Commit 08b70e0

authored

Merge pull request #3422 from airween/v3/matchedvarsfix2

Refactoring the cleaning of MATCHED_VAR* variables

2 parents cf24aea + 79d5503 commit 08b70e0Copy full SHA for 08b70e0

File tree

8 files changed

+594

-26

lines changed

headers/modsecurity
- rule_with_operator.h
- rules_set.h
src
- rule_with_operator.cc
- rules_set.cc
test/test-cases/regression

8 files changed

+594

-26

lines changed

`‎headers/modsecurity/rule_with_operator.h‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,6 @@ class RuleWithOperator : public RuleWithActions {`
`59`	`59`
`60`	`60`	`static void updateMatchedVars(Transaction *trasn, const std::string &key,`
`61`	`61`	`const std::string &value);`
`62`		`- static void cleanMatchedVars(Transaction *trasn);`
`63`	`62`
`64`	`63`
`65`	`64`	`const std::string& getOperatorName() const;`

`‎headers/modsecurity/rules_set.h‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,8 @@ class RulesSet : public RulesSetProperties {`
`80`	`80`	`void debug(int level, const std::string &id, const std::string &uri,`
`81`	`81`	`const std::string &msg);`
`82`	`82`
	`83`	`+ static void cleanMatchedVars(Transaction *trans);`
	`84`	`+`
`83`	`85`	`RulesSetPhases m_rulesSetPhases;`
`84`	`86`	`private:`
`85`	`87`	`#ifndef NO_LOGS`

`‎src/rule_with_operator.cc‎`

Lines changed: 0 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -90,17 +90,6 @@ void RuleWithOperator::updateMatchedVars(Transaction *trans, const std::string &`
`90`	`90`	`}`
`91`	`91`
`92`	`92`
`93`		`-void RuleWithOperator::cleanMatchedVars(Transaction *trans) {`
`94`		`- ms_dbg_a(trans, 9, "Matched vars cleaned.");`
`95`		`- // cppcheck-suppress ctunullpointer`
`96`		`- trans->m_variableMatchedVar.unset();`
`97`		`- trans->m_variableMatchedVars.unset();`
`98`		`- trans->m_variableMatchedVarName.unset();`
`99`		`- trans->m_variableMatchedVarsNames.unset();`
`100`		`-}`
`101`		`-`
`102`		`-`
`103`		`-`
`104`	`93`	`bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &key,`
`105`	`94`	`const std::string &value, RuleMessage &ruleMessage) {`
`106`	`95`	`#if MSC_EXEC_CLOCK_ENABLED`
`@@ -324,7 +313,6 @@ bool RuleWithOperator::evaluate(Transaction *trans,`
`324`	`313`
`325`	`314`	`if (globalRet == false) {`
`326`	`315`	`ms_dbg_a(trans, 4, "Rule returned 0.");`
`327`		`- cleanMatchedVars(trans);`
`328`	`316`	`goto end_clean;`
`329`	`317`	`}`
`330`	`318`	`ms_dbg_a(trans, 4, "Rule returned 1.");`

`‎src/rules_set.cc‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,14 @@ std::string RulesSet::getParserError() {`
`105`	`105`	`return this->m_parserError.str();`
`106`	`106`	`}`
`107`	`107`
	`108`	`+void RulesSet::cleanMatchedVars(Transaction *trans) {`
	`109`	`+ ms_dbg_a(trans, 9, "Matched vars cleaned.");`
	`110`	`+ // cppcheck-suppress ctunullpointer`
	`111`	`+ trans->m_variableMatchedVar.unset();`
	`112`	`+ trans->m_variableMatchedVars.unset();`
	`113`	`+ trans->m_variableMatchedVarName.unset();`
	`114`	`+ trans->m_variableMatchedVarsNames.unset();`
	`115`	`+}`
`108`	`116`
`109`	`117`	`int RulesSet::evaluate(int phase, Transaction *t) {`
`110`	`118`	`if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {`
`@@ -208,6 +216,7 @@ int RulesSet::evaluate(int phase, Transaction *t) {`
`208`	`216`	`}`
`209`	`217`
`210`	`218`	`rule->evaluate(t);`
	`219`	`+ cleanMatchedVars(t);`
`211`	`220`	`if (t->m_it.disruptive > 0) {`
`212`	`221`
`213`	`222`	`ms_dbg_a(t, 8, "Skipping this phase as this " \`

