File: osvdb.lua

package info (click to toggle)
modsecurity-crs 2.2.9-1+deb8u1
  • links: PTS
  • area: main
  • in suites: jessie
  • size: 3,064 kB
  • ctags: 219
  • sloc: perl: 1,002; ansic: 727; ruby: 69; makefile: 18
file content (25 lines) | stat: -rwxr-xr-x 653 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/usr/bin/lua

local request_filename = m.getvar("REQUEST_FILENAME", "none")
local args = {};
args = m.getvars("ARGS_NAMES", "none")

function main ()
for line in io.lines("/usr/local/apache/conf/modsec_current/base_rules/vulnerabilities.txt") do
    if line:find(request_filename) then
	if string.find(line, "^%d+\,") then
		for k,v in pairs(args) do
		local arg_name = v["value"] .. "=";
			if string.find(line, arg_name) then
			m.setvar("resource.osvdb_check", "1")
			m.setvar("resource.osvdb_vulnerable", "1")
			m.setvar("tx.osvdb_msg", line)
			return(line) 
			end
		end
	end
    end
end
	m.setvar("resource.osvdb_check", "1")
	return nil
end