How to add new parameter and generate parser for new code

[vzhirnov]

Hello, I have encountered issues in understanding how the parser generator works in the project.

---

Task:

• I need to add a new parameter called domain_id.
• My custom parameter domain_id is used in the ngx_modsecurity_module module and determines the value of the domain_id directive in the server context.

Example usage:

server { 
    server_name vts;
    domain_id 1150;  # <<<<<<=======
    listen 80;
    access_log off;
    location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; }
    location /stub-status {
        stub_status on;
    }
}

• I would like my code owasp-modsecurity/ModSecurity to be able to receive the domain_id parameter from ngx_modsecurity_module and use it in rules, as well as see the domain_id value in modsec json logs.
• I added code (briefly, just to show what exactly was done and at what stage I got stuck):
  1. m_variableDomainId(t, "DOMAIN_ID"),
  2. int msc_add_domain_id(Transaction *transaction, int domain_id);
  3. int Transaction::addDomainId(int domain_id) {
     this->m_domainId = domain_id;
     m_variableDomainId.set(std::to_string(this->m_domainId), m_variableOffset);
     return true;
     }

4. domain_id.h file
5. int msc_add_domain_id(Transaction *transaction, int domain_id);
6. Call of the msc_add_domain_id function in the ngx_modsecurity_module module.

---

Problem:
I don’t understand how to generate the code in such a way that the appropriate code appears in the necessary files. It seems that bison, lex, and yacc are needed for this.

Searching for a solution:
I searched for similar PRs, and this one has something similar to what I need:
owasp-modsecurity/ModSecurity@fa6e418

But I don't fully understand:

1. What code needs to be written before running the parser generator.
2. At what stage to run the parser (which code should be written before running the parser).
3. How exactly to run the parser correctly.

---

Could you please help me understand what the entire process of adding a new parameter looks like?

For example, my domain_id.

If needed, and if it is relevant, I will later write a part of the documentation that describes the process of adding a new parameter, based on our dialogue, and make a PR.

[vzhirnov]

I figured it out. Sorry for bothering you.

[airween]

@vzhirnov,

no worries, feel free to ask here, we are happy to help. And sorry for the late reply.

Just to clarify: do you want to use this modification only for yourself, or you want to add it into repository?

An other remark: why do you want to change/modify the library's parser? It seems you want to add a specific directive to the Nginx, not to the library.

And finally, may be that's not a solution what you are looking for, but you should take a look at SecWebAppId. That works out of box.

[vzhirnov]

hi @airween , thank you so much for your quick answer!

do you want to use this modification only for yourself , or you want to add it into repository?

I'd like to use this modification only by myself (to be clear, for our project). As far as I understand, there is no need to add DOMAIN_ID to github modsec project because the domain_id is the directive we only use in our nginx, with several modules, and ngx_http_modsecurity_module module as example. The main puprose is to identify vhost, and see it in modsec logs. Also it would be great to work with DOMAIN_ID as a variable (say, IF domain_id eq some_number THAN some_action).

So we need ngx_http_modsecurity_module to have the opportunity to work with domain_id although this directive is the ngx_http_core directive. We get it from http core module, and pass to msc_add_domain_id(Transaction *transaction, int domain_id) within ngx_http_modsecurity_module, after that we can see the corresponding domain_id in modsec logs, and can work with DOMAIN_ID as the variable.

why do you want to change/modify the library's parser

yes, we want to:

1. use domain_id value in modsec logs
2. use DOMAIN_ID as a variable for modsec rules.

may be that's not a solution what you are looking for, but you should take a look at SecWebAppId.

thanks, I didn't know about that. I will ask about our devops guys if we can use it (and also I have a hunch that we could use the setvar for our purposes.)