owasp-modsecurity
Problem in retrieving collections from Persistant Storage
In collection_retrieve_ex(), we check if a key exist with the name "KEY": if (apr_table_get(col, "KEY") == NULL) ...
In collection_store(), we store the key with the name "__KEY": var_key = (msc_string *)apr_table_get(col, "__key");
Can somebody explain the logic? I had problems when loading the IP collection - values were not correct. By using "__KEY" at both places, everything works smoothly.
Can anyone answer this? It's running smoothly in prod in 20+ WAF for 6 months, so it may worth checking as it could impede the security (incorrect counters) ...
Hi @marcstern ,
If this is still of interest to you, can you explain more fully what problem you experienced?
For example, you say "I had problems ... values were not correct". Can you provide steps to reproduce along with expected value(s) and value(s) actually seen?
Sorry, I didn't get the first notification.
The code changed in 4 years and the problem potentially partly disappeared, although it's not totally clear.
The problem was that stored collections were not (always) retrieved. There's a kind of hack with the "KEY" key in order to be able to delete a collection but still refer to it in some processes (cleanup?). The result is that you have 2 ways to get a collection, by using "__KEY" & "KEY" and the code uses these 2 ways in a potentially inconsistent way. Most of the times, it's OK because it's the same collection but, sometimes (I guess it's based on the access time), it doesn't behave exactly the same way.
To be honest, I never understood completely this hack; i think it would be very handy to document it if somebody understands it correctly.
In that case I'm going to go ahead and close this.
If you do identify a use case with a problem, feel free to open an issue for it. If you do so, be sure to use the issue template and include as much pertinent information as possible -- especially steps to reproduce.