Rule 921160, fixed runaway regex, v3.1/dev #1004

CRS-migration-bot · 2020-05-13T13:45:27Z

Issue for tracking original pull request created by user allanbomsft on date 2018-02-02 20:34:06.
Link to original PR: SpiderLabs/owasp-modsecurity-crs#1004.

HEAD is: 4b9a2149d6fa95ddb063f89a82e8bcae966fe9f7
BASE is: ce36ede
Same as SpiderLabs/owasp-modsecurity-crs#1000 , but based on v3.1/dev.

This fixes issue #999 .

Fixed space matching that caused catastrophic backtracking ( https://www.regular-expressions.info/catastrophic.html ).

Changing \s+ to just \s, as the following \s* will match the same thing, but without the catastrophic backtracking. Actually, I think the \s could be removed all together, because I cannot think of why we should be concerned with lines starting with a space followed by a colon. However, leaving it as per dune73 's suggestion, as we don't understand why it's there in the first place.

Here's a good illustration of the original regex and the updated regex

Updated the regression tests. I believe the original regression test had a bug, because it has %0d%0R, which is not even valid URL encoding. I think it was meant to say %0d%0a, which means \r\n. Leaving the old one in place just in case it was actually on purpose, and adding new ones with what I think was meant.

The text was updated successfully, but these errors were encountered:

CRS-migration-bot closed this as completed May 13, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Rule 921160, fixed runaway regex, v3.1/dev #1004

Rule 921160, fixed runaway regex, v3.1/dev #1004

Uh oh!

Rule 921160, fixed runaway regex, v3.1/dev #1004

Rule 921160, fixed runaway regex, v3.1/dev #1004

Comments