Failed when checking null value

[XuanHuyDuong]

Hello dev team,

I'm using Nginx + Modsecurity v3/master. I found an error when checking null value. I checked User-Agent value with operator "^$". Here is result:

As you see, User-Agent value is null but result of this rule is false. I checked it using CRS regression. Here are rule and testcase:

I hope you will reply soon. Thank you!

[victorhora]

Hi @XuanHuyDuong,

I can confirm this issue.

It seemed like Regex::searchAll which is called by the @rx operator here was not getting added to retList due to the length of the subject string (e.g. User-Agent) being "0" ending up in a condition that returned an empty list leading to a failed match by the @rx operator

I have suggested fix at #1788. So far it's looking good with the tests and buildbots, but it needs further review from @zimmerle in case it breaks some other condition that I'm currently not aware.

[zimmerle]

Fixed at: fd8e72f