Merge pull request #1620 from NullIsNot0/v3.3/dev

airween · web-flow · commit b8ce5e422730 · 2019-11-13T09:06:33.000+01:00
Rule: 920480. Make rx recognize charset with quotes
diff --git a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
@@ -949,7 +949,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \
 #
 # Restrict charset parameter within the content-type header
 #
-SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*([^;\s]+)" \
+SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*[\"']?([^;\"'\s]+)" \
     "id:920480,\
     phase:1,\
     block,\
diff --git a/util/regression-tests/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml b/util/regression-tests/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml
@@ -191,4 +191,46 @@
     #               Content-Type: "application/x-www-form-urlencoded;charset=ibm037;charset=UTF-8" #double charset may cause evasion
     #           data: "test=value"
     #         output:
-    #           log_contains: "id \"920480\""
+    #           log_contains: "id \"920480\""
+    - test_title: 920480-14
+      stages:
+        - stage:
+            input:
+              dest_addr: "127.0.0.1"
+              port: 80
+              method: "POST"
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: "application/x-www-form-urlencoded; charset=\"utf-8\"" # random other IBM charset
+              data: "test=value"
+            output:
+              no_log_contains: "id \"920480\""
+    - test_title: 920480-15
+      stages:
+        - stage:
+            input:
+              dest_addr: "127.0.0.1"
+              port: 80
+              method: "POST"
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: "application/x-www-form-urlencoded; charset='utf-8'" # random other IBM charset
+              data: "test=value"
+            output:
+              no_log_contains: "id \"920480\""
+    - test_title: 920480-16
+      stages:
+        - stage:
+            input:
+              dest_addr: "127.0.0.1"
+              port: 80
+              method: "POST"
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: "application/x-www-form-urlencoded; charset=\"garbage\"" # random other IBM charset
+              data: "test=value"
+            output:
+              log_contains: "id \"920480\""

Original file line number	Diff line number	Diff line change
`@@ -949,7 +949,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \`
`949`	`949`	`#`
`950`	`950`	`# Restrict charset parameter within the content-type header`
`951`	`951`	`#`
`952`		`-SecRule REQUEST_HEADERS:Content-Type "@rx charset\s=\s([^;\s]+)" \`
	`952`	`+SecRule REQUEST_HEADERS:Content-Type "@rx charset\s=\s[\"']?([^;\"'\s]+)" \`
`953`	`953`	`"id:920480,\`
`954`	`954`	`phase:1,\`
`955`	`955`	`block,\`