Nov_12_2023-Dev

2025-10-01 03:57:44 +03:00 · 2023-11-12 18:50:17 +00:00
parent 0869b8f24d
commit 3061342b45
114 changed files with 3627 additions and 1305 deletions
--- a/components/security_apps/waap/waap_clib/WaapScanner.cc
+++ b/components/security_apps/waap/waap_clib/WaapScanner.cc
@@ -17,8 +17,13 @@
 #include <string>
 #include "debug.h"
 #include "reputation_features_events.h"
+#include <boost/algorithm/string.hpp>

 USE_DEBUG_FLAG(D_WAAP_SCANNER);
+USE_DEBUG_FLAG(D_OA_SCHEMA_UPDATER);
+
+// id generated by xml parser for an entity attribute
+const std::string Waap::Scanner::xmlEntityAttributeId = "08a80340-06d3-11ea-9f87-0242ac11000f";

 double Waap::Scanner::getScoreData(Waf2ScanResult& res, const std::string &poolName)
 {
@@ -117,7 +122,7 @@ double Waap::Scanner::getScoreData(Waf2ScanResult& res, const std::string &poolN
 // Ignore scan results from specific fields on csp-report json in case those are not filtered by learning
 bool Waap::Scanner::isKeyCspReport(const std::string &key, Waf2ScanResult &res, DeepParser &dp)
 {
-    if (res.score < 8.0f && res.location == "body" && dp.getLastParser() == "jsonParser") {
+    if (res.score < 8.0f && res.location == "body" && dp.getActualParser(0) == "jsonParser") {
        if (key == "csp-report.blocked-uri" || key == "csp-report.script-sample" ||
                (key == "csp-report.original-policy" && Waap::Util::containsCspReportPolicy(res.unescaped_line)) ) {
            dbgTrace(D_WAAP_SCANNER) << "CSP report detected, ignoring.";
@@ -169,11 +174,14 @@ bool Waap::Scanner::suspiciousHit(Waf2ScanResult& res, DeepParser &dp,
    return m_transaction->reportScanResult(res);
 }

-int Waap::Scanner::onKv(const char* k, size_t k_len, const char* v, size_t v_len, int flags) {
+
+int Waap::Scanner::onKv(const char* k, size_t k_len, const char* v, size_t v_len, int flags, size_t parser_depth) {
    Waf2ScanResult& res = m_lastScanResult;
    DeepParser &dp = m_transaction->getDeepParser();
    std::string key = std::string(k, k_len);
    std::string value = std::string(v, v_len);
+
+
    res.clear();
    dbgTrace(D_WAAP_SCANNER) << "Waap::Scanner::onKv: k='" << key <<
        "' v='" << value << "'";
@@ -266,7 +274,7 @@ int Waap::Scanner::onKv(const char* k, size_t k_len, const char* v, size_t v_len
    }
    // Special value only matched when XML <!ENTITY> atribute is found.
    if (v_len == 36) {
-        if (value == "08a80340-06d3-11ea-9f87-0242ac11000f" && !m_transaction->shouldIgnoreOverride(res)) {
+        if (value == Waap::Scanner::xmlEntityAttributeId && !m_transaction->shouldIgnoreOverride(res)) {
            // Always return max score when <!ENTITY tag is encoutered during XML parsing.
            res.score = 10.0;
            res.unescaped_line = "<!ENTITY";