github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix @pm lookup for possible matches on offset zero

Browse Source
This commit is contained in:
Felipe Zimmerle 2019-10-02 08:05:14 -07:00
parent d5b93c1013
commit beedddd6c6
4 changed files with 156 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.4 - YYYY-MMM-DD (to be released) v3.0.4 - YYYY-MMM-DD (to be released)
------------------------------------- -------------------------------------
- Fix @pm lookup for possible matches on offset zero.
[@zimmerle, @afoxdavidi, @martinhsv, @marshal09]
- Regex lookup on the key name instead of COLLECTION:key - Regex lookup on the key name instead of COLLECTION:key
[@rdiperri-yottaa, @danbiagini-work, @mmelo-yottaa, @zimmerle] [@rdiperri-yottaa, @danbiagini-work, @mmelo-yottaa, @zimmerle]
- Missing throw in Operator::instantiate - Missing throw in Operator::instantiate

6
src/operators/pm.cc
View File

@ -84,7 +84,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
bool Pm::evaluate(Transaction *transaction, Rule *rule, bool Pm::evaluate(Transaction *transaction, Rule *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) { const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
int rc = 0; int rc = -1;
ACMPT pt; ACMPT pt;
pt.parser = m_p; pt.parser = m_p;
pt.ptr = NULL; pt.ptr = NULL;
@ -97,7 +97,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
pthread_mutex_unlock(&m_lock); pthread_mutex_unlock(&m_lock);
#endif #endif
if (rc > 0 && transaction) { if (rc >= 0 && transaction) {
std::string match_(match); std::string match_(match);
logOffset(ruleMessage, rc - match_.size() + 1, match_.size()); logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
transaction->m_matched.push_back(match_); transaction->m_matched.push_back(match_);
@ -110,7 +110,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
std::string(match)); std::string(match));
} }
return rc > 0; return rc >= 0;
} }

2
src/utils/acmp.cc
View File

@ -585,7 +585,7 @@ int acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, size_
offset++; offset++;
} }
acmpt->ptr = node; acmpt->ptr = node;
return 0; return -1;
} }
} }

150
test/test-cases/regression/operator-pm.json Normal file
View File

@ -0,0 +1,150 @@
[
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "pm operator test 1/4",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com"
},
"uri": "\/test.pl?param1=something`somenthing",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
}
},
"expected": {
"debug_log": "Rule returned 1",
"http_code": 500
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "pm operater test 2/4",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com"
},
"uri": "\/test.pl?param1=`somenthing",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
}
},
"expected": {
"debug_log": "",
"http_code": 500
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "pm operater test 3/4",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com"
},
"uri": "\/test.pl?param1=a",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
}
},
"expected": {
"debug_log": "Rule returned 1",
"http_code": 500
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "pm operater test 4/4",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com"
},
"uri": "\/test.pl?param1=a`b",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
}
},
"expected": {
"debug_log": "Rule returned 1",
"http_code": 500
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
]
}
]