Check if response body inspection is enabled before process it

CHANGES

@@ -1,6 +1,8 @@
 v3.0.3 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Checks if response body inspection is enabled before process it
+   [Issue #1643 - @zoltan-fedor, @dennus, @defanator, @zimmerle]
  - processContentOffset Cleanup
    [Issue #1757 - @p0pr0ck5]
  - Fix setvar parsing of quoted data

src/transaction.cc

@@ -1093,6 +1093,13 @@ int Transaction::processResponseBody() {
         return true;
     }
 
+    if (m_rules->m_secResponseBodyAccess != RulesProperties::TrueConfigBoolean) {
+#ifndef NO_LOGS
+        debug(4, "Response body is disabled, returning... " + std::to_string(m_rules->m_secResponseBodyAccess));
+#endif
+        return true;
+    }
+
     std::set<std::string> &bi = \
         m_rules->m_responseBodyTypeToBeInspected.m_value;
     auto t = bi.find(m_variableResponseContentType.m_value);

test/test-cases/regression/actions.json

@@ -55,6 +55,7 @@
     },
     "rules": [
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecRule ARGS \"@contains test\" \"id:1,t:trim,deny\""
     ]
   },
@@ -352,6 +353,7 @@
     },
     "rules": [
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecRule ARGS \"@contains test\" \"id:1,phase:4,t:trim,status:500,deny\""
     ]
   }

test/test-cases/regression/config-calling_phases_by_name.json

@@ -77,6 +77,7 @@
       "SecRuleEngine On",
       "SecRule ARGS:key \"@contains other_value\" \"chain,pass,phase:response,id:28\"",
       "SecRule MATCHED_VAR \"@contains Aasdf\" \"\"",
+      "SecResponseBodyAccess On",
       "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,phase:response,pass\"",
       "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,phase:response,pass\""
     ]

test/test-cases/regression/config-response_type.json

@@ -35,6 +35,7 @@
     },
     "rules":[
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecResponseBodyMimeType text\/plain text\/html text\/xml",
       "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\""
     ]
@@ -75,6 +76,7 @@
     },
     "rules":[
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecResponseBodyMimeType application\/something",
       "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\""
     ]
@@ -115,6 +117,7 @@
     },
     "rules":[
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecResponseBodyMimeType text\/plain text\/tml text\/xml",
       "SecResponseBodyMimeTypesClear",
       "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\""

test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json

@@ -35,6 +35,7 @@
     },
     "rules":[  
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecRule OUTBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:4,pass,t:trim\""
     ]
   },
@@ -108,6 +109,7 @@
     },
     "rules":[  
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecResponseBodyLimit 2",
       "SecRule OUTBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:4,pass,t:trim\""
     ]

test/test-cases/regression/variable-RESPONSE_BODY.json

@@ -28,6 +28,7 @@
     },
     "rules":[
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecRule RESPONSE_BODY \"@contains denystring\" \"id:1,phase:4,deny\""
     ]
   }

test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json

@@ -36,6 +36,7 @@
     },
     "rules":[  
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecRule RESPONSE_CONTENT_LENGTH \"@contains test \" \"id:1,phase:4,pass,t:trim\""
     ]
   }

test/test-cases/regression/variable-TX.json

@@ -37,6 +37,7 @@
     },
     "rules":[
       "SecRuleEngine On",
+      "SecResponseBodyAccess On",
       "SecRequestBodyAccess On",
       "SecRule RESPONSE_BODY \"@rx ([0-9]+)\" \"id:1,phase:4,capture,id:105\"",
       "SecRule TX \"@rx ([A-z]+)\" \"phase:4,id:106\""