github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Now accept SecRules regardless of the letter case

Browse Source
This commit is contained in:
Felipe Zimmerle
2015-09-03 11:06:51 -03:00
parent 8675383c0d
commit f2ed890ea6
2 changed files with 33 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/parser/seclang-scanner.ll
View File

@@ -32,10 +32,10 @@ ACTION_SETVAR (?i:setvar)
ACTION_MSG (?i:msg) ACTION_MSG (?i:msg)
ACTION_TAG (?i:tag) ACTION_TAG (?i:tag)
ACTION_REV (?i:rev) ACTION_REV (?i:rev)
ACTION_CTL_BDY_XML ctl:requestBodyProcessor=XML ACTION_CTL_BDY_XML (?i:ctl:requestBodyProcessor=XML)
ACTION_CTL_BDY_JSON ctl:requestBodyProcessor=JSON ACTION_CTL_BDY_JSON (?i:ctl:requestBodyProcessor=JSON)
ACTION_CTL_AUDIT_LOG_PARTS (?i:ctl:auditLogParts) ACTION_CTL_AUDIT_LOG_PARTS (?i:ctl:auditLogParts)
DIRECTIVE SecRule DIRECTIVE (?i:SecRule)
LOG_DATA (?i:logdata) LOG_DATA (?i:logdata)
CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION (?i:SecPcreMatchLimitRecursion) CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION (?i:SecPcreMatchLimitRecursion)
@@ -56,9 +56,9 @@ CONFIG_DIR_RES_BODY_LIMIT_ACTION (?i:SecResponseBodyLimitAction)
CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb) CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
CONFIG_DIR_RULE_ENG SecRuleEngine CONFIG_DIR_RULE_ENG (?i:SecRuleEngine)
CONFIG_DIR_REQ_BODY SecRequestBodyAccess CONFIG_DIR_REQ_BODY (?i:SecRequestBodyAccess)
CONFIG_DIR_RES_BODY SecResponseBodyAccess CONFIG_DIR_RES_BODY (?i:SecResponseBodyAccess)
CONFIG_DIR_AUDIT_DIR_MOD (?i:SecAuditLogDirMode) CONFIG_DIR_AUDIT_DIR_MOD (?i:SecAuditLogDirMode)
@@ -72,8 +72,8 @@ CONFIG_DIR_AUDIT_STS (?i:SecAuditLogRelevantStatus)
CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType) CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType)
CONFIG_DIR_DEBUG_LOG SecDebugLog CONFIG_DIR_DEBUG_LOG (?i:SecDebugLog)
CONFIG_DIR_DEBUG_LVL SecDebugLogLevel CONFIG_DIR_DEBUG_LVL (?i:SecDebugLogLevel)
CONFIG_COMPONENT_SIG (?i:SecComponentSignature) CONFIG_COMPONENT_SIG (?i:SecComponentSignature)
@@ -110,12 +110,12 @@ RUN_TIME_VAR_TIME_YEAR (?i:TIME_YEAR)
VARIABLENOCOLON (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE) VARIABLENOCOLON (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE)
CONFIG_VALUE_ON On CONFIG_VALUE_ON (?i:On)
CONFIG_VALUE_OFF Off CONFIG_VALUE_OFF (?i:Off)
CONFIG_VALUE_DETC DetectionOnly CONFIG_VALUE_DETC (?i:DetectionOnly)
CONFIG_VALUE_SERIAL Serial CONFIG_VALUE_SERIAL (?i:Serial)
CONFIG_VALUE_PARALLEL (?i:Parallel|Concurrent) CONFIG_VALUE_PARALLEL (?i:Parallel|Concurrent)
CONFIG_VALUE_RELEVANT_ONLY RelevantOnly CONFIG_VALUE_RELEVANT_ONLY (?i:RelevantOnly)
CONFIG_VALUE_PROCESS_PARTIAL (?i:ProcessPartial) CONFIG_VALUE_PROCESS_PARTIAL (?i:ProcessPartial)
CONFIG_VALUE_REJECT (?i:Reject) CONFIG_VALUE_REJECT (?i:Reject)

20
test/test-cases/regression/misc.json Normal file
View File

@@ -0,0 +1,20 @@
[
{
"enabled":1,
"version_min":300000,
"version_max":0,
"title":"Testing action :: SecRule directives should be case insensitive",
"expected":{
"audit_log":"",
"debug_log":"Executing operator \"@contains \" with param \"PHPSESSID\" against REQUEST_HEADERS.",
"error_log":""
},
"rules":[
"secruleengine On",
"secdebuglog \/tmp\/modsec_debug.log",
"secdebugloglevel 9",
"secrule REQUEST_HEADERS \"@contains PHPSESSID\" \"id:1,t:lowercase,t:none,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"",
"secrule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\""
]
}
]