diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc index a7f7918a6..8656c51a6 100644 --- a/src/rule_with_operator.cc +++ b/src/rule_with_operator.cc @@ -355,6 +355,9 @@ bool RuleWithOperator::evaluate(Transaction *trans, /* last rule in the chain. */ performLogging(trans, ruleMessage, true, true); + if (m_ruleId > 0) { + cleanMatchedVars(trans); + } return true; } diff --git a/test/test-cases/regression/variable-MATCHED_VAR.json b/test/test-cases/regression/variable-MATCHED_VAR.json index 84ee940e9..734834e84 100644 --- a/test/test-cases/regression/variable-MATCHED_VAR.json +++ b/test/test-cases/regression/variable-MATCHED_VAR.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VAR (1/2)", + "title":"Testing Variables :: MATCHED_VAR (1/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -42,7 +42,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VAR (2/2)", + "title":"Testing Variables :: MATCHED_VAR (2/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -81,6 +81,129 @@ "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,pass\"", "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,pass\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR (3/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VAR \"@eq 1\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR (4/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VAR \"@eq 2\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR (5/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,deny,status:403,chain\"", + "SecRule MATCHED_VAR \"@eq 2\"" + ] } ] diff --git a/test/test-cases/regression/variable-MATCHED_VARS.json b/test/test-cases/regression/variable-MATCHED_VARS.json index 7d469a0fe..11a93efd8 100644 --- a/test/test-cases/regression/variable-MATCHED_VARS.json +++ b/test/test-cases/regression/variable-MATCHED_VARS.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VARS (1/2)", + "title":"Testing Variables :: MATCHED_VARS (1/6)", "client":{ "ip":"200.249.12.31", "port":123 @@ -43,7 +43,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VARS (2/2)", + "title":"Testing Variables :: MATCHED_VARS (2/6)", "client":{ "ip":"200.249.12.31", "port":123 @@ -81,6 +81,170 @@ "SecRule MATCHED_VARS \"@contains asdf\" \"\"", "SecRule MATCHED_VARS \"@contains value\" \"id:29\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS (3/6)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VARS \"@contains 1\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS (4/6)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VARS \"@contains 2\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS (5/6)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VARS \"@within 1 2\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS (6/6)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,deny,status:403,chain\"", + "SecRule MATCHED_VARS \"@eq 2\"" + ] } ] diff --git a/test/test-cases/regression/variable-MATCHED_VARS_NAMES.json b/test/test-cases/regression/variable-MATCHED_VARS_NAMES.json index a734e71b4..d1a83a55f 100644 --- a/test/test-cases/regression/variable-MATCHED_VARS_NAMES.json +++ b/test/test-cases/regression/variable-MATCHED_VARS_NAMES.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VARS_NAMES (1/2)", + "title":"Testing Variables :: MATCHED_VARS_NAMES (1/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -43,7 +43,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VARS_NAMES (2/2)", + "title":"Testing Variables :: MATCHED_VARS_NAMES (2/5)", "client":{ "ip":"200.249.12.31", "port":123 @@ -81,6 +81,129 @@ "SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"\"", "SecRule MATCHED_VARS_NAMES \"@contains value\" \"id:29\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS_NAMES (3/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VARS_NAMES \"@within ARGS:foo ARGS:bar ARGS:baz\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS_NAMES (4/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,deny,status:403,chain\"", + "SecRule MATCHED_VARS_NAMES \"@strEq ARGS:foo\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VARS_NAMES (5/5)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,deny,status:403,chain\"", + "SecRule MATCHED_VARS_NAMES \"@within ARGS:bar ARGS:baz\"" + ] } ] diff --git a/test/test-cases/regression/variable-MATCHED_VAR_NAME.json b/test/test-cases/regression/variable-MATCHED_VAR_NAME.json index ef9c43ca4..0525019ac 100644 --- a/test/test-cases/regression/variable-MATCHED_VAR_NAME.json +++ b/test/test-cases/regression/variable-MATCHED_VAR_NAME.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VAR_NAME (1/3)", + "title":"Testing Variables :: MATCHED_VAR_NAME (1/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -43,7 +43,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VAR_NAME (2/3)", + "title":"Testing Variables :: MATCHED_VAR_NAME (2/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -85,7 +85,7 @@ { "enabled":1, "version_min":300000, - "title":"Testing Variables :: MATCHED_VAR_NAME (3/3)", + "title":"Testing Variables :: MATCHED_VAR_NAME (3/7)", "client":{ "ip":"200.249.12.31", "port":123 @@ -121,6 +121,169 @@ "SecRule ARGS_NAMES \"@contains ey1\" \"chain,id:30,pass\"", "SecRule MATCHED_VAR_NAME \"@contains key1\" \"id:31\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR_NAME (4/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VAR_NAME \"@strEq ARGS:foo\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR_NAME (5/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VAR_NAME \"@strEq ARGS:bar\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR_NAME (6/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,pass\"", + "SecRule MATCHED_VAR_NAME \"@strEq ARGS:baz\" \"id:3,phase:1,deny,status:403\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: MATCHED_VAR_NAME (7/7)", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?foo=1&bar=2&baz=2", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRule ARGS \"@rx 1\" \"id:1,phase:1,pass\"", + "SecRule ARGS \"@rx 2\" \"id:2,phase:1,deny,status:403,chain\"", + "SecRule MATCHED_VAR_NAME \"@within ARGS:baz ARGS:bar\"" + ] } ] -