Minor changes

src/condition/shi_detector.cpp

@@ -16,11 +16,15 @@ namespace ddwaf {
 
 namespace {
 
-using shi_result = std::optional<std::pair<std::string, std::vector<std::string>>>;
-
-shi_result shi_string_impl(std::string_view resource, std::vector<shell_token> &resource_tokens,
-    const ddwaf_object &params, const exclusion::object_set_ref &objects_excluded,
-    const object_limits &limits, ddwaf::timer &deadline)
+struct shi_result {
+    std::string value;
+    std::vector<std::string> key_path;
+};
+
+std::optional<shi_result> shi_string_impl(std::string_view resource,
+    std::vector<shell_token> &resource_tokens, const ddwaf_object &params,
+    const exclusion::object_set_ref &objects_excluded, const object_limits &limits,
+    ddwaf::timer &deadline)
 {
     object::kv_iterator it(&params, {}, objects_excluded, limits);
     for (; it; ++it) {

src/tokenizer/shell.cpp

@@ -40,15 +40,21 @@ namespace {
 re2::RE2 redirection_regex(
     R"((&>>?|(?:[0-9]*>(?:\||>|&[0-9]*-?)?)|(?:[0-9]*<(?:<(?:-|<)?|&[0-9]*-?|>)?)))");
 
+// Valid characters in a variable name
 bool is_var_char(char c) { return ddwaf::isalnum(c) || c == '_'; }
 
+// This functions returns true for any character which could potentially belong to a field and has
+// no secondary meaning, for example, the { character could be part of a field, but it might also
+// have a secondary meaning (command grouping), hence it allows us to attempt to match a potentially
+// different token if applicable.
 bool is_field_char(char c)
 {
     return c != '`' && c != '$' && c != '{' && c != '}' && c != '[' && c != ']' && c != '(' &&
            c != ')' && c != '\'' && c != '"' && c != '#' && c != '=' && c != '|' && c != '<' &&
            c != '>' && c != ';' && c != '&' && c != '\n' && c != '\t' && c != ' ';
 }
 
+// Characters used to represent a space
 bool is_space_char(char c) { return c == ' ' || c == '\t'; }
 
 void find_executables_and_strip_whitespaces(std::vector<shell_token> &tokens)