From 73d478f3513e64dfb1204efbec8d919b582a847e Mon Sep 17 00:00:00 2001
From: Sebastien Blot <sebastien@crowdsec.net>
Date: Tue, 16 Jan 2024 11:38:28 +0100
Subject: [PATCH] expose HasMatches bool in posteval hook

---
 pkg/appsec/appsec.go      | 8 ++++----
 pkg/appsec/waf_helpers.go | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkg/appsec/appsec.go b/pkg/appsec/appsec.go
index 011b371f7..b4110621d 100644
--- a/pkg/appsec/appsec.go
+++ b/pkg/appsec/appsec.go
@@ -39,7 +39,7 @@ func (h *Hook) Build(hookStage int) error {
 	case hookPreEval:
 		ctx = GetPreEvalEnv(&AppsecRuntimeConfig{}, &ParsedRequest{})
 	case hookPostEval:
-		ctx = GetPostEvalEnv(&AppsecRuntimeConfig{}, &ParsedRequest{})
+		ctx = GetPostEvalEnv(&AppsecRuntimeConfig{}, &ParsedRequest{}, false)
 	case hookOnMatch:
 		ctx = GetOnMatchEnv(&AppsecRuntimeConfig{}, &ParsedRequest{}, types.Event{})
 	}
@@ -370,10 +370,10 @@ func (w *AppsecRuntimeConfig) ProcessPreEvalRules(request *ParsedRequest) error
 	return nil
 }
 
-func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error {
+func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest, hasMatches bool) error {
 	for _, rule := range w.CompiledPostEval {
 		if rule.FilterExpr != nil {
-			output, err := exprhelpers.Run(rule.FilterExpr, GetPostEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel)
+			output, err := exprhelpers.Run(rule.FilterExpr, GetPostEvalEnv(w, request, hasMatches), w.Logger, w.Logger.Level >= log.DebugLevel)
 			if err != nil {
 				return fmt.Errorf("unable to run appsec post_eval filter %s : %w", rule.Filter, err)
 			}
@@ -390,7 +390,7 @@ func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error
 		}
 		// here means there is no filter or the filter matched
 		for _, applyExpr := range rule.ApplyExpr {
-			_, err := exprhelpers.Run(applyExpr, GetPostEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel)
+			_, err := exprhelpers.Run(applyExpr, GetPostEvalEnv(w, request, hasMatches), w.Logger, w.Logger.Level >= log.DebugLevel)
 			if err != nil {
 				log.Errorf("unable to apply appsec post_eval expr: %s", err)
 				continue
diff --git a/pkg/appsec/waf_helpers.go b/pkg/appsec/waf_helpers.go
index 3d9a96a0d..076c14af8 100644
--- a/pkg/appsec/waf_helpers.go
+++ b/pkg/appsec/waf_helpers.go
@@ -35,12 +35,13 @@ func GetPreEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]in
 	}
 }
 
-func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{} {
+func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest, hasMatches bool) map[string]interface{} {
 	return map[string]interface{}{
 		"IsInBand":    request.IsInBand,
 		"IsOutBand":   request.IsOutBand,
 		"DumpRequest": request.DumpRequest,
 		"req":         request.HTTPRequest,
+		"HasMatches":  hasMatches,
 	}
 }