github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix utils::string::ssplit() to handle delimiter in the end of string

Browse Source 
This closes #1743.
This commit is contained in:
Andrei Belov 2018-04-18 11:27:17 +03:00 committed by Felipe Zimmerle
parent 5018358371
commit 5e65d560f8
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
4 changed files with 82 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -136,6 +136,7 @@ TESTS+=test/test-cases/regression/issue-1576.json
TESTS+=test/test-cases/regression/issue-1591.json
TESTS+=test/test-cases/regression/issue-394.json
TESTS+=test/test-cases/regression/issue-960.json
TESTS+=test/test-cases/regression/issue-1743.json
TESTS+=test/test-cases/regression/misc.json
TESTS+=test/test-cases/regression/misc-variable-under-quotes.json
TESTS+=test/test-cases/regression/offset-variable.json

7
src/utils/string.cc
View File

@ -178,9 +178,14 @@ std::vector<std::string> ssplit(std::string str, char delimiter) {
std::vector<std::string> internal;
std::stringstream ss(str); // Turn the string into a stream.
std::string tok;
ssize_t n = str.length();
int i = 0;
while (getline(ss, tok, delimiter)) {
internal.push_back(tok);
n -= tok.length();
if (i > 0) n--;
internal.push_back(n == 1 ? tok + delimiter : tok);
i++;
}
return internal;

2
test/test-cases/regression/action-tnf-base64.json
View File

@ -66,7 +66,7 @@
"uri":"/",
"method":"POST",
"body": [
"param1=dmFsdWUyCg==&param2=value2"
"param1=dmFsdWUy&param2=value2"
]
},
"response":{

74
test/test-cases/regression/issue-1743.json Normal file
View File

@ -0,0 +1,74 @@
[
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Regex match does not work when arg ends with unescaped equal char (1/2)",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1743",
"gihub_issue": 9999,
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"uri":"/?x=foo%3d",
"headers": "",
"body": "",
"method": "GET",
"http_version": 1.1
},
"response": {
"headers": "",
"body": ""
},
"expected": {
"debug_log": "Rule returned 1",
"error_log": "Value: `foo='",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"foo?=\" \"phase:2,id:1,capture,t:none,t:lowercase,deny,msg:'XSS Attack Detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'\""
]
},
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Regex match does not work when arg ends with unescaped equal char (2/2)",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1743",
"gihub_issue": 9999,
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"uri":"/?x=foo=",
"headers": "",
"body": "",
"method": "GET",
"http_version": 1.1
},
"response": {
"headers": "",
"body": ""
},
"expected": {
"debug_log": "Rule returned 1",
"error_log": "Value: `foo='",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"foo?=\" \"phase:2,id:1,capture,t:none,t:lowercase,deny,msg:'XSS Attack Detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'\""
]
}
]