Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG#3578
Open
hnakamur wants to merge 1 commit into
Open
Conversation
…_MSG * Rename variable generator functions to match the new variable names. * Remove remaining references to the deprecated variables and update tests to use the new ones. Why this change? The REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG variables were deprecated, and the new REQBODY_ERROR and REQBODY_ERROR_MSG variables were introduced in: owasp-modsecurity@d0e2546 REQBODY_ERROR always has the same value as REQBODY_PROCESSOR_ERROR because both use the same variable generator function. The same is true for REQBODY_ERROR_MSG and REQBODY_PROCESSOR_ERROR_MSG. In addition, there are no remaining references to the deprecated REQBODY_PROCESSOR_ERROR or REQBODY_PROCESSOR_ERROR_MSG variables in: https://github.com/coreruleset/coreruleset See owasp-modsecurity#3576 for the discussion.
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the deprecated REQBODY_PROCESSOR_ERROR / REQBODY_PROCESSOR_ERROR_MSG variables from the default variable registry and updates bundled configs + regression tests to use the newer REQBODY_ERROR / REQBODY_ERROR_MSG equivalents.
Changes:
- Removed registration of deprecated request-body error variables and renamed the associated generator functions to match the non-deprecated variable names.
- Updated regression tests to reference
REQBODY_ERRORinstead ofREQBODY_PROCESSOR_ERROR. - Updated sample configuration files to log
REQBODY_ERRORin multipart strict-validation messages.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
tests/regression/target/00-targets.t |
Removes TODO entries for deprecated variables. |
tests/regression/misc/00-multipart-parser.t |
Replaces deprecated variable usage in multipart regression rules. |
tests/modsecurity.conf-minimal |
Updates multipart strict-validation log message to use REQBODY_ERROR. |
modsecurity.conf-recommended |
Updates multipart strict-validation log message to use REQBODY_ERROR. |
iis/wix/modsecurity.conf |
Updates multipart strict-validation log message to use REQBODY_ERROR. |
apache2/re_variables.c |
Removes deprecated variable registration and renames generator functions for the new variable names. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
707
to
710
| SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500095" | ||
| SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny,id:500096" | ||
| SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny,id:500097" | ||
| SecRule REQBODY_ERROR "\@eq 1" "chain,phase:2,deny,id:500097" | ||
| ), |
Contributor
Author
There was a problem hiding this comment.
The line of REQBODY_PROCESSOR_ERROR with chain was added at
in
08edc0c#diff-a02aa6271cfdb6c1a85b4bcf5ffa5acf68af8ca165bf495f63f75b5e2906e3f5R711
I think we can drop this chain.
@airween Do you think it is OK for me to add a commit to drop this chain, or to open a new PR instead?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
what
why
The REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG variables were deprecated, and the new REQBODY_ERROR and REQBODY_ERROR_MSG variables were introduced in: d0e2546
REQBODY_ERROR always has the same value as REQBODY_PROCESSOR_ERROR because both use the same variable generator function. The same is true for REQBODY_ERROR_MSG and REQBODY_PROCESSOR_ERROR_MSG.
In addition, there are no remaining references to the deprecated REQBODY_PROCESSOR_ERROR or REQBODY_PROCESSOR_ERROR_MSG variables in: https://github.com/coreruleset/coreruleset
See #3576 for the discussion.
references