From 2f5a6fbb4f537bf78f0c4cfca7633a98a98d4e82 Mon Sep 17 00:00:00 2001
From: Sebastien Blot <sebastien@crowdsec.net>
Date: Mon, 24 Jul 2023 15:22:44 +0200
Subject: [PATCH] wip

---
 pkg/acquisition/modules/waf/utils.go | 4 ++--
 pkg/types/event.go                   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/acquisition/modules/waf/utils.go b/pkg/acquisition/modules/waf/utils.go
index 49c5bf71f..0e13abaf3 100644
--- a/pkg/acquisition/modules/waf/utils.go
+++ b/pkg/acquisition/modules/waf/utils.go
@@ -42,7 +42,7 @@ func EventFromRequest(r waf.ParsedRequest) (types.Event, error) {
 		Src:     "waf",
 		Raw:     "dummy-waf-data", //we discard empty Line.Raw items :)
 	}
-	evt.Waap = []map[string]interface{}{}
+	evt.Waap = types.WaapEvent{}
 
 	return evt, nil
 }
@@ -106,7 +106,7 @@ func (r *WafRunner) AccumulateTxToEvent(tx experimental.FullTransaction, kind st
 			"msg":        rule.Message(),
 			"severity":   rule.Rule().Severity().String(),
 		}
-		evt.Waap = append(evt.Waap, corazaRule)
+		evt.Waap.MatchedRules = append(evt.Waap.MatchedRules, corazaRule)
 	}
 
 	return nil
diff --git a/pkg/types/event.go b/pkg/types/event.go
index 0405c3466..0709e06a7 100644
--- a/pkg/types/event.go
+++ b/pkg/types/event.go
@@ -67,7 +67,7 @@ func (w WaapEvent) GetVar(varName string) string {
 		if w.Vars[parsed[0]] == "" {
 			return ""
 		}
-		return w.Vars[parsed[0]][parsed[1]]
+		//return w.Vars[parsed[0]][parsed[1]]
 	}
 	log.Warningf("invalid variable name %s", varName)
 	return ""