diff --git a/src/rule.cc b/src/rule.cc index df48b45a..7cc42c03 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -23,6 +23,7 @@ #include #include #include +#include #include "src/operators/operator.h" #include "modsecurity/actions/action.h" @@ -396,6 +397,7 @@ std::list, std::shared_ptr(new std::string(in)); if (m_containsMultiMatchAction == true) { + /* keep the original value */ ret.push_back(std::make_pair( std::shared_ptr(new std::string(*value)), std::shared_ptr(new std::string(path)))); @@ -764,10 +766,24 @@ bool Rule::evaluate(Transaction *trans, for (auto &i : v->m_orign) { ruleMessage->m_reference.append(i->toText()); } + ruleMessage->m_reference.append(*valueTemp.second); updateMatchedVars(trans, key, valueAfterTrans); executeActionsIndependentOfChainedRuleResult(trans, &containsBlock, ruleMessage); + + bool isItToBeLogged = ruleMessage->m_saveMessage; + if (m_containsMultiMatchAction && isItToBeLogged) { + /* warn */ + trans->m_rulesMessages.push_back(*ruleMessage); + /* error */ + trans->serverLog(ruleMessage); + + RuleMessage *rm = new RuleMessage(this, trans); + rm->m_saveMessage = ruleMessage->m_saveMessage; + ruleMessage.reset(rm); + } + globalRet = true; } } @@ -816,9 +832,21 @@ end_clean: end_exec: executeActionsAfterFullMatch(trans, containsBlock, ruleMessage); - if (m_ruleId != 0 && ruleMessage->m_saveMessage != false) { - trans->serverLog(ruleMessage); + + /* last rule in the chain. */ + bool isItToBeLogged = ruleMessage->m_saveMessage; + if (isItToBeLogged && !m_containsMultiMatchAction + && !ruleMessage->m_message.empty()) { + /* warn */ trans->m_rulesMessages.push_back(*ruleMessage); + /* error */ + trans->serverLog(ruleMessage); + } + else if (m_containsStaticBlockAction && !m_containsMultiMatchAction) { + /* warn */ + trans->m_rulesMessages.push_back(*ruleMessage); + /* error */ + trans->serverLog(ruleMessage); } return true; diff --git a/test/test-cases/regression/issue-1528.json b/test/test-cases/regression/issue-1528.json index 599957e5..f2257055 100644 --- a/test/test-cases/regression/issue-1528.json +++ b/test/test-cases/regression/issue-1528.json @@ -32,7 +32,7 @@ "rules": [ "SecRuleEngine On", "SecAction \"id:1, nolog, setvar:tx.bad_value=attack\"", - "SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" id:2" + "SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,block\"" ] } ] diff --git a/test/test-cases/regression/offset-variable.json b/test/test-cases/regression/offset-variable.json index 13871975..257dac19 100644 --- a/test/test-cases/regression/offset-variable.json +++ b/test/test-cases/regression/offset-variable.json @@ -314,7 +314,7 @@ ] }, "expected":{ - "error_log":"o0,6v17,6t:trimo0,6v149,6t:trim" + "error_log":"o0,6v17,6t:trim" }, "rules":[ "SecRequestBodyAccess On", diff --git a/test/test-cases/regression/operator-rx.json b/test/test-cases/regression/operator-rx.json index 5eb106d2..d6b9839f 100644 --- a/test/test-cases/regression/operator-rx.json +++ b/test/test-cases/regression/operator-rx.json @@ -83,7 +83,7 @@ }, "rules":[ "SecRuleEngine On", - "SecRule REQUEST_HEADERS:Content-Length \"!^0$\" \"id:1,phase:2,pass,t:trim\"" + "SecRule REQUEST_HEADERS:Content-Length \"!^0$\" \"id:1,phase:2,pass,t:trim,block\"" ] } ]