Reverse logic of checking output in @inspectFile

This change makes @inspectFile in ModSecurity 3.x to operate in exact the same way as it operates in ModSecurity 2.x, so existing helper scripts like runav.pl [1] will work without any changes. [1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
2025-08-14 13:56:01 +03:00 · 2018-03-21 14:54:24 +03:00 · 2018-03-21 14:54:24 +03:00 · 138e301695
commit 138e301695
parent c61155424e
1 changed files with 3 additions and 2 deletions
--- a/src/operators/inspect_file.cc
+++ b/src/operators/inspect_file.cc
@ -73,10 +73,11 @@ bool InspectFile::evaluate(Transaction *transaction, const std::string &str) {
        pclose(in);

        res.append(s.str());
-        if (res.size() > 1 && res.at(0) == '1') {
-            return true;
+        if (res.size() > 1 && res.at(0) != '1') {
+            return true; /* match */
        }

+        /* no match */
        return false;
    }
 }