mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
50e78331b1
- Env::evaluate
- Environment variable names in Windows are case-insensitive, so in
the Windows build we use strcasecmp to ignore case when matching
variables in transaction->m_variableEnvs.
- If the variable is found, we use the expected variable name to
create the VariableValue instance, as further rule processing will
look for the variable using case-sensitive comparisons.
- This code is not limited to Windows to avoid another #ifdef block
because for other platforms, because the env variable names are
case-sensitive the value from either x.first and m_name will be the
same.
- In Windows build, avoid redefining environ, already defined by
including stdlib.h.
78 lines
2.1 KiB
C++
78 lines
2.1 KiB
C++
/*
|
|
* ModSecurity, http://www.modsecurity.org/
|
|
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
*
|
|
* You may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* If any of the files related to licensing are missing or if you have any
|
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
* directly using the email address security@modsecurity.org.
|
|
*
|
|
*/
|
|
|
|
#include "src/variables/env.h"
|
|
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
|
|
#include <iostream>
|
|
#include <string>
|
|
#include <vector>
|
|
#include <list>
|
|
#include <utility>
|
|
#include <map>
|
|
|
|
#ifdef WIN32
|
|
#include "src/compat/msvc.h"
|
|
#endif
|
|
|
|
#include "modsecurity/transaction.h"
|
|
|
|
#ifndef WIN32
|
|
extern char **environ;
|
|
#endif
|
|
|
|
namespace modsecurity {
|
|
namespace variables {
|
|
|
|
void Env::evaluate(Transaction *transaction,
|
|
RuleWithActions *rule,
|
|
std::vector<const VariableValue *> *l) {
|
|
for (char **current = environ; *current; current++) {
|
|
std::string env = std::string(*current);
|
|
size_t pos = env.find_first_of("=");
|
|
if (pos == std::string::npos) {
|
|
continue;
|
|
}
|
|
std::string key = std::string(env, 0, pos);
|
|
std::string value = std::string(env, pos+1, env.length() - (pos + 1));
|
|
std::pair<std::string, std::string> a(key, value);
|
|
transaction->m_variableEnvs.insert(a);
|
|
}
|
|
|
|
const auto hasName = m_name.length() > 0;
|
|
for (auto& x : transaction->m_variableEnvs) {
|
|
#ifndef WIN32
|
|
if (hasName && x.first != m_name) {
|
|
#else
|
|
if (hasName && strcasecmp(x.first.c_str(), m_name.c_str()) != 0) {
|
|
#endif
|
|
continue;
|
|
}
|
|
// (Windows) we need to keep the case from the rule in case that from
|
|
// the environment differs.
|
|
const auto &key = hasName ? m_name : x.first;
|
|
if (!m_keyExclusion.toOmit(key)) {
|
|
l->push_back(new VariableValue(&m_collectionName, &key,
|
|
&x.second));
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
} // namespace variables
|
|
} // namespace modsecurity
|