8000 fix: remove chain rule from 932260 by theseion · Pull Request #3521 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: remove chain rule from 932260 #3521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 8, 2024
Merged

fix: remove chain rule from 932260 #3521

merged 1 commit into from
Feb 8, 2024

Conversation

theseion
Copy link
Contributor

932260 was copied from 932240, which includes a chain rule to prevent false positives against number separators. This chain rule makes no sense for 932260 and is actually detrimental, as it enables trivial bypasses.

8000
@theseion
fix: remove chain rule from 932260
449cc11 
932260 was copied from 932240, which includes a chain rule to prevent
false positives against number separators. This chain rule makes no
sense for 932260 and is actually detrimental, as it enables trivial
bypasses.

See coreruleset#3147
@theseion theseion force-pushed the 3147-remove-chain-from-932260 branch from 69f002f to 449cc11 Compare January 28, 2024 09:34
@theseion theseion mentioned this pull request Jan 28, 2024
Closed
franbuehler
franbuehler approved these changes Feb 1, 2024
View reviewed changes
Copy link
Contributor
@franbuehler franbuehler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this PR. It works and solves the latest open problem in #3147 with `?a=whoami;0'0'? .
After merging this PR here, the mentioned issue can be closed.

@theseion
Copy link
Contributor Author
theseion commented Feb 1, 2024

@fzipi Please review this PR too. I want to be sure that the removal of the chain rule is correct.

@dune73 dune73 mentioned this pull request Feb 5, 2024
Closed
fzipi
fzipi approved these changes Feb 8, 2024
View reviewed changes
Copy link
Member
@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. LGTM.

@fzipi fzipi merged commit 2617a99 into coreruleset:v4.0/dev Feb 8, 2024
@theseion theseion deleted the 3147-remove-chain-from-932260 branch February 8, 2024 13:35
@github-actions github-actions bot mentioned this pull request Feb 9, 2024
Merged
@dune73 dune73 mentioned this pull request Jul 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fzipi fzipi fzipi approved these changes

@franbuehler franbuehler franbuehler approved these changes

@theMiddleBlue theMiddleBlue Awaiting requested review from theMiddleBlue

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@theseion @fzipi @franbuehler
0