/
url_decode.go
84 lines (74 loc) · 1.86 KB
/
url_decode.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// Copyright 2022 Juan Pablo Tosso
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package transformations
import (
"github.com/corazawaf/coraza/v2/utils/strings"
)
func urlDecode(data string) (string, error) {
res, _, _ := doURLDecode(data)
// TODO add error?
return res, nil
}
// extracted from https://github.com/senghoo/modsecurity-go/blob/master/utils/urlencode.go
func doURLDecode(input string) (string, bool, int) {
d := []byte(input)
inputLen := len(d)
var i, count, invalidCount, c int
changed := false
for i < inputLen {
if input[i] == '%' {
/* Character is a percent sign. */
/* Are there enough bytes available? */
if i+2 < inputLen {
c1 := input[i+1]
c2 := input[i+2]
if strings.ValidHex(c1) && strings.ValidHex(c2) {
uni := strings.X2c(input[i+1:])
d[c] = uni
c++
count++
i += 3
changed = true
} else {
/* Not a valid encoding, skip this % */
d[c] = input[i]
c++
i++
count++
invalidCount++
}
} else {
/* Not enough bytes available, copy the raw bytes. */
d[c] = input[i]
c++
i++
count++
invalidCount++
}
} else {
/* Character is not a percent sign. */
if input[i] == '+' {
d[c] = ' '
c++
changed = true
} else {
d[c] = input[i]
c++
}
count++
i++
}
}
return string(d[0:c]), changed, invalidCount
}