Adds support to the allow action

2025-09-30 11:44:32 +03:00 · 2016-06-30 20:42:30 -03:00
parent e77e4c4c14
commit f72bd587ec
11 changed files with 287 additions and 25 deletions
--- a/src/actions/allow.cc
+++ b/src/actions/allow.cc
@@ -0,0 +1,58 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/allow.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "src/utils.h"
+#include "modsecurity/modsecurity.h"
+
+namespace modsecurity {
+namespace actions {
+
+bool Allow::init(std::string *error) {
+    std::string a = tolower(m_parser_payload);
+
+    if (a == "phase") {
+        m_allowType = PhaseAllowType;
+    } else if (a == "request") {
+        m_allowType = RequestAllowType;
+    } else if (a == "") {
+        m_allowType = FromNowOneAllowType;
+    } else {
+        error->assign("Allow: if specified, the parameter most be: phase, request");
+        return false;
+    }
+
+    return true;
+}
+
+
+bool Allow::evaluate(Rule *rule, Transaction *transaction) {
+    transaction->debug(4, "Dropping the evaluation of upcoming rules " \
+        "in favor of an `allow' action of type: " \
+        + allowTypeToName(m_allowType));
+
+    transaction->m_allowType = m_allowType;
+
+    return true;
+}
+
+}  // namespace actions
+}  // namespace modsecurity
--- a/src/actions/allow.h
+++ b/src/actions/allow.h
@@ -0,0 +1,83 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_ALLOW_H_
+#define SRC_ACTIONS_ALLOW_H_
+
+#ifdef __cplusplus
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+class Rule;
+
+namespace actions {
+
+enum AllowType : short {
+  /**
+   *
+   */
+  NoneAllowType,
+  /**
+   *
+   */
+  RequestAllowType,
+  /**
+   *
+   */
+  PhaseAllowType,
+  /**
+   *
+   */
+  FromNowOneAllowType,
+};
+
+
+class Allow : public Action {
+ public:
+    explicit Allow(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind),
+        m_allowType(NoneAllowType) { }
+
+
+    bool init(std::string *error) override;
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+
+    AllowType m_allowType;
+
+    static std::string allowTypeToName (AllowType a) {
+        if (a == NoneAllowType) {
+            return "None";
+        } else if (a = RequestAllowType) {
+            return "Request";
+        } else if (a = PhaseAllowType) {
+            return "Phase";
+        } else if (a = FromNowOneAllowType) {
+            return "FromNowOne";
+        } else {
+            return "Unknown";
+        }
+    }
+};
+
+}  // namespace actions
+}  // namespace modsecurity
+#endif
+
+#endif  // SRC_ACTIONS_ALLOW_H_