Updating regular expressions for the rules 920600, 921421, 921422 and 922110 in CRS 3.3.4
After updating to CRS 3.3.4, I want to update the regular expression of the rules 920600, 921421, 921422 and 922110. but the command util/regexp-assemble/regexp-assemble.py update 920600 does not work. In other words, regexp-assemble.py does not exist. How should I run the commands to update the intended regular expressions?
Update: For example for the rule 920600 the rx is as follows:
^(?:(?:*|[^"(),/:;<=>?![\x5c]{}]+)/(?:*|[^"(),/:;<=>?![\x5c]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:"?(?:iso-8859-15?|windows-1252|utf-8)\b"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t"(),/:;<=>?![\x5c]{}]|[^e"(),/:;<=>?![\x5c]{}])|[^s"(),/:;<=>?![\x5c]{}])|[^r"(),/:;<=>?![\x5c]{}])|[^a"(),/:;<=>?![\x5c]{}])|[^h"(),/:;<=>?![\x5c]{}])|[^c"(),/:;<=>?![\x5c]{}])[^"(),/:;<=>?![\x5c]{}](?:)\s+=\s*+[^(),/:;<=>?![\x5c]{}]+)|;?))(?:\s+,\s*+(?:(?:*|[^"(),/:;<=>?![\x5c]{}]+)/(?:*|[^"(),/:;<=>?![\x5c]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:"?(?:iso-8859-15?|windows-1252|utf-8)\b"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t"(),/:;<=>?![\x5c]{}]|[^e"(),/:;<=>?![\x5c]{}])|[^s"(),/:;<=>?![\x5c]{}])|[^r"(),/:;<=>?![\x5c]{}])|[^a"(),/:;<=>?![\x5c]{}])|[^h"(),/:;<=>?![\x5c]{}])|[^c"(),/:;<=>?![\x5c]{}])[^"(),/:;<=>?![\x5c]{}](?:)\s+=\s*+[^(),/:;<=>?![\x5c]{}]+)|;?)))$
And after running the command ./regexp-assemble.pl 920600.data (which https://security.stackexchange.com/users/260216/franbuehler has suggested) the output is as follows:
(?:##!(?: (?:https://(?:httpwg.org/specs/rfc723(?:1.html#request.conneg|0.html)|coreruleset.org/docs/development/regexp_assemble/.)|(?:Accept header by following the specification as far a|list of allowed charset|Helper)s|to (?:reduce complexity and the risk of false positiv|a list of explicitly allowed valu)es.|The expression generated from this file matches a full HTTP|Where possible, the expression matches tokens "loosely", |necessary, while restricting the charset parameter|Please refer to the documentation at|Specifications:|Main assembly)|> template (?:(?:non-token-(?:chars "{{non-token-with-dquote-chars}|with-dquote-chars (),/:;<=>?![\x5c]{)|media-type {{type-subtype}}/{{type-subtype})}|t(?:oken-(?:with-dquote-chars [^{{non-token-with-dquote-chars}}]|chars [^{{non-token-chars}}])|ype-subtype (?:*|{{token-chars}}+)))|$ $|^ ^)| (?:##!(?: (?:(?:Note that this doesn't follow the RFC strictly|anything is allowed here that is not "charset"|specified, comma separated|terminating semi-colons).|Clients like to violate the RFC, be lenient with|If the first part wasn't a "charset", then|Multiple "media-range" expressions can be)|=(?:>(?: allowed-charsets)?|< allowed-charsets)|> assemble|<)| ##!> include allowed-charsets)|(?:c(?:h(?:a(?:r(?:s(?:e[^t{{non-token-chars}}]|[^e{{non-token-chars}}])|[^s{{non-token-chars}}])|[^r{{non-token-chars}}])|[^a{{non-token-chars}}])|[^h{{non-token-chars}}])|[^c{{non-token-chars}}]){{token-chars}}|(?:)\s+=\s*+{{token-with-dquote-chars}}+|\b"?)))|(?:{{media-type}})|(?:))?)|;?||)?
