feat: improved XMLArgs processing

[airween]

what

This PR adds a new feature within XML processing.

Old (current) behavior: in case of XML:/* target the body processor expands the node values from the XML payload. Eg.:

<?xml version="1.0" encoding="UTF-8"?>
<root>
  <level1>
    <level2>
      <node>foo1</node>
      <node>bar1</node>
    </level2>
    <level2>
      <node>foo2</node>
      <node>bar2</node>
    </level2>
  </level1>
</root>

will produce this value:

[/post][9] Target value: "  foo1  bar1  foo2  bar2"

In this case, there is no option to exclude any node. For example, if a node contains a term that a rule is looking for, the administrator could not create an exclusion. The only solution is to exclude the whole rule.

New behavior: there is a new configuration keyword, SecParseXMLintoArgs with possible values On, Off and OnlyArgs. The default value is Off. This won't change anything. If the administrator set this to On, then the engine will parse the XML into ARGS AND the XML:/* target will still contain the only text content as before. If the value is OnlyArgs then only the parsed content will appear in ARGS target; the XML:/* target won't contain the parsed content anymore.

If administrator sets it to On, then the node values will appear in ARGS, and it's easy to make any exclusion against the named target.

why

A customer request has been received to solve this.

references

See #3178.

[sonarqubecloud]

Quality Gate failed

Failed conditions
6 Security Hotspots
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE