Failed when checking null value #1785
Assignees
Labels
3.x
Related to ModSecurity version 3.x
bug
It is a confirmed bug
pending feedback
RIP - libmodsecurity
Milestone
Comments
victorhora
added
RIP - libmodsecurity
3.x
|
Hi @XuanHuyDuong, I can confirm this issue. It seemed like Regex::searchAll which is called by the @rx operator here was not getting added to retList due to the length of the subject string (e.g. User-Agent) being "0" ending up in a condition that returned an empty list leading to a failed match by the @rx operator I have suggested fix at #1788. So far it's looking good with the tests and buildbots, but it needs further review from @zimmerle in case it breaks some other condition that I'm currently not aware. |
zimmerle
pushed a commit
that referenced
this issue
Jun 19, 2018
|
Fixed at: fd8e72f |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello dev team,
I'm using Nginx + Modsecurity v3/master. I found an error when checking null value. I checked User-Agent value with operator "^$". Here is result:
As you see, User-Agent value is null but result of this rule is false. I checked it using CRS regression. Here are rule and testcase:
I hope you will reply soon. Thank you!
The text was updated successfully, but these errors were encountered: