From 84ffde18449381907302a84ec3a9fa075030eef9 Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Tue, 31 Oct 2023 11:53:13 +0100 Subject: [PATCH] add body_type in custom rule --- pkg/waf/waap_rule/modsecurity.go | 15 +++++++++++++++ pkg/waf/waap_rule/waap_rule.go | 1 + 2 files changed, 16 insertions(+) diff --git a/pkg/waf/waap_rule/modsecurity.go b/pkg/waf/waap_rule/modsecurity.go index b7ff32428..8b3ab9f9f 100644 --- a/pkg/waf/waap_rule/modsecurity.go +++ b/pkg/waf/waap_rule/modsecurity.go @@ -43,6 +43,13 @@ var matchMap map[string]string = map[string]string{ "le": "@le", } +var bodyTypeMatch map[string]string = map[string]string{ + "json": "JSON", + "xml": "XML", + "multipart": "MULTIPART", + "urlencoded": "URLENCODED", +} + func (m *ModsecurityRule) Build(rule *CustomRule, waapRuleName string) (string, []uint32, error) { rules, err := m.buildRules(rule, waapRuleName, false, 0) @@ -146,6 +153,14 @@ func (m *ModsecurityRule) buildRules(rule *CustomRule, waapRuleName string, and } } + if rule.BodyType != "" { + if mappedBodyType, ok := bodyTypeMatch[rule.BodyType]; ok { + r.WriteString(fmt.Sprintf(",ctl:requestBodyProcessor=%s", mappedBodyType)) + } else { + return nil, fmt.Errorf("unknown body type '%s'", rule.BodyType) + } + } + if and { r.WriteString(",chain") } diff --git a/pkg/waf/waap_rule/waap_rule.go b/pkg/waf/waap_rule/waap_rule.go index 279ff0a0b..00e6cefd1 100644 --- a/pkg/waf/waap_rule/waap_rule.go +++ b/pkg/waf/waap_rule/waap_rule.go @@ -40,6 +40,7 @@ type CustomRule struct { Transform []string `yaml:"transform"` //t:lowercase, t:uppercase, etc And []CustomRule `yaml:"and,omitempty"` Or []CustomRule `yaml:"or,omitempty"` + BodyType string `yaml:"body_type,omitempty"` } func (v *CustomRule) Convert(ruleType string, waapRuleName string) (string, []uint32, error) {