search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
8.3k stars 1.61k forks source link

Fix m_requestHostName variable behavior #3298

Closed airween closed 6 days ago

airween commented 1 week ago

what

This PR fixes the wrong behavior of m_requestHostName transaction variable.

why

Previously, this variable was set when the setRequestHostName() was called, but previously it was initialized in processConnection(). So the last function overwritten the variable, and the previously set value disappeared.

If the connector calls if after processConnection(), then the host field in log entries which generated during processConnection() phase does not contain the necessary value.

The solution was to add a condition which sets the m_requestHostName only if it's empty. Also the correct call to the function setRequestHostName() can be seen in the regression.cc.

This modification does not modify the API.

sonarcloud[bot] commented 1 week ago

Quality Gate Failed Quality Gate failed

Failed conditions
E Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

airween commented 6 days ago

No other notes, going to merge this.