mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 11:44:32 +03:00
A pattern of "" (empty string) should always match.
This commit is contained in:
brectanus
@@ -409,8 +409,17 @@ static int msre_op_within_execute(modsec_rec *msr, msre_rule *rule, msre_var *va
|
|||||||
target = var->value;
|
target = var->value;
|
||||||
target_length = var->value_len;
|
target_length = var->value_len;
|
||||||
|
|
||||||
/* These are impossible to match */
|
/* The empty string always matches */
|
||||||
if ((match_length == 0) || (target_length > match_length)) {
|
if (target_length == 0) {
|
||||||
|
/* Match. */
|
||||||
|
*error_msg = apr_psprintf(msr->mp, "String match \"\" within \"%s\" at %s.",
|
||||||
|
log_escape_ex(msr->mp, match, match_length),
|
||||||
|
var->name);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This is impossible to match */
|
||||||
|
if (target_length > match_length) {
|
||||||
/* No match. */
|
/* No match. */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -424,10 +433,10 @@ static int msre_op_within_execute(modsec_rec *msr, msre_rule *rule, msre_var *va
|
|||||||
if (match[i] == target[0]) {
|
if (match[i] == target[0]) {
|
||||||
if (memcmp((target + 1), (match + i + 1), (target_length - 1)) == 0) {
|
if (memcmp((target + 1), (match + i + 1), (target_length - 1)) == 0) {
|
||||||
/* match. */
|
/* match. */
|
||||||
*error_msg = apr_psprintf(msr->mp, "String match %s=\"%s\" within \"%s\".",
|
*error_msg = apr_psprintf(msr->mp, "String match \"%s\" within \"%s\" at %s.",
|
||||||
var->name,
|
|
||||||
log_escape_ex(msr->mp, target, target_length),
|
log_escape_ex(msr->mp, target, target_length),
|
||||||
log_escape_ex(msr->mp, match, match_length));
|
log_escape_ex(msr->mp, match, match_length),
|
||||||
|
var->name);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -475,8 +484,15 @@ static int msre_op_contains_execute(modsec_rec *msr, msre_rule *rule, msre_var *
|
|||||||
target_length = var->value_len;
|
target_length = var->value_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* These are impossible to match */
|
/* The empty string always matches */
|
||||||
if ((match_length == 0) || (match_length > target_length)) {
|
if (match_length == 0) {
|
||||||
|
/* Match. */
|
||||||
|
*error_msg = apr_psprintf(msr->mp, "String match \"\" at %s.", var->name);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This is impossible to match */
|
||||||
|
if (match_length > target_length) {
|
||||||
/* No match. */
|
/* No match. */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -539,8 +555,15 @@ static int msre_op_containsWord_execute(modsec_rec *msr, msre_rule *rule, msre_v
|
|||||||
target_length = var->value_len;
|
target_length = var->value_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* These are impossible to match */
|
/* The empty string always matches */
|
||||||
if ((match_length == 0) || (match_length > target_length)) {
|
if (match_length == 0) {
|
||||||
|
/* Match. */
|
||||||
|
*error_msg = apr_psprintf(msr->mp, "String match \"\" at %s.", var->name);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This is impossible to match */
|
||||||
|
if (match_length > target_length) {
|
||||||
/* No match. */
|
/* No match. */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
name => "contains",
|
name => "contains",
|
||||||
param => "",
|
param => "",
|
||||||
input => "",
|
input => "",
|
||||||
ret => 0,
|
ret => 1,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
type => "op",
|
type => "op",
|
||||||
@@ -18,7 +18,7 @@
|
|||||||
name => "contains",
|
name => "contains",
|
||||||
param => "",
|
param => "",
|
||||||
input => "TestCase",
|
input => "TestCase",
|
||||||
ret => 0,
|
ret => 1,
|
||||||
},
|
},
|
||||||
|
|
||||||
### General
|
### General
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
name => "containsWord",
|
name => "containsWord",
|
||||||
param => "",
|
param => "",
|
||||||
input => "",
|
input => "",
|
||||||
ret => 0,
|
ret => 1,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
type => "op",
|
type => "op",
|
||||||
@@ -18,7 +18,7 @@
|
|||||||
name => "containsWord",
|
name => "containsWord",
|
||||||
param => "",
|
param => "",
|
||||||
input => "TestCase",
|
input => "TestCase",
|
||||||
ret => 0,
|
ret => 1,
|
||||||
},
|
},
|
||||||
|
|
||||||
### General
|
### General
|
||||||
|
|||||||
@@ -1 +1,52 @@
|
|||||||
|
### Empty
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "",
|
||||||
|
input => "",
|
||||||
|
ret => 1,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "TestCase",
|
||||||
|
input => "",
|
||||||
|
ret => 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "",
|
||||||
|
input => "TestCase",
|
||||||
|
ret => 1,
|
||||||
|
},
|
||||||
|
|
||||||
|
### General
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "abc",
|
||||||
|
input => "abcdefghi",
|
||||||
|
ret => 1,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "def",
|
||||||
|
input => "abcdefghi",
|
||||||
|
ret => 1,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "ghi",
|
||||||
|
input => "abcdefghi",
|
||||||
|
ret => 1,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type => "op",
|
||||||
|
name => "m",
|
||||||
|
param => "ghij",
|
||||||
|
input => "abcdefghi",
|
||||||
|
ret => 0,
|
||||||
|
},
|
||||||
|
|||||||
@@ -4,14 +4,14 @@
|
|||||||
name => "within",
|
name => "within",
|
||||||
param => "",
|
param => "",
|
||||||
input => "",
|
input => "",
|
||||||
ret => 0,
|
ret => 1,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
type => "op",
|
type => "op",
|
||||||
name => "within",
|
name => "within",
|
||||||
param => "TestCase",
|
param => "TestCase",
|
||||||
input => "",
|
input => "",
|
||||||
ret => 0,
|
ret => 1,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
type => "op",
|
type => "op",
|
||||||
|
|||||||
Reference in New Issue
Block a user