github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Extends the direct access model to other collections

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-01-26 23:13:38 -03:00 committed by Felipe Zimmerle
parent ca24b6bb06
commit f2d149fc5f
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
157 changed files with 7711 additions and 4959 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
headers/modsecurity/anchored_set_variable.h Normal file
View File

@ -0,0 +1,100 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <list>
#include <map>
#include <sstream>
#include <string>
#include <unordered_map>
#include <utility>
#include <vector>
#include <vector>
#include <algorithm>
#include <iostream>
#endif
#include "modsecurity/collection/variable.h"
#ifndef HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_
#define HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
namespace Utils {
class Regex;
}
struct MyEqual {
bool operator()(const std::string& Left, const std::string& Right) const {
return Left.size() == Right.size()
&& std::equal(Left.begin(), Left.end(), Right.begin(),
[](char a, char b) {
return tolower(a) == tolower(b);
});
}
};
struct MyHash{
size_t operator()(const std::string& Keyval) const {
// You might need a better hash function than this
size_t h = 0;
std::for_each(Keyval.begin(), Keyval.end(), [&](char c) {
h += tolower(c);
});
return h;
}
};
class AnchoredSetVariable : public std::unordered_multimap<std::string, collection::Variable *,
MyHash, MyEqual> {
public:
AnchoredSetVariable(Transaction *t, std::string name);
~AnchoredSetVariable();
void unset();
void set(const std::string &key, const std::string &value,
size_t offset);
void resolve(std::vector<const collection::Variable *> *l);
void resolve(const std::string &key,
std::vector<const collection::Variable *> *l);
void resolveRegularExpression(Utils::Regex *r,
std::vector<const collection::Variable *> *l);
std::unique_ptr<std::string> resolveFirst(const std::string &key);
Transaction *m_transaction;
std::string m_name;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_

68
headers/modsecurity/anchored_variable.h Normal file
View File

@ -0,0 +1,68 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <list>
#include <map>
#include <sstream>
#include <string>
#include <unordered_map>
#include <utility>
#include <vector>
#endif
#include "modsecurity/collection/variable.h"
#ifndef HEADERS_MODSECURITY_ANCHORED_VARIABLE_H_
#define HEADERS_MODSECURITY_ANCHORED_VARIABLE_H_
#ifdef __cplusplus
namespace modsecurity {
class Transaction;
class AnchoredVariable {
public:
AnchoredVariable(Transaction* t, std::__cxx11::string name);
~AnchoredVariable();
void unset();
void set(const std::string &a, size_t offset);
void append(const std::string &a, size_t offset,
bool spaceSeparator = false);
void evaluate(std::vector<const collection::Variable *> *l);
std::string * evaluate();
std::unique_ptr<std::string> resolveFirst();
Transaction *m_transaction;
collection::Variable *m_var;
int m_offset;
std::string m_name;
std::string m_value;
};
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_ANCHORED_SET_VARIABLE_H_

4
headers/modsecurity/collection/collection.h
View File

@ -50,7 +50,7 @@ class Collection {
virtual void del(const std::string& key) = 0;
virtual std::string* resolveFirst(const std::string& var) = 0;
virtual std::unique_ptr<std::string> resolveFirst(const std::string& var) = 0;
virtual void resolveSingleMatch(const std::string& var,
std::vector<const Variable *> *l) = 0;
@ -83,7 +83,7 @@ class Collection {
del(nkey);
}
virtual std::string* resolveFirst(const std::string& var,
virtual std::unique_ptr<std::string> resolveFirst(const std::string& var,
std::string compartment) {
std::string nkey = compartment + "::" + var;
return resolveFirst(nkey);

4
headers/modsecurity/collection/collections.h
View File

@ -56,8 +56,8 @@ class Collections :
bool storeOrUpdateFirst(const std::string &key, const std::string &value);
bool updateFirst(const std::string &key, const std::string &value);
void del(const std::string& key);
std::string* resolveFirst(const std::string& var);
std::string* resolveFirst(const std::string& collectionName,
std::unique_ptr<std::string> resolveFirst(const std::string& var);
std::unique_ptr<std::string> resolveFirst(const std::string& collectionName,
const std::string& var);
void resolveSingleMatch(const std::string& var,

6
headers/modsecurity/collection/variable.h
View File

@ -40,22 +40,28 @@ class Variable {
m_key(key),
m_value(),
m_dynamic_value(false),
m_dynamic_key(false),
m_dynamic(true) { }
Variable(const std::string *key, const std::string *value) :
m_key(key),
m_value(value),
m_dynamic_value(false),
m_dynamic_key(false),
m_dynamic(true) { }
~Variable() {
if (m_dynamic_value) {
delete m_value;
}
if (m_dynamic_key) {
delete m_key;
}
}
const std::string *m_key;
const std::string *m_value;
bool m_dynamic_value;
bool m_dynamic_key;
bool m_dynamic;
std::list<std::unique_ptr<VariableOrigin>> m_orign;
};

44
headers/modsecurity/rule.h
View File

@ -48,12 +48,12 @@ class Rule {
std::vector<actions::Action *> *_actions,
std::string fileName,
int lineNumber);
explicit Rule(std::string marker);
Rule(std::__cxx11::string marker);
~Rule();
bool evaluate(Transaction *transaction);
bool evaluateActions(Transaction *transaction);
std::vector<const collection::Variable *> getFinalVars(Transaction *trasn);
std::vector<std::unique_ptr<collection::Variable>> getFinalVars(Transaction *trasn);
void executeActionsAfterFullMatch(Transaction *trasn,
bool containsDisruptive, RuleMessage *ruleMessage);
std::list<
@ -73,22 +73,10 @@ class Rule {
void cleanMatchedVars(Transaction *trasn);
void updateRulesVariable(Transaction *trasn);
operators::Operator *op;
std::vector<actions::Action *> m_actionsConf;
std::vector<actions::Action *> m_actionsRuntimePre;
std::vector<actions::Action *> m_actionsRuntimePos;
std::vector<std::string> getActionNames();
std::vector<actions::Action *> getActionsByName(const std::string& name);
bool containsTag(const std::string& name, Transaction *t);
std::vector<Variables::Variable *> *variables;
int phase;
long rule_id;
Rule *chainedRule;
bool chained;
int refCountDecreaseAndCheck() {
m_referenceCount--;
@ -99,22 +87,30 @@ class Rule {
return 0;
}
void refCountIncrease() {
m_referenceCount++;
}
std::string m_rev;
std::string m_ver;
std::string m_marker;
bool m_secmarker;
int m_accuracy;
std::vector<actions::Action *> m_actionsConf;
std::vector<actions::Action *> m_actionsRuntimePos;
std::vector<actions::Action *> m_actionsRuntimePre;
bool m_chained;
Rule *m_chainedRule;
std::string m_fileName;
int m_lineNumber;
std::string m_log_data;
int m_accuracy;
std::string m_logData;
std::string m_marker;
int m_maturity;
operators::Operator *m_op;
int m_phase;
std::string m_rev;
long m_ruleId;
bool m_secMarker;
std::vector<Variables::Variable *> *m_variables;
std::string m_ver;
private:
bool m_unconditional;
int m_referenceCount;
@ -126,5 +122,3 @@ class Rule {
#endif // HEADERS_MODSECURITY_RULE_H_

2
headers/modsecurity/rule_message.h
View File

@ -37,7 +37,7 @@ class RuleMessage {
explicit RuleMessage(Rule *rule) :
m_ruleFile(rule->m_fileName),
m_ruleLine(rule->m_lineNumber),
m_ruleId(rule->rule_id),
m_ruleId(rule->m_ruleId),
m_rev(rule->m_rev),
m_accuracy(rule->m_accuracy),
m_message(std::string("")),

8
headers/modsecurity/rules_properties.h
View File

@ -390,12 +390,12 @@ class RulesProperties {
Rule *rule = rules_from->at(j);
for (int z = 0; z < rules_to->size(); z++) {
Rule *rule_ckc = rules_to->at(z);
if (rule_ckc->rule_id == rule->rule_id &&
rule_ckc->m_secmarker == false &&
rule->m_secmarker == false) {
if (rule_ckc->m_ruleId == rule->m_ruleId &&
rule_ckc->m_secMarker == false &&
rule->m_secMarker == false) {
if (err != NULL) {
*err << "Rule id: " \
<< std::to_string(rule->rule_id) \
<< std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;

179
headers/modsecurity/transaction.h
View File

@ -40,12 +40,15 @@ typedef struct Transaction_t Transaction;
typedef struct Rules_t Rules;
#endif
#include "modsecurity/anchored_set_variable.h"
#include "modsecurity/anchored_variable.h"
#include "modsecurity/intervention.h"
#include "modsecurity/collection/collections.h"
#include "modsecurity/collection/variable.h"
#include "modsecurity/collection/collection.h"
#include "modsecurity/variable_origin.h"
#define LOGFY_ADD(a, b) \
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
if (b == NULL) { \
@ -88,142 +91,6 @@ class Operator;
}
struct MyEqual {
bool operator()(const std::string& Left, const std::string& Right) const {
return Left.size() == Right.size()
&& std::equal(Left.begin(), Left.end(), Right.begin(),
[](char a, char b) {
return tolower(a) == tolower(b);
});
}
};
struct MyHash{
size_t operator()(const std::string& Keyval) const {
// You might need a better hash function than this
size_t h = 0;
std::for_each(Keyval.begin(), Keyval.end(), [&](char c) {
h += tolower(c);
});
return h;
}
};
class AnchoredSetVariable : public std::unordered_multimap<std::string,
collection::Variable *, MyHash, MyEqual> {
public:
AnchoredSetVariable(Transaction *t, std::string name)
: m_name(""),
m_transaction(t) {
m_name.append(name);
}
~AnchoredSetVariable() {
for (const auto& x : *this) {
collection::Variable *var = x.second;
delete var->m_key;
delete var;
}
}
void set(const std::string &key, const std::string &value,
size_t offset) {
std::string *v = new std::string(value);
std::string *k = new std::string(m_name + ":" + key);
collection::Variable *var = new collection::Variable(k, v);
var->m_dynamic_value = true;
var->m_dynamic = false;
emplace(key, var);
}
void resolve(std::vector<const collection::Variable *> *l) {
for (const auto& x : *this) {
l->insert(l->begin(), x.second);
}
}
void resolve(const std::string &key,
std::vector<const collection::Variable *> *l) {
auto range = this->equal_range(key);
for (auto it = range.first; it != range.second; ++it) {
l->push_back(it->second);
}
}
void resolveRegularExpression(const std::string &var,
std::vector<const collection::Variable *> *l);
Transaction *m_transaction;
std::string m_name;
};
class AnchoredVariable {
public:
AnchoredVariable(Transaction *t, std::string name)
: m_name(""),
m_transaction(t),
m_value("") {
m_name.append(name);
m_var = new collection::Variable(&m_name);
m_var->m_dynamic = false;
m_var->m_value = &m_value;
}
~AnchoredVariable() {
delete (m_var);
m_var = NULL;
}
void set(const std::string &a, size_t offset) {
std::unique_ptr<VariableOrigin> origin(
new VariableOrigin());
m_offset = offset;
m_value.assign(a.c_str(), a.size());
origin->m_offset = offset;
origin->m_length = m_value.size();
m_var->m_orign.push_back(std::move(origin));
}
void append(const std::string &a, size_t offset,
bool spaceSeparator = false) {
std::unique_ptr<VariableOrigin> origin(
new VariableOrigin());
if (spaceSeparator && !m_value.empty()) {
m_value.append(" " + a);
} else {
m_value.append(a);
}
m_offset = offset;
origin->m_offset = offset;
origin->m_length = a.size();
m_var->m_orign.push_back(std::move(origin));
}
void evaluate(std::vector<const collection::Variable *> *l) {
if (m_name.empty() || m_var->m_key == NULL
|| m_var->m_value == NULL || m_var->m_key->empty()) {
return;
}
l->push_back(m_var);
}
std::string *evaluate() {
if (m_value.empty() == true) {
return NULL;
}
return &m_value;
}
int m_offset;
std::string m_value;
Transaction *m_transaction;
std::string m_name;
collection::Variable *m_var;
};
class TransactionAnchoredVariables {
public:
explicit TransactionAnchoredVariables(Transaction *t)
@ -236,7 +103,6 @@ class TransactionAnchoredVariables {
m_variableARGScombinedSize(t, "ARGS_COMBINED_SIZE"),
m_variableAuthType(t, "AUTH_TYPE"),
m_variableFilesCombinedSize(t, "FILES_COMBINED_SIZE"),
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
m_variableFullRequest(t, "FULL_REQUEST"),
m_variableFullRequestLength(t, "FULL_REQUEST_LENGTH"),
m_variableInboundDataError(t, "INBOUND_DATA_ERROR"),
@ -285,8 +151,25 @@ class TransactionAnchoredVariables {
m_variableUniqueID(t, "UNIQUE_ID"),
m_variableUrlEncodedError(t, "URLENCODED_ERROR"),
m_variableUserID(t, "USERID"),
m_variableOffset(0),
m_variableArgs(t, "ARGS")
m_variableArgs(t, "ARGS"),
m_variableArgsGet(t, "ARGS_GET"),
m_variableArgsPost(t, "ARGS_POST"),
m_variableFilesSizes(t, "FILES_SIZES"),
m_variableFilesNames(t, "FILES_NAMES"),
m_variableFilesTmpContent(t, "FILES_TMP_CONTENT"),
m_variableMultiPartFileName(t, "MULTIPART_FILENAME"),
m_variableMultiPartName(t, "MULTIPART_NAME"),
m_variableMatchedVarsNames(t, "MATCHED_VARS_NAMES"),
m_variableMatchedVars(t, "MATCHED_VARS"),
m_variableFiles(t, "FILES"),
m_variableRequestCookies(t, "REQUEST_COOKIES"),
m_variableRequestHeaders(t, "REQUEST_HEADERS"),
m_variableResponseHeaders(t, "RESPONSE_HEADERS"),
m_variableGeo(t, "GEO"),
m_variableRequestCookiesNames(t, "REQUEST_COOKIES_NAMES"),
m_variableRule(t, "RULE"),
m_variableFilesTmpNames(t, "FILES_TMPNAMES"),
m_variableOffset(0)
{ }
AnchoredVariable m_variableArgsNames;
@ -298,7 +181,6 @@ class TransactionAnchoredVariables {
AnchoredVariable m_variableARGScombinedSize;
AnchoredVariable m_variableAuthType;
AnchoredVariable m_variableFilesCombinedSize;
AnchoredVariable m_variableFilesTmpNames;
AnchoredVariable m_variableFullRequest;
AnchoredVariable m_variableFullRequestLength;
AnchoredVariable m_variableInboundDataError;
@ -346,6 +228,23 @@ class TransactionAnchoredVariables {
AnchoredVariable m_variableUserID;
AnchoredSetVariable m_variableArgs;
AnchoredSetVariable m_variableArgsGet;
AnchoredSetVariable m_variableArgsPost;
AnchoredSetVariable m_variableFilesSizes;
AnchoredSetVariable m_variableFilesNames;
AnchoredSetVariable m_variableFilesTmpContent;
AnchoredSetVariable m_variableMultiPartFileName;
AnchoredSetVariable m_variableMultiPartName;
AnchoredSetVariable m_variableMatchedVarsNames;
AnchoredSetVariable m_variableMatchedVars;
AnchoredSetVariable m_variableFiles;
AnchoredSetVariable m_variableRequestCookies;
AnchoredSetVariable m_variableRequestHeaders;
AnchoredSetVariable m_variableResponseHeaders;
AnchoredSetVariable m_variableGeo;
AnchoredSetVariable m_variableRequestCookiesNames;
AnchoredSetVariable m_variableRule;
AnchoredSetVariable m_variableFilesTmpNames;
int m_variableOffset;
};

