Adds support to the HtmlEntityDecode transformation

2025-09-30 11:44:32 +03:00 · 2015-08-05 17:20:53 -03:00
parent ce298165dd
commit 1353403c93
5 changed files with 169 additions and 11 deletions
--- a/src/actions/transformations/html_entity_decode.cc
+++ b/src/actions/transformations/html_entity_decode.cc
@@ -15,6 +15,8 @@

 #include "actions/transformations/html_entity_decode.h"

+#include <string.h>
+
 #include <iostream>
 #include <string>
 #include <algorithm>
@@ -24,26 +26,26 @@

 #include "modsecurity/assay.h"
 #include "actions/transformations/transformation.h"
+#include "src/utils.h"


 namespace ModSecurity {
 namespace actions {
 namespace transformations {

-HtmlEntityDecode::HtmlEntityDecode(std::string action)
-    : Transformation(action) {
-    this->action_kind = 1;
-}

 std::string HtmlEntityDecode::evaluate(std::string value,
    Assay *assay) {
-    /**
-     * @todo Implement the transformation HtmlEntityDecode
-     */
-    assay->debug(4, "Transformation HtmlEntityDecode is not implemented yet.");
-    return value;
+    char *tmp = strdup(value.c_str());
+    int res = html_entities_decode_inplace((unsigned char *)tmp, value.size());
+    std::string ret("");
+    ret.assign(tmp);
+    free(tmp);
+
+    return ret;
 }

+
 }  // namespace transformations
 }  // namespace actions
 }  // namespace ModSecurity
--- a/src/actions/transformations/html_entity_decode.h
+++ b/src/actions/transformations/html_entity_decode.h
@@ -28,13 +28,17 @@ class Assay;
 namespace actions {
 namespace transformations {

+
 class HtmlEntityDecode : public Transformation {
 public:
-    explicit HtmlEntityDecode(std::string action);
+    explicit HtmlEntityDecode(std::string action)
+        : Transformation(action) { }
+
    std::string evaluate(std::string exp,
        Assay *assay) override;
 };

+
 }  // namespace transformations
 }  // namespace actions
 }  // namespace ModSecurity
--- a/src/actions/transformations/transformation.cc
+++ b/src/actions/transformations/transformation.cc
@@ -81,7 +81,7 @@ Transformation* Transformation::instantiate(std::string a) {
    IF_MATCH(escape_seq_decode) { return new EscapeSeqDecode(a); }
    IF_MATCH(hex_decode) { return new HexDecode(a); }
    IF_MATCH(hex_encode) { return new HexEncode(a); }
-    IF_MATCH(html_entity_decode) { return new HtmlEntityDecode(a); }
+    IF_MATCH(htmlEntityDecode) { return new HtmlEntityDecode(a); }
    IF_MATCH(jsDecode) { return new JsDecode(a); }
    IF_MATCH(length) { return new Length(a); }
    IF_MATCH(lowercase) { return new LowerCase(a); }