Adds support to USER collection, setuid action and USERID variable

More details on: #1026, #1024, #1048

Author: zimmerle

headers/modsecurity/collection/collections.h

@@ -45,7 +45,8 @@ namespace collection {
 class Collections :
     public std::unordered_map<std::string, Collection *> {
  public:
-    Collections(Collection *global, Collection *ip, Collection *session);
+    Collections(Collection *global, Collection *ip, Collection *session,
+        Collection *user);
     ~Collections();
 
     void store(std::string key, std::string value);
@@ -87,10 +88,12 @@ class Collections :
     std::string m_global_collection_key;
     std::string m_ip_collection_key;
     std::string m_session_collection_key;
+    std::string m_user_collection_key;
 
     Collection *m_global_collection;
     Collection *m_ip_collection;
     Collection *m_session_collection;
+    Collection *m_user_collection;
 };
 
 }  // namespace collection

headers/modsecurity/modsecurity.h

@@ -225,6 +225,7 @@ class ModSecurity {
     collection::Collection *m_global_collection;
     collection::Collection *m_ip_collection;
     collection::Collection *m_session_collection;
+    collection::Collection *m_user_collection;
 
  private:
     std::string m_connector;

src/Makefile.am

@@ -80,6 +80,7 @@ ACTIONS = \
 	actions/rule_id.cc \
 	actions/severity.cc \
 	actions/set_sid.cc \
+	actions/set_uid.cc \
 	actions/set_var.cc \
 	actions/status.cc \
 	actions/skip_after.cc \

src/actions/set_uid.cc

@@ -0,0 +1,56 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/set_uid.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "src/macro_expansion.h"
+#include "src/utils.h"
+
+namespace modsecurity {
+namespace actions {
+
+
+bool SetUID::init(std::string *error) {
+    m_collection_key = std::string(action, 0, action.length());
+
+    if (m_collection_key.empty()) {
+        return false;
+    }
+
+    return true;
+}
+
+
+bool SetUID::evaluate(Rule *rule, Transaction *t) {
+    std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
+
+#ifndef NO_LOGS
+    t->debug(8, "User collection initiated with value: \'"
+        + colNameExpanded + "\'.");
+#endif
+
+    t->m_collections.m_user_collection_key = colNameExpanded;
+    t->m_collections.storeOrUpdateFirst("USERID", colNameExpanded);
+
+    return true;
+}
+
+}  // namespace actions
+}  // namespace modsecurity

src/actions/set_uid.h

@@ -0,0 +1,45 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_SET_UID_H_
+#define SRC_ACTIONS_SET_UID_H_
+
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+namespace actions {
+
+
+class SetUID : public Action {
+ public:
+    explicit SetUID(std::string _action)
+        : Action(_action) { }
+
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool init(std::string *error) override;
+ private:
+    std::string m_collection_key;
+};
+
+
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_SET_UID_H_

src/collection/collections.cc

@@ -34,12 +34,13 @@ namespace collection {
 
 
 Collections::Collections(Collection *global,
-    Collection *ip, Collection *session)
+    Collection *ip, Collection *session, Collection *user)
     : m_global_collection_key(""),
     m_ip_collection_key(""),
     m_global_collection(global),
     m_ip_collection(ip),
     m_session_collection(session),
+    m_user_collection(user),
     m_transient(new backend::InMemoryPerProcess()) {
     /* Create collection TX */
     this->emplace("TX", new backend::InMemoryPerProcess());

src/modsecurity.cc

@@ -49,6 +49,7 @@ ModSecurity::ModSecurity()
     m_global_collection(new collection::backend::InMemoryPerProcess()),
     m_ip_collection(new collection::backend::InMemoryPerProcess()),
     m_session_collection(new collection::backend::InMemoryPerProcess()),
+    m_user_collection(new collection::backend::InMemoryPerProcess()),
     m_logCb(NULL) {
     UniqueId::uniqueId();
     srand(time(NULL));

src/parser/seclang-parser.yy

@@ -25,6 +25,7 @@ class Driver;
 #include "actions/ctl_audit_log_parts.h"
 #include "actions/init_col.h"
 #include "actions/set_sid.h"
+#include "actions/set_uid.h"
 #include "actions/set_var.h"
 #include "actions/severity.h"
 #include "actions/skip_after.h"
@@ -68,6 +69,7 @@ using modsecurity::actions::Action;
 using modsecurity::actions::CtlAuditLogParts;
 using modsecurity::actions::InitCol;
 using modsecurity::actions::SetSID;
+using modsecurity::actions::SetUID;
 using modsecurity::actions::SetVar;
 using modsecurity::actions::Severity;
 using modsecurity::actions::Tag;
@@ -933,21 +935,15 @@ act:
       }
     | ACTION_SETUID
       {
-        /*
-
-        TODO: setUID is not implemented yet.
-
         std::string error;
-        SetEnv *setUID = new SetUID($1);
+        SetUID *setUID = new SetUID($1);
 
         if (setUID->init(&error) == false) {
             driver.parserError << error;
             YYERROR;
         }
 
         $$ = setUID;
-        */
-        $$ = Action::instantiate($1);
       }
     | ACTION_SETVAR
       {

src/parser/seclang-scanner.ll

@@ -116,7 +116,7 @@ OPERATOR_GEOIP  (?i:@geoLookup)
 TRANSFORMATION  t:(?i:(cmdLine|sha1|hexEncode|lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim|normalizePathWin|normalisePathWin|normalisePath|length|utf8toUnicode|urldecode|removeCommentsChar|removeComments|replaceComments))
 
 
-VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|SESSIONID))
+VARIABLE (?i:(RESOURCE|ARGS_COMBINED_SIZE|ARGS_GET_NAMES|ARGS_POST_NAMES|FILES_COMBINED_SIZE|FULL_REQUEST_LENGTH|REQUEST_BODY_LENGTH|REQUEST_URI_RAW|UNIQUE_ID|SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VAR|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|AUTH_TYPE|ARGS_NAMES|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_PROTOCOL|RESPONSE_STATUS|REQBODY_PROCESSOR|USERID|SESSIONID))
 VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES|FILES_TMP_CONTENT|MULTIPART_FILENAME|MULTIPART_NAME|MATCHED_VARS_NAMES|MATCHED_VARS|FILES|QUERY_STRING|REQUEST_COOKIES|REQUEST_HEADERS|RESPONSE_HEADERS|GEO|IP|XML|REQUEST_COOKIES_NAMES))
 
 VARIABLE_TX (?i:TX)

src/transaction.cc

@@ -113,7 +113,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
     m_logCbData(logCbData),
     m_ms(ms),
     m_collections(ms->m_global_collection, ms->m_ip_collection,
-        ms->m_session_collection) {
+        ms->m_session_collection, ms->m_user_collection) {
     m_id = std::to_string(this->m_timeStamp) + \
         std::to_string(generate_transaction_unique_id());
     m_rules->incrementReferenceCount();