[Feature Request] pm support more delimiter
#2699
Comments
|
And, We can turn |
|
It sounds like the feature that you are suggesting is a duplicate of open issue #682 . In terms of a workaround for your immediate needs, you can do as @liudongmiao suggested in the previous comment and use a regex instead. |
|
For example, my data is like: I need to use escape char to cover single quote and double quote first, then use escape char and double quote to cover each line like: Is it what you suggest? Since when matching of a large number of keywords is needed, and my data includes hundreds of lines, |
|
separate abnormal character |
|
I want to do convert in all OWASP rules, separating them into different rules is an epic task for me :( |
def is_invalid_pm_value(signature):
if '%' in signature or '"' in signature:
return True
elif ' ' in signature or '|' in signature:
return True
elif signature.endswith('\\'):
return True
return False
def xxx(rule_type, rule_signature):
if rule_type == '@pm' and is_invalid_pm_value(rule_signature):
rule_type = '@rx'
for meta in '\\^$.[|()?*+{' + '%" ':
rule_signature = rule_signature.replace(meta, '\\x%02x' % ord(meta))
# then i have a function to combine all the @rx to a single one, crs has some example |
|
Hi @daixiang0 , Regarding your observation about the superior performance of pm and pmFromFile over rx: you are correct that rx is less performant. However, such performance differences can often be mostly mitigated -- for example through the use of start or end anchors. Another alternative that you might find more appealing (since it would simplify your rule(s) conversion): Continue to use pmFromFile but use the alternative way to specify it, that gets the data from a url using http, rather than from a local file. This has been described to you a couple of months ago: #2676 As I said, in terms of the feature, there is already an open issue for it, which makes this a duplicate and should be closed. A couple of alternatives/workarounds have been suggested to you. It is, of course, up to you what you want to do with that. |
|
@martinhsv thanks a lot, I would try and find the most suitable way for my case. |
|
Did you get somewhere with this @daixiang0 ? |
|
@jcchavezs please check #2699 (comment). I am too busy to dig. |
|
@martinhsv thanks for the suggestion, tho:
About this, in some environments we have no choice other because in proxy-wasm-sdk we can only call envoy clusters (if we are in envoy) so we can freely specify a URL, also not sure what library for HTTP calls do modsecurity uses but most like that isn't allowed in the proxy-wasm environment. I would really prefer to keep this as an open issue as there is not clear fix for things like proxy-wasm environments. |
|
The reason this was issue was closed is because it is a duplicate of an open item. See earlier comment #2699 (comment) . |
|
Besides the feasibility of expanding the rules from |
Describe the bug
OWASP uses
pmFromFile file.datato cover static data, I have a case that uses WASM to call ModSecurity.WASM does not support file actions, so I need to convert static data to a stringlike below:
pmFrom file.data==>pm '(a)' '\"b\"' ...file.data:I guess
pmFromFileuses line break as the delimiter, so a line in the file.data can include single quote, double quote, escape character and so on, while I need to convert file content to one string, the only way I knew is add escape char, which is hard to handle all cases.As a rule may be like:
Can
pmsupport more delimiter likeseddoes( sed "s#a#b#", sed "s?a?b?"), it may help me.As I am not the expert of ModSecurity, is there any better solution to do convert things or no need any convert?
The text was updated successfully, but these errors were encountered: