From a2e9ae1fa721693c2c1fdc47b245670556dc2352 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Thu, 21 Feb 2019 21:53:39 +0000
Subject: [PATCH 1/3] Fixed bug described in issue-1960

---
 src/transaction.cc                         |   4 +-
 test/test-cases/regression/issue-1960.json | 120 +++++++++++++++++++++
 2 files changed, 123 insertions(+), 1 deletion(-)
 create mode 100644 test/test-cases/regression/issue-1960.json

diff --git a/src/transaction.cc b/src/transaction.cc
index 693bed6b90..5499301d89 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1327,7 +1327,9 @@ bool Transaction::intervention(ModSecurityIntervention *it) {
             it->url = strdup(m_it.url);
         }
         it->disruptive = m_it.disruptive;
-        it->status = m_it.status;
+        if (getRuleEngineState() != RulesProperties::DetectionOnlyRuleEngine) {
+            it->status = m_it.status;
+        }
 
         if (m_it.log != NULL) {
             std::string log("");
diff --git a/test/test-cases/regression/issue-1960.json b/test/test-cases/regression/issue-1960.json
new file mode 100644
index 0000000000..1fd4db0f8c
--- /dev/null
+++ b/test/test-cases/regression/issue-1960.json
@@ -0,0 +1,120 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setvar :: SecRuleEngine DetectionOnly test",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"/?a=exec(/bin/bash);",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine DetectionOnly",
+      "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"",
+      "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
+      "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setvar :: SecRuleEngine DetectionOnly against test",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"/?a=exec(/bin/bash);",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":403
+    },
+    "rules":[
+      "SecRuleEngine on",
+      "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"",
+      "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
+      "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setvar :: SecRuleEngine off test",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"/?a=exec(/bin/bash);",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine off",
+      "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"",
+      "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
+      "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\""
+    ]
+  }
+]
+

From f03c8a7de18673d17b20a4045bd2338d4fe3fd13 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Fri, 22 Feb 2019 19:56:16 +0000
Subject: [PATCH 2/3] Fixed general secruleengine test

---
 test/test-cases/regression/secruleengine.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/test-cases/regression/secruleengine.json b/test/test-cases/regression/secruleengine.json
index 7ecf2caa79..da69a914e9 100644
--- a/test/test-cases/regression/secruleengine.json
+++ b/test/test-cases/regression/secruleengine.json
@@ -34,7 +34,7 @@
     "version_min":300000,
     "title":"Testing Disruptive actions (3/n)",
     "expected":{
-      "http_code":404
+      "http_code":200
     },
     "rules":[
       "SecRuleEngine On",

From b32fee0a06a6e69f8803899e46f54f20af6af407 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Fri, 22 Feb 2019 20:07:36 +0000
Subject: [PATCH 3/3] Set default status of intervention object

---
 src/transaction.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/transaction.cc b/src/transaction.cc
index 5499301d89..b4e668c3e1 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1330,6 +1330,9 @@ bool Transaction::intervention(ModSecurityIntervention *it) {
         if (getRuleEngineState() != RulesProperties::DetectionOnlyRuleEngine) {
             it->status = m_it.status;
         }
+        else {
+            it->status = 200;
+        }
 
         if (m_it.log != NULL) {
             std::string log("");