mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 03:34:29 +03:00
Fix rule-update-target exclusions for plain (non-regex) variables
This commit is contained in:
committed by
Felipe Zimmerle
parent
f7e4c1d9f5
commit
1b1fdc055b
@@ -697,7 +697,7 @@ bool Rule::evaluate(Transaction *trans,
|
||||
const std::string &value = v->getValue();
|
||||
const std::string &key = v->getKeyWithCollection();
|
||||
|
||||
if (exclusion.contains(v->getKey()) ||
|
||||
if (exclusion.contains(v) ||
|
||||
std::find_if(trans->m_ruleRemoveTargetById.begin(),
|
||||
trans->m_ruleRemoveTargetById.end(),
|
||||
[&, v, this](std::pair<int, std::string> &m) -> bool {
|
||||
@@ -708,7 +708,7 @@ bool Rule::evaluate(Transaction *trans,
|
||||
v = NULL;
|
||||
continue;
|
||||
}
|
||||
if (exclusion.contains(v->getKey()) ||
|
||||
if (exclusion.contains(v) ||
|
||||
std::find_if(trans->m_ruleRemoveTargetByTag.begin(),
|
||||
trans->m_ruleRemoveTargetByTag.end(),
|
||||
[&, v, trans, this](std::pair<std::string, std::string> &m) -> bool {
|
||||
|
@@ -610,14 +610,14 @@ class Variables : public std::vector<Variable *> {
|
||||
return std::find_if(begin(), end(),
|
||||
[v](Variable *m) -> bool { return *v == *m; }) != end();
|
||||
};
|
||||
bool contains(const std::string &v) {
|
||||
bool contains(const VariableValue *v) {
|
||||
return std::find_if(begin(), end(),
|
||||
[v](Variable *m) -> bool {
|
||||
VariableRegex *r = dynamic_cast<VariableRegex *>(m);
|
||||
if (r) {
|
||||
return r->m_r.searchAll(v).size() > 0;
|
||||
return r->m_r.searchAll(v->getKey()).size() > 0;
|
||||
}
|
||||
return v == *m->m_fullName.get();
|
||||
return v->getKeyWithCollection() == *m->m_fullName.get();
|
||||
}) != end();
|
||||
};
|
||||
};
|
||||
|
Reference in New Issue
Block a user