# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1479570752 0
# Node ID 00eed68f63bf2f19660968a0f984a0b5cb61dc82
# Parent  c0c2f8665c3ef44016491a987f51c74376a2863b
mod_firewall: INSPECT: support for literal substring search and expressions

diff -r c0c2f8665c3e -r 00eed68f63bf mod_firewall/conditions.lib.lua
--- a/mod_firewall/conditions.lib.lua	Sat Nov 19 15:47:41 2016 +0000
+++ b/mod_firewall/conditions.lib.lua	Sat Nov 19 15:52:32 2016 +0000
@@ -111,14 +111,23 @@
 
 function condition_handlers.INSPECT(path)
 	if path:find("=") then
-		local query, is_pattern_match, value = path:match("(.-)(~?)=(.*)");
+		local query, match_type, value = path:match("(.-)([~/$]*)=(.*)");
 		if not(query:match("#$") or query:match("@[^/]+")) then
 			error("Stanza path does not return a string (append # for text content or @name for value of named attribute)", 0);
 		end
-		if is_pattern_match ~= "" then
-			return ("(stanza:find(%q) or ''):match(%q)"):format(path:match("(.-)~=(.*)"));
+		local quoted_value = ("%q"):format(value);
+		if match_type:find("$", 1, true) then
+			match_type = match_type:gsub("%$", "");
+			quoted_value = meta(quoted_value);
+		end
+		if match_type == "~" then -- Lua pattern match
+			return ("(stanza:find(%q) or ''):match(%s)"):format(query, quoted_value);
+		elseif match_type == "/" then -- find literal substring
+			return ("(stanza:find(%q) or ''):find(%s, 1, true)"):format(query, quoted_value);
+		elseif match_type == "" then -- exact match
+			return ("stanza:find(%q) == %s"):format(query, quoted_value);
 		else
-			return ("stanza:find(%q) == %q"):format(path:match("(.-)=(.*)"));
+			error("Unrecognised comparison '"..match_type.."='", 0);
 		end
 	end
 	return ("stanza:find(%q)"):format(path);