- 
                Notifications
    You must be signed in to change notification settings 
- Fork 1.7k
Open
Labels
Description
Context:
Currently, (unescaped) backslashes are forbidden in variables content.
In msre_parse_generic():
if (*p == '\\') {
   if ((*(p + 1) == '\0') || ((*(p + 1) != '\'') && (*(p + 1) != '\\'))) {
      [error & return]
   }
   p++;
The only case a backslash is accepted is when it escapes a single quote or a backslash.
Problem:
You cannot store a regex in a variable: setvar:'tx.var=\babc\b'
When doing this manually, you can escape the string obviously: setvar:'tx.var=\babc\b'
But when you use a macro like the following:
<Macro MyMacro $regex>
 SecAction ...,setver:'var=$regex',...
 SecRule ARG "$regex" ...
</Macro>
there's no way to call the macro with a parameter compatible with both directives
Solution:
We could be lax (and still compatible with the current behaviour):
- If it's followed by a quote or a backslash, accept and "eats" the escaping backslash
- In all other cases, accept and don't "eat" the backslash
- the code change is trivial
Does somebody see any other solution?