[PATCH]support \r\n escape
This commit is contained in:
liuwentan
@@ -219,6 +219,12 @@ char *str_unescape(char *s)
|
|||||||
case '\\':
|
case '\\':
|
||||||
s[j] = '\\';
|
s[j] = '\\';
|
||||||
break;
|
break;
|
||||||
|
case 'r':
|
||||||
|
s[j] = '\r';
|
||||||
|
break;
|
||||||
|
case 'n':
|
||||||
|
s[j] = '\n';
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
s[j] = s[i];
|
s[j] = s[i];
|
||||||
i--; //undo the followed i++
|
i--; //undo the followed i++
|
||||||
|
|||||||
@@ -811,6 +811,26 @@ TEST_F(MaatHsStringScan, Regex) {
|
|||||||
state = NULL;
|
state = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatHsStringScan, BackslashR_N_Escape) {
|
||||||
|
int ret = 0;
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
int thread_id = 0;
|
||||||
|
const char *table_name = "KEYWORDS_TABLE";
|
||||||
|
const char *payload = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\n\r\n";
|
||||||
|
struct maat *maat_inst = MaatHsStringScan::_shared_maat_inst;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ret = maat_scan_string(maat_inst, table_id, payload, strlen(payload),
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
|
EXPECT_EQ(results[0], 225);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
state = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
TEST_F(MaatHsStringScan, ExprPlus) {
|
TEST_F(MaatHsStringScan, ExprPlus) {
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
@@ -1531,6 +1551,26 @@ TEST_F(MaatRsStringScan, Regex) {
|
|||||||
state = NULL;
|
state = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatRsStringScan, BackslashR_N_Escape) {
|
||||||
|
int ret = 0;
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
int thread_id = 0;
|
||||||
|
const char *table_name = "KEYWORDS_TABLE";
|
||||||
|
const char *payload = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\n\r\n";
|
||||||
|
struct maat *maat_inst = MaatRsStringScan::_shared_maat_inst;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ret = maat_scan_string(maat_inst, table_id, payload, strlen(payload),
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
|
EXPECT_EQ(results[0], 225);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
state = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
TEST_F(MaatRsStringScan, ExprPlus) {
|
TEST_F(MaatRsStringScan, ExprPlus) {
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
|
|||||||
@@ -3845,6 +3845,35 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"compile_id": 225,
|
||||||
|
"service": 0,
|
||||||
|
"action": 0,
|
||||||
|
"do_blacklist": 0,
|
||||||
|
"do_log": 0,
|
||||||
|
"user_region": "Payload escape",
|
||||||
|
"is_valid": "yes",
|
||||||
|
"groups": [
|
||||||
|
{
|
||||||
|
"group_name": "EscapeGroup_225_1",
|
||||||
|
"virtual_table": "KEYWORDS_TABLE",
|
||||||
|
"not_flag": 0,
|
||||||
|
"clause_index": 0,
|
||||||
|
"regions": [
|
||||||
|
{
|
||||||
|
"table_name": "KEYWORDS_TABLE",
|
||||||
|
"table_type": "expr",
|
||||||
|
"table_content": {
|
||||||
|
"keywords": "GET\\b/\\bHTTP/1.1\\r\\nHost:\\bwww.baidu.com\\r\\n\\r\\n",
|
||||||
|
"expr_type": "none",
|
||||||
|
"match_method": "sub",
|
||||||
|
"format": "uncase plain"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"plugin_table": [
|
"plugin_table": [
|
||||||
|
|||||||
Reference in New Issue
Block a user