16
src/Makefile.am
View File

@ -24,16 +24,19 @@ MAINTAINERCLEANFILES = \
pkginclude_HEADERS = \
../headers/modsecurity/transaction.h \
../headers/modsecurity/debug_log.h \
../headers/modsecurity/anchored_set_variable.h \
../headers/modsecurity/anchored_variable.h \
../headers/modsecurity/audit_log.h \
../headers/modsecurity/debug_log.h \
../headers/modsecurity/intervention.h \
../headers/modsecurity/modsecurity.h \
../headers/modsecurity/rule.h \
../headers/modsecurity/rule_message.h \
../headers/modsecurity/rules.h \
../headers/modsecurity/rules_exceptions.h \
../headers/modsecurity/rules_properties.h \
../headers/modsecurity/rules_exceptions.h
../headers/modsecurity/transaction.h \
../headers/modsecurity/variable_origin.h
@ -61,7 +64,6 @@ noinst_HEADERS = \
request_body_processor/*.h \
utils/*.h \
variables/*.h \
variables/variations/*.h \
*.h
@ -82,10 +84,7 @@ VARIABLES = \
variables/time_year.cc \
variables/tx.cc \
variables/variable.cc \
variables/variations/count.cc \
variables/variations/exclusion.cc \
variables/xml.cc \
variables/rule.cc
variables/xml.cc
ACTIONS = \
@ -243,6 +242,7 @@ libmodsecurity_la_SOURCES = \
parser/driver.cc \
transaction.cc \
anchored_set_variable.cc \
anchored_variable.cc \
audit_log/audit_log.cc \
audit_log/writer/writer.cc \
audit_log/writer/https.cc \

2
src/actions/chain.cc
View File

@ -26,7 +26,7 @@ namespace actions {
bool Chain::evaluate(Rule *rule, Transaction *transaction) {
rule->chained = true;
rule->m_chained = true;
return true;
}

2
src/actions/disruptive/block.cc
View File

@ -32,7 +32,7 @@ namespace disruptive {
bool Block::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
transaction->debug(8, "Marking request as disruptive.");
for (Action *a : transaction->m_rules->m_defaultActions[rule->phase]) {
for (Action *a : transaction->m_rules->m_defaultActions[rule->m_phase]) {
if (a->isDisruptive() == false) {
continue;
}

2
src/actions/disruptive/deny.cc
View File

@ -39,7 +39,7 @@ bool Deny::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
log.append("Access denied with code %d");
log.append(" (phase ");
log.append(std::to_string(rm->m_rule->phase - 1) + "). ");
log.append(std::to_string(rm->m_rule->m_phase - 1) + "). ");
transaction->m_it.disruptive = true;
intervention::freeLog(&transaction->m_it);

2
src/actions/disruptive/redirect.cc
View File

@ -46,7 +46,7 @@ bool Redirect::evaluate(Rule *rule, Transaction *transaction,
}
log.append("Access denied with code %d");
log.append(" (phase ");
log.append(std::to_string(rm->m_rule->phase - 1) + "). ");
log.append(std::to_string(rm->m_rule->m_phase - 1) + "). ");
intervention::freeUrl(&transaction->m_it);
transaction->m_it.url = strdup(m_urlExpanded.c_str());

2
src/actions/phase.cc
View File

@ -80,7 +80,7 @@ bool Phase::init(std::string *error) {
bool Phase::evaluate(Rule *rule, Transaction *transaction) {
rule->phase = m_phase;
rule->m_phase = m_phase;
return true;
}

2
src/actions/rule_id.cc
View File

@ -49,7 +49,7 @@ bool RuleId::init(std::string *error) {
bool RuleId::evaluate(Rule *rule, Transaction *transaction) {
rule->rule_id = m_ruleId;
rule->m_ruleId = m_ruleId;
return true;
}

2
src/actions/set_var.cc
View File

@ -128,7 +128,7 @@ bool SetVar::evaluate(Rule *rule, Transaction *transm_parser_payload) {
}
try {
std::string *resolvedValue =
std::unique_ptr<std::string> resolvedValue =
transm_parser_payload->m_collections.resolveFirst(
m_collectionName,
m_variableNameExpanded);

68
src/anchored_set_variable.cc
View File

@ -13,7 +13,7 @@
*
*/
#include "modsecurity/transaction.h"
#include "modsecurity/anchored_set_variable.h"
#include <ctime>
#include <iostream>
@ -28,9 +28,70 @@
namespace modsecurity {
void AnchoredSetVariable::resolveRegularExpression(const std::string &var,
AnchoredSetVariable::AnchoredSetVariable(Transaction *t, std::string name)
: m_transaction(t),
m_name(name) { }
AnchoredSetVariable::~AnchoredSetVariable() {
unset();
}
void AnchoredSetVariable::unset() {
for (const auto& x : *this) {
collection::Variable *var = x.second;
delete var->m_key;
var->m_key = NULL;
delete var;
}
clear();
}
void AnchoredSetVariable::set(const std::string &key,
const std::string &value, size_t offset) {
std::string *v = new std::string(value);
std::string *k = new std::string(m_name + ":" + key);
collection::Variable *var = new collection::Variable(k, v);
var->m_dynamic_value = true;
var->m_dynamic = false;
emplace(key, var);
}
void AnchoredSetVariable::resolve(
std::vector<const collection::Variable *> *l) {
for (const auto& x : *this) {
l->insert(l->begin(), x.second);
}
}
void AnchoredSetVariable::resolve(const std::string &key,
std::vector<const collection::Variable *> *l) {
auto range = this->equal_range(key);
for (auto it = range.first; it != range.second; ++it) {
l->push_back(it->second);
}
}
std::unique_ptr<std::string> AnchoredSetVariable::resolveFirst(
const std::string &key) {
auto range = equal_range(key);
for (auto it = range.first; it != range.second; ++it) {
std::unique_ptr<std::string> b(new std::string());
b->assign(*it->second->m_value);
return b;
}
return nullptr;
}
void AnchoredSetVariable::resolveRegularExpression(Utils::Regex *r,
std::vector<const collection::Variable *> *l) {
Utils::Regex *r = new Utils::Regex(var);
for (const auto& x : *this) {
int ret = Utils::regex_search(x.first, *r);
if (ret <= 0) {
@ -38,7 +99,6 @@ void AnchoredSetVariable::resolveRegularExpression(const std::string &var,
}
l->insert(l->begin(), x.second);
}
delete r;
}

114
src/anchored_variable.cc Normal file
View File

@ -0,0 +1,114 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/anchored_variable.h"
#include <ctime>
#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "src/utils/regex.h"
namespace modsecurity {
AnchoredVariable::AnchoredVariable(Transaction *t,
std::string name)
: m_transaction(t),
m_var(NULL),
m_offset(0),
m_name(""),
m_value("") {
m_name.append(name);
m_var = new collection::Variable(&m_name);
m_var->m_dynamic = false;
m_var->m_value = &m_value;
}
AnchoredVariable::~AnchoredVariable() {
if (m_var) {
delete (m_var);
m_var = NULL;
}
}
void AnchoredVariable::unset() {
m_value.clear();
m_var->m_orign.clear();
}
void AnchoredVariable::set(const std::string &a, size_t offset) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
m_offset = offset;
m_value.assign(a.c_str(), a.size());
origin->m_offset = offset;
origin->m_length = m_value.size();
m_var->m_orign.push_back(std::move(origin));
}
void AnchoredVariable::append(const std::string &a, size_t offset,
bool spaceSeparator) {
std::unique_ptr<VariableOrigin> origin(
new VariableOrigin());
if (spaceSeparator && !m_value.empty()) {
m_value.append(" " + a);
} else {
m_value.append(a);
}
m_offset = offset;
origin->m_offset = offset;
origin->m_length = a.size();
m_var->m_orign.push_back(std::move(origin));
}
void AnchoredVariable::evaluate(std::vector<const collection::Variable *> *l) {
if (m_name.empty() || m_var == NULL || m_var->m_key == NULL
|| m_var->m_value == NULL || m_var->m_key->empty()) {
return;
}
l->push_back(m_var);
}
std::string * AnchoredVariable::evaluate() {
if (m_value.empty() == true) {
return NULL;
}
return &m_value;
}
std::unique_ptr<std::string> AnchoredVariable::resolveFirst() {
if (m_value.empty()) {
return nullptr;
}
std::unique_ptr<std::string> a(new std::string());
a->append(m_value);
return a;
}
} // namespace modsecurity

4
src/collection/backend/in_memory-per_process.cc
View File

@ -155,11 +155,11 @@ void InMemoryPerProcess::resolveRegularExpression(const std::string& var,
}
std::string* InMemoryPerProcess::resolveFirst(const std::string& var) {
std::unique_ptr<std::string> InMemoryPerProcess::resolveFirst(const std::string& var) {
auto range = equal_range(var);
for (auto it = range.first; it != range.second; ++it) {
return &it->second;
return std::unique_ptr<std::string>(new std::string(it->second));
}
return NULL;

2
src/collection/backend/in_memory-per_process.h
View File

@ -82,7 +82,7 @@ class InMemoryPerProcess :
void del(const std::string& key) override;
std::string* resolveFirst(const std::string& var) override;
std::unique_ptr<std::string> resolveFirst(const std::string& var) override;
void resolveSingleMatch(const std::string& var,
std::vector<const Variable *> *l) override;

7
src/collection/backend/lmdb.cc
View File

@ -161,7 +161,7 @@ void LMDB::lmdb_debug(int rc, std::string op, std::string scope) {
}
std::string* LMDB::resolveFirst(const std::string& var) {
std::unique_ptr<std::string> LMDB::resolveFirst(const std::string& var) {
int rc;
MDB_val mdb_key;
MDB_val mdb_value;
@ -188,10 +188,9 @@ std::string* LMDB::resolveFirst(const std::string& var) {
goto end_get;
}
// FIXME: Memory leak here.
ret = new std::string(
ret = std::unique_ptr<std::string>(new std::string(
reinterpret_cast<char *>(mdb_value_ret.mv_data),
mdb_value_ret.mv_size);
mdb_value_ret.mv_size));
end_get:
mdb_dbi_close(m_env, dbi);

2
src/collection/backend/lmdb.h
View File

@ -61,7 +61,7 @@ class LMDB :
void del(const std::string& key) override;
std::string* resolveFirst(const std::string& var) override;
std::unique_ptr<std::string> resolveFirst(const std::string& var) override;
void resolveSingleMatch(const std::string& var,
std::vector<const Variable *> *l) override;

13
src/collection/collections.cc
View File

@ -125,26 +125,27 @@ void Collections::del(const std::string& key) {
}
std::string* Collections::resolveFirst(const std::string& var) {
std::string *transientVar = m_transient->resolveFirst(var);
std::unique_ptr<std::string> Collections::resolveFirst(const std::string& var) {
std::unique_ptr<std::string> transientVar = m_transient->resolveFirst(var);
if (transientVar != NULL) {
return transientVar;
}
for (auto &a : *this) {
std::string *res = a.second->resolveFirst(
std::unique_ptr<std::string> res = a.second->resolveFirst(
utils::string::toupper(a.first) + ":" + var);
if (res != NULL) {
return res;
}
}
return NULL;
return nullptr;
}
std::string* Collections::resolveFirst(const std::string& collectionName,
std::unique_ptr<std::string> Collections::resolveFirst(const std::string& collectionName,
const std::string& var) {
if (utils::string::tolower(collectionName) == "ip"
&& !m_ip_collection_key.empty()) {
@ -177,7 +178,7 @@ std::string* Collections::resolveFirst(const std::string& collectionName,
for (auto &a : *this) {
if (utils::string::tolower(a.first)
== utils::string::tolower(collectionName)) {
std::string *res = a.second->resolveFirst(
std::unique_ptr<std::string> res = a.second->resolveFirst(
utils::string::toupper(a.first)
+ ":" + var);
if (res != NULL) {

226
src/macro_expansion.cc
View File

@ -63,11 +63,174 @@ std::string MacroExpansion::expand(const std::string& input,
return res;
}
std::string variable(res, start + 2, end - (start + 2));
std::string *variableValue = NULL;
std::unique_ptr<std::string> variableValue = nullptr;
size_t collection = variable.find(".");
if (collection == std::string::npos) {
if (utils::string::toupper(variable) == "MATCHED_VAR") {
variableValue = transaction->m_variableMatchedVar.evaluate();
collection = variable.find(":");
}
variable = utils::string::toupper(variable);
if (collection == std::string::npos) {
if (variable == "ARGS_NAMES") {
variableValue = transaction->m_variableArgsNames.resolveFirst();
}
else if (variable == "ARGS_GET_NAMES") {
variableValue = transaction->m_variableArgGetNames.resolveFirst();
}
else if (variable == "ARGS_POST_NAMES") {
variableValue = transaction->m_variableArgPostNames.resolveFirst();
}
else if (variable == "REQUEST_HEADERS_NAMES") {
variableValue = transaction->m_variableRequestHeadersNames.resolveFirst();
}
else if (variable == "RESPONSE_CONTENT_TYPE") {
variableValue = transaction->m_variableResponseContentType.resolveFirst();
}
else if (variable == "RESPONSE_HEADERS_NAMES") {
variableValue = transaction->m_variableResponseHeadersNames.resolveFirst();
}
else if (variable == "ARGS_COMBINED_SIZE") {
variableValue = transaction->m_variableARGScombinedSize.resolveFirst();
}
else if (variable == "AUTH_TYPE") {
variableValue = transaction->m_variableAuthType.resolveFirst();
}
else if (variable == "FILES_COMBINED_SIZE") {
variableValue = transaction->m_variableFilesCombinedSize.resolveFirst();
}
else if (variable == "FULL_REQUEST") {
variableValue = transaction->m_variableFullRequest.resolveFirst();
}
else if (variable == "FULL_REQUEST_LENGTH") {
variableValue = transaction->m_variableFullRequestLength.resolveFirst();
}
else if (variable == "INBOUND_DATA_ERROR") {
variableValue = transaction->m_variableInboundDataError.resolveFirst();
}
else if (variable == "MATCHED_VAR") {
variableValue = transaction->m_variableMatchedVar.resolveFirst();
}
else if (variable == "MATCHED_VAR_NAME") {
variableValue = transaction->m_variableMatchedVarName.resolveFirst();
}
else if (variable == "MULTIPART_CRLF_LF_LINES") {
variableValue = transaction->m_variableMultipartCrlfLFLines.resolveFirst();
}
else if (variable == "MULTIPART_DATA_AFTER") {
variableValue = transaction->m_variableMultipartDataAfter.resolveFirst();
}
else if (variable == "MULTIPART_FILE_LIMIT_EXCEEDED") {
variableValue = transaction->m_variableMultipartFileLimitExceeded.resolveFirst();
}
else if (variable == "MULTIPART_STRICT_ERROR") {
variableValue = transaction->m_variableMultipartStrictError.resolveFirst();
}
else if (variable == "MULTIPART_HEADER_FOLDING") {
variableValue = transaction->m_variableMultipartHeaderFolding.resolveFirst();
}
else if (variable == "MULTIPART_INVALID_QUOTING") {
variableValue = transaction->m_variableMultipartInvalidQuoting.resolveFirst();
}
else if (variable == "MULTIPART_INVALID_HEADER_FOLDING") {
variableValue = transaction->m_variableMultipartInvalidHeaderFolding.resolveFirst();
}
else if (variable == "MULTIPART_UNMATCHED_BOUNDARY") {
variableValue = transaction->m_variableMultipartUnmatchedBoundary.resolveFirst();
}
else if (variable == "OUTBOUND_DATA_ERROR") {
variableValue = transaction->m_variableOutboundDataError.resolveFirst();
}
else if (variable == "PATH_INFO") {
variableValue = transaction->m_variablePathInfo.resolveFirst();
}
else if (variable == "QUERY_STRING") {
variableValue = transaction->m_variableQueryString.resolveFirst();
}
else if (variable == "REMOTE_ADDR") {
variableValue = transaction->m_variableRemoteAddr.resolveFirst();
}
else if (variable == "REMOTE_HOST") {
variableValue = transaction->m_variableRemoteHost.resolveFirst();
}
else if (variable == "REMOTE_PORT") {
variableValue = transaction->m_variableRemotePort.resolveFirst();
}
else if (variable == "REQBODY_ERROR") {
variableValue = transaction->m_variableReqbodyError.resolveFirst();
}
else if (variable == "REQBODY_ERROR_MSG") {
variableValue = transaction->m_variableReqbodyErrorMsg.resolveFirst();
}
else if (variable == "REQBODY_PROCESSOR_ERROR_MSG") {
variableValue = transaction->m_variableReqbodyProcessorErrorMsg.resolveFirst();
}
else if (variable == "REQBODY_PROCESSOR_ERROR") {
variableValue = transaction->m_variableReqbodyProcessorError.resolveFirst();
}
else if (variable == "REQBODY_PROCESSOR") {
variableValue = transaction->m_variableReqbodyProcessor.resolveFirst();
}
else if (variable == "REQUEST_BASENAME") {
variableValue = transaction->m_variableRequestBasename.resolveFirst();
}
else if (variable == "REQUEST_BODY") {
variableValue = transaction->m_variableRequestBody.resolveFirst();
}
else if (variable == "REQUEST_BODY_LENGTH") {
variableValue = transaction->m_variableRequestBodyLength.resolveFirst();
}
else if (variable == "REQUEST_FILENAME") {
variableValue = transaction->m_variableRequestFilename.resolveFirst();
}
else if (variable == "REQUEST_LINE") {
variableValue = transaction->m_variableRequestLine.resolveFirst();
}
else if (variable == "REQUEST_METHOD") {
variableValue = transaction->m_variableRequestMethod.resolveFirst();
}
else if (variable == "REQUEST_PROTOCOL") {
variableValue = transaction->m_variableRequestProtocol.resolveFirst();
}
else if (variable == "REQUEST_URI") {
variableValue = transaction->m_variableRequestURI.resolveFirst();
}
else if (variable == "REQUEST_URI_RAW") {
variableValue = transaction->m_variableRequestURIRaw.resolveFirst();
}
else if (variable == "RESOURCE") {
variableValue = transaction->m_variableResource.resolveFirst();
}
else if (variable == "RESPONSE_BODY") {
variableValue = transaction->m_variableResponseBody.resolveFirst();
}
else if (variable == "RESPONSE_CONTENT_LENGTH") {
variableValue = transaction->m_variableResponseContentLength.resolveFirst();
}
else if (variable == "RESPONSE_PROTOCOL") {
variableValue = transaction->m_variableResponseProtocol.resolveFirst();
}
else if (variable == "RESPONSE_STATUS") {
variableValue = transaction->m_variableResponseStatus.resolveFirst();
}
else if (variable == "SERVER_ADDR") {
variableValue = transaction->m_variableServerAddr.resolveFirst();
}
else if (variable == "SERVER_NAME") {
variableValue = transaction->m_variableServerName.resolveFirst();
}
else if (variable == "SERVER_PORT") {
variableValue = transaction->m_variableServerPort.resolveFirst();
}
else if (variable == "SESSIONID") {
variableValue = transaction->m_variableSessionID.resolveFirst();
}
else if (variable == "UNIQUE_ID") {
variableValue = transaction->m_variableUniqueID.resolveFirst();
}
else if (variable == "URLENCODED_ERROR") {
variableValue = transaction->m_variableUrlEncodedError.resolveFirst();
}
else if (variable == "USERID") {
variableValue = transaction->m_variableUserID.resolveFirst();
} else {
variableValue = transaction->m_collections.resolveFirst(
variable);
@ -76,10 +239,61 @@ std::string MacroExpansion::expand(const std::string& input,
std::string col = std::string(variable, 0, collection);
std::string var = std::string(variable, collection + 1,
variable.length() - (collection + 1));
col = utils::string::toupper(col);
if (utils::string::toupper(col) == "RULE") {
variableValue = transaction->m_collections.resolveFirst(
"RULE:" + var);
if (col == "ARGS") {
variableValue = transaction->m_variableArgs.resolveFirst(var);
}
else if (col == "RULE") {
variableValue = transaction->m_variableRule.resolveFirst(var);
}
else if (col == "ARGS_GET") {
variableValue = transaction->m_variableArgsGet.resolveFirst(var);
}
else if (col == "ARGS_POST") {
variableValue = transaction->m_variableArgsPost.resolveFirst(var);
}
else if (col == "FILES_SIZES") {
variableValue = transaction->m_variableFilesSizes.resolveFirst(var);
}
else if (col == "FILES_NAMES") {
variableValue = transaction->m_variableFilesNames.resolveFirst(var);
}
else if (col == "FILES_TMP_CONTENT") {
variableValue = transaction->m_variableFilesTmpContent.resolveFirst(var);
}
else if (col == "MULTIPART_FILENAME") {
variableValue = transaction->m_variableMultiPartFileName.resolveFirst(var);
}
else if (col == "MULTIPART_NAME") {
variableValue = transaction->m_variableMultiPartName.resolveFirst(var);
}
else if (col == "MATCHED_VARS_NAMES") {
variableValue = transaction->m_variableMatchedVarsNames.resolveFirst(var);
}
else if (col == "MATCHED_VARS") {
variableValue = transaction->m_variableMatchedVars.resolveFirst(var);
}
else if (col == "FILES") {
variableValue = transaction->m_variableFiles.resolveFirst(var);
}
else if (col == "REQUEST_COOKIES") {
variableValue = transaction->m_variableRequestCookies.resolveFirst(var);
}
else if (col == "REQUEST_HEADERS") {
variableValue = transaction->m_variableRequestHeaders.resolveFirst(var);
}
else if (col == "RESPONSE_HEADERS") {
variableValue = transaction->m_variableResponseHeaders.resolveFirst(var);
}
else if (col == "GEO") {
variableValue = transaction->m_variableGeo.resolveFirst(var);
}
else if (col == "REQUEST_COOKIES_NAMES") {
variableValue = transaction->m_variableRequestCookiesNames.resolveFirst(var);
}
else if (col == "FILES_TMPNAMES") {
variableValue = transaction->m_variableFilesTmpNames.resolveFirst(var);
} else {
variableValue = transaction->m_collections.resolveFirst(col,
var);

