8000 Comparing v4.11.0...v4.12.0 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coreruleset/coreruleset
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.11.0
Choose a base ref
...
head repository: coreruleset/coreruleset
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.12.0
Choose a head ref
  • 19 commits
  • 82 files changed
  • 8 contributors

Commits on Jan 27, 2025

  1. chore: post-release v4.12.0-dev (#3987) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Jan 27, 2025
    Configuration menu
    Copy the full SHA
    e54c463 View commit details
    Browse the repository at this point in the history

Commits on Feb 7, 2025

  1. fix: tag consistency (#3992)

    @Xhoenix
    Xhoenix authored Feb 7, 2025
    Configuration menu
    Copy the full SHA
    b971cd2 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2025

  1. fix: prevent invalid commands matches on 5 characters or less (932220… 

    … PL-2, 932230 PL-1, 932232 PL-3, 932235 PL-1, 932236 PL-2, 932237 PL-3, 932238 PL-3, 932239 PL-2, 932250 PL-1, 932260 PL-1) (#3735)

* fix: prevent invalid commands matches on 5 characters or less (932230 PL-1, 932235 PL-1, 932236 PL-2, 932237 PL-3, 932239 PL-2, 932250 PL-1, 932260 PL-1)

* fix: copy paste error

* fix: invalid output in tests

* test: enable tests to detect new attacks

* test: enable tests to detect new attacks

* fix: correct description for 932250-4

* perf: use word boundry to prevent invalid matches

* test: add test for id command

* fix: invalid output for tests

* fix: add missing line break

* fix: invalid test format

* chore: update toolchain

* test: enable tests for newly detected attacks

* fix: don't use word boundry to prevent invalid matches

* chore: regenerate rules regex

* fix: add chained rule to prevent common false positives

* fix: setvar ordering

* fix: use lf instead of crlf

* fix: setvar ordering

* fix: typos

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* docs: clarify test descriptions

* docs: improve descriptions

* fix: brace expansion detection

* style: improve test description formatting

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* style: improve test description formatting

* Update regex-assembly/932237.ra

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* chore: update unix-shell.data

* chore: update list generation scripts and update lists

* fix: use correct match in list update script

* chore: update unix-shell-fps-pl1

* chore: update regular expressions

* chore: revert unnecessary chain rule

* chore: fix failing tests

* fix: linting error

* fix: linting error

* fix: whitespace

* chore: move php / cron FPs to curated list

* chore: do not exclude php / cron by commenting them in FP file

* chore: update anti-evasion pattern in all places

* chore: only exclude exact match for specific commands

* chore: give quantitative tests write permissions to PR

* chore: fix `yes` and `date`

* up

* fix: tests

* fix: lint

* update comments

* fix: typo

* up

* fix: sync pl-2 exclusions with pl-1

* fix: some commands not being excluded correctly

* chore: update regex

* fix: exclude pwd from pl-1

* fix: fp with `hash` and `lastcommonreqid`

* fix: pashto afghanistan user-agent fp at pl-3

* fix: copy-paste leftover

* fix: exclude `install` at pl-2

* fix: exclude `ed` at pl-2

* chore: use correct toolchain version

* typos

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* fix: change definition of `~` and exclude exact match `java`

* fix: test numbering

* chore: update unix-shell.data

* fix: typos

* chore: update anti_evasion_no_space_suffixes

Match at most 10 consecutive characters

* fix: regression with unix evasion suffix no space

* chore: update regex

---------

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
    @EsadCetiner @theseion
    EsadCetiner and theseion authored Feb 10, 2025
    Configuration menu
    Copy the full SHA
    26bec41 View commit details
    Browse the repository at this point in the history

Commits on Feb 12, 2025

  1. chore: remove nightly build (#3994)

    @theseion
    theseion authored Feb 12, 2025
    Configuration menu
    Copy the full SHA
    5d90945 View commit details
    Browse the repository at this point in the history

Commits on Feb 13, 2025

  1. fix: enable docker-compose renovate manager properly (#3995) 

    The presets we use for renovate implicitly exclude the path `**tests**`,
where the docker-compose file resides. This causes renovate to ignore
the file for the docker-compose manager.

Explicitly override `ignorePaths` to fix this.
    @theseion
    theseion authored Feb 13, 2025
    Configuration menu
    Copy the full SHA
    2265f30 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update ghcr.io/coreruleset/albedo docker tag to v0.0.16 … 

    …in tests/docker-compose.yml (#4000)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] authored Feb 13, 2025
    Configuration menu
    Copy the full SHA
    3aa1687 View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2025

  1. docs: add warning about default charsets modification (#4003) 

    * docs: add warning about default charsets modification

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Update crs-setup.conf.example

---------

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Feb 17, 2025
    Configuration menu
    Copy the full SHA
    09462bf View commit details
    Browse the repository at this point in the history

  2. chore: move rule_ctl to its own repo (#4004) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Feb 17, 2025
    Configuration menu
    Copy the full SHA
    0e58cc7 View commit details
    Browse the repository at this point in the history

