Transformation `hexDecode` should not allow badly encoded inputs, or documentation should be updated

[fzipi]

Describe the bug

This comes from this discussion: corazawaf/coraza#1253.

Technically, there is one test that accepts a string that could not be generated by hexEncode.

👉 Is this the expected behavior?

I think accepting a broken input is just prone to more errors. Don't know how this affects a possible chain of transformations.

[marcstern]

hexDecode should indeed check if characters are valid.
Question is what to do in case of an invalid one ...

[airween]

hexDecode should indeed check if characters are valid.

Characters come from user as a payload, right? (Or they can come as output of another transformation?)

Can we set the REQBODY_ERROR variable?

[marcstern]

Can we set the REQBODY_ERROR variable?

Pay attention that hexEncode could be used on something else than the request body