github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 01:06:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds extractArguments facilitator method

Browse Source 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
This commit is contained in:
Felipe Zimmerle 2016-06-17 15:15:44 -03:00
parent 5c088c8be4
commit dbaf79fb8e
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 31 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
headers/modsecurity/transaction.h
View File

@ -146,6 +146,7 @@ class Transaction {
bool addArgument(const std::string& orig, const std::string& key, bool addArgument(const std::string& orig, const std::string& key,
const std::string& value); const std::string& value);
bool extractArguments(const std::string &orig, const std::string& buf);
const char *getResponseBody(); const char *getResponseBody();
int getResponseBodyLenth(); int getResponseBodyLenth();

102
src/transaction.cc
View File

@ -231,6 +231,34 @@ int Transaction::processConnection(const char *client, int cPort,
} }
bool Transaction::extractArguments(const std::string &orig,
const std::string& buf) {
char sep1 = '&';
std::vector<std::string> key_value_sets = split(buf, sep1);
for (std::string t : key_value_sets) {
char sep2 = '=';
int i = 0;
std::string key;
std::string value;
std::vector<std::string> key_value = split(t, sep2);
for (auto& a : key_value) {
if (i == 0) {
key = a;
} else if (i == 1) {
value = a;
} else {
value = value + "=" + a;
}
i++;
}
addArgument(orig, key, value);
}
}
bool Transaction::addArgument(const std::string& orig, const std::string& key, bool Transaction::addArgument(const std::string& orig, const std::string& key,
const std::string& value) { const std::string& value) {
debug(4, "Adding request argument (" + orig + "): name \"" + \ debug(4, "Adding request argument (" + orig + "): name \"" + \
@ -370,37 +398,9 @@ int Transaction::processURI(const char *uri, const char *method,
* the secrules said about it. * the secrules said about it.
* *
*/ */
char sep1 = '&';
std::string sets(m_uri_decoded, pos + 1, m_uri_decoded.length() - std::string sets(m_uri_decoded, pos + 1, m_uri_decoded.length() -
(pos + 1)); (pos + 1));
std::vector<std::string> key_value_sets = split(sets, sep1); extractArguments("GET", sets);
for (std::string t : key_value_sets) {
/**
* FIXME:
*
* Mimic modsecurity when there are multiple keys with the same name.
*
*/
char sep2 = '=';
std::vector<std::string> key_value = split(t, sep2);
if (key_value.size() <= 1) {
/** TODO: Verify what ModSecurity 2.9.0 does when there is a
* key without an argument
*/
continue;
}
std::string key = key_value[0];
std::string value = key_value[1];
int i = key_value.size() - 1;
while (i > 2) {
value = value + sep2 + key_value[i];
i--;
}
addArgument("GET", key, value);
}
} }
return true; return true;
} }
@ -652,49 +652,7 @@ int Transaction::processRequestBody() {
if (content.empty() == false) { if (content.empty() == false) {
content.pop_back(); content.pop_back();
} }
extractArguments("POST", content);
/**
* FIXME:
*
* This is configurable by secrules, we should respect whatever
* the secrules said about it.
*
*/
char sep1 = '&';
std::vector<std::string> key_value = split(content.c_str(), sep1);
for (std::string t : key_value) {
/**
* FIXME:
*
* Mimic modsecurity when there are multiple keys with the same name.
*
*/
char sep2 = '=';
std::vector<std::string> key_value2 = split(t, sep2);
if (key_value2.size() == 0) {
continue;
}
std::string key = key_value2[0];
std::string value = std::string("");
if (key_value2.size() == 2) {
value = key_value2[1];
} else if (key_value2.size() > 2) {
int i = 2;
value = key_value2[1];
while (i < key_value2.size()) {
value = value + std::string("=") + key_value2[i];
i++;
}
}
addArgument("POST", key, value);
}
} else { } else {
std::string *a = m_collections.resolveFirst( std::string *a = m_collections.resolveFirst(
"REQUEST_HEADERS:Content-Type"); "REQUEST_HEADERS:Content-Type");