Fix lexer rejection of '@' in ctl:ruleRemoveTarget actions (#3565)

[Jitterx69]

what

• Expands the REMOVE_RULE_BY regular expression macro in the Flex scanner (src/parser/seclang-scanner.ll) to include characters essential for XPath selectors.
• Specifically adds @, =, (, ), and ' to the allowed character class.

why

• Previously, the lexer rejected rule targets containing the @ character (such as XML://@* or ARGS:@foo) because the macro lacked these characters.
• This premature termination of the match caused the scanner to fall back and generate the syntax error Expecting an action, got: @*.
• By explicitly including these characters, the lexer can now accurately tokenize XPath attribute axes and predicates without inadvertently consuming action list delimiters (such as commas, spaces, or double-quotes).
• This restores parity with ModSecurity v2 functionality, enabling granular rule exclusions on specific XML attributes.

references

• closes ctl:ruleRemoveTarget* rejects any target containing @ (e.g. XPath attribute selectors) #3565

[airween]

@Jitterx69,

thanks - please add test cases to prove the correct behavior of this patch.

See regression tests this or this one.

[airween]

Thanks - sorry, I forgot to mention that you should regenerate Bison related files. For this, please install the latest Bison and Flex versions, run ./configure with your options, plus add --enable-parser-generation. Then you will see that there will be new files under src/parser with .cc and with .hh extensions - you must add them too to the commit.

Without this, the new tests will be failed.

You can find a similar solution here.

[Jitterx69]

here

Yeah...I just realized that before you qoute...I will imply as you say.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
10 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud