From aa158ceef3fe88e52679a70cda45adc08667991c Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Wed, 22 Aug 2018 22:07:04 -0300 Subject: [PATCH] Set the correct variable (m_requestBodyType) and add test case --- Makefile.am | 1 + .../ctl/request_body_processor_urlencoded.cc | 2 +- ...ctl_request_body_processor_urlencoded.json | 97 +++++++++++++++++++ 3 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json diff --git a/Makefile.am b/Makefile.am index 774eb958..c1c8c1e8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -150,6 +150,7 @@ TESTS+=test/test-cases/regression/debug_log.json TESTS+=test/test-cases/regression/action-initcol.json TESTS+=test/test-cases/regression/variable-TIME_WDAY.json TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json +TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json TESTS+=test/test-cases/regression/variable-REMOTE_ADDR.json TESTS+=test/test-cases/regression/action-tag.json TESTS+=test/test-cases/regression/variable-TIME_HOUR.json diff --git a/src/actions/ctl/request_body_processor_urlencoded.cc b/src/actions/ctl/request_body_processor_urlencoded.cc index 3b2d784f..ce8886fd 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.cc +++ b/src/actions/ctl/request_body_processor_urlencoded.cc @@ -27,7 +27,7 @@ namespace ctl { bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule, Transaction *transaction) { - transaction->m_requestBodyProcessor = Transaction::WWWFormUrlEncoded; + transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded; transaction->m_variableReqbodyProcessor.set("URLENCODED", transaction->m_variableOffset); diff --git a/test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json b/test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json new file mode 100644 index 00000000..2ad6093e --- /dev/null +++ b/test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json @@ -0,0 +1,97 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"ctl:requestBodyProcessor=URLENCODED", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"330", + "Content-Type":"application/lhebs", + "Expect":"100-continue" + }, + "uri":"/a=urlencoded", + "method":"POST", + "body":[ + "param1=value1\r" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \\\"value1", + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRequestBodyAccess On", + "SecRule REQUEST_HEADERS:Content-Type \"@contains lhebs\" \"phase:1,id:122,t:none,log,auditlog,pass,ctl:requestBodyProcessor=URLENCODED\"", + "SecRule ARGS_POST \"@contains value1\" \"phase:2,id:123,t:none,deny,log,auditlog\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"ctl:requestBodyProcessor=URLENCODED", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"330", + "Content-Type":"application/x-www-form-urlencoded", + "Expect":"100-continue" + }, + "uri":"/a=urlencoded", + "method":"POST", + "body":[ + "param1=value1\r" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \\\"value1", + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRequestBodyAccess On", + "SecRule ARGS_POST \"@contains value1\" \"phase:2,id:123,t:none,deny,log,auditlog\"" + ] + } +]