New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@inspectFile example not working #1646
Comments
Hi @Piyushgargcse what leads to believe that this is not working? |
May be useful to check: #1610 (comment) |
Hello, SecRule FILES_TMPNAMES "@inspectFile /usr/local/bin/pesho.pl" We are seeing that modsecurity creates a temporary file with filename "20180329-113446-152231248681.994854-file-0bn484" in directory "/opt/modsecurity/var/upload", but when the rule 2222 is processed, the "FILES_TMPNAMES" parameter has value "c99.png" which is the real name of the uploaded file. Why FILES_TMPNAMES gives us the real name, and can we inspect the right file? Here is the complete debug.log from mod security attached. SecUploadKeepFiles is set to on On (In the documentation I read that it should be RelevantOnly but I am not sure if it's only for version 2.9. Please confirm this to me.) #SecTmpSaveUploadedFiles Off - if this option is ON (I am not sure if it should be on) uploading of any file returns 400 bad request. Last, but not least I would like to mention that we are familiar with the last commend in the following case and it does not sense: Please give us complete information which options we need to configure and if the problem with files_tmpnames is the core issue in this case. Thank you in advance. P.S. I updated with the latest source of modsecurity master branch, because I saw changes to inspect file operator and the problem still exists. |
Re-opening the issue for further investigation. |
I have the same problem |
There was a recent change to fix the behaviour of the operator here. Check if this fixes the issue you're facing. |
@victorhora Thank you for your reply, but it's not what you said. You can't get FILES_TMPNAMES. My configuration files and log files are as follows. modsecurity.conf.txt ModSecurity version:v3/master 077b182 |
Finally, can you please tell me if it's fixed in the latest master? |
Thanks for the feedback @wanjidong and @intelbg. #1748 should fix this issue. It's being tested in the buildbots now. Please let us know if it solves your issue. |
As stated by @victorhora, #1748 fix this. Thanks. |
The example you had defined in your documentation is not working
#!/usr/bin/perl
runav.pl
Copyright (c) 2004-2011 Trustwave
This script is an interface between ModSecurity and its
ability to intercept files being uploaded through the
web server, and ClamAV
$CLAMSCAN = "clamscan";
if ($#ARGV != 0) {
print "Usage: runav.pl \n";
exit;
}
my ($FILE) = shift @argv;
$cmd = "$CLAMSCAN --stdout --no-summary $FILE";
$input =
$cmd
;$input =~ m/^(.+)/;
$error_message = $1;
$output = "0 Unable to parse clamscan output [$1]";
if ($error_message =~ m/: Empty file.?$ /) {$error_message =~ m/: (.+) ERROR$ /) {$error_message =~ m/: (.+) FOUND$ /) {$error_message =~ m/: OK$ /) {
$output = "1 empty file";
}
elsif (
$output = "0 clamscan: $1";
}
elsif (
$output = "0 clamscan: $1";
}
elsif (
$output = "1 clamscan: OK";
}
print "$output\n";
Here you had put a condition that is not taking any parameter so please update your documentation
if ($#ARGV != 0) {
print "Usage: runav.pl \n";
exit;
}
The text was updated successfully, but these errors were encountered: