-
-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[owasp-modsecurity compatibility] hexDecode method #1253
Comments
Thanks for reporting! Are you up for a PR? |
Hi |
Could you help me to understand the approach used in the tests for @jcchavezs I see you are an author of these tests, you are probably more in the context. And thanks you've done it in advance! My current assumption that coraza tends to "best-effort" approach (opposite to "fail fast" approach). In that case it explains everything.
From RFC 4648: The other case is more tricky:
We have even number of characters at the begging but with the invalid symbol inside ("z" in this case). With removing invalid symbol only we'll get to the situation from the previous case (odd number of symbols). Which logic we should follow here? Thanks in advance |
Summary
coraza doesn't implement method hexDecode
owasp-modsecurity has this method
Basic example
https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#hexdecode
Motivation
OWASP modsecurity compatibility
The text was updated successfully, but these errors were encountered: