Adds support for multipart vars on the parser

headers/modsecurity/transaction.h

@@ -108,15 +108,22 @@ class TransactionAnchoredVariables {
         m_variableInboundDataError(t, "INBOUND_DATA_ERROR"),
         m_variableMatchedVar(t, "MATCHED_VAR"),
         m_variableMatchedVarName(t, "MATCHED_VAR_NAME"),
+        m_variableMultipartBoundaryQuoted(t, "MULTIPART_BOUNDARY_QUOTED"),
+        m_variableMultipartBoundaryWhiteSpace(t,
+            "MULTIPART_BOUNDARY_WHITESPACE"),
         m_variableMultipartCrlfLFLines(t, "MULTIPART_CRLF_LF_LINES"),
         m_variableMultipartDataAfter(t, "MULTIPART_DATA_AFTER"),
+        m_variableMultipartDataBefore(t, "MULTIPART_DATA_BEFORE"),
         m_variableMultipartFileLimitExceeded(t,
             "MULTIPART_FILE_LIMIT_EXCEEDED"),
-        m_variableMultipartStrictError(t, "MULTIPART_STRICT_ERROR"),
         m_variableMultipartHeaderFolding(t, "MULTIPART_HEADER_FOLDING"),
-        m_variableMultipartInvalidQuoting(t, "MULTIPART_INVALID_QUOTING"),
         m_variableMultipartInvalidHeaderFolding(t,
             "MULTIPART_INVALID_HEADER_FOLDING"),
+        m_variableMultipartInvalidPart(t, "MULTIPART_INVALID_PART"),
+        m_variableMultipartInvalidQuoting(t, "MULTIPART_INVALID_QUOTING"),
+        m_variableMultipartLFLine(t, "MULTIPART_LF_LINE"),
+        m_variableMultipartMissingSemicolon(t, "MULTIPART_MISSING_SEMICOLON"),
+        m_variableMultipartStrictError(t, "MULTIPART_STRICT_ERROR"),
         m_variableMultipartUnmatchedBoundary(t,
             "MULTIPART_UNMATCHED_BOUNDARY"),
         m_variableOutboundDataError(t, "OUTBOUND_DATA_ERROR"),
@@ -157,8 +164,8 @@ class TransactionAnchoredVariables {
         m_variableFilesSizes(t, "FILES_SIZES"),
         m_variableFilesNames(t, "FILES_NAMES"),
         m_variableFilesTmpContent(t, "FILES_TMP_CONTENT"),
-        m_variableMultiPartFileName(t, "MULTIPART_FILENAME"),
-        m_variableMultiPartName(t, "MULTIPART_NAME"),
+        m_variableMultipartFileName(t, "MULTIPART_FILENAME"),
+        m_variableMultipartName(t, "MULTIPART_NAME"),
         m_variableMatchedVarsNames(t, "MATCHED_VARS_NAMES"),
         m_variableMatchedVars(t, "MATCHED_VARS"),
         m_variableFiles(t, "FILES"),
@@ -186,13 +193,19 @@ class TransactionAnchoredVariables {
     AnchoredVariable m_variableInboundDataError;
     AnchoredVariable m_variableMatchedVar;
     AnchoredVariable m_variableMatchedVarName;
+    AnchoredVariable m_variableMultipartBoundaryQuoted;
+    AnchoredVariable m_variableMultipartBoundaryWhiteSpace;
     AnchoredVariable m_variableMultipartCrlfLFLines;
     AnchoredVariable m_variableMultipartDataAfter;
+    AnchoredVariable m_variableMultipartDataBefore;
     AnchoredVariable m_variableMultipartFileLimitExceeded;
-    AnchoredVariable m_variableMultipartStrictError;
     AnchoredVariable m_variableMultipartHeaderFolding;
-    AnchoredVariable m_variableMultipartInvalidQuoting;
     AnchoredVariable m_variableMultipartInvalidHeaderFolding;
+    AnchoredVariable m_variableMultipartInvalidPart;
+    AnchoredVariable m_variableMultipartInvalidQuoting;
+    AnchoredVariable m_variableMultipartLFLine;
+    AnchoredVariable m_variableMultipartMissingSemicolon;
+    AnchoredVariable m_variableMultipartStrictError;
     AnchoredVariable m_variableMultipartUnmatchedBoundary;
     AnchoredVariable m_variableOutboundDataError;
     AnchoredVariable m_variablePathInfo;
@@ -233,8 +246,8 @@ class TransactionAnchoredVariables {
     AnchoredSetVariable m_variableFilesSizes;
     AnchoredSetVariable m_variableFilesNames;
     AnchoredSetVariable m_variableFilesTmpContent;
-    AnchoredSetVariable m_variableMultiPartFileName;
-    AnchoredSetVariable m_variableMultiPartName;
+    AnchoredSetVariable m_variableMultipartFileName;
+    AnchoredSetVariable m_variableMultipartName;
     AnchoredSetVariable m_variableMatchedVarsNames;
     AnchoredSetVariable m_variableMatchedVars;
     AnchoredSetVariable m_variableFiles;

