View | Details | Raw Unified | Return to bug 249312
Collapse All | Expand All

(-)security/modsecurity3/files/patch-src_operators_rx.cc (+51 lines)
Line 0 Link Here
1 
--- src/operators/rx.cc.orig	2020-01-13 13:09:28 UTC
2 
+++ src/operators/rx.cc
3 
@@ -38,7 +38,6 @@ bool Rx::init(const std::string &arg, st
4
5 
 bool Rx::evaluate(Transaction *transaction, Rule *rule,
6 
     const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
7 
-    std::list<SMatch> matches;
8 
     Regex *re;
9
10 
     if (m_param.empty() && !m_string->m_containsMacro) {
11 
@@ -52,29 +51,29 @@ bool Rx::evaluate(Transaction *transacti
12 
         re = m_re;
13 
     }
14
15 
-    matches = re->searchAll(input);
16 
+    std::vector<Utils::SMatchCapture> captures;
17 
+    re->searchOneMatch(input, captures);
18 
+
19 
     if (rule && rule->m_containsCaptureAction && transaction) {
20 
-        int i = 0;
21 
-        matches.reverse();
22 
-        for (const SMatch& a : matches) {
23 
+        for (const Utils::SMatchCapture& capture : captures) {
24 
+            const std::string capture_substring(input.substr(capture.m_offset,capture.m_length));
25 
             transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
26 
-                std::to_string(i), a.str());
27 
+                std::to_string(capture.m_group), capture_substring);
28 
             ms_dbg_a(transaction, 7, "Added regex subexpression TX." +
29 
-                std::to_string(i) + ": " + a.str());
30 
-            transaction->m_matched.push_back(a.str());
31 
-            i++;
32 
+                std::to_string(capture.m_group) + ": " + capture_substring);
33 
+            transaction->m_matched.push_back(capture_substring);
34 
         }
35 
     }
36
37 
-    for (const auto & i : matches) {
38 
-        logOffset(ruleMessage, i.offset(), i.str().size());
39 
+    for (const auto & capture : captures) {
40 
+        logOffset(ruleMessage, capture.m_offset, capture.m_length);
41 
     }
42
43 
     if (m_string->m_containsMacro) {
44 
         delete re;
45 
     }
46
47 
-    if (matches.size() > 0) {
48 
+    if (captures.size() > 0) {
49 
         return true;
50 
     }
51
(-)security/modsecurity3/files/patch-src_utils_regex.cc (+40 lines)
Line 0 Link Here
1 
--- src/utils/regex.cc.orig	2020-01-13 13:09:28 UTC
2 
+++ src/utils/regex.cc
3 
@@ -16,10 +16,6 @@
4 
 #include "src/utils/regex.h"
5
6 
 #include <pcre.h>
7 
-#include <sys/socket.h>
8 
-#include <sys/types.h>
9 
-#include <netinet/in.h>
10 
-#include <arpa/inet.h>
11 
 #include <string>
12 
 #include <list>
13
14 
@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const
15 
     return retList;
16 
 }
17
18 
+bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const {
19 
+    const char *subject = s.c_str();
20 
+    int ovector[OVECCOUNT];
21 
+
22 
+    int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT);
23 
+
24 
+    for (int i = 0; i < rc; i++) {
25 
+        size_t start = ovector[2*i];
26 
+        size_t end = ovector[2*i+1];
27 
+        size_t len = end - start;
28 
+        if (end > s.size()) {
29 
+            continue;
30 
+        }
31 
+        SMatchCapture capture(i, start, len);
32 
+        captures.push_back(capture);
33 
+    }
34 
+
35 
+    return (rc > 0);
36 
+}
37 
+
38 
 int Regex::search(const std::string& s, SMatch *match) const {
39 
     int ovector[OVECCOUNT];
40 
     int ret = pcre_exec(m_pc, m_pce, s.c_str(),
(-)security/modsecurity3/files/patch-src_utils_regex.h (+35 lines)
Line 0 Link Here
1 
--- src/utils/regex.h.orig	2020-01-13 13:09:28 UTC
2 
+++ src/utils/regex.h
3 
@@ -19,6 +19,7 @@
4 
 #include <fstream>
5 
 #include <string>
6 
 #include <list>
7 
+#include <vector>
8
9 
 #ifndef SRC_UTILS_REGEX_H_
10 
 #define SRC_UTILS_REGEX_H_
11 
@@ -47,6 +48,16 @@ class SMatch {
12 
     size_t m_offset;
13 
 };
14
15 
+struct SMatchCapture {
16 
+    SMatchCapture(size_t group, size_t offset, size_t length) :
17 
+    m_group(group),
18 
+    m_offset(offset),
19 
+    m_length(length) { }
20 
+
21 
+    size_t m_group; // E.g. 0 = full match; 6 = capture group 6
22 
+    size_t m_offset; // offset of match within the analyzed string
23 
+    size_t m_length;
24 
+};
25
26 
 class Regex {
27 
  public:
28 
@@ -58,6 +69,7 @@ class Regex {
29 
     Regex& operator=(const Regex&) = delete;
30
31 
     std::list<SMatch> searchAll(const std::string& s) const;
32 
+    bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const;
