From 289c836b24ffd5e4d695a317b71fc6efb8edb6e1 Mon Sep 17 00:00:00 2001
From: "Federico G. Schwindt" <fgsch@lodoss.net>
Date: Mon, 20 May 2019 11:27:50 +0100
Subject: [PATCH] Use possessive qualifiers to tight this up

Should address the remaining problem with #1359.
---
 rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf | 6 +++---
 util/regexp-assemble/regexp-942260.data        | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
index 880e06b68..c67a0ac87 100644
--- a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
+++ b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
@@ -752,12 +752,12 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
 # Regexp generated from util/regexp-assemble/regexp-942260.data using Regexp::Assemble.
 # To rebuild the regexp:
 #   cd util/regexp-assemble
-#   ./regexp-assemble.pl regexp-942260.data
+#   ./regexp-assemble-v2.pl regexp-942260.data
 # Note that after assemble an outer bracket with an ignore case flag is added
 # to the Regexp::Assemble output:
-#   (?i:ASSEMBLE_OUTPUT)
+#    ASSEMBLE_OUTPUT | s/^(?:/(?i:/
 #
-SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:[\"'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\"'`\d])|[^?\w\s=.,;)(]+\s*?[(@\"'`]*?\s*?\w+\W+\w|\*\s*?\w+\W+[\"'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\"'`-]+from)\s+|\w+\s+like\s+[\"'`]|find_in_set\s*?\(|like\s*?[\"'`]%))" \
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:[\"'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\"'`\d])|[^?\w\s=.,;)(]++\s*?[(@\"'`]*?\s*?\w+\W+\w|\*\s*?\w+\W+[\"'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\"'`-]+from)\s+|\w+\s+like\s+[\"'`]|find_in_set\s*?\(|like\s*?[\"'`]%)" \
     "id:942260,\
     phase:2,\
     block,\
diff --git a/util/regexp-assemble/regexp-942260.data b/util/regexp-assemble/regexp-942260.data
index e581550e3..93b87cdb3 100644
--- a/util/regexp-assemble/regexp-942260.data
+++ b/util/regexp-assemble/regexp-942260.data
@@ -17,6 +17,6 @@ like\s*?[\"'`]\%
 [\"'`]\s*?\|\|\s+[\s\w]+=\s*?\w+\s*?having\s+
 [\"'`]\s*?\&\&\s+[\s\w]+=\s*?\w+\s*?having\s+
 [\"'`]\s*?\*\s*?\w+\W+[\"'`]
-[\"'`]\s*?[^?\w\s=.,;)(]+\s*?[(@\"'`]*?\s*?\w+\W+\w
+[\"'`]\s*?[^?\w\s=.,;)(]++\s*?[(@\"'`]*?\s*?\w+\W+\w
 select\s+?[\[\]()\s\w\.,\"'`-]+from\s+
 find_in_set\s*?\(