Adds support to the @detectXSS operator

2025-08-14 05:45:59 +03:00 · 2015-08-13 18:50:57 -03:00 · 2015-08-13 18:50:57 -03:00 · 4baee88eb3
commit 4baee88eb3
parent f0535ae11b
3 changed files with 31 additions and 17 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -174,11 +174,15 @@ libmodsecurity_la_SOURCES = \
 	rule.cc \
 	unique_id.cc \
 	${ACTIONS} \
+	${LIBINJECTION} \
 	${OPERATORS} \
 	${UTILS} \
 	${VARIABLES}


+LIBINJECTION = \
+	../others/libinjection/src/libinjection_html5.c \
+	../others/libinjection/src/libinjection_xss.c


 libmodsecurity_la_CFLAGS = 
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@ -18,25 +18,35 @@
 #include <string>

 #include "operators/operator.h"
-
+#include "others/libinjection/src/libinjection.h"

 namespace ModSecurity {
 namespace operators {

-bool DetectXSS::evaluate(Assay *assay) {
-    /**
-     * @todo Implement the operator DetectXSS.
-     *       Reference: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#detectxss
-     */
-    return true;
+
+bool DetectXSS::evaluate(Assay *assay, const std::string &input) {
+    int is_xss;
+
+    is_xss = libinjection_xss(input.c_str(), input.length());
+
+    if (is_xss) {
+        if (assay) {
+            assay->debug(5, "detected XSS using libinjection.");
+        }
+    } else {
+        if (assay) {
+            assay->debug(9, "libinjection was not able to " \
+                "find any XSS in: " + input);
+        }
+    }
+
+    if (negation) {
+        return is_xss == 0;
+    }
+
+    return is_xss != 0;
 }


-DetectXSS::DetectXSS(std::string op, std::string param, bool negation)
-    : Operator() {
-    this->op = op;
-    this->param = param;
-}
-
 }  // namespace operators
 }  // namespace ModSecurity
--- a/src/operators/detect_xss.h
+++ b/src/operators/detect_xss.h
@ -20,20 +20,20 @@

 #include "operators/operator.h"

-#ifdef __cplusplus
 namespace ModSecurity {
 namespace operators {

 class DetectXSS : public Operator {
 public:
    /** @ingroup ModSecurity_Operator */
-    DetectXSS(std::string o, std::string p, bool i);
-    bool evaluate(Assay *assay);
+    DetectXSS(std::string op, std::string param, bool negation)
+        : Operator(op, param, negation) { }
+
+    bool evaluate(Assay *assay, const std::string &input);
 };

 }  // namespace operators
 }  // namespace ModSecurity
-#endif


 #endif  // SRC_OPERATORS_DETECT_XSS_H_