From c7ad6c7613de3c1ac2ad1b4055f0ded22b522027 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Tue, 12 Nov 2019 20:57:33 +0000 Subject: [PATCH] Replace Cookie parsing method --- src/transaction.cc | 55 +++++++++--- .../regression/variable-REQUEST_COOKIES.json | 86 ++++++++++++++++++- .../variable-REQUEST_COOKIES_NAMES.json | 46 +++++++++- 3 files changed, 170 insertions(+), 17 deletions(-) diff --git a/src/transaction.cc b/src/transaction.cc index b21373d4d3..6ad9e84c7f 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -548,20 +548,53 @@ int Transaction::addRequestHeader(const std::string& key, if (keyl == "cookie") { size_t localOffset = m_variableOffset; + size_t pos; std::vector cookies = utils::string::ssplit(value, ';'); for (const std::string &c : cookies) { - std::vector s = utils::string::split(c, - '='); - if (s.size() > 1) { - if (s[0].at(0) == ' ') { - s[0].erase(0, 1); - } - m_variableRequestCookiesNames.set(s[0], - s[0], localOffset); + // skip empty substring, eg "Cookie: ;;foo=bar" + if (c.empty() == true) { + localOffset++; // add length of ';' + continue; + } + + // find the first '=' + pos = c.find_first_of("=", 0); + std::string ckey = ""; + std::string cval = ""; - localOffset = localOffset + s[0].size() + 1; - m_variableRequestCookies.set(s[0], s[1], localOffset); - localOffset = localOffset + s[1].size() + 2; + // if the cookie doesn't contains '=', its just a key + if (pos == std::string::npos) { + ckey = c; + } + // else split to two substrings by first = + else { + ckey = c.substr(0, pos); + // value will contains the next '=' chars if exists + // eg. foo=bar=baz -> key: foo, value: bar=baz + cval = c.substr(pos+1); + } + + // ltrim the key - following the modsec v2 way + while (ckey.empty() == false && ckey.at(0) == ' ') { + ckey.erase(0, 1); + localOffset++; + } + + // if the key is empty (eg: "Cookie: =bar;") skip it + if (ckey.empty() == true) { + localOffset = localOffset + c.length() + 1; + continue; + } + else { + // handle cookie only if the key is not empty + // set cookie name + m_variableRequestCookiesNames.set(ckey, + ckey, localOffset); + localOffset = localOffset + ckey.size() + 1; + // set cookie value + m_variableRequestCookies.set(ckey, cval, + localOffset); + localOffset = localOffset + cval.size() + 1; } } } diff --git a/test/test-cases/regression/variable-REQUEST_COOKIES.json b/test/test-cases/regression/variable-REQUEST_COOKIES.json index fc38a69a1e..1ae9268f3b 100644 --- a/test/test-cases/regression/variable-REQUEST_COOKIES.json +++ b/test/test-cases/regression/variable-REQUEST_COOKIES.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: REQUEST_COOKIES (1/3)", + "title":"Testing Variables :: REQUEST_COOKIES (1/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -42,7 +42,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: REQUEST_COOKIES (2/3)", + "title":"Testing Variables :: REQUEST_COOKIES (2/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -82,7 +82,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: REQUEST_COOKIES (3/3)", + "title":"Testing Variables :: REQUEST_COOKIES (3/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -118,6 +118,86 @@ "SecRuleEngine On", "SecRule REQUEST_COOKIES \"@contains test \" \"id:1,pass,t:trim\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES (4/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b; foo= bar" + }, + "uri":"/?key=value&key=other_value", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"bar\"" + }, + "rules":[ + "SecRuleEngine On", + "SecRule REQUEST_COOKIES \"@contains test \" \"id:1,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES (5/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b; foo= bar; = ; = = ; baz=value1=insert here something" + }, + "uri":"/?key=value&key=other_value", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"value1=insert here something\"" + }, + "rules":[ + "SecRuleEngine On", + "SecRule REQUEST_COOKIES \"@contains test \" \"id:1,pass,t:trim\"" + ] } ] diff --git a/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json b/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json index 51af9a17a3..327ad7b996 100644 --- a/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json +++ b/test/test-cases/regression/variable-REQUEST_COOKIES_NAMES.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: REQUEST_COOKIES_NAMES (1/3)", + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (1/4)", "client":{ "ip":"200.249.12.31", "port":123 @@ -42,7 +42,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: REQUEST_COOKIES_NAMES (2/3)", + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (2/4)", "client":{ "ip":"200.249.12.31", "port":123 @@ -82,7 +82,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: REQUEST_COOKIES_NAMES (3/3)", + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (3/4)", "client":{ "ip":"200.249.12.31", "port":123 @@ -118,6 +118,46 @@ "SecRuleEngine On", "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"id:1,pass,t:trim\"" ] + }, +{ + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REQUEST_COOKIES_NAMES (4/4)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie":"USER_TOKEN=Yes; a=z; t=b; foobar" + }, + "uri":"/?key=value&key=other_value", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"foobar\"" + }, + "rules":[ + "SecRuleEngine On", + "SecRule REQUEST_COOKIES_NAMES \"@contains foobar \" \"id:1,pass,t:trim\"" + ] } ]