src/macro_expansion.cc

@@ -270,10 +270,10 @@ std::string MacroExpansion::expand(const std::string& input,
                 variableValue = transaction->m_variableFilesTmpContent.resolveFirst(var);
             }
             else if (compareStrNoCase(col, "MULTIPART_FILENAME")) {
-                variableValue = transaction->m_variableMultiPartFileName.resolveFirst(var);
+                variableValue = transaction->m_variableMultipartFileName.resolveFirst(var);
             }
             else if (compareStrNoCase(col, "MULTIPART_NAME")) {
-                variableValue = transaction->m_variableMultiPartName.resolveFirst(var);
+                variableValue = transaction->m_variableMultipartName.resolveFirst(var);
             }
             else if (compareStrNoCase(col, "MATCHED_VARS_NAMES")) {
                 variableValue = transaction->m_variableMatchedVarsNames.resolveFirst(var);

src/parser/seclang-parser.yy

@@ -175,13 +175,19 @@ class Driver;
 #include "src/variables/matched_vars.h"
 #include "src/variables/matched_vars_names.h"
 #include "src/variables/modsec_build.h"
+#include "src/variables/multipart_boundary_quoted.h"
+#include "src/variables/multipart_boundary_whitespace.h"
 #include "src/variables/multipart_crlf_lf_lines.h"
 #include "src/variables/multipart_data_after.h"
+#include "src/variables/multipart_data_before.h"
 #include "src/variables/multipart_file_limit_exceeded.h"
 #include "src/variables/multipart_file_name.h"
 #include "src/variables/multipart_header_folding.h"
 #include "src/variables/multipart_invalid_header_folding.h"
+#include "src/variables/multipart_invalid_part.h"
 #include "src/variables/multipart_invalid_quoting.h"
+#include "src/variables/multipart_lf_line.h"
+#include "src/variables/multipart_missing_semicolon.h"
 #include "src/variables/multipart_name.h"
 #include "src/variables/multipart_strict_error.h"
 #include "src/variables/multipart_unmatched_boundary.h"
@@ -390,12 +396,18 @@ using modsecurity::operators::Operator;
   VARIABLE_INBOUND_DATA_ERROR   "INBOUND_DATA_ERROR"
   VARIABLE_MATCHED_VAR          "MATCHED_VAR"
   VARIABLE_MATCHED_VAR_NAME     "MATCHED_VAR_NAME"
+  VARIABLE_MULTIPART_BOUNDARY_QUOTED
+  VARIABLE_MULTIPART_BOUNDARY_WHITESPACE
   VARIABLE_MULTIPART_CRLF_LF_LINES    "MULTIPART_CRLF_LF_LINES"
   VARIABLE_MULTIPART_DATA_AFTER "MULTIPART_DATA_AFTER"
+  VARIABLE_MULTIPART_DATA_BEFORE
   VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED       "MULTIPART_FILE_LIMIT_EXCEEDED"
   VARIABLE_MULTIPART_HEADER_FOLDING            "MULTIPART_HEADER_FOLDING"
   VARIABLE_MULTIPART_INVALID_HEADER_FOLDING    "MULTIPART_INVALID_HEADER_FOLDING"
+  VARIABLE_MULTIPART_INVALID_PART
   VARIABLE_MULTIPART_INVALID_QUOTING           "MULTIPART_INVALID_QUOTING"
+  VARIABLE_MULTIPART_LF_LINE
+  VARIABLE_MULTIPART_MISSING_SEMICOLON
   VARIABLE_MULTIPART_STRICT_ERROR              "MULTIPART_STRICT_ERROR"
   VARIABLE_MULTIPART_UNMATCHED_BOUNDARY        "MULTIPART_UNMATCHED_BOUNDARY"
   VARIABLE_OUTBOUND_DATA_ERROR  "OUTBOUND_DATA_ERROR"
@@ -434,12 +446,14 @@ using modsecurity::operators::Operator;
   VARIABLE_URL_ENCODED_ERROR    "URLENCODED_ERROR"
   VARIABLE_USER_ID               "USERID"
   VARIABLE_WEB_APP_ID           "WEBAPPID"
+
+
   VARIABLE_STATUS                              "VARIABLE_STATUS"
   VARIABLE_IP                                  "VARIABLE_IP"
   VARIABLE_GLOBAL                              "VARIABLE_GLOBAL"
   VARIABLE_TX                                  "VARIABLE_TX"
   VARIABLE_SESSION                             "VARIABLE_SESSION"
-  VARIABLE_USER                                 "VARIABLE_USER"
+  VARIABLE_USER                                "VARIABLE_USER"
   RUN_TIME_VAR_ENV                             "RUN_TIME_VAR_ENV"
   RUN_TIME_VAR_XML                             "RUN_TIME_VAR_XML"
 
