From d875738bdbb0d1bf0e9432c428cfeabccb1a711a Mon Sep 17 00:00:00 2001
From: Brandon Payton <brandon@happycode.net>
Date: Tue, 11 Apr 2023 13:30:56 -0400
Subject: [PATCH] Add PCRE error tests for rx operator

---
 test/test-cases/regression/operator-rx.json | 90 +++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/test/test-cases/regression/operator-rx.json b/test/test-cases/regression/operator-rx.json
index f0a4957a..4ae2b2f0 100644
--- a/test/test-cases/regression/operator-rx.json
+++ b/test/test-cases/regression/operator-rx.json
@@ -127,5 +127,95 @@
       "SecRuleEngine On",
       "SecRule REQUEST_HEADERS:Content-Type \"@rx a(b\" \"id:1,phase:2,pass,t:trim,block\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @rx with PCRE error",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/?rxtest=wwwwwwwwwwwwwwwwwwwwwowwwwwwwwwww",
+      "method":"HEAD",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"rx: regex error 'MATCH_LIMIT' for pattern",
+      "error_log":"Matched \"Operator `StrEq' with parameter `1' against variable `MSC_PCRE_ERROR'"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecPcreMatchLimit 2",
+      "SecRule ARGS:rxtest \"@rx (w+)+$\" \"id:1,phase:1,pass,t:trim,block\"",
+      "SecRule MSC_PCRE_ERROR \"@streq 1\" \"id:2,phase:1,pass,t:trim,block\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Operator :: @rx with PCRE match limits exceeded",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length": "27",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      "uri":"/?rxtest=wwwwwwwwwwwwwwwwwwwwwowwwwwwwwwww",
+      "method":"HEAD",
+      "body": [ ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"rx: regex error 'MATCH_LIMIT' for pattern",
+      "error_log":"Matched \"Operator `StrEq' with parameter `1' against variable `MSC_PCRE_LIMITS_EXCEEDED'"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecPcreMatchLimit 2",
+      "SecRule ARGS:rxtest \"@rx (w+)+$\" \"id:1,phase:1,pass,t:trim,block\"",
+      "SecRule MSC_PCRE_LIMITS_EXCEEDED \"@streq 1\" \"id:2,phase:1,pass,t:trim,block\""
+    ]
   }
 ]