diff --git a/headers/modsecurity/assay.h b/headers/modsecurity/assay.h index 93b4a350..902e55a0 100644 --- a/headers/modsecurity/assay.h +++ b/headers/modsecurity/assay.h @@ -174,6 +174,7 @@ class Assay { const char *m_httpVersion; std::string *m_namesArgs; + std::string *m_namesArgsPost; std::string m_namesResponse; std::string m_namesRequest; double m_ARGScombinedSize; diff --git a/src/assay.cc b/src/assay.cc index 8e7cf957..35822b7a 100644 --- a/src/assay.cc +++ b/src/assay.cc @@ -93,6 +93,7 @@ Assay::Assay(ModSecurity *ms, Rules *rules) m_ARGScombinedSize(0), m_ARGScombinedSizeStr(NULL), m_namesArgs(NULL), + m_namesArgsPost(NULL), m_ms(ms) { id = std::to_string(this->timeStamp) + \ std::to_string(generate_assay_unique_id()); @@ -102,6 +103,8 @@ Assay::Assay(ModSecurity *ms, Rules *rules) this->m_ARGScombinedSizeStr = resolve_variable_first("ARGS_COMBINED_SIZE"); store_variable("ARGS_NAMES", std::string("")); this->m_namesArgs = resolve_variable_first("ARGS_NAMES"); + store_variable("ARGS_POST_NAMES", std::string("")); + this->m_namesArgsPost = resolve_variable_first("ARGS_POST_NAMES"); this->debug(4, "Initialising transaction"); } @@ -408,6 +411,11 @@ int Assay::processRequestBody() { } else { m_namesArgs->assign(*m_namesArgs + " " + key_value[0]); } + if (m_namesArgsPost->empty()) { + m_namesArgsPost->assign(key_value[0]); + } else { + m_namesArgsPost->assign(*m_namesArgsPost + " " + key_value[0]); + } this->m_ARGScombinedSize = this->m_ARGScombinedSize + \ key_value[0].length() + key_value[1].length(); diff --git a/test/test-cases/regression/variable-ARGS_POST_NAMES.json b/test/test-cases/regression/variable-ARGS_POST_NAMES.json new file mode 100644 index 00000000..41526b06 --- /dev/null +++ b/test/test-cases/regression/variable-ARGS_POST_NAMES.json @@ -0,0 +1,95 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: ARGS_POST_NAMES (1/2)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "protocol":"POST", + "body": [ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"param1 param2\"" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule ARGS_POST_NAMES \"@contains test \" \"phase:3,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: ARGS_POST_NAMES (2/2)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length": "27", + "Content-Type": "application/x-www-form-urlencoded" + }, + "uri":"/", + "protocol":"POST", + "body": [ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"param1 param2\"" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule ARGS_POST_NAMES \"@contains test \" \"phase:3,pass,t:trim\"" + ] + } +] +