From beedddd6c66df0e08c1408547345b2ed5b26c1bb Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 2 Oct 2019 08:05:14 -0700 Subject: [PATCH] Fix @pm lookup for possible matches on offset zero --- CHANGES | 2 + src/operators/pm.cc | 6 +- src/utils/acmp.cc | 2 +- test/test-cases/regression/operator-pm.json | 150 ++++++++++++++++++++ 4 files changed, 156 insertions(+), 4 deletions(-) create mode 100644 test/test-cases/regression/operator-pm.json diff --git a/CHANGES b/CHANGES index fb544377..ac817cfb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ v3.0.4 - YYYY-MMM-DD (to be released) ------------------------------------- + - Fix @pm lookup for possible matches on offset zero. + [@zimmerle, @afoxdavidi, @martinhsv, @marshal09] - Regex lookup on the key name instead of COLLECTION:key [@rdiperri-yottaa, @danbiagini-work, @mmelo-yottaa, @zimmerle] - Missing throw in Operator::instantiate diff --git a/src/operators/pm.cc b/src/operators/pm.cc index e08bc649..fabf684c 100644 --- a/src/operators/pm.cc +++ b/src/operators/pm.cc @@ -84,7 +84,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) { bool Pm::evaluate(Transaction *transaction, Rule *rule, const std::string &input, std::shared_ptr ruleMessage) { - int rc = 0; + int rc = -1; ACMPT pt; pt.parser = m_p; pt.ptr = NULL; @@ -97,7 +97,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule, pthread_mutex_unlock(&m_lock); #endif - if (rc > 0 && transaction) { + if (rc >= 0 && transaction) { std::string match_(match); logOffset(ruleMessage, rc - match_.size() + 1, match_.size()); transaction->m_matched.push_back(match_); @@ -110,7 +110,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule, std::string(match)); } - return rc > 0; + return rc >= 0; } diff --git a/src/utils/acmp.cc b/src/utils/acmp.cc index 8241faaf..1a68f666 100644 --- a/src/utils/acmp.cc +++ b/src/utils/acmp.cc @@ -585,7 +585,7 @@ int acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, size_ offset++; } acmpt->ptr = node; - return 0; + return -1; } } diff --git a/test/test-cases/regression/operator-pm.json b/test/test-cases/regression/operator-pm.json new file mode 100644 index 00000000..4f94d6ea --- /dev/null +++ b/test/test-cases/regression/operator-pm.json @@ -0,0 +1,150 @@ +[ + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "pm operator test 1/4", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "net.tutsplus.com" + }, + "uri": "\/test.pl?param1=something`somenthing", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "text\/xml; charset=utf-8\n\r", + "Content-Length": "length\n\r" + } + }, + "expected": { + "debug_log": "Rule returned 1", + "http_code": 500 + }, + "rules": [ + "SecRuleEngine On", + "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "pm operater test 2/4", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "net.tutsplus.com" + }, + "uri": "\/test.pl?param1=`somenthing", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "text\/xml; charset=utf-8\n\r", + "Content-Length": "length\n\r" + } + }, + "expected": { + "debug_log": "", + "http_code": 500 + }, + "rules": [ + "SecRuleEngine On", + "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "pm operater test 3/4", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "net.tutsplus.com" + }, + "uri": "\/test.pl?param1=a", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "text\/xml; charset=utf-8\n\r", + "Content-Length": "length\n\r" + } + }, + "expected": { + "debug_log": "Rule returned 1", + "http_code": 500 + }, + "rules": [ + "SecRuleEngine On", + "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "pm operater test 4/4", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "net.tutsplus.com" + }, + "uri": "\/test.pl?param1=a`b", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "text\/xml; charset=utf-8\n\r", + "Content-Length": "length\n\r" + } + }, + "expected": { + "debug_log": "Rule returned 1", + "http_code": 500 + }, + "rules": [ + "SecRuleEngine On", + "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\"" + ] + } +]