Fix @pm lookup for possible matches on offset zero

2025-08-13 13:26:01 +03:00 · 2019-10-02 08:05:14 -07:00 · 2019-10-02 08:05:14 -07:00 · beedddd6c6
commit beedddd6c6
parent d5b93c1013
4 changed files with 156 additions and 4 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.0.4 - YYYY-MMM-DD (to be released)
 -------------------------------------

+ - Fix @pm lookup for possible matches on offset zero.
+   [@zimmerle, @afoxdavidi, @martinhsv, @marshal09]
 - Regex lookup on the key name instead of COLLECTION:key
   [@rdiperri-yottaa, @danbiagini-work, @mmelo-yottaa, @zimmerle]
 - Missing throw in Operator::instantiate
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@ -84,7 +84,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {

 bool Pm::evaluate(Transaction *transaction, Rule *rule,
    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
-    int rc = 0;
+    int rc = -1;
    ACMPT pt;
    pt.parser = m_p;
    pt.ptr = NULL;
@ -97,7 +97,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
    pthread_mutex_unlock(&m_lock);
 #endif

-    if (rc > 0 && transaction) {
+    if (rc >= 0 && transaction) {
        std::string match_(match);
        logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
        transaction->m_matched.push_back(match_);
@ -110,7 +110,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
            std::string(match));
    }

-    return rc > 0;
+    return rc >= 0;
 }


--- a/src/utils/acmp.cc
+++ b/src/utils/acmp.cc
@ -585,7 +585,7 @@ int acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, size_
        offset++;
    }
    acmpt->ptr = node;
-    return 0;
+    return -1;
 }

 }
--- a/test/test-cases/regression/operator-pm.json
+++ b/test/test-cases/regression/operator-pm.json
@ -0,0 +1,150 @@
+[
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operator test 1/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=something`somenthing",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "Rule returned 1",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operater test 2/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=`somenthing",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operater test 3/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=a",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "Rule returned 1",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operater test 4/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=a`b",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "Rule returned 1",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  }
+]