Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: supporting PCRE patterns for CommonWebAttack & BadCrawler threats #14

Merged
merged 3 commits into from
Jan 10, 2023
Merged

feat: supporting PCRE patterns for CommonWebAttack & BadCrawler threats #14

merged 3 commits into from
Jan 10, 2023

Conversation

dwisiswant0
Copy link
Collaborator

IMPORTANT: Please do not create a PR without creating an issue first!

(Any change needs to be discussed before proceeding. Failure to do so may result in the rejection of the pull request).

Summary

Previously, there were some CommonWebAttack and BadCrawler threat patterns that could not compile with the built-in regexp because they had negative lookahead (PCRE) properties.

As a workaround, use go-pcre as an alternative way if the built-in regexp doesn't compile the pattern.

Proposed of changes

This PR fixes/implements the following bugs/features:

How has this been tested?

Proof:

Run simple server:

$ go run examples/simple/main.go

Test for

  • CommonWebAttack threat:
$ curl localhost:3000 -so /dev/null -w "%{http_code}\n" -A X -d "body=%22autofocus%20%27%20onfocus%3D%27alert%28document.domain%29%27%22%22"
403

Payload by Aidil Arief (https://hackerone.com/aidilarf_2000).

  • BadCrawler threat:
$ curl localhost:3000 -so /dev/null -w "%{http_code}\n" -A "Yandex"
403
$ curl localhost:3000 -so /dev/null -w "%{http_code}\n" -A "YandexSearch"
200

Closing issues

Fixes #4

Checklist:

  • My code follows the code style of this project.
  • My changes successfully ran and pass linters locally (run make lint).
  • I have written new tests for my changes.
    • My changes successfully ran and pass tests locally.
  • My change requires a change to the documentation.
    • I have updated the documentation accordingly.

@dwisiswant0
refactor(cwa): support pcre pattern
58acaf4 
If the pattern doesn't compile with the built-in regexp,
we suspect the pattern has a negative lookahead -
so we compile it with PCRE.
@dwisiswant0
refactor(BadCrawler): support pcre pattern
e011077 
Same as 58acaf4,
if the pattern doesn't compile with the built-in regexp,
we suspect the pattern has a negative lookahead -
so we compile it with PCRE.
@dwisiswant0
docs: bench stats
1ce06ba
@dwisiswant0 dwisiswant0 added the enhancement New feature or request label Jan 10, 2023
@dwisiswant0 dwisiswant0 self-assigned this Jan 10, 2023
@dwisiswant0 dwisiswant0 merged commit e036517 into master Jan 10, 2023
@dwisiswant0 dwisiswant0 deleted the feat/pcre-pattern branch January 10, 2023 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dwisiswant0 dwisiswant0

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[known-issue] unable to compile some CommonWebAttack & BadCrawler patterns
1 participant
@dwisiswant0