1[
2{
3  "enabled": 1,
4  "version_min": 209000,
5  "version_max": -1,
6  "title": "Regex match does not work when arg ends with unescaped equal char (1/2)",
7  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1743",
8  "gihub_issue": 1743,
9  "client": {
10    "ip": "200.249.12.31",
11    "port": 2313
12  },
13  "server": {
14    "ip": "200.249.12.31",
15    "port": 80
16  },
17  "request": {
18    "uri":"/?x=foo%3d",
19    "headers": "",
20    "body": "",
21    "method": "GET",
22    "http_version": 1.1
23  },
24  "response": {
25    "headers": "",
26    "body": ""
27  },
28  "expected": {
29    "debug_log": "Rule returned 1",
30    "error_log": "Value: `foo='",
31    "http_code": 403
32  },
33  "rules": [
34    "SecRuleEngine On",
35    "SecRule ARGS \"foo?=\" \"phase:2,id:1,capture,t:none,t:lowercase,deny,msg:'XSS Attack Detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'\""
36  ]
37},
38{
39  "enabled": 1,
40  "version_min": 209000,
41  "version_max": -1,
42  "title": "Regex match does not work when arg ends with unescaped equal char (2/2)",
43  "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1743",
44  "gihub_issue": 1743,
45  "client": {
46    "ip": "200.249.12.31",
47    "port": 2313
48  },
49  "server": {
50    "ip": "200.249.12.31",
51    "port": 80
52  },
53  "request": {
54    "uri":"/?x=foo=",
55    "headers": "",
56    "body": "",
57    "method": "GET",
58    "http_version": 1.1
59  },
60  "response": {
61    "headers": "",
62    "body": ""
63  },
64  "expected": {
65    "debug_log": "Rule returned 1",
66    "error_log": "Value: `foo='",
67    "http_code": 403
68  },
69  "rules": [
70    "SecRuleEngine On",
71    "SecRule ARGS \"foo?=\" \"phase:2,id:1,capture,t:none,t:lowercase,deny,msg:'XSS Attack Detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'\""
72  ]
73}
74]
75