Bug fix: variable resolution inside global collections

Collections were being resolved as transient variables.
2025-08-13 21:36:00 +03:00 · 2016-07-07 10:32:48 -03:00 · 2016-07-07 10:32:48 -03:00 · 7bcc9cf0d9
commit 7bcc9cf0d9
parent 20689145dd
2 changed files with 51 additions and 10 deletions
--- a/headers/modsecurity/collection/collection.h
+++ b/headers/modsecurity/collection/collection.h
@ -62,49 +62,49 @@ class Collection {

    virtual void store(std::string key, std::string compartment,
        std::string value) {
-        std::string nkey = key + "::" + compartment;
+        std::string nkey = compartment + "::" + key;
        store(nkey, value);
    }

    virtual bool storeOrUpdateFirst(const std::string &key,
        std::string compartment, const std::string &value) {
-        std::string nkey = key + "::" + compartment;
+        std::string nkey = compartment + "::" + key;
        return storeOrUpdateFirst(nkey, value);
    }

    virtual bool updateFirst(const std::string &key, std::string compartment,
        const std::string &value) {
-        std::string nkey = key + "::" + compartment;
+        std::string nkey = compartment + "::" + key;
        return updateFirst(nkey, value);
    }

    virtual void del(const std::string& key, std::string compartment) {
-        std::string nkey = key + "::" + compartment;
+        std::string nkey = compartment + "::" + key;
        del(nkey);
    }

    virtual std::string* resolveFirst(const std::string& var,
        std::string compartment) {
-        std::string nkey = var + "::" + compartment;
+        std::string nkey = compartment + "::" + var;
        return resolveFirst(nkey);
    }

    virtual void resolveSingleMatch(const std::string& var,
        std::string compartment, std::vector<const Variable *> *l) {
-        std::string nkey = var + "::" + compartment;
+        std::string nkey = compartment + "::" + var;
        resolveSingleMatch(nkey, l);
    }

    virtual void resolveMultiMatches(const std::string& var,
        std::string compartment, std::vector<const Variable *> *l) {
-        std::string nkey = var + "::" + compartment;
+        std::string nkey = compartment + "::" + var;
        resolveMultiMatches(nkey, l);
    }

    virtual void resolveRegularExpression(const std::string& var,
        std::string compartment,
        std::vector<const Variable *> *l) {
-        std::string nkey = var + "::" + compartment;
+        std::string nkey = compartment + "::" + var;
        resolveRegularExpression(nkey, l);
    }

--- a/src/variables/variable.cc
+++ b/src/variables/variable.cc
@ -22,6 +22,7 @@

 #include "modsecurity/transaction.h"
 #include "variations/exclusion.h"
+#include "src/utils.h"

 using modsecurity::Variables::Variations::Exclusion;

@ -37,12 +38,32 @@ Variable::Variable(std::string name)
    if (m_name.at(0) == '\\') {
        m_type = RegularExpression;
    } else if (m_name.find(":") != std::string::npos) {
+        std::string col = toupper(std::string(m_name, 0, m_name.find(":")));
+        if (col == "TX" || col == "IP" || col == "GLOBAL"
+            || col == "RESOURCE" || col == "SESSION") {
+            m_collectionName = col;
+        }
        m_type = SingleMatch;
    } else {
        m_type = MultipleMatches;
    }

-    if (m_name.find(".") != std::string::npos) {
+    if (tolower(m_name) == "tx") {
+        m_collectionName = "TX";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "ip") {
+        m_collectionName = "IP";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "global") {
+        m_collectionName = "GLOBAL";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "resource") {
+        m_collectionName = "RESOURCE";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "session") {
+        m_collectionName = "SESSION";
+        m_type = MultipleMatches;
+    } else if (m_name.find(".") != std::string::npos) {
        m_kind = CollectionVarible;
        m_collectionName = std::string(m_name, 0, m_name.find("."));
    } else {
@ -60,12 +81,32 @@ Variable::Variable(std::string name, VariableKind kind)
    if (m_name.at(0) == '\\') {
        m_type = RegularExpression;
    } else if (m_name.find(":") != std::string::npos) {
+        std::string col = toupper(std::string(m_name, 0, m_name.find(":")));
+        if (col == "TX" || col == "IP" || col == "GLOBAL"
+            || col == "RESOURCE" || col == "SESSION") {
+            m_collectionName = col;
+        }
        m_type = SingleMatch;
    } else {
        m_type = MultipleMatches;
    }

-    if (m_name.find(".") != std::string::npos) {
+    if (tolower(m_name) == "tx") {
+        m_collectionName = "TX";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "ip") {
+        m_collectionName = "IP";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "global") {
+        m_collectionName = "GLOBAL";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "resource") {
+        m_collectionName = "RESOURCE";
+        m_type = MultipleMatches;
+    } else if (tolower(m_name) == "session") {
+        m_collectionName = "SESSION";
+        m_type = MultipleMatches;
+    } else if (m_name.find(".") != std::string::npos) {
        m_collectionName = std::string(m_name, 0, m_name.find("."));
    }
 }