fix(rbl): typo in rbl check selector

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

7.67k stars 1.54k forks source link

fix(rbl): typo in rbl check selector #3127

Closed fzipi closed 3 weeks ago

fzipi commented 3 weeks ago

Fixes rbl provider always using httpbl

sonarcloud[bot] commented 3 weeks ago

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

airween commented 3 weeks ago

Hi @fzipi, thanks for this patch!

You are definitely right, that's a typo.

And it's relevant here, where the mentioned argument is used, and this is where the decision is made. It's clearly visible that the method runs the same block, no matter what is the operator argument.

I wasn't able to check the issue #3111 so I don't know whether this solves or not, but I'm going to merge this PR now.

Thanks again!

fzipi commented 3 weeks ago

I think this only solves getting additional information from the provider in https://github.com/owasp-modsecurity/ModSecurity/blob/6217b4ec1eb7bce6d48716842d904caafc99c8ec/src/operators/rbl.cc#L182 method. The DNS query is not changed.