github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 19:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

support macro expansion in @rx

Browse Source 
try to use macro expansion on @rx argument before matching.
If after expansion argument changed, make new Regex from
the macro-expanded argument and use that for matching.
Fixes #1528
This commit is contained in:
asterite
2017-08-17 21:03:39 +03:00
committed by Felipe Zimmerle
parent 210e72aa21
commit a76030256e
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/operators/rx.cc
View File

@@ -33,12 +33,19 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) { const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
SMatch match; SMatch match;
std::list<SMatch> matches; std::list<SMatch> matches;
Regex * re = m_re;
if (m_param.empty()) { if (m_param.empty()) {
return true; return true;
} }
matches = m_re->searchAll(input); std::string eparam = MacroExpansion::expand(m_param, transaction);
if (eparam != m_param) {
re = new Regex(eparam);
}
matches = re->searchAll(input);
if (rule && rule->getActionsByName("capture").size() > 0 && transaction) { if (rule && rule->getActionsByName("capture").size() > 0 && transaction) {
int i = 0; int i = 0;
matches.reverse(); matches.reverse();
@@ -58,6 +65,10 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
logOffset(ruleMessage, i.m_offset, i.m_length); logOffset(ruleMessage, i.m_offset, i.m_length);
} }
if (re != m_re) {
delete re;
}
if (matches.size() > 0) { if (matches.size() > 0) {
return true; return true;
} }