Commits on Feb 20, 2025

  1. fix: add argument name to function call (#4007)

    @airween
    airween authored Feb 20, 2025
    Configuration menu
    Copy the full SHA
    80a5689 View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2025

  1. feat: prevent V1 cookie format use (#4006) 

    * feat: add old V1 detection to prevent cookie sandwich

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* fix: update based on code review

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Update tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921250.yaml

* Update rules/REQUEST-921-PROTOCOL-ATTACK.conf

Co-authored-by: Ervin Hegedus <airween@gmail.com>

* Update tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921250.yaml

---------

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Co-authored-by: Ervin Hegedus <airween@gmail.com>
    @fzipi @airween
    fzipi and airween authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    954fb83 View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2025

  1. fix: fix response splitting rules and tests (#4009) 

    Response splitting can be achieved by injecting carriage return / new
line characters at various places (headers, GET / POST arguments,
cookies...). Some web servers or applications may be vulnerable to
encoded injections (especially in URL paths), hence we explicitly decode
URL encoding, where necessary.

httpd and nginx are not vulnerable to header splitting and will respond
with status 400.

HTML entity decoding does not make sense in this context. No web server
should ever decode HTML as part of the HTTP protocol. It is unclear why
the original authors used `t:htmlEntityDecode` in some places, but at
least in one test, a query argument separator (`&`) precedes a `%0d`,
which leads to successful decoding of the escape sequence as HTML
entity. This may explain an accidental use of `t:htmlEntityDecode`.

Fixes #3824
    @theseion
    theseion authored Feb 22, 2025
    Configuration menu
    Copy the full SHA
    7015f9d View commit details
    Browse the repository at this point in the history

  2. chore: add debug versions for quick local testing (#4008) 

    * chore: add debug versions for quick local testing

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Update tests/docker-compose.yml

* Update tests/docker-compose.yml

* Update tests/docker-compose.yml

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Update tests/docker-compose.yml

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* fix: add debug loglevel

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Apply suggestions from code review

---------

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
    @fzipi @theseion
    fzipi and theseion authored Feb 22, 2025
    Configuration menu
    Copy the full SHA
    bf3fb95 View commit details
    Browse the repository at this point in the history

Commits on Feb 24, 2025

  1. fix(933160): use better regex (#4010) 

    * fix(933160): use better regex

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* test: add extra test

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

---------

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Feb 24, 2025
    Configuration menu
    Copy the full SHA
    c023ef1 View commit details
    Browse the repository at this point in the history

Commits on Feb 25, 2025

  1. fix: move fopen to 933160 to resolve fp with `RootAndLeafOpenCamera.j… 

    …pg` (933150 PL-1, 933160 PL-1) (#4016)

* fix: move fopen to 933160 to resolve fp with `RootAndLeafOpenCamera.jpg` (933150 PL-1, 933160 PL-1)

* chore: regenerate regex
    @EsadCetiner
    EsadCetiner authored Feb 25, 2025
    Configuration menu
    Copy the full SHA
    67dffdc View commit details
    Browse the repository at this point in the history

Commits on Feb 26, 2025

  1. Update restricted-files.data (#4021)

    @azurit
    azurit authored Feb 26, 2025
    EDBE
    Configuration menu
    Copy the full SHA
    d3d7c6c View commit details
    Browse the repository at this point in the history

Commits on Feb 27, 2025

  1. move 942521 and 942522 tests to the correct file (#4022)

    @TimDiam0nd
    TimDiam0nd authored Feb 27, 2025
    Configuration menu
    Copy the full SHA
    59fc12d View commit details
    Browse the repository at this point in the history

  2. fix(941210): update log message to reflect rule javascript word detec… 

    …tion (#4023)

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Feb 27, 2025
    Configuration menu
    Copy the full SHA
    941bb73 View commit details
    Browse the repository at this point in the history

Commits on Mar 1, 2025

  1. fix: remove .env from lfi-os-files.data (#4024) 

    * fix: remove .env from lfi-os-files.data

`.env` is probably the most generic entry in `lfi-os-files.data`.
Unfortunatlye, since the words are matched using `@pmFromFile`, `.env`
is easily matched as a substring. Most other entries are fairly unique
or have a prefix or suffix that makes it unlikely for them to become
FPs.

Note that `.env` is only commented out on purpose. `lfi-os-files.data`
is also used as the base for other word files (e.g.,
`restricted-files.data` and since `.env` hasn't been an issue there
until now, we don't want to remove it from those lists.

Fixes #3775

* tests: add FP tests for `.env`
    @theseion
    theseion authored Mar 1, 2025
    Configuration menu
    Copy the full SHA
    78d45b0 View commit details
    Browse the repository at this point in the history

Commits on Mar 2, 2025

  1. chore: release v4.12.0 (#4025) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Mar 2, 2025
    Configuration menu
    Copy the full SHA
    6cf0b5d View commit details
    Browse the repository at this point in the history
Loading
0