@@ -1988,6 +2002,14 @@ var:
       {
         VARIABLE_CONTAINER($$, new Variables::MatchedVarName());
       }
+    | VARIABLE_MULTIPART_BOUNDARY_QUOTED
+      {
+        VARIABLE_CONTAINER($$, new Variables::MultipartBoundaryQuoted());
+      }
+    | VARIABLE_MULTIPART_BOUNDARY_WHITESPACE
+      {
+        VARIABLE_CONTAINER($$, new Variables::MultipartBoundaryWhiteSpace());
+      }
     | VARIABLE_MULTIPART_CRLF_LF_LINES
       {
         VARIABLE_CONTAINER($$, new Variables::MultipartCrlfLFLines());
@@ -1996,6 +2018,10 @@ var:
       {
         VARIABLE_CONTAINER($$, new Variables::MultipartDateAfter());
       }
+    | VARIABLE_MULTIPART_DATA_BEFORE
+      {
+        VARIABLE_CONTAINER($$, new Variables::MultipartDateBefore());
+      }
     | VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED
       {
         VARIABLE_CONTAINER($$, new Variables::MultipartFileLimitExceeded());
@@ -2008,10 +2034,22 @@ var:
       {
         VARIABLE_CONTAINER($$, new Variables::MultipartInvalidHeaderFolding());
       }
+    | VARIABLE_MULTIPART_INVALID_PART
+      {
+        VARIABLE_CONTAINER($$, new Variables::MultipartInvalidPart());
+      }
     | VARIABLE_MULTIPART_INVALID_QUOTING
       {
         VARIABLE_CONTAINER($$, new Variables::MultipartInvalidQuoting());
       }
+    | VARIABLE_MULTIPART_LF_LINE
+      {
+        VARIABLE_CONTAINER($$, new Variables::MultipartLFLine());
+      }
+    | VARIABLE_MULTIPART_MISSING_SEMICOLON
+      {
+        VARIABLE_CONTAINER($$, new Variables::MultipartMissingSemicolon());
+      }
     | VARIABLE_MULTIPART_STRICT_ERROR
       {
         VARIABLE_CONTAINER($$, new Variables::MultipartStrictError());

