Skip to content

fix: make regexen Rust's regex compatible#4385

Merged
fzipi merged 1 commit into
coreruleset:mainfrom
fgsch:fgsch/push-zprynolkyrvn
Dec 22, 2025
Merged

fix: make regexen Rust's regex compatible#4385
fzipi merged 1 commit into
coreruleset:mainfrom
fgsch:fgsch/push-zprynolkyrvn

Conversation

@fgsch
Copy link
Copy Markdown
Contributor

@fgsch fgsch commented Dec 20, 2025
edited
Loading

Proposed changes

Escape {, and unescape < and > to make https://github.com/rust-lang/regex happy.

Before these changes, I was seeing:

../coreruleset/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf: parse error: Parse error at 364:70: invalid regex "(?:{%[^%}]*%}|<%=?[^%>]*%>)": regex parse error:
    (?:{%[^%}]*%}|<%=?[^%>]*%>)
       ^
error: repetition operator missing expression
--
../coreruleset/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf: parse error: Parse error at 429:86: invalid regex "[oOcC]:\\d+:\".+?\":\\d+:{.*}": regex parse error:
    [oOcC]:\d+:".+?":\d+:{.*}
                          ^
error: repetition quantifier expects a valid decimal
--
../coreruleset/rules/REQUEST-921-PROTOCOL-ATTACK.conf: parse error: Parse error at 238:70: invalid regex "^[^:\\(\\)\\&\\|\\!\\<\\>\\~]*\\)\\s*(?:\\((?:[^,\\(\\)\\=\\&\\|\\!\\<\\>\\~]+[><~]?=|\\s*[&!|]\\s*(?:\\)|\\()?\\s*)|\\)\\s*\\(\\s*[\\&\\|\\!]\\s*|[&!|]\\s*\\([^\\(\\)\\=\\&\\|\\!\\<\\>\\~]+[><~]?=[^:\\(\\)\\&\\|\\!\\<\\>\\~]*)": regex parse error:
    ^[^:\(\)\&\|\!\<\>\~]*\)\s*(?:\((?:[^,\(\)\=\&\|\!\<\>\~]+[><~]?=|\s*[&!|]\s*(?:\)|\()?\s*)|\)\s*\(\s*[\&\|\!]\s*|[&!|]\s*\([^\(\)\=\&\|\!\<\>\~]+[><~]?=[^:\(\)\&\|\!\<\>\~]*)
                  ^^
error: invalid escape sequence found in character class
--
../coreruleset/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf: parse error: Parse error at 662:38: invalid regex "^\\(\\s*\\)\\s+{": regex parse error:
    ^\(\s*\)\s+{
               ^
error: unclosed counted repetition
--
../coreruleset/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf: parse error: Parse error at 1063:87: invalid regex "{{.*?}}": regex parse error:
    {{.*?}}
    ^
error: repetition operator missing expression

Trying these before and after using pcre2test -d shows no difference.

PR Checklist

  • I have read the CONTRIBUTING doc
  • I have added positive tests proving my fix/feature works as intended.
  • I have added negative tests that prove my fix/feature considers common cases that might end in false positives
  • In case you changed a regular expression, you are not adding a ReDOS for pcre. You can check this using regexploit
  • My test use the comment field to write the expected behavior
  • I have added documentation for the rule or change (when appropriate)

Further comments

For the reviewer

  • Positive and negative tests were added
  • Tests cover the intended fix/feature properly
  • No usage of dangerous constructs like ctl:requestBodyAccess=Off were used in the rule
  • In case a regular expression was changed, there is no ReDOS
  • Documentation is clear for the rule/change

@fgsch
Make regexen Rust's regex compatible
9a651d7 
Escape `{`, and unescape `<` and `>` to make
https://github.com/rust-lang/regex happy.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 20, 2025

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

fzipi
fzipi approved these changes Dec 20, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @fgsch 👋

We might also want to provide guidance to regexp writers in our contribution docs...and maybe add a lint in crs-linter for this 😀

Comment thread rules/REQUEST-921-PROTOCOL-ATTACK.conf
@fgsch
Copy link
Copy Markdown
Contributor Author

fgsch commented Dec 21, 2025

We might also want to provide guidance to regexp writers in our contribution docs...and maybe add a lint in crs-linter for this 😀

👋 I will try to open another PR to cover this in the docs.

@fzipi fzipi mentioned this pull request Dec 21, 2025
Closed
@fgsch fgsch mentioned this pull request Dec 22, 2025
Merged
11 tasks
@fgsch
Copy link
Copy Markdown
Contributor Author

fgsch commented Dec 22, 2025

Hey @fgsch 👋

We might also want to provide guidance to regexp writers in our contribution docs...and maybe add a lint in crs-linter for this 😀

👋 @fzipi .

Covered in #4389 .

@fzipi fzipi added this pull request to the merge queue Dec 22, 2025
Merged via the queue into coreruleset:main with commit 02fee3a Dec 22, 2025
14 checks passed
@fgsch fgsch deleted the fgsch/push-zprynolkyrvn branch December 22, 2025 15:48
@theseion theseion mentioned this pull request Jan 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fgsch @fzipi