Test case skeleton for #1941

2025-08-13 13:26:01 +03:00 · 2018-10-27 01:29:03 -03:00 · 2018-10-27 01:29:03 -03:00 · 3f0ea90970
commit 3f0ea90970
parent 662fe63a47
8 changed files with 2805 additions and 2696 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -92,6 +92,7 @@ TESTS+=test/test-cases/regression/issue-1812.json
 TESTS+=test/test-cases/regression/issue-1831.json
 TESTS+=test/test-cases/regression/issue-1844.json
 TESTS+=test/test-cases/regression/issue-1725.json
+TESTS+=test/test-cases/regression/issue-1941.json
 TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json
 TESTS+=test/test-cases/regression/config-include.json
 TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json
--- a/others/libinjection
+++ b/others/libinjection
@ -1 +1 @@
-Subproject commit bf234eb2f385b969c4f803b35fda53cffdd93922
+Subproject commit 54e9a6ec017c687c8fad1f347a263a7b259f8525
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -1735,11 +1735,38 @@ expression:
        char *ucode = NULL, *hmap = NULL;
        int processing = 0;

-        std::string file = modsecurity::utils::find_resource($1,
+        std::vector<std::string> param = utils::string::ssplit($1, ' ');
+        if (param.size() <= 1) {
+            std::stringstream ss;
+            ss << "Failed to process unicode map, missing parameter: " << $1 << " ";
+            ss << err;
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
+
+        int num = 0;
+        try {
+            num = std::stod(param.back());
+        } catch (...) {
+            std::stringstream ss;
+            ss << "Failed to process unicode map, last parameter is expected to be a number: " << param.back() << " ";
+            ss << err;
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
+        param.pop_back();
+
+        std::string f;
+        while (param.size() > 0) {
+            f = param.back() + " " + f;
+            param.pop_back();
+        }
+
+        std::string file = modsecurity::utils::find_resource(f,
            driver.ref.back(), &err);
        if (file.empty()) {
            std::stringstream ss;
-            ss << "Failed to load locate the unicode map file from: " << $1 << " ";
+            ss << "Failed to locate the unicode map file from: " << f << " ";
            ss << err;
            driver.error(@0, ss.str());
            YYERROR;
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -774,7 +774,7 @@ EQUALS_MINUS                            (?i:=\-)
 {CONFIG_DIR_RULE_ENG}                                                   { return p::make_CONFIG_DIR_RULE_ENG(yytext, *driver.loc.back()); }
 {CONFIG_DIR_SEC_MARKER}[ \t]+["]{NEW_LINE_FREE_TEXT}["]                 { return p::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_DIR_SEC_MARKER}[ \t]+{NEW_LINE_FREE_TEXT}                       { return p::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
-{CONFIG_DIR_UNICODE_MAP_FILE}[ ]{FREE_TEXT_NEW_LINE}                    { return p::make_CONFIG_DIR_UNICODE_MAP_FILE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
+{CONFIG_DIR_UNICODE_MAP_FILE}[ ]+{FREE_TEXT_NEW_LINE}[ ]+{CONFIG_VALUE_NUMBER}                    { return p::make_CONFIG_DIR_UNICODE_MAP_FILE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_DIR_UNICODE_CODE_PAGE}[ ]{FREE_TEXT_NEW_LINE}               { return p::make_CONFIG_DIR_UNICODE_CODE_PAGE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]+{FREE_TEXT_NEW_LINE}                 { return p::make_CONFIG_SEC_RULE_REMOVE_BY_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+{FREE_TEXT_NEW_LINE}              { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
--- a/test/test-cases/regression/issue-1941.json
+++ b/test/test-cases/regression/issue-1941.json
@ -0,0 +1,44 @@
+[
+  {
+    "enabled": 1,
+    "version_min": 209000,
+    "version_max": -1,
+    "title": "Failed to load locate the unicode map file from: ... 1/n",
+    "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1941",
+    "expected": {
+      "parser_error": "Failed to locate the unicode map file from: does-not-exist-unicode.mapping"
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecUnicodeMapFile does-not-exist-unicode.mapping 20127"
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 209000,
+    "version_max": -1,
+    "title": "Failed to load locate the unicode map file from: ... 2/n",
+    "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1941",
+    "expected": {
+     "parser_error": "Failed to locate the unicode map file from: um dois tres does-not-exist-unicode.mapping"
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecUnicodeMapFile um dois tres does-not-exist-unicode.mapping 20127"
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 209000,
+    "version_max": -1,
+    "title": "Failed to load locate the unicode map file from: ... 3/n",
+    "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1941",
+    "expected": {
+     "parser_error": "Invalid input:  SecUnicodeMapFile does-not-exist-unicode.mapping eita"
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecUnicodeMapFile does-not-exist-unicode.mapping eita"
+    ]
+  }
+]
--- a/test/test-cases/secrules-language-tests
+++ b/test/test-cases/secrules-language-tests
@ -1 +1 @@
-Subproject commit e6b03e46046ce9ce6dcfc0e6ad0820194e21db35
+Subproject commit a9c58a25771493ac2abadffbfd5dce1213d5db93