8000 feat: detect javascript methods import fetch console.log `console.dir` by EsadCetiner · Pull Request #4076 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: detect javascript methods import fetch console.log console.dir #4076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 7, 2025
Merged

feat: detect javascript methods import fetch console.log console.dir #4076

merged 3 commits into from
Apr 7, 2025

Conversation

EsadCetiner
Copy link
Member

Blocks four new JavaScript methods and can now detect JavaScript injection attacks with curly brackets.

import
fetch
console.log
console.dir

Although this PR introduces one new false positive detected via ftw quantitative:
If you’re looking for a personal recommendation, if you’re willing to import (and perhaps wait around, as they often sell out line has been consistently excellent so far.

closes #3632
closes: #3633

@EsadCetiner EsadCetiner added the release:new-detection In this PR we introduce a new detection label Apr 1, 2025
@github-actions GitHub Actions
Copy link
Contributor
github-actions bot commented Apr 1, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

Xhoenix
Xhoenix reviewed Apr 1, 2025
View reviewed changes
@Xhoenix
Copy link
Member
Xhoenix commented Apr 1, 2025
edited
Loading

import and fetch are very commonly used words in natural language, and are very likely to cause false positives. This needs to be discussed. Can you add this to the Meeting agenda?

@EsadCetiner
Copy link
Member Author
EsadCetiner commented Apr 1, 2025
edited
Loading

I've added it to the agenda but I'll likely won't be in the CRS chat so I'll leave my two cents in this comment.

Adding import and fetch should not cause many false positives, there's only one known false positive relating to import. The same could be said about the other methods in the rule, and there haven't been any reports on those methods causing false positives nor have I encountered any personally.

@Xhoenix
Copy link
Member
Xhoenix commented Apr 1, 2025

Yeah, I understand the suffix is there to prevent false positives, but it's still better if we discuss this, or if someone else takes a look on this, and approves. 😄

@EsadCetiner EsadCetiner mentioned this pull request Apr 2, 2025
Closed
theseion
theseion approved these changes Apr 3, 2025
View reviewed changes
Copy link
Contributor
@theseion theseion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! ❤️

@theseion
Copy link
Contributor
theseion commented Apr 3, 2025

I think the risk of FPs is acceptable.

@Xhoenix Xhoenix added this pull request to the merge queue Apr 7, 2025
Merged via the queue into coreruleset:main with commit b106688 Apr 7, 2025
6 checks passed
@EsadCetiner EsadCetiner deleted the feat-javascript-methods branch April 7, 2025 11:07
@Xhoenix
Copy link
Member
Xhoenix commented Apr 7, 2025

Note: There aren't any tests for fetch, console.log and console.dir.

@EsadCetiner
Copy link
Member Author

@Xhoenix I think it's fine since I'm just adding methods to a list. The first test I added was a known false positive, maybe somebody can find a fix for it in the future that I couldn't find, and the second one was added because I modified the suffix for the rule.

I'd rather not bloat the tests file with largely useless tests, sometimes less is more.

@theseion theseion mentioned this pull request Apr 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xhoenix Xhoenix Xhoenix left review comments

@theseion theseion theseion approved these changes

Assignees
No one assigned
Labels
release:new-detection In this PR we introduce a new detection
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Javascript "console.log()" and "console.dir()" not being detected JS "fetch" and "import" (partially) not being detected
3 participants
@EsadCetiner @Xhoenix @theseion
0