39
src/operators/geo_lookup.cc
View File

@ -47,43 +47,48 @@ bool GeoLookup::evaluate(Transaction *trans, const std::string &exp) {
}
if (ret && gir) {
if (gir->country_code) {
trans->m_collections.store("GEO:COUNTRY_CODE", gir->country_code);
trans->m_variableGeo.set("COUNTRY_CODE",
std::string(gir->country_code), 0);
}
if (gir->country_code3) {
trans->m_collections.store("GEO:COUNTRY_CODE3", gir->country_code3);
trans->m_variableGeo.set("COUNTRY_CODE3",
std::string(gir->country_code3), 0);
}
if (gir->country_name) {
trans->m_collections.store("GEO:COUNTRY_NAME", gir->country_name);
trans->m_variableGeo.set("COUNTRY_NAME",
std::string(gir->country_name), 0);
}
if (gir->continent_code) {
trans->m_collections.store("GEO:COUNTRY_CONTINENT",
gir->continent_code);
trans->m_variableGeo.set("COUNTRY_CONTINENT",
std::string(gir->continent_code), 0);
}
if (gir->country_code && gir->region) {
trans->m_collections.store("GEO:REGION",
GeoIP_region_name_by_code(gir->country_code, gir->region));
trans->m_variableGeo.set("REGION",
std::string(GeoIP_region_name_by_code(gir->country_code,
gir->region)), 0);
}
if (gir->city) {
trans->m_collections.store("GEO:CITY", gir->city);
trans->m_variableGeo.set("CITY", std::string(gir->city), 0);
}
if (gir->postal_code) {
trans->m_collections.store("GEO:POSTAL_CODE", gir->postal_code);
trans->m_variableGeo.set("POSTAL_CODE",
std::string(gir->postal_code), 0);
}
if (gir->latitude) {
trans->m_collections.store("GEO:LATITUDE",
std::to_string(gir->latitude));
trans->m_variableGeo.set("LATITUDE",
std::to_string(gir->latitude), 0);
}
if (gir->longitude) {
trans->m_collections.store("GEO:LONGITUDE",
std::to_string(gir->longitude));
trans->m_variableGeo.set("LONGITUDE",
std::to_string(gir->longitude), 0);
}
if (gir->metro_code) {
trans->m_collections.store("GEO:DMA_CODE",
std::to_string(gir->metro_code));
trans->m_variableGeo.set("DMA_CODE",
std::to_string(gir->metro_code), 0);
}
if (gir->area_code) {
trans->m_collections.store("GEO:AREA_CODE",
std::to_string(gir->area_code));
trans->m_variableGeo.set("AREA_CODE",
std::to_string(gir->area_code), 0);
}
GeoIPRecord_delete(gir);

38
src/parser/driver.cc
View File

@ -44,7 +44,7 @@ Driver::~Driver() {
int Driver::addSecMarker(std::string marker) {
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
Rule *rule = new Rule(marker);
rule->phase = i;
rule->m_phase = i;
m_rules[i].push_back(rule);
}
return 0;
@ -52,37 +52,37 @@ int Driver::addSecMarker(std::string marker) {
int Driver::addSecAction(Rule *rule) {
if (rule->phase > modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->phase);
if (rule->m_phase > modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);
m_parserError << std::endl;
return false;
}
m_rules[rule->phase].push_back(rule);
m_rules[rule->m_phase].push_back(rule);
return true;
}
int Driver::addSecRule(Rule *rule) {
if (rule->phase > modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->phase);
if (rule->m_phase > modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);
m_parserError << std::endl;
return false;
}
if (lastRule && lastRule->chained && lastRule->chainedRule == NULL) {
rule->phase = lastRule->phase;
lastRule->chainedRule = rule;
if (lastRule && lastRule->m_chained && lastRule->m_chainedRule == NULL) {
rule->m_phase = lastRule->m_phase;
lastRule->m_chainedRule = rule;
return true;
}
if (lastRule && lastRule->chained && lastRule->chainedRule != NULL) {
Rule *a = lastRule->chainedRule;
while (a->chained && a->chainedRule != NULL) {
a = a->chainedRule;
if (lastRule && lastRule->m_chained && lastRule->m_chainedRule != NULL) {
Rule *a = lastRule->m_chainedRule;
while (a->m_chained && a->m_chainedRule != NULL) {
a = a->m_chainedRule;
}
if (a->chained && a->chainedRule == NULL) {
a->chainedRule = rule;
if (a->m_chained && a->m_chainedRule == NULL) {
a->m_chainedRule = rule;
return true;
}
}
@ -91,7 +91,7 @@ int Driver::addSecRule(Rule *rule) {
* Checking if the rule has an ID and also checking if this ID is not used
* by other rule
*/
if (rule->rule_id == 0) {
if (rule->m_ruleId == 0) {
m_parserError << "Rules must have an ID. File: ";
m_parserError << rule->m_fileName << " at line: ";
m_parserError << std::to_string(rule->m_lineNumber) << std::endl;
@ -100,8 +100,8 @@ int Driver::addSecRule(Rule *rule) {
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<Rule *> rules = m_rules[i];
for (int j = 0; j < rules.size(); j++) {
if (rules[j]->rule_id == rule->rule_id) {
m_parserError << "Rule id: " << std::to_string(rule->rule_id) \
if (rules[j]->m_ruleId == rule->m_ruleId) {
m_parserError << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
return false;
}
@ -109,7 +109,7 @@ int Driver::addSecRule(Rule *rule) {
}
lastRule = rule;
m_rules[rule->phase].push_back(rule);
m_rules[rule->m_phase].push_back(rule);
return true;
}

