Adds support to capture this fingerprint of the detectSQLi operator

src/actions/capture.cc

@@ -26,6 +26,7 @@
 #include "operators/pm.h"
 #include "operators/rx.h"
 #include "operators/contains.h"
+#include "operators/detect_sqli.h"
 
 namespace ModSecurity {
 namespace actions {
@@ -49,6 +50,11 @@ bool Capture::evaluate(Rule *rule, Assay *assay) {
         match = &contains->matched;
     }
 
+    operators::DetectSQLi *dsqli = dynamic_cast<operators::DetectSQLi *>(op);
+    if (dsqli != NULL) {
+        match = &dsqli->matched;
+    }
+
     if (match->empty()) {
         return false;
     }

src/operators/detect_sqli.cc

@@ -27,13 +27,11 @@ namespace operators {
 bool DetectSQLi::evaluate(Assay *assay, const std::string &input) {
     char fingerprint[8];
     int issqli;
-    // int capture;
 
     issqli = libinjection_sqli(input.c_str(), input.length(), fingerprint);
-    // capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
 
     if (issqli) {
-        // set_match_to_tx(msr, capture, fingerprint, 0);
+        matched.push_back(fingerprint);
         if (assay) {
 #ifndef NO_LOGS
             assay->debug(4, "detected SQLi using libinjection with " \

src/operators/detect_sqli.h

@@ -30,6 +30,8 @@ class DetectSQLi : public Operator {
         : Operator(op, param, negation) { }
 
     bool evaluate(Assay *assay, const std::string &input);
+
+    std::list<std::string> matched;
 };
 
 }  // namespace operators