github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Correct whitespace handling for Include directive

Browse Source
This commit is contained in:
Martin Vierula 2022-09-14 12:27:21 -07:00
parent 0840a29c33
commit 53cf6eb6bf
No known key found for this signature in database
GPG Key ID: F2FC4E45883BCBA4
3 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.x.y - YYYY-MMM-DD (to be released) v3.x.y - YYYY-MMM-DD (to be released)
------------------------------------- -------------------------------------
- Correct whitespace handling for Include directive
[Issue #2800 - @877509395, @martinhsv]
v3.0.8 - 2022-Sep-07 v3.0.8 - 2022-Sep-07

21
src/parser/seclang-scanner.cc
View File

@ -5104,7 +5104,7 @@ static const flex_int16_t yy_rule_linenum[544] =
1179, 1180, 1181, 1182, 1184, 1185, 1186, 1187, 1189, 1190, 1179, 1180, 1181, 1182, 1184, 1185, 1186, 1187, 1189, 1190,
1191, 1192, 1194, 1196, 1197, 1199, 1200, 1201, 1202, 1204, 1191, 1192, 1194, 1196, 1197, 1199, 1200, 1201, 1202, 1204,
1209, 1210, 1211, 1215, 1216, 1217, 1222, 1224, 1225, 1226, 1209, 1210, 1211, 1215, 1216, 1217, 1222, 1224, 1225, 1226,
1245, 1272, 1302 1245, 1273, 1303
} ; } ;
/* The intent behind this definition is that it'll catch /* The intent behind this definition is that it'll catch
@ -8530,7 +8530,8 @@ YY_RULE_SETUP
#line 1245 "seclang-scanner.ll" #line 1245 "seclang-scanner.ll"
{ {
std::string err; std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *tmpStr = yytext + strlen("include");
const char *file = tmpStr + strspn( tmpStr, " \t");
std::string fi = modsecurity::utils::find_resource(file, *driver.loc.back()->end.filename, &err); std::string fi = modsecurity::utils::find_resource(file, *driver.loc.back()->end.filename, &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
@ -8557,12 +8558,12 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 542: case 542:
YY_RULE_SETUP YY_RULE_SETUP
#line 1272 "seclang-scanner.ll" #line 1273 "seclang-scanner.ll"
{ {
std::string err; std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *tmpStr = yytext + strlen("include");
char *f = strdup(file + 1); const char *file = tmpStr + strspn( tmpStr, " \t");
f[strlen(f)-1] = '\0'; char *f = strdup(file);
std::string fi = modsecurity::utils::find_resource(f, *driver.loc.back()->end.filename, &err); std::string fi = modsecurity::utils::find_resource(f, *driver.loc.back()->end.filename, &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
@ -8591,7 +8592,7 @@ YY_RULE_SETUP
case 543: case 543:
/* rule 543 can match eol */ /* rule 543 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 1302 "seclang-scanner.ll" #line 1303 "seclang-scanner.ll"
{ {
HttpsClient c; HttpsClient c;
std::string key; std::string key;
@ -8629,10 +8630,10 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 544: case 544:
YY_RULE_SETUP YY_RULE_SETUP
#line 1338 "seclang-scanner.ll" #line 1339 "seclang-scanner.ll"
ECHO; ECHO;
YY_BREAK YY_BREAK
#line 8636 "seclang-scanner.cc" #line 8637 "seclang-scanner.cc"
case YY_END_OF_BUFFER: case YY_END_OF_BUFFER:
{ {
@ -9737,7 +9738,7 @@ void yyfree (void * ptr )
/* %ok-for-header */ /* %ok-for-header */
#line 1338 "seclang-scanner.ll" #line 1339 "seclang-scanner.ll"
namespace modsecurity { namespace modsecurity {

9
src/parser/seclang-scanner.ll
View File

@ -1243,7 +1243,8 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_INCLUDE}[ \t]+{CONFIG_VALUE_PATH} { {CONFIG_INCLUDE}[ \t]+{CONFIG_VALUE_PATH} {
std::string err; std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *tmpStr = yytext + strlen("include");
const char *file = tmpStr + strspn( tmpStr, " \t");
std::string fi = modsecurity::utils::find_resource(file, *driver.loc.back()->end.filename, &err); std::string fi = modsecurity::utils::find_resource(file, *driver.loc.back()->end.filename, &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);
@ -1270,9 +1271,9 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_INCLUDE}[ \t]+["]{CONFIG_VALUE_PATH}["] { {CONFIG_INCLUDE}[ \t]+["]{CONFIG_VALUE_PATH}["] {
std::string err; std::string err;
const char *file = strchr(yytext, ' ') + 1; const char *tmpStr = yytext + strlen("include");
char *f = strdup(file + 1); const char *file = tmpStr + strspn( tmpStr, " \t");
f[strlen(f)-1] = '\0'; char *f = strdup(file);
std::string fi = modsecurity::utils::find_resource(f, *driver.loc.back()->end.filename, &err); std::string fi = modsecurity::utils::find_resource(f, *driver.loc.back()->end.filename, &err);
if (fi.empty() == true) { if (fi.empty() == true) {
BEGIN(INITIAL); BEGIN(INITIAL);