Reverse logic of checking output in @inspectFile

defanator · Felipe Zimmerle · commit 138e301695d5 · 2018-03-22T23:06:30.000-03:00
This change makes @inspectFile in ModSecurity 3.x to operate in exact the same way as it operates in ModSecurity 2.x, so existing helper scripts like runav.pl [1] will work without any changes. [1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
diff --git a/src/operators/inspect_file.cc b/src/operators/inspect_file.cc
@@ -73,10 +73,11 @@ bool InspectFile::evaluate(Transaction *transaction, const std::string &str) {
         pclose(in);
 
         res.append(s.str());
-        if (res.size() > 1 && res.at(0) == '1') {
-            return true;
+        if (res.size() > 1 && res.at(0) != '1') {
+            return true; /* match */
         }
 
+        /* no match */
         return false;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -73,10 +73,11 @@ bool InspectFile::evaluate(Transaction *transaction, const std::string &str) {`
`73`	`73`	`pclose(in);`
`74`	`74`
`75`	`75`	`res.append(s.str());`
`76`		`- if (res.size() > 1 && res.at(0) == '1') {`
`77`		`- return true;`
	`76`	`+ if (res.size() > 1 && res.at(0) != '1') {`
	`77`	`+ return true; /* match */`
`78`	`78`	`}`
`79`	`79`
	`80`	`+ /* no match */`
`80`	`81`	`return false;`
`81`	`82`	`}`
`82`	`83`	`}`