owasp-modsecurity · airween · Apr 22, 2020 · Oct 23, 2020 · zimmerle · Oct 23, 2020
diff --git a/Makefile.am b/Makefile.am
@@ -185,6 +185,7 @@ TESTS+=test/test-cases/regression/request-body-parser-xml-validade-dtd.json
 TESTS+=test/test-cases/regression/rule-920120.json
 TESTS+=test/test-cases/regression/rule-920200.json
 TESTS+=test/test-cases/regression/rule-920274.json
+TESTS+=test/test-cases/regression/rule-920450.json
 TESTS+=test/test-cases/regression/secaction.json
 TESTS+=test/test-cases/regression/secargumentslimit.json
 TESTS+=test/test-cases/regression/sec_component_signature.json

diff --git a/src/collection/backend/in_memory-per_process.cc b/src/collection/backend/in_memory-per_process.cc
@@ -134,7 +134,7 @@ void InMemoryPerProcess::resolveRegularExpression(const std::string& var,
     //std::string name = std::string(var, var.find(":") + 2,
     //    var.size() - var.find(":") - 3);
     //size_t keySize = col.size();
-    Utils::Regex r(var);
+    Utils::Regex r(var, true);
 
     for (const auto& x : *this) {
         //if (x.first.size() <= keySize + 1) {

diff --git a/src/collection/backend/lmdb.cc b/src/collection/backend/lmdb.cc
@@ -537,7 +537,7 @@ void LMDB::resolveRegularExpression(const std::string& var,
     MDB_stat mst;
     MDB_cursor *cursor;
 
-    Utils::Regex r(var);
+    Utils::Regex r(var, true);
 
     rc = mdb_txn_begin(m_env, NULL, 0, &txn);
     lmdb_debug(rc, "txn", "resolveRegularExpression");

diff --git a/src/utils/regex.cc b/src/utils/regex.cc
@@ -38,12 +38,16 @@ namespace modsecurity {
 namespace Utils {
 
 
-Regex::Regex(const std::string& pattern_)
+Regex::Regex(const std::string& pattern_, bool ignoreCase)
     : pattern(pattern_.empty() ? ".*" : pattern_) {
     const char *errptr = NULL;
     int erroffset;
+    int flags = (PCRE_DOTALL|PCRE_MULTILINE);
 
-    m_pc = pcre_compile(pattern.c_str(), PCRE_DOTALL|PCRE_MULTILINE,
+    if (ignoreCase == true) {
+        flags |= PCRE_CASELESS;
+    }
+    m_pc = pcre_compile(pattern.c_str(), flags,
         &errptr, &erroffset, NULL);
 
     m_pce = pcre_study(m_pc, pcre_study_opt, &errptr);

diff --git a/src/utils/regex.h b/src/utils/regex.h
@@ -50,7 +50,7 @@ class SMatch {
 
 class Regex {
  public:
-    explicit Regex(const std::string& pattern_);
+    explicit Regex(const std::string& pattern_, bool ignoreCase = false);
     ~Regex();
 
     // m_pc and m_pce can't be easily copied

diff --git a/test/test-cases/regression/rule-920450.json b/test/test-cases/regression/rule-920450.json
@@ -0,0 +1,87 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"OWASP CRS id:920450",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "TRANSLATE": "test"
+      },
+      "uri":"/",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":403
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule &TX:restricted_headers \"@eq 0\" \"id:901165,phase:1,pass,nolog,setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'\"",
+      "SecRule REQUEST_HEADERS_NAMES \"@rx ^.*$\" \"id:920450,phase:2,capture,block,deny,t:lowercase,setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',chain",
+      "SecRule TX:/^HEADER_NAME_/ \"@within %{tx.restricted_headers}\" \"\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"OWASP CRS id:920450",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Accept": "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
+        "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
+        "Accept-Encoding": "gzip,deflate",
+        "Accept-Language": "en-us,en;q=0.5",
+        "Host": "localhost",
+        "Keep-Alive": "300",
+        "Proxy-Connection": "keep-alive",
+        "User-Agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv"
+      },
+      "uri":"/",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule &TX:restricted_headers \"@eq 0\" \"id:901165,phase:1,pass,nolog,setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'\"",
+      "SecRule REQUEST_HEADERS_NAMES \"@rx ^.*$\" \"id:920450,phase:2,capture,block,deny,t:lowercase,setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',chain",
+      "SecRule TX:/^HEADER_NAME_/ \"@within %{tx.restricted_headers}\" \"\""
+    ]
+  }
+]