varnish-bugs at varnish-cache
Apr 2, 2012, 11:40 PM
Post #1 of 4
(270 views)
Permalink
|
|
#1121: Escaped double quote mark within a regex is not recognized
|
|
#1121: Escaped double quote mark within a regex is not recognized
----------------------+-----------------------------------------------------
Reporter: gnotaras | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: 3.0.2 | Severity: normal
Keywords: |
----------------------+-----------------------------------------------------
I tried to use the following check (taken from the mod_security's core
ruleset) to detect command injection attacks. The vcl compiler throws an
error.
default.vcl:
{{{
if (req.url ~
"(?:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"\|\;\`\-\s]|$))") {
error 403 "Forbidden";
}
}}}
vcl compiler error:
{{{
# varnishd -f default.vcl -d
Message from VCC-compiler:
Syntax error at
('input' Line 124 Pos 72)
if (req.url ~
"(?:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"\|\;\`\-\s]|$))") {
-----------------------------------------------------------------------#------------------
Running VCC-compiler failed, exit 1
VCL compilation failed
}}}
If I remove the escaped double quote from within the regex, the rule
becomes:
{{{
req.url ~
"(?:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\|\;\`\-\s]|$))"
}}}
And the vcl compiler validates it properly without errors.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1121>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
|
