From 2a920124feaaaee0f69275bbed146e191bcff5c0 Mon Sep 17 00:00:00 2001
From: Sebastien Blot <sebastien@crowdsec.net>
Date: Mon, 4 Dec 2023 11:08:58 +0100
Subject: [PATCH] return an error if a custom rule has both and and or

---
 pkg/waf/waap_rule/modsecurity.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/waf/waap_rule/modsecurity.go b/pkg/waf/waap_rule/modsecurity.go
index 7060ebf1f..1ac7486db 100644
--- a/pkg/waf/waap_rule/modsecurity.go
+++ b/pkg/waf/waap_rule/modsecurity.go
@@ -82,6 +82,10 @@ func (m *ModsecurityRule) generateRuleID(rule *CustomRule, waapRuleName string,
 func (m *ModsecurityRule) buildRules(rule *CustomRule, waapRuleName string, and bool, toSkip int, depth int) ([]string, error) {
 	ret := make([]string, 0)
 
+	if len(rule.And) != 0 && len(rule.Or) != 0 {
+		return nil, fmt.Errorf("cannot have both 'and' and 'or' in the same rule")
+	}
+
 	if rule.And != nil {
 		for c, andRule := range rule.And {
 			depth++