Monthly Chat Agenda March 2022 (2022-03-07 and 2022-03-21) Meeting Agenda

@fzipi

This is the Agenda for the Monthly CRS Chat.

The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2022-03-07, at 20:30 CET. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2022-03-21. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).

Items on the Agenda: (see previous meetings decisions: here)

What happend in the meantime since the chat last month

Outside development

CRS submitted several ideas to the Google Summer of Code under the OWASP umbrella
WAF-Bypass.com carries a blog post about bypassing CRS - the quality of this blog post is so low, it may warrant a response
Thanks to @airween we're going to archive CRS chats very soon [UPDATE: Archive is here]

PRs that have been merged since the last meeting

We merged 27 PRs since the last monthly project chat.

Open PRs

Sqli regex update to support comment blocks #2290 - no news from @spartantri on this PR marked as 4.0 milestone. What do we do?
Email ruleset #2322 - I'm ready to merge this. What do you all think?
log4j / log4shell defense: new rules 932131, 944140, 944141 #2349 - log4j stuff; let's talk about status and prospects
dev: add pre-commit config file #2406 - pre-commit tests coming to CRS
Refactor scoring variables #2417 - the refactoring of the scoring variables, contributed PR by @studersi
Unified regex utils #2422 - grand unified regex utils PR by @theseion
Updated comments in rule files on how to use regexp-assemble.py #2423 - PR accompanying 2422

Open PRs marked DRAFT or work in progress or needs action

Dev retreat topics

Demo / Sandbox site: FIXME
Documentation:
- Issue tracking the outstanding documentation tasks for the 4.0 release:
  Rewrite the core CRS documentation #2352
Technical Blog Posts: FIXME
Status page:
- Around 15% of our tests fail on cloud mode. This means that it is blocking where it shouldn't.
- There is a google Sheet being filled to track all failures.
- 🖊️ Cloud providers won’t have support for latest versions of our ruleset. This will give us some problems.
- 🧰 Tools are being setup to repeat this process
- Using the list we can start taking a look on what to modify on our tests to match the less amount of rules per test (if possible)
Coraza: JP talks of two additional developers working on Coraza at the moment and a lot of demands from various businesses. Hard to prioritize - and setting limits to business demands.

Other items

Release Status and Planning
Another player in the ModSecurity ecosystem touched on the idea to write down a ModSecurity SecLang specification. What do we think about this?
Talk about pre-commit to fix problems before pushing ;)
Budget 2022

Open Issues - Separate Issues Meeting (Monday, FIXME)

Various

GSoC: We need to sort out the projects we can do and provide some guidance to applying students.
The big anomaly scoring refactoring PR is ready for review, let's plan the review together: Refactor scoring variables #2417
We need to fill April and May dev-on-duty. See https://github.com/coreruleset/coreruleset/wiki/Dev-on-Duty

Status of issues covered last month

Issue slot 1: Proposal for ModSecurity recommended rules #2390 - still open
Issue slot 2: Refactor the CRS scoring variables #2319 - still open
Issue slot 3: The Big Backslash Hunt #2332 - still open
Issue slot 4: SQLi using scientific notation not detected at PL1 #2318 - still open
Issue slot 5: Magento ver. 2.4.3 #2329 - still open
Issue slot 6: Email ruleset #2322 - merged
Issue slot 7: Sort out FPs around Matomo cookies #2109 - closed
Issue slot 8: Idea: Adaptive paranoia level #2240 - closed
Issue slot 9: Possible False Positives with Nextcloud app Markdown Editor rule 949110 #2367 - closed

Stats

Covered in chat: 9
Closed: 4
Pending: 5

This month's issues

There are FIXME open issues at the beginning of the issue chat.

We generally cover 10 issues per month in a separate issue meeting. Add them as you see fit.

Issue slot 1: Rule 920470 seems to be too restricted and create false positives in PL1 #2438
Issue slot 2: add a rule with APPLICATION-ATTACK-JAVA.conf to defend jsp and jspx webshell #2440
Issue slot 3: The Big Backslash Hunt #2332
Issue slot 4: Dissassemble regexp for 920120 and extend matching #2334
Issue slot 5: FP on 932150 (PL1) with payload "ping" and "time" #2419
Issue slot 6: phpMyAdmin version 5.1 exclusion plugin #2394
Issue slot 7: #FIXME
Issue slot 8: #FIXME
Issue slot 9: #FIXME

How to get to our slack and join the meeting?

If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .

Everybody is welcome to join our community chat.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

What happend in the meantime since the chat last month

Outside development

PRs that have been merged since the last meeting

Open PRs

Open PRs marked DRAFT or work in progress or needs action

Dev retreat topics

Other items

Open Issues - Separate Issues Meeting (Monday, FIXME)

Various

Status of issues covered last month

This month's issues

How to get to our slack and join the meeting?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Description

What happend in the meantime since the chat last month

Outside development

PRs that have been merged since the last meeting

Open PRs

Open PRs marked DRAFT or work in progress or needs action

Dev retreat topics

Other items

Open Issues - Separate Issues Meeting (Monday, FIXME)

Various

Status of issues covered last month

This month's issues

How to get to our slack and join the meeting?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions