waf feature: use $proxy_pass_uri

Author: pracj3am

src/ngx_http_modsecurity_module.c

@@ -130,17 +130,14 @@ char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p)
 {
     char *str = NULL;
 
-    if (a.len == 0) {
+    str = ngx_pnalloc(p, a.len+1);
+    if (str == NULL) {
         return NULL;
     }
 
-    str = ngx_pnalloc(p, a.len+1);
-    if (str == NULL) {
-        dd("failed to allocate memory to convert space ngx_string to C string");
-        /* We already returned NULL for an empty string, so return -1 here to indicate allocation error */
-        return (char *)-1;
+    if (a.len > 0) {
+        ngx_memcpy(str, a.data, a.len);
     }
-    ngx_memcpy(str, a.data, a.len);
     str[a.len] = '\0';
 
     return str;

src/ngx_http_modsecurity_rewrite.c

@@ -24,7 +24,8 @@
 ngx_int_t ngx_http_modsecurity_process_connection(ngx_http_request_t *r,
         ngx_http_modsecurity_ctx_t *ctx);
 ngx_int_t ngx_http_modsecurity_process_url(ngx_http_request_t *r,
-        ngx_http_modsecurity_ctx_t *ctx);
+        ngx_http_modsecurity_ctx_t *ctx,
+        const char *uri, const char *method, const char *http_version);
 ngx_int_t ngx_http_modsecurity_process_req_header(ngx_http_request_t *r,
         ngx_http_modsecurity_ctx_t *ctx);
 ngx_int_t ngx_http_modsecurity_process_empty_req_body(ngx_http_request_t *r,
@@ -61,7 +62,7 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
         return rc;
     }
 
-    rc = ngx_http_modsecurity_process_url(r, ctx);
+    rc = ngx_http_modsecurity_process_url(r, ctx, NULL, NULL, NULL);
     if (rc > 0) {
         return rc;
     }
@@ -137,36 +138,47 @@ ngx_http_modsecurity_process_connection(ngx_http_request_t *r,
 
 ngx_int_t
 ngx_http_modsecurity_process_url(ngx_http_request_t *r,
-        ngx_http_modsecurity_ctx_t *ctx)
+        ngx_http_modsecurity_ctx_t *ctx,
+        const char *uri, const char *method, const char *http_version)
 {
     ngx_pool_t  *old_pool;
-    const char  *http_version, *n_uri, *n_method;
-
-    switch (r->http_version) {
-        case NGX_HTTP_VERSION_9 :
-            http_version = "0.9";
-            break;
-        case NGX_HTTP_VERSION_10 :
-            http_version = "1.0";
-            break;
-        case NGX_HTTP_VERSION_11 :
-            http_version = "1.1";
-            break;
-        case NGX_HTTP_VERSION_20 :
-            http_version = "2.0";
-            break;
-        default :
-            http_version = "1.0";
-            break;
+
+    if (http_version == NULL) {
+        switch (r->http_version) {
+            case NGX_HTTP_VERSION_9 :
+                http_version = "0.9";
+                break;
+            case NGX_HTTP_VERSION_10 :
+                http_version = "1.0";
+                break;
+            case NGX_HTTP_VERSION_11 :
+                http_version = "1.1";
+                break;
+            case NGX_HTTP_VERSION_20 :
+                http_version = "2.0";
+                break;
+            default :
+                http_version = "1.0";
+                break;
+        }
     }
 
-    n_uri = ngx_str_to_char(r->unparsed_uri, r->pool);
-    n_method = ngx_str_to_char(r->method_name, r->pool);
-    if (n_uri == (char*)-1 || n_method == (char*)-1) {
-        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    if (uri == NULL) {
+        uri = ngx_str_to_char(r->unparsed_uri, r->pool);
+        if (uri == NULL) {
+            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+        }
     }
+
+    if (method == NULL) {
+        method = ngx_str_to_char(r->method_name, r->pool);
+        if (method == NULL) {
+            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+        }
+    }
+
     old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
-    msc_process_uri(ctx->modsec_transaction, n_uri, n_method, http_version);
+    msc_process_uri(ctx->modsec_transaction, uri, method, http_version);
     ngx_http_modsecurity_pcre_malloc_done(old_pool);
 
     dd("Processing intervention with the transaction information filled in (uri, method and version)");