From ff436e3f26b93d3c6a71b650ca917643fc5e4d54 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Wed, 20 Nov 2024 10:03:12 +0800 Subject: [PATCH] TSG-23793 Fixed the issue where comments in the HTML page containing or tags would cause the inserted script to fail --- .../tsg-http/include/pattern_replace.h | 1 + .../business/tsg-http/src/pattern_replace.cpp | 78 ++++++++++++++++++- plugin/business/tsg-http/src/tsg_logger.cpp | 1 - .../tsg-http/test/test_pattern_replace.cpp | 32 +++++++- 4 files changed, 108 insertions(+), 4 deletions(-) diff --git a/plugin/business/tsg-http/include/pattern_replace.h b/plugin/business/tsg-http/include/pattern_replace.h index a486b6c..783533b 100644 --- a/plugin/business/tsg-http/include/pattern_replace.h +++ b/plugin/business/tsg-http/include/pattern_replace.h @@ -35,6 +35,7 @@ struct insert_rule size_t execute_replace_rule(const char * in, size_t in_sz, enum replace_zone zone, const struct replace_rule * rules, size_t n_rule, char** out, int options); size_t execute_insert_rule(char * in, size_t in_sz, const struct insert_rule * rules, char** out); size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char *stype, const char *type, char** out); +size_t simple_insert(char * in, size_t in_sz, const char *insert_on, const char *script, const char *type, char** out); void simple_replace(const char* find, const char* replacement, const char* input, size_t in_sz, char** output, size_t *output_sz, int options); enum replace_zone zone_name_to_id(const char * name); diff --git a/plugin/business/tsg-http/src/pattern_replace.cpp b/plugin/business/tsg-http/src/pattern_replace.cpp index d9167fd..2f21db5 100644 --- a/plugin/business/tsg-http/src/pattern_replace.cpp +++ b/plugin/business/tsg-http/src/pattern_replace.cpp @@ -260,6 +260,53 @@ static char *find_insert_position(char * in) return insert_from; } +int find_remove_position(char *start, char *end) +{ + if(end - start <=0) + { + return 0; + } + + char *tags = ALLOC(char, (end - start)+1); + memcpy(tags, start, end - start); + if(strstr(tags, "") != NULL || strstr(tags, "") != NULL) + { + free(tags); + return 1; + } + + free(tags); + return 0; +} + +void remove_string_with_tags(char *html) +{ + char *start = NULL, *end = NULL; + + while ((start = strstr(html, ""); + if (end != NULL) + { + end += 3; + if (find_remove_position(start, end) &&(strstr(start, "") != NULL || strstr(start, "") != NULL)) + { + memmove(start, end, strlen(end) + 1); + } + else + { + html = end; + } + } + else + { + break; + } + } + + return; +} + size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char *script, const char *type, char** out) { char *target=NULL; @@ -329,7 +376,36 @@ size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char size_t execute_insert_rule(char * in, size_t in_sz, const struct insert_rule * rules, char** out) { - return insert_string(in, in_sz, rules->position, rules->script, rules->type, out); + size_t out_size=0; + + if (in == NULL || in_sz < 0) + { + return 0; + } + + char*new_in = ALLOC(char, in_sz+1); + memcpy(new_in, in, in_sz); + remove_string_with_tags(new_in); + + out_size = insert_string(new_in, strlen(new_in), rules->position, rules->script, rules->type, out); + + free(new_in); + new_in=NULL; + + return out_size; +} + +size_t simple_insert(char * in, size_t in_sz, const char *insert_on, const char *script, const char *type, char** out) +{ + struct insert_rule rules; + memset(&rules, 0, sizeof(rules)); + + rules.type=(char *)type; + rules.script=(char *)script; + rules.position=(char *)insert_on; + rules.inject_sz=strlen(script); + + return execute_insert_rule(in, in_sz, &rules, out); } void simple_replace(const char* find, const char* replacement, const char* input, size_t in_sz, char** output, size_t *output_sz, int options) diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index a3b85cb..7d9ecd3 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -43,7 +43,6 @@ enum _log_action #define get_time_ms(tv) ((long long)(tv.tv_sec) * 1000 + (long long)(tv.tv_usec) / 1000) - #ifdef __x86_64__ #include "uuid_v4_x86.h" #else diff --git a/plugin/business/tsg-http/test/test_pattern_replace.cpp b/plugin/business/tsg-http/test/test_pattern_replace.cpp index 0756313..e9f2a59 100644 --- a/plugin/business/tsg-http/test/test_pattern_replace.cpp +++ b/plugin/business/tsg-http/test/test_pattern_replace.cpp @@ -7,7 +7,6 @@ #include #include - TEST(PatternReplace, Grouping1) { const char* find="(?John)|(?李梅梅)|(?Jake)"; @@ -305,9 +304,38 @@ TEST(PatternInsert, BeforeBody) free(output); } +TEST(PatternInsert, HtmlCommentsContain) +{ + char input[]=""; + const char* custom = "alert(\"Insert\");"; + char *output=NULL; + size_t output_sz=0, input_sz = strlen(input) - 5; + + output_sz = simple_insert(input, input_sz, "before-page-load", custom, "js", &output); + printf("output =%s\n", output); + + EXPECT_TRUE(output_sz>0); + EXPECT_TRUE(NULL!=strstr(output, custom)); + free(output); +} + +TEST(PatternInsert, HtmlNoCommentsContain) +{ + char input[]=""; + const char* custom = "alert(\"Insert\");"; + char *output=NULL; + size_t output_sz=0, input_sz = strlen(input); + + output_sz = simple_insert(input, input_sz, "before-page-load", custom, "js", &output); + printf("output =%s\n", output); + + EXPECT_TRUE(output_sz>0); + EXPECT_TRUE(NULL!=strstr(output, custom)); + free(output); +} + int main(int argc, char ** argv) { - ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); }