mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
negative lookup on the key name instead of COLLECTION:key
This commit is contained in:
Felipe Zimmerle
@@ -699,7 +699,7 @@ bool Rule::evaluate(Transaction *trans,
|
|||||||
const std::string &value = v->getValue();
|
const std::string &value = v->getValue();
|
||||||
const std::string &key = v->getKeyWithCollection();
|
const std::string &key = v->getKeyWithCollection();
|
||||||
|
|
||||||
if (exclusion.contains(v->getKeyWithCollection()) ||
|
if (exclusion.contains(v->getKey()) ||
|
||||||
std::find_if(trans->m_ruleRemoveTargetById.begin(),
|
std::find_if(trans->m_ruleRemoveTargetById.begin(),
|
||||||
trans->m_ruleRemoveTargetById.end(),
|
trans->m_ruleRemoveTargetById.end(),
|
||||||
[&, v, this](std::pair<int, std::string> &m) -> bool {
|
[&, v, this](std::pair<int, std::string> &m) -> bool {
|
||||||
@@ -710,7 +710,7 @@ bool Rule::evaluate(Transaction *trans,
|
|||||||
v = NULL;
|
v = NULL;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (exclusion.contains(v->getKeyWithCollection()) ||
|
if (exclusion.contains(v->getKey()) ||
|
||||||
std::find_if(trans->m_ruleRemoveTargetByTag.begin(),
|
std::find_if(trans->m_ruleRemoveTargetByTag.begin(),
|
||||||
trans->m_ruleRemoveTargetByTag.end(),
|
trans->m_ruleRemoveTargetByTag.end(),
|
||||||
[&, v, trans, this](std::pair<std::string, std::string> &m) -> bool {
|
[&, v, trans, this](std::pair<std::string, std::string> &m) -> bool {
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
{
|
{
|
||||||
"enabled":1,
|
"enabled":1,
|
||||||
"version_min":300000,
|
"version_min":300000,
|
||||||
"title":"SecRuleUpdateTargetByTag (1/4)",
|
"title":"SecRuleUpdateTargetByTag (1/6)",
|
||||||
"client":{
|
"client":{
|
||||||
"ip":"200.249.12.31",
|
"ip":"200.249.12.31",
|
||||||
"port":123
|
"port":123
|
||||||
@@ -42,7 +42,7 @@
|
|||||||
{
|
{
|
||||||
"enabled":1,
|
"enabled":1,
|
||||||
"version_min":300000,
|
"version_min":300000,
|
||||||
"title":"SecRuleUpdateTargetByTag (2/4)",
|
"title":"SecRuleUpdateTargetByTag (2/6)",
|
||||||
"client":{
|
"client":{
|
||||||
"ip":"200.249.12.31",
|
"ip":"200.249.12.31",
|
||||||
"port":123
|
"port":123
|
||||||
@@ -82,7 +82,7 @@
|
|||||||
{
|
{
|
||||||
"enabled":1,
|
"enabled":1,
|
||||||
"version_min":300000,
|
"version_min":300000,
|
||||||
"title":"SecRuleUpdateTargetByTag (3/4)",
|
"title":"SecRuleUpdateTargetByTag (3/6)",
|
||||||
"client":{
|
"client":{
|
||||||
"ip":"200.249.12.31",
|
"ip":"200.249.12.31",
|
||||||
"port":123
|
"port":123
|
||||||
@@ -122,7 +122,7 @@
|
|||||||
{
|
{
|
||||||
"enabled":1,
|
"enabled":1,
|
||||||
"version_min":300000,
|
"version_min":300000,
|
||||||
"title":"SecRuleUpdateTargetByTag (4/4)",
|
"title":"SecRuleUpdateTargetByTag (4/6)",
|
||||||
"client":{
|
"client":{
|
||||||
"ip":"200.249.12.31",
|
"ip":"200.249.12.31",
|
||||||
"port":123
|
"port":123
|
||||||
@@ -158,5 +158,85 @@
|
|||||||
"SecRuleUpdateTargetByTag test !ARGS:/ke/",
|
"SecRuleUpdateTargetByTag test !ARGS:/ke/",
|
||||||
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
|
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled":1,
|
||||||
|
"version_min":300000,
|
||||||
|
"title":"SecRuleUpdateTargetByTag Test (5/6) Regex with match anchored at beginning of Subject",
|
||||||
|
"client":{
|
||||||
|
"ip":"200.249.12.31",
|
||||||
|
"port":123
|
||||||
|
},
|
||||||
|
"server":{
|
||||||
|
"ip":"200.249.12.31",
|
||||||
|
"port":80
|
||||||
|
},
|
||||||
|
"request":{
|
||||||
|
"headers":{
|
||||||
|
"Host":"localhost",
|
||||||
|
"User-Agent":"curl/7.38.0",
|
||||||
|
"Accept":"*/*"
|
||||||
|
},
|
||||||
|
"uri":"/?key=value&ref=something",
|
||||||
|
"method":"GET"
|
||||||
|
},
|
||||||
|
"response":{
|
||||||
|
"headers":{
|
||||||
|
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
|
||||||
|
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
|
||||||
|
"Content-Type":"text/html"
|
||||||
|
},
|
||||||
|
"body":[
|
||||||
|
"no need."
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"expected":{
|
||||||
|
"http_code": 200
|
||||||
|
},
|
||||||
|
"rules":[
|
||||||
|
"SecRuleEngine On",
|
||||||
|
"SecRuleUpdateTargetByTag test !ARGS:'/(?!ref)/'",
|
||||||
|
"SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled":1,
|
||||||
|
"version_min":300000,
|
||||||
|
"title":"SecRuleUpdateTargetByTag Test (6/6) Regex with match anchored at beginning of Subject",
|
||||||
|
"client":{
|
||||||
|
"ip":"200.249.12.31",
|
||||||
|
"port":123
|
||||||
|
},
|
||||||
|
"server":{
|
||||||
|
"ip":"200.249.12.31",
|
||||||
|
"port":80
|
||||||
|
},
|
||||||
|
"request":{
|
||||||
|
"headers":{
|
||||||
|
"Host":"localhost",
|
||||||
|
"User-Agent":"curl/7.38.0",
|
||||||
|
"Accept":"*/*"
|
||||||
|
},
|
||||||
|
"uri":"/?key=value&ref=something",
|
||||||
|
"method":"GET"
|
||||||
|
},
|
||||||
|
"response":{
|
||||||
|
"headers":{
|
||||||
|
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
|
||||||
|
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
|
||||||
|
"Content-Type":"text/html"
|
||||||
|
},
|
||||||
|
"body":[
|
||||||
|
"no need."
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"expected":{
|
||||||
|
"http_code": 200
|
||||||
|
},
|
||||||
|
"rules":[
|
||||||
|
"SecRuleEngine On",
|
||||||
|
"SecRuleUpdateTargetByTag test !ARGS:'/^ref/'",
|
||||||
|
"SecRule ARGS \"@contains something\" \"id:1,pass,t:trim,tag:'test',deny\""
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
Reference in New Issue
Block a user