mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 03:34:29 +03:00
Fix SecUnicodeMapFile support
Makes SecUnicodeMapFile read the file and adjust transformation to use the right variable.
This commit is contained in:
Victor Hora
committed by
Felipe Zimmerle
Felipe Zimmerle
parent
84ece3edcb
commit
e3b9f7c913
@@ -62,6 +62,7 @@ class Driver;
|
||||
#include "src/actions/tag.h"
|
||||
#include "src/actions/transformations/none.h"
|
||||
#include "src/actions/transformations/transformation.h"
|
||||
#include "src/actions/transformations/url_decode_uni.h"
|
||||
#include "src/actions/ver.h"
|
||||
#include "src/actions/xmlns.h"
|
||||
|
||||
@@ -345,8 +346,6 @@ using modsecurity::operators::Operator;
|
||||
std::unique_ptr<Variable> c(b); \
|
||||
a = std::move(c);
|
||||
|
||||
#define CODEPAGE_SEPARATORS " \t\n\r"
|
||||
|
||||
}
|
||||
// The parsing context.
|
||||
%param { modsecurity::Parser::Driver& driver }
|
||||
@@ -1709,61 +1708,44 @@ expression:
|
||||
driver.error(@0, "SecStatusEngine is not yet supported.");
|
||||
YYERROR;
|
||||
*/
|
||||
| CONFIG_DIR_UNICODE_CODE_PAGE
|
||||
{
|
||||
long val;
|
||||
|
||||
val = atol($1.c_str());
|
||||
if (val <= 0) {
|
||||
std::stringstream ss;
|
||||
ss << "Invalid setting for SecUnicodeCodePage: " << $1 << " ";
|
||||
driver.error(@0, ss.str());
|
||||
YYERROR;
|
||||
}
|
||||
|
||||
driver.m_unicodeMapTable.m_unicode_codepage = val;
|
||||
|
||||
}
|
||||
| CONFIG_DIR_UNICODE_MAP_FILE
|
||||
{
|
||||
std::string error;
|
||||
std::vector<std::string> param;
|
||||
double num = 0;
|
||||
std::string f;
|
||||
std::string file;
|
||||
std::string err;
|
||||
char *buf = NULL, *p = NULL, *savedptr = NULL;
|
||||
int found = 0;
|
||||
int code = 0;
|
||||
unsigned int codepage = 0;
|
||||
int Map = 0;
|
||||
char *ucode = NULL, *hmap = NULL;
|
||||
int processing = 0;
|
||||
|
||||
std::vector<std::string> param = utils::string::ssplit($1, ' ');
|
||||
param = utils::string::ssplit($1, ' ');
|
||||
if (param.size() <= 1) {
|
||||
std::stringstream ss;
|
||||
ss << "Failed to process unicode map, missing parameter: " << $1 << " ";
|
||||
ss << err;
|
||||
ss << "Failed to process unicode map, missing ";
|
||||
ss << "parameter: " << $1 << " ";
|
||||
driver.error(@0, ss.str());
|
||||
YYERROR;
|
||||
}
|
||||
|
||||
int num = 0;
|
||||
try {
|
||||
num = std::stod(param.back());
|
||||
} catch (...) {
|
||||
std::stringstream ss;
|
||||
ss << "Failed to process unicode map, last parameter is expected to be a number: " << param.back() << " ";
|
||||
ss << err;
|
||||
ss << "Failed to process unicode map, last parameter is ";
|
||||
ss << "expected to be a number: " << param.back() << " ";
|
||||
driver.error(@0, ss.str());
|
||||
YYERROR;
|
||||
}
|
||||
param.pop_back();
|
||||
|
||||
std::string f;
|
||||
while (param.size() > 0) {
|
||||
f = param.back() + " " + f;
|
||||
if (f.empty()) {
|
||||
f = param.back();
|
||||
} else {
|
||||
f = param.back() + " " + f;
|
||||
}
|
||||
param.pop_back();
|
||||
}
|
||||
|
||||
std::string file = modsecurity::utils::find_resource(f,
|
||||
driver.ref.back(), &err);
|
||||
file = modsecurity::utils::find_resource(f, driver.ref.back(), &err);
|
||||
if (file.empty()) {
|
||||
std::stringstream ss;
|
||||
ss << "Failed to locate the unicode map file from: " << f << " ";
|
||||
@@ -1772,66 +1754,13 @@ expression:
|
||||
YYERROR;
|
||||
}
|
||||
|
||||
driver.m_unicodeMapTable.m_set = true;
|
||||
driver.m_unicodeMapTable.m_unicode_map_table = static_cast<int *>(malloc(sizeof(int) * 65536));
|
||||
ConfigUnicodeMap::loadConfig(file, num, &driver, &error);
|
||||
|
||||
// FIXME: that deservers to have its own file. Too much code to be here.
|
||||
|
||||
if (driver.m_unicodeMapTable.m_unicode_map_table == NULL) {
|
||||
std::stringstream ss;
|
||||
ss << "Failed to allocate memory for the unicode map file - " << $1 << " ";
|
||||
ss << err;
|
||||
driver.error(@0, ss.str());
|
||||
if (!error.empty()) {
|
||||
driver.error(@0, error);
|
||||
YYERROR;
|
||||
}
|
||||
|
||||
memset(driver.m_unicodeMapTable.m_unicode_map_table, -1, (sizeof(int)*65536));
|
||||
|
||||
/* Setting some unicode values - http://tools.ietf.org/html/rfc3490#section-3.1 */
|
||||
|
||||
/* Set 0x3002 -> 0x2e */
|
||||
driver.m_unicodeMapTable.m_unicode_map_table[0x3002] = 0x2e;
|
||||
/* Set 0xFF61 -> 0x2e */
|
||||
driver.m_unicodeMapTable.m_unicode_map_table[0xff61] = 0x2e;
|
||||
/* Set 0xFF0E -> 0x2e */
|
||||
driver.m_unicodeMapTable.m_unicode_map_table[0xff0e] = 0x2e;
|
||||
/* Set 0x002E -> 0x2e */
|
||||
driver.m_unicodeMapTable.m_unicode_map_table[0x002e] = 0x2e;
|
||||
|
||||
p = strtok_r(buf, CODEPAGE_SEPARATORS, &savedptr);
|
||||
|
||||
while (p != NULL) {
|
||||
codepage = atol(p);
|
||||
|
||||
if (codepage == driver.m_unicodeMapTable.m_unicode_codepage) {
|
||||
found = 1;
|
||||
}
|
||||
|
||||
if (found == 1 && (strchr(p,':') != NULL)) {
|
||||
char *mapping = strdup(p);
|
||||
processing = 1;
|
||||
|
||||
if (mapping != NULL) {
|
||||
ucode = strtok_r(mapping, ":", &hmap);
|
||||
sscanf(ucode, "%x", &code);
|
||||
sscanf(hmap, "%x", &Map);
|
||||
if (code >= 0 && code <= 65535) {
|
||||
driver.m_unicodeMapTable.m_unicode_map_table[code] = Map;
|
||||
}
|
||||
|
||||
free(mapping);
|
||||
mapping = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (processing == 1 && (strchr(p,':') == NULL)) {
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
break;
|
||||
}
|
||||
|
||||
p = strtok_r(NULL,CODEPAGE_SEPARATORS,&savedptr);
|
||||
}
|
||||
}
|
||||
| CONFIG_SEC_COLLECTION_TIMEOUT
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user