github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Encode possible binary characters in headers; add more tests

Browse Source
This commit is contained in:
Ervin Hegedus
2025-11-13 23:09:14 +01:00
parent 85384febb7
commit 102275fd01
2 changed files with 129 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/transaction.cc
View File

@@ -1622,7 +1622,7 @@ std::string Transaction::toJSON(int parts) {
m_variableRequestHeaders.resolve(&l); m_variableRequestHeaders.resolve(&l);
for (auto &h : l) { for (auto &h : l) {
LOGFY_ADD(h->getKey().c_str(), h->getValue()); LOGFY_ADD(utils::string::toHexIfNeeded(h->getKey().c_str()).c_str(), utils::string::toHexIfNeeded(h->getValue()));
delete h; delete h;
} }

129
test/test-cases/regression/auditlog.json
View File

@@ -541,7 +541,7 @@
"enabled": 1, "enabled": 1,
"version_min": 300000, "version_min": 300000,
"version_max": 0, "version_max": 0,
"title": "auditlog : Binary char from input", "title": "auditlog : Binary char from input, check message",
"client": { "client": {
"ip": "200.249.12.31", "ip": "200.249.12.31",
"port": 2313 "port": 2313
@@ -595,5 +595,132 @@
"SecAuditLogType Serial", "SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
] ]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : Binary char from input, check body",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"Content-Type": "application/x-www-form-urlencoded",
"Content-Length": "3"
},
"uri": "\/?attack=true",
"method": "POST",
"http_version": 1.1,
"body": [
"\u00ad=\u00ad"
]
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "\"body\":\"\\\\\\\\xc2\\\\\\\\xad=\\\\\\\\xc2\\\\\\\\xad\\\\\\\\x0a",
"debug_log": "",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS_NAMES \"@rx attack\" \"id:1,phase:2,deny,t:none",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCHJZ",
"SecAuditLogFormat JSON",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLog /tmp/audit_test_prefix.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : Binary char from input, check header",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"Content-Type": "application/x-www-form-urlencoded",
"Content-Length": "3",
"X-\u00ad-custom": "Some \u00ad value"
},
"uri": "\/?attack=true",
"method": "POST",
"http_version": 1.1,
"body": [
"\u00ad=\u00ad"
]
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "\"X-\\\\\\\\xc2\\\\\\\\xad-custom\":\"Some \\\\\\\\xc2\\\\\\\\xad value\"",
"debug_log": "",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS|ARGS_NAMES \"@rx attack\" \"id:1,phase:2,deny,t:none",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABHJZ",
"SecAuditLogFormat JSON",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLog /tmp/audit_test_prefix.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
} }
] ]