Last active
October 7, 2019 10:48
-
-
Save airween/739de6e33e1947fc451aec7014612bb3 to your computer and use it in GitHub Desktop.
Check a unique variable in ModSecurity OWASP CRS rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import yaml | |
import sys | |
from msc_pyparser import MSCUtils as u | |
import os | |
class Check(object): | |
def __init__(self, src, data): | |
self.source = src | |
self.data = data | |
self.current_ruleid = 0 | |
self.curr_lineno = 0 | |
self.chained = False | |
self.chainlevel = 0 | |
def check_ver_act(self): | |
# create a dict with keys name of transforms, values are empty lists | |
severities = [] | |
disruptive_a = [] | |
for d in self.data: | |
if "actions" in d: | |
aidx = 0 | |
if self.chained == True: | |
self.chained = False | |
while aidx < len(d['actions']): | |
a = d['actions'][aidx] | |
self.curr_lineno = a['lineno'] | |
if a['act_name'] == "id": | |
self.current_ruleid = int(a['act_arg']) | |
if a['act_name'] == "chain": | |
self.chained = True | |
self.chainlevel += 1 | |
aidx += 1 | |
if "variables" in d: | |
if "TX:/b64decoded_*/" not in d['variables'] and "ARGS" in d['variables']: | |
if self.current_ruleid > 0: | |
print("Variable 'TX:/b64decoded_*/' doesn't exists at rule %d" % (self.current_ruleid)) | |
else: | |
print("Variable 'TX:/b64decoded_*/' doesn't exists at line %d" % (d['lineno'])) | |
self.curr_lineno = 0 | |
if __name__ == "__main__": | |
if len(sys.argv) < 2: | |
print("Argument missing!") | |
print("Use: %s /path/to/exported/dir" % (sys.argv[0])) | |
sys.exit(-1) | |
srcobj = sys.argv[1] | |
st = u.getpathtype(srcobj) | |
if st == u.UNKNOWN: | |
print("Unknown source path!") | |
sys.exit() | |
configs = [] | |
if st == u.IS_DIR: | |
for f in os.listdir(srcobj): | |
fp = os.path.join(srcobj, f) | |
if os.path.isfile(fp) and os.path.basename(fp)[-5:] == ".yaml": | |
#if os.path.isfile(fp) and os.path.basename(fp)[-5:] == ".json": | |
configs.append(fp) | |
if st == u.IS_FILE: | |
configs.append(srcobj) | |
configs.sort() | |
for c in configs: | |
try: | |
with open(c) as file: | |
if yaml.__version__ >= "5.1": | |
data = yaml.load(file, Loader=yaml.FullLoader) | |
else: | |
data = yaml.load(file) | |
# data = json.load(file) | |
except: | |
print("Exception catched - ", sys.exc_info()) | |
sys.exit(-1) | |
c = Check(c.replace(".yaml", "").replace(srcobj, ""), data) | |
c.check_ver_act() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment