Fix utils::string::ssplit() to handle delimiter in the end of string

This closes #1743.
2025-09-29 11:16:33 +03:00 · 2018-04-18 11:27:17 +03:00
parent 5018358371
commit 5e65d560f8
4 changed files with 82 additions and 2 deletions
--- a/test/test-cases/regression/action-tnf-base64.json
+++ b/test/test-cases/regression/action-tnf-base64.json
@@ -66,7 +66,7 @@
      "uri":"/",
      "method":"POST",
      "body": [
-        "param1=dmFsdWUyCg==&param2=value2"
+        "param1=dmFsdWUy&param2=value2"
      ]
    },
    "response":{
--- a/test/test-cases/regression/issue-1743.json
+++ b/test/test-cases/regression/issue-1743.json
@@ -0,0 +1,74 @@
+[
+{
+  "enabled": 1,
+  "version_min": 209000,
+  "version_max": -1,
+  "title": "Regex match does not work when arg ends with unescaped equal char (1/2)",
+  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1743",
+  "gihub_issue": 9999,
+  "client": {
+    "ip": "200.249.12.31",
+    "port": 2313
+  },
+  "server": {
+    "ip": "200.249.12.31",
+    "port": 80
+  },
+  "request": {
+    "uri":"/?x=foo%3d",
+    "headers": "",
+    "body": "",
+    "method": "GET",
+    "http_version": 1.1
+  },
+  "response": {
+    "headers": "",
+    "body": ""
+  },
+  "expected": {
+    "debug_log": "Rule returned 1",
+    "error_log": "Value: `foo='",
+    "http_code": 403
+  },
+  "rules": [
+    "SecRuleEngine On",
+    "SecRule ARGS \"foo?=\" \"phase:2,id:1,capture,t:none,t:lowercase,deny,msg:'XSS Attack Detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'\""
+  ]
+},
+{
+  "enabled": 1,
+  "version_min": 209000,
+  "version_max": -1,
+  "title": "Regex match does not work when arg ends with unescaped equal char (2/2)",
+  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1743",
+  "gihub_issue": 9999,
+  "client": {
+    "ip": "200.249.12.31",
+    "port": 2313
+  },
+  "server": {
+    "ip": "200.249.12.31",
+    "port": 80
+  },
+  "request": {
+    "uri":"/?x=foo=",
+    "headers": "",
+    "body": "",
+    "method": "GET",
+    "http_version": 1.1
+  },
+  "response": {
+    "headers": "",
+    "body": ""
+  },
+  "expected": {
+    "debug_log": "Rule returned 1",
+    "error_log": "Value: `foo='",
+    "http_code": 403
+  },
+  "rules": [
+    "SecRuleEngine On",
+    "SecRule ARGS \"foo?=\" \"phase:2,id:1,capture,t:none,t:lowercase,deny,msg:'XSS Attack Detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'\""
+  ]
+}
+]