github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Set the correct variable (m_requestBodyType) and add test case

Browse Source
This commit is contained in:
Victor Hora 2018-08-22 22:07:04 -03:00 committed by Felipe Zimmerle
parent f999f54eda
commit aa158ceef3
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
3 changed files with 99 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -150,6 +150,7 @@ TESTS+=test/test-cases/regression/debug_log.json
TESTS+=test/test-cases/regression/action-initcol.json TESTS+=test/test-cases/regression/action-initcol.json
TESTS+=test/test-cases/regression/variable-TIME_WDAY.json TESTS+=test/test-cases/regression/variable-TIME_WDAY.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json TESTS+=test/test-cases/regression/action-ctl_request_body_processor.json
TESTS+=test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json
TESTS+=test/test-cases/regression/variable-REMOTE_ADDR.json TESTS+=test/test-cases/regression/variable-REMOTE_ADDR.json
TESTS+=test/test-cases/regression/action-tag.json TESTS+=test/test-cases/regression/action-tag.json
TESTS+=test/test-cases/regression/variable-TIME_HOUR.json TESTS+=test/test-cases/regression/variable-TIME_HOUR.json

2
src/actions/ctl/request_body_processor_urlencoded.cc
View File

@ -27,7 +27,7 @@ namespace ctl {
bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule, bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule,
Transaction *transaction) { Transaction *transaction) {
transaction->m_requestBodyProcessor = Transaction::WWWFormUrlEncoded; transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded;
transaction->m_variableReqbodyProcessor.set("URLENCODED", transaction->m_variableReqbodyProcessor.set("URLENCODED",
transaction->m_variableOffset); transaction->m_variableOffset);

97
test/test-cases/regression/action-ctl_request_body_processor_urlencoded.json Normal file
View File

@ -0,0 +1,97 @@
[
{
"enabled":1,
"version_min":300000,
"title":"ctl:requestBodyProcessor=URLENCODED",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"330",
"Content-Type":"application/lhebs",
"Expect":"100-continue"
},
"uri":"/a=urlencoded",
"method":"POST",
"body":[
"param1=value1\r"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \\\"value1",
"http_code": 403
},
"rules":[
"SecRuleEngine On",
"SecRequestBodyAccess On",
"SecRule REQUEST_HEADERS:Content-Type \"@contains lhebs\" \"phase:1,id:122,t:none,log,auditlog,pass,ctl:requestBodyProcessor=URLENCODED\"",
"SecRule ARGS_POST \"@contains value1\" \"phase:2,id:123,t:none,deny,log,auditlog\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"ctl:requestBodyProcessor=URLENCODED",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"330",
"Content-Type":"application/x-www-form-urlencoded",
"Expect":"100-continue"
},
"uri":"/a=urlencoded",
"method":"POST",
"body":[
"param1=value1\r"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \\\"value1",
"http_code": 403
},
"rules":[
"SecRuleEngine On",
"SecRequestBodyAccess On",
"SecRule ARGS_POST \"@contains value1\" \"phase:2,id:123,t:none,deny,log,auditlog\""
]
}
]