github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to AUTH_TYPE variable

Browse Source
This commit is contained in:
Felipe Zimmerle
2015-07-14 16:40:07 -03:00
parent d86427f1dd
commit 8c408ebcd7
5 changed files with 117 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/assay.cc
View File

@@ -305,6 +305,11 @@ int Assay::addRequestHeader(const std::string& key,
this->store_variable("REQUEST_HEADERS:" + key, value);
if (tolower(key) == tolower("Authorization")) {
std::vector<std::string> type = split(value, ' ');
this->store_variable("AUTH_TYPE", type[0]);
}
return 1;
}

2
src/parser/seclang-scanner.ll
View File

@@ -56,7 +56,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
VARIABLE (?i:ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX)
VARIABLE (?i:AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX)
VARIABLENOCOLON (?i:REQBODY_ERROR|MULTIPART_STRICT_ERROR|MULTIPART_UNMATCHED_BOUNDARY|REMOTE_ADDR|REQUEST_LINE)

14
src/utils.cc
View File

@@ -26,7 +26,7 @@
#include <string>
#include <iostream>
#include <sstream>
#include <cstring>
#if defined _MSC_VER
#include <direct.h>
@@ -90,6 +90,18 @@ void chomp(std::string *str) {
}
std::string tolower(std::string str) {
std::locale loc;
std::string value;
for (std::string::size_type i=0; i < str.length(); ++i) {
value.assign(value + std::tolower(str[i], loc));
}
return value;
}
const char SAFE[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
/* 0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,

1
src/utils.h
View File

@@ -31,6 +31,7 @@ namespace ModSecurity {
std::string dash_if_empty(const std::string& str);
void chomp(std::string *str);
std::string uri_decode(const std::string & sSrc);
std::string tolower(std::string str);
} // namespace ModSecurity
#define SRC_UTILS_H_