[ https://www.modsecurity.org/tracker/browse/MODSEC-227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-227.
--------------------------------------
Fix Version/s: 2.6.0
(was: 2.7.0)
Resolution: Fixed
> gsbLookup does not perform canonicalization and lookups correctly
> -----------------------------------------------------------------
>
> Key: MODSEC-227
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-227
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Components: Operators
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> The gsbLookup operator does not perform canonicalization correctly. The example from the Safe Browsing manual (http://a.b.c/1/2.html?param=1) results in two lookups:
> GSB: Successfully extracted url: a.B.c/1/2.Html?param=1
> GSB: Canonicalize url #2: a.B.c/
> whereas the manual specifies many more:
> a.b.c/1/2.html?param=1
> a.b.c/1/2.html
> a.b.c/
> a.b.c/1/
> b.c/1/2.html?param=1
> b.c/1/2.html
> b.c/
> b.c/1/
> Also notice that gsbLookup does not currently transform input to lowercase (but it should).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
