test: add issue-3505 regression tests for ctl:ruleRemoveTargetById regex

etiennemunnich · etiennemunnich · commit bc95a9b23936 · 2026-03-04T18:18:41.000+11:00
- 2 test cases: JSON array keys, mixpanel suffix (SecRuleUpdateTargetById parity)
- Expected to fail until regex support is implemented
- OODA baseline: Test 1 parse error, Test 2 HTTP 403 (exclusion not applied)

Made-with: Cursor
diff --git a/test/test-cases/regression/issue-3505.json b/test/test-cases/regression/issue-3505.json
@@ -0,0 +1,87 @@
+[
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "title": "Issue 3505: ctl:ruleRemoveTargetById with regex - JSON array keys",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 123
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "localhost",
+        "User-Agent": "curl/7.38.0",
+        "Accept": "*/*",
+        "Content-Type": "application/json",
+        "Content-Length": "35"
+      },
+      "uri": "/api/jobs",
+      "method": "POST",
+      "body": [
+        "[{\"JobDescription\":\"javascript\"}]"
+      ]
+    },
+    "response": {
+      "headers": {
+        "Content-Length": "0"
+      },
+      "body": [
+        ""
+      ]
+    },
+    "expected": {
+      "http_code": 200
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule REQUEST_URI \"@beginsWith /api/jobs\" \"id:100100,phase:1,pass,nolog,ctl:ruleRemoveTargetById=932125;ARGS:/^json\\.\\d+\\.JobDescription$/\"",
+      "SecRule ARGS \"@rx (?i:script)\" \"id:932125,phase:2,deny,status:403,log,tag:'XSS'\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "title": "Issue 3505: ctl:ruleRemoveTargetById with regex - mixpanel suffix (parity with SecRuleUpdateTargetById)",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 123
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "localhost",
+        "User-Agent": "curl/7.38.0",
+        "Accept": "*/*",
+        "Content-Length": "0"
+      },
+      "uri": "/?mixpanel=value&other=attack",
+      "method": "GET",
+      "body": [
+        ""
+      ]
+    },
+    "response": {
+      "headers": {
+        "Content-Length": "0"
+      },
+      "body": [
+        ""
+      ]
+    },
+    "expected": {
+      "http_code": 200
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule REQUEST_FILENAME \"@unconditionalMatch\" \"id:100,phase:1,pass,nolog,ctl:ruleRemoveTargetById=1;ARGS:/mixpanel$/\"",
+      "SecRule ARGS \"@contains value\" \"id:1,phase:2,deny,status:403,tag:'test'\""
+    ]
+  }
+]
diff --git a/test/test-suite.in b/test/test-suite.in
@@ -44,6 +44,7 @@ TESTS+=test/test-cases/regression/config-secdefaultaction.json
 TESTS+=test/test-cases/regression/config-secremoterules.json
 TESTS+=test/test-cases/regression/config-update-action-by-id.json
 TESTS+=test/test-cases/regression/config-update-target-by-id.json
+TESTS+=test/test-cases/regression/issue-3505.json
 TESTS+=test/test-cases/regression/config-update-target-by-msg.json
 TESTS+=test/test-cases/regression/config-update-target-by-tag.json
 TESTS+=test/test-cases/regression/config-xml_external_entity.json
