github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds capture action to detectXSS

Browse Source
This commit is contained in:
Victor Hora 2018-03-09 16:57:56 -05:00 committed by Felipe Zimmerle
parent b59d19e95a
commit 22334c9bb6
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
4 changed files with 71 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.x - YYYY-MMM-DD (To be released) v3.0.x - YYYY-MMM-DD (To be released)
------------------------------------- -------------------------------------
- Adds capture action to detectXSS
[Issue #1698 - @victorhora]
- Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator - Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
[Issue #1701 - @victorhora] [Issue #1701 - @victorhora]
- Adds capture action to detectSQLi - Adds capture action to detectSQLi

29
src/operators/detect_xss.cc
View File

@ -25,22 +25,33 @@ namespace modsecurity {
namespace operators { namespace operators {
bool DetectXSS::evaluate(Transaction *transaction, const std::string &input) { bool DetectXSS::evaluate(Transaction *t, Rule *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
int is_xss; int is_xss;
is_xss = libinjection_xss(input.c_str(), input.length()); is_xss = libinjection_xss(input.c_str(), input.length());
if (transaction) { if (t) {
#ifndef NO_LOGS
if (is_xss) { if (is_xss) {
transaction->debug(5, "detected XSS using libinjection."); #ifndef NO_LOGS
} else { t->debug(5, "detected XSS using libinjection.");
transaction->debug(9, "libinjection was not able to " \ #endif
"find any XSS in: " + input); if (rule && t
} && rule->getActionsByName("capture").size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(input));
#ifndef NO_LOGS
t->debug(7, "Added DetectXSS match TX.0: " + \
std::string(input));
#endif #endif
} }
} else {
#ifndef NO_LOGS
t->debug(9, "libinjection was not able to " \
"find any XSS in: " + input);
#endif
}
}
return is_xss != 0; return is_xss != 0;
} }

4
src/operators/detect_xss.h
View File

@ -31,7 +31,9 @@ class DetectXSS : public Operator {
m_match_message.assign("detected XSS using libinjection."); m_match_message.assign("detected XSS using libinjection.");
} }
bool evaluate(Transaction *transaction, const std::string &input); bool evaluate(Transaction *t, Rule *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
}; };
} // namespace operators } // namespace operators

46
test/test-cases/regression/operator-detectxss.json Normal file
View File

@ -0,0 +1,46 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing Operator :: @detectXSS",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded"
},
"uri":"/",
"method":"POST",
"body": [
"param1=<script>alert(1)</script&param2=value2"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Added DetectXSS match TX.0: f\\(f\\(f"
},
"rules":[
"SecRuleEngine On",
"SecRule ARGS \"@detectXSS\" \"id:1,phase:2,capture,pass,t:trim\""
]
}
]