diff --git a/experimental/types/value_metadata.go b/experimental/types/value_metadata.go index 85f93c8ef..02a90bd44 100644 --- a/experimental/types/value_metadata.go +++ b/experimental/types/value_metadata.go @@ -96,7 +96,7 @@ func NewDataMetadataList() DataMetadataList { func (v *DataMetadataList) EvaluateMetadata(data string) { // we do the analysis only once - if !v.evaluated { + if v != nil && !v.evaluated { v.metadata = make(map[DataMetadata]bool) v.evaluateBoolean(data) v.evaluateNumeric(data) diff --git a/internal/corazarules/rule_match.go b/internal/corazarules/rule_match.go index 2f7ef4102..b1713730e 100644 --- a/internal/corazarules/rule_match.go +++ b/internal/corazarules/rule_match.go @@ -66,6 +66,9 @@ func (m MatchData) ChainLevel() int { func (m *MatchData) DataMetadata() experimentalTypes.DataMetadataList { // Evaluate the metadata if it's not set + if m.Metadata_ == nil { + m.Metadata_ = &experimentalTypes.DataMetadataList{} + } m.Metadata_.EvaluateMetadata(m.Value_) return *m.Metadata_ } diff --git a/internal/seclang/parser_test.go b/internal/seclang/parser_test.go index ee1fac499..3c32401e3 100644 --- a/internal/seclang/parser_test.go +++ b/internal/seclang/parser_test.go @@ -154,6 +154,7 @@ func TestAllowedMetadataTagsInspectionEnabled(t *testing.T) { t.Error(err) } tx := waf.NewTransaction() + tx.SetMetadataInspection(true) tx.AddRequestHeader("Content-Type", "application/json") tx.ProcessURI("http://localhost/test.php", "GET", "1.1") tx.ProcessRequestHeaders() @@ -210,6 +211,7 @@ func BenchmarkAllowedMetadataTagsInspectionEnabled(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { tx := waf.NewTransaction() + tx.SetMetadataInspection(true) tx.AddRequestHeader("Content-Type", "application/json") tx.ProcessURI("http://localhost/test.php", "GET", "1.1") tx.ProcessRequestHeaders() @@ -267,6 +269,7 @@ func BenchmarkAllowedMetadataTagsInspectionDisabled(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { tx := waf.NewTransaction() + tx.SetMetadataInspection(false) tx.AddRequestHeader("Content-Type", "application/json") tx.SetMetadataInspection(false) tx.ProcessURI("http://localhost/test.php", "GET", "1.1")