mod-security-developers

[Mod-security-developers] Fwd: Adding new operator

[Rufus P. <ruf...@gm...>]

Hello!

I am trying to add a new operator "verifysvnr" to ModSecurity.

I have already written a unit-test for the operator which passes, however
the regression test fails, because ModSecurity does not detect
@verifysvnr as an operator:

[/] [4] (Rule: 1) Executing operator "Rx" with param "@verifysvnr \d{4}
?\d{6}" against ARGS.

compare with verifyssn:

[/] [4] (Rule: 1) Executing operator "VerifySSN" with param "\d{4} ?\d{6}"
against ARGS.


I added the new operator to  "src/parser/seclang-parser.hh",
"src/parser/seclang-parser.yy", "src/parser/seclang-scanner.ll" and
"src/parser/seclang-scanner.cc" in the same way as verifyssn.

I drew a new number 595 for the operator, incremented const unsigned
user_token_number_max_ by one
Added the new number 595 to yytoken_number_[]
Added a condition in src/parser/seclang-parser.yy

Can you please assist me on what is missing or what I am doing wrong?


For the actual work I have done see the commits on my fork of ModSecurity
on Github: https://github.com/Rufus125/ModSecurity/commits/v3/master

Thanks and have a nice day!
Rufus

Re: [Mod-security-developers] Fwd: Adding new operator

[Ervin H. <ai...@gm...>]

Hi Rufus,

On Sun, Mar 31, 2019 at 03:12:58PM +0200, Rufus Pwner wrote:
> Hello!

[...]
 
> "src/parser/seclang-scanner.cc" in the same way as verifyssn.
> 
> I drew a new number 595 for the operator, incremented const unsigned
> user_token_number_max_ by one
> Added the new number 595 to yytoken_number_[]
> Added a condition in src/parser/seclang-parser.yy
> 
> Can you please assist me on what is missing or what I am doing wrong?

how do you run the configure script? Could you show us your
first few lines of config,log?

$ head -n 8 config.log 
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by modsecurity configure 3.0, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ ./configure --without-lmdb --enable-parser-generation --enable-mutex-on-pm --prefix=/usr

may be you have to pass the "--enable-parser-generation" option.


a.

Re: [Mod-security-developers] Fwd: Adding new operator

[Rufus P. <ruf...@gm...>]

Hi Ervin!

Thanks a lot!

./configure --enable-parser-generation did the trick!

Thanks to your support I was able to finish the work on the operator and
created a PR:

https://github.com/SpiderLabs/ModSecurity/issues/2062
https://github.com/SpiderLabs/ModSecurity/pull/2063
https://github.com/SpiderLabs/secrules-language-tests/pull/5

BR
Rufus


On Sun, Mar 31, 2019 at 8:57 PM Ervin Hegedüs <ai...@gm...> wrote:

> Hi Rufus,
>
> On Sun, Mar 31, 2019 at 03:12:58PM +0200, Rufus Pwner wrote:
> > Hello!
>
> [...]
>
> > "src/parser/seclang-scanner.cc" in the same way as verifyssn.
> >
> > I drew a new number 595 for the operator, incremented const unsigned
> > user_token_number_max_ by one
> > Added the new number 595 to yytoken_number_[]
> > Added a condition in src/parser/seclang-parser.yy
> >
> > Can you please assist me on what is missing or what I am doing wrong?
>
> how do you run the configure script? Could you show us your
> first few lines of config,log?
>
> $ head -n 8 config.log
> This file contains any messages produced by compilers while
> running configure, to aid debugging if configure makes a mistake.
>
> It was created by modsecurity configure 3.0, which was
> generated by GNU Autoconf 2.69.  Invocation command line was
>
>   $ ./configure --without-lmdb --enable-parser-generation
> --enable-mutex-on-pm --prefix=/usr
>
> may be you have to pass the "--enable-parser-generation" option.
>
>
> a.
>
>
>
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>

Re: [Mod-security-developers] Fwd: Adding new operator

[Ervin H. <ai...@gm...>]

Hi Rufus,

On Sat, Apr 06, 2019 at 06:01:03PM +0200, Rufus Pwner wrote:
> Hi Ervin!
> 
> Thanks a lot!
> 
> ./configure --enable-parser-generation did the trick!

you're welcome :),

> Thanks to your support I was able to finish the work on the operator and
> created a PR:
> 
> https://github.com/SpiderLabs/ModSecurity/issues/2062
> https://github.com/SpiderLabs/ModSecurity/pull/2063
> https://github.com/SpiderLabs/secrules-language-tests/pull/5

note, that all Travis CI test had failed:

https://github.com/SpiderLabs/ModSecurity/pull/2063
"All checks have failed"

details:
https://travis-ci.org/SpiderLabs/ModSecurity/builds/516607693

looks like your regression test didn't pass, eg.:

https://travis-ci.org/SpiderLabs/ModSecurity/jobs/516607694

3012. (   0/  1/   1): test/test-cases/regression/operator-verifysvnr.json


Anyway, strictly my private opinion, but - despite of your work
is nice - this feature request wouldn't deserve an own new
operator (without any argument, I mean if somebody wants to use
an another algorithm, how can it use _this_?).

This "problem" what you solve as very elegant way, is tipically
can be solved with Lua - see the examples in libmodsecurity3
source dir.

But as I wrote, this is strictly IMHO. :)



Regards,


a.