Updated rule 920120 to use rule inversion instead of negative look-be…

…hind

Relates to #2360

rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf

@@ -81,58 +81,31 @@ SecRule REQUEST_LINE "!@rx (?i)^(?:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::
 #
 # -=[ Rule Logic ]=-
 # These rules check for the existence of the ' " ; = meta-characters in
-# either the file or file name variables.
-# HTML entities may lead to false positives, why they are allowed on PL1.
-# Frequently used HTML entities such as ä are allowed.
+# either the "name" (FILES) and "filename" (FILES_NAMES) variables.
+# HTML entities may lead to false positives, which is why
+# frequently used ones, such as "ä", are allowed at PL1.
 #
 # -=[ Targets, characters and html entities ]=-
 #
-# 920120: PL1 : FILES_NAMES, FILES
-#    ['\";=] or any of the following entities:
-#    &[aeiouclnrszg]acute;
-#    &[cdelnrstz]caron;
-#    &[cgklnrst]cedil;
-#    &[aeioucghjswy]circ;
-#    &[aeiou]grave;
-#    &[au]ring;
-#    &[anoi]tilde;
-#    &[aeiouy]uml;
-#    &
-#    '
-#     
-#    ø
+# 920120 + 920122: PL1 : FILES_NAMES, FILES
+#    Disallow ['\";=], except for frequently used HTML entities (see 920120.data).
 #
 # 920121: PL2 : FILES_NAMES, FILES
-#                ['\";=] : ' " ; = meta-characters
+#    Disallow ['\";=]
 #
 # -=[ References ]=-
 # https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-96000
 # http://www.ietf.org/rfc/rfc2183.txt
 #
-# The regular expression in the active rule 920120 demands a PCRE-compatible
-# regular expression engine. If you are using a non-PCRE engine, you can generate
-# an equivalent regular expression by generating the expression (the resulting
-# expression will not use negative lookbehind):
-#   cd util/regexp-assemble
-#   ./regexp-assemble.py 920120-no-backtracking
-#
-# This alternative regex is not the default one, since it comes with a severe
-# performance impact, namely for larger files.
-#
-# Caution: The performance impact of the alternative regex can lead to
-# a DoS for larger files.
-#
-# Please see https://coreruleset.org/20210106/introducing-msc_retest/ for
-# a thorough discussion and detailed performance data.
-#
-# The regex in the following enabled rule is not supported by non-PCRE
-# regular expression engines (?<!re).
+# This rule used to use negative look-behind.
+# See https://github.com/coreruleset/coreruleset/wiki/Technical-Decisions-and-Best-Practices#avoiding-negative-look-behind-in-regular-expressions
+# for an explanation of why it now uses `!@rx` instead to avoid look-around.
 #
 # To rebuild the regular expression:
 #   cd util/regexp-assemble
 #   ./regexp-assemble.py 920120
 #
-SecRule FILES_NAMES|FILES "@rx (?i)(?:(?<!&[aeiouy]uml|&[aeioucghjswy]circ|&[aeiouclnrszg]acute|&[aeiou]grave|&[cgklnrst]cedil|&[anoi]tilde|&[cdelnrstz]caron|&oslash|&amp|&nbsp|&apos|&[au]ring);|['\"=])" \
+SecRule FILES|FILES_NAMES "!@rx (?i)^(?:&(?:(?:[aeiouclnrszg]acut|[aeiou]grav|[anoi]tild)e|(?:[cgklnrst]cedi|[aeiouy]um)l|[aeioucghjswy]circ|[cdelnrstz]caron|a(?:pos|mp)|[au]ring|oslash|nbsp);|[^'\";=])*$" \
     "id:920120,\
     phase:2,\
     block,\

util/regexp-assemble/data/920120.data

@@ -19,23 +19,8 @@
 ##!
 ##! Currently supported preoprocessors:
 ##! - cmdline [windows|unix] (file scope)
-##! - neglook (block scope)
 ##! Please refer to util/regexp-assemble/README.md for a full explanation.
 
-##! We are looking for the following entity expressions:
-##! &[aeiouclnrszg]acute;
-##! &[cdelnrstz]caron;
-##! &[cgklnrst]cedil;
-##! &[aeioucghjswy]circ;
-##! &[aeiou]grave;
-##! &[au]ring;
-##! &[anoi]tilde;
-##! &[aeiouy]uml;
-##! &
-##! '
-##!  
-##! ø
-##!
 ##! The HTML entities included in the expression are a best guess selection of frequently
 ##! used entities. Including too many would further reduce the performance of the expression
 ##! but there may well be additional entities that would make sense to add to the list.
@@ -44,5 +29,19 @@
 
 ##!+ i
 
-(?<!&[aeiouy]uml|&[aeioucghjswy]circ|&[aeiouclnrszg]acute|&[aeiou]grave|&[cgklnrst]cedil|&[anoi]tilde|&[cdelnrstz]caron|&oslash|&amp|&nbsp|&apos|&[au]ring);
-['\"=]
+##!^ ^
+##!$ *$
+
+&[aeiouclnrszg]acute;
+&[cdelnrstz]caron;
+&[cgklnrst]cedil;
+&[aeioucghjswy]circ;
+&[aeiou]grave;
+&[au]ring;
+&[anoi]tilde;
+&[aeiouy]uml;
+&amp;
+&apos;
+&nbsp;
+&oslash;
+[^'\";=]