From de74a0b373e36da8dfc87f8ee5596ac26a5200c7 Mon Sep 17 00:00:00 2001
From: MDLeom <2809763-curben@users.noreply.gitlab.com>
Date: Sat, 22 Mar 2025 11:00:33 +0000
Subject: [PATCH] fix(ids): escape ; on query string

---
 src/ids.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ids.js b/src/ids.js
index 064103a2..d978f61a 100644
--- a/src/ids.js
+++ b/src/ids.js
@@ -42,7 +42,7 @@ for await (const line of urls.readLines()) {
 
   const url = new URL(`http://${line}`)
   const { hostname, pathname, search } = url
-  const pathEscape = pathname.replaceAll(';', '\\;') + search
+  const pathEscape = `${pathname}${search}`.replaceAll(';', '\\;')
   const path = pathname + search
 
   snort2.write(`alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"${pathEscape.substring(0, 2048)}"; http_uri; nocase; content:"${hostname}"; content:"Host"; http_header; classtype:attempted-recon; sid:${sid}; rev:1;)\n`)