src/parser/seclang-scanner.ll

@@ -136,12 +136,20 @@ VARIABLE_GLOBAL                           (?i:GLOBAL)
 VARIABLE_INBOUND_DATA_ERROR               (?i:INBOUND_DATA_ERROR)
 VARIABLE_MATCHED_VAR                      (?i:MATCHED_VAR)
 VARIABLE_MATCHED_VAR_NAME                 (?i:MATCHED_VAR_NAME)
+VARIABLE_MULTIPART_BOUNDARY_QUOTED        (?i:MULTIPART_BOUNDARY_QUOTED)
+VARIABLE_MULTIPART_BOUNDARY_WHITESPACE    (?i:MULTIPART_BOUNDARY_WHITESPACE)
 VARIABLE_MULTIPART_CRLF_LF_LINES          (?i:MULTIPART_CRLF_LF_LINES)
 VARIABLE_MULTIPART_DATA_AFTER             (?i:MULTIPART_DATA_AFTER)
+VARIABLE_MULTIPART_DATA_BEFORE            (?i:MULTIPART_DATA_BEFORE)
 VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED    (?i:MULTIPART_FILE_LIMIT_EXCEEDED)
+VARIABLE_MULTIPART_FILENAME               (?i:MULTIPART_FILENAME)
 VARIABLE_MULTIPART_HEADER_FOLDING         (?i:MULTIPART_HEADER_FOLDING)
 VARIABLE_MULTIPART_INVALID_HEADER_FOLDING (?i:MULTIPART_INVALID_HEADER_FOLDING)
+VARIABLE_MULTIPART_INVALID_PART           (?i:MULTIPART_INVALID_PART)
 VARIABLE_MULTIPART_INVALID_QUOTING        (?i:MULTIPART_INVALID_QUOTING)
+VARIABLE_MULTIPART_LF_LINE                (?i:MULTIPART_LF_LINE)
+VARIABLE_MULTIPART_MISSING_SEMICOLON      (?i:MULTIPART_MISSING_SEMICOLON)
+VARIABLE_MULTIPART_NAME                   (?i:MULTIPART_NAME)
 VARIABLE_MULTIPART_STRICT_ERROR           (?i:MULTIPART_STRICT_ERROR)
 VARIABLE_MULTIPART_UNMATCHED_BOUNDARY     (?i:MULTIPART_UNMATCHED_BOUNDARY)
 VARIABLE_OUTBOUND_DATA_ERROR              (?i:OUTBOUND_DATA_ERROR)
@@ -186,8 +194,6 @@ VARIABLE_ARGS_GET                         (?i:ARGS_GET)
 VARIABLE_FILES_SIZES                      (?i:FILES_SIZES)
 VARIABLE_FILES_NAMES                      (?i:FILES_NAMES)
 VARIABLE_FILES_TMP_CONTENT                (?i:FILES_TMP_CONTENT)
-VARIABLE_MULTIPART_FILENAME               (?i:MULTIPART_FILENAME)
-VARIABLE_MULTIPART_NAME                   (?i:MULTIPART_NAME)
 VARIABLE_MATCHED_VARS_NAMES               (?i:MATCHED_VARS_NAMES)
 VARIABLE_MATCHED_VARS                     (?i:MATCHED_VARS)
 VARIABLE_FILES                            (?i:FILES)
@@ -779,12 +785,27 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
 {VARIABLE_INBOUND_DATA_ERROR}               { return p::make_VARIABLE_INBOUND_DATA_ERROR(*driver.loc.back()); }
 {VARIABLE_MATCHED_VAR_NAME}                 { return p::make_VARIABLE_MATCHED_VAR_NAME(*driver.loc.back()); }
 {VARIABLE_MATCHED_VAR}                      { return p::make_VARIABLE_MATCHED_VAR(*driver.loc.back()); }
+{VARIABLE_MULTIPART_BOUNDARY_QUOTED}        { return p::make_VARIABLE_MULTIPART_BOUNDARY_QUOTED(*driver.loc.back()); }
+{VARIABLE_MULTIPART_BOUNDARY_WHITESPACE}    { return p::make_VARIABLE_MULTIPART_BOUNDARY_WHITESPACE(*driver.loc.back()); }
 {VARIABLE_MULTIPART_CRLF_LF_LINES}          { return p::make_VARIABLE_MULTIPART_CRLF_LF_LINES(*driver.loc.back()); }
 {VARIABLE_MULTIPART_DATA_AFTER}             { return p::make_VARIABLE_MULTIPART_DATA_AFTER(*driver.loc.back()); }
+{VARIABLE_MULTIPART_DATA_AFTER}             { return p::make_VARIABLE_MULTIPART_DATA_AFTER(*driver.loc.back()); }
+{VARIABLE_MULTIPART_DATA_BEFORE}            { return p::make_VARIABLE_MULTIPART_DATA_BEFORE(*driver.loc.back()); }
 {VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED}    { return p::make_VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED(*driver.loc.back()); }
+{VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED}    { return p::make_VARIABLE_MULTIPART_FILE_LIMIT_EXCEEDED(*driver.loc.back()); }
