coreruleset
diff --git a/‎go.sum‎
Lines changed: 0 additions & 2 deletions b/‎go.sum‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎listener/actions.go‎
Lines changed: 27 additions & 5 deletions b/‎listener/actions.go‎
Lines changed: 27 additions & 5 deletions
diff --git a/‎listener_test.go‎
Lines changed: 44 additions & 32 deletions b/‎listener_test.go‎
Lines changed: 44 additions & 32 deletions
diff --git a/‎types/actions.go‎
Lines changed: 139 additions & 19 deletions b/‎types/actions.go‎
Lines changed: 139 additions & 19 deletions
@@ -1,7 +1,5 @@
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
-github.com/coreruleset/seclang_parser v0.1.1 h1:u0tUmM4cWxkMouDzELIDwBVw0mcBCjzo89DRmPiE+8U=
-github.com/coreruleset/seclang_parser v0.1.1/go.mod h1:joNgWwutayILH6THEiq2ypgYxmu816pdvVctt0rLRv4=
 github.com/coreruleset/seclang_parser v0.2.0 h1:Rj1ZpLZxF2owZg8zgoCx59UUeHBlIxBh85A1WEMvGQU=
 github.com/coreruleset/seclang_parser v0.2.0/go.mod h1:joNgWwutayILH6THEiq2ypgYxmu816pdvVctt0rLRv4=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 
@@ -44,11 +44,13 @@ func (l *ExtendedSeclangParserListener) EnterDisruptive_action_with_params(ctx *
 }
 
 func (l *ExtendedSeclangParserListener) EnterNon_disruptive_action_with_params(ctx *parser.Non_disruptive_action_with_paramsContext) {
-	l.setParam = func(value string) {
-		action := types.StringToNonDisruptiveAction(ctx.GetText())
-		err := l.currentDirective.GetActions().AddNonDisruptiveActionWithParam(action, value)
-		if err != nil {
-			panic(fmt.Sprintf("failed to add non-disruptive action with param: %v", err))
+	if ctx.GetText() != "setvar" {
+		l.setParam = func(value string) {
+			action := types.StringToNonDisruptiveAction(ctx.GetText())
+			err := l.currentDirective.GetActions().AddNonDisruptiveActionWithParam(action, value)
+			if err != nil {
+				panic(fmt.Sprintf("failed to add non-disruptive action with param: %v", err))
+			}
 		}
 	}
 }
@@ -79,3 +81,23 @@ func (l *ExtendedSeclangParserListener) EnterAction_value_types(ctx *parser.Acti
 		l.setParam = doNothingFuncString
 	}
 }
+
+func (l *ExtendedSeclangParserListener) EnterCol_name(ctx *parser.Col_nameContext) {
+	l.varName = ctx.GetText()
+}
+
+func (l *ExtendedSeclangParserListener) EnterSetvar_stmt(ctx *parser.Setvar_stmtContext) {
+	l.varValue = ctx.GetText()
+}
+
+func (l *ExtendedSeclangParserListener) EnterAssignment(ctx *parser.AssignmentContext) {
+	l.parameter = ctx.GetText()
+}
+
+func (l *ExtendedSeclangParserListener) EnterVar_assignment(ctx *parser.Var_assignmentContext) {
+	l.currentDirective.GetActions().AddSetvarAction(l.varName, l.varValue, l.parameter, ctx.GetText())
+	l.varName = ""
+	l.varValue = ""
+	l.parameter = ""
+	l.setParam = doNothingFuncString
+}
@@ -27,6 +27,14 @@ func mustNewActionWithParam[T types.ActionType](action T, param string) types.Ac
 	return newAction
 }
 
