Check-in [2ff5b44713]
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Introduce vhost.warn message (for writeability or multiple vhost warnings in mainwindow.status bar) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
2ff5b44713d03dedb5451ffc45ed472d |
| User & Date: | mario 2020-11-25 18:43:21 |
Context
|
2020-11-25
| ||
| 18:45 | Build data bag() from log line. Complete some comments for recipies, and fix Macro usage with NEWID generator. New recipes for Cloudflare and Log formats (incomplete). check-in: 7c310d47ec user: mario tags: trunk | |
| 18:43 | Introduce vhost.warn message (for writeability or multiple vhost warnings in mainwindow.status bar) check-in: 2ff5b44713 user: mario tags: trunk | |
| 18:42 | Prepare [Modify] dropdown, and just move statusbar into rules tab. check-in: 92588de5f5 user: mario tags: trunk | |
Changes
Changes to modseccfg/vhosts.py.
| ︙ | ︙ | |||
52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
class rx:
dump_includes = re.compile("^\s*\([\d*]+\)\s+(.+)$", re.M)
# directives we care about
interesting = re.compile(
"^ \s* (ErrorLog | CustomLog | Server(Name|Alias) | (Virtual)?DocumentRoot | Sec\w* | Use\sSec\w+ | modsecurity\w* ) \\b",
re.M|re.I|re.X
)
# extract directive line including line continuations (<\><NL>)
configline = re.compile(
""" ^
[\ \\t]* # whitespace \h*
# (?:Use \s{1,4})? # optional: `Use␣` to find custom macros like `Use SecRuleRemoveByPath…`
(
\w+ | # alphanumeric directive
| > > > > | 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
class rx:
dump_includes = re.compile("^\s*\([\d*]+\)\s+(.+)$", re.M)
# directives we care about
interesting = re.compile(
"^ \s* (ErrorLog | CustomLog | Server(Name|Alias) | (Virtual)?DocumentRoot | Sec\w* | Use\sSec\w+ | modsecurity\w* ) \\b",
re.M|re.I|re.X
)
# count <VirtualHost>s
count_virtualhost = re.compile("""
^ \s*(<VirtualHost)\\b
""", re.X|re.M|re.I)
# extract directive line including line continuations (<\><NL>)
configline = re.compile(
""" ^
[\ \\t]* # whitespace \h*
# (?:Use \s{1,4})? # optional: `Use␣` to find custom macros like `Use SecRuleRemoveByPath…`
(
\w+ | # alphanumeric directive
|
| ︙ | ︙ | |||
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 |
SecRuleRemove* states (id→0)
ruledecl : dict
Map contained SecRules id into vhosts.rules{}
update : dict
Map of SecRuleUpdate…By… { id→{vars:[],action:[]} }
linemap : dict
Line number → RuleID (for looking up chained rules in error.log)
"""
# split *.conf directives, dispatch onto assignment/extract methods
def __init__(self, fn, src, cfg_only=False):
# vhost properties
self.fn = fn
self.t = "cfg"
self.name = ""
self.logs = []
self.cfg = {}
self.rulestate = {} # ➗ ❌ undef=✅
self.ruledecl = {}
self.update = {} # SecRuleUpdate… map
# internal state
self.linemap = {} # lineno → first id: occurence
self.mk_linemap(src) # fill .linemap{}
self.wrap = [] # history of <Wrap>
# extract directive lines
for dir,args in rx.configline.findall(src): # or .finditer()? to record positions right away?
| > > > | 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 |
SecRuleRemove* states (id→0)
ruledecl : dict
Map contained SecRules id into vhosts.rules{}
update : dict
Map of SecRuleUpdate…By… { id→{vars:[],action:[]} }
linemap : dict
Line number → RuleID (for looking up chained rules in error.log)
warn : str
Textual notice on conf file, e.g. "more than VirtualHost defined"
"""
# split *.conf directives, dispatch onto assignment/extract methods
def __init__(self, fn, src, cfg_only=False):
# vhost properties
self.fn = fn
self.t = "cfg"
self.name = ""
self.logs = []
self.cfg = {}
self.rulestate = {} # ➗ ❌ undef=✅
self.ruledecl = {}
self.update = {} # SecRuleUpdate… map
self.warn = ""
# internal state
self.linemap = {} # lineno → first id: occurence
self.mk_linemap(src) # fill .linemap{}
self.wrap = [] # history of <Wrap>
# extract directive lines
for dir,args in rx.configline.findall(src): # or .finditer()? to record positions right away?
|
| ︙ | ︙ | |||
217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
# determine config file type
if self.name:
self.t = "vhost"
elif len(self.rulestate) >= 5:
self.t = "cfg"
elif len(self.ruledecl) >= 5:
self.t = "rules"
# strip \\ \n line continuations, split all "args"
def split_args(self, args):
args = re.sub(rx.escnewline, " ", args)
args = rx.split_args.findall(args)
args = [s[1] or s[0] for s in args]
args = [s for s in args if len(s)]
| > > > > > > > > | 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 |
# determine config file type
if self.name:
self.t = "vhost"
elif len(self.rulestate) >= 5:
self.t = "cfg"
elif len(self.ruledecl) >= 5:
self.t = "rules"
# notice
num = len(rx.count_virtualhost.findall(src))
if num == 2:
self.warn = "Two <VirtualHost>s defined. Only first will be updated by modseccfg."
elif num > 2:
self.warn = "Unreasonable number of <VirtualHost> entries in conf. It probably shouldn't be edited through modseccfg."
elif not os.access(self.fn, os.W_OK):
self.warn = "Config file isn't writable. Don't even try."
# strip \\ \n line continuations, split all "args"
def split_args(self, args):
args = re.sub(rx.escnewline, " ", args)
args = rx.split_args.findall(args)
args = [s[1] or s[0] for s in args]
args = [s for s in args if len(s)]
|
| ︙ | ︙ |