From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) Date: Mon, 19 Sep 2022 08:23:19 +0000 (+0000) Subject: Pull request #3589: JavaScript Normalizer: remove open tag alert in literals X-Git-Tag: 3.1.42.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b1319e11b5bdf296a439039628f77d6d314882a;p=thirdparty%2Fsnort3.git Pull request #3589: JavaScript Normalizer: remove open tag alert in literals Merge in SNORT/snort3 from ~ANOROKH/snort3:js_fix_otag_alert to master Squashed commit of the following: commit 1644b13faeabf1f758dd71cc80a9edf24ab84275 Author: AnnaNorokh Date: Wed Sep 14 11:01:32 2022 +0300 utils: remove alert for an opening tag in string literals --- diff --git a/src/utils/js_tokenizer.l b/src/utils/js_tokenizer.l index a1b7dcb25..d35e4ca92 100644 --- a/src/utils/js_tokenizer.l +++ b/src/utils/js_tokenizer.l @@ -1105,7 +1105,7 @@ ALL_UNICODE [\0-\x7F]|[\xC2-\xDF][\x80-\xBF]|(\xE0[\xA0-\xBF]|[\xE1-\xEF][\x8 {LITERAL_DQ_STRING_START} { EXEC(literal_dq_string_start()) } {LITERAL_DQ_STRING_END} { dealias_append(); ECHO; BEGIN(divop); } -{HTML_TAG_SCRIPT_OPEN} { if (!ext_script) { opening_tag_seen = true; } ECHO; } +{HTML_TAG_SCRIPT_OPEN} { ECHO; } {HTML_TAG_SCRIPT_CLOSE} { if (!ext_script) { BEGIN(regst); RETURN(CLOSING_TAG) } else { ECHO; } } \\{CR}{LF} { /* skip */ } \\{LF} { /* skip */ } @@ -1127,7 +1127,7 @@ ALL_UNICODE [\0-\x7F]|[\xC2-\xDF][\x80-\xBF]|(\xE0[\xA0-\xBF]|[\xE1-\xEF][\x8 {LITERAL_SQ_STRING_START} { EXEC(literal_sq_string_start()) } {LITERAL_SQ_STRING_END} { dealias_append(); ECHO; BEGIN(divop); } -{HTML_TAG_SCRIPT_OPEN} { if (!ext_script) { opening_tag_seen = true; } ECHO; } +{HTML_TAG_SCRIPT_OPEN} { ECHO; } {HTML_TAG_SCRIPT_CLOSE} { if (!ext_script) { BEGIN(regst); RETURN(CLOSING_TAG) } else { ECHO; } } \\{CR}{LF} { /* skip */ } \\{LF} { /* skip */ } diff --git a/src/utils/test/js_normalizer_test.cc b/src/utils/test/js_normalizer_test.cc index 5b947c56c..fb2345978 100644 --- a/src/utils/test/js_normalizer_test.cc +++ b/src/utils/test/js_normalizer_test.cc @@ -1634,19 +1634,19 @@ TEST_CASE("nested script tags", "[JSNormalizer]") { test_normalization_noident( unexpected_tag_buf2, unexpected_tag_expected2, - {check_open_tag(true)}); + {check_open_tag(false)}); } SECTION("open tag within literal - mid") { test_normalization_noident( unexpected_tag_buf3, unexpected_tag_expected3, - {check_open_tag(true)}); + {check_open_tag(false)}); } SECTION("open tag within literal - end") { test_normalization_noident( unexpected_tag_buf4, unexpected_tag_expected4, - {check_open_tag(true)}); + {check_open_tag(false)}); } SECTION("close tag within literal - start") test_normalization_noident( @@ -1677,7 +1677,7 @@ TEST_CASE("nested script tags", "[JSNormalizer]") { test_normalization_noident( unexpected_tag_buf8, unexpected_tag_expected8, - {check_open_tag(true)}); + {check_open_tag(false)}); } SECTION("close tag within literal - escaped") { @@ -1781,13 +1781,13 @@ TEST_CASE("nested script tags", "[JSNormalizer]") { test_normalization_noident( unexpected_tag_buf23, unexpected_tag_expected23, - {check_open_tag(true)}); + {check_open_tag(false)}); } SECTION("mixed lower and upper case") { test_normalization_noident( unexpected_tag_buf24, unexpected_tag_expected24, - {check_open_tag(true)}); + {check_open_tag(false)}); } SECTION("opening tag within template literal") {