fix: use per version config file

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

Author: fzipi

.github/workflows/verifyimage.yml

@@ -83,8 +83,17 @@ jobs:
 
       - name: Run ${{ matrix.target }}
         run: |
+          # get the major version from the matrix.target 
+          # Format: apache-debian-3-3-7, apache-alpine-4-18-0, nginx-debian-writable-3-3-7, nginx-alpine-writable-4-18-0
+          if echo "${{ matrix.target }}" | grep -q "nginx"; then
+            # nginx format: nginx-debian-writable-3-3-7 (5 parts) -> get $4
+            CRS_VERSION="v$(echo "${{ matrix.target }}" | awk -F'-' '{print $4}')"
+          else
+            # apache format: apache-debian-3-3-7 (4 parts) -> get $3
+            CRS_VERSION="v$(echo "${{ matrix.target }}" | awk -F'-' '{print $3}')"
+          fi
           . .github/workflows/configure-rules-for-test.sh \
-            src/opt/modsecurity/configure-rules.conf \
+            src/opt/modsecurity/configure-rules.${CRS_VERSION}.conf \
             README.md \
             "${{ matrix.target }}.env"
           echo "Starting container ${{ matrix.target }}-verification"

src/opt/modsecurity/configure-rules.sh

@@ -67,12 +67,25 @@ EOF
   # by either `,`, `'`, or `"`, depending on whether it's the last line of the rule
   # and whether the expression is enclosed in single quotes.
   # Use `#` as pattern delimiter, as `/` is part of some variable values.
-  ed -s "${setup_conf_path}" <<EOF 2 > /dev/null
+  # Try to find and update the variable (with or without quotes)
+  if ed -s "${setup_conf_path}" <<EOF 2 > /dev/null
 /id:${rule}/
-/setvar:[']*tx\.${tx_var_name}=/
-s#=[^,'"]*#=${var_value}#
+/setvar:tx\.${tx_var_name}=/
+s#=[^,"']*#=${var_value}#
 wq
 EOF
+  then
+    # Success with unquoted pattern
+    true
+  else
+    # Try with quoted pattern
+    ed -s "${setup_conf_path}" <<EOF 2 > /dev/null
+/id:${rule}/
+/setvar:'tx\.${tx_var_name}=/
+s#=.*'\"#=${var_value}'\"#
+wq
+EOF
+  fi
 }
 
 should_set() {

src/opt/modsecurity/configure-rules.v3.conf

@@ -16,8 +16,7 @@ false|ALLOWED_REQUEST_CONTENT_TYPE|900220|allowed_request_content_type|applicati
 false|ALLOWED_REQUEST_CONTENT_TYPE_CHARSET|900280|allowed_request_content_type_charset|utf-8
 false|ALLOWED_HTTP_VERSIONS|900230|allowed_http_versions|1.1
 false|RESTRICTED_EXTENSIONS|900240|restricted_extensions|.exe/
-false|RESTRICTED_HEADERS_BASIC|900250|restricted_headers_basic|/if/
-false|RESTRICTED_HEADERS_EXTENDED|900255|restricted_headers_extended|/x-some-header/
+false|RESTRICTED_HEADERS_BASIC|900250|restricted_headers|/if/
 false|MAX_NUM_ARGS|900300|max_num_args|100
 false|ARG_NAME_LENGTH|900310|arg_name_length|200
 false|ARG_LENGTH|900320|arg_length|300