From: Mike Stepanek (mstepane) Date: Tue, 31 May 2022 14:52:35 +0000 (+0000) Subject: Pull request #3441: JSN: disabled 119:267 alert for single line comments X-Git-Tag: 3.1.31.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a16f20e47f86c768138484db680350c9df70ff07;p=thirdparty%2Fsnort3.git Pull request #3441: JSN: disabled 119:267 alert for single line comments Merge in SNORT/snort3 from ~ASERBENI/snort3:comment_end_tag to master Squashed commit of the following: commit 3b00f92820e2e658e1d1088aadf0a2155da86a14 Author: Andrii Serbeniuk Date: Wed May 25 14:24:06 2022 +0300 utils: allow script closing tag in single-line comments A closing tag placed in a single line comment will end the inline script --- diff --git a/src/service_inspectors/http_inspect/dev_notes.txt b/src/service_inspectors/http_inspect/dev_notes.txt index 1faa27414..be626dbb3 100755 --- a/src/service_inspectors/http_inspect/dev_notes.txt +++ b/src/service_inspectors/http_inspect/dev_notes.txt @@ -320,7 +320,7 @@ JS Normalizer's syntax parser follows ECMA-262 standard. For various features, tracking of variable scope and individual brackets is done in accordance to the standard. Additionally, Normalizer enforces standard limits on HTML content in JavaScript: * no nesting tags allowed, i.e. two opening tags in a row - * script closing tag is not allowed in string literal, comment, regular expression literal, etc. + * script closing tag is not allowed in string literals, block comments, regular expression literals, etc. If source JavaScript is syntactically incorrect (containing a bad token, brackets mismatch, HTML-tags, etc) Normalizer fires corresponding built-in rule and abandons the current script, diff --git a/src/utils/js_tokenizer.l b/src/utils/js_tokenizer.l index 4a1ab9228..ae3a832d0 100644 --- a/src/utils/js_tokenizer.l +++ b/src/utils/js_tokenizer.l @@ -1084,10 +1084,11 @@ ALL_UNICODE [\0-\x7F]|[\xC2-\xDF][\x80-\xBF]|(\xE0[\xA0-\xBF]|[\xE1-\xEF][\x8 {LINE_COMMENT_START} { BEGIN(char_code_lcomm); } {LINE_COMMENT_END1} { BEGIN(regst); newline_found = true; } {LINE_COMMENT_END2} { BEGIN(regst); newline_found = true; } +{LINE_COMMENT_END4} { if (!ext_script) { BEGIN(regst); EXEC(html_closing_script_tag()) } } {LINE_COMMENT_END1} { BEGIN(char_code); newline_found = true; } {LINE_COMMENT_END2} { BEGIN(char_code); newline_found = true; } +{LINE_COMMENT_END4} { if (!ext_script) { BEGIN(regst); RETURN(CLOSING_TAG) } } {LINE_COMMENT_END3} { if (!ext_script) { BEGIN(regst); RETURN(OPENING_TAG) } } -{LINE_COMMENT_END4} { if (!ext_script) { BEGIN(regst); RETURN(CLOSING_TAG) } } {LINE_COMMENT_SKIP} { /* skip */ } <> { RETURN(SCRIPT_CONTINUE) } diff --git a/src/utils/test/js_normalizer_test.cc b/src/utils/test/js_normalizer_test.cc index f0b6c4c01..c35144add 100644 --- a/src/utils/test/js_normalizer_test.cc +++ b/src/utils/test/js_normalizer_test.cc @@ -2015,17 +2015,17 @@ TEST_CASE("nested script tags", "[JSNormalizer]") SECTION("close tag within single-line comment - start") { NORMALIZE(unexpected_tag_buf16); - VALIDATE_FAIL(unexpected_tag_buf16, unexpected_tag_expected16, JSTokenizer::CLOSING_TAG, 22); + VALIDATE_FAIL(unexpected_tag_buf16, unexpected_tag_expected16, JSTokenizer::SCRIPT_ENDED, 22); } SECTION("close tag within single-line comment - mid") { NORMALIZE(unexpected_tag_buf17); - VALIDATE_FAIL(unexpected_tag_buf17, unexpected_tag_expected17, JSTokenizer::CLOSING_TAG, 34); + VALIDATE_FAIL(unexpected_tag_buf17, unexpected_tag_expected17, JSTokenizer::SCRIPT_ENDED, 34); } SECTION("close tag within single-line comment - end") { NORMALIZE(unexpected_tag_buf18); - VALIDATE_FAIL(unexpected_tag_buf18, unexpected_tag_expected18, JSTokenizer::CLOSING_TAG, 32); + VALIDATE_FAIL(unexpected_tag_buf18, unexpected_tag_expected18, JSTokenizer::SCRIPT_ENDED, 32); } SECTION("close tag within multi-line comment - start") {