coreruleset/coreruleset issues and pull requests

#3281 - Still blocking "curl" at PL2

Issue - State: closed - Opened by theMiddleBlue over 1 year ago - 1 comment
Labels: :bug: bug

#3280 - Monthly Chat Agenda October 2023 (2023-10-02 and 2023-10-16)

Issue - State: open - Opened by dune73 over 1 year ago
Labels: :bookmark: Meeting Agenda

#3279 - Monthly Chat Agenda September 2023 (2023-09-03 and 2023-09-17)

Issue - State: open - Opened by dune73 over 1 year ago
Labels: :bookmark: Meeting Agenda

#3278 - Microsoft_DefaultRuleSet-2.1-SQLI-942340 - False Positive

Issue - State: open - Opened by charlesmorin1 over 1 year ago - 2 comments
Labels: :heavy_plus_sign: False Positive

#3277 - `multiline` regex rules with inconsistent behaviour across engines

Issue - State: open - Opened by M4tteoP over 1 year ago - 7 comments
Labels: :bug: bug, :heavy_plus_sign: False Positive

#3276 - feat: update word list for 932232

Pull Request - State: open - Opened by theseion over 1 year ago - 9 comments

#3275 - Failed to parse request body

Issue - State: closed - Opened by greneit over 1 year ago - 13 comments
Labels: :heavy_plus_sign: False Positive

#3274 - fix(932236): add space to keywords mail and task

Pull Request - State: closed - Opened by franbuehler over 1 year ago - 1 comment

#3273 - feat: PHP functions generator

Pull Request - State: open - Opened by M4tteoP over 1 year ago - 13 comments

#3272 - adjust rule paranoia level

Issue - State: closed - Opened by leveryd over 1 year ago - 7 comments
Labels: :heavy_plus_sign: False Positive

#3271 - Unknown Item Serial Number

Issue - State: closed - Opened by Pandabar007 over 1 year ago - 2 comments

#3270 - "MULTIPART_PART_HEADERS" Header issue in REQUEST-922-MULTIPART-ATTACK.conf

Issue - State: open - Opened by shivapalsingh over 1 year ago - 6 comments
Labels: :+1: Feature Request

#3269 - chore: adds back test config rule 900005

Pull Request - State: closed - Opened by M4tteoP over 1 year ago

#3268 - rule 942450 improve

Issue - State: open - Opened by leveryd over 1 year ago - 1 comment
Labels: :heavy_plus_sign: False Positive

#3267 - Review rule 941210

Issue - State: open - Opened by fzipi over 1 year ago
Labels: :+1: Feature Request, v5

#3266 - Rule 950140 improve

Issue - State: closed - Opened by leveryd over 1 year ago - 4 comments
Labels: :heavy_plus_sign: False Positive

#3265 - chore: update version for next dev patch release

Pull Request - State: closed - Opened by fzipi over 1 year ago

#3264 - chore: release 3.3.5

Pull Request - State: closed - Opened by fzipi over 1 year ago
Labels: :rocket: release

#3263 - feat(941220): add regexp-assembly for deconstructed regex

Pull Request - State: closed - Opened by fzipi over 1 year ago - 3 comments
Labels: :mage: regex-assembly

#3262 - feat(941210): add regexp-assembly for decontructed regex

Pull Request - State: closed - Opened by fzipi over 1 year ago - 2 comments
Labels: :mage: regex-assembly

#3261 - docs: update changes

Pull Request - State: closed - Opened by fzipi over 1 year ago
Labels: :warning: do not merge

#3260 - Bring the v4 branch release notes up to date (CHANGES.MD)

Issue - State: open - Opened by RedXanadu over 1 year ago
Labels: :bug: bug, :book: documentation

#3259 - fix: cleanup file

Pull Request - State: closed - Opened by fzipi over 1 year ago

#3258 - docs: update security policy link

Pull Request - State: closed - Opened by fzipi over 1 year ago

#3257 - fix: correct dev version number

Pull Request - State: closed - Opened by fzipi over 1 year ago

#3256 - chore: adds HTTP/3 to 900230 description

Pull Request - State: closed - Opened by M4tteoP over 1 year ago

#3255 - docs: update sponsors

Pull Request - State: closed - Opened by fzipi over 1 year ago - 3 comments

#3254 - fix: PL related issues in one rule and backport CVE-2023-38199 fix

Pull Request - State: closed - Opened by fzipi over 1 year ago - 4 comments

#3253 - feat: backport rule 920620

Pull Request - State: closed - Opened by fzipi over 1 year ago - 1 comment
Labels: :arrow_backward: backporting

#3252 - 🔖 Monthly Chat Agenda August 2023 (2023-08-07 and 2023-08-21)

Issue - State: open - Opened by fzipi over 1 year ago - 2 comments
Labels: :bookmark: Meeting Agenda

#3251 - fix: wrong configuration/legacy for regression test workflow

Pull Request - State: closed - Opened by dextermallo over 1 year ago - 5 comments

#3250 - [QUESTION] what payload the rule 941340 to prevent?

Issue - State: closed - Opened by leveryd over 1 year ago - 6 comments
Labels: :heavy_minus_sign: False Negative - Evasion

#3249 - Rule Exclusions for Wordpress Password-Reset Page not working. Caused by "Simple Cloudflare Turnstile" plugin. Argument value too long. Desperately need help!

Issue - State: closed - Opened by Danrancan over 1 year ago - 4 comments
Labels: :hourglass_flowing_sand: awaiting feedback

#3246 - Protocol enforcement blocks HTTP/3

Issue - State: closed - Opened by jpds over 1 year ago - 1 comment
Labels: :heavy_plus_sign: False Positive

#3245 - 403 error message with nginx proxy manager

Issue - State: open - Opened by OpenK54 over 1 year ago - 2 comments
Labels: :hourglass_flowing_sand: awaiting feedback

#3243 - [QUESTION]Why owasp crs rule 942200 contain "space" keyword?

