From 4a98032b7f827c4edd2514ce2af29222bb2ba289 Mon Sep 17 00:00:00 2001
From: Martin Vierula <martin.vierula@trustwave.com>
Date: Tue, 3 May 2022 12:34:03 -0700
Subject: [PATCH] Allow no-key, single-value JSON body

---
 CHANGES                         |  2 ++
 apache2/msc_json.c              |  3 +--
 apache2/msc_json.h              |  2 +-
 tests/regression/rule/15-json.t | 34 +++++++++++++++++++++++++++++++++
 4 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 596d6af342..225b6adf79 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------
 
+ * Allow no-key, single-value JSON body
+   [Issue #2735 - @marcstern, @martinhsv]
  * Set SecStatusEngine Off in modsecurity.conf-recommended
    [Issue #2717 - @un99known99, @martinhsv]
  * Fix memory leak that occurs on JSON parsing error
diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index c781b3ae86..737069b8d2 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -27,8 +27,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
      * to reference this argument; for now we simply ignore these
      */
     if (!msr->json->current_key) {
-        msr_log(msr, 3, "Cannot add scalar value without an associated key");
-        return 1;
+        msr->json->current_key = "";
     }
 
     arg = (msc_arg *) apr_pcalloc(msr->mp, sizeof(msc_arg));
diff --git a/apache2/msc_json.h b/apache2/msc_json.h
index 7e3d72501c..089dab4763 100644
--- a/apache2/msc_json.h
+++ b/apache2/msc_json.h
@@ -39,7 +39,7 @@ struct json_data {
 
     /* prefix is used to create data hierarchy (i.e., 'parent.child.value') */
     unsigned char *prefix;
-    unsigned char *current_key;
+    const unsigned char *current_key;
     long int current_depth;
     int depth_limit_exceeded;
 };
diff --git a/tests/regression/rule/15-json.t b/tests/regression/rule/15-json.t
index f84355a952..370ebba6a9 100644
--- a/tests/regression/rule/15-json.t
+++ b/tests/regression/rule/15-json.t
@@ -224,6 +224,40 @@
 			),
 		),
 	),
+},
+{
+	type => "rule",
+	comment => "json parser - no-key single value",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecDebugLog $ENV{DEBUG_LOG}
+                SecAuditEngine RelevantOnly
+                SecAuditLog "$ENV{AUDIT_LOG}"
+		SecDebugLogLevel 9
+		SecRequestBodyJsonDepthLimit 3
+		SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+		     "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+		SecRule REQBODY_ERROR "!\@eq 0" "id:'200444',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+		SecRule ARGS "\@streq 25" "id:'200445',phase:2,log,deny,status:403"
+	),
+	match_log => {
+		audit => [ qr/200445/s, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/json",
+		],
+		normalize_raw_request_data(
+			q(
+				25
+			),
+		),
+	),
 }