Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
M
modsec-ml
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
GSI
modsec-ml
Commits
e4f1d1a8
Commit
e4f1d1a8
authored
May 10, 2018
by
Juan Diego Campo
Browse files
Options
Downloads
Patches
Plain Diff
First version of json input generation
parent
1ddfa74f
No related branches found
No related tags found
No related merge requests found
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
.gitignore
+1
-0
1 addition, 0 deletions
.gitignore
Makefile
+4
-1
4 additions, 1 deletion
Makefile
lua_rule.conf
+3
-4
3 additions, 4 deletions
lua_rule.conf
ml.lua
+76
-10
76 additions, 10 deletions
ml.lua
test.java
+9
-10
9 additions, 10 deletions
test.java
with
93 additions
and
25 deletions
.gitignore
+
1
−
0
View file @
e4f1d1a8
*.o
*.class
*.jar
*.log
modsec_ml
This diff is collapsed.
Click to expand it.
Makefile
+
4
−
1
View file @
e4f1d1a8
...
...
@@ -2,12 +2,15 @@ CPPFLAGS=-g -pthread -I/usr/local/modsecurity/include
LDFLAGS
=
-g
LDLIBS
=
-L
/usr/local/modsecurity/lib
-lmodsecurity
-lstdc
++
all
:
modsec_ml test.
class
all
:
modsec_ml test.
jar
modsec_ml
:
modsec_ml.o
modsec_ml.o
:
modsec_ml.cpp
test.class
:
test.java
javac test.java
test.jar
:
test.class
jar cfe test.jar
test
test.class
clean
:
rm
-f
modsec_ml modsec_ml.o test.class
This diff is collapsed.
Click to expand it.
lua_rule.conf
+
3
−
4
View file @
e4f1d1a8
SecRuleEngine
On
SecRequestBodyAccess
On
SecDebugLog
.
/
debug
.
log
SecDebugLog
/
etc
/
nginx
/
debug
.
log
SecDebugLogLevel
9
SecAuditEngine
RelevantOnly
SecAuditLog
./
audit
.
log
SecRuleScript
ml
.
lua
"phase:2,deny,status:403,log"
# SecRule ARGS n "id:15,phase:2,deny,status:403,log"
SecRuleScript
/
home
/
jdcampo
/
gsi
/
modsec
/
modsec
-
ml
/
ml
.
lua
"phase:2,deny,status:403,log"
This diff is collapsed.
Click to expand it.
ml.lua
+
76
−
10
View file @
e4f1d1a8
function
split
(
str
,
pat
)
local
t
=
{}
local
fpat
=
"(.-)"
..
pat
local
last_end
=
1
local
s
,
e
,
cap
=
str
:
find
(
fpat
,
1
)
while
s
do
if
s
~=
1
or
cap
~=
""
then
table.insert
(
t
,
cap
)
end
last_end
=
e
+
1
s
,
e
,
cap
=
str
:
find
(
fpat
,
last_end
)
end
if
last_end
<=
#
str
then
cap
=
str
:
sub
(
last_end
)
table.insert
(
t
,
cap
)
end
return
t
end
function
main
()
local
input
=
'testing....\
testing2...'
local
json
=
require
(
"json"
)
local
input
=
"{\n"
input
=
input
..
"
\t\"
unique_id\"
:
"..json.encode(m.getvar("
UNIQUE_ID
")).."
,
\
n
"
input = input.."
\
t
\
"method\"
:
"..json.encode(m.getvar("
REQUEST_METHOD
")).."
,
\
n
"
input = input.."
\
t
\
"protocol\"
:
"..json.encode(m.getvar("
REQUEST_PROTOCOL
")).."
,
\
n
"
input = input.."
\
t
\
"uri\"
:
"..json.encode(m.getvar("
REQUEST_URI
")).."
,
\
n
"
if m.getvar("
REQUEST_BODY
") then
input = input.."
\
t
\
"body\"
:
"..json.encode(m.getvar("
REQUEST_BODY
")).."
,
\
n
"
else
input = input.."
\
t
\
"body\"
:
\
"
\"
,\n"
end
-- FIXME: These var don't work: ARGS_GET, ARGS_POST, REQUEST_HEADERS
input
=
input
..
"
\t\"
argsGet\"
:
{
\
n
"
-- local args_get = m.getvars("
ARGS_GET
")
local args_get = split(m.getvar("
REQUEST_URI
"),"
?
")
args_get = split(args_get[#args_get],"
&
")
for i = 1, #args_get do
arg = split(args_get[i],"
=
")
input = input.."
\
t
\
t
"..json.encode(arg[1]).."
:
"
input = input..json.encode(arg[2]).."
,
\
n
"
end
input = input.."
\
t
},
\
n
"
input = input.."
\
t
\
"headers\"
:
{
\
n
"
-- local headers = m.getvars("
REQUEST_HEADERS
")
local headers = split(m.getvar("
FULL_REQUEST
"),"
\
n
\
n
")[1]
headers = split(headers,"
\
n
")
for i = 1, #headers do
header = split(headers[i],"
:
")
input = input.."
\
t
\
t
"..json.encode(header[1]).."
:
"
input = input..json.encode(header[2]).."
,
\
n
"
end
input = input.."
\
t
},
\
n
"
input = input.."
\
t
\
"argsPost\"
:
{
\
n
"
-- local args_post = m.getvars("
ARGS_POST
")
local args_post = {}
for i = 1, #args_post do
input = input.."
\
t
\
t
"..json.encode(args_post[i].name).."
:
"
input = input..json.encode(args_post[i].value).."
,
\
n
"
end
input = input.."
\
t
},
\
n
"
input = input.."
}
\
n
"
m.log(3, "
ML
-
input
:
\
n
"..input)
-- As far as I can see, external program input can only be done
-- through a tmp file
local
tmpfile
=
'
.
/lua_pipe'
local tmpfile = '
/tmp
/lua_pipe'
local f = io.open(tmpfile, 'w')
f:write(input)
f:close()
cmd
=
'java
test
<'
..
tmpfile
cmd = 'java
-jar /usr/local/nginx/modules/test.jar
<'..tmpfile
local p = io.popen(cmd, 'r')
local
output
=
p
:
read
(
'*a'
)
local
_
,
exit
,
status
=
p
:
close
()
local output = p:lines()
m.log(3, "
ML
-
res
:
\
n
")
for line in output do
m.log(3, line)
end
p:close()
os.remove(tmpfile)
print
(
"exit: "
..
exit
)
print
(
"status: "
..
status
)
print
(
output
)
return nil;
end
This diff is collapsed.
Click to expand it.
test.java
+
9
−
10
View file @
e4f1d1a8
import
java.util.Scanner
;
public
class
test
{
class
test
{
public
static
void
main
(
String
[]
args
)
{
Scanner
input
=
new
Scanner
(
System
.
in
);
while
(
input
.
hasNext
())
{
while
(
input
.
hasNext
Line
())
{
String
line
=
input
.
nextLine
();
line
=
line
.
replaceAll
(
"testing"
,
"tested"
);
System
.
out
.
println
(
line
);
}
}
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment