github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-17 01:51:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Handling key exceptions on the variable itself

Browse Source 
This is the first step towords to solve #1697
This commit is contained in:
Felipe Zimmerle
2018-09-20 09:08:08 -03:00
parent 0d53111cb0
commit ee50fea266
54 changed files with 2337 additions and 2080 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/anchored_set_variable.cc
View File

@@ -23,6 +23,7 @@
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "src/utils/regex.h"
#include "src/variables/variable.h"
namespace modsecurity {
@@ -52,7 +53,8 @@ void AnchoredSetVariable::set(const std::string &key,
const std::string &value, size_t offset, size_t len) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *v = new std::string(value);
VariableValue *var = new VariableValue(std::make_shared<std::string>(m_name + ":" + key), v);
VariableValue *var = new VariableValue(std::make_shared<std::string>(
m_name + ":" + key), v);
delete v;
origin->m_offset = offset;
@@ -67,7 +69,8 @@ void AnchoredSetVariable::set(const std::string &key,
const std::string &value, size_t offset) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *v = new std::string(value);
VariableValue *var = new VariableValue(std::make_shared<std::string>(m_name + ":" + key), v);
VariableValue *var = new VariableValue(std::make_shared<std::string>(
m_name + ":" + key), v);
delete v;
origin->m_offset = offset;
@@ -86,6 +89,20 @@ void AnchoredSetVariable::resolve(
}
void AnchoredSetVariable::resolve(
std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) {
for (const auto& x : *this) {
if (!ke.toOmit(x.first)) {
l->insert(l->begin(), new VariableValue(x.second));
} else {
m_transaction->debug(7, "Excluding key: " + x.first
+ " from target value.");
}
}
}
void AnchoredSetVariable::resolve(const std::string &key,
std::vector<const VariableValue *> *l) {
auto range = this->equal_range(key);
@@ -119,4 +136,22 @@ void AnchoredSetVariable::resolveRegularExpression(Utils::Regex *r,
}
void AnchoredSetVariable::resolveRegularExpression(Utils::Regex *r,
std::vector<const VariableValue *> *l,
Variables::KeyExclusions &ke) {
for (const auto& x : *this) {
int ret = Utils::regex_search(x.first, *r);
if (ret <= 0) {
continue;
}
if (!ke.toOmit(x.first)) {
l->insert(l->begin(), new VariableValue(x.second));
} else {
m_transaction->debug(7, "Excluding key: " + x.first
+ " from target value.");
}
}
}
} // namespace modsecurity