+{VARIABLE_MULTIPART_FILENAME}[:.]           { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
+{VARIABLE_MULTIPART_FILENAME}               { return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
+{VARIABLE_MULTIPART_HEADER_FOLDING}         { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); }
 {VARIABLE_MULTIPART_HEADER_FOLDING}         { return p::make_VARIABLE_MULTIPART_HEADER_FOLDING(*driver.loc.back()); }
 {VARIABLE_MULTIPART_INVALID_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_INVALID_HEADER_FOLDING(*driver.loc.back()); }
+{VARIABLE_MULTIPART_INVALID_HEADER_FOLDING} { return p::make_VARIABLE_MULTIPART_INVALID_HEADER_FOLDING(*driver.loc.back()); }
+{VARIABLE_MULTIPART_INVALID_PART}           { return p::make_VARIABLE_MULTIPART_INVALID_PART(*driver.loc.back()); }
 {VARIABLE_MULTIPART_INVALID_QUOTING}        { return p::make_VARIABLE_MULTIPART_INVALID_QUOTING(*driver.loc.back()); }
+{VARIABLE_MULTIPART_INVALID_QUOTING}        { return p::make_VARIABLE_MULTIPART_INVALID_QUOTING(*driver.loc.back()); }
+{VARIABLE_MULTIPART_LF_LINE}                { return p::make_VARIABLE_MULTIPART_LF_LINE(*driver.loc.back()); }
+{VARIABLE_MULTIPART_MISSING_SEMICOLON}      { return p::make_VARIABLE_MULTIPART_MISSING_SEMICOLON(*driver.loc.back()); }
+{VARIABLE_MULTIPART_NAME}[:.]               { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
+{VARIABLE_MULTIPART_NAME}                   { return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
 {VARIABLE_MULTIPART_STRICT_ERROR}           { return p::make_VARIABLE_MULTIPART_STRICT_ERROR(*driver.loc.back()); }
 {VARIABLE_MULTIPART_UNMATCHED_BOUNDARY}     { return p::make_VARIABLE_MULTIPART_UNMATCHED_BOUNDARY(*driver.loc.back()); }
 {VARIABLE_OUTBOUND_DATA_ERROR}              { return p::make_VARIABLE_OUTBOUND_DATA_ERROR(*driver.loc.back()); }
@@ -837,10 +858,6 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
 {VARIABLE_FILES_NAMES}[:.]                  { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES_NAMES(*driver.loc.back()); }
 {VARIABLE_FILES_TMP_CONTENT}                { return p::make_VARIABLE_FILES_TMP_CONTENT(*driver.loc.back()); }
 {VARIABLE_FILES_TMP_CONTENT}[:.]            { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_FILES_TMP_CONTENT(*driver.loc.back()); }
-{VARIABLE_MULTIPART_FILENAME}               { return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
-{VARIABLE_MULTIPART_FILENAME}[:.]           { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_FILENAME(*driver.loc.back()); }
-{VARIABLE_MULTIPART_NAME}                   { return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
-{VARIABLE_MULTIPART_NAME}[:.]               { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MULTIPART_NAME(*driver.loc.back()); }
 {VARIABLE_MATCHED_VARS_NAMES}               { return p::make_VARIABLE_MATCHED_VARS_NAMES(*driver.loc.back()); }
 {VARIABLE_MATCHED_VARS_NAMES}[:.]           { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_MATCHED_VARS_NAMES(*driver.loc.back()); }
 {VARIABLE_MATCHED_VARS}                     { return p::make_VARIABLE_MATCHED_VARS(*driver.loc.back()); }
@@ -880,7 +897,6 @@ p::make_CONFIG_SEC_RULE_REMOVE_BY_TAG(parserSanitizer(strchr(yytext, ' ') + 1),
 {VARIABLE_TX}                               { return p::make_VARIABLE_TX(*driver.loc.back()); }
 {VARIABLE_TX}[:.]                           { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_TX(*driver.loc.back()); }
 
