From bbee5f1baec132f8b47ae80303ce22f7d7787cd8 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 12 Jan 2018 16:05:19 +0100
Subject: Add an ugly hack to our parser to make the writing of configuration
 rules more obvious.

---
 doc/source/config.rst                                      |  8 ++++----
 src/sp_config_keywords.c                                   | 13 ++++++++++++-
 src/tests/config/config_disabled_functions_name_type.ini   |  2 +-
 src/tests/config/config_disabled_functions_nul_byte.ini    |  2 +-
 src/tests/config/config_disabled_functions_param.ini       | 12 ++++++------
 src/tests/config/config_disabled_functions_param_allow.ini |  4 ++--
 src/tests/config/config_disabled_functions_param_array.ini | 14 +++++++-------
 src/tests/config/config_disabled_functions_param_int.ini   |  4 ++--
 .../config/config_disabled_functions_param_runtime.ini     |  2 +-
 9 files changed, 36 insertions(+), 25 deletions(-)

diff --git a/doc/source/config.rst b/doc/source/config.rst
index 9244668..e0df244 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -276,7 +276,7 @@ In the situation where you have a call to ``system()`` that lacks proper user-in
 ::
    
   # Allow `id.php` to restrict system() calls to `id`
-  sp.disable_function.function("system").filename("id.php").param("$cmd").value("id").allow();
+  sp.disable_function.function("system").filename("id.php").param("cmd").value("id").allow();
   sp.disable_function.function("system").filename("id.php").drop()
 
 Of course, this is a trivial example,  a lot can be achieved with this feature, as you will see below.
@@ -387,9 +387,9 @@ The following rules will:
 
 ::
 
-  sp.disable_function.function("system").param("$cmd").value("id").allow();
-  sp.disable_function.function("system").param("$cmd").value_r("^ping").drop().simulation();
-  sp.disable_function.function("system").param("$cmd").drop();
+  sp.disable_function.function("system").param("cmd").value("id").allow();
+  sp.disable_function.function("system").param("cmd").value_r("^ping").drop().simulation();
+  sp.disable_function.function("system").param("cmd").drop();
 
 Miscellaneous examples
 """"""""""""""""""""""
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index c5cc950..dad538c 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -336,7 +336,18 @@ int parse_disabled_functions(char *line) {
   }
 
