->m_regex.empty()) {
|
||||
std::unique_ptr<KeyExclusion> r(new KeyExclusionString(v->m_name));
|
||||
m_keyExclusion.push_back(std::move(r));
|
||||
} else {
|
||||
std::unique_ptr<KeyExclusion> r(new KeyExclusionRegex(v->m_regex));
|
||||
m_keyExclusion.push_back(std::move(r));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
bool operator==(const Variable& b) {
|
||||
return m_collectionName == b.m_collectionName &&
|
||||
m_name == b.m_name &&
|
||||
*m_fullName == *b.m_fullName;
|
||||
}
|
||||
|
||||
|
||||
static void stringMatchResolveMulti(Transaction *t,
|
||||
const std::string &variable,
|
||||
std::vector<const VariableValue *> *l) {
|
||||
@@ -425,6 +502,9 @@ class Variable {
|
||||
std::string m_name;
|
||||
std::string m_collectionName;
|
||||
std::shared_ptr<std::string> m_fullName;
|
||||
std::string m_regex;
|
||||
|
||||
KeyExclusions m_keyExclusion;
|
||||
|
||||
bool m_isExclusion;
|
||||
bool m_isCount;
|
||||
@@ -437,6 +517,7 @@ class VariableModificatorExclusion : public Variable {
|
||||
: Variable(*var->m_fullName.get()),
|
||||
m_var(std::move(var)) {
|
||||
m_isExclusion = true;
|
||||
m_regex = m_var->m_regex;
|
||||
}
|
||||
|
||||
void evaluate(Transaction *t,
|
||||
|
||||
@@ -137,8 +137,10 @@ void XML::evaluate(Transaction *t,
|
||||
std::string *a = new std::string(content);
|
||||
VariableValue *var = new VariableValue(m_fullName,
|
||||
a);
|
||||
if (!m_keyExclusion.toOmit(*m_fullName)) {
|
||||
l->push_back(var);
|
||||
}
|
||||
delete a;
|
||||
l->push_back(var);
|
||||
xmlFree(content);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user