github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 06:36:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to the @detectSQLi operator

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-08-13 23:33:57 -03:00
parent 4baee88eb3
commit 1de6d07dfd
3 changed files with 33 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.am
View File

@ -182,6 +182,7 @@ libmodsecurity_la_SOURCES = \
LIBINJECTION = \ LIBINJECTION = \
../others/libinjection/src/libinjection_html5.c \ ../others/libinjection/src/libinjection_html5.c \
../others/libinjection/src/libinjection_sqli.c \
../others/libinjection/src/libinjection_xss.c ../others/libinjection/src/libinjection_xss.c

41
src/operators/detect_sqli.cc
View File

@ -18,26 +18,41 @@
#include <string> #include <string>
#include "operators/operator.h" #include "operators/operator.h"
#include "others/libinjection/src/libinjection.h"
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
bool DetectSQLi::evaluate(Assay *assay) {
/**
* @todo Implement the operator BeginsWith.
* Reference: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#detectsqli
*/
return true; bool DetectSQLi::evaluate(Assay *assay, const std::string &input) {
char fingerprint[8];
int issqli;
// int capture;
issqli = libinjection_sqli(input.c_str(), input.length(), fingerprint);
// capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
if (issqli) {
// set_match_to_tx(msr, capture, fingerprint, 0);
if (assay) {
assay->debug(4, "detected SQLi using libinjection with " \
"fingerprint '" + std::string(fingerprint) + "' at: '" +
input + "'");
}
} else {
if (assay) {
assay->debug(9, "detected SQLi: not able to find an inject on '" +
input + "'");
}
}
if (negation) {
return issqli == 0;
}
return issqli != 0;
} }
DetectSQLi::DetectSQLi(std::string op, std::string param,
bool negation)
: Operator() {
this->op = op;
this->param = param;
}
} // namespace operators } // namespace operators
} // namespace ModSecurity } // namespace ModSecurity

8
src/operators/detect_sqli.h
View File

@ -20,20 +20,20 @@
#include "operators/operator.h" #include "operators/operator.h"
#ifdef __cplusplus
namespace ModSecurity { namespace ModSecurity {
namespace operators { namespace operators {
class DetectSQLi : public Operator { class DetectSQLi : public Operator {
public: public:
/** @ingroup ModSecurity_Operator */ /** @ingroup ModSecurity_Operator */
DetectSQLi(std::string o, std::string p, bool i); DetectSQLi(std::string op, std::string param, bool negation)
bool evaluate(Assay *assay); : Operator(op, param, negation) { }
bool evaluate(Assay *assay, const std::string &input);
}; };
} // namespace operators } // namespace operators
} // namespace ModSecurity } // namespace ModSecurity
#endif
#endif // SRC_OPERATORS_DETECT_SQLI_H_ #endif // SRC_OPERATORS_DETECT_SQLI_H_