ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

lua script can not access XML variable

Open leveryd opened this issue 1 year ago • 0 comments

Describe the bug

m.getvars("XML") return null

To Reproduce

  1. setup modsecurity
docker run -ti --rm -p 8083:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 docker.io/owasp/modsecurity-crs:3.3.5-nginx-alpine-202401080101

replace BACKEND address to yours

  1. edit modsecurity.conf
/etc/modsecurity.d # grep lua *
modsecurity.conf:SecRuleScript "/tmp/2.lua" "id:23333,phase:2,deny"
  1. create lua script
-- File operation function
function writeToFile(filepath, content)
    local file, err = io.open(filepath, "a") -- "w" stands for write mode
    if file == nil then
        error("Couldn't open file: "..err)
    else
        file:write(content.."\n")
        file:close()
    end
end

-- Test function
function test(x)
    local status, err = pcall(writeToFile, "/tmp/test.txt", x)
    if not status then
        print("Error: " .. err)
    end
end

-- Main function
function main()
    local inspect = require("inspect")  -- The inspect library needs to be installed separately https://github.com/kikito/inspect.lua

    local vars = inspect(m.getvars("PATH_INFO"))   -- Print the PATH_INFO variable to standard error
    test(vars)

    test("4444")

    local vars = inspect(m.getvars("XML")) 
    test("XML"..vars)

    return nil;
end
  1. send http request
POST /webtools/control/SOAPService HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36
Connection: close
Content-Length: 355
Content-Type: application/xml
Accept-Encoding: gzip

<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header/>
    <soapenv:Body>
      <ns1:clearAllEntityCaches xmlns:ns1="http://ofbiz.apache.org/service/">
          <ns1:cus-obj></ns1:cus-obj>
      </ns1:clearAllEntityCaches>
    </soapenv:Body>
</soapenv:Envelope>
  1. look up /tmp/test.log

Expected behavior

Expected behavior: /tmp/test.log has information abount XML variable

Actual behavior:

/tmp/test.log content is below

{ {
    name = "PATH_INFO",
    value = "/webtools/control/SOAPService"
  } }
4444

And some error occur

2024/01/19 08:00:42 [alert] 1#1: worker process 90735 exited on signal 6
terminate called after throwing an instance of 'std::invalid_argument'
  what():  Variable not found.

Server (please complete the following information):

  • ModSecurity version (and connector): [e.g. ModSecurity v3.0.8 with nginx-connector v1.0.3]
  • WebServer: nginx/1.25.3
  • OS (and distro): linux

leveryd avatar Jan 22 '24 03:01 leveryd