ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

Handle capture as tx.1=char in validateByteRange

Open marcstern opened this issue 2 years ago • 5 comments

marcstern avatar Aug 11 '23 15:08 marcstern

Hello @marcstern ,

Could you please describe what problem this is intended to address?

martinhsv avatar Oct 17 '23 13:10 martinhsv

This allows to know what's the offending character. Very useful in complex configurations with multiple , defined variables, macros, etc.

marcstern avatar Oct 18 '23 06:10 marcstern

So this is recording every finding, right?

I'm a little hesitant about such expansive use of the tx.0, tx.1, ... special variables. Most operators that support capture use only tx.0 or rx, of course, which may use all of tx.0 through tx.9. But here, (unless I'm mistaken) there could potentially be thousands.

The rest of the code assumes that there are a maximum of 10 of these variables. At a minimum we would have a problem because items tx.11 and greater would not currently get reset via apr_table_unset as happens now with tx.0 through tx.9.

martinhsv avatar Oct 18 '23 22:10 martinhsv

What about limiting it to 9 then? It would be easy: if (capture && count < 10)

marcstern avatar Oct 19 '23 06:10 marcstern

I adapted the PR

marcstern avatar Oct 23 '23 10:10 marcstern

Unclean PR, to be replaced by another one

marcstern avatar Feb 28 '24 07:02 marcstern