Closed airween closed 4 months ago
I don't know why I didn't make a pr, even make a issue. However, our version is patched in 2022:
// It's patched just the use of path_info
.
--- src/transaction.cc 2022-03-19 13:59:14.000000000 +0800
+++ /tmp/transaction.cc 2024-02-02 17:46:05.000000000 +0800
@@ -463,6 +463,14 @@ int Transaction::processURI(const char *
size_t pos_raw_query = uri_s.find("?");
+ std::string path_info_raw;
+ if (pos_raw_query == std::string::npos) {
+ path_info_raw = std::string(uri_s, 0);
+ } else {
+ path_info_raw = std::string(uri_s, 0, pos_raw_query);
+ }
+ std::string path_info = utils::uri_decode(path_info_raw);
+
m_uri_decoded = utils::uri_decode(uri_s);
size_t var_size = pos_raw_query;
@@ -477,14 +485,6 @@ int Transaction::processURI(const char *
m_variableRequestProtocol.set("HTTP/" + std::string(http_version),
m_variableOffset + requestLine.size() + 1);
-
- std::string path_info;
- if (pos_raw_query == std::string::npos) {
- path_info = std::string(uri_s, 0);
- } else {
- path_info = std::string(uri_s, 0, pos_raw_query);
- }
- path_info = utils::uri_decode(path_info);
m_uri_no_query_string_decoded = std::unique_ptr<std::string>(
new std::string(path_info));
@@ -496,6 +496,7 @@ int Transaction::processURI(const char *
Should I review all our changes, and try to make PR or issue?
I don't know why I didn't make a pr, even make a issue. However, our version is patched in 2022:
Well, there are a few of us who walk this path :)
Should I review all our changes, and try to make PR or issue?
Sure, let's see and discuss it. Also, there is a channel on OWASP's Slack where you can join to - the name is #project-modsecurity
.
Quality Gate passed
Kudos, no new issues were introduced!
0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code
See analysis details on SonarCloud