diff --git a/src/rule.cc b/src/rule.cc index 5bb455b1..e311845d 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -502,7 +502,7 @@ std::vector> Rule::getFinalVars( != exclusions_update_by_tag_remove.end()) { #ifndef NO_LOGS trans->debug(9, "Variable: " + *key + - " is part of the exclusion list (from update by tag " + + " is part of the exclusion list (from update by tag" + "), skipping..."); #endif if (v->m_dynamic) { @@ -530,15 +530,27 @@ std::vector> Rule::getFinalVars( for (auto &i : trans->m_ruleRemoveTargetByTag) { std::string tag = i.first; std::string args = i.second; + size_t posa = key->find(":"); + if (containsTag(tag, trans) == false) { continue; } + if (args == *key) { trans->debug(9, "Variable: " + *key + " was excluded by ruleRemoteTargetByTag..."); ignoreVariable = true; break; } + if (posa != std::string::npos) { + std::string var = std::string(*key, posa); + if (var == args) { + trans->debug(9, "Variable: " + *key + + " was excluded by ruleRemoteTargetByTag..."); + ignoreVariable = true; + break; + } + } } if (ignoreVariable) { if (v->m_dynamic) { @@ -551,15 +563,29 @@ std::vector> Rule::getFinalVars( for (auto &i : trans->m_ruleRemoveTargetById) { int id = i.first; std::string args = i.second; + size_t posa = key->find(":"); + if (m_ruleId != id) { continue; } + if (args == *key) { trans->debug(9, "Variable: " + *key + " was excluded by ruleRemoveTargetById..."); ignoreVariable = true; break; } + if (posa != std::string::npos) { + if (key->size() > posa) { + std::string var = std::string(*key, 0, posa); + if (var == args) { + trans->debug(9, "Variable: " + var + + " was excluded by ruleRemoveTargetById..."); + ignoreVariable = true; + break; + } + } + } } if (ignoreVariable) { if (v->m_dynamic) { diff --git a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json index a7050191..7cba0d54 100644 --- a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json +++ b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json @@ -2,9 +2,9 @@ { "enabled":1, "version_min":300000, - "title":"Testing CtlRuleRemoteTargetById (1)", + "title":"Testing CtlRuleRemoveTargetById (1)", "expected":{ - "debug_log": "Variable: ARGS:pwd was excluded by ruleRemoteTargetById..." + "debug_log": "Variable: ARGS:pwd was excluded by ruleRemoveTargetById..." }, "client":{ "ip":"200.249.12.31", @@ -34,7 +34,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing CtlRuleRemoteTargetById (2)", + "title":"Testing CtlRuleRemoveTargetById (2)", "expected":{ "debug_log": "Target value: .*Variable: ARGS:pwd" }, @@ -62,5 +62,37 @@ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=123;ARGS:pwd\"", "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing CtlRuleRemoveTargetById (3)", + "expected":{ + "debug_log": "Variable: ARGS was excluded by ruleRemoveTargetById..." + }, + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", + "Content-Type": "text/xml" + }, + "uri":"/wp-login.php?whee&pwd=lhebs", + "method":"GET", + "body": [ ] + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "rules":[ + "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=1;ARGS\"", + "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS'\"" + ] } ] diff --git a/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json b/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json index 7457ffa1..efc82ae5 100644 --- a/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json +++ b/test/test-cases/regression/action-ctl_rule_remove_target_by_tag.json @@ -62,5 +62,37 @@ "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd\"", "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing CtlRuleRemoteTargetByTag (3)", + "expected":{ + "debug_log": "Target value: .*Variable: ARGS:pwd" + }, + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", + "Content-Type": "text/xml" + }, + "uri":"/wp-login.php?whee&pwd=lhebs", + "method":"GET", + "body": [ ] + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "rules":[ + "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=CRS;ARGS\"", + "SecRule ARGS \"@contais whe\" \"id:1,phase:3,t:none,nolog,pass,tag:'CRS2'\"" + ] } ] diff --git a/test/test-cases/secrules-language-tests b/test/test-cases/secrules-language-tests index 1a572362..add8f637 160000 --- a/test/test-cases/secrules-language-tests +++ b/test/test-cases/secrules-language-tests @@ -1 +1 @@ -Subproject commit 1a572362156de9c570e2589c36d382bf59dcc1a0 +Subproject commit add8f637703ac2c069f1b650164b70cd35675228