Merge in SNORT/snort3 from ~ASERBENI/snort3:comment_end_tag to master
Squashed commit of the following:
commit
3b00f92820e2e658e1d1088aadf0a2155da86a14
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed May 25 14:24:06 2022 +0300
utils: allow script closing tag in single-line comments
A closing tag placed in a single line comment will end the inline script
tracking of variable scope and individual brackets is done in accordance to the standard.
Additionally, Normalizer enforces standard limits on HTML content in JavaScript:
* no nesting tags allowed, i.e. two opening tags in a row
- * script closing tag is not allowed in string literal, comment, regular expression literal, etc.
+ * script closing tag is not allowed in string literals, block comments, regular expression literals, etc.
If source JavaScript is syntactically incorrect (containing a bad token, brackets mismatch,
HTML-tags, etc) Normalizer fires corresponding built-in rule and abandons the current script,
<char_code>{LINE_COMMENT_START} { BEGIN(char_code_lcomm); }
<lcomm>{LINE_COMMENT_END1} { BEGIN(regst); newline_found = true; }
<lcomm>{LINE_COMMENT_END2} { BEGIN(regst); newline_found = true; }
+<lcomm>{LINE_COMMENT_END4} { if (!ext_script) { BEGIN(regst); EXEC(html_closing_script_tag()) } }
<char_code_lcomm>{LINE_COMMENT_END1} { BEGIN(char_code); newline_found = true; }
<char_code_lcomm>{LINE_COMMENT_END2} { BEGIN(char_code); newline_found = true; }
+<char_code_lcomm>{LINE_COMMENT_END4} { if (!ext_script) { BEGIN(regst); RETURN(CLOSING_TAG) } }
<lcomm,char_code_lcomm>{LINE_COMMENT_END3} { if (!ext_script) { BEGIN(regst); RETURN(OPENING_TAG) } }
-<lcomm,char_code_lcomm>{LINE_COMMENT_END4} { if (!ext_script) { BEGIN(regst); RETURN(CLOSING_TAG) } }
<lcomm,char_code_lcomm>{LINE_COMMENT_SKIP} { /* skip */ }
<lcomm,char_code_lcomm><<EOF>> { RETURN(SCRIPT_CONTINUE) }
SECTION("close tag within single-line comment - start")
{
NORMALIZE(unexpected_tag_buf16);
- VALIDATE_FAIL(unexpected_tag_buf16, unexpected_tag_expected16, JSTokenizer::CLOSING_TAG, 22);
+ VALIDATE_FAIL(unexpected_tag_buf16, unexpected_tag_expected16, JSTokenizer::SCRIPT_ENDED, 22);
}
SECTION("close tag within single-line comment - mid")
{
NORMALIZE(unexpected_tag_buf17);
- VALIDATE_FAIL(unexpected_tag_buf17, unexpected_tag_expected17, JSTokenizer::CLOSING_TAG, 34);
+ VALIDATE_FAIL(unexpected_tag_buf17, unexpected_tag_expected17, JSTokenizer::SCRIPT_ENDED, 34);
}
SECTION("close tag within single-line comment - end")
{
NORMALIZE(unexpected_tag_buf18);
- VALIDATE_FAIL(unexpected_tag_buf18, unexpected_tag_expected18, JSTokenizer::CLOSING_TAG, 32);
+ VALIDATE_FAIL(unexpected_tag_buf18, unexpected_tag_expected18, JSTokenizer::SCRIPT_ENDED, 32);
}
SECTION("close tag within multi-line comment - start")
{
projects / thirdparty / snort3.git / commitdiff
