github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-19 18:54:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

Actually fix setvar parsing of quoted data

Browse Source
This commit is contained in:
Victor Hora
2018-05-16 23:56:43 -04:00
committed by Felipe Zimmerle
parent e4c822e663
commit 87e64e3c25
5 changed files with 4642 additions and 4591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/parser/seclang-scanner.ll
View File

@@ -428,6 +428,7 @@ COMMA_BUT_SCAPED (,)
FREE_TEXT_QUOTE_MACRO_EXPANSION (([^%'])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][']|[^\\]([\\][\\])+[\\]['])+
FREE_TEXT_DOUBLE_QUOTE_MACRO_EXPANSION ((([^"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
FREE_TEXT_EQUALS_MACRO_EXPANSION ((([^",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\]([\\][\\])+[\\][=])+
FREE_TEXT_EQUALS_QUOTE_MACRO_EXPANSION ((([^'",=%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][=]|[^\\][\\][']|[^\\]([\\][\\])+[\\][=])+
FREE_TEXT_COMMA_MACRO_EXPANSION (([^%,])|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\][,]|[^\\]([\\][\\])+[\\][,])+
FREE_TEXT_COMMA_DOUBLE_QUOTE_MACRO_EXPANSION ((([^,"%])|([%][^{]))|([^\\][\\][%][{])|([^\\]([\\][\\])+[\\][%][{])|[^\\][\\]["]|[^\\]([\\][\\])+[\\]["])+
@@ -719,7 +720,7 @@ EQUALS_MINUS (?i:=\-)
<SETVAR_ACTION_QUOTED_WAITING_CONTENT>{
\' { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{FREE_TEXT_EQUALS_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
{FREE_TEXT_EQUALS_QUOTE_MACRO_EXPANSION} { return p::make_FREE_TEXT_QUOTE_MACRO_EXPANSION(yytext, *driver.loc.back()); }
.|\n { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); yyless(0); }
}