github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered

Browse Source
This commit is contained in:
ivanr
2009-12-12 14:21:17 +00:00
parent 62f7e68234
commit 6d5e752cb3
4 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apache2/modsecurity.c
View File

@@ -295,6 +295,10 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments."); msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments.");
return -1; return -1;
} }
if (invalid_count) {
msr->urlencoded_error = 1;
}
} }
msr->arguments_to_sanitize = apr_table_make(msr->mp, 16); msr->arguments_to_sanitize = apr_table_make(msr->mp, 16);

2
apache2/modsecurity.h
View File

@@ -257,6 +257,8 @@ struct modsec_rec {
apr_table_t *request_headers_to_sanitize; apr_table_t *request_headers_to_sanitize;
apr_table_t *response_headers_to_sanitize; apr_table_t *response_headers_to_sanitize;
apr_table_t *request_cookies; apr_table_t *request_cookies;
unsigned int urlencoded_error;
unsigned int is_relevant; unsigned int is_relevant;

4
apache2/msc_reqbody.c
View File

@@ -423,6 +423,10 @@ static apr_status_t modsecurity_request_body_end_urlencoded(modsec_rec *msr, cha
*error_msg = apr_pstrdup(msr->mp, "Initialisation: Error occurred while parsing BODY arguments."); *error_msg = apr_pstrdup(msr->mp, "Initialisation: Error occurred while parsing BODY arguments.");
return -1; return -1;
} }
if (invalid_count) {
msr->urlencoded_error = 1;
}
return 1; return 1;
} }

23
apache2/re_variables.c
View File

@@ -1414,6 +1414,18 @@ static int var_multipart_unmatched_boundary_generate(modsec_rec *msr, msre_var *
} }
} }
/* URLENCODED_ERROR */
static int var_urlencoded_error_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
if (msr->urlencoded_error) {
return var_simple_generate(var, vartab, mptmp, "1");
} else {
return var_simple_generate(var, vartab, mptmp, "0");
}
}
/* TIME */ /* TIME */
static int var_time_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, static int var_time_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -2972,6 +2984,17 @@ void msre_engine_register_default_variables(msre_engine *engine) {
VAR_CACHE, VAR_CACHE,
PHASE_RESPONSE_HEADERS PHASE_RESPONSE_HEADERS
); );
/* URLENCODED_ERROR */
msre_engine_variable_register(engine,
"URLENCODED_ERROR",
VAR_SIMPLE,
0, 0,
NULL,
var_urlencoded_error_generate,
VAR_DONT_CACHE, /* flag */
PHASE_REQUEST_HEADERS
);
/* USER */ /* USER */
msre_engine_variable_register(engine, msre_engine_variable_register(engine,