4878
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

2567
src/parser/seclang-parser.hh
View File

File diff suppressed because it is too large Load Diff

1097
src/parser/seclang-parser.yy
View File

File diff suppressed because it is too large Load Diff

397
src/parser/seclang-scanner.ll
View File

@ -110,6 +110,142 @@ ACTION_TRANSFORMATION_URL_DECODE_UNI (?i:t:urlDecodeUni)
ACTION_TRANSFORMATION_UTF8_TO_UNICODE (?i:t:utf8toUnicode)
VARIABLE_ARGS_COMBINED_SIZE (?i:ARGS_COMBINED_SIZE)
VARIABLE_ARGS_GET_NAMES (?i:ARGS_GET_NAMES)
VARIABLE_ARGS_NAMES (?i:ARGS_NAMES)
VARIABLE_ARGS_POST_NAMES (?i:ARGS_POST_NAMES)
VARIABLE_AUTH_TYPE (?i:AUTH_TYPE)
VARIABLE_FILES_COMBINED_SIZE (?i:FILES_COMBINED_SIZE)
VARIABLE_FILES_TMP_NAMES (?i:FILES_TMPNAMES)
VARIABLE_FULL_REQUEST (?i:FULL_REQUEST)
VARIABLE_FULL_REQUEST_LENGTH (?i:FULL_REQUEST_LENGTH)
VARIABLE_GLOBAL (?i:GLOBAL)
VARIABLE_INBOUND_DATA_ERROR (?i:INBOUND_DATA_ERROR)
VARIABLE_MATCHED_VAR (?i:MATCHED_VAR)
VARIABLE_MATCHED_VAR_NAME (?i:MATCHED_VAR_NAME)
VARIABLE_MULTIPART_CRLF_LF_LINES (?i:MULTIPART_CRLF_LF_LINES)
VARIABLE_MULTIPART_DATA_AFTER (?i:MULTIPART_DATA_AFTER)
VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED (?i:MULTIPART_FILE_LIMIT_EXCEEDED)
VARIABLE_MULTIPART_HEADER_FOLDING (?i:MULTIPART_HEADER_FOLDING)
VARIABLE_MULTIPART_INVALID_HEADER_FOLDING (?i:MULTIPART_INVALID_HEADER_FOLDING)
VARIABLE_MULTIPART_INVALID_QUOTING (?i:MULTIPART_INVALID_QUOTING)
VARIABLE_MULTIPART_STRICT_ERROR (?i:MULTIPART_STRICT_ERROR)
VARIABLE_MULTIPART_UNMATCHED_BOUNDARY (?i:MULTIPART_UNMATCHED_BOUNDARY)
VARIABLE_OUTBOUND_DATA_ERROR (?i:OUTBOUND_DATA_ERROR)
VARIABLE_PATH_INFO (?i:PATH_INFO)
VARIABLE_QUERY_STRING (?i:QUERY_STRING)
VARIABLE_REMOTE_ADDR (?i:REMOTE_ADDR)
VARIABLE_REMOTE_HOST (?i:REMOTE_HOST)
VARIABLE_REMOTE_PORT (?i:REMOTE_PORT)
VARIABLE_REQBODY_ERROR (?i:REQBODY_ERROR)
VARIABLE_REQBODY_ERROR_MSG (?i:REQBODY_ERROR_MSG)
VARIABLE_REQBODY_PROCESSOR_ERROR (?i:REQBODY_PROCESSOR_ERROR)
VARIABLE_REQBODY_PROCESSOR_ERROR_MSG (?i:REQBODY_PROCESSOR_ERROR_MSG)
VARIABLE_REQBODY_PROCESSOR (?i:REQBODY_PROCESSOR)
VARIABLE_REQUEST_BASENAME (?i:REQUEST_BASENAME)
VARIABLE_REQUEST_BODY (?i:REQUEST_BODY)
VARIABLE_REQUEST_BODY_LENGTH (?i:REQUEST_BODY_LENGTH)
VARIABLE_REQUEST_FILE_NAME (?i:REQUEST_FILENAME)
VARIABLE_REQUEST_HEADERS_NAMES (?i:REQUEST_HEADERS_NAMES)
VARIABLE_REQUEST_LINE (?i:REQUEST_LINE)
VARIABLE_REQUEST_METHOD (?i:REQUEST_METHOD)
VARIABLE_REQUEST_PROTOCOL (?i:REQUEST_PROTOCOL)
VARIABLE_REQUEST_URI (?i:REQUEST_URI)
VARIABLE_REQUEST_URI_RAW (?i:REQUEST_URI_RAW)
VARIABLE_RESOURCE (?i:RESOURCE)
VARIABLE_RESPONSE_BODY (?i:RESPONSE_BODY)
VARIABLE_RESPONSE_CONTENT_LENGTH (?i:RESPONSE_CONTENT_LENGTH)
VARIABLE_RESPONSE_CONTENT_TYPE (?i:RESPONSE_CONTENT_TYPE)
VARIABLE_RESPONSE_HEADERS_NAMES (?i:RESPONSE_HEADERS_NAMES)
VARIABLE_RESPONSE_PROTOCOL (?i:RESPONSE_PROTOCOL)
VARIABLE_RESPONSE_STATUS (?i:RESPONSE_STATUS)
VARIABLE_SERVER_ADDR (?i:SERVER_ADDR)
VARIABLE_SERVER_NAME (?i:SERVER_NAME)
VARIABLE_SERVER_PORT (?i:SERVER_PORT)
VARIABLE_SESSION_ID (?i:SESSIONID)
VARIABLE_UNIQUE_ID (?i:UNIQUE_ID)
VARIABLE_URL_ENCODED_ERROR (?i:URLENCODED_ERROR)
VARIABLE_USER_ID (?i:USERID)
VARIABLE_WEBSERVER_ERROR_LOG (?i:WEBSERVER_ERROR_LOG)
VARIABLE_ARGS (?i:ARGS)
VARIABLE_ARGS_POST (?i:ARGS_POST)
VARIABLE_ARGS_GET (?i:ARGS_GET)
VARIABLE_FILES_SIZES (?i:FILES_SIZES)
VARIABLE_FILES_NAMES (?i:FILES_NAMES)
VARIABLE_FILES_TMP_CONTENT (?i:FILES_TMP_CONTENT)
VARIABLE_MULTIPART_FILENAME (?i:MULTIPART_FILENAME)
VARIABLE_MULTIPART_NAME (?i:MULTIPART_NAME)
VARIABLE_MATCHED_VARS_NAMES (?i:MATCHED_VARS_NAMES)
VARIABLE_MATCHED_VARS (?i:MATCHED_VARS)
VARIABLE_FILES (?i:FILES)
VARIABLE_REQUEST_COOKIES (?i:REQUEST_COOKIES)
VARIABLE_REQUEST_HEADERS (?i:REQUEST_HEADERS)
VARIABLE_RESPONSE_HEADERS (?i:RESPONSE_HEADERS)
VARIABLE_GEO (?i:GEO)
VARIABLE_REQUEST_COOKIES_NAMES (?i:REQUEST_COOKIES_NAMES)
VARIABLE_RULE (?i:RULE)
VARIABLE_SESSION (?i:(SESSION))
VARIABLE_IP (?i:(IP))
VARIABLE_USER (?i:(USER))
VARIABLE_STATUS (?i:(STATUS[^:]))
VARIABLE_TX (?i:TX)
RUN_TIME_VAR_BLD (?i:MODSEC_BUILD)
RUN_TIME_VAR_DUR (?i:DURATION)
RUN_TIME_VAR_ENV (?i:ENV)
RUN_TIME_VAR_HSV (?i:HIGHEST_SEVERITY)
RUN_TIME_VAR_REMOTE_USER (?i:REMOTE_USER)
RUN_TIME_VAR_TIME (?i:TIME)
RUN_TIME_VAR_TIME_DAY (?i:TIME_DAY)
RUN_TIME_VAR_TIME_EPOCH (?i:TIME_EPOCH)
RUN_TIME_VAR_TIME_HOUR (?i:TIME_HOUR)
RUN_TIME_VAR_TIME_MIN (?i:TIME_MIN)
RUN_TIME_VAR_TIME_MON (?i:TIME_MON)
RUN_TIME_VAR_TIME_SEC (?i:TIME_SEC)
RUN_TIME_VAR_TIME_WDAY (?i:TIME_WDAY)
RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR)
RUN_TIME_VAR_XML (?i:XML)
VAR_EXCLUSION (!)
VAR_COUNT (&)
OPERATOR_UNCONDITIONAL_MATCH (?i:@unconditionalMatch)
OPERATOR_DETECT_SQLI (?i:@detectSQLi)
OPERATOR_DETECT_XSS (?i:@detectXSS)
OPERATOR_VALIDATE_URL_ENCODING (?i:@validateUrlEncoding)
OPERATOR_VALIDATE_UTF8_ENCODING (?i:@validateUtf8Encoding)
OPERATOR_INSPECT_FILE (?i:@inspectFile)
OPERATOR_FUZZY_HASH (?i:@fuzzyHash)
OPERATOR_VALIDATE_BYTE_RANGE (?i:@validateByteRange)
OPERATOR_VALIDATE_DTD (?i:@validateDTD)
OPERATOR_VALIDATE_HASH (?i:@validateHash)
OPERATOR_VALIDATE_SCHEMA (?i:@validateSchema)
OPERATOR_VERIFY_CC (?i:@verifyCC)
OPERATOR_VERIFY_CPF (?i:@verifyCPF)
OPERATOR_VERIFY_SSN (?i:@verifySSN)
OPERATOR_GSB_LOOKUP (?i:@gsbLookup)
OPERATOR_RSUB (?i:@rsub)
OPERATOR_WITHIN (?i:@within)
OPERATOR_CONTAINS_WORD (?i:@containsWord)
OPERATOR_CONTAINS (?i:@contains)
OPERATOR_ENDS_WITH (?i:@endsWith)
OPERATOR_EQ (?i:@eq)
OPERATOR_GE (?i:@ge)
OPERATOR_GT (?i:@gt)
OPERATOR_IP_MATCH_FROM_FILE (?i:(@ipMatchF|@ipMatchFromFile))
OPERATOR_IP_MATCH (?i:@ipMatch)
OPERATOR_LE (?i:@le)
OPERATOR_LT (?i:@lt)
OPERATOR_PM_FROM_FILE (?i:(@pmf|@pmFromFile))
OPERATOR_PM (?i:@pm)
OPERATOR_RBL (?i:@rbl)
OPERATOR_RX (?i:@rx)
OPERATOR_STR_EQ (?i:@streq)
OPERATOR_STR_MATCH (?i:@strmatch)
OPERATOR_BEGINS_WITH (?i:@beginsWith)
OPERATOR_GEOLOOKUP (?i:@geoLookup)
OPERATOR_RX_CONTENT_ONLY ([^\"]|([^\\]\\\"))+
AUDIT_PARTS [ABCDEFHJKIZ]+
COL_FREE_TEXT_SPACE_COMMA ([^,"])+
COL_NAME [A-Za-z]+
@ -172,6 +308,7 @@ CONGIG_DIR_SEC_DATA_DIR (?i:SecDataDir)
CONGIG_DIR_SEC_STATUS_ENGINE (?i:SecStatusEngine)
CONGIG_DIR_SEC_TMP_DIR (?i:SecTmpDir)
DICT_ELEMENT [^ \t|]+
DICT_ELEMENT_WITH_PIPE [^ \t]+
DICT_ELEMENT_TWO [^\"\=]+
DICT_ELEMENT_TWO2 [A-Za-z_ -\%\{\.\}\-\/]+
DIRECTIVE (?i:SecRule)
@ -184,137 +321,11 @@ FREE_TEXT_SPACE_COMMA [^, \t]+
FREE_TEXT_SPACE_COMMA_QUOTE [^, \t\"\n\r]+
FREE_TEXT_COMMA_QUOTE [^,\"\\n\\r]+
NEW_LINE_FREE_TEXT [^, \t\"\n\r]+
OPERATOR_UNCONDITIONAL_MATCH (?i:@unconditionalMatch)
OPERATOR_DETECT_SQLI (?i:@detectSQLi)
OPERATOR_DETECT_XSS (?i:@detectXSS)
OPERATOR_VALIDATE_URL_ENCODING (?i:@validateUrlEncoding)
OPERATOR_VALIDATE_UTF8_ENCODING (?i:@validateUtf8Encoding)
OPERATOR_INSPECT_FILE (?i:@inspectFile)
OPERATOR_FUZZY_HASH (?i:@fuzzyHash)
OPERATOR_VALIDATE_BYTE_RANGE (?i:@validateByteRange)
OPERATOR_VALIDATE_DTD (?i:@validateDTD)
OPERATOR_VALIDATE_HASH (?i:@validateHash)
OPERATOR_VALIDATE_SCHEMA (?i:@validateSchema)
OPERATOR_VERIFY_CC (?i:@verifyCC)
OPERATOR_VERIFY_CPF (?i:@verifyCPF)
OPERATOR_VERIFY_SSN (?i:@verifySSN)
OPERATOR_GSB_LOOKUP (?i:@gsbLookup)
OPERATOR_RSUB (?i:@rsub)
OPERATOR_WITHIN (?i:@within)
OPERATOR_CONTAINS_WORD (?i:@containsWord)
OPERATOR_CONTAINS (?i:@contains)
OPERATOR_ENDS_WITH (?i:@endsWith)
OPERATOR_EQ (?i:@eq)
OPERATOR_GE (?i:@ge)
OPERATOR_GT (?i:@gt)
OPERATOR_IP_MATCH_FROM_FILE (?i:(@ipMatchF|@ipMatchFromFile))
OPERATOR_IP_MATCH (?i:@ipMatch)
OPERATOR_LE (?i:@le)
OPERATOR_LT (?i:@lt)
OPERATOR_PM_FROM_FILE (?i:(@pmf|@pmFromFile))
OPERATOR_PM (?i:@pm)
OPERATOR_RBL (?i:@rbl)
OPERATOR_RX (?i:@rx)
OPERATOR_STR_EQ (?i:@streq)
OPERATOR_STR_MATCH (?i:@strmatch)
OPERATOR_BEGINS_WITH (?i:@beginsWith)
OPERATOR_GEOLOOKUP (?i:@geoLookup)
OPERATOR_RX_CONTENT_ONLY ([^\"]|([^\\]\\\"))+
NOT !
OP_QUOTE \"
FREE_TEXT ([^\"]|([^\\]\\\"))+
REMOVE_RULE_BY [0-9A-Za-z_\/\.\-\*\:\;\]\[]+
RUN_TIME_VAR_BLD (?i:MODSEC_BUILD)
RUN_TIME_VAR_DUR (?i:DURATION)
RUN_TIME_VAR_ENV (?i:ENV)
RUN_TIME_VAR_HSV (?i:HIGHEST_SEVERITY)
RUN_TIME_VAR_REMOTE_USER (?i:REMOTE_USER)
RUN_TIME_VAR_RULE (?i:RULE)
RUN_TIME_VAR_TIME (?i:TIME)
RUN_TIME_VAR_TIME_DAY (?i:TIME_DAY)
RUN_TIME_VAR_TIME_EPOCH (?i:TIME_EPOCH)
RUN_TIME_VAR_TIME_HOUR (?i:TIME_HOUR)
RUN_TIME_VAR_TIME_MIN (?i:TIME_MIN)
RUN_TIME_VAR_TIME_MON (?i:TIME_MON)
RUN_TIME_VAR_TIME_SEC (?i:TIME_SEC)
RUN_TIME_VAR_TIME_WDAY (?i:TIME_WDAY)
RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR)
RUN_TIME_VAR_XML (?i:XML)
VARIABLE_ARGS_COMBINED_SIZE (?i:ARGS_COMBINED_SIZE)
VARIABLE_ARGS_GET_NAMES (?i:ARGS_GET_NAMES)
VARIABLE_ARGS_NAMES (?i:ARGS_NAMES)
VARIABLE_ARGS_POST_NAMES (?i:ARGS_POST_NAMES)
VARIABLE_AUTH_TYPE (?i:AUTH_TYPE)
VARIABLE_FILES_COMBINED_SIZE (?i:FILES_COMBINED_SIZE)
VARIABLE_FILES_TMP_NAMES (?i:FILES_TMPNAMES)
VARIABLE_FULL_REQUEST (?i:FULL_REQUEST)
VARIABLE_FULL_REQUEST_LENGTH (?i:FULL_REQUEST_LENGTH)
VARIABLE_GLOBAL (?i:GLOBAL)
VARIABLE_INBOUND_DATA_ERROR (?i:INBOUND_DATA_ERROR)
VARIABLE_MATCHED_VAR (?i:MATCHED_VAR)
VARIABLE_MATCHED_VAR_NAME (?i:MATCHED_VAR_NAME)
VARIABLE_MULTIPART_CRLF_LF_LINES (?i:MULTIPART_CRLF_LF_LINES)
VARIABLE_MULTIPART_DATA_AFTER (?i:MULTIPART_DATA_AFTER)
VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED (?i:MULTIPART_FILE_LIMIT_EXCEEDED)
VARIABLE_MULTIPART_HEADER_FOLDING (?i:MULTIPART_HEADER_FOLDING)
VARIABLE_MULTIPART_INVALID_HEADER_FOLDING (?i:MULTIPART_INVALID_HEADER_FOLDING)
VARIABLE_MULTIPART_INVALID_QUOTING (?i:MULTIPART_INVALID_QUOTING)
VARIABLE_MULTIPART_STRICT_ERROR (?i:MULTIPART_STRICT_ERROR)
VARIABLE_MULTIPART_UNMATCHED_BOUNDARY (?i:MULTIPART_UNMATCHED_BOUNDARY)
VARIABLE_OUTBOUND_DATA_ERROR (?i:OUTBOUND_DATA_ERROR)
VARIABLE_PATH_INFO (?i:PATH_INFO)
VARIABLE_QUERY_STRING (?i:QUERY_STRING)
VARIABLE_REMOTE_ADDR (?i:REMOTE_ADDR)
VARIABLE_REMOTE_HOST (?i:REMOTE_HOST)
VARIABLE_REMOTE_PORT (?i:REMOTE_PORT)
VARIABLE_REQBODY_ERROR (?i:REQBODY_ERROR)
VARIABLE_REQBODY_ERROR_MSG (?i:REQBODY_ERROR_MSG)
VARIABLE_REQBODY_PROCESSOR_ERROR (?i:REQBODY_PROCESSOR_ERROR)
VARIABLE_REQBODY_PROCESSOR_ERROR_MSG (?i:REQBODY_PROCESSOR_ERROR_MSG)
VARIABLE_REQBODY_PROCESSOR (?i:REQBODY_PROCESSOR)
VARIABLE_REQUEST_BASENAME (?i:REQUEST_BASENAME)
VARIABLE_REQUEST_BODY (?i:REQUEST_BODY)
VARIABLE_REQUEST_BODY_LENGTH (?i:REQUEST_BODY_LENGTH)
VARIABLE_REQUEST_FILE_NAME (?i:REQUEST_FILENAME)
VARIABLE_REQUEST_HEADERS_NAMES (?i:REQUEST_HEADERS_NAMES)
VARIABLE_REQUEST_LINE (?i:REQUEST_LINE)
VARIABLE_REQUEST_METHOD (?i:REQUEST_METHOD)
VARIABLE_REQUEST_PROTOCOL (?i:REQUEST_PROTOCOL)
VARIABLE_REQUEST_URI (?i:REQUEST_URI)
VARIABLE_REQUEST_URI_RAW (?i:REQUEST_URI_RAW)
VARIABLE_RESOURCE (?i:RESOURCE)
VARIABLE_RESPONSE_BODY (?i:RESPONSE_BODY)
VARIABLE_RESPONSE_CONTENT_LENGTH (?i:RESPONSE_CONTENT_LENGTH)
VARIABLE_RESPONSE_CONTENT_TYPE (?i:RESPONSE_CONTENT_TYPE)
VARIABLE_RESPONSE_HEADERS_NAMES (?i:RESPONSE_HEADERS_NAMES)
VARIABLE_RESPONSE_PROTOCOL (?i:RESPONSE_PROTOCOL)
VARIABLE_RESPONSE_STATUS (?i:RESPONSE_STATUS)
VARIABLE_SERVER_ADDR (?i:SERVER_ADDR)
VARIABLE_SERVER_NAME (?i:SERVER_NAME)
VARIABLE_SERVER_PORT (?i:SERVER_PORT)
VARIABLE_SESSION_ID (?i:SESSIONID)
VARIABLE_UNIQUE_ID (?i:UNIQUE_ID)
VARIABLE_URL_ENCODED_ERROR (?i:URLENCODED_ERROR)
VARIABLE_USER_ID (?i:USERID)
VARIABLE_WEBSERVER_ERROR_LOG (?i:WEBSERVER_ERROR_LOG)
VARIABLE_ARGS (?i:ARGS)
VARIABLE_COL (?i:(ARGS_POST|ARGS_GET|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|REQUEST_COOKIES_NAMES))
VARIABLE_SESSION (?i:(SESSION))
VARIABLE_IP (?i:(IP))
VARIABLE_USER (?i:(USER))
VARIABLE_STATUS (?i:(STATUS[^:]))
VARIABLE_TX (?i:TX)
VAR_FREE_TEXT_QUOTE ([^\']|([^\\]\\\'))+
VAR_FREE_TEXT_SPACE [^ \t\"]+
VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+
@ -613,69 +624,12 @@ EQUALS_MINUS (?i:=\-)
<EXPECTING_VARIABLE>{
[!&]?{RUN_TIME_VAR_BLD} { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_DUR} { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_ENV}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_ENV}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_HSV} { return p::make_RUN_TIME_VAR_HSV(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_REMOTE_USER} { return p::make_RUN_TIME_VAR_REMOTE_USER(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_RULE}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_RUN_TIME_VAR_RULE(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_RULE}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_RULE(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_DAY} { return p::make_RUN_TIME_VAR_TIME_DAY(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_EPOCH} { return p::make_RUN_TIME_VAR_TIME_EPOCH(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_HOUR} { return p::make_RUN_TIME_VAR_TIME_HOUR(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_MIN} { return p::make_RUN_TIME_VAR_TIME_MIN(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_MON} { return p::make_RUN_TIME_VAR_TIME_MON(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_SEC} { return p::make_RUN_TIME_VAR_TIME_SEC(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME_YEAR} { return p::make_RUN_TIME_VAR_TIME_YEAR(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_TIME} { return p::make_RUN_TIME_VAR_TIME(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_XML}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
[!&]?{RUN_TIME_VAR_XML}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_COL}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_COL}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_GLOBAL}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_GLOBAL}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_SESSION}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_SESSION}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_IP}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_IP}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_USER}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_USER}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_STATUS} { return p::make_VARIABLE_STATUS(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_TX}(\:[\']{FREE_TEXT_QUOTE}[\'])? { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_TX}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
[!&]?{VARIABLE_WEBSERVER_ERROR_LOG} { driver.error (*driver.loc.back(), "Variable VARIABLE_WEBSERVER_ERROR_LOG is not supported by libModSecurity", ""); throw p::syntax_error(*driver.loc.back(), "");}
["][!&]?{RUN_TIME_VAR_BLD}["] { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_DUR}["] { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_ENV}(\:\'{FREE_TEXT_QUOTE}[\'])?["] { return p::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_ENV}(\:{DICT_ELEMENT})?["] { return p::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_HSV}["] { return p::make_RUN_TIME_VAR_HSV(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_RULE}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_RUN_TIME_VAR_RULE(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_RULE}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_RULE(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_XML}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
["][!&]?{RUN_TIME_VAR_XML}(\:{DICT_ELEMENT})? { return p::make_RUN_TIME_VAR_XML(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_COL}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_COL}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_GLOBAL}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_GLOBAL}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_SESSION}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_SESSION}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_IP}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_IP}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_USER}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_USER}(\:{DICT_ELEMENT})? { return p::make_VARIABLE_COL(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_TX}(\:[\']{FREE_TEXT_QUOTE}[\'])?["] { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
["][!&]?{VARIABLE_TX}(\:{DICT_ELEMENT})?["] { return p::make_VARIABLE_TX(yytext, *driver.loc.back()); }
[&]?{RUN_TIME_VAR_TIME_WDAY} { return p::make_RUN_TIME_VAR_TIME_WDAY(yytext, *driver.loc.back()); }
{VARIABLE_ARGS_COMBINED_SIZE} { return p::make_VARIABLE_ARGS_COMBINED_SIZE(*driver.loc.back()); }
{VARIABLE_ARGS_GET_NAMES} { return p::make_VARIABLE_ARGS_GET_NAMES(*driver.loc.back()); }
{VARIABLE_ARGS_NAMES} { return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
{VARIABLE_ARGS_POST_NAMES} { return p::make_VARIABLE_ARGS_POST_NAMES(*driver.loc.back()); }
{VARIABLE_AUTH_TYPE} { return p::make_VARIABLE_AUTH_TYPE(*driver.loc.back()); }
{VARIABLE_FILES_COMBINED_SIZE} { return p::make_VARIABLE_FILES_COMBINED_SIZE(*driver.loc.back()); }
{VARIABLE_FILES_TMP_NAMES} { return p::make_VARIABLE_FILES_TMP_NAMES(*driver.loc.back()); }
{VARIABLE_FULL_REQUEST_LENGTH} { return p::make_VARIABLE_FULL_REQUEST_LENGTH(*driver.loc.back()); }
{VARIABLE_FULL_REQUEST} { return p::make_VARIABLE_FULL_REQUEST(*driver.loc.back()); }
{VARIABLE_INBOUND_DATA_ERROR} { return p::make_VARIABLE_INBOUND_DATA_ERROR(*driver.loc.back()); }
@ -724,15 +678,88 @@ EQUALS_MINUS (?i:=\-)
{VARIABLE_UNIQUE_ID} { return p::make_VARIABLE_UNIQUE_ID(*driver.loc.back()); }
{VARIABLE_URL_ENCODED_ERROR} { return p::make_VARIABLE_URL_ENCODED_ERROR(*driver.loc.back()); }
{VARIABLE_USER_ID} { return p::make_VARIABLE_USER_ID(*driver.loc.back()); }
{VARIABLE_ARGS} { return p::make_VARIABLE_ARGS(*driver.loc.back()); }
{VARIABLE_ARGS}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS(*driver.loc.back()); }
{VARIABLE_ARGS_GET} { return p::make_VARIABLE_ARGS_GET(*driver.loc.back()); }
{VARIABLE_ARGS_GET}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_GET(*driver.loc.back()); }
{VARIABLE_ARGS_POST} { return p::make_VARIABLE_ARGS_POST(*driver.loc.back()); }
{VARIABLE_ARGS_POST}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_POST(*driver.loc.back()); }
{VARIABLE_FILES_SIZES} { return p::make_VARIABLE_FILES_SIZES(*driver.loc.back()); }
{VARIABLE_FILES_SIZES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES_SIZES(*driver.loc.back()); }
{VARIABLE_FILES_NAMES} { return p::make_VARIABLE_FILES_NAMES(*driver.loc.back()); }
{VARIABLE_FILES_NAMES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES_NAMES(*driver.loc.back()); }
{VARIABLE_FILES_TMP_CONTENT} { return p::make_VARIABLE_FILES_TMP_CONTENT(*driver.loc.back()); }
{VARIABLE_FILES_TMP_CONTENT}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES_TMP_CONTENT(*driver.loc.back()); }
{VARIABLE_MULTIPART_FILENAME} { return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
{VARIABLE_MULTIPART_FILENAME}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
{VARIABLE_MULTIPART_NAME} { return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
{VARIABLE_MULTIPART_NAME}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
{VARIABLE_MATCHED_VARS_NAMES} { return p::make_VARIABLE_MATCHED_VARS_NAMES(*driver.loc.back()); }
{VARIABLE_MATCHED_VARS_NAMES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MATCHED_VARS_NAMES(*driver.loc.back()); }
{VARIABLE_MATCHED_VARS} { return p::make_VARIABLE_MATCHED_VARS(*driver.loc.back()); }
{VARIABLE_MATCHED_VARS}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MATCHED_VARS(*driver.loc.back()); }
{VARIABLE_FILES} { return p::make_VARIABLE_FILES(*driver.loc.back()); }
{VARIABLE_FILES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES(*driver.loc.back()); }
{VARIABLE_REQUEST_COOKIES} { return p::make_VARIABLE_REQUEST_COOKIES(*driver.loc.back()); }
{VARIABLE_REQUEST_COOKIES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_REQUEST_COOKIES(*driver.loc.back()); }
{VARIABLE_REQUEST_HEADERS} { return p::make_VARIABLE_REQUEST_HEADERS(*driver.loc.back()); }
{VARIABLE_REQUEST_HEADERS}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_REQUEST_HEADERS(*driver.loc.back()); }
{VARIABLE_RESPONSE_HEADERS} { return p::make_VARIABLE_RESPONSE_HEADERS(*driver.loc.back()); }
{VARIABLE_RESPONSE_HEADERS}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_RESPONSE_HEADERS(*driver.loc.back()); }
{VARIABLE_GEO} { return p::make_VARIABLE_GEO(*driver.loc.back()); }
{VARIABLE_GEO}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_GEO(*driver.loc.back()); }
{VARIABLE_REQUEST_COOKIES_NAMES} { return p::make_VARIABLE_REQUEST_COOKIES_NAMES(*driver.loc.back()); }
{VARIABLE_REQUEST_COOKIES_NAMES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_REQUEST_COOKIES_NAMES(*driver.loc.back()); }
{VARIABLE_RULE} { return p::make_VARIABLE_RULE(*driver.loc.back()); }
{VARIABLE_RULE}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_RULE(*driver.loc.back()); }
{VARIABLE_FILES_TMP_NAMES} { return p::make_VARIABLE_FILES_TMP_NAMES(*driver.loc.back()); }
{VARIABLE_FILES_TMP_NAMES}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES_TMP_NAMES(*driver.loc.back()); }
{RUN_TIME_VAR_XML} { return p::make_RUN_TIME_VAR_XML(*driver.loc.back()); }
{RUN_TIME_VAR_XML}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_RUN_TIME_VAR_XML(*driver.loc.back()); }
{RUN_TIME_VAR_ENV} { return p::make_RUN_TIME_VAR_ENV(*driver.loc.back()); }
{RUN_TIME_VAR_ENV}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_RUN_TIME_VAR_ENV(*driver.loc.back()); }
{VARIABLE_IP} { return p::make_VARIABLE_IP(*driver.loc.back()); }
{VARIABLE_IP}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_IP(*driver.loc.back()); }
{VARIABLE_GLOBAL} { return p::make_VARIABLE_GLOBAL(*driver.loc.back()); }
{VARIABLE_GLOBAL}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_GLOBAL(*driver.loc.back()); }
{VARIABLE_SESSION} { return p::make_VARIABLE_SESSION(*driver.loc.back()); }
{VARIABLE_SESSION}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_SESSION(*driver.loc.back()); }
{VARIABLE_USER} { return p::make_VARIABLE_USER(*driver.loc.back()); }
{VARIABLE_USER}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_USER(*driver.loc.back()); }
{VARIABLE_TX} { return p::make_VARIABLE_TX(*driver.loc.back()); }
{VARIABLE_TX}[:] { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_TX(*driver.loc.back()); }
{RUN_TIME_VAR_BLD} { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_DUR} { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_HSV} { return p::make_RUN_TIME_VAR_HSV(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_REMOTE_USER} { return p::make_RUN_TIME_VAR_REMOTE_USER(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_DAY} { return p::make_RUN_TIME_VAR_TIME_DAY(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_EPOCH} { return p::make_RUN_TIME_VAR_TIME_EPOCH(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_HOUR} { return p::make_RUN_TIME_VAR_TIME_HOUR(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_MIN} { return p::make_RUN_TIME_VAR_TIME_MIN(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_MON} { return p::make_RUN_TIME_VAR_TIME_MON(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_SEC} { return p::make_RUN_TIME_VAR_TIME_SEC(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_YEAR} { return p::make_RUN_TIME_VAR_TIME_YEAR(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME} { return p::make_RUN_TIME_VAR_TIME(yytext, *driver.loc.back()); }
{RUN_TIME_VAR_TIME_WDAY} { return p::make_RUN_TIME_VAR_TIME_WDAY(yytext, *driver.loc.back()); }
{VARIABLE_WEBSERVER_ERROR_LOG} { driver.error (*driver.loc.back(), "Variable VARIABLE_WEBSERVER_ERROR_LOG is not supported by libModSecurity", ""); throw p::syntax_error(*driver.loc.back(), "");}
{VARIABLE_STATUS} { return p::make_VARIABLE_STATUS(*driver.loc.back()); }
{VAR_EXCLUSION} { return p::make_VAR_EXCLUSION(*driver.loc.back()); }
{VAR_COUNT} { return p::make_VAR_COUNT(*driver.loc.back()); }
}
<EXPECTING_VAR_PARAMETER>{
[\/]{DICT_ELEMENT}[\/] { BEGIN(EXPECTING_VARIABLE); return p::make_DICT_ELEMENT_REGEXP(yytext, *driver.loc.back()); }
[\/]{DICT_ELEMENT_WITH_PIPE}[\/] { BEGIN(EXPECTING_VARIABLE); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
{DICT_ELEMENT} { BEGIN(EXPECTING_VARIABLE); return p::make_DICT_ELEMENT(yytext, *driver.loc.back()); }
[|] { }
. { BEGIN(LEXING_ERROR_ACTION); yyless(0); }
}

