ModSecurity DSL Parser package using textX
Project description
OWASP CRS Rules parser
Incomplete parser model and sample application for parsing Core Rule Set written in the ModSecurity DSL SecRule language. It uses the python library textX for parsing.
How to use it (CLI):
-
Install dependencies Dependencies can be installed system-wide, or just for your user (using
--user).System-wide:
sudo pip install secrules-parsing
User:
pip install --user secrules-parsing
-
Execute
secrules-parserspecifying the location of the files you want to scan using the -f/--files argument. This takes wildcards or individual files.$ secrules-parser -c -f /owasp-crs/rules/*.conf -
Add flags to accomplish needed tasks:
-
-h, --help:
- Description: show the help message and exit
- Example:
$ secrules-parser -h
-
-r, --regex:
- Description: Extract regular expressions from rules file
- Example:
$ secrules-parser --regex -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf {"/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf": [{"920100": ["^(?i:(?:[a-z]{3,10}\\s+(?:\\w{3,7}?://[\\w\\-\\./]*(?::\\d+)?)?/[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?|connect (?:\\d{1,3}\\.){3}\\d{1,3}\\.?(?::\\d+)?|options \\*)\\s+[\\w\\./]+|get /[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?)$"]}, {"920120": ["(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\\"=]"]}, {"920160": ["^\\d+$"]}, {"920170": ["^(?:GET|HEAD)$"]}, {"920171": ["^(?:GET|HEAD)$"]}, {"920180": ["^POST$"]}, {"920190": ["(\\d+)\\-(\\d+)\\,"]}, {"920210": ["\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b"]}, {"920220": ["\\%(?:(?!$|\\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"]}, {"920240": ["^(?:application\\/x-www-form-urlencoded|text\\/xml)(?:;(?:\\s?charset\\s?=\\s?[\\w\\d\\-]{1,18})?)??$"]}, {"920260": ["\\%u[fF]{2}[0-9a-fA-F]{2}"]}, {"920290": ["^$"]}, {"920310": ["^$"]}, {"920311": ["^$"]}, {"920330": ["^$"]}, {"920340": ["^0$"]}, {"920350": ["^[\\d.:]+$"]}, {"920420": ["^(?:GET|HEAD|PROPFIND|OPTIONS)$"]}, {"920440": ["\\.(.*)$"]}, {"920450": ["^.*$"]}, {"920200": ["^bytes=(?:(?:\\d+)?\\-(?:\\d+)?\\s*,?\\s*){6}"]}, {"920230": ["\\%((?!$|\\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"]}, {"920121": ["['\\\";=]"]}, {"920460": ["(?<!\\Q\\\\\\E)\\Q\\\\\\E[cdeghijklmpqwxyz123456789]"]}]}
-
-c, --correctness:
- Description: Check the validity of the syntax
- Example:
$ secrules-parser -c -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf Syntax OK: ../../../rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf -
-v, --verbose
- Description: Print verbose messages
- Example:
$ secrules-parser -c -v -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf ... -
-o FILE, --output FILE
- Description: Output results to file
- Example:
$ secrules-parser -c -o out.json -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf -
--output-type github | plain
- Description: Desired output format. Useful if running from Github Actions and you want annotated output
- Example:
$ secrules-parser -c --output-type github -f /owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
How to use it (API):
process_rules(list files)
Takes a list of file path's and returns models
import glob
import os
from secrules_parsing import parser
# Extract all of our pathing
files = glob.glob("../../rules/*.conf")
# Pass absolute paths because of module location
files = [os.path.abspath(path) for path in files]
models = parser.process_rules(files)
get_correctness(list files, list models)
import glob
import os
from secrules_parsing import parser
# Extract all of our pathing
files = glob.glob("../../rules/*.conf")
# Pass absolute paths because of module location
files = [os.path.abspath(path) for path in files]
models = parser.process_rules(files)
parser.get_correctness(files, models)
Development
If you want to modify this module, follow these steps:
- Clone this repository:
git clone git@github.com:coreruleset/secrules_parsing.git - Do not forget to install dependencies using poetry:
poetry installfirst! - Edit and change the files you want.
- Write tests! Tests are in the
testssubdirectory - Create a PR here, and ask for review!
Misc
To visualize the syntax tree, use:
textx visualize secrules.tx
dot -Tpng -O secrules.tx.dot
Then review the generated PNG modsec.tx.dot.png!
Please file an issue if you find a bug or you want some feature added.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file secrules_parsing-0.2.7.tar.gz.
File metadata
- Download URL: secrules_parsing-0.2.7.tar.gz
- Upload date:
- Size: 15.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: poetry/1.7.1 CPython/3.12.1 Linux/6.2.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6d50c6a576e023b731a4879172b157193ab57d2197142d948dc9babffb0b10c1 |
|
| MD5 | bf2bf69bbbc7bc5fa58f9430b50139e7 |
|
| BLAKE2b-256 | 90c1f0e5d5174f7cbf06778d9a3faa0d8060fdcf593d3f7b5e75b74a6c0c0ec3 |
File details
Details for the file secrules_parsing-0.2.7-py3-none-any.whl.
File metadata
- Download URL: secrules_parsing-0.2.7-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: poetry/1.7.1 CPython/3.12.1 Linux/6.2.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | df798725cd974306473f6b016304e516ac9648a7c68872560f6ac538bc11cd4b |
|
| MD5 | 7622224ac3b931288afb15dc5ca0c1db |
|
| BLAKE2b-256 | a134d213b3444960dcdd1fd660d6d4bbadbdc1189f58867f239d9081493e673b |