   if (param) {
-    df->param = parse_var(param);
+    if (strlen(param) > 0) {
+			/* This is an ugly hack. We're prefixing with a `$` because otherwise
+			 * the parser treats this as a constant.
+			 * FIXME: Remote this, and improve our (weird) parser. */
+      char *new = pecalloc(strlen(param) + 2, 1, 1);
+      new[0] = '$';
+      memcpy(new + 1, param, strlen(param));
+      df->param = parse_var(new);
+      free(new);
+    } else {
+      df->param = parse_var(param);
+    }
     if (!df->param) {
       sp_log_err("config", "Invalid value '%s' for `param` on line %zu.", param,
                  sp_line_no);
diff --git a/src/tests/config/config_disabled_functions_name_type.ini b/src/tests/config/config_disabled_functions_name_type.ini
index c25b92c..25bdf98 100644
--- a/src/tests/config/config_disabled_functions_name_type.ini
+++ b/src/tests/config/config_disabled_functions_name_type.ini
@@ -1 +1 @@
-sp.disable_function.function_r("^strcmp$").param("$str1").param_type("array").drop();
+sp.disable_function.function_r("^strcmp$").param("str1").param_type("array").drop();
diff --git a/src/tests/config/config_disabled_functions_nul_byte.ini b/src/tests/config/config_disabled_functions_nul_byte.ini
index e664cba..9ead077 100644
--- a/src/tests/config/config_disabled_functions_nul_byte.ini
+++ b/src/tests/config/config_disabled_functions_nul_byte.ini
@@ -1 +1 @@
-sp.disable_function.function("system").param("$command").value_r("id").drop();
+sp.disable_function.function("system").param("command").value_r("id").drop();
diff --git a/src/tests/config/config_disabled_functions_param.ini b/src/tests/config/config_disabled_functions_param.ini
index dc1c949..87f1b3c 100644
--- a/src/tests/config/config_disabled_functions_param.ini
+++ b/src/tests/config/config_disabled_functions_param.ini
@@ -1,6 +1,6 @@
-sp.disable_function.function("system").param("$command").value_r("^id$").alias("1").drop();
-sp.disable_function.function("array_sum").param("$array").value_r("^8$").alias("2").drop();
-sp.disable_function.function("shell_exec").param("$cmd").value("id").alias("3").drop();
-sp.disable_function.function("shell_exec").param("$cmd").value("bla").alias("4").drop();
-sp.disable_function.function("strcmp").param("$str1").value("bla").alias("5").drop().simulation();
-sp.disable_function.function("strncmp").param("$str1").value("bla").drop().simulation();
+sp.disable_function.function("system").param("command").value_r("^id$").alias("1").drop();
+sp.disable_function.function("array_sum").param("array").value_r("^8$").alias("2").drop();
+sp.disable_function.function("shell_exec").param("cmd").value("id").alias("3").drop();
+sp.disable_function.function("shell_exec").param("cmd").value("bla").alias("4").drop();
+sp.disable_function.function("strcmp").param("str1").value("bla").alias("5").drop().simulation();
+sp.disable_function.function("strncmp").param("str1").value("bla").drop().simulation();
diff --git a/src/tests/config/config_disabled_functions_param_allow.ini b/src/tests/config/config_disabled_functions_param_allow.ini
index 27d919a..8e139e4 100644
--- a/src/tests/config/config_disabled_functions_param_allow.ini
+++ b/src/tests/config/config_disabled_functions_param_allow.ini
@@ -1,3 +1,3 @@
-sp.disable_function.function("system").param("$command").value("echo win").filename("/test.php").drop();
-sp.disable_function.function("system").param("$command").value("echo win").allow();
+sp.disable_function.function("system").param("command").value("echo win").filename("/test.php").drop();
+sp.disable_function.function("system").param("command").value("echo win").allow();
 sp.disable_function.function("system").drop();
diff --git a/src/tests/config/config_disabled_functions_param_array.ini b/src/tests/config/config_disabled_functions_param_array.ini
index 6fe0615..f676d76 100644
--- a/src/tests/config/config_disabled_functions_param_array.ini
+++ b/src/tests/config/config_disabled_functions_param_array.ini
@@ -1,7 +1,7 @@
-sp.disable_function.function("foo").param("$arr[a]").value("abcd").alias("1").drop();
-sp.disable_function.function("foo").param("$arr[bla]").value("abcdef").alias("2").drop();
-sp.disable_function.function("foo").param("$arr[test]").alias("3").drop();
-sp.disable_function.function("foo").param("$arr[test2][foo]").value("aaa").alias("4").drop();
-sp.disable_function.function("foo").param("$arr[test2][bar]").key("lol").alias("5").drop();
-sp.disable_function.function("foo").param("$arr[test2][bar]").key("123").alias("6").drop();
-sp.disable_function.function("foo").param("$qwe[a]").value("abcd").alias("7").drop();
+sp.disable_function.function("foo").param("arr[a]").value("abcd").alias("1").drop();
+sp.disable_function.function("foo").param("arr[bla]").value("abcdef").alias("2").drop();
+sp.disable_function.function("foo").param("arr[test]").alias("3").drop();
+sp.disable_function.function("foo").param("arr[test2][foo]").value("aaa").alias("4").drop();
+sp.disable_function.function("foo").param("arr[test2][bar]").key("lol").alias("5").drop();
+sp.disable_function.function("foo").param("arr[test2][bar]").key("123").alias("6").drop();
+sp.disable_function.function("foo").param("qwe[a]").value("abcd").alias("7").drop();
diff --git a/src/tests/config/config_disabled_functions_param_int.ini b/src/tests/config/config_disabled_functions_param_int.ini
index 2a7d962..1c93c2f 100644
--- a/src/tests/config/config_disabled_functions_param_int.ini
+++ b/src/tests/config/config_disabled_functions_param_int.ini
@@ -1,2 +1,2 @@
-sp.disable_function.function("foobar").param("$id").value("42").drop();
-sp.disable_function.function("foobar").param("$id").value_r("^1337").drop();
+sp.disable_function.function("foobar").param("id").value("42").drop();
+sp.disable_function.function("foobar").param("id").value_r("^1337").drop();
diff --git a/src/tests/config/config_disabled_functions_param_runtime.ini b/src/tests/config/config_disabled_functions_param_runtime.ini
index e9d44a2..e7a011f 100644
--- a/src/tests/config/config_disabled_functions_param_runtime.ini
+++ b/src/tests/config/config_disabled_functions_param_runtime.ini
@@ -1 +1 @@
-sp.disable_function.function("test").param("$param").value_r("1337").drop();
+sp.disable_function.function("test").param("param").value_r("1337").drop();
-- 
cgit v1.3