Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

missing variables #83

Open
Kubas556 opened this issue Sep 17, 2024 · 8 comments
Open

missing variables #83

Kubas556 opened this issue Sep 17, 2024 · 8 comments

Comments

@Kubas556
Copy link

When i execute "python .\cli.py -o regex.json --regex -f C:\Users\user\Downloads\modsec-rules\rules\REQUEST-905-COMMON-EXCEPTIONS.conf" to try parse modsec rules and them break inside on of the rule loop, the rule values are empty, there is no mention about them except for raw input and parse schema. In this file are used "REQUEST_LINE", "REMOTE_ADDR" and "REQUEST_HEADERS"
image
export.json
@airween
Copy link
Contributor

airween commented Sep 19, 2024

Hi @Kubas556,

thanks for this report - unfortunately I can't open the image. Could you share the error in simple text?

Btw I tried to parse the mentioned file but it was success:

$ poetry run secrules-parser -r -f ../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf 
{"../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf": [{"905100": ["streq GET /"]}]}

$ poetry run secrules-parser -c -f ../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf 
Syntax OK: ../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf

@Kubas556
Copy link
Author

There is no error in output, it seems fine. But the model from process_rules function seems to miss the REQUEST_LINE variable

@Kubas556
Copy link
Author

The image i send is only screenshot of REQUEST-905-COMMON-EXCEPTIONS.conf file

@theseion
Copy link
Contributor

REQUEST_LINE is defined as a variable in

secrules_parsing/src/secrules_parsing/model/secrules.tx

Line 62 in 32a571e

'REQUEST_BODY_LENGTH' | 'REQUEST_BODY' | 'REQUEST_FILENAME' | 'REQUEST_LINE' |
. Note that this parser does not create a complete model but only as much as we need for verification, linting, etc.

Are you looking for something specific that is currently not supported? It would be helpful if you could describe your usecase.

@Kubas556
Copy link
Author

I need full model of modsec rule so i could recreate it using my own definitions in C# classes

@fzipi
Copy link
Member

fzipi commented Sep 20, 2024

Maybe you might be more interested in the antlr parser: https://github.com/coreruleset/seclang_parser

@airween
Copy link
Contributor

airween commented Sep 20, 2024

I need full model of modsec rule so i could recreate it using my own definitions in C# classes

If it's enough that you get a yaml/json structure of your rules, msc_pyparser will be a good choice for you.

@Kubas556
Copy link
Author

Thanks, i will look at it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@airween @theseion @fzipi @Kubas556