Fix FILES_TMP_CONTENT collection key naming mechanism by airween · Pull Request #2831 · owasp-modsecurity/ModSecurity (original) (raw)

It seems that in v3 the FILES_TMP_CONTENT collection key names get wrong value: it's the name of the user's file, not the name of the multipart part's name.

The documentation is a bit poor both in v2 and v3, none of them mentioned the keys.

I just realized this behavior when I tested a rule, where I wanted to inspect a specified field in multipart request.

For eg. take a look to the v3's relevant regression test:

        "----------------------------756b6d74fa1a8ee2",
        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"",
        "Content-Type: text/plain",
        "",
        "This is a very small test file..",

The test uses this rule:

        SecRule FILES_TMP_CONTENT:small_text_file1.txt "small" "id:1,phase:3,pass,t:trim,msg:'s'"

In ModSecurity v2, this example works with FILES_TMP_CONTENT:filedata. Btw I think using the file name specified by the user as keys makes no sense.