String action = defaultDirective;
if (directive != null && directive.getDirective() != null)
action = directive.getDirective();
SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
String vulnType = vulnerability.getGenericVulnerability().getName();
// Check if the vuln is supported
if (!stringInList(vulnType, getSupportedVulnerabilityTypes()))
return null;
String vulnUrl = surfaceLocation.getPath();
// TODO remove this, it should be unnecessary.
String param = null;
if (surfaceLocation.getParameter() != null && !surfaceLocation.getParameter().isEmpty())
param = surfaceLocation.getParameter().replaceFirst("param=", "");
String rule = generateRuleText(vulnType, vulnUrl, action, currentId.toString(), param, vulnerability);
if (rule != null) {
WafRule newRule = new WafRule();