From: Willy Tarreau Date: Mon, 4 Nov 2013 17:09:12 +0000 (+0100) Subject: MINOR: acl: add a warning when an ACL keyword is used without any value X-Git-Tag: v1.5-dev20~250 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c3dfd5c618cd18382b33091f10465792758f162;p=thirdparty%2Fhaproxy.git MINOR: acl: add a warning when an ACL keyword is used without any value It's quite common to write directives like the following : tcp-request reject if WAIT_END { sc0_inc_gpc0 } This one will never reject, because sc0_inc_gpc0 is provided no value to compare against. The proper form should have been something like this : tcp-request reject if WAIT_END { sc0_inc_gpc0 gt 0 } or : tcp-request reject if WAIT_END { sc0_inc_gpc0 -m found } Now we detect the absence of any argument on the command line and emit a warning suggesting alternatives or the use of "--" to really avoid matching anything (might be used when debugging). --- diff --git a/src/acl.c b/src/acl.c index 4d7216f178..0920a9ea68 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1146,6 +1146,17 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * } } + /* Additional check to protect against common mistakes */ + if (expr->parse && expr->smp->out_type != SMP_T_BOOL && !*args[1]) { + Warning("parsing acl keyword '%s' :\n" + " no pattern to match against were provided, so this ACL will never match.\n" + " If this is what you intended, please add '--' to get rid of this warning.\n" + " If you intended to match only for existence, please use '-m found'.\n" + " If you wanted to force an int to match as a bool, please use '-m bool'.\n" + "\n", + args[0]); + } + args++; /* check for options before patterns. Supported options are :