github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-07 14:56:19 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add capture action to @detectXSS operator

Browse Source
This commit is contained in:
Victor Hora
2017-07-04 12:17:40 -04:00
committed by Felipe Zimmerle
parent 185ec6f72e
commit 9b90d86f75
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apache2/re_operators.c
View File

@@ -2158,12 +2158,14 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
*/ */
static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
char **error_msg) { char **error_msg) {
int capture;
int is_xss; int is_xss;
is_xss = libinjection_xss(var->value, var->value_len); is_xss = libinjection_xss(var->value, var->value_len);
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
if (is_xss) { if (is_xss) {
set_match_to_tx(msr, capture, var->value, 0);
*error_msg = apr_psprintf(msr->mp, "detected XSS using libinjection."); *error_msg = apr_psprintf(msr->mp, "detected XSS using libinjection.");
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {