Need to create a new request body processor for JSON data

[rcbarnett-zz]

MODSEC-253: Need to create a new request body processor/parser to handle JSON traffic.

See: https://www.modsecurity.org/tracker/browse/CORERULES-71

This parser should be able to parse JSON request bodies and then properly populate ARGS_NAMES and ARGS, etc...

[rcbarnett-zz]

Original reporter: rbarnett

[rcbarnett-zz]

rbarnett: It would be good if we could figure out a method to add in the parser directly to modsec so that user could use a SecRule to use it like this -

SecRule REQUEST_CONTENT_TYPE ^applicatin/json "nolog,pass,ctl:requestBodyProcessor=JSON"

[rcbarnett-zz]

zimmerle: I've got Ulisses' patches workable on the current project trunk, and added some features. One important
feature that was added is the ability to compile the project with or without the support to JSON. All the
code is available under the branch:

https://github.com/zimmerle/ModSecurity/tree/urma_json_parser

(Browsing the tree there is also a branch created from the project mainline)

It is working as was suggested in the ticket, illustrated below:

SecRule REQUEST_HEADERS:Content-Type "application/json"
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"

By using this rule the JSON tags will be placed under the ARGS collection. There is also
another version which is placing the JSON content under a dedicated JSON collection, allowing
filter such as:

SecRule JSON "@contains duh"
"phase:2,id:'0', ...., msg:'Content Security Policy (CSP) Violation''"

or even:

SecRule JSON:csp-report.referrer "..." "..."

This special version is available at:

https://github.com/zimmerle/ModSecurity/tree/urma_json_parser_with_json_collection_draft

This last version demands more tests before release. The merge request was already sent for the
first one.

[zimmerle]

Have a look here: #26 to get more information about the current status of this feature.

[zimmerle]

Merged as cited in #26