From 15e58c3385e339509bf5ea42437d195fa6e0e488 Mon Sep 17 00:00:00 2001 From: David Faris Date: Wed, 12 Feb 2020 10:14:41 -0600 Subject: [PATCH] Fixed issue #457 (#482) * Setup json scanning to allow for arrays as the parent type * rather than assuming an object, just validate any json value * keep as close to the original as possible * Since all the validation comes within val we don't need to increment off. Initial tests seemed to work * Fix formatting issue --- naxsi_src/naxsi_json.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/naxsi_src/naxsi_json.c b/naxsi_src/naxsi_json.c index f55190eb..16b284d2 100644 --- a/naxsi_src/naxsi_json.c +++ b/naxsi_src/naxsi_json.c @@ -305,17 +305,10 @@ ngx_http_dummy_json_parse(ngx_http_request_ctx_t *ctx, js->loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_naxsi_module); js->main_cf = ngx_http_get_module_main_conf(r, ngx_http_naxsi_module); - if (ngx_http_nx_json_seek(js, '{')) { - ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0); - return ; - } - if (ngx_http_nx_json_obj(js) != NGX_OK) { - ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0); - NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "nx_json_obj returned error, apply invalid_json."); - + if (ngx_http_nx_json_val(js) != NGX_OK) { + ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0); + NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "nx_json_val returned error, apply invalid_json."); } - /* we are now on closing bracket, check for garbage. */ - js->off++; ngx_http_nx_json_forward(js); if (js->off != js->len) ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0);