Allow 0 length JSON requests

As discussed at: #1822

Author: Felipe Zimmerle

CHANGES

@@ -1,6 +1,8 @@
 v3.0.4 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Allow 0 length JSON requests.
+   [Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern]
  - Fix "make dist" target to include default configuration
    [Issue #1966 - @defanator]
  - Replaced log locking using mutex with fcntl lock

src/transaction.cc

@@ -734,7 +734,7 @@ int Transaction::processRequestBody() {
                 &error);
             m_json->complete(&error);
         }
-        if (error.empty() == false) {
+        if (error.empty() == false && m_requestBody.str().size() > 0) {
             m_variableReqbodyError.set("1", m_variableOffset);
             m_variableReqbodyProcessorError.set("1", m_variableOffset);
             m_variableReqbodyErrorMsg.set("JSON parsing error: " + error,

test/test-cases/regression/request-body-parser-json.json

@@ -2,7 +2,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing JSON request body parser 1/1",
+    "title":"Testing JSON request body parser 1/2",
     "expected":{
       "debug_log": "Target value: \"bar\" \\(Variable: ARGS:json.foo\\)"
     },
@@ -41,7 +41,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing JSON request body parser 1/1",
+    "title":"Testing JSON request body parser 2/2",
     "expected":{
       "debug_log": "Target value: \"bar\" \\(Variable: ARGS:json.first_level.first_key\\)"
     },
@@ -79,6 +79,77 @@
         "SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON\"",
         "SecRule ARGS \"bar\" \"id:'200441',phase:3,log\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing JSON request body parser - issue #1822 (1/2)",
+    "expected":{
+      "debug_log": "Target value: \"0\" .Variable: REQBODY_ERROR."
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "application/json"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"POST",
+      "body": [
+      ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRequestBodyAccess On",
+        "SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON\"",
+        "SecRule REQBODY_ERROR \"0\" \"id:'200441',phase:3,log\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing JSON request body parser - issue #1822 (2/2)",
+    "expected":{
+      "debug_log": "Target value: \"1\" .Variable: REQBODY_ERROR."
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "application/json"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"POST",
+      "body": [
+        "a"
+      ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRequestBodyAccess On",
+        "SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON\"",
+        "SecRule REQBODY_ERROR \"0\" \"id:'200441',phase:3,log\""
+    ]
   }
 ]