Permalink
Browse files

Scientific notation in json (Fix #437) (#438)

* Fixing scientific notation number parsing as a JSON value
  • Loading branch information...
z0r0 authored and buixor committed Oct 9, 2018
1 parent f2380e7 commit 2a7cb6904999501e902232aaa206518717cc95d3
Showing with 33 additions and 1 deletion.
  1. +2 −1 naxsi_src/naxsi_json.c
  2. +31 −0 t/14json.t
View
@@ -170,7 +170,8 @@ ngx_http_nx_json_val(ngx_json_t *js) {
if ((js->c >= '0' && js->c <= '9') || js->c == '-') {
val.data = js->src+js->off;
while ( ((*(js->src+js->off) >= '0' && *(js->src+js->off) <= '9') ||
*(js->src+js->off) == '.' || *(js->src+js->off) == '-') && js->off < js->len) {
*(js->src+js->off) == '.' || *(js->src+js->off) == '-' || *(js->src+js->off) == 'e')
&& js->off < js->len) {
val.len++;
js->off++;
}
View
@@ -772,3 +772,34 @@ use URI::Escape;
\"ERROR_REPORT:{\\\"request\\\":{\\\"bar\\\":\\\"\\\"},\\\"response\\\":{\\\"bar\\\":[{\\\"schema_id\\\":\\\"foo\\\"}]}}\"
}"
--- error_code: 412
=== JSON14 : bug_437
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
set $naxsi_extensive_log 1;
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: application/json
--- request eval
use URI::Escape;
"POST /
{
\"number\": -2.806683719414e-14
}"
--- error_code: 200

0 comments on commit 2a7cb69

Please sign in to comment.