fix invalid hash with malformated accept-language header

blotus · blotus · commit 35eacaa37c46 · 2025-02-24T11:43:45.000+01:00
diff --git a/pkg/appsec/ja4h/ja4h.go b/pkg/appsec/ja4h/ja4h.go
@@ -80,7 +80,8 @@ func primaryLanguage(headers http.Header) string {
 	lang = strings.ReplaceAll(lang, ";", ",")
 	lang = lang[:min(len(lang), 4)]
 
-	return strings.Split(lang, ",")[0] + strings.Repeat("0", 4-len(lang))
+	value := strings.Split(lang, ",")[0]
+	return value + strings.Repeat("0", 4-len(value))
 }
 
 // jA4H_a generates a summary fingerprint for the HTTP request.
diff --git a/pkg/appsec/ja4h/ja4h_test.go b/pkg/appsec/ja4h/ja4h_test.go
@@ -49,6 +49,15 @@ func TestJA4H_A(t *testing.T) {
 			},
 			expectedResult: "ge11nn01aksj",
 		},
+		{
+			name: "bad accept-language header 2",
+			request: func() *http.Request {
+				req, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+				req.Header.Set("Accept-Language", ",")
+				return req
+			},
+			expectedResult: "ge11nn010000",
+		},
 	}
 
 	for _, tt := range tests {

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,8 @@ func primaryLanguage(headers http.Header) string {`
`80`	`80`	`lang = strings.ReplaceAll(lang, ";", ",")`
`81`	`81`	`lang = lang[:min(len(lang), 4)]`
`82`	`82`
`83`		`- return strings.Split(lang, ",")[0] + strings.Repeat("0", 4-len(lang))`
	`83`	`+ value := strings.Split(lang, ",")[0]`
	`84`	`+ return value + strings.Repeat("0", 4-len(value))`
`84`	`85`	`}`
`85`	`86`
`86`	`87`	`// jA4H_a generates a summary fingerprint for the HTTP request.`