github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix SecRuleUpdateTargetByTag with regular expressions

Browse Source
This commit is contained in:
Felipe Zimmerle 2019-05-31 01:02:31 -03:00
parent b5823d4e0c
commit 5472362313
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 128 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/variables/variable.h
View File

@ -106,7 +106,7 @@ namespace variables {
class KeyExclusion {
public:
virtual bool match(std::string &a) = 0;
virtual bool match(const std::string &a) = 0;
virtual ~KeyExclusion() { }
};
@ -121,7 +121,7 @@ class KeyExclusionRegex : public KeyExclusion {
~KeyExclusionRegex() override { }
bool match(std::string &a) override {
bool match(const std::string &a) override {
return m_re.searchAll(a).size() > 0;
}
@ -136,7 +136,7 @@ class KeyExclusionString : public KeyExclusion {
~KeyExclusionString() override { }
bool match(std::string &a) override {
bool match(const std::string &a) override {
return a.size() == m_key.size() && std::equal(a.begin(), a.end(),
m_key.begin(),
[](char aa, char bb) {
@ -608,6 +608,10 @@ class Variables : public std::vector<Variable *> {
bool contains(const std::string &v) {
return std::find_if(begin(), end(),
[v](Variable *m) -> bool {
VariableRegex *r = dynamic_cast<VariableRegex *>(m);
if (r) {
return r->m_r.searchAll(v).size() > 0;
}
return v == *m->m_fullName.get();
}) != end();
};

122
test/test-cases/regression/config-update-target-by-tag.json
View File

@ -2,7 +2,7 @@
{
"enabled":1,
"version_min":300000,
"title":"SecRuleUpdateTargetByTag",
"title":"SecRuleUpdateTargetByTag (1/4)",
"client":{
"ip":"200.249.12.31",
"port":123
@ -38,5 +38,125 @@
"SecRuleUpdateTargetByTag test !ARGS",
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"SecRuleUpdateTargetByTag (2/4)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"http_code": 200
},
"rules":[
"SecRuleEngine On",
"SecRuleUpdateTargetByTag test !ARGS:'/.*y$/'",
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"SecRuleUpdateTargetByTag (3/4)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"http_code": 200
},
"rules":[
"SecRuleEngine On",
"SecRuleUpdateTargetByTag test !ARGS:'/k.*/'",
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"SecRuleUpdateTargetByTag (4/4)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"http_code": 200
},
"rules":[
"SecRuleEngine On",
"SecRuleUpdateTargetByTag test !ARGS:'/ke/'",
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
]
}
]