33 
     int search(const std::string &s, SMatch *m) const;
34 
     int search(const std::string &s) const;
35
(-)security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json (+146 lines)
Line 0 Link Here
1 
--- test/test-cases/regression/variable-TX.json.orig	2020-01-13 13:09:28 UTC
2 
+++ test/test-cases/regression/variable-TX.json
3 
@@ -80,5 +80,143 @@
4 
       "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"",
5 
       "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\""
6 
     ]
7 
+  },
8 
+  {
9 
+    "enabled":1,
10 
+    "version_min":300000,
11 
+    "title":"Testing Variables :: capture group match after unused group",
12 
+    "client":{
13 
+      "ip":"200.249.12.31",
14 
+      "port":123
15 
+    },
16 
+    "server":{
17 
+      "ip":"200.249.12.31",
18 
+      "port":80
19 
+    },
20 
+    "request":{
21 
+      "uri":"/?key=aadd",
22 
+      "method":"GET"
23 
+    },
24 
+    "response":{
25 
+      "headers":{
26 
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
27 
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
28 
+        "Content-Type":"text/html"
29 
+      },
30 
+      "body":[
31 
+        "no need."
32 
+      ]
33 
+    },
34 
+    "expected":{
35 
+      "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
36 
+    },
37 
+    "rules":[
38 
+      "SecRuleEngine On",
39 
+      "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"",
40 
+      "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
41 
+    ]
42 
+  },
43 
+  {
44 
+    "enabled":1,
45 
+    "version_min":300000,
46 
+    "title":"Testing Variables :: empty capture group match followed by nonempty capture group",
47 
+    "client":{
48 
+      "ip":"200.249.12.31",
49 
+      "port":123
50 
+    },
51 
+    "server":{
52 
+      "ip":"200.249.12.31",
53 
+      "port":80
54 
+    },
55 
+    "request":{
56 
+      "uri":"/?key=aadd",
57 
+      "method":"GET"
58 
+    },
59 
+    "response":{
60 
+      "headers":{
61 
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
62 
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
63 
+        "Content-Type":"text/html"
64 
+      },
65 
+      "body":[
66 
+        "no need."
67 
+      ]
68 
+    },
69 
+    "expected":{
70 
+      "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
71 
+    },
72 
+    "rules":[
73 
+      "SecRuleEngine On",
74 
+      "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"",
75 
+      "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
76 
+    ]
77 
+  },
78 
+  {
79 
+    "enabled":1,
80 
+    "version_min":300000,
81 
+    "title":"Testing Variables :: repeating capture group -- alternates",
82 
+    "client":{
83 
+      "ip":"200.249.12.31",
84 
+      "port":123
85 
+    },
86 
+    "server":{
87 
+      "ip":"200.249.12.31",
88 
+      "port":80
89 
+    },
90 
+    "request":{
91 
+      "uri":"/?key=_abc123_",
92 
+      "method":"GET"
93 
+    },
94 
+    "response":{
95 
+      "headers":{
96 
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
97 
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
98 
+        "Content-Type":"text/html"
99 
+      },
100 
+      "body":[
101 
+        "no need."
102 
+      ]
103 
+    },
104 
+    "expected":{
105 
+      "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123"
106 
+    },
107 
+    "rules":[
108 
+      "SecRuleEngine On",
109 
+      "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\""
110 
+    ]
111 
+  },
112 
+  {
113 
+    "enabled":1,
114 
+    "version_min":300000,
115 
+    "title":"Testing Variables :: repeating capture group -- same (nested)",
116 
+    "client":{
117 
+      "ip":"200.249.12.31",
118 
+      "port":123
119 
+    },
120 
+    "server":{
121 
+      "ip":"200.249.12.31",
122 
+      "port":80
123 
+    },
124 
+    "request":{
125 
+      "uri":"/?key=a:5a:8a:9",
126 
+      "method":"GET"
127 
+    },
128 
+    "response":{
129 
+      "headers":{
130 
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
131 
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
132 
+        "Content-Type":"text/html"
133 
+      },
134 
+      "body":[
135 
+        "no need."
136 
+      ]
137 
+    },
138 
+    "expected":{
139 
+      "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9"
140 
+    },
141 
+    "rules":[
142 
+      "SecRuleEngine On",
143 
+      "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\""
144 
+    ]
145 
   }
146 
 ]

Return to bug 249312