Adds capture action to detectXSS

2025-08-13 21:36:00 +03:00 · 2018-03-09 16:57:56 -05:00 · 2018-03-09 16:57:56 -05:00 · 22334c9bb6
commit 22334c9bb6
parent b59d19e95a
4 changed files with 71 additions and 10 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.0.x - YYYY-MMM-DD (To be released)
 -------------------------------------

+ - Adds capture action to detectXSS
+   [Issue #1698 - @victorhora]
 - Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
   [Issue #1701 - @victorhora]
 - Adds capture action to detectSQLi
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@ -25,22 +25,33 @@ namespace modsecurity {
 namespace operators {


-bool DetectXSS::evaluate(Transaction *transaction, const std::string &input) {
+bool DetectXSS::evaluate(Transaction *t, Rule *rule,
+    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
    int is_xss;

    is_xss = libinjection_xss(input.c_str(), input.length());

-    if (transaction) {
-#ifndef NO_LOGS
+    if (t) {
        if (is_xss) {
-            transaction->debug(5, "detected XSS using libinjection.");
-        } else {
-            transaction->debug(9, "libinjection was not able to " \
-                "find any XSS in: " + input);
-        }
+#ifndef NO_LOGS
+            t->debug(5, "detected XSS using libinjection.");
 #endif
+            if (rule && t
+                && rule->getActionsByName("capture").size() > 0) {
+                t->m_collections.m_tx_collection->storeOrUpdateFirst(
+                    "0", std::string(input));
+#ifndef NO_LOGS
+                t->debug(7, "Added DetectXSS match TX.0: " + \
+                    std::string(input));
+#endif
+            } 
+        } else {
+#ifndef NO_LOGS
+            t->debug(9, "libinjection was not able to " \
+            "find any XSS in: " + input);
+#endif
+            }
    }
-
    return is_xss != 0;
 }

--- a/src/operators/detect_xss.h
+++ b/src/operators/detect_xss.h
@ -31,7 +31,9 @@ class DetectXSS : public Operator {
            m_match_message.assign("detected XSS using libinjection.");
        }

-    bool evaluate(Transaction *transaction, const std::string &input);
+    bool evaluate(Transaction *t, Rule *rule,
+        const std::string& input,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
 };

 }  // namespace operators
--- a/test/test-cases/regression/operator-detectxss.json
+++ b/test/test-cases/regression/operator-detectxss.json
@ -0,0 +1,46 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @detectXSS",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body": [
+        "param1=<script>alert(1)</script&param2=value2"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Added DetectXSS match TX.0: f\\(f\\(f"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule ARGS \"@detectXSS\" \"id:1,phase:2,capture,pass,t:trim\""
+    ]
+  }
+]