35
src/request_body_processor/multipart.cc
View File

@ -342,8 +342,9 @@ int Multipart::parse_content_disposition(const char *c_d_value) {
if (name == "name") {
validate_quotes(value.c_str());
m_transaction->m_collections.storeOrUpdateFirst("MULTIPART_NAME",
value);
m_transaction->m_variableMultiPartName.set(value, value, 0);
//m_transaction->m_collections.storeOrUpdateFirst("MULTIPART_NAME",
// value);
if (!m_mpp->m_name.empty()) {
debug(4, "Multipart: Warning: Duplicate Content-Disposition " \
@ -354,8 +355,7 @@ int Multipart::parse_content_disposition(const char *c_d_value) {
debug(9, "Multipart: Content-Disposition name: " + value + ".");
} else if (name == "filename") {
validate_quotes(value.c_str());
collection::Collections *c = &m_transaction->m_collections;
c->storeOrUpdateFirst("MULTIPART_FILENAME", value);
m_transaction->m_variableMultiPartFileName.set(value, value, 0);
if (!m_mpp->m_filename.empty()) {
debug(4, "Multipart: Warning: Duplicate Content-Disposition " \
@ -998,24 +998,25 @@ int Multipart::multipart_complete(std::string *error) {
if (!m->m_filename.empty()) {
name.assign(m->m_filename);
}
m_transaction->m_collections.store("FILES:" + m->m_filename,
m->m_filename);
m_transaction->m_collections.store("FILES_NAMES:" + m->m_name,
m->m_name);
m_transaction->m_collections.store("FILES_SIZES:" + m->m_name,
std::to_string(m->m_tmp_file_size));
m_transaction->m_collections.store("FILES_TMP_CONTENT:" \
+ m->m_name, m->m_value);
m_transaction->m_collections.store("FILES_TMPNAMES:" \
+ m->m_filename, tmp_name);
m_transaction->m_variableFiles.set(m->m_filename,
m->m_filename, 0);
m_transaction->m_variableFilesNames.set(m->m_name,
m->m_name, 0);
m_transaction->m_variableFilesSizes.set(m->m_name,
std::to_string(m->m_tmp_file_size), 0);
m_transaction->m_variableFilesTmpContent.set(m->m_name,
m->m_value, 0);
m_transaction->m_variableFilesTmpContent.set(m->m_name,
m->m_value, 0);
m_transaction->m_variableFilesTmpNames.set(m->m_name,
m->m_value, 0);
file_combined_size = file_combined_size + m->m_tmp_file_size;
} else {
debug(4, "Adding request argument (BODY): name \"" +
m->m_name + "\", value \"" + m->m_value + "\"");
m_transaction->m_variableArgs.set(m->m_name, m->m_value,
m_transaction->m_variableOffset);
m_transaction->m_collections.store("ARGS_POST:" + m->m_name,
m->m_value);
m_transaction->m_variableArgsPost.set(m->m_name, m->m_value, 0);
}
#if 0
if (m_transaction->m_namesArgs->empty()) {
@ -1031,7 +1032,7 @@ int Multipart::multipart_complete(std::string *error) {
}
m_transaction->m_ARGScombinedSize = \
m_transaction->->m_ARGScombinedSize + \
m_transaction->m_ARGScombinedSize + \
m->m_name.length() + m->m_value.length();
m_transaction->m_ARGScombinedSizeStr->assign(
std::to_string(m_transaction->->m_ARGScombinedSize));