+func mustNewSetvarAction(collection types.CollectionName, operation string, vars []types.VarAssignment) types.Action {
+	newAction, err := types.NewSetvarAction(collection, operation, vars)
+	if err != nil {
+		panic(err)
+	}
+	return newAction
+}
+
 type testCase struct {
 	name     string
 	payload  string
@@ -161,27 +169,29 @@ SecAction \
 									DisruptiveAction: mustNewActionOnly(types.Pass),
 									NonDisruptiveActions: []types.Action{
 										mustNewActionOnly(types.NoLog),
-										mustNewActionWithParam(types.SetVar, "tx.blocking_inbound_anomaly_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.detection_inbound_anomaly_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.inbound_anomaly_score_pl1=0"),
-										mustNewActionWithParam(types.SetVar, "tx.inbound_anomaly_score_pl2=0"),
-										mustNewActionWithParam(types.SetVar, "tx.inbound_anomaly_score_pl3=0"),
-										mustNewActionWithParam(types.SetVar, "tx.inbound_anomaly_score_pl4=0"),
-										mustNewActionWithParam(types.SetVar, "tx.sql_injection_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.xss_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.rfi_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.lfi_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.rce_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.php_injection_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.http_violation_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.session_fixation_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.blocking_outbound_anomaly_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.detection_outbound_anomaly_score=0"),
-										mustNewActionWithParam(types.SetVar, "tx.outbound_anomaly_score_pl1=0"),
-										mustNewActionWithParam(types.SetVar, "tx.outbound_anomaly_score_pl2=0"),
-										mustNewActionWithParam(types.SetVar, "tx.outbound_anomaly_score_pl3=0"),
-										mustNewActionWithParam(types.SetVar, "tx.outbound_anomaly_score_pl4=0"),
-										mustNewActionWithParam(types.SetVar, "tx.anomaly_score=0"),
+										mustNewSetvarAction(types.TX, "=", []types.VarAssignment{
+											{Variable: "blocking_inbound_anomaly_score", Value: "0"},
+											{Variable: "detection_inbound_anomaly_score", Value: "0"},
+											{Variable: "inbound_anomaly_score_pl1", Value: "0"},
+											{Variable: "inbound_anomaly_score_pl2", Value: "0"},
+											{Variable: "inbound_anomaly_score_pl3", Value: "0"},
+											{Variable: "inbound_anomaly_score_pl4", Value: "0"},
+											{Variable: "sql_injection_score", Value: "0"},
+											{Variable: "xss_score", Value: "0"},
+											{Variable: "rfi_score", Value: "0"},
+											{Variable: "lfi_score", Value: "0"},
+											{Variable: "rce_score", Value: "0"},
+											{Variable: "php_injection_score", Value: "0"},
+											{Variable: "http_violation_score", Value: "0"},
+											{Variable: "session_fixation_score", Value: "0"},
+											{Variable: "blocking_outbound_anomaly_score", Value: "0"},
+											{Variable: "detection_outbound_anomaly_score", Value: "0"},
+											{Variable: "outbound_anomaly_score_pl1", Value: "0"},
+											{Variable: "outbound_anomaly_score_pl2", Value: "0"},
+											{Variable: "outbound_anomaly_score_pl3", Value: "0"},
+											{Variable: "outbound_anomaly_score_pl4", Value: "0"},
+											{Variable: "anomaly_score", Value: "0"},
+										}),
 									},
 								},
 							},
@@ -286,7 +296,7 @@ SecRule REQUEST_LINE "@rx (?i)^(?:get /[^#\?]*(?:\?[^\s\v#]*)?(?:#[^\s\v]*)?|(?:
 									DisruptiveAction: mustNewActionOnly(types.Block),
 									NonDisruptiveActions: []types.Action{
 										mustNewActionWithParam(types.LogData, "%{request_line}"),
-										mustNewActionWithParam(types.SetVar, "tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}"),
+										mustNewSetvarAction(types.TX, "=+", []types.VarAssignment{{Variable: "inbound_anomaly_score_pl1", Value: "%{tx.warning_anomaly_score}"}}),
 									},
 								},
 							},
@@ -667,16 +677,18 @@ SecComponentSignature "OWASP_CRS/4.0.1-dev"`,
 
 func TestLoadSecLang(t *testing.T) {
 	for _, test := range listenerTestCases {
-		got := types.ConfigurationList{}
-		input := antlr.NewInputStream(test.payload)
-		lexer := parser.NewSecLangLexer(input)
-		stream := antlr.NewCommonTokenStream(lexer, 0)
-		p := parser.NewSecLangParser(stream)
-		start := p.Configuration()
-		var seclangListener listener.ExtendedSeclangParserListener
-		antlr.ParseTreeWalkerDefault.Walk(&seclangListener, start)
-		got = seclangListener.ConfigurationList
+		t.Run(test.name, func(t *testing.T) {
+			got := types.ConfigurationList{}
+			input := antlr.NewInputStream(test.payload)
+			lexer := parser.NewSecLangLexer(input)
+			stream := antlr.NewCommonTokenStream(lexer, 0)
+			p := parser.NewSecLangParser(stream)
+			start := p.Configuration()
+			var seclangListener listener.ExtendedSeclangParserListener
+			antlr.ParseTreeWalkerDefault.Walk(&seclangListener, start)
+			got = seclangListener.ConfigurationList
 
