github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add capture action to @detectXSS operator

Browse Source
This commit is contained in:
Victor Hora 2017-07-04 12:17:40 -04:00 committed by Felipe Zimmerle
parent 185ec6f72e
commit 9b90d86f75
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apache2/re_operators.c
View File

@ -2158,12 +2158,14 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
*/
static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
char **error_msg) {
int capture;
int is_xss;
is_xss = libinjection_xss(var->value, var->value_len);
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
if (is_xss) {
set_match_to_tx(msr, capture, var->value, 0);
*error_msg = apr_psprintf(msr->mp, "detected XSS using libinjection.");
if (msr->txcfg->debuglog_level >= 9) {