255
src/rule.cc
View File

@ -29,7 +29,6 @@
#include "modsecurity/modsecurity.h"
#include "src/actions/transformations/none.h"
#include "src/actions/tag.h"
#include "src/variables/variations/exclusion.h"
#include "src/utils/string.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
@ -37,10 +36,9 @@
#include "src/actions/msg.h"
#include "src/actions/log_data.h"
#include "src/actions/severity.h"
#include "src/variables/variable.h"
using modsecurity::Variables::Variations::Exclusion;
namespace modsecurity {
using operators::Operator;
@ -48,74 +46,55 @@ using actions::Action;
using Variables::Variable;
using actions::transformations::None;
Rule::~Rule() {
if (op != NULL) {
delete op;
}
while (m_actionsConf.empty() == false) {
auto *a = m_actionsConf.back();
m_actionsConf.pop_back();
delete a;
}
while (m_actionsRuntimePre.empty() == false) {
auto *a = m_actionsRuntimePre.back();
m_actionsRuntimePre.pop_back();
delete a;
}
while (m_actionsRuntimePos.empty() == false) {
auto *a = m_actionsRuntimePos.back();
m_actionsRuntimePos.pop_back();
delete a;
}
while (variables != NULL && variables->empty() == false) {
auto *a = variables->back();
variables->pop_back();
delete a;
}
if (variables != NULL) {
delete variables;
}
if (chainedRule != NULL) {
delete chainedRule;
}
}
Rule::Rule(std::string marker)
: chained(false),
chainedRule(NULL),
variables(NULL),
op(NULL),
rule_id(0),
phase(-1),
m_accuracy(0),
m_unconditional(false),
m_secmarker(true),
: m_accuracy(0),
m_actionsConf(),
m_actionsRuntimePos(),
m_actionsRuntimePre(),
m_chained(false),
m_chainedRule(NULL),
m_fileName(""),
m_lineNumber(0),
m_logData(""),
m_marker(marker),
m_maturity(0),
m_referenceCount(1),
m_fileName(""),
m_lineNumber(0) { }
m_op(NULL),
m_phase(-1),
m_rev(""),
m_ruleId(0),
m_secMarker(true),
m_variables(NULL),
m_ver(""),
m_unconditional(false),
m_referenceCount(1) { }
Rule::Rule(Operator *_op,
std::vector<Variable *> *_variables,
std::vector<Action *> *actions,
std::string fileName,
int lineNumber): chained(false),
chainedRule(NULL),
variables(_variables),
op(_op),
rule_id(0),
phase(-1),
m_accuracy(0),
m_unconditional(false),
m_secmarker(false),
int lineNumber)
: m_accuracy(0),
m_actionsConf(),
m_actionsRuntimePos(),
m_actionsRuntimePre(),
m_chained(false),
m_chainedRule(NULL),
m_fileName(fileName),
m_lineNumber(lineNumber),
m_logData(""),
m_marker(""),
m_maturity(0),
m_referenceCount(1),
m_fileName(fileName),
m_lineNumber(lineNumber) {
m_op(_op),
m_phase(-1),
m_rev(""),
m_ruleId(0),
m_secMarker(false),
m_variables(_variables),
m_ver(""),
m_unconditional(false),
m_referenceCount(1) {
if (actions != NULL) {
for (Action *a : *actions) {
if (a->action_kind == Action::ConfigurationKind) {
@ -137,11 +116,11 @@ Rule::Rule(Operator *_op,
* If phase is not entered, we assume phase 2. For historical reasons.
*
*/
if (phase == -1) {
phase = modsecurity::Phases::RequestHeadersPhase;
if (m_phase == -1) {
m_phase = modsecurity::Phases::RequestHeadersPhase;
}
if (op == NULL) {
if (m_op == NULL) {
m_unconditional = true;
}
@ -149,6 +128,41 @@ Rule::Rule(Operator *_op,
}
Rule::~Rule() {
if (m_op != NULL) {
delete m_op;
}
while (m_actionsConf.empty() == false) {
auto *a = m_actionsConf.back();
m_actionsConf.pop_back();
delete a;
}
while (m_actionsRuntimePre.empty() == false) {
auto *a = m_actionsRuntimePre.back();
m_actionsRuntimePre.pop_back();
delete a;
}
while (m_actionsRuntimePos.empty() == false) {
auto *a = m_actionsRuntimePos.back();
m_actionsRuntimePos.pop_back();
delete a;
}
while (m_variables != NULL && m_variables->empty() == false) {
auto *a = m_variables->back();
m_variables->pop_back();
delete a;
}
if (m_variables != NULL) {
delete m_variables;
}
if (m_chainedRule != NULL) {
delete m_chainedRule;
}
}
std::vector<std::string> Rule::getActionNames() {
std::vector<std::string> a;
for (auto &z : this->m_actionsRuntimePos) {
@ -175,55 +189,53 @@ void Rule::updateMatchedVars(Transaction *trasn, std::string key,
trasn->debug(4, "Matched vars updated.");
trasn->m_variableMatchedVar.set(value, trasn->m_variableOffset);
trasn->m_variableMatchedVarName.set(key, trasn->m_variableOffset);
trasn->m_collections.store("MATCHED_VARS:" + key, value);
trasn->m_collections.store("MATCHED_VARS_NAMES:" + key, key);
trasn->m_variableMatchedVars.set(key, value, trasn->m_variableOffset);
trasn->m_variableMatchedVarsNames.set(key, key, trasn->m_variableOffset);
}
void Rule::cleanMatchedVars(Transaction *trasn) {
trasn->debug(4, "Matched vars cleaned.");
trasn->m_variableMatchedVar.set("", trasn->m_variableOffset);
trasn->m_variableMatchedVarName.set("", trasn->m_variableOffset);
trasn->m_collections.del("MATCHED_VARS_NAME");
trasn->m_collections.del("MATCHED_VARS");
trasn->m_collections.del("MATCHED_VARS_NAMES");
trasn->m_variableMatchedVar.unset();
trasn->m_variableMatchedVars.unset();
trasn->m_variableMatchedVarName.unset();
trasn->m_variableMatchedVarsNames.unset();
}
void Rule::updateRulesVariable(Transaction *trasn) {
if (rule_id != 0) {
trasn->m_collections.storeOrUpdateFirst("RULE:id",
std::to_string(rule_id));
if (m_ruleId != 0) {
trasn->m_variableRule.set("id", std::to_string(m_ruleId), 0);
}
if (m_rev.empty() == false) {
trasn->m_collections.storeOrUpdateFirst("RULE:rev", m_rev);
trasn->m_variableRule.set("rev", m_rev, 0);
}
if (getActionsByName("msg").size() > 0) {
actions::Msg *msg = dynamic_cast<actions::Msg*>(
getActionsByName("msg")[0]);
trasn->m_collections.storeOrUpdateFirst("RULE:msg", msg->data(trasn));
trasn->m_variableRule.set("msg", msg->data(trasn), 0);
}
if (getActionsByName("logdata").size() > 0) {
actions::LogData *data = dynamic_cast<actions::LogData*>(
getActionsByName("logdata")[0]);
trasn->m_collections.storeOrUpdateFirst("RULE:logdata",
data->data(trasn));
trasn->m_variableRule.set("logdata", data->data(trasn), 0);
}
if (getActionsByName("severity").size() > 0) {
actions::Severity *data = dynamic_cast<actions::Severity*>(
getActionsByName("severity")[0]);
trasn->m_collections.storeOrUpdateFirst("RULE:severity",
std::to_string(data->m_severity));
trasn->m_variableRule.set("severity",
std::to_string(data->m_severity), 0);
}
}
std::string Rule::resolveMatchMessage(std::string key, std::string value) {
std::string ret = this->op->m_match_message;
std::string ret = this->m_op->m_match_message;
if (ret.empty() == true) {
ret = "Matched \"Operator `" + this->op->m_op + "' with parameter `" +
utils::string::limitTo(200, this->op->m_param) +
ret = "Matched \"Operator `" + this->m_op->m_op + "' with parameter `" +
utils::string::limitTo(200, this->m_op->m_param) +
"' against variable `" + key + "' (Value: `" +
utils::string::limitTo(100, utils::string::toHexIfNeeded(value)) +
"' ) \" at " + key;
@ -268,7 +280,7 @@ bool Rule::executeOperatorAt(Transaction *trasn, std::string key,
utils::string::toHexIfNeeded(value)) \
+ "\" (Variable: " + key + ")");
ret = this->op->evaluateInternal(trasn, this, value, ruleMessage);
ret = this->m_op->evaluateInternal(trasn, this, value, ruleMessage);
if (ret == false) {
return false;
}
@ -323,7 +335,7 @@ std::list<std::pair<std::unique_ptr<std::string>,
// Notice that first we make sure that won't be a t:none
// on the target rule.
if (none == 0) {
for (Action *a : trasn->m_rules->m_defaultActions[this->phase]) {
for (Action *a : trasn->m_rules->m_defaultActions[this->m_phase]) {
if (a->action_kind \
== actions::Action::RunTimeBeforeMatchAttemptKind) {
newValue = std::unique_ptr<std::string>(
@ -400,11 +412,11 @@ std::list<std::pair<std::unique_ptr<std::string>,
}
std::vector<const collection::Variable *> Rule::getFinalVars(
std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(
Transaction *trasn) {
std::list<const std::string*> exclusions;
std::vector<Variable *> *variables = this->variables;
std::vector<const collection::Variable *> finalVars;
std::vector<Variable *> *variables = m_variables;
std::vector<std::unique_ptr<collection::Variable>> finalVars;
for (int i = 0; i < variables->size(); i++) {
Variable *variable = variables->at(i);
@ -413,7 +425,7 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
variable->evaluateInternal(trasn, this, &z);
for (auto &y : z) {
exclusions.push_back(y->m_key);
delete y;
//delete y;
}
exclusions.push_back(&variable->m_name);
}
@ -431,7 +443,6 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
variable->evaluateInternal(trasn, this, &e);
for (const collection::Variable *v : e) {
const std::string *key = v->m_key;
if (std::find_if(exclusions.begin(), exclusions.end(),
[key](const std::string *m) -> bool { return *key == *m; })
!= exclusions.end()) {
@ -470,7 +481,7 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
for (auto &i : trasn->m_ruleRemoveTargetById) {
int id = i.first;
std::string args = i.second;
if (rule_id != id) {
if (m_ruleId != id) {
continue;
}
if (args == *key) {
@ -488,7 +499,17 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
continue;
}
finalVars.push_back(v);
std::unique_ptr<collection::Variable> var(new collection::Variable(
new std::string(*v->m_key),
new std::string(*v->m_value)));
var->m_dynamic_value = true;
var->m_dynamic_key = true;
if (v->m_dynamic) {
delete v;
v = NULL;
}
finalVars.push_back(std::move(var));
}
}
return finalVars;
@ -498,7 +519,7 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
void Rule::executeActionsAfterFullMatch(Transaction *trasn,
bool containsDisruptive, RuleMessage *ruleMessage) {
for (Action *a : trasn->m_rules->m_defaultActions[this->phase]) {
for (Action *a : trasn->m_rules->m_defaultActions[this->m_phase]) {
if (a->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
continue;
}
@ -545,10 +566,6 @@ void Rule::executeActionsAfterFullMatch(Transaction *trasn,
trasn->debug(4, "Running (disruptive) action: " + a->m_name);
a->evaluate(this, trasn, ruleMessage);
continue;
} else {
trasn->debug(4, "_Not_ running (disruptive) action: "
+ a->m_name + ". SecRuleEngine is not On.");
continue;
}
trasn->debug(4, "Not running disruptive action: " + \
@ -559,20 +576,20 @@ void Rule::executeActionsAfterFullMatch(Transaction *trasn,
bool Rule::evaluate(Transaction *trasn) {
bool globalRet = false;
std::vector<Variable *> *variables = this->variables;
std::vector<Variable *> *variables = this->m_variables;
bool recursiveGlobalRet;
bool containsDisruptive = false;
RuleMessage ruleMessage(this);
std::vector<const collection::Variable *> finalVars;
std::vector<std::unique_ptr<collection::Variable>> finalVars;
std::string eparam;
trasn->m_matched.clear();
if (m_secmarker == true) {
if (m_secMarker == true) {
return true;
}
if (m_unconditional == true) {
trasn->debug(4, "(Rule: " + std::to_string(rule_id) \
trasn->debug(4, "(Rule: " + std::to_string(m_ruleId) \
+ ") Executing unconditional rule...");
executeActionsIndependentOfChainedRuleResult(trasn,
&containsDisruptive, &ruleMessage);
@ -580,24 +597,24 @@ bool Rule::evaluate(Transaction *trasn) {
}
for (auto &i : trasn->m_ruleRemoveById) {
if (rule_id != i) {
if (m_ruleId != i) {
continue;
}
trasn->debug(9, "Rule id: " + std::to_string(rule_id) +
trasn->debug(9, "Rule id: " + std::to_string(m_ruleId) +
" was skipped due to an ruleRemoveById action...");
return true;
}
eparam = MacroExpansion::expand(this->op->m_param, trasn);
eparam = MacroExpansion::expand(this->m_op->m_param, trasn);
if (this->op->m_param != eparam) {
eparam = "\"" + eparam + "\" Was: \"" + this->op->m_param + "\"";
if (this->m_op->m_param != eparam) {
eparam = "\"" + eparam + "\" Was: \"" + this->m_op->m_param + "\"";
} else {
eparam = "\"" + eparam + "\"";
}
trasn->debug(4, "(Rule: " + std::to_string(rule_id) \
+ ") Executing operator \"" + this->op->m_op \
trasn->debug(4, "(Rule: " + std::to_string(m_ruleId) \
+ ") Executing operator \"" + this->m_op->m_op \
+ "\" with param " \
+ eparam \
+ " against " \
@ -607,7 +624,7 @@ bool Rule::evaluate(Transaction *trasn) {
finalVars = getFinalVars(trasn);
for (const collection::Variable *v : finalVars) {
for (auto &v : finalVars) {
const std::string value = *(v->m_value);
const std::string key = *(v->m_key);
@ -650,32 +667,24 @@ bool Rule::evaluate(Transaction *trasn) {
trasn->debug(4, "Rule returned 1.");
if (this->chained == false) {
if (this->m_chained == false) {
goto end_exec;
}
if (this->chainedRule == NULL) {
if (this->m_chainedRule == NULL) {
trasn->debug(4, "Rule is marked as chained but there " \
"isn't a subsequent rule.");
goto end_clean;
}
trasn->debug(4, "Executing chained rule.");
recursiveGlobalRet = this->chainedRule->evaluate(trasn);
recursiveGlobalRet = this->m_chainedRule->evaluate(trasn);
if (recursiveGlobalRet == true) {
goto end_exec;
}
end_clean:
while (finalVars.empty() == false) {
auto *a = finalVars.back();
finalVars.pop_back();
if (a->m_dynamic) {
delete a;
}
}
return false;
end_exec:
@ -688,14 +697,6 @@ end_exec:
trasn->m_rulesMessages.push_back(ruleMessage);
}
while (finalVars.empty() == false) {
auto *a = finalVars.back();
finalVars.pop_back();
if (a->m_dynamic) {
delete a;
}
}
return true;
}

14
src/rules.cc
View File

@ -186,11 +186,11 @@ int Rules::evaluate(int phase, Transaction *transaction) {
for (int i = 0; i < rules.size(); i++) {
Rule *rule = rules[i];
if (transaction->m_marker.empty() == false) {
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "' due to a SecMarker: " + transaction->m_marker);
m_secmarker_skipped++;
debug(9, "Rule: " + rule->m_marker);
if (rule->m_secmarker && rule->m_marker == transaction->m_marker) {
if (rule->m_secMarker && rule->m_marker == transaction->m_marker) {
debug(4, "Out of a SecMarker after skip " \
+ std::to_string(m_secmarker_skipped) + " rules.");
transaction->m_marker.clear();
@ -198,15 +198,15 @@ int Rules::evaluate(int phase, Transaction *transaction) {
}
} else if (transaction->m_skip_next > 0) {
transaction->m_skip_next--;
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "' due to a `skip' action. Still " + \
std::to_string(transaction->m_skip_next) + " to be skipped.");
} else if (transaction->m_allowType
!= actions::disruptive::NoneAllowType) {
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "' as request trough the utilization of an `allow' action.");
} else if (m_exceptions.contains(rule->rule_id)) {
debug(9, "Skipped rule id '" + std::to_string(rule->rule_id) \
} else if (m_exceptions.contains(rule->m_ruleId)) {
debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "'. Removed by an SecRuleRemove directive.");
} else {
rule->evaluate(transaction);
@ -259,7 +259,7 @@ void Rules::dump() {
std::cout << " (" << std::to_string(rules.size());
std::cout << " rules)" << std::endl;
for (int j = 0; j < rules.size(); j++) {
std::cout << " Rule ID: " << std::to_string(rules[j]->rule_id);
std::cout << " Rule ID: " << std::to_string(rules[j]->m_ruleId);
std::cout << "--" << rules[j] << std::endl;
}
}

