Adds support to SecRuleScript directive

Felipe Zimmerle · Felipe Zimmerle · commit e52bd7d63585 · 2017-11-05T23:31:16.000-03:00
diff --git a/CHANGES b/CHANGES
@@ -2,6 +2,8 @@
 v3.0.????? - ?
 ---------------------------
 
+ - Adds support to SecRuleScript directive.
+   [Issue #994 - @zimmerle]
  - Adds support for the exec action.
    [Issue #1050 - @zimmerle]
  - Adds support for transformations inside Lua engine
diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h
@@ -52,7 +52,7 @@ class Rule {
     explicit Rule(std::string marker);
     ~Rule();
 
-    bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> rm);
+    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> rm);
     bool evaluateActions(Transaction *transaction);
     std::vector<std::unique_ptr<collection::Variable>>
 	getFinalVars(Transaction *trasn);
diff --git a/src/parser/driver.cc b/src/parser/driver.cc
@@ -63,6 +63,13 @@ int Driver::addSecAction(Rule *rule) {
     return true;
 }
 
+
+int Driver::addSecRuleScript(RuleScript *rule) {
+    m_rules[rule->m_phase].push_back(rule);
+    return true;
+}
+
+
 int Driver::addSecRule(Rule *rule) {
     if (rule->m_phase > modsecurity::Phases::NUMBER_OF_PHASES) {
         m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);
diff --git a/src/parser/driver.h b/src/parser/driver.h
@@ -28,7 +28,7 @@
 #include "modsecurity/rules.h"
 #include "modsecurity/rules_properties.h"
 #include "modsecurity/audit_log.h"
-
+#include "src/rule_script.h"
 #include "src/parser/seclang-parser.hh"
 
 using modsecurity::Rule;
@@ -58,6 +58,7 @@ class Driver : public RulesProperties {
     int addSecRule(Rule *rule);
     int addSecAction(Rule *rule);
     int addSecMarker(std::string marker);
+    int addSecRuleScript(RuleScript *rule);
 
     bool scan_begin();
     void scan_end();
diff --git a/src/rule_script.cc b/src/rule_script.cc
@@ -0,0 +1,46 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/rule_script.h"
+
+
+namespace modsecurity {
+
+bool RuleScript::init(std::string *err) {
+    return m_lua.load(m_name, err);
+}
+
+bool RuleScript::evaluate(Transaction *trans,
+    std::shared_ptr<RuleMessage> ruleMessage) {
+    trans->debug(4, " Executing script: " + m_name + ".");
+    bool containsDisruptive = false;
+
+    if (ruleMessage == NULL) {
+        ruleMessage = std::shared_ptr<RuleMessage>(
+            new RuleMessage(this, trans));
+    }
+
+    executeActionsIndependentOfChainedRuleResult(trans,
+        &containsDisruptive, ruleMessage);
+
+    bool ret = m_lua.run(trans);
+    if (ret) {
+        executeActionsAfterFullMatch(trans, containsDisruptive, ruleMessage);
+    }
+
+    return ret;
+}
+
+}  // namespace modsecurity
diff --git a/src/rule_script.h b/src/rule_script.h
@@ -0,0 +1,64 @@
+
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+#include "modsecurity/rule.h"
+#include "src/engine/lua.h"
+#include "src/operators/operator.h"
+#include "modsecurity/actions/action.h"
+#include "modsecurity/modsecurity.h"
+#include "src/actions/transformations/none.h"
+#include "src/actions/tag.h"
+#include "src/utils/string.h"
+#include "modsecurity/rules.h"
+#include "modsecurity/rule_message.h"
+#include "src/macro_expansion.h"
+#include "src/actions/msg.h"
+#include "src/actions/log_data.h"
+#include "src/actions/severity.h"
+#include "src/variables/variable.h"
+
+#ifndef SRC_RULE_SCRIPT_H_
+#define SRC_RULE_SCRIPT_H_
+
+
+namespace modsecurity {
+
+using actions::Action;
+
+/** @ingroup ModSecurity_CPP_API */
+class RuleScript : public Rule {
+ public:
+    RuleScript(std::string name,
+        std::vector<Action *> *actions,
+        std::string fileName,
+        int lineNumber
+    ) : Rule (NULL, NULL, actions, fileName, lineNumber),
+        m_name(name) { };
+
+    bool init(std::string *err);
+    bool evaluate(Transaction *trans,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
+
+
+    std::string m_name;
+    engine::Lua m_lua;
+};
+
+}  // namespace modsecurity
+
+#endif  // SRC_RULE_SCRIPT_H_
+
