Bug Fix: The value in the setvar should be able to start with - or +.

[soujanyanmbri]

Thank you for contributing to Coraza WAF, your effort is greatly appreciated
Before submitting check if what you want to add to coraza list meets quality standards before sending pull request. Thanks!

Make sure that you've checked the boxes below before you submit PR:

• [✅] My code includes positive and negative tests.
• [✅] I have an appropriate description with correct grammar.
• [✅] I have read Contribution guidelines, maintainers note and Quality standard.
• [✅] My code is properly linted and passes pre-commit tests.

Thanks for your contribution ❤️

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.14%. Comparing base (4ff1f76) to head (e0e3a5f).
Report is 86 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1125      +/-   ##
==========================================
+ Coverage   82.72%   83.14%   +0.42%     
==========================================
  Files         162      164       +2     
  Lines        9080     7691    -1389     
==========================================
- Hits         7511     6395    -1116     
+ Misses       1319     1042     -277     
- Partials      250      254       +4     

Flag	Coverage Δ
default	83.14% <100.00%> (+5.31%)	⬆️
examples	83.14% <100.00%> (+56.71%)	⬆️
ftw	83.14% <100.00%> (+35.78%)	⬆️
ftw-multiphase	83.14% <100.00%> (+33.60%)	⬆️
tinygo	83.14% <100.00%> (+7.74%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jcchavezs]

shouldn't this be %{tx. instead of tx. I don't see any of the tests having tx. as prefix removing the first byte.

[soujanyanmbri]

It is either resolve to the value or stays as tx.missingValue.

[jcchavezs]

But according to https://github.com/corazawaf/coraza/pull/1125/files#diff-488435c221aebedf4137cb98424234aab81decfd749827ab96e188c53bd53c9fR90-R92 it returns a syntax error.

[soujanyanmbri]

Here's the value:

[jcchavezs]

I see. It is still not clear to me how we should deal with the interpolation error in this code path. Let me check it.

[soujanyanmbri]

Sure, thanks!

[soujanyanmbri]

Hey @jcchavezs ,
Any update on how this error could be handled?

Thanks!

[jcchavezs]

Ok I found the issue, when we compile a macro e.g. %{tx.var}, the text for the macro becomes tx.var and not %{tx.var} and when the key does not exist we return the text which in this case is tx.var. I will discuss that over another PR.

[jcchavezs]

thanks, please update this line https://github.com/corazawaf/coraza/pull/1125/files#diff-4f480854f968ff92545ff3bc611fb34a15a657f6caf11dc203c64b76c0861827R148 with the appropriate comment.

[jcchavezs]

should we include expectNewVarValue in the test swell?

[soujanyanmbri]

Done

[jcchavezs]

Sorry for the delay. Prioritizing this for now.