8000 feat: Split Node-Validator keywords functionally by RubieV · Pull Request #2637 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: Split Node-Validator keywords functionally #2637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

feat: Split Node-Validator keywords functionally #2637

wants to merge 2 commits into from

Conversation

RubieV
Copy link
@RubieV RubieV commented Jun 17, 2022

This improvement adds further consistency to #2088

The PL1 rule (941180) of Node-Validator keywords contains both evident attack fragments, i.e. document.cookie, as well as comment payloads, i.e. <!--.

This change moves all comment payloads to the PL2 rule (941181) that already contains the comment closing tag -->.

This makes the PL1 rule in line with the goal of PL1, and makes the already existing PL2 rule consistent with the goal of having comment payloads.

@dune73 dune73 mentioned this pull request Jul 4, 2022
Closed
@fzipi fzipi mentioned this pull request Aug 1, 2022
Closed
@fzipi fzipi mentioned this pull request Sep 5, 2022
Closed
@fzipi fzipi mentioned this pull request Oct 2, 2022
Closed
@theseion theseion self-assigned this Oct 3, 2022
@RedXanadu
Copy link
Member
RedXanadu commented Oct 24, 2022
edited
Loading

Rebased on top of current dev branch (commit 7d591de) to resolve merge conflict.

@RedXanadu
Copy link
Member

Now that the comment detection has been moved out of rule 941180 and into rule 941181, I think what is required here is to move the comment-related tests out of 941180.yaml.

(There are two that I can see: 941180-4 and 9421180-5, although only 9421180-5 (the test title needs correcting) is failing.)

@fzipi fzipi mentioned this pull request Nov 7, 2022
Closed
11 tasks
@fzipi fzipi mentioned this pull request Nov 30, 2022
Closed
@fzipi fzipi mentioned this pull request Jan 2, 2023
Closed
@fzipi fzipi mentioned this pull request Feb 6, 2023
Closed
RubieV and others added 2 commits February 26, 2023 19:39
@RubieV @theseion
Split Node-Validator keywords functionally
2b5d8fe 
This improvement adds further consistency to coreruleset#2088

The PL1 rule (`941180`) of Node-Validator keywords contains both evident attack fragments, i.e. `document.cookie`, as well as comment payloads, i.e. `<!--`.

This change moves all comment payloads to the PL2 rule (`941181`) that already contains the comment closing tag `-->`.

This makes the PL1 rule in line with the goal of PL1, and makes the already existing PL2 rule consistent with the goal of having `comment` payloads.
@theseion
chore: move tests to correct rule
ce27c1f 
Moves comment related tests from 941180 to 941181
@theseion theseion requested a review from RedXanadu February 26, 2023 18:55
@theseion theseion changed the title Split Node-Validator keywords functionally feat: Split Node-Validator keywords functionally Feb 26, 2023
@fzipi fzipi mentioned this pull request Apr 2, 2023
Closed
@fzipi fzipi mentioned this pull request May 1, 2023
Closed
@fzipi fzipi mentioned this pull request Jun 4, 2023
Closed
@fzipi fzipi mentioned this pull request Jul 2, 2023
Closed
@dune73
Copy link
Member
dune73 commented Aug 7, 2023

@RedXanadu You seem to be the last person who looked into this. Would you be willing to take over and shepherd this into a state that can be merged?

@RedXanadu
Copy link
Member

@dune73 This can wait until post-v4, right? If so, then yes, I can take another look.

@dune73
Copy link
Member
dune73 commented Aug 24, 2023

OK, then let's add the post-4.0 tag and leave it as is for the time being.

@RedXanadu
Copy link
Member

Cool, thanks. I'll re-base it and take another look when I can.

@dune73 dune73 mentioned this pull request Sep 4, 2023
Closed
@dune73 dune73 mentioned this pull request Oct 2, 2023
Closed
@fzipi fzipi mentioned this pull request Dec 4, 2023
Closed
@dune73 dune73 mentioned this pull request Jan 8, 2024
Closed
@dune73 dune73 mentioned this pull request Feb 5, 2024
Closed
@dune73
Copy link
Member
dune73 commented Feb 16, 2024

Ready to reactivate this @RedXanadu?

@RedXanadu
Copy link
Member

I don't remember what this was about 😅 But yes, I can take a look.

@dune73
Copy link
Member
dune73 commented Feb 16, 2024

Thank you @RedXanadu.

@github-actions github-actions bot added the Stale label Mar 18, 2024
@fzipi fzipi mentioned this pull request Mar 18, 2024
Closed
@github-actions github-actions bot closed this Apr 1, 2024
@fzipi fzipi reopened this Apr 1, 2024
@fzipi
Copy link
Member
fzipi commented Apr 1, 2024

@dune73 @RedXanadu We've been adding this one since September 2023 to the agenda. And it is originally from 2022. Are we thinking on merging, or we just close?

@RedXanadu
Copy link
Member

No movement on my part; still on my todo list.

@dune73 dune73 mentioned this pull request Apr 1, 2024
Closed
@github-actions github-actions bot removed the Stale label Apr 2, 2024
@theseion theseion removed the post-4.0 label Apr 3, 2024
@github-actions github-actions bot added the Stale label May 4, 2024
@dune73 dune73 mentioned this pull request May 6, 2024
Closed
@github-actions github-actions bot closed this May 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RedXanadu RedXanadu Awaiting requested review from RedXanadu

Assignees

@theseion theseion

Labels
Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@RubieV @RedXanadu @dune73 @fzipi @theseion
0