69
src/transaction.cc
View File

@ -291,10 +291,10 @@ bool Transaction::addArgument(const std::string& orig, const std::string& key,
m_variableArgs.set(key, value, m_variableOffset);
if (orig == "GET") {
m_collections.store("ARGS_GET:" + key, value);
m_variableArgsGet.set(key, value, m_variableOffset);
m_variableArgGetNames.append(key, offset, true);
} else if (orig == "POST") {
m_collections.store("ARGS_POST:" + key, value);
m_variableArgsPost.set(key, value, m_variableOffset);
m_variableArgPostNames.append(key, offset, true);
}
m_variableArgsNames.append(key, offset, true);
@ -471,7 +471,8 @@ int Transaction::addRequestHeader(const std::string& key,
const std::string& value) {
m_variableRequestHeadersNames.append(key, 0, true);
this->m_collections.store("REQUEST_HEADERS:" + key, value);
m_variableRequestHeaders.set(key, value, m_variableOffset);
std::string keyl = utils::string::tolower(key);
if (keyl == "authorization") {
@ -488,10 +489,9 @@ int Transaction::addRequestHeader(const std::string& key,
if (s[0].at(0) == ' ') {
s[0].erase(0, 1);
}
this->m_collections.store("REQUEST_COOKIES:"
+ s[0], s[1]);
this->m_collections.store("REQUEST_COOKIES_NAMES:"
+ s[0], s[0]);
m_variableRequestCookies.set(s[0], s[1], m_variableOffset);
m_variableRequestCookiesNames.set(s[0],
s[0], m_variableOffset);
}
cookies.pop_back();
}
@ -622,6 +622,8 @@ int Transaction::processRequestBody() {
* }
*
*/
std::unique_ptr<std::string> a = m_variableRequestHeaders.resolveFirst(
"Content-Type");
if (m_requestBodyProcessor == XMLRequestBody) {
std::string error;
if (m_xml->init() == true) {
@ -662,11 +664,8 @@ int Transaction::processRequestBody() {
}
} else if (m_requestBodyType == MultiPartRequestBody) {
std::string error;
std::string *a = m_collections.resolveFirst(
"REQUEST_HEADERS:Content-Type");
if (a != NULL) {
Multipart m(*a, this);
if (m.init(&error) == true) {
m.process(m_requestBody.str(), &error);
}
@ -685,14 +684,12 @@ int Transaction::processRequestBody() {
}
} else if (m_requestBodyType == WWWFormUrlEncoded) {
extractArguments("POST", m_requestBody.str(), 0);
} else if (m_collections.resolveFirst(
"REQUEST_HEADERS:Content-Type") != NULL) {
std::string *a = m_collections.resolveFirst(
"REQUEST_HEADERS:Content-Type");
} else if (a != NULL) {
std::string error;
if (a != NULL && a->empty() == false) {
error.assign(*a);
}
m_variableReqbodyError.set("1", m_variableOffset);
m_variableReqbodyProcessorError.set("1", m_variableOffset);
m_variableReqbodyErrorMsg.set("Unknown request body processor: " \
@ -733,16 +730,11 @@ int Transaction::processRequestBody() {
*/
std::string fullRequest;
std::vector<const collection::Variable *> l;
m_collections.resolveMultiMatches("REQUEST_HEADERS", &l);
m_variableRequestHeaders.resolve(&l);
for (auto &a : l) {
fullRequest = fullRequest + \
std::string(*a->m_key, 16, a->m_key->length() - 16) + ": " \
+ *a->m_value + "\n";
}
while (l.empty() == false) {
delete l.back();
l.pop_back();
std::string z(*a->m_key, 16, a->m_key->length() - 16);
z = z + ": " + *a->m_value;
fullRequest = fullRequest + z + "\n";
}
fullRequest = fullRequest + "\n\n";
@ -923,8 +915,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
int Transaction::addResponseHeader(const std::string& key,
const std::string& value) {
m_variableResponseHeadersNames.append(key, 0, true);
this->m_collections.store("RESPONSE_HEADERS:" + key, value);
m_variableResponseHeaders.set(key, value, m_variableOffset);
if (utils::string::tolower(key) == "content-type") {
// Removes the charset=...
@ -1290,15 +1281,16 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename,
strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
ss << utils::string::dash_if_empty(
this->m_collections.resolveFirst("REQUEST_HEADERS:Host")) << " ";
m_variableRequestHeaders.resolveFirst("Host").get())
<< " ";
ss << utils::string::dash_if_empty(this->m_clientIpAddress) << " ";
/** TODO: Check variable */
ss << utils::string::dash_if_empty(
this->m_collections.resolveFirst("REMOTE_USER"));
m_collections.resolveFirst("REMOTE_USER").get());
ss << " ";
/** TODO: Check variable */
ss << utils::string::dash_if_empty(
this->m_collections.resolveFirst("LOCAL_USER"));
this->m_collections.resolveFirst("LOCAL_USER").get());
ss << " ";
ss << tstr << " ";
@ -1312,15 +1304,15 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename,
ss << this->m_responseBody.tellp();
/** TODO: Check variable */
ss << utils::string::dash_if_empty(
this->m_collections.resolveFirst("REFERER")) << " ";
this->m_collections.resolveFirst("REFERER").get()) << " ";
ss << "\"";
ss << utils::string::dash_if_empty(
this->m_collections.resolveFirst("REQUEST_HEADERS:User-Agent"));
m_variableRequestHeaders.resolveFirst("User-Agent").get());
ss << "\" ";
ss << this->m_id << " ";
/** TODO: Check variable */
ss << utils::string::dash_if_empty(
this->m_collections.resolveFirst("REFERER")) << " ";
this->m_collections.resolveFirst("REFERER").get()) << " ";
ss << filename << " ";
ss << "0" << " ";
@ -1356,12 +1348,11 @@ std::string Transaction::toOldAuditLogFormat(int parts,
audit_log << this->m_method << " " << this->m_uri << " " << "HTTP/";
audit_log << this->m_httpVersion << std::endl;
m_collections.m_transient->resolveMultiMatches("REQUEST_HEADERS", &l);
m_variableRequestHeaders.resolve(&l);
for (auto h : l) {
size_t pos = strlen("REQUEST_HEADERS:");
audit_log << h->m_key->c_str() + pos << ": ";
audit_log << h->m_value->c_str() << std::endl;
delete h;
}
audit_log << std::endl;
}
@ -1388,12 +1379,11 @@ std::string Transaction::toOldAuditLogFormat(int parts,
std::vector<const collection::Variable *> l;
audit_log << "--" << trailer << "-" << "F--" << std::endl;
m_collections.m_transient->resolveMultiMatches("RESPONSE_HEADERS", &l);
m_variableResponseHeaders.resolve(&l);
for (auto h : l) {
size_t pos = strlen("RESPONSE_HEADERS:");
audit_log << h->m_key->c_str() + pos << ": ";
audit_log << h->m_value->c_str() << std::endl;
delete h;
}
}
audit_log << std::endl;
@ -1436,7 +1426,7 @@ std::string Transaction::toJSON(int parts) {
#ifdef WITH_YAJL
const unsigned char *buf;
size_t len;
yajl_gen g = NULL;
yajl_gen g;
std::string ts = utils::string::ascTime(&m_timeStamp).c_str();
std::string uniqueId = UniqueId::uniqueId();
@ -1484,12 +1474,10 @@ std::string Transaction::toJSON(int parts) {
strlen("headers"));
yajl_gen_map_open(g);
m_collections.m_transient->resolveMultiMatches("REQUEST_HEADERS", &l);
m_variableRequestHeaders.resolve(&l);
for (auto h : l) {
size_t pos = strlen("REQUEST_HEADERS:");
LOGFY_ADD(h->m_key->c_str() + pos, h->m_value->c_str());
delete h;
}
/* end: request headers */
@ -1516,11 +1504,10 @@ std::string Transaction::toJSON(int parts) {
strlen("headers"));
yajl_gen_map_open(g);
m_collections.m_transient->resolveMultiMatches("RESPONSE_HEADERS", &l);
m_variableResponseHeaders.resolve(&l);
for (auto h : l) {
size_t pos = strlen("RESPONSE_HEADERS:");
LOGFY_ADD(h->m_key->c_str() + pos, h->m_value->c_str());
delete h;
}
/* end: response headers */

3
src/utils/random.cc
View File

@ -27,11 +27,14 @@ namespace utils {
double random_number(const double from, const double to) {
#if 0
std::random_device rd;
std::mt19937 mt(rd());
return std::bind(
std::uniform_real_distribution<>{from, to},
std::default_random_engine{ mt() })();
#endif
return from+1;
}

82
src/variables/args.h Normal file
View File

@ -0,0 +1,82 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_ARGS_H_
#define SRC_VARIABLES_ARGS_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class Args_DictElement : public Variable {
public:
Args_DictElement(std::string dictElement)
: Variable("ARGS" + std::string(":") + std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgs.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class Args_NoDictElement : public Variable {
public:
Args_NoDictElement()
: Variable("ARGS") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgs.resolve(l);
}
};
class Args_DictElementRegexp : public Variable {
public:
Args_DictElementRegexp(std::string dictElement)
: Variable("ARGS:regex(" + dictElement + ")"),
m_r(dictElement) {
}
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableArgs.resolveRegularExpression(&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_ARGS_H_

3
src/variables/args_combined_size.h
View File

@ -34,7 +34,8 @@ class ArgsCombinedSize : public Variable {
ArgsCombinedSize()
: Variable("ARGS_COMBINED_SIZE") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableARGScombinedSize.evaluate(l);
}

81
src/variables/args_get.h Normal file
View File

@ -0,0 +1,81 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_ARGS_GET_H_
#define SRC_VARIABLES_ARGS_GET_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class ArgsGet_DictElement : public Variable {
public:
ArgsGet_DictElement(std::string dictElement)
: Variable("ARGS_GET" + std::string(":") + std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgsGet.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class ArgsGet_NoDictElement : public Variable {
public:
ArgsGet_NoDictElement()
: Variable("ARGS_GET") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgsGet.resolve(l);
}
};
class ArgsGet_DictElementRegexp : public Variable {
public:
ArgsGet_DictElementRegexp(std::string dictElement)
: Variable("ARGS_GET"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableArgsGet.resolveRegularExpression(&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_ARGS_GET_H_

3
src/variables/args_get_names.h
View File

@ -34,7 +34,8 @@ class ArgsGetNames : public Variable {
ArgsGetNames()
: Variable("ARGS_GET_NAMES") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgGetNames.evaluate(l);
}

3
src/variables/args_names.h
View File

@ -34,7 +34,8 @@ class ArgsNames : public Variable {
ArgsNames()
: Variable("ARGS_NAMES") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgsNames.evaluate(l);
}

81
src/variables/args_post.h Normal file
View File

@ -0,0 +1,81 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_ARGS_POST_H_
#define SRC_VARIABLES_ARGS_POST_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class ArgsPost_DictElement : public Variable {
public:
ArgsPost_DictElement(std::string dictElement)
: Variable("ARGS_POST" + std::string(":") + std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgsPost.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class ArgsPost_NoDictElement : public Variable {
public:
ArgsPost_NoDictElement()
: Variable("ARGS_POST") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgsPost.resolve(l);
}
};
class ArgsPost_DictElementRegexp : public Variable {
public:
ArgsPost_DictElementRegexp(std::string dictElement)
: Variable("ARGS_POST"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableArgsPost.resolveRegularExpression(&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_ARGS_POST_H_

3
src/variables/args_post_names.h
View File

@ -34,7 +34,8 @@ class ArgsPostNames : public Variable {
ArgsPostNames()
: Variable("ARGS_POST_NAMES") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableArgPostNames.evaluate(l);
}

3
src/variables/auth_type.h
View File

@ -34,7 +34,8 @@ class AuthType : public Variable {
AuthType()
: Variable("AUTH_TYPE") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableAuthType.evaluate(l);
}

5
src/variables/duration.cc
View File

@ -27,8 +27,9 @@
namespace modsecurity {
namespace Variables {
void Duration::evaluateInternal(Transaction *transaction,
std::vector<const collection::Variable *> *l) {
void Duration::evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
double e = utils::cpu_seconds() - transaction->m_creationTimeStamp;
transaction->m_variableDuration.assign(std::to_string(e));

3
src/variables/duration.h
View File

@ -34,7 +34,8 @@ class Duration : public Variable {
: Variable(_name),
m_retName("DURATION") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override;
std::string m_retName;
};

3
src/variables/env.cc
View File

@ -32,7 +32,8 @@ extern char **environ;
namespace modsecurity {
namespace Variables {
void Env::evaluateInternal(Transaction *transaction,
void Env::evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
for (char **current = environ; *current; current++) {
std::string env = std::string(*current);

3
src/variables/env.h
View File

@ -33,7 +33,8 @@ class Env : public Variable {
explicit Env(std::string _name)
: Variable(_name) { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override;
};

83
src/variables/files.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_FILES_H_
#define SRC_VARIABLES_FILES_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class Files_DictElement : public Variable {
public:
Files_DictElement(std::string dictElement)
: Variable("FILES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFiles.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class Files_NoDictElement : public Variable {
public:
Files_NoDictElement()
: Variable("FILES") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFiles.resolve(l);
}
};
class Files_DictElementRegexp : public Variable {
public:
Files_DictElementRegexp(std::string dictElement)
: Variable("FILES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableFiles.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_FILES_H_

3
src/variables/files_combined_size.h
View File

@ -34,7 +34,8 @@ class FilesCombinedSize : public Variable {
FilesCombinedSize()
: Variable("FILES_COMBINED_SIZE") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesCombinedSize.evaluate(l);
}

84
src/variables/files_names.h Normal file
View File

@ -0,0 +1,84 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_FILES_NAMES_H_
#define SRC_VARIABLES_FILES_NAMES_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class FilesNames_DictElement : public Variable {
public:
FilesNames_DictElement(std::string dictElement)
: Variable("FILES_NAMES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesNames.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class FilesNames_NoDictElement : public Variable {
public:
FilesNames_NoDictElement()
: Variable("FILES_NAMES") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesNames.resolve(l);
}
};
class FilesNames_DictElementRegexp : public Variable {
public:
FilesNames_DictElementRegexp(std::string dictElement)
: Variable("FILES_NAMES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableFilesNames.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_FILES_NAMES_H_

83
src/variables/files_sizes.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_FILES_SIZES_H_
#define SRC_VARIABLES_FILES_SIZES_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class FilesSizes_DictElement : public Variable {
public:
FilesSizes_DictElement(std::string dictElement)
: Variable("FILES_SIZES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesSizes.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class FilesSizes_NoDictElement : public Variable {
public:
FilesSizes_NoDictElement()
: Variable("FILES_SIZES") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesSizes.resolve(l);
}
};
class FilesSizes_DictElementRegexp : public Variable {
public:
FilesSizes_DictElementRegexp(std::string dictElement)
: Variable("FILES_SIZES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableFilesSizes.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_FILES_SIZES_H_

83
src/variables/files_tmp_content.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_FILES_TMP_CONTENT_H_
#define SRC_VARIABLES_FILES_TMP_CONTENT_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class FilesTmpContent_DictElement : public Variable {
public:
FilesTmpContent_DictElement(std::string dictElement)
: Variable("FILES_TMP_CONTENT" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesTmpContent.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class FilesTmpContent_NoDictElement : public Variable {
public:
FilesTmpContent_NoDictElement()
: Variable("FILES_TMP_CONTENT") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesTmpContent.resolve(l);
}
};
class FilesTmpContent_DictElementRegexp : public Variable {
public:
FilesTmpContent_DictElementRegexp(std::string dictElement)
: Variable("FILES_TMP_CONTENT"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableFilesTmpContent.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_FILES_TMP_CONTENT_H_

45
src/variables/files_tmp_names.h
View File

@ -28,18 +28,53 @@ namespace modsecurity {
class Transaction;
namespace Variables {
class FilesTmpNames : public Variable {
class FilesTmpNames_DictElement : public Variable {
public:
FilesTmpNames()
FilesTmpNames_DictElement(std::string dictElement)
: Variable("FILES_TMPNAMES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesTmpNames.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class FilesTmpNames_NoDictElement : public Variable {
public:
FilesTmpNames_NoDictElement()
: Variable("FILES_TMPNAMES") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFilesTmpNames.evaluate(l);
transaction->m_variableFilesTmpNames.resolve(l);
}
};
class FilesTmpNames_DictElementRegexp : public Variable {
public:
FilesTmpNames_DictElementRegexp(std::string dictElement)
: Variable("FILES_TMPNAMES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableFilesTmpNames.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity

3
src/variables/full_request.h
View File

@ -34,7 +34,8 @@ class FullRequest : public Variable {
FullRequest()
: Variable("FULL_REQUEST") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFullRequest.evaluate(l);
}

3
src/variables/full_request_length.h
View File

@ -34,7 +34,8 @@ class FullRequestLength : public Variable {
FullRequestLength()
: Variable("FULL_REQUEST_LENGTH") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableFullRequestLength.evaluate(l);
}

83
src/variables/geo.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_GEO_H_
#define SRC_VARIABLES_GEO_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class Geo_DictElement : public Variable {
public:
Geo_DictElement(std::string dictElement)
: Variable("GEO" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableGeo.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class Geo_NoDictElement : public Variable {
public:
Geo_NoDictElement()
: Variable("GEO") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableGeo.resolve(l);
}
};
class Geo_DictElementRegexp : public Variable {
public:
Geo_DictElementRegexp(std::string dictElement)
: Variable("GEO"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableGeo.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_GEO_H_

