corazawaf · tty2 · Dec 23, 2024 · Dec 23, 2024 · Jan 6, 2025 · Jan 6, 2025
@@ -11,7 +11,7 @@ require (
 	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
-	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
 	rsc.io/binaryregexp v0.2.0 // indirect

@@ -19,12 +19,12 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
 golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=

@@ -53,8 +53,6 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -75,8 +73,6 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=

@@ -0,0 +1,16 @@
+package transformations
+
+import (
+	"encoding/hex"
+
+	"github.com/corazawaf/coraza/v3/internal/strings"
+)
+
+func hexDecode(data string) (string, bool, error) {
+	dst, err := hex.DecodeString(data)
+	if err != nil {
+		return "", false, err
+	}
+
+	return strings.WrapUnsafe(dst), true, nil
+}
@@ -0,0 +1,98 @@
+package transformations
+
+import (
+	"testing"
+)
+
+func TestHexDecode(t *testing.T) {
+	tests := []struct {
+		name           string
+		input          string
+		expectedOutput string
+		expectedValid  bool
+		expectError    bool
+	}{
+		{
+			name:           "valid hexadecimal string",
+			input:          "48656c6c6f",
+			expectedOutput: "Hello",
+			expectedValid:  true,
+			expectError:    false,
+		},
+		{
+			name:           "odd length",
+			input:          "48656c6c6f7",
+			expectedOutput: "",
+			expectedValid:  false,
+			expectError:    true,
+		},
+		{
+			name:           "invalid with non hex characters",
+			input:          "YyYy",
+			expectedOutput: "",
+			expectedValid:  false,
+			expectError:    true,
+		},
+		{
+			name:           "invalid with extra characters",
+			input:          "123G",
+			expectedOutput: "",
+			expectedValid:  false,
+			expectError:    true,
+		},
+		{
+			name:           "empty input",
+			input:          "",
+			expectedOutput: "",
+			expectedValid:  true,
+			expectError:    false,
+		},
+		{
+			name:           "uppercase hex string",
+			input:          "48454C4C4F",
+			expectedOutput: "HELLO",
+			expectedValid:  true,
+			expectError:    false,
+		},
+		{
+			name:           "mixed case",
+			input:          "48454c4C4f",
+			expectedOutput: "HELLO",
+			expectedValid:  true,
+			expectError:    false,
+		},
+		{
+			name:           "special characters",
+			input:          "21402324255E262A28",
+			expectedOutput: "!@#$%^&*(",
+			expectedValid:  true,
+			expectError:    false,
+		},
+		{
+			name:           "odd length with invalid character",
+			input:          "48656c6c6fZ",
+			expectedOutput: "",
+			expectedValid:  false,
+			expectError:    true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			output, valid, err := hexDecode(tt.input)
+
+			if (err != nil) != tt.expectError {
+				t.Errorf("hexDecode(%q): expected error=%v, got error=%v", tt.input, tt.expectError, err)
+			}
+
+			if output != tt.expectedOutput {
+				t.Errorf("hexDecode(%q): expected output=%q, got output=%q", tt.input, tt.expectedOutput, output)
+			}
+
+			if valid != tt.expectedValid {
+				t.Errorf("hexDecode(%q): expected valid=%v, got valid=%v", tt.input, tt.expectedValid, valid)
+			}
+		})
+	}
+}
@@ -1,44 +1,37 @@
 [
-   {
-      "ret" : 1,
-      "input" : "",
-      "type" : "tfn",
-      "name" : "hexDecode",
-      "output" : ""
-   },
-   {
-      "output" : "TestCase",
-      "ret" : 1,
-      "name" : "hexDecode",
-      "input" : "5465737443617365",
-      "type" : "tfn"
-   },
-   {
-      "type" : "tfn",
-      "input" : "546573740043617365",
-      "name" : "hexDecode",
-      "ret" : 1,
-      "output" : "Test\\u0000Case"
-   },
-   {
-      "output" : "\\x01#Eg\\x89\\x0a#\\x01#Eg\\x89\\x0a",
-      "type" : "tfn",
-      "input" : "01234567890a0z01234567890a",
-      "name" : "hexDecode",
-      "ret" : 1
-   },
-   {
-       "type" : "tfn",
-       "name" : "hexDecode",
-       "input" : "01234567890az",
-       "output" : "\\x01#Eg\\x89\\x0a",
-       "ret" : 1
-   },
-   {
-       "type" : "tfn",
-       "name" : "hexDecode",
-       "input" : "01234567890a0",
-       "output" : "\\x01#Eg\\x89\\x0a",
-       "ret" : 1
-   }
+  {
+    "ret": 1,
+    "input": "",
+    "type": "tfn",
+    "name": "hexDecode",
+    "output": ""
+  },
+  {
+    "output": "TestCase",
+    "ret": 1,
+    "name": "hexDecode",
+    "input": "5465737443617365",
+    "type": "tfn"
+  },
+  {
+    "type": "tfn",
+    "input": "546573740043617365",
+    "name": "hexDecode",
+    "ret": 1,
+    "output": "Test\\u0000Case"
+  },
+  {
+    "type": "tfn",
+    "name": "invalidCharacter",
+    "input": "01234567890z",
+    "output": "",
+    "ret": 0
+  },
+  {
+    "type": "tfn",
+    "name": "invalidLen",
+    "input": "54657374004",
+    "output": "",
+    "ret": 0
+  }
 ]
@@ -35,6 +35,7 @@ func init() {
 	Register("compressWhitespace", compressWhitespace)
 	Register("cssDecode", cssDecode)
 	Register("escapeSeqDecode", escapeSeqDecode)
+	Register("hexDecode", hexDecode)
 	Register("hexEncode", hexEncode)
 	Register("htmlEntityDecode", htmlEntityDecode)
 	Register("jsDecode", jsDecode)