Commit 634c6cb
authored
fix(cli): detect URL-encoded attacks and stop leaking Invalid Date in log-parser (#42)
Two correctness bugs in the log/attack parser (the actual product):
1. detectAttackPattern tested the raw nginx request path, which nginx logs
URL-encoded. Plaintext signatures like '<script' or 'or 1=1' therefore
never matched an encoded payload ('%3Cscript%3E', '%27%20OR%201=1') — a
silent false negative in a security product. Now test the raw value and
its URL-decoded forms (single + double encoding), guarding malformed '%'
sequences.
2. parseNginxTimestamp/parseSyslogTimestamp wrapped new Date() in try/catch
with a new Date() fallback, but new Date(<bad>) returns an Invalid Date
instead of throwing, so the catch never fired and Invalid Date leaked into
downstream time-window logic. Check getTime() explicitly. Also fix the
syslog year assumption so a December log parsed in January is dated to the
previous year rather than a full year in the future.
Logic verified standalone (encoded SQLi/XSS/traversal detected, benign path
still null, malformed input safe, timestamps never Invalid).1 parent b740a19 commit 634c6cb
1 file changed
Lines changed: 39 additions & 14 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
106 | 106 | | |
107 | 107 | | |
108 | 108 | | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
109 | 128 | | |
110 | 129 | | |
111 | | - | |
112 | | - | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
113 | 134 | | |
114 | 135 | | |
115 | 136 | | |
| |||
131 | 152 | | |
132 | 153 | | |
133 | 154 | | |
134 | | - | |
135 | | - | |
136 | | - | |
137 | | - | |
138 | | - | |
139 | | - | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
140 | 161 | | |
141 | 162 | | |
142 | 163 | | |
143 | | - | |
144 | | - | |
145 | | - | |
146 | | - | |
147 | | - | |
148 | | - | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
149 | 173 | | |
| 174 | + | |
150 | 175 | | |
0 commit comments