Correction remove_by_tag and remove_by_msg

Minasu · Felipe Zimmerle · commit a0bea7356d35 · 2018-02-28T10:31:45.000-03:00
diff --git a/src/rules.cc b/src/rules.cc
@@ -152,6 +152,8 @@ std::string Rules::getParserError() {
 
 
 int Rules::evaluate(int phase, Transaction *transaction) {
+    bool remove_rule;
+    
     if (phase > modsecurity::Phases::NUMBER_OF_PHASES) {
        return 0;
     }
@@ -178,6 +180,7 @@ int Rules::evaluate(int phase, Transaction *transaction) {
     }
 
     for (int i = 0; i < rules.size(); i++) {
+        remove_rule = false;
         Rule *rule = rules[i];
         if (transaction->m_marker.empty() == false) {
             debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
@@ -209,9 +212,13 @@ int Rules::evaluate(int phase, Transaction *transaction) {
                         debug(9, "Skipped rule id '" \
                             + std::to_string(rule->m_ruleId) \
                             + "'. Removed by a SecRuleRemoveByMsg directive.");
-                        return 1;
+                        remove_rule = true;
+                        break;
                     }
                 }
+                if(remove_rule) {
+                    continue;
+                }
             }
 
             if (m_exceptions.m_remove_rule_by_tag.empty() == false) {
@@ -220,9 +227,13 @@ int Rules::evaluate(int phase, Transaction *transaction) {
                         debug(9, "Skipped rule id '" \
                             + std::to_string(rule->m_ruleId) \
                             + "'. Removed by a SecRuleRemoveByTag directive.");
-                        return 1;
+                        remove_rule = true;
+                        break;
                     }
                 }
+                if(remove_rule) {
+                    continue;
+                }
             }
 
             rule->evaluate(transaction, NULL);

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,8 @@ std::string Rules::getParserError() {`
`152`	`152`
`153`	`153`
`154`	`154`	`int Rules::evaluate(int phase, Transaction *transaction) {`
	`155`	`+ bool remove_rule;`
	`156`	`+`
`155`	`157`	`if (phase > modsecurity::Phases::NUMBER_OF_PHASES) {`
`156`	`158`	`return 0;`
`157`	`159`	`}`
`@@ -178,6 +180,7 @@ int Rules::evaluate(int phase, Transaction *transaction) {`
`178`	`180`	`}`
`179`	`181`
`180`	`182`	`for (int i = 0; i < rules.size(); i++) {`
	`183`	`+ remove_rule = false;`
`181`	`184`	`Rule *rule = rules[i];`
`182`	`185`	`if (transaction->m_marker.empty() == false) {`
`183`	`186`	`debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \`
`@@ -209,9 +212,13 @@ int Rules::evaluate(int phase, Transaction *transaction) {`
`209`	`212`	`debug(9, "Skipped rule id '" \`
`210`	`213`	`+ std::to_string(rule->m_ruleId) \`
`211`	`214`	`+ "'. Removed by a SecRuleRemoveByMsg directive.");`
`212`		`- return 1;`
	`215`	`+ remove_rule = true;`
	`216`	`+ break;`
`213`	`217`	`}`
`214`	`218`	`}`
	`219`	`+ if(remove_rule) {`
	`220`	`+ continue;`
	`221`	`+ }`
`215`	`222`	`}`
`216`	`223`
`217`	`224`	`if (m_exceptions.m_remove_rule_by_tag.empty() == false) {`
`@@ -220,9 +227,13 @@ int Rules::evaluate(int phase, Transaction *transaction) {`
`220`	`227`	`debug(9, "Skipped rule id '" \`
`221`	`228`	`+ std::to_string(rule->m_ruleId) \`
`222`	`229`	`+ "'. Removed by a SecRuleRemoveByTag directive.");`
`223`		`- return 1;`
	`230`	`+ remove_rule = true;`
	`231`	`+ break;`
`224`	`232`	`}`
`225`	`233`	`}`
	`234`	`+ if(remove_rule) {`
	`235`	`+ continue;`
	`236`	`+ }`
`226`	`237`	`}`
`227`	`238`
`228`	`239`	`rule->evaluate(transaction, NULL);`