-		require.Equalf(t, got, test.expected, test.name)
+			require.Equalf(t, test.expected, got, test.name)
+		})
 	}
 }
@@ -2,6 +2,7 @@ package types
 
 import (
 	"fmt"
+	"strings"
 )
 
 type SeclangActions struct {
@@ -110,6 +111,92 @@ func (a ActionWithParam) GetParam() string {
 	return ""
 }
 
+type VarAssignment struct {
+	Variable string `yaml:"variable"`
+	Value    string `yaml:"value"`
+}
+
+type SetvarAction struct {
+	Collection  CollectionName  `yaml:"collection,omitempty"`
+	Operation   string          `yaml:"operation,omitempty"`
+	Assignments []VarAssignment `yaml:"assignments,omitempty"`
+}
+
+// GetKey returns the action name (it is always "setvar")
+func (a SetvarAction) GetKey() string {
+	return SetVar.String()
+}
+
+// ToString allows to implement the Action interface
+func (a SetvarAction) ToString() string {
+	if len(a.Assignments) == 0 {
+		return ""
+	}
+
+	var result []string
+	// Reconstruct the setvar actions
+	for _, asg := range a.Assignments {
+		result = append(result, SetVar.String()+":"+a.Collection.String()+"."+asg.Variable+a.Operation+asg.Value)
+	}
+	return strings.Join(result, ", ")
+}
+
+func (a *SetvarAction) AppendAssignment(variable, value string) error {
+	a.Assignments = append(a.Assignments, VarAssignment{Variable: variable, Value: value})
+	return nil
+}
+
+func (a SetvarAction) GetAllParams() []string {
+	if len(a.Assignments) == 0 {
+		return []string{}
+	}
+
+	var result []string
+	// Get all the variables
+	for _, asg := range a.Assignments {
+		res := SetVar.String() + ":" + a.Collection.String() + "." + asg.Variable + a.Operation + asg.Value
+		result = append(result, res)
+	}
+	return result
+}
+
+func (s VarAssignment) MarshalYAML() (interface{}, error) {
+	if s.Variable == "" || s.Value == "" {
+		return nil, fmt.Errorf("invalid variable assignment: missing variable name or value")
+	}
+	return map[string]string{s.Variable: s.Value}, nil
+}
+
+func (s SetvarAction) MarshalYAML() (interface{}, error) {
+	if s.Collection == UNKNOWN_COLLECTION || s.Operation == "" || len(s.Assignments) == 0 {
+		return nil, fmt.Errorf("invalid setvar action: missing collection name, operation, or assignments")
+	}
+	if s.Collection == TX && s.Operation == "=" {
+		// Default case
+		res := map[string][]VarAssignment{}
+		res["setvar"] = s.Assignments
+		return res, nil
+	} else {
+		// Non-default case, collection is different to `TX` or operation is different to `=`.
+		// Fields are re-mapped to a mirrored struct in order to preserve the order in the YAML
+		res := map[string]struct {
+			Collection  CollectionName
+			Operation   string
+			Assignments []VarAssignment
+		}{}
+		res["setvar"] = struct {
+			Collection  CollectionName
+			Operation   string
+			Assignments []VarAssignment
+		}{
+			Collection:  s.Collection,
+			Operation:   s.Operation,
+			Assignments: s.Assignments,
+		}
+		return res, nil
+	}
+}
+
 // ActionType is a constraint for all action types
 type ActionType interface {
 	DisruptiveAction | FlowAction | DataAction | NonDisruptiveAction
@@ -130,6 +217,14 @@ func NewActionWithParam[T ActionType](action T, param string) (ActionWithParam,
 	return ActionWithParam{actionStr: param}, nil
 }
 
