Closed
Description
This is the Agenda for the Monthly CRS Chat.
The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2022-10-03, at 20:30 CET. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2022-10-17. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).
Archived previous meetings and their decision are here.
What happend in the meantime since the chat last month
Outside development
- CRS Silver sponsor Google Cloud Armour is now offering CRS 3.3 for its users
- AppSecEngineer.com has a new 4h ModSecurity / CRS online course.
- @fzipi is moving/donating https://github.com/fzipi/go-ftw to the coreruleset project 🥳 🎉
- Project Seaweed passed the final evaluation for GSoC 2022! Please start adding issues on that repo to see more features implemented.
- GSoC project "ML Integration Plugin" also passed the final evaluation!
PRs that have been merged since the last meeting
- fix(941160): move to full regexp-assemble #2701
- fix(unicode bypass) issue #2512 #2817
- ci: be less verbose in ftw tests #2821
- fix(sqli): add HOH7M88Q-IJ5N1CXB findings #2798
- fix(sqli): add RKJU2TTV finding #2808
- fix(sqli): add finding N9FKP2XQ #2816
- fix(0FA9HCGT): rce alias builtin detection #2796
- fix(932210): update sqlite cli commands list #2801
- Make rule backreferences consistent and correct #2813
- feat(iis): update iis errors #2810
- ci: fix version in badge #2803
- Remove unnecessary escaping #2805
- Set default value of crs_validate_utf8_encoding TX variable #2802
- fix(932105): update data list #2677
- feat(ci): show logs from containers startup #2806
- fix paranoia level skips 3.2 #2797
- fix(rfi): additional protocols for RFI rule 931130 #2572
- fix(932100): update data list #2676
- Backports for 3.3.3 #2773
- Backports for 3.2.2 #2774
- fix(regexp-assemble): tilde flag also matches extended commands #2790
- chore: remove user-agentt from restricted headers #2789
- fix(tests): remove Accept-Charset from tests #2781
- Updated SPONSORS.md #2786
- Update a few names in CONTRIBUTORS.md, added some more #2785
- fix(921422) Added \b to groups to avoid unwanted FP's #2784
- Adress findings JUYRR79Q and DGLS7IN0 #2763
- move Content-Encoding check to configurable tx.restricted_headers #2782
- move Accept-Charset check to configurable tx.restricted_headers #2780
- fix(3UWMWA6W): use new ModSecurity variable #2769
We merged 30 PRs since the last monthly project chat.
Open PRs
- fix(935E1D91): add time keyword again #2819
- fix(9P5LL13Y): sh injection bypass #2825
- fix(xss): bypass JavaScript function without parentheses #2820
- feat(CVE-2021-40438): add rule 921240 mod_proxy attack detection #2818
- feat(list): update lfi-os-files #2791
- fix(951240): update rule based on regex #2831
- fix(ruleset scoring and tagging): Fix PL related issues #2832
- fix: remove reputation variables #2833
- feat: Split Node-Validator keywords functionally #2637
Open PRs marked DRAFT or work in progress or needs action
- feat(rce): additional signatures for NodeJS RCE (934100) #2573
- Negative lookarounds for rule 941310 to stop matching Japanese word Company. #2666
- Sqli regex update to support comment blocks #2290
- Nextcloud 20 false-positives #1975
- Exclusion list fot RoundCube webmail #2217
- fix 933180 regex #2303
- fix: 933160 regex #2301
- fix(942100): remove multiMatch action #2478
- fix: 933161 regex #2302
Dev retreat topics
Other items
- CRS4 movie poster preparations
Open Issues - Separate Issues Meeting (Monday, 2022-10-17)
This month's issues
There are FIXME open issues at the beginning of the issue chat.
We generally cover 10 issues per month in a separate issue meeting. Add them as you see fit.
- Issue slot 1: DATA LEAKAGE rules for popular passwords #2839
- Issue slot 2: Forbidden possesive quantifiers in rule 920600 #2848
- Issue slot 3: JS Injection: Block spawn(), block child_process (+ review other similar commands) #2617
- Issue slot 4: Typos in names of scoring transaction variables #2835
- Issue slot 5: #FIXME
- Issue slot 6: #FIXME
- Issue slot 7: #FIXME
- Issue slot 8: #FIXME
- Issue slot 9: #FIXME
- Issue slot 10: #FIXME
How to get to our slack and join the meeting?
If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .
Everybody is welcome to join our community chat.