From a102b5ce2c05f1735b3e898b5a5f1dbb9728fed9 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 15 Jan 2016 10:35:24 -0300 Subject: [PATCH] Improves the method fill the ARGS collection --- src/transaction.cc | 35 ++++- test/test-cases/regression/variable-ARGS.json | 146 +++++++++++++++++- 2 files changed, 169 insertions(+), 12 deletions(-) diff --git a/src/transaction.cc b/src/transaction.cc index 5ec11541..a4bcd231 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -683,23 +683,42 @@ int Transaction::processRequestBody() { */ char sep2 = '='; - std::vector key_value = split(t, sep2); - m_collections.store("ARGS:" + key_value[0], key_value[1]); - m_collections.store("ARGS_POST:" + key_value[0], key_value[1]); + std::vector key_value2 = split(t, sep2); + + if (key_value2.size() == 0) { + continue; + } + + std::string key = key_value2[0]; + std::string value = std::string(""); + + if (key_value2.size() == 2) { + value = key_value2[1]; + } else if (key_value2.size() > 2) { + int i = 2; + value = key_value2[1]; + while (i < key_value2.size()) { + value = value + std::string("=") + key_value2[i]; + i++; + } + } + + m_collections.store("ARGS:" + key, value); + m_collections.store("ARGS_POST:" + key, value); if (m_namesArgs->empty()) { - m_namesArgs->assign(key_value[0]); + m_namesArgs->assign(key); } else { - m_namesArgs->assign(*m_namesArgs + " " + key_value[0]); + m_namesArgs->assign(*m_namesArgs + " " + key); } if (m_namesArgsPost->empty()) { - m_namesArgsPost->assign(key_value[0]); + m_namesArgsPost->assign(key); } else { - m_namesArgsPost->assign(*m_namesArgsPost + " " + key_value[0]); + m_namesArgsPost->assign(*m_namesArgsPost + " " + key); } this->m_ARGScombinedSize = this->m_ARGScombinedSize + \ - key_value[0].length() + key_value[1].length(); + key.length() + value.length(); this->m_ARGScombinedSizeStr->assign( std::to_string(this->m_ARGScombinedSize)); } diff --git a/test/test-cases/regression/variable-ARGS.json b/test/test-cases/regression/variable-ARGS.json index 4facdba9..e20f7ad2 100644 --- a/test/test-cases/regression/variable-ARGS.json +++ b/test/test-cases/regression/variable-ARGS.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: ARGS - GET (1/4)", + "title":"Testing Variables :: ARGS - GET (1/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -43,7 +43,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: ARGS - GET (2/4)", + "title":"Testing Variables :: ARGS - GET (2/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -84,7 +84,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: ARGS - POST (3/4)", + "title":"Testing Variables :: ARGS - POST (3/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -130,7 +130,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: ARGS - POST (4/4)", + "title":"Testing Variables :: ARGS - POST (4/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -172,6 +172,144 @@ "SecDebugLogLevel 9", "SecRule ARGS \"@contains test \" \"id:1,phase:3,pass,t:trim\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: ARGS - POST (5/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "method":"POST", + "body": [ + "param1=value1=morevalue1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"value1=morevalue1\"" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule ARGS \"@contains test \" \"id:1,phase:3,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: ARGS - POST (6/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "method":"POST", + "body": [ + "param1=value1=morevalue1¶m2=value2¶m3=" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"\" \\(Variable: ARGS:param3\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule ARGS:param3 \"@contains test \" \"id:1,phase:3,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: ARGS - POST (7/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "method":"POST", + "body": [ + "param1=value1=morevalue1¶m2=value2&&&&&" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"value2\" \\(Variable: ARGS:param2\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule ARGS:param2 \"@contains test \" \"id:1,phase:3,pass,t:trim\"" + ] } ]