github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 19:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using RunTimeString on setvar action

Browse Source
This commit is contained in:
Felipe Zimmerle
2018-01-27 21:34:39 -03:00
parent a6830c76f2
commit f17af95728
14 changed files with 7697 additions and 6942 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/variables/global.h
View File

@@ -23,6 +23,7 @@
#define SRC_VARIABLES_GLOBAL_H_
#include "src/variables/variable.h"
#include "src/run_time_string.h"
namespace modsecurity {
@@ -79,6 +80,23 @@ class Global_DictElementRegexp : public Variable {
};
class Global_DynamicElement : public Variable {
public:
explicit Global_DynamicElement(std::unique_ptr<RunTimeString> dictElement)
: Variable("GLOBAL:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("GLOBAL:" + string, "GLOBAL", l);
}
std::unique_ptr<RunTimeString> m_string;
};
} // namespace Variables
} // namespace modsecurity

18
src/variables/ip.h
View File

@@ -23,6 +23,7 @@
#define SRC_VARIABLES_IP_H_
#include "src/variables/variable.h"
#include "src/run_time_string.h"
namespace modsecurity {
@@ -78,6 +79,23 @@ class Ip_DictElementRegexp : public Variable {
};
class Ip_DynamicElement : public Variable {
public:
explicit Ip_DynamicElement(std::unique_ptr<RunTimeString> dictElement)
: Variable("IP:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("IP:" + string, "IP", l);
}
std::unique_ptr<RunTimeString> m_string;
};
} // namespace Variables
} // namespace modsecurity

18
src/variables/resource.h
View File

@@ -23,6 +23,7 @@
#define SRC_VARIABLES_RESOURCE_H_
#include "src/variables/variable.h"
#include "src/run_time_string.h"
namespace modsecurity {
@@ -80,6 +81,23 @@ class Resource_DictElementRegexp : public Variable {
};
class Resource_DynamicElement : public Variable {
public:
explicit Resource_DynamicElement(std::unique_ptr<RunTimeString> dictElement)
: Variable("RESOURCE:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("RESOURCE:" + string, "RESOURCE", l);
}
std::unique_ptr<RunTimeString> m_string;
};
} // namespace Variables
} // namespace modsecurity

18
src/variables/session.h
View File

@@ -23,6 +23,7 @@
#define SRC_VARIABLES_SESSION_H_
#include "src/variables/variable.h"
#include "src/run_time_string.h"
namespace modsecurity {
@@ -80,6 +81,23 @@ class Session_DictElementRegexp : public Variable {
};
class Session_DynamicElement : public Variable {
public:
explicit Session_DynamicElement(std::unique_ptr<RunTimeString> dictElement)
: Variable("SESSION:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("SESSION:" + string, "SESSION", l);
}
std::unique_ptr<RunTimeString> m_string;
};
} // namespace Variables
} // namespace modsecurity

18
src/variables/tx.h
View File

@@ -23,6 +23,7 @@
#define SRC_VARIABLES_TX_H_
#include "src/variables/variable.h"
#include "src/run_time_string.h"
namespace modsecurity {
@@ -78,6 +79,23 @@ class Tx_DictElementRegexp : public Variable {
};
class Tx_DynamicElement : public Variable {
public:
explicit Tx_DynamicElement(std::unique_ptr<RunTimeString> dictElement)
: Variable("TX:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("TX:" + string, "TX", l);
}
std::unique_ptr<RunTimeString> m_string;
};
} // namespace Variables
} // namespace modsecurity

104
src/variables/user.h Normal file
View File

@@ -0,0 +1,104 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_USER_H_
#define SRC_VARIABLES_USER_H_
#include "src/variables/variable.h"
#include "src/run_time_string.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class User_DictElement : public Variable {
public:
explicit User_DictElement(std::string dictElement)
: Variable("USER"),
m_dictElement("USER:" + dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement,
"USER", transaction->m_rules->m_secWebAppId.m_value, l);
}
std::string m_dictElement;
};
class User_NoDictElement : public Variable {
public:
User_NoDictElement()
: Variable("USER") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "USER",
transaction->m_rules->m_secWebAppId.m_value, l);
}
};
class User_DictElementRegexp : public Variable {
public:
explicit User_DictElementRegexp(std::string dictElement)
: Variable("USER"),
m_r(dictElement),
m_dictElement("USER:" + dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"USER", transaction->m_rules->m_secWebAppId.m_value, l);
}
Utils::Regex m_r;
std::string m_dictElement;
};
class User_DynamicElement : public Variable {
public:
explicit User_DynamicElement(std::unique_ptr<RunTimeString> dictElement)
: Variable("USER:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("USER:" + string, "USER", l);
}
std::unique_ptr<RunTimeString> m_string;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_USER_H_

5
src/variables/variable.cc
View File

@@ -39,7 +39,7 @@ Variable::Variable(std::string name)
std::string name = std::string(m_name, m_name.find(":") + 1,
m_name.size());
if (col == "TX" || col == "IP" || col == "GLOBAL"
|| col == "RESOURCE" || col == "SESSION") {
|| col == "RESOURCE" || col == "SESSION" || col == "USER") {
m_collectionName = col;
}
if ((name.at(0) == '\\') || (name.at(0) == '/')) {
@@ -66,6 +66,9 @@ Variable::Variable(std::string name)
} else if (utils::string::tolower(m_name) == "session") {
m_collectionName = "SESSION";
m_type = MultipleMatches;
} else if (utils::string::tolower(m_name) == "user") {
m_collectionName = "USER";
m_type = MultipleMatches;
} else if (m_name.find(".") != std::string::npos) {
m_kind = CollectionVarible;
m_collectionName = std::string(m_name, 0, m_name.find("."));