From 8d8979c924cee94484ad477b6d75b6bfce29be6b Mon Sep 17 00:00:00 2001 From: LTurret Date: Tue, 13 May 2025 01:07:45 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20inclusion=20order=20bug=20?= =?UTF-8?q?and=20crs-setup.conf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 12 +++++++++++- README_Zh-TW.md | 12 +++++++++++- src/api/rules.py | 18 ++++++++---------- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c4dcd5e..de924ae 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,17 @@ Create `rules.conf` file in the root directory, WAFfl attaches rules at the comp ```conf SecRuleEngine On - +SecDefaultAction "phase:1,log,auditlog,pass" +SecDefaultAction "phase:2,log,auditlog,pass" +SecAction \ + "id:900990,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.13.0-dev',\ + setvar:tx.crs_setup_version=4130" SecRule REQUEST_URI "@rx admin" "id:1,phase:1,deny,status:401" ``` diff --git a/README_Zh-TW.md b/README_Zh-TW.md index 0bbb9e3..62e491e 100644 --- a/README_Zh-TW.md +++ b/README_Zh-TW.md @@ -18,7 +18,17 @@ ```conf SecRuleEngine On - +SecDefaultAction "phase:1,log,auditlog,pass" +SecDefaultAction "phase:2,log,auditlog,pass" +SecAction \ + "id:900990,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.13.0-dev',\ + setvar:tx.crs_setup_version=4130" SecRule REQUEST_URI "@rx admin" "id:1,phase:1,deny,status:401" ``` diff --git a/src/api/rules.py b/src/api/rules.py index 226c5a3..161dd59 100644 --- a/src/api/rules.py +++ b/src/api/rules.py @@ -63,27 +63,24 @@ def __rule_append(self, rule_path: Path, reason: Optional[str] = None) -> None: if RULE_INCLUSION_PATTERN.search(line.rstrip()): filename = RULE_INCLUSION_PATTERN.search(line.rstrip()).group(2) modified_payload = line.rstrip().replace(filename, f"{INCLUDE}{filename}") - print(line.rstrip()) - print(modified_payload) self.rules.append(f"{modified_payload}") else: self.rules.append(line.rstrip()) # 處理規則內容 if RULE_PATTERN.match(line): - self.rules.append("\n") self.rules.append(f"# {reason}") if reason is not None else None # 處理檔案引入的路徑 if RULE_INCLUSION_PATTERN.match(content): filename = RULE_INCLUSION_PATTERN.search(content).group(2) modified_payload = content.replace(filename, f"{INCLUDE}{filename}") - self.rules.append(f"{modified_payload}") + self.rules.append(f"\n{modified_payload}") else: - self.rules.append(f"{content}") + self.rules.append(f"\n{content}") multiline = True - if content == "chain\"": + if content == "chain\"" or content == "\"chain\"": continue if not content.endswith("\\"): @@ -137,10 +134,11 @@ def extract_rule(self, option: RuleAppendType = RuleAppendType.ALL) -> None: """ option_manifest: Dict[object] = {RuleAppendType.ALL: self.__all, RuleAppendType.MAPPING: self.__mapping} - for root, _, files in os.walk(self.source): - for file in files: - if file.endswith(".conf"): - option_manifest[option](root, file) + inclusion_order = sorted(os.walk(self.source).__next__()[2]) + + for file in inclusion_order: + if file.endswith(".conf"): + option_manifest[option](INCLUDE, file) def rule_dump(self, overwrite: bool = False) -> None: """