Add support for new operator rxGlobal

owasp-modsecurity · Oct 26, 2020 · 2672db1 · 2672db1
1 parent 785958f
commit 2672db1
Show file tree

Hide file tree

Showing 14 changed files with 7,070 additions and 6,740 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Add support for new operator rxGlobal
+    [@martinhsv]
   - Fix maxminddb link on FreeBSD
     [Issue #2131 - @granalberto, @zimmerle]
   - Fix IP address logging in Section A

diff --git a/Makefile.am b/Makefile.am
@@ -171,6 +171,7 @@ TESTS+=test/test-cases/regression/operator-inpectFile.json
 TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json
 TESTS+=test/test-cases/regression/operator-pm.json
 TESTS+=test/test-cases/regression/operator-rx.json
+TESTS+=test/test-cases/regression/operator-rxGlobal.json
 TESTS+=test/test-cases/regression/operator-UnconditionalMatch.json
 TESTS+=test/test-cases/regression/operator-validate-byte-range.json
 TESTS+=test/test-cases/regression/operator-verifycc.json
@@ -290,6 +291,7 @@ TESTS+=test/test-cases/secrules-language-tests/operators/noMatch.json
 TESTS+=test/test-cases/secrules-language-tests/operators/pmFromFile.json
 TESTS+=test/test-cases/secrules-language-tests/operators/pm.json
 TESTS+=test/test-cases/secrules-language-tests/operators/rx.json
+TESTS+=test/test-cases/secrules-language-tests/operators/rxGlobal.json
 TESTS+=test/test-cases/secrules-language-tests/operators/streq.json
 TESTS+=test/test-cases/secrules-language-tests/operators/strmatch.json
 TESTS+=test/test-cases/secrules-language-tests/operators/unconditionalMatch.json

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -221,6 +221,7 @@ OPERATORS = \
 	operators/rbl.cc \
 	operators/rsub.cc \
 	operators/rx.cc \
+	operators/rx_global.cc \
 	operators/str_eq.cc \
 	operators/str_match.cc \
 	operators/validate_byte_range.cc \

diff --git a/src/operators/operator.cc b/src/operators/operator.cc
@@ -47,6 +47,7 @@
 #include "src/operators/rbl.h"
 #include "src/operators/rsub.h"
 #include "src/operators/rx.h"
+#include "src/operators/rx_global.h"
 #include "src/operators/str_eq.h"
 #include "src/operators/str_match.h"
 #include "src/operators/validate_byte_range.h"
@@ -169,6 +170,7 @@ Operator *Operator::instantiate(std::string op, std::string param_str) {
     IF_MATCH(rbl) { return new Rbl(std::move(param)); }
     IF_MATCH(rsub) { return new Rsub(std::move(param)); }
     IF_MATCH(rx) { return new Rx(std::move(param)); }
+    IF_MATCH(rxglobal) { return new RxGlobal(std::move(param)); }
     IF_MATCH(streq) { return new StrEq(std::move(param)); }
     IF_MATCH(strmatch) { return new StrMatch(std::move(param)); }
     IF_MATCH(validatebyterange) {

diff --git a/src/operators/rx_global.cc b/src/operators/rx_global.cc
@@ -0,0 +1,85 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address [email protected].
+ *
+ */
+
+#include "src/operators/rx_global.h"
+
+#include <string>
+#include <list>
+#include <memory>
+
+#include "src/operators/operator.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rule_message.h"
+
+namespace modsecurity {
+namespace operators {
+
+
+bool RxGlobal::init(const std::string &arg, std::string *error) {
+    if (m_string->m_containsMacro == false) {
+        m_re = new Regex(m_param);
+    }
+
+    return true;
+}
+
+
+bool RxGlobal::evaluate(Transaction *transaction, RuleWithActions *rule,
+    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    Regex *re;
+
+    if (m_param.empty() && !m_string->m_containsMacro) {
+        return true;
+    }
+
+    if (m_string->m_containsMacro) {
+        std::string eparam(m_string->evaluate(transaction));
+        re = new Regex(eparam);
+    } else {
+        re = m_re;
+    }
+
+    std::vector<Utils::SMatchCapture> captures;
+    re->searchGlobal(input, captures);
+
+    if (rule && rule->hasCaptureAction() && transaction) {
+        for (const Utils::SMatchCapture& capture : captures) {
+            const std::string capture_substring(input.substr(capture.m_offset,capture.m_length));
+            transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
+                std::to_string(capture.m_group), capture_substring);
+            ms_dbg_a(transaction, 7, "Added regex subexpression TX." +
+                std::to_string(capture.m_group) + ": " + capture_substring);
+            transaction->m_matched.push_back(capture_substring);
+        }
+    }
+
+    for (const auto & capture : captures) {
+        logOffset(ruleMessage, capture.m_offset, capture.m_length);
+    }
+
+    if (m_string->m_containsMacro) {
+        delete re;
+    }
+
+    if (captures.size() > 0) {
+        return true;
+    }
+
+    return false;
+}
+
+
+}  // namespace operators
+}  // namespace modsecurity
diff --git a/src/operators/rx_global.h b/src/operators/rx_global.h
@@ -0,0 +1,67 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address [email protected].
+ *
+ */
+
+#ifndef SRC_OPERATORS_RX_GLOBAL_H_
+#define SRC_OPERATORS_RX_GLOBAL_H_
+
+#include <string>
+//#include <list>
+#include <memory>
+#include <utility>
+
+#include "src/operators/operator.h"
+#include "src/utils/regex.h"
+
+
+namespace modsecurity {
+using Utils::SMatch;
+using Utils::regex_search;
+using Utils::Regex;
+
+namespace operators {
+
+
+class RxGlobal : public Operator {
+ public:
+    /** @ingroup ModSecurity_Operator */
+    explicit RxGlobal(std::unique_ptr<RunTimeString> param)
+        : m_re(nullptr),
+        Operator("RxGlobal", std::move(param)) {
+            m_couldContainsMacro = true;
+        }
+
+    ~RxGlobal() {
+        if (m_string->m_containsMacro == false && m_re != NULL) {
+            delete m_re;
+            m_re = NULL;
+        }
+    }
+
+    bool evaluate(Transaction *transaction, RuleWithActions *rule,
+        const std::string& input,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
+
+    bool init(const std::string &arg, std::string *error) override;
+
+ private:
+    Regex *m_re;
+};
+
+
+}  // namespace operators
+}  // namespace modsecurity
+
+
+#endif  // SRC_OPERATORS_RX_GLOBAL_H_