github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 22:56:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
fix: add ARGS to sanitize list only if it's not added yet
This commit is contained in:
Ervin Hegedus 2025-05-21 20:59:26 +02:00 committed by GitHub
commit 26161b907e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apache2/modsecurity.h
View File

@ -693,6 +693,7 @@ struct msc_arg {
unsigned int value_origin_offset; unsigned int value_origin_offset;
unsigned int value_origin_len; unsigned int value_origin_len;
const char *origin; const char *origin;
unsigned int marked_for_sanitization;
}; };
struct msc_string { struct msc_string {

1
apache2/msc_json.c
View File

@ -70,6 +70,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
return 0; return 0;
} }
arg->marked_for_sanitization = 0;
apr_table_addn(msr->arguments, apr_table_addn(msr->arguments,
log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *) arg); log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *) arg);

1
apache2/msc_parsers.c
View File

@ -350,6 +350,7 @@ void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg)
assert(msr != NULL); assert(msr != NULL);
assert(arguments != NULL); assert(arguments != NULL);
assert(arg != NULL); assert(arg != NULL);
arg->marked_for_sanitization = 0;
if (msr->txcfg->debuglog_level >= 5) { if (msr->txcfg->debuglog_level >= 5) {
msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"", msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"",
arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len), arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),

3
apache2/re_actions.c
View File

@ -1527,8 +1527,9 @@ static apr_status_t msre_action_sanitizeMatched_execute(modsec_rec *msr, apr_poo
for (i = 0; i < tarr->nelts; i++) { for (i = 0; i < tarr->nelts; i++) {
msc_arg *arg = (msc_arg *)telts[i].val; msc_arg *arg = (msc_arg *)telts[i].val;
assert(arg != NULL); assert(arg != NULL);
if (strcasecmp(sargname, arg->name) == 0) { if (arg->marked_for_sanitization == 0 && strcasecmp(sargname, arg->name) == 0) {
apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg); apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
arg->marked_for_sanitization = 1;
} }
} }
break; break;