mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 13:26:01 +03:00
9f47f1473c
- Parser location is now a custom class. It holds a shared pointer with the file name; If the parser fails, the resource is deleted. - To follow the parser change, the Rule class now holds the file name in a shared pointer instead of a unique pointer. As a shared pointer we avoid duplication of the file name in memory, plus, it frees itself when not in use anymore. - Operator init also accepting the filename as a shared pointer. - Driver is treating m_location was privative. Now it holds a std::list<std::shared_ptr<yy::seclang_parser::location_type>> instead of: std::list<yy::seclang_parser::location_type *>. - Fix: addSecRule on Driver() was changed from RuleWithAction to RuleWithOperator. - Minor changes on the regression and rules-check utility to force deletion of resources even when they fail. - Couple of virtual destructors were placed to force the shared pointer decrementing on shared variables. - Deleted constructors for copy were placed for the sake of readability.
131 lines
3.8 KiB
C++
131 lines
3.8 KiB
C++
/*
|
|
* ModSecurity, http://www.modsecurity.org/
|
|
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
*
|
|
* You may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* If any of the files related to licensing are missing or if you have any
|
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
* directly using the email address security@modsecurity.org.
|
|
*
|
|
*/
|
|
|
|
#include "src/operators/validate_schema.h"
|
|
|
|
#include <string>
|
|
|
|
#include "src/operators/operator.h"
|
|
#include "src/request_body_processor/xml.h"
|
|
#include "src/utils/system.h"
|
|
|
|
|
|
namespace modsecurity {
|
|
namespace operators {
|
|
|
|
#ifdef WITH_LIBXML2
|
|
|
|
bool ValidateSchema::init(std::shared_ptr<std::string> file, std::string *error) {
|
|
std::string err;
|
|
m_resource = utils::find_resource(m_param, file, &err);
|
|
if (m_resource == "") {
|
|
error->assign("XML: File not found: " + m_param + ". " + err);
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
bool ValidateSchema::evaluate(Transaction *transaction,
|
|
const RuleWithActions *rule,
|
|
const bpstd::string_view &str,
|
|
RuleMessage *ruleMessage) {
|
|
|
|
if (transaction->m_xml->m_data.doc == NULL) {
|
|
ms_dbg_a(transaction, 4, "XML document tree could not be found for " \
|
|
"schema validation.");
|
|
return true;
|
|
}
|
|
if (transaction->m_xml->m_data.well_formed != 1) {
|
|
ms_dbg_a(transaction, 4, "XML: Schema validation failed because " \
|
|
"content is not well formed.");
|
|
return true;
|
|
}
|
|
|
|
xmlSchemaParserCtxtPtr parserCtx = xmlSchemaNewParserCtxt(m_resource.c_str());
|
|
if (parserCtx == NULL) {
|
|
std::stringstream err;
|
|
err << "XML: Failed to load Schema from file: ";
|
|
err << m_resource;
|
|
err << ". ";
|
|
if (m_err.empty() == false) {
|
|
err << m_err;
|
|
}
|
|
ms_dbg_a(transaction, 4, err.str());
|
|
return true;
|
|
}
|
|
|
|
xmlSchemaSetParserErrors(parserCtx,
|
|
(xmlSchemaValidityErrorFunc)error_load,
|
|
(xmlSchemaValidityWarningFunc)warn_load, &m_err);
|
|
|
|
xmlThrDefSetGenericErrorFunc(parserCtx,
|
|
null_error);
|
|
|
|
xmlSetGenericErrorFunc(parserCtx,
|
|
null_error);
|
|
|
|
xmlSchemaPtr schema = xmlSchemaParse(parserCtx);
|
|
if (schema == NULL) {
|
|
std::stringstream err;
|
|
err << "XML: Failed to load Schema: ";
|
|
err << m_resource;
|
|
err << ".";
|
|
if (m_err.empty() == false) {
|
|
err << " " << m_err;
|
|
}
|
|
ms_dbg_a(transaction, 4, err.str());
|
|
xmlSchemaFreeParserCtxt(parserCtx);
|
|
return true;
|
|
}
|
|
|
|
xmlSchemaValidCtxtPtr validCtx = xmlSchemaNewValidCtxt(schema);
|
|
if (validCtx == NULL) {
|
|
std::stringstream err("XML: Failed to create validation context.");
|
|
if (m_err.empty() == false) {
|
|
err << " " << m_err;
|
|
}
|
|
ms_dbg_a(transaction, 4, err.str());
|
|
xmlSchemaFree(schema);
|
|
xmlSchemaFreeParserCtxt(parserCtx);
|
|
return true;
|
|
}
|
|
|
|
/* Send validator errors/warnings to msr_log */
|
|
xmlSchemaSetValidErrors(validCtx,
|
|
(xmlSchemaValidityErrorFunc)error_runtime,
|
|
(xmlSchemaValidityWarningFunc)warn_runtime, transaction);
|
|
|
|
int rc = xmlSchemaValidateDoc(validCtx, transaction->m_xml->m_data.doc);
|
|
|
|
xmlSchemaFreeValidCtxt(validCtx);
|
|
xmlSchemaFree(schema);
|
|
xmlSchemaFreeParserCtxt(parserCtx);
|
|
if (rc != 0) {
|
|
ms_dbg_a(transaction, 4, "XML: Schema validation failed.");
|
|
return true; /* No match. */
|
|
} else {
|
|
ms_dbg_a(transaction, 4, "XML: Successfully validated payload against " \
|
|
"Schema: " + m_resource);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
#endif
|
|
|
|
} // namespace operators
|
|
} // namespace modsecurity
|