fix(932100): update data list #2676

fzipi · 2022-06-30T21:14:32Z

Signed-off-by: Felipe Zipitria felipe.zipitria@owasp.org

Updated data list based on unix-shell.data.

I've also added some regexes for programming languages with versions.

Fixes #2673 .

Should have mentioned that this fixes also BB 9KO58Y4W.

fzipi · 2022-07-16T13:33:07Z

Added more tests
Changed test titles to match our generic naming

RedXanadu · 2022-07-27T14:07:21Z

Sorry, I haven't had time to look at this one either, yet. It, also, is still on my todo list.

dune73 · 2022-07-29T14:34:47Z

I think the following items would profit from @.

ash
bridge
bundler ...
column
dd
docker
finger
genie
gimp
install
latex

theseion

+ things spotted by @dune73

util/regexp-assemble/data/932100.data

fzipi · 2022-08-01T17:45:39Z

Addressed comments, and added more bare English words with @. Also, removed some repeated ones.

RedXanadu · 2022-08-01T20:12:39Z

Oops, sorry: I didn't follow up my earlier comment.
After looking at this more closely, the same as with #2677: I don't think there are concerns about adding in anti-evasion patterns as there isn't a specific suffix being searched for, so it's fine (e.g. lua5"".4 won't work as an evasion as it will still match on lua alone.)

fzipi · 2022-08-02T10:29:58Z

8000

In summary: adding the numbers won't give us added value in this case, so I'm reverting them back to their original positions in the file and removing the specific cases.

util/regexp-assemble/data/932100.data

theseion

LGTM

lifeforms · 2022-08-03T16:54:08Z

Tests are failing now, but that could be due to a temporary problem with our pipeline that should be solved now. Re-running jobs.

lifeforms · 2022-08-03T17:01:15Z

Two test failures persist:

running 932100-28: 💥 failed in 4.404215ms - POST data: arg=;gcc10.1
running 932100-29: 💥 failed in 4.240415ms - POST data: arg=;irb31

fzipi · 2022-08-03T17:42:51Z

That happens after the last update from @RedXanadu. I've removed the suffix search. But looks like now we are not matching anymore.

theseion · 2022-08-03T18:34:48Z

Note that this issue is affected by the same thing as #2677. We need to figure out how we ignore python but still catch python3. I've suggested adding an additional symbol for an adjusted anti-evasion pattern in the other PR.

fzipi · 2022-09-17T12:15:51Z

Updated:

irb -> irb~
gcc -> gcc~

fzipi · 2022-09-17T12:19:32Z

🤔 Looks like they fail when using ~... but didn't failed previously. Let's try removing that.

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

theseion · 2022-09-19T05:05:19Z

I might be stating the obvious but you'll need to change gcc to gcc~ in the data file for the new test to work (same for irb).

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

fzipi · 2022-09-19T12:29:52Z

Thanks for the tips. Looks like working now. Following approval, let's merge then.

fzipi added the ⚡ list update label Jun 30, 2022

dune73 mentioned this pull request Jul 4, 2022

Monthly Chat Agenda July (2022-07-04 and 2022-07-18) #2675

Closed

fzipi force-pushed the update-932100-data-list branch from 1cc2040 to 18244b7 Compare July 16, 2022 13:31

fzipi requested a review from theseion July 16, 2022 13:32

fzipi force-pushed the update-932100-data-list branch from 18244b7 to 6b5669d Compare July 16, 2022 13:33

fzipi mentioned this pull request Jul 18, 2022

fix(932105): update data list #2677

Merged

theseion requested changes Jul 31, 2022

View reviewed changes

util/regexp-assemble/data/932100.data Outdated Show resolved Hide resolved

fzipi mentioned this pull request Aug 1, 2022

Monthly Chat Agenda August 2022 (2022-08-01 and 2022-08-15) #2690

Closed

fzipi force-pushed the update-932100-data-list branch from 6b5669d to cadeca5 Compare August 1, 2022 17:44

fzipi requested a review from theseion August 1, 2022 17:45

theseion approved these changes Aug 1, 2022

View reviewed changes

fzipi force-pushed the update-932100-data-list branch 2 times, most recently from e06e0dd to f8180e3 Compare August 2, 2022 10:37

theseion reviewed Aug 3, 2022

View reviewed changes

util/regexp-assemble/data/932100.data Show resolved Hide resolved

theseion approved these changes Aug 3, 2022

View reviewed changes

fzipi mentioned this pull request Sep 5, 2022

Monthly Chat Agenda September 2022 (2022-09-05 and 2022-09-19) #2 8000 755

Closed

fzipi force-pushed the update-932100-data-list branch 3 times, most recently from 414b5a2 to 0284a90 Compare September 17, 2022 12:14

fzipi requested a review from theseion September 17, 2022 12:16

fzipi force-pushed the update-932100-data-list branch from 0284a90 to 7788ea1 Compare September 17, 2022 12:18

fix(932100): update data list

09314fc

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

fzipi force-pushed the update-932100-data-list branch 2 times, most recently from 6677ae0 to a42de79 Compare September 18, 2022 14:55

fix(932100): add dynamic version to cmds. update tests

874b88c

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

fzipi force-pushed the update-932100-data-list branch from a42de79 to 874b88c Compare September 19, 2022 12:08

fzipi merged commit b616e75 into coreruleset:v4.0/dev Sep 19, 2022

fzipi deleted the update-932100-data-list branch September 19, 2022 12:30

fzipi mentioned this pull request Oct 2, 2022

Monthly Chat Agenda October 2022 (2022-10-03 and 2022-10-17) #2823

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix(932100): update data list #2676

fix(932100): update data list #2676

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix(932100): update data list #2676

fix(932100): update data list #2676

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!