search

coreruleset / secrules_parsing

A parser for the SecRules Langue
Apache License 2.0
20 stars 8 forks source link

missing variables #83

Open Kubas556 opened 1 week ago

Kubas556 commented 1 week ago

When i execute "python .\cli.py -o regex.json --regex -f C:\Users\user\Downloads\modsec-rules\rules\REQUEST-905-COMMON-EXCEPTIONS.conf" to try parse modsec rules and them break inside on of the rule loop, the rule values are empty, there is no mention about them except for raw input and parse schema. In this file are used "REQUEST_LINE", "REMOTE_ADDR" and "REQUEST_HEADERS" image export.json

airween commented 1 week ago

Hi @Kubas556,

thanks for this report - unfortunately I can't open the image. Could you share the error in simple text?

Btw I tried to parse the mentioned file but it was success:

$ poetry run secrules-parser -r -f ../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf 
{"../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf": [{"905100": ["streq GET /"]}]}

$ poetry run secrules-parser -c -f ../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf 
Syntax OK: ../coreruleset/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
Kubas556 commented 1 week ago

There is no error in output, it seems fine. But the model from process_rules function seems to miss the REQUEST_LINE variable

Kubas556 commented 1 week ago

The image i send is only screenshot of REQUEST-905-COMMON-EXCEPTIONS.conf file

theseion commented 1 week ago

REQUEST_LINE is defined as a variable in https://github.com/coreruleset/secrules_parsing/blob/32a571e76e082a5b2e81286c376d94a20718cac7/src/secrules_parsing/model/secrules.tx#L62. Note that this parser does not create a complete model but only as much as we need for verification, linting, etc.

Are you looking for something specific that is currently not supported? It would be helpful if you could describe your usecase.

Kubas556 commented 1 week ago

I need full model of modsec rule so i could recreate it using my own definitions in C# classes

fzipi commented 1 week ago

Maybe you might be more interested in the antlr parser: https://github.com/coreruleset/seclang_parser

airween commented 1 week ago

I need full model of modsec rule so i could recreate it using my own definitions in C# classes

If it's enough that you get a yaml/json structure of your rules, msc_pyparser will be a good choice for you.

Kubas556 commented 1 week ago

Thanks, i will look at it.