Skip to content

Commit

Permalink
Adds capture action to detectXSS
Browse files Browse the repository at this point in the history
  • Loading branch information
victorhora authored and Felipe Zimmerle committed Mar 13, 2018
1 parent b59d19e commit 22334c9
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 9 deletions.
2 changes: 2 additions & 0 deletions CHANGES
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
v3.0.x - YYYY-MMM-DD (To be released)
-------------------------------------

- Adds capture action to detectXSS
[Issue #1698 - @victorhora]
- Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
[Issue #1701 - @victorhora]
- Adds capture action to detectSQLi
Expand Down
27 changes: 19 additions & 8 deletions src/operators/detect_xss.cc
Original file line number Diff line number Diff line change
Expand Up @@ -25,22 +25,33 @@ namespace modsecurity {
namespace operators {


bool DetectXSS::evaluate(Transaction *transaction, const std::string &input) {
bool DetectXSS::evaluate(Transaction *t, Rule *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
int is_xss;

is_xss = libinjection_xss(input.c_str(), input.length());

if (transaction) {
#ifndef NO_LOGS
if (t) {
if (is_xss) {
transaction->debug(5, "detected XSS using libinjection.");
#ifndef NO_LOGS
t->debug(5, "detected XSS using libinjection.");
#endif
if (rule && t
&& rule->getActionsByName("capture").size() > 0) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(input));
#ifndef NO_LOGS
t->debug(7, "Added DetectXSS match TX.0: " + \
std::string(input));
#endif
}
} else {
transaction->debug(9, "libinjection was not able to " \
"find any XSS in: " + input);
}
#ifndef NO_LOGS
t->debug(9, "libinjection was not able to " \
"find any XSS in: " + input);
#endif
}
}

return is_xss != 0;
}

Expand Down
4 changes: 3 additions & 1 deletion src/operators/detect_xss.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ class DetectXSS : public Operator {
m_match_message.assign("detected XSS using libinjection.");
}

bool evaluate(Transaction *transaction, const std::string &input);
bool evaluate(Transaction *t, Rule *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
};

} // namespace operators
Expand Down
46 changes: 46 additions & 0 deletions test/test-cases/regression/operator-detectxss.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing Operator :: @detectXSS",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded"
},
"uri":"/",
"method":"POST",
"body": [
"param1=<script>alert(1)</script&param2=value2"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Added DetectXSS match TX.0: f\\(f\\(f"
},
"rules":[
"SecRuleEngine On",
"SecRule ARGS \"@detectXSS\" \"id:1,phase:2,capture,pass,t:trim\""
]
}
]

0 comments on commit 22334c9

Please sign in to comment.