[Ruleset Engine] Review examples for request body fields (#19118)

Author: pedrosousa

src/content/docs/ruleset-engine/rules-language/fields/dynamic-fields.mdx

@@ -94,7 +94,7 @@ Indicates whether the visitor has previously passed a JS Detection. For more det
 
 List of IDs that correlate to the Bot Management heuristic detections made on a request (you can have multiple heuristic detections on the same request). Use this field to explicitly match a specific heuristic or to exclude a heuristic in a rule.
 
-Example:
+Example usage:
 
 ```txt
 any(cf.bot_management.detection_ids[*] eq 33554817)
@@ -148,7 +148,7 @@ Represents a Cloudflare threat score from 0–100, where 0 indicates low risk. V
 
 The cipher for the connection to Cloudflare.
 
-Example:
+Example value:
 
 ```txt
 "AES128-SHA256"
@@ -178,7 +178,7 @@ Returns `true` when a request presents a certificate (valid or not).
 
 The Distinguished Name (DN) of the Certificate Authority (CA) that issued the certificate included in the request.
 
-Example:
+Example value:
 
 ```txt
 "CN=Access Testing CA,OU=TX,O=Access Testing,L=Austin,ST=Texas,C=US"
@@ -190,7 +190,7 @@ Example:
 
 The Distinguished Name (DN) of the owner (or requester) of the certificate included in the request.
 
-Example:
+Example value:
 
 ```txt
 "CN=James Royal,OU=Access Admins,O=Access,L=Austin,ST=Texas,C=US"
@@ -202,9 +202,9 @@ Example:
 
 The Distinguished Name (DN) of the Certificate Authority (CA) that issued the certificate in the request in [RFC 2253](https://datatracker.ietf.org/doc/html/rfc2253) format.
 
-Example:
+Example value:
 
-```
+```txt
 "CN=Access Testing CA,OU=TX,O=Access Testing,L=Austin,ST=Texas,C=US"
 ```
 
@@ -214,9 +214,9 @@ Example:
 
 The Distinguished Name (DN) of the owner (or requester) of the certificate in the request in [RFC 2253](https://datatracker.ietf.org/doc/html/rfc2253) format.
 
-Example:
+Example value:
 
-```
+```txt
 "CN=James Royal,OU=Access Admins,O=Access,L=Austin,ST=Texas,C=US"
 ```
 
@@ -226,9 +226,9 @@ Example:
 
 The Distinguished Name (DN) of the Certificate Authority (CA) that issued the certificate in the request in a legacy format.
 
-Example:
+Example value:
 
-```
+```txt
 "/C=US/ST=Texas/L=Austin/O=Access Testing/OU=TX/CN=Access Testing CA"
 ```
 
@@ -238,9 +238,9 @@ Example:
 
 The Distinguished Name (DN) of the owner (or requester) of the certificate in the request in a legacy format.
 
-Example:
+Example value:
 
-```
+```txt
 "/C=US/ST=Texas/L=Austin/O=Access/OU=Access Admins/CN=James Royal"
 ```
 
@@ -250,9 +250,9 @@ Example:
 
 Serial number of the certificate in the request.
 
-Example:
+Example value:
 
-```
+```txt
 "527E0F20A20EA2A4146C78390F34CE7AF0878CA4"
 ```
 
@@ -262,9 +262,9 @@ Example:
 
 Serial number of the direct issuer of the certificate in the request.
 
-Example:
+Example value:
 
-```
+```txt
 "2688201DBA77402EA87118876F2E1B24CF8B0395"
 ```
 
@@ -274,9 +274,9 @@ Example:
 
 The SHA-256 fingerprint of the certificate in the request.
 
-Example:
+Example value:
 
-```
+```txt
 "af363dc85bc942a892d3cee9796190fdb36d89cd588a4f1cb17c74a943439714"
 ```
 
@@ -286,9 +286,9 @@ Example:
 
 The SHA-1 fingerprint of the certificate in the request.
 
-Example:
+Example value:
 
-```
+```txt
 "933ad5282c560ae3f482a43ecd73bc9de878a190"
 ```
 
@@ -298,9 +298,9 @@ Example:
 
 The certificate in the request is not valid before this date.
 
-Example:
+Example value:
 
-```
+```txt
 "Mar 21 13:35:00 2022 GMT"
 ```
 
@@ -310,9 +310,9 @@ Example:
 
 The certificate in the request is not valid after this date.
 
-Example:
+Example value:
 
-```
+```txt
 "Mar 21 13:35:00 2023 GMT"
 ```
 
@@ -322,9 +322,9 @@ Example:
 
 The Subject Key Identifier (SKI) of the certificate in the request.
 
-Example:
+Example value:
 
-```
+```txt
 "27846FAE6EAC4A8DAD9101B519CF1EB460242831"
 ```
 
@@ -334,9 +334,9 @@ Example:
 
 The Subject Key Identifier (SKI) of the direct issuer of the certificate in the request.
 
-Example:
+Example value:
 
-```
+```txt
 "8204924CF49D471E855862706D889F58F6B784D3"
 ```
 
@@ -346,9 +346,9 @@ Example:
 
 The SHA-1 fingerprint of TLS client extensions, encoded in Base64.
 
