github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds a set of sanity checks to validate API inputs (1 of 2)

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-06-21 12:59:19 -07:00
parent 5a32b389b4
commit 49b7ea99e6
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/transaction.cc
View File

@ -235,7 +235,7 @@ int Transaction::processConnection(const char *client, int cPort,
bool Transaction::extractArguments(const std::string &orig, bool Transaction::extractArguments(const std::string &orig,
const std::string& buf, size_t offset) { const std::string& buf, size_t offset) {
char sep1 = '&'; char sep1 = '&';
std::vector<std::string> key_value_sets = utils::string::split(buf, sep1); std::vector<std::string> key_value_sets = utils::string::ssplit(buf, sep1);
for (std::string t : key_value_sets) { for (std::string t : key_value_sets) {
char sep2 = '='; char sep2 = '=';
@ -247,7 +247,7 @@ bool Transaction::extractArguments(const std::string &orig,
std::string key; std::string key;
std::string value; std::string value;
std::vector<std::string> key_value = utils::string::split(t, sep2); std::vector<std::string> key_value = utils::string::ssplit(t, sep2);
for (auto& a : key_value) { for (auto& a : key_value) {
if (i == 0) { if (i == 0) {
key = a; key = a;
@ -515,7 +515,7 @@ int Transaction::addRequestHeader(const std::string& key,
if (keyl == "cookie") { if (keyl == "cookie") {
size_t localOffset = m_variableOffset; size_t localOffset = m_variableOffset;
std::vector<std::string> cookies = utils::string::split(value, ';'); std::vector<std::string> cookies = utils::string::ssplit(value, ';');
for (const std::string &c : cookies) { for (const std::string &c : cookies) {
std::vector<std::string> s = utils::string::split(c, std::vector<std::string> s = utils::string::split(c,
'='); '=');

13
src/utils/string.cc
View File

@ -170,7 +170,7 @@ std::string toupper(std::string str) {
} }
std::vector<std::string> split(std::string str, char delimiter) { std::vector<std::string> ssplit(std::string str, char delimiter) {
std::vector<std::string> internal; std::vector<std::string> internal;
std::stringstream ss(str); // Turn the string into a stream. std::stringstream ss(str); // Turn the string into a stream.
std::string tok; std::string tok;
@ -183,6 +183,17 @@ std::vector<std::string> split(std::string str, char delimiter) {
} }
std::vector<std::string> split(std::string str, char delimiter) {
std::vector<std::string> internal = ssplit(str, delimiter);
if (internal.size() == 0) {
internal.push_back(str);
}
return internal;
}
void chomp(std::string *str) { void chomp(std::string *str) {
std::string::size_type pos = str->find_last_not_of("\n\r"); std::string::size_type pos = str->find_last_not_of("\n\r");
if (pos != std::string::npos) { if (pos != std::string::npos) {

1
src/utils/string.h
View File

@ -64,6 +64,7 @@ std::string string_to_hex(const std::string& input);
std::string toHexIfNeeded(const std::string &str); std::string toHexIfNeeded(const std::string &str);
std::string tolower(std::string str); std::string tolower(std::string str);
std::string toupper(std::string str); std::string toupper(std::string str);
std::vector<std::string> ssplit(std::string str, char delimiter);
std::vector<std::string> split(std::string str, char delimiter); std::vector<std::string> split(std::string str, char delimiter);
void chomp(std::string *str); void chomp(std::string *str);
void replaceAll(std::string *str, const std::string& from, void replaceAll(std::string *str, const std::string& from,