ModSecurity DSL Parser package using textX
Project description
OWASP CRS Rules parser
Incomplete parser model and sample application for parsing Core Rule Set written in the ModSecurity DSL SecRule language. It uses the python library textX for parsing.
How to use it (CLI):
-
Install dependencies Dependencies can be installed system-wide, or just for your user (using
--user).System-wide:
sudo pip install -r requirements.txt
User:
pip install --user -r requirements.txt
-
Execute
secrules-parserspecifying the location of the files you want to scan using the -f/--files argument. This takes wildcards or individual files.$ secrules-parser -c -f /owasp-crs/rules/*.conf -
Add flags to accomplish needed tasks:
-
-h, --help:
- Description: show the help message and exit
- Example:
$ secrules-parser -h
-
-r, --regex:
- Description: Extract regular expressions from rules file
- Example:
$ secrules-parser --regex /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf {"/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf": [{"920100": ["^(?i:(?:[a-z]{3,10}\\s+(?:\\w{3,7}?://[\\w\\-\\./]*(?::\\d+)?)?/[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?|connect (?:\\d{1,3}\\.){3}\\d{1,3}\\.?(?::\\d+)?|options \\*)\\s+[\\w\\./]+|get /[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?)$"]}, {"920120": ["(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\\"=]"]}, {"920160": ["^\\d+$"]}, {"920170": ["^(?:GET|HEAD)$"]}, {"920171": ["^(?:GET|HEAD)$"]}, {"920180": ["^POST$"]}, {"920190": ["(\\d+)\\-(\\d+)\\,"]}, {"920210": ["\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b"]}, {"920220": ["\\%(?:(?!$|\\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"]}, {"920240": ["^(?:application\\/x-www-form-urlencoded|text\\/xml)(?:;(?:\\s?charset\\s?=\\s?[\\w\\d\\-]{1,18})?)??$"]}, {"920260": ["\\%u[fF]{2}[0-9a-fA-F]{2}"]}, {"920290": ["^$"]}, {"920310": ["^$"]}, {"920311": ["^$"]}, {"920330": ["^$"]}, {"920340": ["^0$"]}, {"920350": ["^[\\d.:]+$"]}, {"920420": ["^(?:GET|HEAD|PROPFIND|OPTIONS)$"]}, {"920440": ["\\.(.*)$"]}, {"920450": ["^.*$"]}, {"920200": ["^bytes=(?:(?:\\d+)?\\-(?:\\d+)?\\s*,?\\s*){6}"]}, {"920230": ["\\%((?!$|\\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"]}, {"920121": ["['\\\";=]"]}, {"920460": ["(?<!\\Q\\\\\\E)\\Q\\\\\\E[cdeghijklmpqwxyz123456789]"]}]}
-
-c, --correctness:
- Description: Check the validity of the syntax
- Example:
$ secrules-parser -c -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf Syntax OK: ../../../rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf -
-v, --verbose
- Description: Print verbose messages
- Example:
$ secrules-parser -c -v -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf ... -
-o FILE, --output FILE
- Description: Output results to file
- Example:
$ secrules-parser -c -o out.json -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf -
--output-type github | plain
- Description: Desired output format. Useful if running from Github Actions and you want annotated output
- Example:
$ secrules-parser -c --output-type github -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
How to use it (API):
process_rules(list files)
Takes a list of file path's and returns models
import glob
import os
from secrules_parsing import parser
# Extract all of our pathing
files = glob.glob("../../rules/*.conf")
# Pass absolute paths because of module location
files = [os.path.abspath(path) for path in files]
models = parser.process_rules(files)
get_correctness(list files, list models)
import glob
import os
from secrules_parsing import parser
# Extract all of our pathing
files = glob.glob("../../rules/*.conf")
# Pass absolute paths because of module location
files = [os.path.abspath(path) for path in files]
models = parser.process_rules(files)
parser.get_correctness(files, models)
Misc
To visualize the syntax tree, use:
textx visualize secrules.tx
dot -Tpng -O secrules.tx.dot
Then review the generated PNG modsec.tx.dot.png!
Please file an issue if you find a bug or you want some feature added.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file secrules-parsing-0.2.2.tar.gz.
File metadata
- Download URL: secrules-parsing-0.2.2.tar.gz
- Upload date:
- Size: 15.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.13 CPython/3.10.2 Darwin/21.4.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8f6f37b9a5edfa0921454fca4869e0afcbc2b0cfc82254ac62603cb519fa32ee |
|
| MD5 | 8f0d5361df90cb362bf9cad31e901e5e |
|
| BLAKE2b-256 | e16c65e671e6c30d908a7df3cdc3349dc1d211407079e8048184ca4f639ed84b |
File details
Details for the file secrules_parsing-0.2.2-py3-none-any.whl.
File metadata
- Download URL: secrules_parsing-0.2.2-py3-none-any.whl
- Upload date:
- Size: 15.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.13 CPython/3.10.2 Darwin/21.4.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | cf0a60792353b786b9d09c3914103437f0035da9dfd220d0ff6dada924a64f21 |
|
| MD5 | e11057746b17d6d0f66c70bfbe273095 |
|
| BLAKE2b-256 | 95a027b389e6f20ba8e187239ddebc41538ca55228d014f5312629ee123eee25 |
