From 6624a18a4e7fd9881a7a9b435db3e481e8e986a5 Mon Sep 17 00:00:00 2001
From: root <kdrrdgn@gmail.com>
Date: Sat, 9 Nov 2019 06:36:34 +0300
Subject: [PATCH] Fixed inspectFile operator does not pass FILES_TMPNAMES

pass FILES_TMPNAMES variable to lua engine Fixed Lua engine
should also be aware of the variable and pass it to the target
lua script main function
---
 CHANGES                       |  3 +++
 src/engine/lua.cc             | 13 +++++++++++--
 src/engine/lua.h              |  2 +-
 src/operators/inspect_file.cc |  2 +-
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index bb8802d7..000f8438 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
 v3.0.4 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Fix: ModSecurity 3.x inspectFile operator does not pass
+   FILES_TMPNAMES parameter to lua engine
+   [Issue #2204, #2205 - @kadirerdogan]
  - XML: Remove error messages from stderr
    [Issue #2010 - @JaiHarpalani, @zimmerle]
  - Filter comment or blank line for pmFromFile operator
diff --git a/src/engine/lua.cc b/src/engine/lua.cc
index a7dbd819..12f1ba45 100644
--- a/src/engine/lua.cc
+++ b/src/engine/lua.cc
@@ -121,7 +121,8 @@ const char *Lua::blob_reader(lua_State *L, void *ud, size_t *size) {
 }
 #endif
 
-int Lua::run(Transaction *t) {
+
+int Lua::run(Transaction *t, const std::string &str) {
 #ifdef WITH_LUA
     std::string luaRet;
     const char *a = NULL;
@@ -184,7 +185,15 @@ int Lua::run(Transaction *t) {
     lua_setglobal(L, "modsec");
 
     lua_getglobal(L, "main");
-    if (lua_pcall(L, 0, 1, 0)) {
+
+    ms_dbg_a(t, 1, str);
+
+    /* Put the parameter on the stack. */
+    if (!str.empty() ) {
+        lua_pushlstring(L, str.c_str(), str.length());
+    }
+
+    if (lua_pcall(L, ((!str.empty()) ? 1 : 0), 1, 0)) {
         std::string e;
         const char *luaerr = lua_tostring(L, -1);
         e.assign("Failed to execute lua script: " + m_scriptName + " (main)");
diff --git a/src/engine/lua.h b/src/engine/lua.h
index b1b77e2d..9a0c0c47 100644
--- a/src/engine/lua.h
+++ b/src/engine/lua.h
@@ -69,7 +69,7 @@ class Lua {
     Lua() { }
 
     bool load(std::string script, std::string *err);
-    int run(Transaction *t);
+    int run(Transaction *t, const std::string &str="");
     static bool isCompatible(std::string script, Lua *l, std::string *error);
 
 #ifdef WITH_LUA
diff --git a/src/operators/inspect_file.cc b/src/operators/inspect_file.cc
index a72db488..fa194f5f 100644
--- a/src/operators/inspect_file.cc
+++ b/src/operators/inspect_file.cc
@@ -51,7 +51,7 @@ bool InspectFile::init(const std::string &param2, std::string *error) {
 
 bool InspectFile::evaluate(Transaction *transaction, const std::string &str) {
     if (m_isScript) {
-        return m_lua.run(transaction);
+        return m_lua.run(transaction, str);
     } else {
         FILE *in;
         char buff[512];