This repository has been archived by the owner on May 14, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 728
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Correct rule 941310 to use single-byte variants and fix FPs (#1596)
* Fix test to use the single byte characters Add a test that uses utf-8 as well. * Change pattern to use the single-byte variants Patterns in ModSecurity are not treated as UTF strings. Fixes #1595. * Add negative tests and update descriptions * Improve pattern Change it to avoid FPs for \xbc\xbc and \xbe\xbe (i.e. << and >>). Use negated classes for better performance.
- Loading branch information
Showing
2 changed files
with
58 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 57 additions & 6 deletions
63
util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,24 +1,75 @@ | ||
| --- | ||
| meta: | ||
| author: "Christian S.J. Peron" | ||
| description: None | ||
| author: Christian S.J. Peron, Federico G. Schwindt | ||
| description: US-ASCII Malformed Encoding XSS Filter | ||
| enabled: true | ||
| name: 941310.yaml | ||
| tests: | ||
| - | ||
| test_title: 941310-1 | ||
| desc: "US-ASCII Malformed Encoding XSS Filter" | ||
| desc: Positive test using single byte | ||
| stages: | ||
| - | ||
| stage: | ||
| input: | ||
| dest_addr: 127.0.0.1 | ||
| headers: | ||
| Host: localhost | ||
| Content-type: "iso-8859-15" | ||
| Content-type: us-ascii | ||
| method: POST | ||
| port: 80 | ||
| uri: "/" | ||
| data: "var=.*¾.*¼.*" | ||
| uri: / | ||
| data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe | ||
| output: | ||
| log_contains: id "941310" | ||
| - | ||
| test_title: 941310-2 | ||
| desc: Positive test using utf-8 | ||
| stages: | ||
| - | ||
| stage: | ||
| input: | ||
| dest_addr: 127.0.0.1 | ||
| headers: | ||
| Host: localhost | ||
| Content-type: us-ascii | ||
| method: POST | ||
| port: 80 | ||
| uri: / | ||
| data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe | ||
| output: | ||
| log_contains: id "941310" | ||
| - | ||
| test_title: 941310-3 | ||
| desc: Negative test for opening tag | ||
| stages: | ||
| - | ||
| stage: | ||
| input: | ||
| dest_addr: 127.0.0.1 | ||
| headers: | ||
| Host: localhost | ||
| Content-type: us-ascii | ||
| method: POST | ||
| port: 80 | ||
| uri: / | ||
| data: var=\xbc\xbc | ||
| output: | ||
| no_log_contains: id "941310" | ||
| - | ||
| test_title: 941310-4 | ||
| desc: Negative test for closing tag | ||
| stages: | ||
| - | ||
| stage: | ||
| input: | ||
| dest_addr: 127.0.0.1 | ||
| headers: | ||
| Host: localhost | ||
| Content-type: us-ascii | ||
| method: POST | ||
| port: 80 | ||
| uri: / | ||
| data: var=\xbe\xbe | ||
| output: | ||
| no_log_contains: id "941310" |