Description
Test env:
- ModSecurity 3.0.2 ( the latest version in v3/master has the same result )
- CRS 3.0.2
- OS: ubuntu 18.04 ( same result in Ubuntu 16.04 )
Test case 1:
- Copy the owasp-modseucirty-crs-3.0.2/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf to test.conf
- Change one line of the content to invalid syntax, i.e. change Line 137 by replacing setvar to setvar1.
- Execute tools/rules-check/modsec-rules-check <path-to-test.conf>
Expected output:
The error message reports on the Line 137.
Current output:
The error message reports error on Line 133 instead of expected 137, please see:
Rules error. File: ../../../owasp-modsecurity-crs-3.0.2/rules/test.conf. Line: 133. Column: 31. Expecting an action, got: setvar1:'tx.msg=%{rule.msg}',
Test failed.
Test case 2:
Print out all the loaded Rules' m_lineNumber and check with the real line number in the rule file ( can use the CRS rule for testing), the numbers normally are wrong.
For REQUEST-930-APPLICATION-ATTACK-LFI.conf
Current output:
Rule: m_ruleId:930011 m_lineNumber:1 <---- should be 16
Rule: m_ruleId:930013 m_lineNumber:136 <---- should be 144
Rule: m_ruleId:930015 m_lineNumber:141 <---- should be 152
Rule: m_ruleId:930017 m_lineNumber:149 <---- should be 160
Rule: m_ruleId:930012 m_lineNumber:16 <---- should be 17
Rule: m_ruleId:930100 m_lineNumber:17 <---- should be 29
Rule: m_ruleId:930110 m_lineNumber:49 <---- should be 55
Rule: m_ruleId:930120 m_lineNumber:75 <---- should be 84
Rule: m_ruleId:930130 m_lineNumber:105 <---- should be 116
Rule: m_ruleId:930014 m_lineNumber:140 <---- should be 145
Rule: m_ruleId:930016 m_lineNumber:148 <---- should be 153
Rule: m_ruleId:930018 m_lineNumber:156 <---- should be 161
I also tired to remove all the comment lines from the conf file, the result is also not as expected.