github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #106 from client9/remotes/trunk

Browse Source 
libinjection 2.0.0
This commit is contained in:
Breno Silva
2013-05-27 06:08:03 -07:00
parent 0e269f1b3b 3a3fda25f7
commit f003243d9c
7 changed files with 2510 additions and 1100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apache2/re_operators.c
View File

@@ -27,8 +27,7 @@
#include <arpa/inet.h>
#endif
#include "libinjection/sqlparse.h"
#include "libinjection/sqli_fingerprints.h"
#include "libinjection/libinjection.h"
/**
*
@@ -2133,15 +2132,13 @@ static int msre_op_contains_execute(modsec_rec *msr, msre_rule *rule, msre_var *
}
/** libinjection detectSQLi
* links against files in libinjection directory
* links against files in libinjection directory
* See www.client9.com/libinjection for details
* `is_sqli_pattern` right now is a hardwired set of sqli fingerprints.
* In future, change to read from file.
*/
*/
static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
char **error_msg) {
sfilter sf;
int issqli = is_sqli(&sf, var->value, var->value_len, is_sqli_pattern);
int issqli = libinjection_is_sqli(&sf, var->value, var->value_len, NULL, NULL);
int capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
if (error_msg == NULL) return -1;