github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Support for correct implimentation of REQUEST_URI

Browse Source
This commit is contained in:
Chaim Sanders 2015-11-23 00:55:08 -05:00 committed by Felipe Zimmerle
parent dd35b47764
commit b3ab9a4084
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/assay.cc
View File

@ -285,7 +285,32 @@ int Assay::processURI(const char *uri, const char *protocol,
m_collections.store("REQUEST_METHOD", protocol);
m_collections.store("REQUEST_PROTOCOL",
"HTTP/" + std::string(http_version));
m_collections.store("REQUEST_URI", uri);
std::string parsedURI = uri;
// The more popular case is without domain
if (m_uri_decoded.at(1) != '/'){
bool fullDomain = true;
size_t scheme = m_uri_decoded.find(":")+1;
if(scheme==std::string::npos){
fullDomain = false;
}
// Searching with a pos of -1 is undefined we also shortcut
if(scheme != std::string::npos and fullDomain == true){
// Assuming we found a colon make sure its followed
size_t netloc = m_uri_decoded.find("//",scheme)+2;
if(netloc==std::string::npos or (netloc != scheme+2)){
fullDomain = false;
}
if(netloc != std::string::npos and fullDomain == true){
size_t path = m_uri_decoded.find("/",netloc);
if(path != std::string::npos and fullDomain == true){
parsedURI = m_uri_decoded.substr(path);
}
}
}
}
m_collections.store("REQUEST_URI", parsedURI);
m_collections.store("REQUEST_URI_RAW", uri);
if (pos != std::string::npos && (m_uri_decoded.length() - pos) > 2) {