diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index f302720aeb..37919128ad 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -1080,8 +1080,8 @@ int Multipart::multipart_complete(std::string *error) { m_transaction->m_variableFiles.set(m->m_filename, m->m_filename, m->m_filenameOffset); - m_transaction->m_variableFilesNames.set(m->m_filename, - m->m_filename, m->m_filenameOffset); + m_transaction->m_variableFilesNames.set(m->m_name, + m->m_name, m->m_nameOffset); m_transaction->m_variableFilesSizes.set(m->m_name, std::to_string(m->m_tmp_file_size.first), diff --git a/test/test-cases/regression/offset-variable.json b/test/test-cases/regression/offset-variable.json index 257dac198a..99c9e19a71 100644 --- a/test/test-cases/regression/offset-variable.json +++ b/test/test-cases/regression/offset-variable.json @@ -1511,11 +1511,11 @@ ] }, "expected":{ - "error_log":"o0,15v512,20t:trim" + "error_log":"o0,8o0,8v491,8t:trimo0,16o0,16v709,16t:trim" }, "rules":[ "SecRequestBodyAccess On", - "SecRule FILES_NAMES \"small_text_file\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" + "SecRule FILES_NAMES \"(fiasdfasdfledata|filedata)\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" ] }, { diff --git a/test/test-cases/regression/rule-920120.json b/test/test-cases/regression/rule-920120.json new file mode 100644 index 0000000000..cdc437074f --- /dev/null +++ b/test/test-cases/regression/rule-920120.json @@ -0,0 +1,65 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: OWASP CRS id:920120", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept-Language":"en-us,en;q=0.5", + "Accept":"*/*", + "Content-Length":"411", + "Content-Type":"multipart/form-data; boundary=---------------------------265001916915724", + "Proxy-Connection":"keep-alive", + "Keep-Alive":"300" + }, + "uri":"/", + "method":"POST", + "body": [ + "-----------------------------265001916915724\r", + "Content-Disposition: form-data; name=\"fi;le\"; filename=\"test\"\r", + "Content-Type: application/octet-stream\r", + "\r", + "Rotem & Ayala\r", + "\r", + "-----------------------------265001916915724\r", + "Content-Disposition: form-data; name=\"name\"\r", + "\r", + "tt2\r", + "-----------------------------265001916915724\r", + "Content-Disposition: form-data; name=\"B1\"\r", + "\r", + "Submit\r", + "-----------------------------265001916915724--\r" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code":400 + }, + "rules":[ + "SecRuleEngine On", + "SecDefaultAction \"phase:2,deny,block,status:400,log\"", + "SecRule FILES_NAMES|FILES \"@rx (?