Rearange characters and add positive and negative test cases.

nerrehmit · nerrehmit · commit e546c51bbc71 · 2019-09-20T22:23:05.000+02:00
Moved the dash to the end of the character set to avoid escaping it.
Added test with all the new characters and a test for multiple whitespaces.
Allowed a previously blocked charset.
diff --git a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
@@ -867,7 +867,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \
 # - text/plain; charset="UTF-8"
 # - multipart/form-data; boundary=----WebKitFormBoundary12345
 #
-SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.\-+]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['\"\w.\-()+,/:=?]+)?$" \
+SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+-]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['\"\w.()+,/:=?-]+)?$" \
     "id:920470,\
     phase:1,\
     block,\
diff --git a/util/regression-tests/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml b/util/regression-tests/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml
@@ -43,7 +43,7 @@
                   Content-Type: 'text/plain; charset=/gar/bage'
                   Content-Length: 0
             output:
-              log_contains: "id \"920470\""
+              no_log_contains: "id \"920470\""
     - test_title: 920470-4
       stages:
         - stage:
@@ -126,4 +126,46 @@
                   Content-Type: 'multipart/form-data; boundary=----formdata-polyfill-0.40616634299_704013'
                   Content-Length: 0
             output:
-              no_log_contains: "id \"920470\""
+              no_log_contains: "id \"920470\""
+    - test_title: 920470-10
+      stages:
+        - stage:
+            input:
+              dest_addr: 127.0.0.1
+              port: 80
+              method: POST
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: 'multipart/mixed; boundary=-----boundary_data:55780(123,45:667)+part'
+                  Content-Length: 0
+            output:
+              no_log_contains: "id \"920470\""
+    - test_title: 920470-11
+      stages:
+        - stage:
+            input:
+              dest_addr: 127.0.0.1
+              port: 80
+              method: POST
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: 'multipart/mixed; boundary= gc0p4Jq0M2Yt,08/jU534c0p?==:test'
+                  Content-Length: 0
+            output:
+              no_log_contains: "id \"920470\""
+    - test_title: 920470-12
+      stages:
+        - stage:
+            input:
+              dest_addr: 127.0.0.1
+              port: 80
+              method: POST
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: 'multipart/form-data; boundary=  test_data_123456'
+                  Content-Length: 0
+            output:
+              log_contains: "id \"920470\""

Original file line number	Diff line number	Diff line change
`@@ -867,7 +867,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \`
`867`	`867`	`# - text/plain; charset="UTF-8"`
`868`	`868`	`# - multipart/form-data; boundary=----WebKitFormBoundary12345`
`869`	`869`	`#`
`870`		`-SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.\-+]+(?:\s?;\s?(?:boundary\|charset)\s?=\s?['\"\w.\-()+,/:=?]+)?$" \`
	`870`	`+SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+-]+(?:\s?;\s?(?:boundary\|charset)\s?=\s?['\"\w.()+,/:=?-]+)?$" \`
`871`	`871`	`"id:920470,\`
`872`	`872`	`phase:1,\`
`873`	`873`	`block,\`