github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added MULTIPART_NAME and MULTIPART_FILENAME variables

Browse Source
This commit is contained in:
Breno Silva 2013-03-04 11:54:13 -04:00
parent bc65c3e40f
commit 4db1f51f39
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apache2/modsecurity.h
View File

@ -355,6 +355,8 @@ struct modsec_rec {
apr_size_t msc_reqbody_no_files_length; apr_size_t msc_reqbody_no_files_length;
char *multipart_filename;
char *multipart_name;
multipart_data *mpd; /* MULTIPART processor data structure */ multipart_data *mpd; /* MULTIPART processor data structure */
xml_data *xml; /* XML processor data structure */ xml_data *xml; /* XML processor data structure */

4
apache2/msc_multipart.c
View File

@ -184,6 +184,8 @@ static int multipart_parse_content_disposition(modsec_rec *msr, char *c_d_value)
validate_quotes(msr, value); validate_quotes(msr, value);
msr->multipart_name = apr_pstrdup(msr->mp, value);
if (msr->mpd->mpp->name != NULL) { if (msr->mpd->mpp->name != NULL) {
msr_log(msr, 4, "Multipart: Warning: Duplicate Content-Disposition name: %s", msr_log(msr, 4, "Multipart: Warning: Duplicate Content-Disposition name: %s",
log_escape_nq(msr->mp, value)); log_escape_nq(msr->mp, value));
@ -201,6 +203,8 @@ static int multipart_parse_content_disposition(modsec_rec *msr, char *c_d_value)
validate_quotes(msr, value); validate_quotes(msr, value);
msr->multipart_filename = apr_pstrdup(msr->mp, value);
if (msr->mpd->mpp->filename != NULL) { if (msr->mpd->mpp->filename != NULL) {
msr_log(msr, 4, "Multipart: Warning: Duplicate Content-Disposition filename: %s", msr_log(msr, 4, "Multipart: Warning: Duplicate Content-Disposition filename: %s",
log_escape_nq(msr->mp, value)); log_escape_nq(msr->mp, value));

38
apache2/re_variables.c
View File

@ -1289,6 +1289,22 @@ static int var_modsec_build_generate(modsec_rec *msr, msre_var *var, msre_rule *
return var_simple_generate(var, vartab, mptmp, modsec_build(mptmp)); return var_simple_generate(var, vartab, mptmp, modsec_build(mptmp));
} }
/* MULTIPART_FILENAME */
static int var_multipart_filename_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
return var_simple_generate(var, vartab, mptmp, msr->multipart_filename);
}
/* MULTIPART_NAME */
static int var_multipart_name_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
return var_simple_generate(var, vartab, mptmp, msr->multipart_name);
}
/* MULTIPART_BOUNDARY_QUOTED */ /* MULTIPART_BOUNDARY_QUOTED */
static int var_multipart_boundary_quoted_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, static int var_multipart_boundary_quoted_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@ -2813,6 +2829,28 @@ void msre_engine_register_default_variables(msre_engine *engine) {
PHASE_REQUEST_HEADERS PHASE_REQUEST_HEADERS
); );
/* MULTIPART_FILENAME */
msre_engine_variable_register(engine,
"MULTIPART_FILENAME",
VAR_SIMPLE,
0, 0,
NULL,
var_multipart_filename_generate,
VAR_CACHE,
PHASE_REQUEST_BODY
);
/* MULTIPART_NAME */
msre_engine_variable_register(engine,
"MULTIPART_NAME",
VAR_SIMPLE,
0, 0,
NULL,
var_multipart_name_generate,
VAR_CACHE,
PHASE_REQUEST_BODY
);
/* MULTIPART_BOUNDARY_QUOTED */ /* MULTIPART_BOUNDARY_QUOTED */
msre_engine_variable_register(engine, msre_engine_variable_register(engine,
"MULTIPART_BOUNDARY_QUOTED", "MULTIPART_BOUNDARY_QUOTED",