Fix pass action behaviour: now only ingore actions within the same rule

More details on issue #1152
2025-09-29 19:24:29 +03:00 · 2016-07-01 11:01:51 -03:00
parent b332018cc2
commit 3d1d0514fd
3 changed files with 124 additions and 5 deletions
--- a/src/actions/pass.cc
+++ b/src/actions/pass.cc
@@ -26,7 +26,6 @@ namespace actions {


 bool Pass::evaluate(Rule *rule, Transaction *transaction) {
-    transaction->m_actions.clear();
    return true;
 }

--- a/src/rule.cc
+++ b/src/rule.cc
@@ -201,7 +201,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
        if (a->isDisruptive() == false) {
 #ifndef NO_LOGS
            trasn->debug(4, "Running (_non_ disruptive) action: " +
-                a->m_name);
+                a->m_name + ".");
 #endif
            a->evaluate(this, trasn);
        } else {
@@ -395,6 +395,7 @@ bool Rule::evaluate(Transaction *trasn) {
            if (ret) {
                bool containsDisruptive = false;
                bool chainResult = false;
+                bool containsPassAction = false;

                ruleMessage->m_match = "Operator `" + this->op->op +
                    "' with parameter `" + this->op->param + "' against" \
@@ -415,6 +416,10 @@ bool Rule::evaluate(Transaction *trasn) {
                    this->actions_runtime_pos) {
                    if (a->isDisruptive() == true) {
                        containsDisruptive = true;
+                        if (a->m_name == "pass") {
+                            containsPassAction = true;
+                            trasn->debug(4, "Rule contains a `pass' action");
+                        }
                    }
                }

@@ -477,19 +482,30 @@ bool Rule::evaluate(Transaction *trasn) {
                        this->actions_runtime_pos) {
                        if (a->isDisruptive()
                            && trasn->m_rules->secRuleEngine
-                                == Rules::EnabledRuleEngine) {
+                                == Rules::EnabledRuleEngine
+                            && containsPassAction == false) {
 #ifndef NO_LOGS
                            trasn->debug(4, "Running (disruptive) " \
                                "action: " + a->m_name);
 #endif
                            a->evaluate(this, trasn);
-                        } else if (a->isDisruptive()) {
+                        } else if (a->isDisruptive()
+                            && containsPassAction == false) {
 #ifndef NO_LOGS
                            trasn->debug(4,
                                "Not running disruptive action: " + \
                                a->m_name + ". SecRuleEngine " + \
                                "is not On");
 #endif
+                        } else if (a->isDisruptive() &&
+                            containsPassAction == true) {
+                            if (a->m_name != "pass") {
+#ifndef NO_LOGS
+                                trasn->debug(4, "Not running disruptive " \
+                                    "action: " + a->m_name + ". It was " \
+                                    "silenced by an `pass' action.");
+#endif
+                            }
                        } else if (!a->isDisruptive()) {
 #ifndef NO_LOGS
                            trasn->debug(4, "Running (_non_ disruptive) " \