-
 {RUN_TIME_VAR_BLD}                          { return p::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }
 {RUN_TIME_VAR_DUR}                          { return p::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
 {RUN_TIME_VAR_HSV}                          { return p::make_RUN_TIME_VAR_HSV(yytext, *driver.loc.back()); }

src/request_body_processor/multipart.cc

@@ -352,7 +352,7 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
         if (name == "name") {
             validate_quotes(value.c_str());
 
-            m_transaction->m_variableMultiPartName.set(value, value,
+            m_transaction->m_variableMultipartName.set(value, value,
                 offset + ((p - c_d_value) - value.size()));
 
             if (!m_mpp->m_name.empty()) {
@@ -369,7 +369,7 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
 #endif
         } else if (name == "filename") {
             validate_quotes(value.c_str());
-            m_transaction->m_variableMultiPartFileName.set(value, value, \
+            m_transaction->m_variableMultipartFileName.set(value, value, \
                 offset + ((p - c_d_value) - value.size()));
 
             if (!m_mpp->m_filename.empty()) {
@@ -956,8 +956,9 @@ int Multipart::multipart_complete(std::string *error) {
         std::to_string(m_flag_unmatched_boundary),
         m_transaction->m_variableOffset);
 
-    m_transaction->m_collections.store("MULTIPART_DATA_BEFORE",
-        std::to_string(m_flag_data_before));
+    m_transaction->m_variableMultipartDataBefore.set(
+        std::to_string(m_flag_data_before),
+        m_transaction->m_variableOffset);
     if (m_flag_data_before) {
 #ifndef NO_LOGS
         debug(4, "Multipart: Warning: seen data before first boundary.");
@@ -973,16 +974,18 @@ int Multipart::multipart_complete(std::string *error) {
 #endif
     }
 
-    m_transaction->m_collections.store("MULTIPART_BOUNDARY_QUOTED",
-        std::to_string(m_flag_boundary_quoted));
+    m_transaction->m_variableMultipartBoundaryQuoted.set(
+        std::to_string(m_flag_boundary_quoted),
+        m_transaction->m_variableOffset);
     if (m_flag_boundary_quoted) {
 #ifndef NO_LOGS
         debug(4, "Multipart: Warning: boundary was quoted.");
 #endif
     }
 
