[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WAS Protect update (Aug 19)
I have completed a large part of the WAS Protect reference implementation (a Java Servlet Filter). The finished part is the backend, which allows the rule engine to be built on top. I've also tidied the spec and created the first version of the schema (attached to this email, together with an rule example). I will look into improving the schema to reference multiple rule databases and to allow rule versioning. I expect to have a fully-functional version ready in two to three weeks, so (with some buffer added to that) I'm giving myself a deadline to have everything ready for September 20. One thing I cannot do by myself is test the software. The filter must be tested with real-life applications running on different servlet containers. The thing that needs to be tested is the transparency. When installed with no rules, the filter must not interfere with the application in any way. The Servlet specification leaves some things undefined so this is where differences between containers may come to light. I would appreciate if some of you could help with the testing. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
<?xml version="1.0"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:simpleType name="normalizationType"> <xs:restriction base="xs:string"> <xs:enumeration value="decodeURLEncoded"/> <xs:enumeration value="decodeURLEncodedTwice"/> <xs:enumeration value="decodeEscaped"/> <xs:enumeration value="decodeUnicode"/> <xs:enumeration value="decodeIISUnicode"/> <xs:enumeration value="compressWhitespace"/> <xs:enumeration value="compressMultipleSlashes"/> <xs:enumeration value="convertBackslashes"/> <xs:enumeration value="removeSelfReferences"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="stageType"> <xs:restriction base="xs:string"> <xs:enumeration value="requestHeaders"/> <xs:enumeration value="requestBody"/> <xs:enumeration value="response"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="operatorType"> <xs:restriction base="xs:string"> <xs:enumeration value="regex"/> <xs:enumeration value="nregex"/> <xs:enumeration value="eq"/> <xs:enumeration value="neq"/> <xs:enumeration value="ipmatch"/> <xs:enumeration value="nipmatch"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="conditionType"> <xs:restriction base="xs:string"> <xs:enumeration value="and"/> <xs:enumeration value="or"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="actionType"> <xs:restriction base="xs:string"> <xs:enumeration value="error"/> <xs:enumeration value="warning"/> <xs:enumeration value="notice"/> <xs:enumeration value="pass"/> <xs:enumeration value="allow"/> </xs:restriction> </xs:simpleType> <xs:complexType name="ruleSetType"> <xs:sequence> <xs:element name="rule" type="ruleType" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="stage" type="stageType" use="required"/> <xs:attribute name="action" type="actionType" use="required"/> <xs:attribute name="condition" type="conditionType"/> </xs:complexType> <xs:complexType name="ruleType"> <xs:attribute name="args" type="xs:string" use="required"/> <xs:attribute name="operator" type="operatorType"/> <xs:attribute name="pattern" type="xs:string" use="required"/> </xs:complexType> <xs:complexType name="recipeType"> <xs:sequence> <xs:element name="ruleSet" type="ruleSetType" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="id" type="xs:string" use="required"/> <xs:attribute name="path" type="xs:string"/> <xs:attribute name="normalization" type="xs:string"/> </xs:complexType> <xs:element name="recipe" type="recipeType"/> </xs:schema>
<?xml version="1.0"?> <recipe id="was#12345" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="wasprotect.xsd" > <ruleSet stage="requestHeaders" action="error" condition="and" > <rule operator="eq" args="request.params.username" pattern="admin" /> <rule operator="ipmatch" args="request.remote_addr" pattern="192.168.0.9/24" /> </ruleSet> </recipe>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]