`‎test/test-cases/regression/variable-MATCHED_VAR.json‎`

Lines changed: 125 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`{`
`3`	`3`	`"enabled":1,`
`4`	`4`	`"version_min":300000,`
`5`		`- "title":"Testing Variables :: MATCHED_VAR (1/2)",`
	`5`	`+ "title":"Testing Variables :: MATCHED_VAR (1/5)",`
`6`	`6`	`"client":{`
`7`	`7`	`"ip":"200.249.12.31",`
`8`	`8`	`"port":123`
`@@ -42,7 +42,7 @@`
`42`	`42`	`{`
`43`	`43`	`"enabled":1,`
`44`	`44`	`"version_min":300000,`
`45`		`- "title":"Testing Variables :: MATCHED_VAR (2/2)",`
	`45`	`+ "title":"Testing Variables :: MATCHED_VAR (2/5)",`
`46`	`46`	`"client":{`
`47`	`47`	`"ip":"200.249.12.31",`
`48`	`48`	`"port":123`
`@@ -81,6 +81,128 @@`
`81`	`81`	`"SecRule MATCHED_VAR \"@contains other_value\" \"id:29,pass\"",`
`82`	`82`	`"SecRule MATCHED_VAR \"@contains other_value\" \"id:30,pass\""`
`83`	`83`	`]`
	`84`	`+ },`
	`85`	`+ {`
	`86`	`+ "enabled":1,`
	`87`	`+ "version_min":300000,`
	`88`	`+ "title":"Testing Variables :: MATCHED_VAR (3/5)",`
	`89`	`+ "client":{`
	`90`	`+ "ip":"200.249.12.31",`
	`91`	`+ "port":123`
	`92`	`+ },`
	`93`	`+ "server":{`
	`94`	`+ "ip":"200.249.12.31",`
	`95`	`+ "port":80`
	`96`	`+ },`
	`97`	`+ "request":{`
	`98`	`+ "headers":{`
	`99`	`+ "Host":"localhost",`
	`100`	`+ "User-Agent":"curl/7.38.0",`
	`101`	`+ "Accept":"/"`
	`102`	`+ },`
	`103`	`+ "uri":"/?foo=1&bar=2&baz=2",`
	`104`	`+ "method":"GET"`
	`105`	`+ },`
	`106`	`+ "response":{`
	`107`	`+ "headers":{`
	`108`	`+ "Date":"2015年7月13日 20:02:41 GMT",`
	`109`	`+ "Last-Modified":"2014年10月26日 22:33:37 GMT",`
	`110`	`+ "Content-Type":"text/html"`
	`111`	`+ },`
	`112`	`+ "body":[`
	`113`	`+ "no need."`
	`114`	`+ ]`
	`115`	`+ },`
	`116`	`+ "expected":{`
	`117`	`+ "http_code": 200`
	`118`	`+ },`
	`119`	`+ "rules":[`
	`120`	`+ "SecRuleEngine On",`
	`121`	`+ "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"",`
	`122`	`+ "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"",`
	`123`	`+ "SecRule MATCHED_VAR \"@eq 1\" \"id:3,phase:1,deny,status:403\""`
	`124`	`+ ]`
	`125`	`+ },`
	`126`	`+ {`
	`127`	`+ "enabled":1,`
	`128`	`+ "version_min":300000,`
	`129`	`+ "title":"Testing Variables :: MATCHED_VAR (4/5)",`
	`130`	`+ "client":{`
	`131`	`+ "ip":"200.249.12.31",`
	`132`	`+ "port":123`
	`133`	`+ },`
	`134`	`+ "server":{`
	`135`	`+ "ip":"200.249.12.31",`
	`136`	`+ "port":80`
	`137`	`+ },`
