Skip to content

Fix RulesProperties::appendRules() #1901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Fix RulesProperties::appendRules() #1901

wants to merge 2 commits into from

Conversation

stevendore
Copy link
Contributor

After a discussion on #1888 I noticed RulesProperties::appendRules() was not checking for duplicate IDs as well as throwing an error if there were secMarkers in more than one file (when calling any combination of rules->load(), rules->loadFromUri() or rules->loadRemote() more than once). To fix the secMarker issue, the if statement on rules_properties.h:441 just needed to be negated.

This function also doesn't accurately check for duplicate IDs. The check can be circumvented by putting the rule in a different phase. To fix this, the ruleId list (v in this function) has to be populated completely before checking it against the other list.

Before the patch is applied the example below will fail to load rules due to multiple files containing secMarkers

test01.conf

SecRule REQUEST_FILENAME "@endsWith /wp-login.php" "id:1,phase:2"
SecRule REQUEST_FILENAME "@endsWith /private" "id:2,phase:1"
SecMarker END-ONE

test02.conf

SecRule UNIQUE_ID "@rx ^." "id:3,phase:3"
SecMarker END-TWO

test03.conf

SecRule REQUEST_FILENAME "@endsWith /admin" "id:4,phase:6"
SecMarker END-THREE

x@x:/code/ModSecurity/tools/rules-check$ ./modsec-rules-check /code/test_conf/*.conf
 : /code/test_conf/test01.conf  --  Loaded 9 rules.
 : /code/test_conf/test02.conf  --  Loaded -1 rules.
    Rule id: 0 is duplicated

 : /code/test_conf/test03.conf  --  Loaded -1 rules.
    Rule id: 0 is duplicated

Test failed.

After removing the SecMarkers from test02 and test03 the test will pass.

x@x:/code/ModSecurity/tools/rules-check$ ./modsec-rules-check /code/test_conf/*.conf
 : /code/test_conf/test01.conf  --  Loaded 9 rules.
 : /code/test_conf/test02.conf  --  Loaded 1 rules.
 : /code/test_conf/test03.conf  --  Loaded 1 rules.
Test ok.

And if you force a duplicate ruleId by changing the Id in test03 to 1, the test will still pass.

After the patch all of these issues are dealt with in the correct manner.
The test will pass with the original conf files above and will fail if you change the ID in test03 to 1.

@stevendore
Fix RulesProperties::appendRules()
889186d 
RulesProperties::appendRules() was not checking for duplicate IDs as well as
throwing an error if there were secMarkers in more than one file (when
calling any combination of rules->load(), rules->loadFromUri() or
rules->loadRemote() more than once). To fix the secMarker issue, the if
statement on rules_properties.h:441 just needed to be negated.

This function also doesn't accurately check for duplicate IDs. the check
can be circumvented by putting the rule in a different phase. To fix this
the ruleId list (v) had to be populated completely before checking against
the other list.
@djellemah
Copy link

+1 on this. I'm running into the same issue (duplicate ID errors when merging Rules instances via the C api) and this pull request fixes that.

@victorhora victorhora requested a review from zimmerle September 25, 2018 14:04
@victorhora victorhora self-assigned this Sep 25, 2018
@victorhora victorhora added this to the v3.0.3 milestone Sep 25, 2018
@victorhora victorhora self-requested a review September 25, 2018 14:05
zimmerle pushed a commit that referenced this pull request Oct 16, 2018
CHANGES: Adds info on #1901
386e212
@victorhora
Copy link
Contributor

Merged as of 2cebba9.

Thanks for your contribution! :)

@victorhora victorhora closed this Oct 17, 2018
zimmerle pushed a commit that referenced this pull request Oct 18, 2018
CHANGES: Adds info on #1901
542ee4f
zimmerle pushed a commit that referenced this pull request Oct 23, 2018
CHANGES: Adds info on #1901
8c549c6
@stevendore stevendore deleted the fix_appendRules branch February 14, 2019 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimmerle zimmerle Awaiting requested review from zimmerle

@victorhora victorhora Awaiting requested review from victorhora

Assignees

@zimmerle zimmerle

@victorhora victorhora

Labels
pr available
Projects
None yet
Milestone
v3.0.3
Development

Successfully merging this pull request may close these issues.
4 participants
@stevendore @djellemah @victorhora @zimmerle