github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

SecLang uses RESPONSE_STATUS as variable, not STATUS

Browse Source 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
This commit is contained in:
Abhi Joglekar
2016-10-18 21:49:26 +00:00
committed by Felipe Zimmerle
parent 678a97d0f7
commit 28a44b966a
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/transaction.cc
View File

@@ -876,7 +876,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
#endif
this->m_httpCodeReturned = code;
this->m_collections.store("STATUS", std::to_string(code));
this->m_collections.store("RESPONSE_STATUS", std::to_string(code));
m_collections.store("RESPONSE_PROTOCOL", proto);
if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {