[appsec] implement count transformation (#2698)

* implement count transfo
2024-01-12 14:30:08 +01:00 · 2024-01-12 14:30:08 +01:00 · 896dfefcdf
parent 6960419a2e
commit 896dfefcdf
2 changed files with 24 additions and 1 deletions
--- a/pkg/appsec/appsec_rule/modsec_rule_test.go
+++ b/pkg/appsec/appsec_rule/modsec_rule_test.go
@ -8,6 +8,16 @@ func TestVPatchRuleString(t *testing.T) {
 		rule     CustomRule
 		expected string
 	}{
+		{
+			name: "Collection count",
+			rule: CustomRule{
+				Zones:     []string{"ARGS"},
+				Variables: []string{"foo"},
+				Match:     match{Type: "eq", Value: "1"},
+				Transform: []string{"count"},
+			},
+			expected: `SecRule &ARGS_GET:foo "@eq 1" "id:853070236,phase:2,deny,log,msg:'Collection count',tag:'crowdsec-Collection count'"`,
+		},
 		{
 			name: "Base Rule",
 			rule: CustomRule{
--- a/pkg/appsec/appsec_rule/modsecurity.go
+++ b/pkg/appsec/appsec_rule/modsecurity.go
@ -122,6 +122,16 @@ func (m *ModsecurityRule) buildRules(rule *CustomRule, appsecRuleName string, an
 		return ret, nil
 	}

+	zone_prefix := ""
+	variable_prefix := ""
+	if rule.Transform != nil {
+		for tidx, transform := range rule.Transform {
+			if transform == "count" {
+				zone_prefix = "&"
+				rule.Transform[tidx] = ""
+			}
+		}
+	}
 	for idx, zone := range rule.Zones {
 		if idx > 0 {
 			r.WriteByte('|')
@ -137,7 +147,7 @@ func (m *ModsecurityRule) buildRules(rule *CustomRule, appsecRuleName string, an
 				if j > 0 {
 					r.WriteByte('|')
 				}
-				r.WriteString(fmt.Sprintf("%s:%s", mappedZone, variable))
+				r.WriteString(fmt.Sprintf("%s%s:%s%s", zone_prefix, mappedZone, variable_prefix, variable))
 			}
 		}
 	}
@ -160,6 +170,9 @@ func (m *ModsecurityRule) buildRules(rule *CustomRule, appsecRuleName string, an

 	if rule.Transform != nil {
 		for _, transform := range rule.Transform {
+			if transform == "" {
+				continue
+			}
 			r.WriteByte(',')
 			if mappedTransform, ok := transformMap[transform]; ok {
 				r.WriteString(mappedTransform)