fix(seclang): merge chained raw rules (#985)

corazawaf · Feb 6, 2024 · acd2040 · acd2040
1 parent 8993363
commit acd2040
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/internal/seclang/rule_parser.go b/internal/seclang/rule_parser.go
@@ -379,7 +379,6 @@ func ParseRule(options RuleOptions) (*corazawaf.Rule, error) {
 		}
 	}
 	rule := rp.Rule()
-	rule.Raw_ = options.Raw
 	rule.File_ = options.ParserConfig.ConfigFile
 	rule.Line_ = options.ParserConfig.LastLine
 
@@ -392,7 +391,12 @@ func ParseRule(options RuleOptions) (*corazawaf.Rule, error) {
 		// TODO we must remove defaultactions from chains
 		rule.Phase_ = 0
 		lastChain.Chain = rule
+		// This way we store the raw rule in the parent
+		parent.Raw_ += " \n" + options.Raw
 		return nil, nil
+	} else {
+		// we only want Raw for the parent
+		rule.Raw_ = options.Raw
 	}
 	return rule, nil
 }

diff --git a/internal/seclang/rule_parser_test.go b/internal/seclang/rule_parser_test.go
@@ -251,6 +251,29 @@ func TestInvalidOperatorRuleData(t *testing.T) {
 	}
 }
 
+func TestRawChainedRules(t *testing.T) {
+	waf := corazawaf.NewWAF()
+	p := NewParser(waf)
+	if err := p.FromString(`
+	SecRule REQUEST_URI "abc" "id:7,phase:2,chain"
+	SecRule REQUEST_URI "def" "chain"
+	SecRule REQUEST_URI "ghi" ""
+	`); err != nil {
+		t.Errorf("unexpected error: %s", err.Error())
+	}
+	raw := waf.Rules.GetRules()[0].Raw()
+	spl := strings.Split(raw, "\n")
+	if len(spl) != 3 {
+		t.Errorf("unexpected number of chained rules, want 3, have %d", len(spl))
+	}
+	for i, r := range spl {
+		// we test that all lines begin with SecRule REQUEST_URI "
+		if !strings.HasPrefix(r, "SecRule REQUEST_URI ") {
+			t.Errorf("unexpected rule at line %d: %s", i, r)
+		}
+	}
+}
+
 func BenchmarkParseActions(b *testing.B) {
 	actionsToBeParsed := "id:980170,phase:5,pass,t:none,noauditlog,msg:'Anomaly Scores:Inbound Scores - Outbound Scores',tag:test"
 	for i := 0; i < b.N; i++ {