feat: add check for TX.N usage without capture #87
Conversation
fzipi
force-pushed
the
feat/check-capture-tx
branch
from
f37a12e to
4d27a6e
Compare
fzipi
force-pushed
the
feat/check-capture-tx
branch
from
4d27a6e to
12b7080
Compare
|
Now that we fixed this upstream, can you take a look @airween ? |
There was a problem hiding this comment.
Pull request overview
This PR adds a new linter check to detect usage of TX.N (captured transaction variables TX:0 through TX:9) without a corresponding capture action in ModSecurity rules. The check extends beyond the existing functionality that only checked TX.N as rule targets to also detect TX.N in action arguments (msg, logdata, setvar, tag) and operator arguments.
Key changes:
- Enhanced the capture check to detect TX.N references in variable expansions like
%{TX.1}in addition to target references likeTX:1 - Added comprehensive test coverage for different TX.N usage scenarios
- Fixed a bug in
variables_usage.pywherere.Iwas incorrectly passed as a positional argument tore.sub()
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
src/crs_linter/rules/check_capture.py |
Enhanced capture check to detect TX.N in expansions (%{TX.N}), operator arguments, and action arguments (msg, logdata, setvar, tag) |
tests/test_check_capture.py |
Added comprehensive test suite with 13 test cases covering various TX.N usage scenarios including valid and invalid cases |
README.md |
Updated documentation to reflect the expanded scope of the capture check with examples |
src/crs_linter/rules/variables_usage.py |
Fixed incorrect regex flag usage by using flags= keyword argument |
.github/workflows/test.yml |
Updated CRS version from 4.18.0 to 4.21.0 for testing |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Ugh, last change broke it. |
|
@copilot Your previous suggestion broke the tests. Take a look at: https://github.com/coreruleset/crs-linter/actions/runs/20751085465/job/59580380141?pr=87 |
fzipi
force-pushed
the
feat/check-capture-tx
branch
from
ce38235 to
08deeec
Compare
Signed-off-by: Felipe Zipitria <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Add test case that covers scenario where TX.N appears both as a target variable and in an expansion (e.g., in msg or logdata) within same rule. This test would have caught the bug where use_captured_var_in_expansion was not set correctly when use_captured_var was already True. Also fix the bug by moving use_captured_var_in_expansion assignment outside the guard condition, following the same pattern as c598d31. Co-authored-by: fzipi <[email protected]>
Co-authored-by: fzipi <[email protected]>
Signed-off-by: Felipe Zipitria <[email protected]>
Signed-off-by: Felipe Zipitria <[email protected]>
fzipi
force-pushed
the
feat/check-capture-tx
branch
from
08deeec to
03214f6
Compare
feat: add check for TX.N usage without capture Signed-off-by: Felipe Zipitria <[email protected]>
what
capturewhy
refs
Fixes #69.