From 2a8cafb1072305bedd4a78cb12b9266563403237 Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Thu, 30 Aug 2018 18:01:53 -0400 Subject: [PATCH 1/2] Fix SecResponseBodyAccess and ctl:requestBodyAccess directives --- CHANGES | 2 ++ src/transaction.cc | 7 +------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 392c18f1d0..fca9640602 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ v3.0.3 - YYYY-MMM-DD (to be released) ------------------------------------- + - Fix SecResponseBodyAccess and ctl:requestBodyAccess directives + [Issue #1531 - @victorhora, @defanator] - Adds support for ctl:requestBodyProcessor=URLENCODED [Issue #1797 - @victorhora] - Add LUA compatibility for CentOS and try to use LuaJIT first if available diff --git a/src/transaction.cc b/src/transaction.cc index d1f9352675..4e3fdc796a 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -766,14 +766,11 @@ int Transaction::processRequestBody() { m_variableReqbodyProcessorError.set("0", m_variableOffset); } -#if 1 if (m_rules->m_secRequestBodyAccess != RulesProperties::TrueConfigBoolean) { if (m_requestBodyAccess != RulesProperties::TrueConfigBoolean) { #ifndef NO_LOGS debug(4, "Request body processing is disabled"); #endif - - this->m_rules->evaluate(modsecurity::RequestBodyPhase, this); return true; } else { #ifndef NO_LOGS @@ -786,14 +783,12 @@ int Transaction::processRequestBody() { if (m_requestBodyAccess == RulesProperties::FalseConfigBoolean) { #ifndef NO_LOGS debug(4, "Request body processing is enabled, but " \ - "disable to this transaction due to ctl:requestBodyAccess " \ + "disabled to this transaction due to ctl:requestBodyAccess " \ "action"); #endif - this->m_rules->evaluate(modsecurity::RequestBodyPhase, this); return true; } } -#endif /** * FIXME: This variable should be calculated on demand, it is From 31f20e09366f2fab19f2784e3e2b781cc6800860 Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Fri, 31 Aug 2018 15:59:11 -0400 Subject: [PATCH 2/2] Fix matching condition and adjust test case --- src/transaction.cc | 2 +- test/test-cases/regression/action-ctl_request_body_access.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/transaction.cc b/src/transaction.cc index 4e3fdc796a..1bba7e3503 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -766,7 +766,7 @@ int Transaction::processRequestBody() { m_variableReqbodyProcessorError.set("0", m_variableOffset); } - if (m_rules->m_secRequestBodyAccess != RulesProperties::TrueConfigBoolean) { + if (m_rules->m_secRequestBodyAccess == RulesProperties::FalseConfigBoolean) { if (m_requestBodyAccess != RulesProperties::TrueConfigBoolean) { #ifndef NO_LOGS debug(4, "Request body processing is disabled"); diff --git a/test/test-cases/regression/action-ctl_request_body_access.json b/test/test-cases/regression/action-ctl_request_body_access.json index b299d1aca1..a7eed77f5c 100644 --- a/test/test-cases/regression/action-ctl_request_body_access.json +++ b/test/test-cases/regression/action-ctl_request_body_access.json @@ -51,7 +51,7 @@ ] }, "expected":{ - "debug_log":"Request body processing is enabled, but disable to this transaction due to ctl:requestBodyAccess action" + "debug_log":"Request body processing is enabled, but disabled to this transaction due to ctl:requestBodyAccess action" }, "rules":[ "SecRuleEngine On",