Tags: coreruleset/coreruleset
Tags
fix: prevent invalid commands matches on 5 characters or less (932220… … PL-2, 932230 PL-1, 932232 PL-3, 932235 PL-1, 932236 PL-2, 932237 PL-3, 932238 PL-3, 932239 PL-2, 932250 PL-1, 932260 PL-1) (#3735) * fix: prevent invalid commands matches on 5 characters or less (932230 PL-1, 932235 PL-1, 932236 PL-2, 932237 PL-3, 932239 PL-2, 932250 PL-1, 932260 PL-1) * fix: copy paste error * fix: invalid output in tests * test: enable tests to detect new attacks * test: enable tests to detect new attacks * fix: correct description for 932250-4 * perf: use word boundry to prevent invalid matches * test: add test for id command * fix: invalid output for tests * fix: add missing line break * fix: invalid test format * chore: update toolchain * test: enable tests for newly detected attacks * fix: don't use word boundry to prevent invalid matches * chore: regenerate rules regex * fix: add chained rule to prevent common false positives * fix: setvar ordering * fix: use lf instead of crlf * fix: setvar ordering * fix: typos Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com> * docs: clarify test descriptions * docs: improve descriptions * fix: brace expansion detection * style: improve test description formatting Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com> * style: improve test description formatting * Update regex-assembly/932237.ra Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com> * chore: update unix-shell.data * chore: update list generation scripts and update lists * fix: use correct match in list update script * chore: update unix-shell-fps-pl1 * chore: update regular expressions * chore: revert unnecessary chain rule * chore: fix failing tests * fix: linting error * fix: linting error * fix: whitespace * chore: move php / cron FPs to curated list * chore: do not exclude php / cron by commenting them in FP file * chore: update anti-evasion pattern in all places * chore: only exclude exact match for specific commands * chore: give quantitative tests write permissions to PR * chore: fix `yes` and `date` * up * fix: tests * fix: lint * update comments * fix: typo * up * fix: sync pl-2 exclusions with pl-1 * fix: some commands not being excluded correctly * chore: update regex * fix: exclude pwd from pl-1 * fix: fp with `hash` and `lastcommonreqid` * fix: pashto afghanistan user-agent fp at pl-3 * fix: copy-paste leftover * fix: exclude `install` at pl-2 * fix: exclude `ed` at pl-2 * chore: use correct toolchain version * typos Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com> * fix: change definition of `~` and exclude exact match `java` * fix: test numbering * chore: update unix-shell.data * fix: typos * chore: update anti_evasion_no_space_suffixes Match at most 10 consecutive characters * fix: regression with unix evasion suffix no space * chore: update regex --------- Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
chore: release v4.7.0 (#3826) * chore: release v4.7.0 Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org> * fix: update lint to support release branch Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org> --------- Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
PreviousNext