github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds all auditlog related directives to the configuration parser

Browse Source 
Added the support for the following configuration directives:
 - SecAuditLogDirMode
 - SecAuditLogStorageDir
 - SecAuditEngine
 - SecAuditLogFileMode
 - SecAuditLog2
 - SecAuditLogParts
 - SecAuditLog
 - SecAuditLogRelevantStatus
 - SecAuditLogType
This commit is contained in:
Felipe Zimmerle 2015-07-03 15:30:44 -03:00
parent fc622c27df
commit fd8f26f763
2 changed files with 126 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
src/parser/seclang-parser.yy
View File

@ -50,29 +50,40 @@ using ModSecurity::Rule;
FREE_TEXT FREE_TEXT
; ;
%left ARGS CONFIG_VALUE_ON CONFIG_VALUE_OFF CONFIG_VALUE %left ARGS CONFIG_VALUE_RELEVANT_ONLY CONFIG_VALUE_ON CONFIG_VALUE_OFF CONFIG_VALUE
%token <std::string> DIRECTIVE %token <std::string> DIRECTIVE
%token <std::string> CONFIG_DIRECTIVE %token <std::string> CONFIG_DIRECTIVE
%token <std::string> CONFIG_DIR_RULE_ENG %token <std::string> CONFIG_DIR_RULE_ENG
%token <std::string> CONFIG_DIR_REQ_BODY %token <std::string> CONFIG_DIR_REQ_BODY
%token <std::string> CONFIG_DIR_RES_BODY %token <std::string> CONFIG_DIR_RES_BODY
%token <std::string> CONFIG_DIR_AUDIT_ENG
%token <std::string> CONFIG_DIR_AUDIT_TPE
%token <std::string> CONFIG_VALUE %token <std::string> CONFIG_VALUE
%token <std::string> CONFIG_VALUE_ON %token <std::string> CONFIG_VALUE_ON
%token <std::string> CONFIG_VALUE_OFF %token <std::string> CONFIG_VALUE_OFF
%token <std::string> CONFIG_VALUE_DETC %token <std::string> CONFIG_VALUE_DETC
%token <std::string> CONFIG_VALUE_SERIAL %token <std::string> CONFIG_VALUE_SERIAL
%token <std::string> CONFIG_VALUE_PARALLEL %token <std::string> CONFIG_VALUE_PARALLEL
%token <std::string> CONFIG_VALUE_RELEVANT_ONLY
%token <std::string> CONFIG_DIR_AUDIT_DIR
%token <std::string> CONFIG_DIR_AUDIT_DIR_MOD
%token <std::string> CONFIG_DIR_AUDIT_ENG
%token <std::string> CONFIG_DIR_AUDIT_FLE_MOD
%token <std::string> CONFIG_DIR_AUDIT_LOG %token <std::string> CONFIG_DIR_AUDIT_LOG
%token <std::string> CONFIG_DIR_AUDIT_LOG2
%token <std::string> CONFIG_DIR_AUDIT_LOG_P %token <std::string> CONFIG_DIR_AUDIT_LOG_P
%token <std::string> CONFIG_DIR_AUDIT_STS
%token <std::string> CONFIG_DIR_AUDIT_TPE
%token <std::string> CONFIG_DIR_DEBUG_LOG %token <std::string> CONFIG_DIR_DEBUG_LOG
%token <std::string> CONFIG_DIR_DEBUG_LVL %token <std::string> CONFIG_DIR_DEBUG_LVL
%token <std::string> OPERATOR %token <std::string> OPERATOR
%token <std::string> ACTION %token <std::string> ACTION
%token <std::string> VARIABLE %token <std::string> VARIABLE
%token <std::string> TRANSFORMATION %token <std::string> TRANSFORMATION
%token <double> CONFIG_VALUE_NUMBER
%type <std::vector<Action *> *> actions %type <std::vector<Action *> *> actions
%type <std::vector<Variable> *> variables %type <std::vector<Variable> *> variables
@ -91,8 +102,80 @@ line:
