Allow \ in setvar

[JonathanBerrew]

This is a Marc Stern modification, I don't have much more insight on the code he made. To be reviewed with caution and check if this is still relevant

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[airween]

Hi @JonathanBerrew,

it would be nice to explain the reason with an example, why it is necessary and in which case is it useful to allow \ in setvar action.

[JonathanBerrew]

Sadly I don't know why Marc made those modifications, I wasn't working on the project at the time. If this seem unnecessary, you can close the PR

[airween]

Sadly I don't know why Marc made those modifications, I wasn't working on the project at the time. If this seem unnecessary, you can close the PR

I see. I don't want to close this PR without any reason. If Marc made this modification, that means it's possible useful, but I would like to understand it. Beside of that, we need to documentation the behavior, and give examples to users, so this is why it would be good.

[fzipi]

No tests, and no use cases. 🤷 I'll close.

[JonathanBerrew]

This could be useful to have a setvar with a windows path for example or any regex. This keep the previous behaviour that was working for the escaping of the single quote

[airween]

This could be useful to have a setvar with a windows path for example or any regex. This keep the previous behaviour that was working for the escaping of the single quote

Thanks for this explanation. Anyway, it could be very good to add a real-world example. Eg. if you use this feature, just a small part any of your rule where you use that.

[JonathanBerrew]

In our rules, we have:

<Macro SecObsolete_ @target $pattern $msg>
 Use NotInsideLocation
 Use SecRule ENV:PathToIgnore @unconditionalMatch  "phase:1,t:none,tag:specific,~{skipAfter}:AfterObsoleteLocation"
  Use SecRule @target  "(?i)$pattern"  "phase:1,t:none,tag:specific,setvar:'TX.obsolete_$pattern',ctl:auditLogParts=-CEGI,~{localFile}=/SecError/obsolete.html,~{noErrorHeader},msg:'Obsolete $msg'"
  Use RuleLogSome IP "obsolete_$pattern" 100
 Use SecMarker AfterObsoleteLocation
</Macro>

<Macro SecObsoleteLocation @pattern>
 Use SecObsolete_ TX:url   @pattern location
</Macro>

<Macro SecObsoleteHost                 @pattern>
 Use SecObsolete_ REQUEST_HEADERS:Host @pattern location
</Macro>

Here we have setvar:'TX.obsolete_$pattern'
Where pattern could be any regex for a locationMatch for example.
Is this a good example? If not I'll try to look if we have other better ones

[airween]

Is this a good example? If not I'll try to look if we have other better ones

Uhm, without the mentioned <Location> syntax, I think this is hard to understand. Could you get a more exact example?