mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2026-01-02 14:44:45 +03:00
Uses unique_ptr on REMOTE_USER
This commit is contained in:
Felipe Zimmerle
committed by
Felipe Zimmerle
Felipe Zimmerle
parent
820396f784
commit
7afcd3046d
@@ -30,44 +30,21 @@
|
||||
#include <memory>
|
||||
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "src/utils/base64.h"
|
||||
|
||||
|
||||
namespace modsecurity {
|
||||
namespace variables {
|
||||
|
||||
|
||||
|
||||
void RemoteUser::evaluate(Transaction *transaction,
|
||||
VariableValues *l) {
|
||||
size_t pos;
|
||||
std::string base64;
|
||||
std::string header;
|
||||
auto userName = parserRemoteUser(transaction);
|
||||
auto var = std::make_shared<VariableValue>(
|
||||
std::unique_ptr<std::string>(new std::string(userName.first)),
|
||||
&m_retName);
|
||||
var->addOrigin(userName.second);
|
||||
|
||||
VariableValues l2;
|
||||
transaction->m_variableRequestHeaders.resolve("authorization", &l2);
|
||||
|
||||
if (l2.size() < 1) {
|
||||
return;
|
||||
}
|
||||
|
||||
header = std::string(l2.at(0)->getValue());
|
||||
|
||||
if (header.compare(0, 6, "Basic ") == 0) {
|
||||
base64 = std::string(header, 6, header.length());
|
||||
}
|
||||
|
||||
base64 = Utils::Base64::decode(base64);
|
||||
|
||||
pos = base64.find(":");
|
||||
if (pos == std::string::npos) {
|
||||
return;
|
||||
}
|
||||
transaction->m_variableRemoteUser.assign(std::string(base64, 0, pos));
|
||||
|
||||
auto var = std::make_shared<VariableValue>(&m_retName, &transaction->m_variableRemoteUser);
|
||||
|
||||
for (auto &i : l2[0]->getOrigin()) {
|
||||
var->addOrigin(i);
|
||||
}
|
||||
l->push_back(std::move(var));
|
||||
}
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
#define SRC_VARIABLES_REMOTE_USER_H_
|
||||
|
||||
#include "src/variables/variable.h"
|
||||
#include "src/utils/base64.h"
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
@@ -38,6 +39,38 @@ class RemoteUser : public Variable {
|
||||
|
||||
void evaluate(Transaction *transaction,
|
||||
VariableValues *l) override;
|
||||
|
||||
static std::pair<std::string, VariableOrigin> parserRemoteUser(Transaction *transaction) {
|
||||
size_t pos;
|
||||
std::string base64;
|
||||
std::string header;
|
||||
|
||||
VariableValues l2;
|
||||
transaction->m_variableRequestHeaders.resolve("authorization", &l2);
|
||||
|
||||
if (l2.size() < 1) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
header = std::string(l2.at(0)->getValue());
|
||||
|
||||
if (header.compare(0, 6, "Basic ") == 0) {
|
||||
base64 = std::string(header, 6, header.length());
|
||||
}
|
||||
|
||||
base64 = Utils::Base64::decode(base64);
|
||||
|
||||
pos = base64.find(":");
|
||||
if (pos == std::string::npos) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
return std::make_pair(std::string(base64, 0, pos), l2[0]->getOrigin()[0]);
|
||||
err:
|
||||
return std::make_pair(std::string(""), VariableOrigin());
|
||||
|
||||
}
|
||||
|
||||
std::string m_retName;
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user