Support pipes inside quoted variable selection

As of #1591 the pipe support was disable in the general selection which was also affecting the quoted selection. This pactch adds the support for pipes inside the quoted selection only.
2025-08-13 13:26:01 +03:00 · 2017-10-20 11:02:42 -03:00 · 2017-10-20 11:02:42 -03:00 · 93e18ca5ea
commit 93e18ca5ea
parent 34e8b140e5
3 changed files with 3040 additions and 3007 deletions
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -846,8 +846,8 @@ EQUALS_MINUS                            (?i:=\-)
 <EXPECTING_VAR_PARAMETER>{
 [\/]{DICT_ELEMENT_NO_PIPE}[\/][ ]         { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
 [\/]{DICT_ELEMENT_NO_PIPE}[\/][|]         { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
-['][\/]{DICT_ELEMENT_NO_PIPE}[\/][']      { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 0); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
-['][\/]{DICT_ELEMENT_NO_PIPE}[\/]['][|]   { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
+['][\/]{DICT_ELEMENT_WITH_PIPE}[\/][']      { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 0); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
+['][\/]{DICT_ELEMENT_WITH_PIPE}[\/]['][|]   { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 2, yyleng-4), *driver.loc.back()); }
 {DICT_ELEMENT}                            { BEGIN(EXPECTING_VARIABLE); return p::make_DICT_ELEMENT(yytext, *driver.loc.back()); }

 [\/]{DICT_ELEMENT_NO_PIPE}[\/][,]         { BEGIN(EXPECTING_VARIABLE); yyless(yyleng - 1); return p::make_DICT_ELEMENT_REGEXP(std::string(yytext, 1, yyleng-2), *driver.loc.back()); }
--- a/test/test-cases/regression/issue-1591.json
+++ b/test/test-cases/regression/issue-1591.json
@ -3,7 +3,7 @@
  "enabled": 1,
  "version_min": 209000,
  "version_max": -1,
-  "title": "Regular expressions in rule targets not respected (1/2)",
+  "title": "Regular expressions in rule targets not respected (1/3)",
  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1591",
  "gihub_issue": 394,
  "client": {
@ -42,7 +42,7 @@
  "enabled": 1,
  "version_min": 209000,
  "version_max": -1,
-  "title": "Regular expressions in rule targets not respected (2/2)",
+  "title": "Regular expressions in rule targets not respected (2/3)",
  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1591",
  "gihub_issue": 394,
  "client": {
@ -76,6 +76,44 @@
    "SecRuleEngine On",
    "SecRule REQUEST_COOKIES \"321\" \"id:1,log\""
  ]
+},
+{
+  "enabled": 1,
+  "version_min": 209000,
+  "version_max": -1,
+  "title": "Regular expressions in rule targets not respected (3/3)",
+  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1591",
+  "gihub_issue": 394,
+  "client": {
+    "ip": "200.249.12.31",
+    "port": 2313
+  },
+  "server": {
+    "ip": "200.249.12.31",
+    "port": 80
+  },
+  "request": {
+    "headers":{
+      "Host":"localhost",
+      "User-Agent":"curl/7.38.0",
+      "Accept":"*/*",
+      "Content-Length": "1539",
+      "Cookie": "__utma=1.32168570.12572608.1259628772.2&__utmb=1.4.10.1259628772&"
+    },
+    "body": "",
+    "method": "GET",
+    "http_version": 1.1
+  },
+  "response": {
+    "headers": "",
+    "body": ""
+  },
+  "expected": {
+    "debug_log": "Variable: REQUEST_HEADERS:Content-Length"
+  },
+  "rules": [
+    "SecRuleEngine On",
+    "SecRule REQUEST_HEADERS:'/(Content-Length|Transfer-Encoding)/' \"321\" \"id:1,log\""
+  ]
 }
-
 ]