Adds support to MULTIPART_CRLF_LF_LINES variable

2025-09-29 19:24:29 +03:00 · 2015-07-21 15:28:44 -03:00
parent 21f4c49a0f
commit abec93263b
5 changed files with 156 additions and 2 deletions
--- a/src/assay.cc
+++ b/src/assay.cc
@@ -431,6 +431,12 @@ int Assay::processRequestBody() {
            for (auto &a : m.variables) {
                store_variable(a.first, a.second);
            }
+
+            if (m.crlf && m.lf) {
+                store_variable("MULTIPART_CRLF_LF_LINES", "1");
+            } else {
+                store_variable("MULTIPART_CRLF_LF_LINES", "0");
+            }
        }
    }

--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -59,7 +59,7 @@ OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida

 TRANSFORMATION  t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)

-VARIABLE          (?i:MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
+VARIABLE          (?i:MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
 RUN_TIME_VAR_DUR  (?i:DURATION)
 RUN_TIME_VAR_ENV  (?i:ENV)
 RUN_TIME_VAR_BLD  (?i:MODSEC_BUILD)
--- a/src/request_body_processor/multipart.cc
+++ b/src/request_body_processor/multipart.cc
@@ -25,7 +25,9 @@ namespace ModSecurity {
 namespace RequestBodyProcessor {

 Multipart::Multipart(std:: string header)
-    : m_boundaryStartsWithWhiteSpace(false),
+    : crlf(false),
+    lf(true),
+    m_boundaryStartsWithWhiteSpace(false),
    m_boundaryIsQuoted(false),
    m_header(header) {
 }
@@ -184,6 +186,21 @@ bool Multipart::boundaryContainsOnlyValidCharacters() {
    return true;
 }

+void Multipart::checkForCrlfLf(const std::string &data) {
+    size_t start = 0;
+    size_t pos = 0;
+
+    pos = data.find("\n", start);
+    while (pos != std::string::npos) {
+        if (pos > 1 && data.at(pos-1) == '\r') {
+            this->crlf = true;
+        } else {
+            this->lf = true;
+        }
+        pos = data.find("\n", pos + 1);
+    }
+}
+
 bool Multipart::process(std::string data) {
    std::list<std::string> blobs;
    size_t start = data.find(m_boundary);
@@ -201,6 +218,9 @@ bool Multipart::process(std::string data) {
        }
        std::string block = std::string(data, start + m_boundary.length() +
            + endl, end - (start + m_boundary.length() + endl) - endl);
+
+        checkForCrlfLf(block);
+
        blobs.push_back(block);
        start = end;
    }
--- a/src/request_body_processor/multipart.h
+++ b/src/request_body_processor/multipart.h
@@ -33,8 +33,11 @@ class Multipart {
    bool boundaryContainsOnlyValidCharacters();
    bool conuntBoundaryParameters();
    bool process(std::string data);
+    void checkForCrlfLf(const std::string &blob);

    ModSecurityStringVariables variables;
+    bool crlf;
+    bool lf;
 private:
    void debug(int a, std::string str) {
        std::cout << "Debug: " << str << std::endl;