Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix meta-actions not being applied if multiMatch is enabled in the chain starter rule #2868

Merged
merged 1 commit into from
Apr 27, 2023
Merged

Fix meta-actions not being applied if multiMatch is enabled in the chain starter rule #2868

merged 1 commit into from
Apr 27, 2023

Conversation

mlevogiannis
Copy link
Contributor

@mlevogiannis mlevogiannis commented Jan 20, 2023
edited
Loading

Fixes #2867.

(This PR will be marked as ready after #2866 is merged and the new regression tests are updated to also check for the tags in the audit log.)

@mlevogiannis mlevogiannis changed the title Fix meta-actions not being applied in the chain starter rule if multiMatch is enabled Fix meta-actions not being applied if multiMatch is enabled in the chain starter rule Jan 20, 2023
@mlevogiannis mlevogiannis force-pushed the v3/fix-multimatch-chain branch from b71a112 to 1e6184b Compare April 25, 2023 18:28
@mlevogiannis mlevogiannis marked this pull request as ready for review April 25, 2023 18:29
@martinhsv
Copy link
Contributor

@mlevogiannis

I agree with this change. It successfully brings the output closer to what users' reasonable expectations likely are. (There are still some oddities with chain combined with multiMatch, but this PR doesn't appear to make any of those things worse.)

The only thing that really ought to be changed with this PR is in the automated test: it would be better if each SecRule in the same chain appears on its own line. It's easier to read that way -- not to mention making it more consistent with other examples that use 'chain' in the automated test suite.

@mlevogiannis
Fix meta-actions not being applied if multiMatch is enabled in the ch…
12add9a 
…ain starter rule

Meta-actions can only be used in non-chained rules or in the chain starter
rule of a rule chain. The m_chainedRuleParent member of the RuleWithActions
class is NULL only if the rule is not chained or if it is the chain starter
rule of a rule chain.

Fixes owasp-modsecurity#2867.
@mlevogiannis mlevogiannis force-pushed the v3/fix-multimatch-chain branch from 1e6184b to 12add9a Compare April 27, 2023 16:45
@mlevogiannis
Copy link
Contributor Author

@martinhsv Fixed.

@martinhsv martinhsv merged commit 4050c84 into owasp-modsecurity:v3/master Apr 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Meta-actions are not applied if multiMatch is enabled in the chain starter rule
2 participants
@mlevogiannis @martinhsv