+// NewSetvarAction creates a new SetvarAction with the given collection name, operation, and variable assignments
+func NewSetvarAction(collection CollectionName, operation string, vars []VarAssignment) (SetvarAction, error) {
+	if collection != GLOBAL && collection != IP && collection != RESOURCE && collection != SESSION && collection != TX && collection != USER {
+		return SetvarAction{}, fmt.Errorf("invalid setvar action: invalid collection name '%s'", collection)
+	}
+	return SetvarAction{Collection: collection, Operation: operation, Assignments: vars}, nil
+}
+
 type DisruptiveAction int
 
 const (
@@ -431,6 +526,42 @@ func (s *SeclangActions) AddNonDisruptiveActionWithParam(action NonDisruptiveAct
 	return nil
 }
 
+// AddSetvarAction adds a setvar action to the NonDisruptiveActions list
+func (s *SeclangActions) AddSetvarAction(collection, variable, operation, value string) error {
+	colName := stringToCollectionName(strings.ToUpper(collection))
+	// Check if there is already a setvar action in the last position
+	if len(s.NonDisruptiveActions) > 0 {
+		lastAction := s.NonDisruptiveActions[len(s.NonDisruptiveActions)-1]
+		if lastAction.GetKey() != SetVar.String() || lastAction.(SetvarAction).Collection != colName || lastAction.(SetvarAction).Operation != operation {
+			// If the last action is not setvar, we need to create a new one
+			newAction, err := NewSetvarAction(colName, operation, []VarAssignment{{Variable: variable, Value: value}})
+			if err != nil {
+				return err
+			}
+			s.NonDisruptiveActions = append(s.NonDisruptiveActions, newAction)
+		} else {
+			// If the last action is setvar, we need to append the param to it
+			sv, ok := lastAction.(SetvarAction)
+			if !ok {
+				return fmt.Errorf("invalid action type: expected SetvarAction, got %T", lastAction)
+			}
+			err := sv.AppendAssignment(variable, value)
+			if err != nil {
+				return err
+			}
+			s.NonDisruptiveActions[len(s.NonDisruptiveActions)-1] = sv
+		}
+	} else {
+		// If there are no actions yet, we need to create a new setvar action
+		newAction, err := NewSetvarAction(colName, operation, []VarAssignment{{Variable: variable, Value: value}})
+		if err != nil {
+			return err
+		}
+		s.NonDisruptiveActions = append(s.NonDisruptiveActions, newAction)
+	}
+	return nil
+}
+
 func (s *SeclangActions) AddNonDisruptiveActionOnly(action NonDisruptiveAction) error {
 	newAction, err := NewActionOnly(action)
 	if err != nil {
@@ -518,35 +649,24 @@ func (s *SeclangActions) GetActionByKey(key string) Action {
 	return ActionWithParam{}
 }
 
-func (s *SeclangActions) GetActionsByKey(key string) []ActionWithParam {
-	actions := []ActionWithParam{}
-	// if s.DisruptiveAction != nil {
-	// 	if s.DisruptiveAction.ToString() == key {
-	// 		actions = append(actions, s.DisruptiveAction)
-	// 	}
-	// }
+func (s *SeclangActions) GetActionsByKey(key string) []Action {
+	actions := []Action{}
+	if s.DisruptiveAction != nil && s.DisruptiveAction.GetKey() == key {
+		actions = append(actions, s.DisruptiveAction)
+	}
 	for _, action := range s.NonDisruptiveActions {
 		if action.GetKey() == key {
-			aP, ok := action.(ActionWithParam)
-			if ok {
-				actions = append(actions, aP)
-			}
+			actions = append(actions, action)
 		}
 	}
 	for _, action := range s.FlowActions {
 		if action.GetKey() == key {
-			aP, ok := action.(ActionWithParam)
-			if ok {
-				actions = append(actions, aP)
-			}
+			actions = append(actions, action)
 		}
 	}
 	for _, action := range s.DataActions {
 		if action.GetKey() == key {
-			aP, ok := action.(ActionWithParam)
-			if ok {
-				actions = append(actions, aP)
-			}
+			actions = append(actions, action)
 		}
 	}
 	return actions