REQUEST_COOKIES_NAMES crashes(?) coraza

[louis-lau]

Description

Hi!

This rule, taken directly out of the example docs:

SecRule &REQUEST_COOKIES_NAMES:JSESSIONID "@eq 0" "id:45"

Seems to crash coraza. In coraza-caddy it causes a failure state without any logging. (corazawaf/coraza-caddy#246).

But trying it inside https://playground.coraza.io/, it also seems to crash. Returning an undefined error, then erroring for every analysis ran afterward.

Steps to reproduce

Head to https://playground.coraza.io/, paste rule, press Analyze.

Expected result

Probably shouldn't crash :)

Actual result

Crash :)

[M4tteoP]

Hey! Thanks for reporting this. The fix has already been implemented in #1143
and has landed on master. It will be included in the next release, likely by the end of the year.

[louis-lau]

Aha! I did try to search for past issues but that search had failed me haha. Thank you!

Probably keep this open until release fo others to find?

[fzipi]

@louis-lau Can you confirm this was fixed for you in v3.4.0?