fix: split subviolations and tc by comma

src/extensions/nginx-app-protect/monitoring/processor/nap.go

@@ -464,7 +464,7 @@ func setValue(napConfig *NAPConfig, key, value string, logger *logrus.Entry) err
 	case sigSetNames:
 		napConfig.SigSetNames = replaceEncodedList(value, listSeperator)
 	case threatCampaignNames:
-		napConfig.ThreatCampaignNames = value
+		napConfig.ThreatCampaignNames = replaceEncodedList(value, listSeperator)
 	case violationDetails:
 		napConfig.ViolationDetailsXML = func(data string) *BADMSG {
 			var xmlData BADMSG
@@ -513,7 +513,7 @@ func setValue(napConfig *NAPConfig, key, value string, logger *logrus.Entry) err
 	case sigCVEs:
 		napConfig.SignatureCVEs = replaceEncodedList(value, listSeperator)
 	case subViolations:
-		napConfig.SubViolations = value
+		napConfig.SubViolations = replaceEncodedList(value, listSeperator)
 	case supportID:
 		napConfig.SupportID = value
 	case violations:

src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt

@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592513,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1

src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt

@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592514,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n

src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt

@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592515,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n

src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt

@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592516,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n

src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt

@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592517,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n

src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt

@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592518,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n