coreruleset · EsadCetiner · Feb 10, 2025 · Jun 15, 2024 · Jun 15, 2024 · Jun 15, 2024
diff --git a/regex-assembly/932235.ra b/regex-assembly/932235.ra
@@ -8,4 +8,4 @@
 ##! These patterns are approximations of the patterns used by the cmdline
 ##! processor for `@` and `~`.
 ##! These patterns are used across multiple files, change with care.
-##!> include-except unix-shell-4andup unix-shell-fps-pl1-curated -- @ [\s<>&|)] ~ \S
+##!> include-except unix-shell-4andup unix-shell-fps-pl1-curated -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
diff --git a/regex-assembly/932236.ra b/regex-assembly/932236.ra
@@ -11,5 +11,5 @@
 ##! These patterns are approximations of the patterns used by the cmdline
 ##! processor for `@` and `~`.
 ##! These patterns are used across multiple files, change with care.
-##!> include-except unix-shell-upto3 unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string -- @ [\s<>&|)] ~ \S
-##!> include-except unix-shell-4andup unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string -- @ [\s<>&|)] ~ \S
+##!> include-except unix-shell-upto3 unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
+##!> include-except unix-shell-4andup unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
diff --git a/regex-assembly/932237.ra b/regex-assembly/932237.ra
@@ -10,6 +10,6 @@
 ##! These patterns are approximations of the patterns used by the cmdline
 ##! processor for `@` and `~`.
 ##! These patterns are used across multiple files, change with care.
-##!> include-except unix-shell-upto3 unix-shell-fps-useragents -- @ [\s<>&|)] ~ \S
-##!> include-except unix-shell-4andup unix-shell-fps-useragents -- @ [\s<>&|)] ~ \S
-##!> include-except unix-shell-pl3 unix-shell-fps-useragents -- @ [\s<>&|)] ~ \S
+##!> include-except unix-shell-upto3 unix-shell-fps-useragents -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
+##!> include-except unix-shell-4andup unix-shell-fps-useragents -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
+##!> include-except unix-shell-pl3 unix-shell-fps-useragents -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
diff --git a/regex-assembly/932239.ra b/regex-assembly/932239.ra
@@ -11,5 +11,5 @@
 ##! These patterns are approximations of the patterns used by the cmdline
 ##! processor for `@` and `~`.
 ##! These patterns are used across multiple files, change with care.
-##!> include-except unix-shell-upto3 unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string unix-shell-fps-useragents -- @ [\s<>&|)] ~ \S
-##!> include-except unix-shell-4andup unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string unix-shell-fps-useragents -- @ [\s<>&|)] ~ \S
+##!> include-except unix-shell-upto3 unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string unix-shell-fps-useragents -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
+##!> include-except unix-shell-4andup unix-shell-fps-pl2 unix-shell-fps-pl2-start-of-string unix-shell-fps-useragents -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
diff --git a/regex-assembly/932250.ra b/regex-assembly/932250.ra
@@ -16,6 +16,6 @@
     ##! This pattern is an approximation of the pattern used by the cmdline
     ##! processor for `@`.
     ##! This pattern is used across multiple files, change with care.
-    [\s<>&|)]
+    [\s<>&|),]|$
   ##!<
 ##!<
diff --git a/regex-assembly/932260.ra b/regex-assembly/932260.ra
@@ -11,5 +11,5 @@
   ##! These patterns are approximations of the patterns used by the cmdline
   ##! processor for `@` and `~`.
   ##! These patterns are used across multiple files, change with care.
-  ##!> include-except unix-shell-4andup unix-shell-fps-pl1 -- @ [\s<>&|)] ~ \S
+  ##!> include-except unix-shell-4andup unix-shell-fps-pl1 -- @ (?:[\s<>&|),]|$) ~ \S{1,10}\b
 ##!<
diff --git a/regex-assembly/exclude/unix-shell-fps-pl1.ra b/regex-assembly/exclude/unix-shell-fps-pl1.ra
@@ -26,7 +26,7 @@
 ##!   while read -r oword; do
 ##!     found=0
 ##!     while read -r eword; do
-##!       if grep -qE "^${eword}[@~]?" <<<"${oword}"; then
+##!       if grep -qE "^${eword}[@~]?$" <<<"${oword}"; then
 ##!         result="${result}${eword}${NL}"
 ##!         result="${result}${eword}@${NL}"
 ##!         result="${result}${eword}~${NL}"
@@ -64,6 +64,10 @@
 ##! EOF
 ##! echo "${result}" | sort | uniq >> regex-assembly/exclude/unix-shell-fps-pl1.ra
 
