rx:exit after full match; fix TX population after unused group #2348
Conversation
| }, | ||
| "rules":[ | ||
| "SecRuleEngine On", | ||
| "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"", |
There was a problem hiding this comment.
Just a quick note: I assume this is just a typo, but surprising that a rule has two (different) id, and the engine allows that.
Also wanted to check the regression tests result, but there isn't any CI output. Did you merge this patch without that?
There was a problem hiding this comment.
Yes there should not be two instances of id. I believe that happened because the preexisting tests in the file likewise had that, and I cut-and-pasted from there as a starting point. Obviously an oversight on my part that I did not notice it.
There was a problem hiding this comment.
and I cut-and-pasted from there as a starting point - sure, it's no problem, we're humans :).
But why the libmodsecurity3 allows this? And where it the regression test output?
There was a problem hiding this comment.
All the regression tests are available on travis-ci. There is a build for every commit. The history is available here: https://travis-ci.org/github/SpiderLabs/ModSecurity. That link is also available on the project description.
The checking is disabled on v3/master as a consequence of the development towards 3.1 as described here:
v3.1 Project
This pull request includes a functionality change to stop analyzing a string after a first full match. In other words, additional full matches will no longer be scanned for like the /g flag does.