Update Regex util to support match limits

If the rx or rxGlobal operator encounters a regex error, the RX_ERROR and RX_ERROR_RULE_ID variables are set. RX_ERROR contains a simple error code which can be either OTHER or MATCH_LIMIT. RX_ERROR_RULE_ID unsurprisingly contains the ID of the rule associated with the error. More than one rule may encounter regex errors, but only the first error is reflected in these variables.
2025-12-31 13:49:11 +03:00 · 2022-03-22 11:16:22 -04:00
parent 7b1cf0e99e
commit 8c269d31c5
17 changed files with 7760 additions and 7359 deletions
--- a/src/parser/location.hh
+++ b/src/parser/location.hh
@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.7.6.
+// A Bison parser, made by GNU Bison 3.8.2.

 // Locations for Bison parsers in C++

--- a/src/parser/position.hh
+++ b/src/parser/position.hh
@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.7.6.
+// A Bison parser, made by GNU Bison 3.8.2.

 // Starting with Bison 3.2, this file is useless: the structure it
 // used to define is now defined in "location.hh".
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -235,6 +235,8 @@ class Driver;
 #include "src/variables/response_protocol.h"
 #include "src/variables/response_status.h"
 #include "src/variables/rule.h"
+#include "src/variables/rx_error.h"
+#include "src/variables/rx_error_rule_id.h"
 #include "src/variables/server_addr.h"
 #include "src/variables/server_name.h"
 #include "src/variables/server_port.h"
@@ -411,6 +413,8 @@ using namespace modsecurity::operators;
  VARIABLE_RESPONSE_HEADERS_NAMES
  VARIABLE_RESPONSE_PROTOCOL    "RESPONSE_PROTOCOL"
  VARIABLE_RESPONSE_STATUS      "RESPONSE_STATUS"
+  VARIABLE_RX_ERROR             "RX_ERROR"
+  VARIABLE_RX_ERROR_RULE_ID     "RX_ERROR_RULE_ID"
  VARIABLE_SERVER_ADDR          "SERVER_ADDR"
  VARIABLE_SERVER_NAME          "SERVER_NAME"
  VARIABLE_SERVER_PORT          "SERVER_PORT"
@@ -1648,10 +1652,10 @@ expression:
        YYERROR;
 */
    | CONFIG_DIR_PCRE_MATCH_LIMIT
-/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
-        driver.error(@0, "SecPcreMatchLimit is not currently supported. Default PCRE values are being used for now");
-        YYERROR;
-*/
+      {
+        driver.m_pcreMatchLimit.m_set = true;
+        driver.m_pcreMatchLimit.m_value = atoi($1.c_str());
+      }
    | CONGIG_DIR_RESPONSE_BODY_MP
      {
        std::istringstream buf($1);
@@ -2477,6 +2481,14 @@ var:
      {
        VARIABLE_CONTAINER($$, new variables::ResponseStatus());
      }
+    | VARIABLE_RX_ERROR
+      {
+        VARIABLE_CONTAINER($$, new variables::RxError());
+      }
+    | VARIABLE_RX_ERROR_RULE_ID
+      {
+        VARIABLE_CONTAINER($$, new variables::RxErrorRuleID());
+      }
    | VARIABLE_SERVER_ADDR
      {
        VARIABLE_CONTAINER($$, new variables::ServerAddr());
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -231,6 +231,8 @@ VARIABLE_RESPONSE_CONTENT_TYPE            (?i:RESPONSE_CONTENT_TYPE)
 VARIABLE_RESPONSE_HEADERS_NAMES           (?i:RESPONSE_HEADERS_NAMES)
 VARIABLE_RESPONSE_PROTOCOL                (?i:RESPONSE_PROTOCOL)
 VARIABLE_RESPONSE_STATUS                  (?i:RESPONSE_STATUS)
+VARIABLE_RX_ERROR                         (?i:RX_ERROR)
+VARIABLE_RX_ERROR_RULE_ID                 (?i:RX_ERROR_RULE_ID)
 VARIABLE_SERVER_ADDR                      (?i:SERVER_ADDR)
 VARIABLE_SERVER_NAME                      (?i:SERVER_NAME)
 VARIABLE_SERVER_PORT                      (?i:SERVER_PORT)
@@ -959,6 +961,8 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_RESPONSE_HEADERS_NAMES}[:.]       { BEGINX(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_RESPONSE_HEADERS_NAMES(*driver.loc.back()); }
 {VARIABLE_RESPONSE_PROTOCOL}                { return p::make_VARIABLE_RESPONSE_PROTOCOL(*driver.loc.back()); }
 {VARIABLE_RESPONSE_STATUS}                  { return p::make_VARIABLE_RESPONSE_STATUS(*driver.loc.back()); }
+{VARIABLE_RX_ERROR}                         { return p::make_VARIABLE_RX_ERROR(*driver.loc.back()); }
+{VARIABLE_RX_ERROR_RULE_ID}                 { return p::make_VARIABLE_RX_ERROR_RULE_ID(*driver.loc.back()); }
 {VARIABLE_SERVER_ADDR}                      { return p::make_VARIABLE_SERVER_ADDR(*driver.loc.back()); }
 {VARIABLE_SERVER_NAME}                      { return p::make_VARIABLE_SERVER_NAME(*driver.loc.back()); }
 {VARIABLE_SERVER_PORT}                      { return p::make_VARIABLE_SERVER_PORT(*driver.loc.back()); }
--- a/src/parser/stack.hh
+++ b/src/parser/stack.hh
@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.7.6.
+// A Bison parser, made by GNU Bison 3.8.2.

 // Starting with Bison 3.2, this file is useless: the structure it
 // used to define is now defined with the parser itself.