V2/json empty #2363
V2/json empty #2363
Conversation
|
Is it sufficient to have it reviewed? |
|
The discussion on how to handle the elements of a JSON into collections - ARGS, in this specific case - was placed for version 3 a while ago. There, it was established a pattern to navigate under the elements giving a flat structure (compatible with collection keys). The flat structure allows one to select the elements of JSON inside the args; A powerful feature. Within this patch pinpoint, an element does not sound to be feasible. Am I right? Why not adopt the schema presented in ModSecurity version 3? |
|
I didn't follow the discussion in v3. I can have a look at it if you can point me to it. |
|
Any chance to have this merged? Thanks |
|
Hello guys. Any reason to not review this one-line fix? |
|
I don't have any concerns with the 1-line fix; I think we can proceed with that. The only minor caveat I would draw attention to here is that, with this solution, there's no way to tell apart these request bodies (i.e. to ModSecurity they will be considered equivalent): and I don't think that's a serious impediment though. The test, though, I don't think is quite right. For example, it passes even without the 1-line fix to msc_json.c I'll either fix it up, or omit the test file for now. ( Anyway we probably want to include any such test in the pre-existing file .../rule/15-json.t ) |
|
This change was committed via substitute pull request #2735 |
This accepts a valid JSON request with only a number or a string, nothing else.
Example:
--29000000-B--
POST /test/json/test.html HTTP/1.1
content-type: application/json
Host: test
Content-Length: 2
User-Agent: Mozilla 4.0
Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2
--29000000-C--
25
--29000000-F--
I added a test, so I hope it'll be accepted this time.
I had to create the complete (minimal) test for JSON parsing, so I hope it's correct.