github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow empty strings to be evaluated by regex::searchAll

Browse Source
This commit is contained in:
Victor Hora 2018-06-18 22:01:07 -03:00 committed by Felipe Zimmerle
parent 7def498c4c
commit fd8e72fd97
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
3 changed files with 55 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -87,6 +87,7 @@ LOG_COMPILER=test/test-suite.sh
# for i in `find test/test-cases -iname *.json`; do echo TESTS+=$i; done # for i in `find test/test-cases -iname *.json`; do echo TESTS+=$i; done
TESTS= TESTS=
TESTS+=test/test-cases/regression/issue-1591.json TESTS+=test/test-cases/regression/issue-1591.json
TESTS+=test/test-cases/regression/issue-1785.json
TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json
TESTS+=test/test-cases/regression/config-include.json TESTS+=test/test-cases/regression/config-include.json
TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json

10
src/utils/regex.cc
View File

@ -91,16 +91,16 @@ std::list<SMatch> Regex::searchAll(const std::string& s) {
rc = 0; rc = 0;
break; break;
} }
if (len == 0) {
rc = 0;
break;
}
match.match = std::string(tmpString, start, len); match.match = std::string(tmpString, start, len);
match.m_offset = start; match.m_offset = start;
match.m_length = len; match.m_length = len;
offset = start + len; offset = start + len;
retList.push_front(match); retList.push_front(match);
if (len == 0) {
rc = 0;
break;
}
} }
} while (rc > 0); } while (rc > 0);

49
test/test-cases/regression/issue-1785.json Normal file
View File

@ -0,0 +1,49 @@
[
{
"enabled": 1,
"version_min": 209000,
"version_max": -1,
"title": "Should libmodsec pass action clear m_actions?",
"url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1152",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?foo=bar",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
}
},
"expected": {
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:User-Agent \"^$\" \"id:'900017',phase:1,t:none,deny,nolog,msg:'foo = bar'\""
]
}
]