Skip to content

Commit

Permalink
Handle html_decode through lua-resty-htmlentities
Browse files Browse the repository at this point in the history
FFI ftw.

This fixes issue p0pr0ck5#262.
  • Loading branch information
p0pr0ck5 committed Feb 23, 2017
1 parent 14b8081 commit 76368ed
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 16 deletions.
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@
[submodule "lua-aho-corasick"]
path = lua-aho-corasick
url = https://github.com/p0pr0ck5/lua-aho-corasick
[submodule "lua-resty-htmlentities"]
path = lua-resty-htmlentities
url = https://github.com/detailyang/lua-resty-htmlentities
37 changes: 28 additions & 9 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,39 @@ OPM = $(RESTY_BINDIR)/opm
OPM_LIB_DIR ?= $(OPENRESTY_PREFIX)/site
PWD = `pwd`

LIBS = waf waf.lua
C_LIBS = lua-aho-corasick libinjection
OPM_LIBS = hamishforbes/lua-resty-iputils p0pr0ck5/lua-resty-cookie p0pr0ck5/lua-ffi-libinjection p0pr0ck5/lua-resty-logger-socket
LIBS = waf waf.lua htmlentities.lua
C_LIBS = lua-aho-corasick lua-resty-htmlentities libinjection
OPM_LIBS = hamishforbes/lua-resty-iputils p0pr0ck5/lua-resty-cookie \
p0pr0ck5/lua-ffi-libinjection p0pr0ck5/lua-resty-logger-socket
MAKE_LIBS = $(C_LIBS)
SO_LIBS = libac.so libinjection.so
SO_LIBS = libac.so libinjection.so libhtmlentities.so
RULES = rules

LOCAL_LIB_DIR = lib/resty

.PHONY: all test install clean test-unit test-acceptance test-regression \
test-translate lua-aho-corasick libinjection clean-libinjection \
clean-lua-aho-corasick install-opm-libs clean-opm-libs
test-translate lua-aho-corasick lua-resty-htmlentities libinjection \
clean-libinjection clean-lua-aho-corasick install-opm-libs clean-opm-libs

all: $(MAKE_LIBS) debug-macro

clean: clean-libinjection clean-lua-aho-corasick clean-libs clean-test clean-debug-macro
clean: clean-libinjection clean-lua-aho-corasick clean-lua-resty-htmlentities \
clean-libs clean-test clean-debug-macro

clean-debug-macro:
./tools/debug-macro.sh clean

clean-install: clean-opm-libs
cd $(LUA_LIB_DIR) && rm -rf $(RULES) && rm -f $(SO_LIBS) && cd resty/ && rm -rf $(LIBS)
cd $(LUA_LIB_DIR) && rm -rf $(RULES) && rm -f $(SO_LIBS) && cd resty/ && \
rm -rf $(LIBS)

clean-lua-aho-corasick:
cd lua-aho-corasick && make clean

clean-lua-resty-htmlentities:
cd lua-resty-htmlentities && make clean
rm -f lib/resty/htmlentities.lua

clean-libinjection:
cd libinjection && make clean && git checkout -- .

Expand All @@ -51,6 +58,11 @@ debug-macro:
lua-aho-corasick:
cd lua-aho-corasick && make && cp libac.so ../lib/

lua-resty-htmlentities:
cd $@ && make
cp $@/lib/resty/htmlentities.lua lib/resty
cp $@/libhtmlentities.so lib/

libinjection:
cd libinjection && make && cp src/libinjection.so ../lib/

Expand All @@ -69,9 +81,16 @@ test-translate:
test-lua-aho-corasick:
cd lua-aho-corasick && make test

test-lua-resty-htmlentities:
cd lua-resty-htmlentities && make test

test-libinjection:
cd libinjection && make check

test: clean all test-unit test-acceptance test-regression test-translate

test-libs: clean all test-lua-aho-corasick test-libinjection
test-libs: clean all test-lua-aho-corasick test-lua-resty-htmlentities \
test-libinjection

test-recursive: test test-libs

Expand Down
11 changes: 4 additions & 7 deletions lib/resty/waf/transform.lua
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
local _M = {}

local base = require "resty.waf.base"
local hdec = require "resty.htmlentities"
local logger = require "resty.waf.log"
local util = require "resty.waf.util"

Expand All @@ -13,6 +14,8 @@ local string_sub = string.sub

_M.version = base.version

hdec.new() -- load the module on require

local function ascii_dec(n)
return string_char(tonumber(string_sub(n, 3, -2)))
end
Expand Down Expand Up @@ -58,13 +61,7 @@ _M.lookup = {
return util.hex_encode(value)
end,
html_decode = function(waf, value)
local str = string_gsub(value, [=[&lt;]=], '<')
str = string_gsub(str, [=[&gt;]=], '>')
str = string_gsub(str, [=[&quot;]=], '"')
str = string_gsub(str, [=[&apos;]=], "'")
str = string_gsub(str, [=[&#%d+;]=], ascii_dec)
str = string_gsub(str, [=[&#x%d+;]=], ascii_hex)
str = string_gsub(str, [=[&amp;]=], '&')
local str = hdec.decode(value)
--_LOG_"html decoded value is " .. str
return str
end,
Expand Down
1 change: 1 addition & 0 deletions lua-resty-htmlentities
Submodule lua-resty-htmlentities added at b1c01a

0 comments on commit 76368ed

Please sign in to comment.