ARGS with regular expression should be case-sensitive match.

[brijeshjvalera]

Description

HTTP request argument keys are case-sensitive. We should store keys in collection in a case-sensitive manner and allow rule writers to craft the rule-checking static parameter or regular expression in case-sensitive manner.

ARGS:/^Key/ should match in a case-sensitive manner.

It stores keys in lowercase which won't match against Regex configured in the rule. Keys should do a case-sensitive match.

Steps to reproduce

Write a rule for ARGS with regular expression.
SecRule ARGS:/^Key/ "my-value" "id:101,phase:1,deny,status:403,msg:'ARGS:key matched.'"

Send HTTP request: "http://localhost:9000/index.html?ID=123&Key=my-value"

I have HTTP server running with Coraza on 9000 port where I am sending this request and getting 200 OK response back.
Output:

curl -vv "http://localhost:9000/index.html?ID=123&Key=my-value"

• Trying [::1]:9000...
• Connected to localhost (::1) port 9000
  GET /index.html?ID=123&Key=my-value HTTP/1.1
  Host: localhost:9000
  User-Agent: curl/7.71.1-DEV
  Accept: /

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 11:13:28 GMT
Content-Length: 39
Content-Type: text/plain; charset=utf-8

• Connection #0 to host localhost left intact
  Hello world, transaction not disrupted.

Expected result

It should deny and send 403 response back.

Actual result

200 OK

[fzipi]

Thanks for reporting this! We are a taking a look, you have a point here.

[M4tteoP]

Implemented in #1059, and tracked in #945 to make it the default behavior in the next major version. Right now is under coraza.rule.case_sensitive_args_keys build tag. Please, feel free to raise any concerns or feedback if you give it a shot :)