| SPACE NEW_LINE | SPACE NEW_LINE
| SPACE | SPACE
audit_log:
/* SecAuditLogDirMode */
CONFIG_DIR_AUDIT_DIR_MOD
{
driver.audit_log->setStorageDirMode(strtol($1.c_str(), NULL, 8));
}
/* SecAuditLogStorageDir */
| CONFIG_DIR_AUDIT_DIR
{
driver.audit_log->setStorageDir($1);
}
/* SecAuditEngine */
| CONFIG_DIR_AUDIT_ENG SPACE CONFIG_VALUE_RELEVANT_ONLY
{
driver.audit_log->setStatus(ModSecurity::AuditLog::RelevantOnlyAuditLogStatus);
}
| CONFIG_DIR_AUDIT_ENG SPACE CONFIG_VALUE_OFF
{
driver.audit_log->setStatus(ModSecurity::AuditLog::OffAuditLogStatus);
}
| CONFIG_DIR_AUDIT_ENG SPACE CONFIG_VALUE_ON
{
driver.audit_log->setStatus(ModSecurity::AuditLog::OnAuditLogStatus);
}
/* SecAuditLogFileMode */
| CONFIG_DIR_AUDIT_FLE_MOD
{
driver.audit_log->setFileMode(strtol($1.c_str(), NULL, 8));
}
/* SecAuditLog2 */
| CONFIG_DIR_AUDIT_LOG2
{
driver.audit_log->setFilePath2($1);
}
/* SecAuditLogParts */
| CONFIG_DIR_AUDIT_LOG_P
{
driver.audit_log->setParts($1);
}
/* SecAuditLog */
| CONFIG_DIR_AUDIT_LOG
{
driver.audit_log->setFilePath1($1);
}
/* SecAuditLogRelevantStatus */
| CONFIG_DIR_AUDIT_STS
{
std::string relevant_status($1);
relevant_status.pop_back();
relevant_status.erase(0, 1);
driver.audit_log->setRelevantStatus(relevant_status);
}
/* SecAuditLogType */
| CONFIG_DIR_AUDIT_TPE SPACE CONFIG_VALUE_SERIAL
{
driver.audit_log->setType(ModSecurity::AuditLog::SerialAuditLogType);
}
| CONFIG_DIR_AUDIT_TPE SPACE CONFIG_VALUE_PARALLEL
{
driver.audit_log->setType(ModSecurity::AuditLog::ParallelAuditLogType);
}
expression: expression:
DIRECTIVE SPACE variables SPACE OPERATOR SPACE QUOTATION_MARK actions QUOTATION_MARK audit_log
| DIRECTIVE SPACE variables SPACE OPERATOR SPACE QUOTATION_MARK actions QUOTATION_MARK
{ {
Rule *rule = new Rule( Rule *rule = new Rule(
/* op */ Operator::instantiate($5), /* op */ Operator::instantiate($5),
@ -129,30 +212,7 @@ expression:
{ {
driver.sec_request_body_access = false; driver.sec_request_body_access = false;
} }
| CONFIG_DIR_AUDIT_ENG SPACE CONFIG_VALUE_ON /* Debug log: start */
{
driver.sec_audit_engine = true;
}
| CONFIG_DIR_AUDIT_ENG SPACE CONFIG_VALUE_OFF
{
driver.sec_audit_engine = false;
}
| CONFIG_DIR_AUDIT_TPE SPACE CONFIG_VALUE_SERIAL
{
driver.sec_audit_type = 0;
}
| CONFIG_DIR_AUDIT_TPE SPACE CONFIG_VALUE_PARALLEL
{
driver.sec_audit_type = 1;
}
| CONFIG_DIR_AUDIT_LOG
{
//driver.audit_log_path = $1;
}
| CONFIG_DIR_AUDIT_LOG_P
{
//driver.audit_log_parts = $1;
}
| CONFIG_DIR_DEBUG_LVL | CONFIG_DIR_DEBUG_LVL
{ {
driver.debug_level = atoi($1.c_str()); driver.debug_level = atoi($1.c_str());
@ -161,6 +221,7 @@ expression:
{ {
driver.debug_log_path = $1; driver.debug_log_path = $1;
} }
/* Debug log: end */
variables: variables:
variables PIPE VARIABLE variables PIPE VARIABLE

51
src/parser/seclang-scanner.ll
View File

@ -21,15 +21,25 @@ ACTION (?i:accuracy|allow|append|auditlog|block|capture|chain|ctl|deny|
