github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds capture action to detectSQLi

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-03-09 12:53:00 -03:00
parent 0f361b7065
commit 70ace0faa4
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
5 changed files with 68 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.x - YYYY-MMM-DD (To be released)
-------------------------------------
- Adds capture action to detectSQLi
[Issue #1698 - @zimmerle]
- Adds capture action to rbl
[Issue #1698 - @zimmerle]
- Adds capture action to verifyCC

1
Makefile.am
View File

@ -138,6 +138,7 @@ TESTS+=test/test-cases/regression/issue-960.json
TESTS+=test/test-cases/regression/misc.json
TESTS+=test/test-cases/regression/misc-variable-under-quotes.json
TESTS+=test/test-cases/regression/offset-variable.json
TESTS+=test/test-cases/regression/operator-detectsqli.json
TESTS+=test/test-cases/regression/operator-fuzzyhash.json
TESTS+=test/test-cases/regression/operator-inpectFile.json
TESTS+=test/test-cases/regression/operator-ipMatchFromFile.json

22
src/operators/detect_sqli.cc
View File

@ -25,25 +25,35 @@ namespace modsecurity {
namespace operators {
bool DetectSQLi::evaluate(Transaction *transaction, const std::string &input) {
bool DetectSQLi::evaluate(Transaction *t, Rule *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
char fingerprint[8];
int issqli;
issqli = libinjection_sqli(input.c_str(), input.length(), fingerprint);
if (issqli) {
if (transaction) {
transaction->m_matched.push_back(fingerprint);
if (t) {
t->m_matched.push_back(fingerprint);
#ifndef NO_LOGS
transaction->debug(4, "detected SQLi using libinjection with " \
t->debug(4, "detected SQLi using libinjection with " \
"fingerprint '" + std::string(fingerprint) + "' at: '" +
input + "'");
#endif
if (rule && t
&& rule->getActionsByName("capture").size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(fingerprint));
#ifndef NO_LOGS
t->debug(7, "Added DetectSQLi match TX.0: " + \
std::string(fingerprint));
#endif
}
}
} else {
if (transaction) {
if (t) {
#ifndef NO_LOGS
transaction->debug(9, "detected SQLi: not able to find an " \
t->debug(9, "detected SQLi: not able to find an " \
"inject on '" + input + "'");
#endif
}

4
src/operators/detect_sqli.h
View File

@ -32,7 +32,9 @@ class DetectSQLi : public Operator {
m_match_message.assign("detected SQLi using libinjection.");
}
bool evaluate(Transaction *transaction, const std::string &input);
bool evaluate(Transaction *t, Rule *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
};
} // namespace operators

46
test/test-cases/regression/operator-detectsqli.json Normal file
View File

@ -0,0 +1,46 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing Operator :: @detectSQLi",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded"
},
"uri":"/",
"method":"POST",
"body": [
"param1=ascii(substring(version() from 1 for 1))&param2=value2"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Added DetectSQLi match TX.0: f\\(f\\(f"
},
"rules":[
"SecRuleEngine On",
"SecRule ARGS \"@detectSQLi\" \"id:1,phase:2,capture,pass,t:trim\""
]
}
]