	`138`	`+ "request":{`
	`139`	`+ "headers":{`
	`140`	`+ "Host":"localhost",`
	`141`	`+ "User-Agent":"curl/7.38.0",`
	`142`	`+ "Accept":"/"`
	`143`	`+ },`
	`144`	`+ "uri":"/?foo=1&bar=2&baz=2",`
	`145`	`+ "method":"GET"`
	`146`	`+ },`
	`147`	`+ "response":{`
	`148`	`+ "headers":{`
	`149`	`+ "Date":"2015年7月13日 20:02:41 GMT",`
	`150`	`+ "Last-Modified":"2014年10月26日 22:33:37 GMT",`
	`151`	`+ "Content-Type":"text/html"`
	`152`	`+ },`
	`153`	`+ "body":[`
	`154`	`+ "no need."`
	`155`	`+ ]`
	`156`	`+ },`
	`157`	`+ "expected":{`
	`158`	`+ "http_code": 200`
	`159`	`+ },`
	`160`	`+ "rules":[`
	`161`	`+ "SecRuleEngine On",`
	`162`	`+ "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"",`
	`163`	`+ "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"",`
	`164`	`+ "SecRule MATCHED_VAR \"@eq 2\" \"id:3,phase:1,deny,status:403\""`
	`165`	`+ ]`
	`166`	`+ },`
	`167`	`+ {`
	`168`	`+ "enabled":1,`
	`169`	`+ "version_min":300000,`
	`170`	`+ "title":"Testing Variables :: MATCHED_VAR (5/5)",`
	`171`	`+ "client":{`
	`172`	`+ "ip":"200.249.12.31",`
	`173`	`+ "port":123`
	`174`	`+ },`
	`175`	`+ "server":{`
	`176`	`+ "ip":"200.249.12.31",`
	`177`	`+ "port":80`
	`178`	`+ },`
	`179`	`+ "request":{`
	`180`	`+ "headers":{`
	`181`	`+ "Host":"localhost",`
	`182`	`+ "User-Agent":"curl/7.38.0",`
	`183`	`+ "Accept":"/"`
	`184`	`+ },`
	`185`	`+ "uri":"/?foo=1&bar=2&baz=2",`
	`186`	`+ "method":"GET"`
	`187`	`+ },`
	`188`	`+ "response":{`
	`189`	`+ "headers":{`
	`190`	`+ "Date":"2015年7月13日 20:02:41 GMT",`
	`191`	`+ "Last-Modified":"2014年10月26日 22:33:37 GMT",`
	`192`	`+ "Content-Type":"text/html"`
	`193`	`+ },`
	`194`	`+ "body":[`
	`195`	`+ "no need."`
	`196`	`+ ]`
	`197`	`+ },`
	`198`	`+ "expected":{`
	`199`	`+ "http_code": 403`
	`200`	`+ },`
	`201`	`+ "rules":[`
	`202`	`+ "SecRuleEngine On",`
	`203`	`+ "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"",`
	`204`	`+ "SecRule ARGS \"@rx 2\" \"id:2,phase:1,deny,status:403,chain\"",`
	`205`	`+ "SecRule MATCHED_VAR \"@eq 2\""`
	`206`	`+ ]`
`84`	`207`	`}`
`85`	`208`	`]`
`86`		`-`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 08b70e0

File tree

8 files changed

8 files changed

`‎headers/modsecurity/rule_with_operator.h‎`

`‎headers/modsecurity/rules_set.h‎`

`‎src/rule_with_operator.cc‎`

`‎src/rules_set.cc‎`

`‎test/test-cases/regression/variable-MATCHED_VAR.json‎`

0 commit comments