The Big Backslash Hunt

Motivation

After discussion at the December monthly meeting (#2291), it was decided to standardise on using \x5c to represent the backslash \ character in regular expressions. Some of the reasons we chose this method are:

• It is portable across engines: it works with Apache, Nginx, and Coraza.
• It works with the new regexp-assemble.py script.

Alternatives

We (I) had previously started using the pattern [\\\\] in CRS rules. This is an alternative portable backslash representation. It was decided not to adopt this method. For future reference, some of the problems with this method are:

• It can be confusing and difficult to understand how it works.
• It doesn’t work with the new regexp-assemble.py script.
• It doesn’t work with Coraza.
• It isn’t obvious how to use it in a bracket expression, e.g. [a-zA-Z<portable-backslash>]

Plan

The plan is to tackle each rule individually with a separate PR, to make it simple to track the work and review each rule change.

I’ll start by undoing the previous changes I made to move to [\\\\] and will modify those rules to use \x5c instead.

The goal is to use \x5c in all rules and rule building files. There is also a note on the documentation planning wiki page to document how and why we represent backslashes in this way for the benefit of future CRS developers.

Progress

• Undo previous [\\\\] changes: convert to using \x5c (undoing PR 2183)
  • Rule 932200 (#2335)
  • Rule 933210 (already done in #2214)
  • Rule 941170 (#2345)
• Work through the rest of the CRS
  • Rule 941330 (#2375)
  • Rule 942330 (#2376)
  • Rule 920460 (#2399)
  • Rule 930110 (#2400)
  • Rule 932100 ╮
  • Rule 932105 │
  • Rule 932110 │
  • Rule 932115 ├ (#2410)
  • Rule 932150 │
  • Rule 932101 │
  • Rule 932106 ╯
  • Rule 932190 (#2420)
  • Rule 933100 (#2441)
  • Rule 941190 (#2442)
  • Rule 954100 (#2402)
• Check that all remaining use of \\, \\\\ etc. is legitimate
  • Update comments for rules 932100 and 932110 (#2454)