negative lookup on the key name instead of COLLECTION:key

Author: zimmerle

src/rule.cc

@@ -699,7 +699,7 @@ bool Rule::evaluate(Transaction *trans,
             const std::string &value = v->getValue();
             const std::string &key = v->getKeyWithCollection();
 
-            if (exclusion.contains(v->getKeyWithCollection()) ||
+            if (exclusion.contains(v->getKey()) ||
                 std::find_if(trans->m_ruleRemoveTargetById.begin(),
                     trans->m_ruleRemoveTargetById.end(),
                     [&, v, this](std::pair<int, std::string> &m) -> bool {
@@ -710,7 +710,7 @@ bool Rule::evaluate(Transaction *trans,
                 v = NULL;
                 continue;
             }
-            if (exclusion.contains(v->getKeyWithCollection()) ||
+            if (exclusion.contains(v->getKey()) ||
                 std::find_if(trans->m_ruleRemoveTargetByTag.begin(),
                     trans->m_ruleRemoveTargetByTag.end(),
                     [&, v, trans, this](std::pair<std::string, std::string> &m) -> bool {

test/test-cases/regression/config-update-target-by-tag.json

@@ -2,7 +2,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"SecRuleUpdateTargetByTag (1/4)",
+    "title":"SecRuleUpdateTargetByTag (1/6)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -42,7 +42,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"SecRuleUpdateTargetByTag (2/4)",
+    "title":"SecRuleUpdateTargetByTag (2/6)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -82,7 +82,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"SecRuleUpdateTargetByTag (3/4)",
+    "title":"SecRuleUpdateTargetByTag (3/6)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -122,7 +122,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"SecRuleUpdateTargetByTag (4/4)",
+    "title":"SecRuleUpdateTargetByTag (4/6)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -158,5 +158,85 @@
       "SecRuleUpdateTargetByTag test !ARGS:/ke/",
       "SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
     ]
+  },
+  {
+       "enabled":1,
+       "version_min":300000,
+       "title":"SecRuleUpdateTargetByTag Test (5/6) Regex with match anchored at beginning of Subject",
+       "client":{
+         "ip":"200.249.12.31",
+         "port":123
+       },
+       "server":{
+         "ip":"200.249.12.31",
+         "port":80
+       },
+       "request":{
+         "headers":{
+              "Host":"localhost",
+              "User-Agent":"curl/7.38.0",
+              "Accept":"*/*"
+         },
+         "uri":"/?key=value&ref=something",
+         "method":"GET"
+       },
+       "response":{
+         "headers":{
+              "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+              "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+              "Content-Type":"text/html"
+         },
+         "body":[
+              "no need."
+         ]
+       },
+       "expected":{
+         "http_code": 200
+       },
+       "rules":[
+         "SecRuleEngine On",
+         "SecRuleUpdateTargetByTag test !ARGS:'/(?!ref)/'",
+         "SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\""
+       ]
+  },
+  {
+       "enabled":1,
+       "version_min":300000,
+       "title":"SecRuleUpdateTargetByTag Test (6/6) Regex with match anchored at beginning of Subject",
+       "client":{
+         "ip":"200.249.12.31",
+         "port":123
+       },
+       "server":{
+         "ip":"200.249.12.31",
+         "port":80
+       },
+       "request":{
+         "headers":{
+              "Host":"localhost",
+              "User-Agent":"curl/7.38.0",
+              "Accept":"*/*"
+         },
+         "uri":"/?key=value&ref=something",
+         "method":"GET"
+       },
+       "response":{
+         "headers":{
+              "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+              "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+              "Content-Type":"text/html"
+         },
+         "body":[
+              "no need."
+         ]
+       },
+       "expected":{
+         "http_code": 200
+       },
+       "rules":[
+         "SecRuleEngine On",
+         "SecRuleUpdateTargetByTag test !ARGS:'/^ref/'",
+         "SecRule ARGS \"@contains something\" \"id:1,pass,t:trim,tag:'test',deny\""
+       ]
   }
 ]