From 5f28c2bb21bf7cc8d21bf124302f4d656dff4b16 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Tue, 30 Jan 2024 12:21:45 +0100 Subject: [PATCH] Change REQUEST_FILENAME behavior --- src/transaction.cc | 26 ++++------ .../regression/variable-PATH_INFO.json | 50 +++++++++++++++++-- 2 files changed, 58 insertions(+), 18 deletions(-) diff --git a/src/transaction.cc b/src/transaction.cc index 0c98b49c50..cf52288d9b 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -463,6 +463,14 @@ int Transaction::processURI(const char *uri, const char *method, size_t pos_raw_query = uri_s.find("?"); + std::string path_info_raw; + if (pos_raw_query == std::string::npos) { + path_info_raw = std::string(uri_s, 0); + } else { + path_info_raw = std::string(uri_s, 0, pos_raw_query); + } + std::string path_info = utils::uri_decode(path_info_raw); + m_uri_decoded = utils::uri_decode(uri_s); size_t var_size = pos_raw_query; @@ -477,15 +485,8 @@ int Transaction::processURI(const char *uri, const char *method, m_variableRequestProtocol.set("HTTP/" + std::string(http_version), m_variableOffset + requestLine.size() + 1); - - size_t pos_query = m_uri_decoded.find("?"); - if (pos_query != std::string::npos) { - m_uri_no_query_string_decoded = std::unique_ptr( - new std::string(m_uri_decoded, 0, pos_query)); - } else { - m_uri_no_query_string_decoded = std::unique_ptr( - new std::string(m_uri_decoded)); - } + m_uri_no_query_string_decoded = std::unique_ptr( + new std::string(path_info)); if (pos_raw_query != std::string::npos) { @@ -495,12 +496,7 @@ int Transaction::processURI(const char *uri, const char *method, + std::string(method).size() + 1); } - std::string path_info; - if (pos_query == std::string::npos) { - path_info = std::string(m_uri_decoded, 0); - } else { - path_info = std::string(m_uri_decoded, 0, pos_query); - } + if (var_size == std::string::npos) { var_size = uri_s.size(); } diff --git a/test/test-cases/regression/variable-PATH_INFO.json b/test/test-cases/regression/variable-PATH_INFO.json index 77651d9e0c..f71e832555 100644 --- a/test/test-cases/regression/variable-PATH_INFO.json +++ b/test/test-cases/regression/variable-PATH_INFO.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: PATH_INFO (1/3)", + "title":"Testing Variables :: PATH_INFO (1/4)", "client":{ "ip":"200.249.12.31", "port":123 @@ -46,7 +46,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: PATH_INFO (2/3)", + "title":"Testing Variables :: PATH_INFO (2/4)", "client":{ "ip":"200.249.12.31", "port":123 @@ -90,7 +90,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: PATH_INFO (3/3)", + "title":"Testing Variables :: PATH_INFO (3/4)", "client":{ "ip":"200.249.12.31", "port":123 @@ -130,5 +130,49 @@ "SecRuleEngine On", "SecRule PATH_INFO \"@contains test \" \"id:1,phase:3,pass,t:trim\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: PATH_INFO (4/4)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/t%3fo/three?key=value", + "method":"POST", + "body":[ + "param1=value1¶m2=value2" + ] + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRule PATH_INFO \"@contains three\" \"id:1,phase:2,deny,status:403,t:trim\"" + ] } ]