Changes MATCHED_VAR behaviour

Only cleanup the variable if there wasn't a match within the rule
2025-08-13 21:36:00 +03:00 · 2016-07-29 10:40:45 -07:00 · 2016-07-29 10:40:45 -07:00 · 0e5f72977e
commit 0e5f72977e
parent 665df04516
3 changed files with 8 additions and 6 deletions
--- a/src/rule.cc
+++ b/src/rule.cc
@ -270,6 +270,7 @@ bool Rule::evaluateActions(Transaction *trasn) {

 bool Rule::evaluate(Transaction *trasn) {
    bool ret = false;
+    bool globalRet = false;
    std::vector<Variable *> *variables = this->variables;
    RuleMessage *ruleMessage = NULL;

@ -398,6 +399,7 @@ bool Rule::evaluate(Transaction *trasn) {
                bool containsDisruptive = false;
                bool chainResult = false;
                bool containsPassAction = false;
+		globalRet = true;

                ruleMessage->m_match = "Operator `" + this->op->op +
                    "' with parameter `" + this->op->param + "' against" \
@ -517,7 +519,7 @@ bool Rule::evaluate(Transaction *trasn) {
                        }
                    }
                }
-            } else {
+            } else if (globalRet != true) {
 #ifndef NO_LOGS
                trasn->debug(4, "Rule returned 0.");
                trasn->m_collections.storeOrUpdateFirst("MATCHED_VAR", "");
@ -547,7 +549,7 @@ bool Rule::evaluate(Transaction *trasn) {
        delete ruleMessage;
    }

-    return ret;
+    return globalRet;
 }


--- a/test/test-cases/regression/config-calling_phases_by_name.json
+++ b/test/test-cases/regression/config-calling_phases_by_name.json
@ -38,7 +38,7 @@
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecDebugLogLevel 9",
      "SecRule ARGS:key \"@contains other_value\" \"id:1,phase:request,chain\"",
-      "SecRule MATCHED_VAR \"@eq asdf\" \"phase:request,pass\""
+      "SecRule MATCHED_VAR \"@contains asdf\" \"phase:request,pass\""
    ]
  },
  {
@ -80,7 +80,7 @@
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecDebugLogLevel 9",
      "SecRule ARGS:key \"@contains other_value\" \"chain,phase:response,id:28\"",
-      "SecRule MATCHED_VAR \"@eq Aasdf\" \"pass\"",
+      "SecRule MATCHED_VAR \"@contains Aasdf\" \"pass\"",
      "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,phase:response,pass\"",
      "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,phase:response,pass\""
    ]
--- a/test/test-cases/regression/variable-MATCHED_VAR.json
+++ b/test/test-cases/regression/variable-MATCHED_VAR.json
@ -38,7 +38,7 @@
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecDebugLogLevel 9",
      "SecRule ARGS:key \"@contains other_value\" \"chain,id:28\"",
-      "SecRule MATCHED_VAR \"@eq asdf\" \"pass\""
+      "SecRule MATCHED_VAR \"@contains asdf\" \"pass\""
    ]
  },
  {
@ -80,7 +80,7 @@
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecDebugLogLevel 9",
      "SecRule ARGS:key \"@contains other_value\" \"chain,id:28\"",
-      "SecRule MATCHED_VAR \"@eq Aasdf\" \"pass\"",
+      "SecRule MATCHED_VAR \"@contains Aasdf\" \"pass\"",
      "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,pass\"",
      "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,pass\""
    ]