-    m_transaction->m_collections.store("MULTIPART_BOUNDARY_WHITESPACE",
-        std::to_string(m_flag_boundary_whitespace));
+    m_transaction->m_variableMultipartBoundaryWhiteSpace.set(
+        std::to_string(m_flag_boundary_whitespace),
+        m_transaction->m_variableOffset);
     if (m_flag_boundary_whitespace) {
 #ifndef NO_LOGS
         debug(4, "Multipart: Warning: boundary whitespace in C-T header.");
@@ -997,11 +1000,9 @@ int Multipart::multipart_complete(std::string *error) {
         debug(4, "Multipart: Warning: header folding used.");
 #endif
     }
-
-    m_transaction->m_collections.store("MULTIPART_CRLF_LINE",
-        std::to_string(m_flag_crlf_line));
-    m_transaction->m_collections.store("MULTIPART_LF_LINE",
-        std::to_string(m_flag_lf_line));
+    m_transaction->m_variableMultipartLFLine.set(
+        std::to_string(m_flag_lf_line),
+        m_transaction->m_variableOffset);
     m_transaction->m_variableMultipartCrlfLFLines.set(
         std::to_string(m_flag_crlf_line && m_flag_lf_line),
         m_transaction->m_variableOffset);
@@ -1014,9 +1015,9 @@ int Multipart::multipart_complete(std::string *error) {
         debug(4, "Multipart: Warning: incorrect line endings used (LF).");
 #endif
     }
-
-    m_transaction->m_collections.store("MULTIPART_MISSING_SEMICOLON",
-        std::to_string(m_flag_missing_semicolon));
+    m_transaction->m_variableMultipartMissingSemicolon.set(
+        std::to_string(m_flag_missing_semicolon),
+        m_transaction->m_variableOffset);
     if (m_flag_missing_semicolon) {
 #ifndef NO_LOGS
         debug(4, "Multipart: Warning: missing semicolon in C-T header.");
@@ -1031,9 +1032,9 @@ int Multipart::multipart_complete(std::string *error) {
         debug(4, "Multipart: Warning: invalid quoting used.");
 #endif
     }
-
-    m_transaction->m_collections.store("MULTIPART_INVALID_PART",
-        std::to_string(m_flag_invalid_part));
+    m_transaction->m_variableMultipartInvalidPart.set(
+        std::to_string(m_flag_invalid_part),
+        m_transaction->m_variableOffset);
     if (m_flag_invalid_part) {
 #ifndef NO_LOGS
         debug(4, "Multipart: Warning: invalid part parsing.");

src/variables/multipart_boundary_quoted.h

@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_MULTIPART_BOUNDARY_QUOTED_H_
+#define SRC_VARIABLES_MULTIPART_BOUNDARY_QUOTED_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+class MultipartBoundaryQuoted : public Variable {
+ public:
+    MultipartBoundaryQuoted()
+        : Variable("MULTIPART_BOUNDARY_QUOTED") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) {
+        transaction->m_variableMultipartBoundaryQuoted.evaluate(l);
+    }
+};
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_MULTIPART_BOUNDARY_QUOTED_H_

src/variables/multipart_boundary_whitespace.h

@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_MULTIPART_BOUNDARY_WHITESPACE_H_
+#define SRC_VARIABLES_MULTIPART_BOUNDARY_WHITESPACE_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+class MultipartBoundaryWhiteSpace : public Variable {
+ public:
+    MultipartBoundaryWhiteSpace()
+        : Variable("MULTIPART_BOUNDARY_WHITESPACE") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) {
+        transaction->m_variableMultipartBoundaryWhiteSpace.evaluate(l);
+    }
+};
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_MULTIPART_BOUNDARY_WHITESPACE_H_

src/variables/multipart_data_before.h

@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_MULTIPART_DATA_BEFORE_H_
+#define SRC_VARIABLES_MULTIPART_DATA_BEFORE_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+class MultipartDateBefore : public Variable {
+ public:
+    MultipartDateBefore()
+        : Variable("MULTIPART_DATA_BEFORE") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) {
+        transaction->m_variableMultipartDataBefore.evaluate(l);
+    }
+};
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_MULTIPART_DATA_BEFORE_H_

src/variables/multipart_file_name.h

@@ -39,7 +39,7 @@ class MultiPartFileName_DictElement : public Variable {
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableMultiPartFileName.resolve(m_dictElement, l);
+        transaction->m_variableMultipartFileName.resolve(m_dictElement, l);
     }
 
     std::string m_dictElement;
@@ -54,7 +54,7 @@ class MultiPartFileName_NoDictElement : public Variable {
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableMultiPartFileName.resolve(l);
+        transaction->m_variableMultipartFileName.resolve(l);
     }
 };
 
