github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

parser: Improves the reading for the url in the redirect action

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-08-15 14:46:18 -03:00
parent 8c66a1b4c2
commit 9ee412735d
4 changed files with 2945 additions and 2924 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/actions/disruptive/redirect.cc
View File

@ -22,6 +22,7 @@
#include "modsecurity/transaction.h"
#include "src/macro_expansion.h"
#include "src/utils/string.h"
namespace modsecurity {
namespace actions {
@ -30,6 +31,7 @@ namespace disruptive {
bool Redirect::init(std::string *error) {
m_url = m_parser_payload;
m_url = utils::string::parserSanitizer(m_url);
m_status = 302;
return true;
}

5860
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

3
src/parser/seclang-scanner.ll
View File

@ -431,7 +431,8 @@ EQUALS_MINUS (?i:=\-)
{ACTION_MATURITY}:{FREE_TEXT_QUOTE} { return p::make_ACTION_MATURITY(yytext, *driver.loc.back()); }
{ACTION_MSG}:'{FREE_TEXT_QUOTE}' { return p::make_ACTION_MSG(yytext, *driver.loc.back()); }
{ACTION_PHASE} { return p::make_ACTION_PHASE(yytext, *driver.loc.back()); }
{ACTION_REDIRECT}:{FREE_TEXT} { return p::make_ACTION_REDIRECT(yytext, *driver.loc.back()); }
{ACTION_REDIRECT}:{VAR_FREE_TEXT_SPACE_COMMA} { return p::make_ACTION_REDIRECT(yytext, *driver.loc.back()); }
{ACTION_REDIRECT}:'{FREE_TEXT_QUOTE_COMMA}' { return p::make_ACTION_REDIRECT(yytext, *driver.loc.back()); }
{ACTION_REV}:'{FREE_TEXT_QUOTE_COMMA}' { return p::make_ACTION_REV(yytext, *driver.loc.back()); }
{ACTION_REV}:{FREE_TEXT_QUOTE_COMMA} { return p::make_ACTION_REV(yytext, *driver.loc.back()); }
{ACTION_SETENV}:'{VAR_FREE_TEXT_QUOTE}={VAR_FREE_TEXT_QUOTE}' { return p::make_ACTION_SETENV(yytext, *driver.loc.back()); }

4
src/utils/string.cc
View File

@ -109,6 +109,10 @@ std::string removeBracketsIfNeeded(std::string a) {
a.pop_back();
a.erase(0, 1);
}
if (a.length() > 1 && a.at(0) == '\'' && a.at(a.length()-1) == '\'') {
a.pop_back();
a.erase(0, 1);
}
return a;
}