DIRECTIVE SecRule DIRECTIVE SecRule
CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecAuditLogRelevantStatus|SecAuditLogType|SecArgumentSeparator|SecCookieFormat|SecStatusEngine CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
CONFIG_DIR_RULE_ENG SecRuleEngine CONFIG_DIR_RULE_ENG SecRuleEngine
CONFIG_DIR_REQ_BODY SecRequestBodyAccess CONFIG_DIR_REQ_BODY SecRequestBodyAccess
CONFIG_DIR_RES_BODY SecResponseBodyAccess CONFIG_DIR_RES_BODY SecResponseBodyAccess
CONFIG_DIR_AUDIT_ENG SecAuditEngine
CONFIG_DIR_AUDIT_TPE SecAuditLogType
CONFIG_DIR_AUDIT_LOG SecAuditLog CONFIG_DIR_AUDIT_DIR_MOD (?i:SecAuditLogDirMode)
CONFIG_DIR_AUDIT_LOG_P SecAuditLogParts CONFIG_DIR_AUDIT_DIR (?i:SecAuditLogStorageDir)
CONFIG_DIR_AUDIT_ENG (?i:SecAuditEngine)
CONFIG_DIR_AUDIT_FLE_MOD (?i:SecAuditLogFileMode)
CONFIG_DIR_AUDIT_LOG2 (?i:SecAuditLog2)
CONFIG_DIR_AUDIT_LOG_P (?i:SecAuditLogParts)
CONFIG_DIR_AUDIT_LOG (?i:SecAuditLog)
CONFIG_DIR_AUDIT_STS (?i:SecAuditLogRelevantStatus)
CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType)
CONFIG_DIR_DEBUG_LOG SecDebugLog CONFIG_DIR_DEBUG_LOG SecDebugLog
CONFIG_DIR_DEBUG_LVL SecDebugLogLevel CONFIG_DIR_DEBUG_LVL SecDebugLogLevel
@ -54,6 +64,7 @@ CONFIG_VALUE_OFF Off
CONFIG_VALUE_DETC DetectOnly CONFIG_VALUE_DETC DetectOnly
CONFIG_VALUE_SERIAL Serial CONFIG_VALUE_SERIAL Serial
CONFIG_VALUE_PARALLEL Parallel CONFIG_VALUE_PARALLEL Parallel
CONFIG_VALUE_RELEVANT_ONLY RelevantOnly
CONFIG_VALUE_PATH [A-Za-z_/\.]+ CONFIG_VALUE_PATH [A-Za-z_/\.]+
AUDIT_PARTS [ABCDEFHJKZ]+ AUDIT_PARTS [ABCDEFHJKZ]+
@ -78,19 +89,31 @@ FREE_TEXT [^\"]+
{CONFIG_DIR_RULE_ENG} { return yy::seclang_parser::make_CONFIG_DIR_RULE_ENG(yytext, loc); } {CONFIG_DIR_RULE_ENG} { return yy::seclang_parser::make_CONFIG_DIR_RULE_ENG(yytext, loc); }
{CONFIG_DIR_RES_BODY} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY(yytext, loc); } {CONFIG_DIR_RES_BODY} { return yy::seclang_parser::make_CONFIG_DIR_RES_BODY(yytext, loc); }
{CONFIG_DIR_REQ_BODY} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY(yytext, loc); } {CONFIG_DIR_REQ_BODY} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY(yytext, loc); }
{CONFIG_DIR_AUDIT_ENG} { return yy::seclang_parser::make_CONFIG_DIR_REQ_BODY(yytext, loc); }
{CONFIG_DIR_AUDIT_TPE} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_TPE(yytext, loc); } %{ /* Audit log entries */ %}
{CONFIG_DIR_AUDIT_DIR}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_DIR(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_DIR_MOD}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_DIR_MOD(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_ENG} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_ENG(yytext, loc); }