+##! Note: As part of the effort to reduce FPs mid-term (https://github.com/coreruleset/coreruleset/pull/3735)
+##!       we've decided to exclude some commands for which only the exact match is an issue
+##!       (mostly for 933236).
+
 GET
 GET@
 GET~
@@ -162,6 +166,9 @@ check_memory
 check_raid
 check_ssl_cert
 check_statusfile
+chef
+chef@
+chef~
 chflags
 chmod
 choom
@@ -197,7 +204,10 @@ cpulimit
 crash
 crash@
 crash~
+cron
+cron@
 crontab
+cron~
 csplit
 csvtool
 cupsfilter
@@ -549,6 +559,11 @@ perms~
 pf
 pf@
 pg
+pg@
+pg~
+php
+php@
+php~
 pic
 pic@
 pico@
@@ -579,6 +594,10 @@ puppet
 puppet@
 puppet~
 pushd
+##! excluded as part of PR #3735
+pwd
+pwd@
+pwd~
 python
 python@
 python~
@@ -726,8 +745,12 @@ tic@
 tic~
 time
 time@
-timedatectl
 time~
+timedatectl
+##! excluded as part of PR #3735
+timeout
+timeout@
+timeout~
 tmux
 top
 top@
@@ -740,6 +763,10 @@ tshark
 ul
 ul@
 ulimit@
+##! excluded as part of PR #3735
+uname
+uname@
+uname~
 uncompress
 uncompress@
 uncompress~
@@ -789,6 +816,8 @@ whiptail~
 who
 who@
 whois
+whois@
+whois~
 who~
 wireshark
 wish

diff --git a/regex-assembly/exclude/unix-shell-fps-pl2.ra b/regex-assembly/exclude/unix-shell-fps-pl2.ra
@@ -11,33 +11,152 @@
 ##! `awk@` to `awk~`, this list would not have to be updated.
 ##! See also unix-shell-fps-pl1.ra.
 
+##! Note: As part of the effort to reduce FPs mid-term (https://github.com/coreruleset/coreruleset/pull/3735)
+##!       we've decided to exclude some commands for which only the exact match is an issure
+##!       (mostly for 933236).
+
 aptitude
 aptitude@
 aptitude~
+##! excluded as part of PR #3735
+cron
+cron@
+cron~
+date
+date@
+date~
+##! excluded as part of PR #3735
+dir
+dir@
+dir~
 dnf
 dnf@
 dnf~
+##! excluded as part of PR #3735
+ed
+ed@
+ed~
+##! excluded as part of PR #3735
+file
+file@
+file~
+##! excluded as part of PR #3735
+GET
+GET@
+GET~
+##! excluded as part of PR #3735
+hash
+hash@
+hash~
+##! excluded as part of PR #3735
+HEAD
+HEAD@
+HEAD~
+##! excluded as part of PR #3735
+id
+id@
+id~
+##! excluded as part of PR #3735
+install
+install@
+install~
+##! excluded as part of PR #3735
+java
+java@
+java~
+##! excluded as part of PR #3735
+mail
+mail@
+mail~
 more
 more@
 more~
+##! excluded as part of PR #3735
+null
+null@
+null~
 pacman
 pacman@
 pacman~
 ps
 ps@
 ps~
+##! excluded as part of PR #3735
+pg
+pg@
+pg~
+##! excluded as part of PR #3735
+php
+php@
+php~
+##! excluded as part of PR #3735
+POST
+POST@
+POST~
+##! excluded as part of PR #3735
+rename
+rename@
+rename~
+##! excluded as part of PR #3735
+repeat
+repeat@
+repeat~
+##! excluded as part of PR #3735
+screen
+screen@
+screen~
+##! excluded as part of PR #3735
+sort
+sort@
+sort~
+##! excluded as part of PR #3735
+ss
+ss@
+ss~
+##! excluded as part of PR #3735
+source
+source@
+source~
+##! excluded as part of PR #3735
+task
+task@
+task~
 time
 time@
 time~
+##! excluded as part of PR #3735
+timeout
+timeout@
+timeout~
+##! excluded as part of PR #3735
+uname
+uname@
+uname~
 up2date
 up2date@
 up2date~
 vi
 vi@
 vi~
+##! excluded as part of PR #3735
+wall
+wall@
+wall~
+##! excluded as part of PR #3735
+view
+view@
+view~
 who
 who@
 who~
+##! excluded as part of PR #3735
+whois
+whois@
+whois~
 w
 w@
 w~
+##! excluded as part of PR #3735
+yes
+yes@
+yes~