December monthly meeting agenda #972

CRS-migration-bot · 2020-05-13T13:41:02Z

Issue originally created by user spartantri on date 2017-11-27 14:27:48.
Link to original issue: SpiderLabs/owasp-modsecurity-crs#972.

CRS is about to win an award; this will bring some media coverage hopefully. We should use that new momentum
Handling of case (?:in)?sensitive items (see below for additional infos)
We need a plan to reduce open issues. The way it is now gives a bad impression
PR Update date and add badges #978 : Update date and add badges
PR Make travis tests fail if Apache can't load rules #977 : Travis: fail if apache fails
PR 933131 checks should be case -insensitive #970 : 933131: insensitive tests
PR Classic SQL injection probing rule split 942370 #957 : 942370 : rule split
PR Add configurable timestamp format to our ftw integration #953 : ftw: configurable time stamp format
PR for the serilize object injection, it should be 933170 instead of 933150 #926 - fix for 920390, and also need to add setvar:tx.total_arg_length=10"… #949 : FTW test PRs by azhao155
PR duplicated header bypax fix and chunk support #905 : fix for duplicated header bypass
PR Working Dokuwiki and Nextcloud rulesets. #899 : Rule exclusion packages for dokuwiki and nextcloud (no progres on the side of the contributor)
PR Command substitution backquoted version support #896 : Command substitution backquoted version support
PR Create REQUEST-944-APPLICATION-ATTACK-JAVA.conf #881 : REQUEST-944-APPLICATION-ATTACK-JAVA.conf Feature Request

Case sensitive items (additional infos)

There are rules with different approaches

Ignore cases by converting all to lowercase/uppercase in a transform (t:lowercase)
Ignore cases by using case insensitive regex (?i)
Case sensitive rules using all uppercase [good for http methods bad for most other stuff] (?:GET|POST)
Case sensitive rules using regex with both cases (?:[eEiIoOuUyY]acute)

Which one is faster?
Benchmarks?
Which one to use on which circumstance

It maybe easier to use t:lowercase and convert all the regex to lowercase and add a warning in CONTRIBUTING.md

The text was updated successfully, but these errors were encountered:

CRS-migration-bot · 2020-05-13T13:41:04Z

User csanders-git commented on date 2017-11-27 14:36:09:

i'm actually not sure about this. My gut says that the transform will be faster but if the regex engine is already booted up for something different the performance is probably negligible

CRS-migration-bot · 2020-05-13T13:41:05Z

User dune73 commented on date 2017-11-27 14:54:17:

It's probably worth to test in detail before we chance anything.

CRS-migration-bot · 2020-05-13T13:41:07Z

User fgsch commented on date 2017-11-27 18:17:43:

My gut feeling says the opposite, the regexp should be faster or equal.

Also there is no need to pre-convert the whole input to lowercase if it's not going to match further down the line. For large inputs this might be considerable.

It'd be great to see some benchmarks though.

CRS-migration-bot · 2020-05-13T13:41:08Z

User lifeforms commented on date 2017-12-04 20:56:58:

Handling of case (?:in)?sensitive items - To set a standard for future development, we need to know which way has better performance. spartantri is going to try to do some benchmarks on Apache, so we can revisit the issue next month.

CRS-migration-bot · 2020-05-13T13:41:09Z

User lifeforms commented on date 2017-12-04 20:57:32:

Open issues: Yeah, there are many open issues.. All reviewers should try to look at their assigned issues if they can. Many new PRs are about the test suite, which is not working yet for everyone. These issues fortunately seem small. They are assigned to csanders-git.

CRS-migration-bot closed this as completed May 13, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

December monthly meeting agenda #972

December monthly meeting agenda #972

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

December monthly meeting agenda #972

December monthly meeting agenda #972

Comments

Case sensitive items (additional infos)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!