@@ -68,7 +68,7 @@ class MultiPartFileName_DictElementRegexp : public Variable {
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableMultiPartFileName.resolveRegularExpression(
+        transaction->m_variableMultipartFileName.resolveRegularExpression(
             &m_r, l);
     }
 

src/variables/multipart_invalid_part.h

@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_MULTIPART_INVALID_PART_H_
+#define SRC_VARIABLES_MULTIPART_INVALID_PART_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+class MultipartInvalidPart : public Variable {
+ public:
+    MultipartInvalidPart()
+        : Variable("MULTIPART_INVALID_PART") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) {
+        transaction->m_variableMultipartInvalidPart.evaluate(l);
+    }
+};
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_MULTIPART_INVALID_PART_H_

src/variables/multipart_lf_line.h

@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_MULTIPART_LF_LINE_H_
+#define SRC_VARIABLES_MULTIPART_LF_LINE_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+class MultipartLFLine : public Variable {
+ public:
+    MultipartLFLine()
+        : Variable("MULTIPART_LF_LINE") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) {
+        transaction->m_variableMultipartLFLine.evaluate(l);
+    }
+};
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_MULTIPART_LF_LINE_H_

src/variables/multipart_missing_semicolon.h

@@ -0,0 +1,47 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_MULTIPART_MISSING_SEMICOLON_H_
+#define SRC_VARIABLES_MULTIPART_MISSING_SEMICOLON_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace Variables {
+
+class MultipartMissingSemicolon : public Variable {
+ public:
+    MultipartMissingSemicolon()
+        : Variable("MULTIPART_MISSING_SEMICOLON") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) {
+        transaction->m_variableMultipartMissingSemicolon.evaluate(l);
+    }
+};
+
+}  // namespace Variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_MULTIPART_MISSING_SEMICOLON_H_

src/variables/multipart_name.h

@@ -39,7 +39,7 @@ class MultiPartName_DictElement : public Variable {
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableMultiPartName.resolve(m_dictElement, l);
+        transaction->m_variableMultipartName.resolve(m_dictElement, l);
     }
 
     std::string m_dictElement;
@@ -54,7 +54,7 @@ class MultiPartName_NoDictElement : public Variable {
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableMultiPartName.resolve(l);
+        transaction->m_variableMultipartName.resolve(l);
     }
 };
 
@@ -68,7 +68,7 @@ class MultiPartName_DictElementRegexp : public Variable {
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableMultiPartName.resolveRegularExpression(
+        transaction->m_variableMultipartName.resolveRegularExpression(
             &m_r, l);
     }
 

src/variables/variable.h

@@ -218,9 +218,9 @@ class Variable {
             } else if (comp(col, "FILES_TMP_CONTENT")) {
                 t->m_variableFilesTmpContent.resolve(var, l);
             } else if (comp(col, "MULTIPART_FILENAME")) {
-                t->m_variableMultiPartFileName.resolve(var, l);
+                t->m_variableMultipartFileName.resolve(var, l);
             } else if (comp(col, "MULTIPART_NAME")) {
-                t->m_variableMultiPartName.resolve(var, l);
+                t->m_variableMultipartName.resolve(var, l);
             } else if (comp(col, "MATCHED_VARS_NAMES")) {
                 t->m_variableMatchedVarsNames.resolve(var, l);
             } else if (comp(col, "MATCHED_VARS")) {
@@ -383,9 +383,9 @@ class Variable {
             } else if (comp(col, "FILES_TMP_CONTENT")) {
                 vv = t->m_variableFilesTmpContent.resolveFirst(var);
             } else if (comp(col, "MULTIPART_FILENAME")) {
-                vv = t->m_variableMultiPartFileName.resolveFirst(var);
+                vv = t->m_variableMultipartFileName.resolveFirst(var);
             } else if (comp(col, "MULTIPART_NAME")) {
-                vv = t->m_variableMultiPartName.resolveFirst(var);
+                vv = t->m_variableMultipartName.resolveFirst(var);
             } else if (comp(col, "MATCHED_VARS_NAMES")) {
                 vv = t->m_variableMatchedVarsNames.resolveFirst(var);
             } else if (comp(col, "MATCHED_VARS")) {