github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix rules chain and action execution

Browse Source 
- Rules chains are respecting the phase of the first rule in chain.
- The actions are only executed if all chain match.
This commit is contained in:
Felipe Zimmerle 2015-08-25 13:44:20 -03:00
parent f2da6bb81d
commit 004ef066ed
2 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/parser/driver.cc
View File

@ -42,21 +42,13 @@ int Driver::addSecRule(Rule *rule) {
return -1; return -1;
} }
int size = this->rules[rule->phase].size(); if (lastRule && lastRule->chained && lastRule->chainedRule == NULL) {
if (size == 0) {
this->rules[rule->phase].push_back(rule);
lastRule = rule;
return true;
}
if (lastRule->chained && lastRule->chainedRule == NULL) {
rule->phase = lastRule->phase; rule->phase = lastRule->phase;
lastRule->chainedRule = rule; lastRule->chainedRule = rule;
return true; return true;
} }
if (lastRule->chained && lastRule->chainedRule != NULL) {
if (lastRule && lastRule->chained && lastRule->chainedRule != NULL) {
Rule *a = lastRule->chainedRule; Rule *a = lastRule->chainedRule;
while (a->chained && a->chainedRule != NULL) { while (a->chained && a->chainedRule != NULL) {
a = a->chainedRule; a = a->chainedRule;
@ -66,6 +58,7 @@ int Driver::addSecRule(Rule *rule) {
return true; return true;
} }
} }
lastRule = rule; lastRule = rule;
rules[rule->phase].push_back(rule); rules[rule->phase].push_back(rule);
return true; return true;

16
src/rule.cc
View File

@ -179,13 +179,9 @@ bool Rule::evaluate(Assay *assay) {
std::to_string(elapsed_secs) + " seconds"); std::to_string(elapsed_secs) + " seconds");
if (ret) { if (ret) {
bool chainResult = false;
assay->debug(4, "Rule returned 1."); assay->debug(4, "Rule returned 1.");
for (Action *a :
this->actions_runtime_pos) {
assay->debug(4, "Running action: " + a->action);
a->evaluate(this, assay);
}
if (this->chained && this->chainedRule == NULL) { if (this->chained && this->chainedRule == NULL) {
assay->debug(4, "Rule is marked as chained but there " \ assay->debug(4, "Rule is marked as chained but there " \
"isn't a subsequent rule."); "isn't a subsequent rule.");
@ -203,12 +199,20 @@ bool Rule::evaluate(Assay *assay) {
assay->store_variable("MATCHED_VARS:" + v.first, value); assay->store_variable("MATCHED_VARS:" + v.first, value);
assay->store_variable("MATCHED_VARS_NAMES:" + v.first, assay->store_variable("MATCHED_VARS_NAMES:" + v.first,
v.first); v.first);
this->chainedRule->evaluate(assay); chainResult = this->chainedRule->evaluate(assay);
assay->update_variable_first("MATCHED_VAR", ""); assay->update_variable_first("MATCHED_VAR", "");
assay->delete_variable("MATCHED_VARS:" + v.first); assay->delete_variable("MATCHED_VARS:" + v.first);
assay->delete_variable("MATCHED_VARS_NAMES:" + v.first); assay->delete_variable("MATCHED_VARS_NAMES:" + v.first);
assay->delete_variable("MATCHED_VARS_NAMES:" + v.first); assay->delete_variable("MATCHED_VARS_NAMES:" + v.first);
} }
if (this->chained && chainResult == true || !this->chained) {
for (Action *a :
this->actions_runtime_pos) {
assay->debug(4, "Running action: " + a->action);
a->evaluate(this, assay);
}
}
} else { } else {
assay->debug(4, "Rule returned 0."); assay->debug(4, "Rule returned 0.");
} }