8000 feat: add new rule to catch invalid character in multipart headers (v3) by fzipi · Pull Request #3797 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: add new rule to catch invalid character in multipart headers (v3) #3797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 27, 2024
Merged

feat: add new rule to catch invalid character in multipart headers (v3) #3797

merged 3 commits into from
Aug 27, 2024

Conversation

fzipi
Copy link
Member
@fzipi fzipi commented Aug 19, 2024

Add a new rule 922130 which check if any MULTIPART header contains a non-ascii character.

Fixes 3MU-240701-1 by @luelueking for v3.

@fzipi fzipi added the ◀️ backporting Issue or PRs that are used for backporting features between versions. label Aug 19, 2024
@fzipi fzipi requested review from airween and theseion August 19, 2024 22:10
@fzipi
Copy link
Member Author
fzipi commented Aug 20, 2024

Needs #3798

@airween
Copy link
Contributor
airween commented Aug 20, 2024

Seems like regression test is failed.

airween
airween requested changes Aug 20, 2024
View reviewed changes
@fzipi fzipi added the release:ignore Ignore for changelog release label Aug 20, 2024
@fzipi
feat: add new rule to catch invalid character in multipart headers (v3)
f2fe177 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi
Merge branch 'v3.3/dev' into port/3796-v3
2a6bced 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi requested a review from airween August 27, 2024 01:46
@theseion
Copy link
Contributor

Probably requires backporting seclang_parser.

@airween
Copy link
Contributor
airween commented Aug 27, 2024
edited
Loading

Probably requires backporting seclang_parser.

We don't need. The rule file was invalid: there was an extra space at the beginning of each lines at the new rule. I removed them (22e59c1), now everything is fine.

airween
airween approved these changes Aug 27, 2024
View reviewed changes
Copy link
Contributor
@airween airween left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fzipi fzipi merged commit d0c0f3c into v3.3/dev Aug 27, 2024
4 checks passed
@fzipi fzipi deleted the port/3796-v3 branch August 27, 2024 12:00
@fzipi fzipi mentioned this pull request Sep 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airween airween airween approved these changes

@theseion theseion Awaiting requested review from theseion

Assignees
No one assigned
Labels
◀️ backporting Issue or PRs that are used for backporting features between versions. release:ignore Ignore for changelog release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fzipi @airween @theseion
0