From 0e5f72977ee1026ae41317881f34c8c290d97b16 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 29 Jul 2016 10:40:45 -0700 Subject: [PATCH] Changes MATCHED_VAR behaviour Only cleanup the variable if there wasn't a match within the rule --- src/rule.cc | 6 ++++-- .../regression/config-calling_phases_by_name.json | 4 ++-- test/test-cases/regression/variable-MATCHED_VAR.json | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/rule.cc b/src/rule.cc index 92774d01e..39f58366a 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -270,6 +270,7 @@ bool Rule::evaluateActions(Transaction *trasn) { bool Rule::evaluate(Transaction *trasn) { bool ret = false; + bool globalRet = false; std::vector *variables = this->variables; RuleMessage *ruleMessage = NULL; @@ -398,6 +399,7 @@ bool Rule::evaluate(Transaction *trasn) { bool containsDisruptive = false; bool chainResult = false; bool containsPassAction = false; + globalRet = true; ruleMessage->m_match = "Operator `" + this->op->op + "' with parameter `" + this->op->param + "' against" \ @@ -517,7 +519,7 @@ bool Rule::evaluate(Transaction *trasn) { } } } - } else { + } else if (globalRet != true) { #ifndef NO_LOGS trasn->debug(4, "Rule returned 0."); trasn->m_collections.storeOrUpdateFirst("MATCHED_VAR", ""); @@ -547,7 +549,7 @@ bool Rule::evaluate(Transaction *trasn) { delete ruleMessage; } - return ret; + return globalRet; } diff --git a/test/test-cases/regression/config-calling_phases_by_name.json b/test/test-cases/regression/config-calling_phases_by_name.json index 3e65179b1..2524369ad 100644 --- a/test/test-cases/regression/config-calling_phases_by_name.json +++ b/test/test-cases/regression/config-calling_phases_by_name.json @@ -38,7 +38,7 @@ "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", "SecRule ARGS:key \"@contains other_value\" \"id:1,phase:request,chain\"", - "SecRule MATCHED_VAR \"@eq asdf\" \"phase:request,pass\"" + "SecRule MATCHED_VAR \"@contains asdf\" \"phase:request,pass\"" ] }, { @@ -80,7 +80,7 @@ "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", "SecRule ARGS:key \"@contains other_value\" \"chain,phase:response,id:28\"", - "SecRule MATCHED_VAR \"@eq Aasdf\" \"pass\"", + "SecRule MATCHED_VAR \"@contains Aasdf\" \"pass\"", "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,phase:response,pass\"", "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,phase:response,pass\"" ] diff --git a/test/test-cases/regression/variable-MATCHED_VAR.json b/test/test-cases/regression/variable-MATCHED_VAR.json index e9e7126ea..6ed67401b 100644 --- a/test/test-cases/regression/variable-MATCHED_VAR.json +++ b/test/test-cases/regression/variable-MATCHED_VAR.json @@ -38,7 +38,7 @@ "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", "SecRule ARGS:key \"@contains other_value\" \"chain,id:28\"", - "SecRule MATCHED_VAR \"@eq asdf\" \"pass\"" + "SecRule MATCHED_VAR \"@contains asdf\" \"pass\"" ] }, { @@ -80,7 +80,7 @@ "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", "SecRule ARGS:key \"@contains other_value\" \"chain,id:28\"", - "SecRule MATCHED_VAR \"@eq Aasdf\" \"pass\"", + "SecRule MATCHED_VAR \"@contains Aasdf\" \"pass\"", "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,pass\"", "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,pass\"" ]