8000 False positive for rule 930120 for `test.Enviro` · Issue #3775 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
False positive for rule 930120 for test.Enviro #3775
Closed
@aryehb

Description

@aryehb

Description

Data in the form test.Enviro will cause rule 930120 to be triggered. This is because the @pmFromFile operator is not case sensitive, and the .env entry in lfi-os-files.data does not have word boundries.

How to reproduce the misbehavior (-> curl call)

curl --request POST \
  --url https://sandbox.coreruleset.org/ \
  --header 'Content-Type: application/json' \
  --data '{
	"key": "test.Enviro"
}'

Logs

See logs from the sandbox call above.

Your Environment

  • CRS version (e.g., v3.3.4): v4.4.0
  • Paranoia level setting (e.g. PL1) : PL1
  • ModSecurity version (e.g., 2.9.6): v3.0.12
  • Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): nginx v1.26.1
  • Operating System and version: Ubuntu 20 LTS

Confirmation

[x] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0