-Example:
+Example value:
 
-```
+```txt
 "OWFiM2I5ZDc0YWI0YWYzZmFkMGU0ZjhlYjhiYmVkMjgxNTU5YTU2Mg=="
 ```
 
@@ -358,9 +358,9 @@ Example:
 
 The length of the client hello message sent in a [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake). Specifically, the length of the bytestring of the client hello.
 
-Example:
+Example value:
 
-```
+```txt
 508
 ```
 
@@ -370,9 +370,9 @@ Example:
 
 The value of the 32-byte random value provided by the client in a [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake), encoded in Base64. Refer to [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.2) for more details.
 
-Example:
+Example value:
 
-```
+```txt
 "YWJjZA=="
 ```
 
@@ -382,9 +382,9 @@ Example:
 
 The TLS version of the connection to Cloudflare.
 
-Example:
+Example value:
 
-```
+```txt
 "TLSv1.2"
 ```
 

src/content/docs/ruleset-engine/rules-language/fields/http-request-body.mdx

@@ -72,14 +72,13 @@ The return value may be truncated if [`http.request.body.truncated`](#httpreques
 - **Whitespace:** preserved
 - **Non-ASCII:** preserved
 
-Example:
+Example value:
 
-```txt
-any(http.request.body.form["username"][*] == "admin")
-```
+`{"username": ["admin"]}`
 
-Example value:
-`{username": ["admin"]}`
+Example usage:
+
+`any(http.request.body.form["username"][*] == "admin")`
 
 ## `http.request.body.form.names`
 
@@ -97,16 +96,14 @@ The return value may be truncated if [`http.request.body.truncated`](#httpreques
 - **Whitespace:** preserved
 - **Non-ASCII:** preserved
 
-Example:
-
-```txt
-any(http.request.body.form.names[*] == "username")
-```
-
 Example value:
 
 `["username"]`
 
+Example usage:
+
+`any(http.request.body.form.names[*] == "username")`
+
 ## `http.request.body.form.values`
 
 `http.request.body.form.values` <Type text='Array<String>' />
@@ -123,16 +120,14 @@ The return value may be truncated if [`http.request.body.truncated`](#httpreques
 - **Whitespace:** preserved
 - **Non-ASCII:** preserved
 
-Example:
-
-```txt
-any(http.request.body.form.values[*] == "admin")
-```
-
 Example value:
 
 `["admin"]`
 
+Example usage:
+
+`any(http.request.body.form.values[*] == "admin")`
+
 ## `http.request.body.mime`
 
 `http.request.body.mime` <Type text='String' />
@@ -141,9 +136,13 @@ The MIME type of the request detected from the request body.
 
 Supports the most common MIME types of the following general categories: video, audio, image, application, text.
 
-Example:
+Example value:
+
+`"image/jpeg"`
+
+Example usage:
 
-`image/jpeg`
+`http.request.body.mime in {"image/bmp" "image/gif" "image/jpeg" "image/png" "image/tiff"}`
 
 This field is available on all Cloudflare plans.
 
@@ -155,7 +154,11 @@ A Map (or associative array) representation of multipart names to multipart valu
 
 Example value:
 
-`{"username": ["alice_doe"], "picture": [<binary_content_of_file>]}`
+`{"username": ["alice_doe"], "role": ["editor"], "picture": [<binary_content_of_file>]}`
+
+Example usage:
+
+`any(http.request.body.multipart["role"][*] == "admin")`
 
 ## `http.request.body.multipart.names`
 
@@ -167,7 +170,7 @@ Example value:
 
 `[["username"], ["picture"]]`
 
-Example:
+Example usage:
 
 `any(http.request.body.multipart.names[*][0] == "picture")`
 
@@ -181,6 +184,10 @@ Example value:
 
 `["alice_doe", <binary_content_of_file>]`
 
+Example usage:
+
+`any(http.request.body.multipart.values[*] == "alice_doe")`
+
 ## `http.request.body.multipart.content_types`
 
 `http.request.body.multipart.content_types` <Type text='Array<Array<String>>' />
@@ -191,7 +198,7 @@ Example value:
 
 `[["text/plain"], ["image/jpeg"]]`
 
-Example:
+Example usage:
 
 `any(http.request.body.multipart.content_types[*][0] == "application/octet-stream")`
 
@@ -203,7 +210,11 @@ List of `Content-Disposition` headers for each part in the multipart body.
 
 Example value:
 
-`[["form-data; name=\"username\"], ["form-data;name=\"picture\"]]`
+`[["form-data; name=\"username\""], ["form-data; name=\"picture\""]]`
+
+Example usage:
+
+`any(http.request.body.multipart.content_dispositions[*][0] in {"form-data; name=\"username\"" "form-data; name=\"picture\""})`
 
 ## `http.request.body.multipart.content_transfer_encodings`
 
@@ -213,7 +224,11 @@ List of `Content-Transfer-Encoding` headers for each part in the multipart body.
 
 Example value:
 
-`[["quoted-printable"], ["quoted-printable"]]`
+`[["quoted-printable"], ["base64"]]`
+
+Example usage:
+
+`any(http.request.body.multipart.content_transfer_encodings[*][0] == "binary")`
 
 ## `http.request.body.multipart.filenames`
 
@@ -224,3 +239,7 @@ List of filenames for each part in the multipart body.
 Example value:
 
 `[["file1.txt"], ["photo.jpg"]]`
+
+Example usage:
+
+`any(http.request.body.multipart.filenames[*][0] in {"token.txt" "password.txt"})`