{CONFIG_DIR_AUDIT_FLE_MOD}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_FLE_MOD(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_LOG2}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_LOG2(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_LOG(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_LOG_P}[ ]{AUDIT_PARTS} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_LOG_P(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_STS}[ ]["]{FREE_TEXT}["] { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_STS(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_TPE} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_TPE(yytext, loc); }
%{ /* Debug log entries */ %}
{CONFIG_DIR_DEBUG_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LOG(strchr(yytext, ' ') + 1, loc); } {CONFIG_DIR_DEBUG_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LOG(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_DEBUG_LVL}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LVL(strchr(yytext, ' ') + 1, loc); } {CONFIG_DIR_DEBUG_LVL}[ ]{CONFIG_VALUE_NUMBER} { return yy::seclang_parser::make_CONFIG_DIR_DEBUG_LVL(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_LOG}[ ]{CONFIG_VALUE_PATH} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_LOG(strchr(yytext, ' ') + 1, loc); }
{CONFIG_DIR_AUDIT_LOG_P}[ ]{AUDIT_PARTS} { return yy::seclang_parser::make_CONFIG_DIR_AUDIT_LOG_P(strchr(yytext, ' ') + 1, loc); }
{CONFIG_VALUE_ON} { return yy::seclang_parser::make_CONFIG_VALUE_ON(yytext, loc); } {CONFIG_VALUE_ON} { return yy::seclang_parser::make_CONFIG_VALUE_ON(yytext, loc); }
{CONFIG_VALUE_OFF} { return yy::seclang_parser::make_CONFIG_VALUE_OFF(yytext, loc); } {CONFIG_VALUE_OFF} { return yy::seclang_parser::make_CONFIG_VALUE_OFF(yytext, loc); }
{CONFIG_VALUE_SERIAL} { return yy::seclang_parser::make_CONFIG_VALUE_SERIAL(yytext, loc); } {CONFIG_VALUE_SERIAL} { return yy::seclang_parser::make_CONFIG_VALUE_SERIAL(yytext, loc); }
{CONFIG_VALUE_PARALLEL} { return yy::seclang_parser::make_CONFIG_VALUE_PARALLEL(yytext, loc); } {CONFIG_VALUE_PARALLEL} { return yy::seclang_parser::make_CONFIG_VALUE_PARALLEL(yytext, loc); }
{CONFIG_VALUE_DETC} { return yy::seclang_parser::make_CONFIG_VALUE_DETC(yytext, loc); } {CONFIG_VALUE_DETC} { return yy::seclang_parser::make_CONFIG_VALUE_DETC(yytext, loc); }
{CONFIG_VALUE_RELEVANT_ONLY} { return yy::seclang_parser::make_CONFIG_VALUE_RELEVANT_ONLY(yytext, loc); }
["]{OPERATOR}[ ]{FREE_TEXT}["] { return yy::seclang_parser::make_OPERATOR(yytext, loc); } ["]{OPERATOR}[ ]{FREE_TEXT}["] { return yy::seclang_parser::make_OPERATOR(yytext, loc); }
["]{OPERATORNOARG}["] { return yy::seclang_parser::make_OPERATOR(yytext, loc); } ["]{OPERATORNOARG}["] { return yy::seclang_parser::make_OPERATOR(yytext, loc); }
{ACTION} { return yy::seclang_parser::make_ACTION(yytext, loc); } {ACTION} { return yy::seclang_parser::make_ACTION(yytext, loc); }
["] { return yy::seclang_parser::make_QUOTATION_MARK(loc); } ["] { return yy::seclang_parser::make_QUOTATION_MARK(loc); }
[,] { return yy::seclang_parser::make_COMMA(loc); } [,] { return yy::seclang_parser::make_COMMA(loc); }