Update Regex util to support match limits

If the rx or rxGlobal operator encounters a regex error, the RX_ERROR and RX_ERROR_RULE_ID variables are set. RX_ERROR contains a simple error code which can be either OTHER or MATCH_LIMIT. RX_ERROR_RULE_ID unsurprisingly contains the ID of the rule associated with the error. More than one rule may encounter regex errors, but only the first error is reflected in these variables.
2025-11-16 09:31:53 +03:00 · 2022-03-22 11:16:22 -04:00
parent 7b1cf0e99e
commit 8c269d31c5
17 changed files with 7760 additions and 7359 deletions
--- a/src/variables/rx_error.h
+++ b/src/variables/rx_error.h
@@ -0,0 +1,39 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_RX_ERROR_H_
+#define SRC_VARIABLES_RX_ERROR_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace variables {
+
+
+DEFINE_VARIABLE(RxError, RX_ERROR, m_variableRxError)
+
+
+}  // namespace variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_RX_ERROR_H_
--- a/src/variables/rx_error_rule_id.h
+++ b/src/variables/rx_error_rule_id.h
@@ -0,0 +1,39 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+
+#ifndef SRC_VARIABLES_RX_ERROR_RULE_ID_H_
+#define SRC_VARIABLES_RX_ERROR_RULE_ID_H_
+
+#include "src/variables/variable.h"
+
+namespace modsecurity {
+
+class Transaction;
+namespace variables {
+
+
+DEFINE_VARIABLE(RxErrorRuleID, RX_ERROR_RULE_ID, m_variableRxErrorRuleID)
+
+
+}  // namespace variables
+}  // namespace modsecurity
+
+#endif  // SRC_VARIABLES_RX_ERROR_RULE_ID_H_
--- a/src/variables/variable.h
+++ b/src/variables/variable.h
@@ -282,6 +282,10 @@ class VariableMonkeyResolution {
                t->m_variableUrlEncodedError.evaluate(l);
            } else if (comp(variable, "USERID")) {
                t->m_variableUserID.evaluate(l);
+            } else if (comp(variable, "RX_ERROR")) {
+                t->m_variableRxError.evaluate(l);
+            } else if (comp(variable, "RX_ERROR_RULE_ID")) {
+                t->m_variableRxErrorRuleID.evaluate(l);
            } else {
                throw std::invalid_argument("Variable not found.");
            }
@@ -462,6 +466,10 @@ class VariableMonkeyResolution {
            } else if (comp(variable, "GLOBAL")) {
                vv = t->m_collections.m_global_collection->resolveFirst("",
                    t->m_collections.m_global_collection_key, t->m_rules->m_secWebAppId.m_value);
+            } else if (comp(variable, "RX_ERROR")) {
+                vv = t->m_variableRxError.resolveFirst();
+            } else if (comp(variable, "RX_ERROR_RULE_ID")) {
+                vv = t->m_variableRxErrorRuleID.resolveFirst();
            } else {
                throw std::invalid_argument("Variable not found.");
            }