84
src/variables/global.h Normal file
View File

@ -0,0 +1,84 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_GLOBAL_H_
#define SRC_VARIABLES_GLOBAL_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class Global_DictElement : public Variable {
public:
explicit Global_DictElement(std::string dictElement)
: Variable("GLOBAL"),
m_dictElement("GLOBAL:" + dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement, "GLOBAL", l);
}
std::string m_dictElement;
};
class Global_NoDictElement : public Variable {
public:
explicit Global_NoDictElement()
: Variable("GLOBAL") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "GLOBAL", l);
}
};
class Global_DictElementRegexp : public Variable {
public:
Global_DictElementRegexp(std::string dictElement)
: Variable("GLOBAL"),
m_r(dictElement),
m_dictElement("GLOBAL:" + dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"GLOBAL", l);
}
Utils::Regex m_r;
std::string m_dictElement;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_GLOBAL_H_

3
src/variables/highest_severity.cc
View File

@ -26,7 +26,8 @@
namespace modsecurity {
namespace Variables {
void HighestSeverity::evaluateInternal(Transaction *transaction,
void HighestSeverity::evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableHighestSeverityAction.assign(
std::to_string(transaction->m_highestSeverityAction));

3
src/variables/highest_severity.h
View File

@ -34,7 +34,8 @@ class HighestSeverity : public Variable {
: Variable(_name),
m_retName("HIGHEST_SEVERITY") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override;
std::string m_retName;
};

3
src/variables/inbound_data_error.h
View File

@ -34,7 +34,8 @@ class InboundDataError : public Variable {
InboundDataError()
: Variable("INBOUND_DATA_ERROR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableInboundDataError.evaluate(l);
}

84
src/variables/ip.h Normal file
View File

@ -0,0 +1,84 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_IP_H_
#define SRC_VARIABLES_IP_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class Ip_DictElement : public Variable {
public:
explicit Ip_DictElement(std::string dictElement)
: Variable("IP"),
m_dictElement("IP:" + dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement, "IP", l);
}
std::string m_dictElement;
};
class Ip_NoDictElement : public Variable {
public:
explicit Ip_NoDictElement()
: Variable("IP") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "IP", l);
}
};
class Ip_DictElementRegexp : public Variable {
public:
Ip_DictElementRegexp(std::string dictElement)
: Variable("IP"),
m_r(dictElement),
m_dictElement("IP:" + dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"IP", l);
}
Utils::Regex m_r;
std::string m_dictElement;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_IP_H_

3
src/variables/matched_var.h
View File

@ -34,7 +34,8 @@ class MatchedVar : public Variable {
MatchedVar()
: Variable("MATCHED_VAR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVar.evaluate(l);
}

3
src/variables/matched_var_name.h
View File

@ -34,7 +34,8 @@ class MatchedVarName : public Variable {
MatchedVarName()
: Variable("MATCHED_VAR_NAME") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVarName.evaluate(l);
}

83
src/variables/matched_vars.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_MATCHED_VARS_H_
#define SRC_VARIABLES_MATCHED_VARS_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class MatchedVars_DictElement : public Variable {
public:
MatchedVars_DictElement(std::string dictElement)
: Variable("MATCHED_VARS" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVars.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class MatchedVars_NoDictElement : public Variable {
public:
MatchedVars_NoDictElement()
: Variable("MATCHED_VARS") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVars.resolve(l);
}
};
class MatchedVars_DictElementRegexp : public Variable {
public:
MatchedVars_DictElementRegexp(std::string dictElement)
: Variable("MATCHED_VARS"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableMatchedVars.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_MATCHED_VARS_H_

83
src/variables/matched_vars_names.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_MATCHED_VARS_NAMES_H_
#define SRC_VARIABLES_MATCHED_VARS_NAMES_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class MatchedVarsNames_DictElement : public Variable {
public:
MatchedVarsNames_DictElement(std::string dictElement)
: Variable("MATCHED_VARS_NAMES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVarsNames.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class MatchedVarsNames_NoDictElement : public Variable {
public:
MatchedVarsNames_NoDictElement()
: Variable("MATCHED_VARS_NAMES") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVarsNames.resolve(l);
}
};
class MatchedVarsNames_DictElementRegexp : public Variable {
public:
MatchedVarsNames_DictElementRegexp(std::string dictElement)
: Variable("MATCHED_VARS_NAMES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMatchedVarsNames.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_MATCHED_VARS_NAMES_H_

3
src/variables/modsec_build.cc
View File

@ -24,7 +24,8 @@
namespace modsecurity {
namespace Variables {
void ModsecBuild::evaluateInternal(Transaction *transaction,
void ModsecBuild::evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
l->push_back(new collection::Variable(&m_retName, &m_build));

3
src/variables/modsec_build.h
View File

@ -43,7 +43,8 @@ class ModsecBuild : public Variable {
m_build = ss.str();
}
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override;
std::string m_build;

3
src/variables/multipart_crlf_lf_lines.h
View File

@ -34,7 +34,8 @@ class MultipartCrlfLFLines : public Variable {
MultipartCrlfLFLines()
: Variable("MULTIPART_CRLF_LF_LINES") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartCrlfLFLines.evaluate(l);
}

3
src/variables/multipart_data_after.h
View File

@ -34,7 +34,8 @@ class MultipartDateAfter : public Variable {
MultipartDateAfter()
: Variable("MULTIPART_DATA_AFTER") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartDataAfter.evaluate(l);
}

3
src/variables/multipart_file_limit_exceeded.h
View File

@ -34,7 +34,8 @@ class MultipartFileLimitExceeded : public Variable {
MultipartFileLimitExceeded()
: Variable("MULTIPART_FILE_LIMIT_EXCEEDED") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartFileLimitExceeded.evaluate(l);
}

83
src/variables/multipart_file_name.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_MULTIPART_FILENAME_H_
#define SRC_VARIABLES_MULTIPART_FILENAME_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class MultiPartFileName_DictElement : public Variable {
public:
MultiPartFileName_DictElement(std::string dictElement)
: Variable("MULTIPART_FILENAME" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultiPartFileName.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class MultiPartFileName_NoDictElement : public Variable {
public:
MultiPartFileName_NoDictElement()
: Variable("MULTIPART_FILENAME") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultiPartFileName.resolve(l);
}
};
class MultiPartFileName_DictElementRegexp : public Variable {
public:
MultiPartFileName_DictElementRegexp(std::string dictElement)
: Variable("MULTIPART_FILENAME"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableMultiPartFileName.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_MULTIPART_FILENAME_H_

3
src/variables/multipart_header_folding.h
View File

@ -34,7 +34,8 @@ class MultipartHeaderFolding : public Variable {
MultipartHeaderFolding()
: Variable("MULTIPART_HEADER_FOLDING") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartHeaderFolding.evaluate(l);
}

3
src/variables/multipart_invalid_header_folding.h
View File

@ -34,7 +34,8 @@ class MultipartInvalidHeaderFolding : public Variable {
MultipartInvalidHeaderFolding()
: Variable("MULTIPART_INVALID_HEADER_FOLDING") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartInvalidHeaderFolding.evaluate(l);
}

3
src/variables/multipart_invalid_quoting.h
View File

@ -33,7 +33,8 @@ class MultipartInvalidQuoting : public Variable {
public:
MultipartInvalidQuoting()
: Variable("MULTIPART_INVALID_QUOTING") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartInvalidQuoting.evaluate(l);
}

83
src/variables/multipart_name.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_MULTIPART_NAME_H_
#define SRC_VARIABLES_MULTIPART_NAME_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class MultiPartName_DictElement : public Variable {
public:
MultiPartName_DictElement(std::string dictElement)
: Variable("MULTIPART_NAME" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultiPartName.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class MultiPartName_NoDictElement : public Variable {
public:
MultiPartName_NoDictElement()
: Variable("MULTIPART_NAME") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultiPartName.resolve(l);
}
};
class MultiPartName_DictElementRegexp : public Variable {
public:
MultiPartName_DictElementRegexp(std::string dictElement)
: Variable("MULTIPART_NAME"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableMultiPartName.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_MULTIPART_FILENAME_H_

3
src/variables/multipart_strict_error.h
View File

@ -34,7 +34,8 @@ class MultipartStrictError : public Variable {
MultipartStrictError()
: Variable("MULTIPART_STRICT_ERROR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartStrictError.evaluate(l);
}

3
src/variables/multipart_unmatched_boundary.h
View File

@ -34,7 +34,8 @@ class MultipartUnmatchedBoundary : public Variable {
MultipartUnmatchedBoundary()
: Variable("MULTIPART_UNMATCHED_BOUNDARY") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableMultipartUnmatchedBoundary.evaluate(l);
}

3
src/variables/outbound_data_error.h
View File

@ -34,7 +34,8 @@ class OutboundDataError : public Variable {
OutboundDataError()
: Variable("OUTBOUND_DATA_ERROR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableOutboundDataError.evaluate(l);
}

3
src/variables/path_info.h
View File

@ -34,7 +34,8 @@ class PathInfo : public Variable {
PathInfo()
: Variable("PATH_INFO") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variablePathInfo.evaluate(l);
}

3
src/variables/query_string.h
View File

@ -34,7 +34,8 @@ class QueryString : public Variable {
QueryString()
: Variable("QUERY_STRING") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableQueryString.evaluate(l);
}

3
src/variables/remote_addr.h
View File

@ -34,7 +34,8 @@ class RemoteAddr : public Variable {
RemoteAddr()
: Variable("REMOTE_ADDR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRemoteAddr.evaluate(l);
}

3
src/variables/remote_host.h
View File

@ -34,7 +34,8 @@ class RemoteHost : public Variable {
RemoteHost()
: Variable("REMOTE_HOST") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRemoteHost.evaluate(l);
}

3
src/variables/remote_port.h
View File

@ -34,7 +34,8 @@ class RemotePort : public Variable {
RemotePort()
: Variable("REMOTE_PORT") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRemotePort.evaluate(l);
}

8
src/variables/remote_user.cc
View File

@ -35,13 +35,14 @@ namespace modsecurity {
namespace Variables {
void RemoteUser::evaluateInternal(Transaction *transaction,
void RemoteUser::evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
size_t pos;
std::string base64;
std::string *header = transaction->m_collections.resolveFirst(
"REQUEST_HEADERS:Authorization");
std::unique_ptr<std::string> header = std::move(transaction->m_variableRequestHeaders.resolveFirst(
"Authorization"));
if (header == NULL) {
return;
@ -61,6 +62,7 @@ void RemoteUser::evaluateInternal(Transaction *transaction,
l->push_back(new collection::Variable(&m_retName,
&transaction->m_variableRemoteUser));
}

3
src/variables/remote_user.h
View File

@ -36,7 +36,8 @@ class RemoteUser : public Variable {
: Variable(_name),
m_retName("REMOTE_USER") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override;
std::string m_retName;
};

3
src/variables/reqbody_error.h
View File

@ -34,7 +34,8 @@ class ReqbodyError : public Variable {
ReqbodyError()
: Variable("REQBODY_ERROR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableReqbodyError.evaluate(l);
}

3
src/variables/reqbody_error_msg.h
View File

@ -33,7 +33,8 @@ class ReqbodyErrorMsg : public Variable {
public:
ReqbodyErrorMsg()
: Variable("REQBODY_ERROR_MSG") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableReqbodyErrorMsg.evaluate(l);
}

3
src/variables/reqbody_processor.h
View File

@ -33,7 +33,8 @@ class ReqbodyProcessor : public Variable {
public:
ReqbodyProcessor()
: Variable("REQBODY_PROCESSOR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableReqbodyProcessor.evaluate(l);
}

3
src/variables/reqbody_processor_error.h
View File

@ -34,7 +34,8 @@ class ReqbodyProcessorError : public Variable {
ReqbodyProcessorError()
: Variable("REQBODY_PROCESSOR_ERROR") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableReqbodyProcessorError.evaluate(l);
}

3
src/variables/reqbody_processor_error_msg.h
View File

@ -34,7 +34,8 @@ class ReqbodyProcessorErrorMsg : public Variable {
ReqbodyProcessorErrorMsg()
: Variable("PROCESSOR_ERROR_MSG") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableReqbodyProcessorErrorMsg.evaluate(l);
}

3
src/variables/request_base_name.h
View File

@ -34,7 +34,8 @@ class RequestBasename : public Variable {
RequestBasename()
: Variable("REQUEST_BASENAME") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestBasename.evaluate(l);
}

3
src/variables/request_body.h
View File

@ -33,7 +33,8 @@ class RequestBody : public Variable {
public:
RequestBody()
: Variable("REQUEST_BODY") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestBody.evaluate(l);
}

3
src/variables/request_body_length.h
View File

@ -33,7 +33,8 @@ class RequestBodyLength : public Variable {
public:
RequestBodyLength()
: Variable("REQUEST_BODY_LENGTH") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestBodyLength.evaluate(l);
}

83
src/variables/request_cookies.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_REQUEST_COOKIES_H_
#define SRC_VARIABLES_REQUEST_COOKIES_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class RequestCookies_DictElement : public Variable {
public:
RequestCookies_DictElement(std::string dictElement)
: Variable("REQUEST_COOKIES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestCookies.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class RequestCookies_NoDictElement : public Variable {
public:
RequestCookies_NoDictElement()
: Variable("REQUEST_COOKIES") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestCookies.resolve(l);
}
};
class RequestCookies_DictElementRegexp : public Variable {
public:
RequestCookies_DictElementRegexp(std::string dictElement)
: Variable("REQUEST_COOKIES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestCookies.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_REQUEST_COOKIES_H_

83
src/variables/request_cookies_names.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_REQUEST_COOKIES_NAMES_H_
#define SRC_VARIABLES_REQUEST_COOKIES_NAMES_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class RequestCookiesNames_DictElement : public Variable {
public:
RequestCookiesNames_DictElement(std::string dictElement)
: Variable("REQUEST_COOKIES_NAMES" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestCookiesNames.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class RequestCookiesNames_NoDictElement : public Variable {
public:
RequestCookiesNames_NoDictElement()
: Variable("REQUEST_COOKIES_NAMES") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestCookiesNames.resolve(l);
}
};
class RequestCookiesNames_DictElementRegexp : public Variable {
public:
RequestCookiesNames_DictElementRegexp(std::string dictElement)
: Variable("REQUEST_COOKIES_NAMES"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableRequestCookiesNames.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_REQUEST_COOKIES_NAMES_H_

3
src/variables/request_file_name.h
View File

@ -33,7 +33,8 @@ class RequestFilename : public Variable {
public:
RequestFilename()
: Variable("REQUEST_FILENAME") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestFilename.evaluate(l);
}

83
src/variables/request_headers.h Normal file
View File

@ -0,0 +1,83 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <utility>
#ifndef SRC_VARIABLES_REQUEST_HEADERS_H_
#define SRC_VARIABLES_REQUEST_HEADERS_H_
#include "src/variables/variable.h"
namespace modsecurity {
class Transaction;
namespace Variables {
class RequestHeaders_DictElement : public Variable {
public:
RequestHeaders_DictElement(std::string dictElement)
: Variable("REQUEST_HEADERS" + std::string(":") +
std::string(dictElement)),
m_dictElement(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestHeaders.resolve(m_dictElement, l);
}
std::string m_dictElement;
};
class RequestHeaders_NoDictElement : public Variable {
public:
RequestHeaders_NoDictElement()
: Variable("REQUEST_HEADERS") { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestHeaders.resolve(l);
}
};
class RequestHeaders_DictElementRegexp : public Variable {
public:
RequestHeaders_DictElementRegexp(std::string dictElement)
: Variable("REQUEST_HEADERS"),
m_r(dictElement) { }
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_variableRequestHeaders.resolveRegularExpression(
&m_r, l);
}
Utils::Regex m_r;
};
} // namespace Variables
} // namespace modsecurity
#endif // SRC_VARIABLES_REQUEST_HEADERS_H_

3
src/variables/request_headers_names.h
View File

@ -33,7 +33,8 @@ class RequestHeadersNames : public Variable {
public:
RequestHeadersNames()
: Variable("REQUEST_HEADERS_NAMES") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestHeadersNames.evaluate(l);
}

3
src/variables/request_line.h
View File

@ -33,7 +33,8 @@ class RequestLine : public Variable {
public:
RequestLine()
: Variable("REQUEST_LINE") { }
void evaluateInternal(Transaction *transaction,
void evaluate(Transaction *transaction,
Rule *rule,
std::vector<const collection::Variable *> *l) {
transaction->m_variableRequestLine.evaluate(l);
}

Some files were not shown because too many files have changed in this diff Show More