From d7e4fe34ce44d2307c2d28c782400564aca2b868 Mon Sep 17 00:00:00 2001 From: potatso Date: Tue, 11 Jul 2023 18:09:22 +0800 Subject: [PATCH] =?UTF-8?q?fixed:=20coraza=20=E5=BF=85=E9=A1=BB=E8=B0=83?= =?UTF-8?q?=E7=94=A8processbody=EF=BC=8C=E5=90=A6=E5=88=99=E5=8D=B3?= =?UTF-8?q?=E4=BD=BF=E5=91=8A=E8=AD=A6=E4=B9=9F=E4=BC=9A=E6=97=A0=E6=B3=95?= =?UTF-8?q?=E9=98=BB=E6=96=AD=E3=80=82=E8=80=8C=E4=B8=94=E8=AF=A5=E5=A4=84?= =?UTF-8?q?=E4=BB=A3=E7=A0=81=E6=9C=89=E9=97=AE=E9=A2=98=EF=BC=8C=E8=AF=A6?= =?UTF-8?q?=E8=A7=81todo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/resty/coraza/request.lua | 13 ++++--------- t/integration_with_coreruleset.t | 7 +++++++ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/resty/coraza/request.lua b/lib/resty/coraza/request.lua index 9ea1452..bb91075 100644 --- a/lib/resty/coraza/request.lua +++ b/lib/resty/coraza/request.lua @@ -25,15 +25,10 @@ end function _M.build_and_process_body(transaction) local req_body = ngx_req.get_body_data() - if not req_body then - -- TODO: fix code - local path = ngx_req.get_body_file() - if not path then - -- end process - return - end - coraza.request_body_from_file(path) - else + if req_body then + -- TODO: fix code to process multipart/formdata + -- local path = ngx_req.get_body_file() + -- coraza.request_body_from_file(path) local req_body_size = #req_body -- TODO req_body_size > req_body_size_opt coraza.append_request_body(transaction, req_body) diff --git a/t/integration_with_coreruleset.t b/t/integration_with_coreruleset.t index bb9be13..9a2bd08 100644 --- a/t/integration_with_coreruleset.t +++ b/t/integration_with_coreruleset.t @@ -63,3 +63,10 @@ aaaaaaaaa=aaaaaa POST /t/shell.php?injection=/etc/passwd aaaaaaaaa=aaaaaa --- error_code: 403 + +=== TEST 3: integration test blocked with no post data +--- http_config eval: $::HttpConfig +--- config eval: $::LocationConfig +--- request +GET /t/shell.php?injection=/etc/passwd +--- error_code: 403