Issue - State: closed - Opened by leveryd over 1 year ago - 12 comments
Labels: :question: Need more info

#3240 - Monthly Chat Agenda July 2023 (2023-07-03 and 2023-07-17)

Issue - State: open - Opened by dune73 over 1 year ago - 2 comments
Labels: :bookmark: Meeting Agenda

#3239 - Unified format for tests matching log rule IDs

Issue - State: open - Opened by fzipi over 1 year ago - 5 comments
Labels: :+1: Feature Request

#3233 - feat(util): extend spell script

Pull Request - State: closed - Opened by franbuehler over 1 year ago

#3228 - feat(933151): update PHP fn to latest version

Pull Request - State: open - Opened by jptosso over 1 year ago - 30 comments
Labels: :zap: list update

#3222 - CONTRIBUTING.md is out of sync

Issue - State: open - Opened by RedXanadu over 1 year ago - 4 comments
Labels: :bug: bug, :book: documentation

#3221 - Monthly Chat Agenda June 2023 (2023-06-05 and 2023-06-19)

Issue - State: closed - Opened by RedXanadu over 1 year ago - 2 comments
Labels: :bookmark: Meeting Agenda

#3220 - Lots of false positives with 932236

Issue - State: closed - Opened by EsadCetiner over 1 year ago - 10 comments
Labels: :heavy_plus_sign: False Positive, PR available

#3218 - feat: HTTP/3 support

Pull Request - State: closed - Opened by azurit over 1 year ago - 21 comments

#3217 - 94113 False positive when performing WordPress Search

Issue - State: closed - Opened by talktomedia-rob over 1 year ago - 5 comments
Labels: :heavy_plus_sign: False Positive, :hourglass_flowing_sand: awaiting feedback

#3214 - feat: updated `sql-errors.data`

Pull Request - State: open - Opened by Xhoenix over 1 year ago - 1 comment

#3213 - feat: added newer PHP functions

Pull Request - State: closed - Opened by Xhoenix over 1 year ago - 2 comments

#3212 - feat: added php Fileinfo functions and update `restricted-files.data`

Pull Request - State: closed - Opened by Xhoenix over 1 year ago - 2 comments

#3211 - fix: use the correct entrypoint defenitions for containers

Pull Request - State: closed - Opened by theseion over 1 year ago

#3210 - feat: Adding credentials file of October CMS into restricted files

Pull Request - State: closed - Opened by azurit over 1 year ago

#3209 - chore: update example tests in CONTRIBUTING.md

Pull Request - State: closed - Opened by theseion over 1 year ago - 2 comments

#3208 - chore: adds Matteo Pace to list of Developers

Pull Request - State: closed - Opened by M4tteoP over 1 year ago - 1 comment

#3207 - fix: fix fp in 942330 by adding word boundaries

Pull Request - State: closed - Opened by franbuehler over 1 year ago - 4 comments

#3206 - fix(style): Format malformed rules

Pull Request - State: closed - Opened by airween over 1 year ago - 2 comments

#3205 - 942330 "[0-9] and[a-z]" Number followed by "and[a-zA-Z]" e.g. phone email in message body.

Issue - State: closed - Opened by Rmh-Tech over 1 year ago - 3 comments
Labels: :heavy_plus_sign: False Positive

#3204 - Monthly Chat Agenda May 2023 (2023-05-01 and 2023-05-15)

Issue - State: closed - Opened by RedXanadu over 1 year ago - 2 comments
Labels: :bookmark: Meeting Agenda

#3203 - fix(934100): improve transformation pipeline

Pull Request - State: closed - Opened by RedXanadu over 1 year ago - 1 comment
Labels: :checkered_flag: ready to merge, :takeout_box: sandbox-ready

#3202 - feat: scanner overhaul: new rules, new data files

Pull Request - State: open - Opened by dune73 over 1 year ago - 16 comments
Labels: :eyes: Needs action, :warning: do not merge

#3201 - fix: fixed tests and descriptions

Pull Request - State: open - Opened by theMiddleBlue over 1 year ago - 11 comments

#3200 - False positive with 921110 HTTP Request Smuggling Attack

Issue - State: closed - Opened by mapreri over 1 year ago - 5 comments
Labels: :heavy_plus_sign: False Positive

#3199 - False positive response when usting baselinkier.com

Issue - State: open - Opened by Munrok over 1 year ago - 1 comment
Labels: :heavy_plus_sign: False Positive

#3198 - Wrong regression test for 933160 rule?

Issue - State: open - Opened by theMiddleBlue over 1 year ago - 2 comments
Labels: :bug: bug

#3197 - Nextcloud cookie values collision with 932250 and 932236

Issue - State: closed - Opened by prghix over 1 year ago - 7 comments
Labels: :heavy_plus_sign: False Positive

#3196 - docs(guideline): Add chain rule commenting guidance

Pull Request - State: closed - Opened by airween over 1 year ago

#3195 - Honey Pot HTTP Blacklist missing in ver.4.0.0-rc1 config

Issue - State: closed - Opened by JohnFarl over 1 year ago - 4 comments
Labels: :bug: bug

#3194 - False positive response to Cyrillic characters in a string (setting up exceptions)

Issue - State: open - Opened by flexstat over 1 year ago - 12 comments
Labels: :heavy_plus_sign: False Positive

#3193 - False positive response to Cyrillic characters in a string

Issue - State: closed - Opened by flexstat over 1 year ago - 22 comments
Labels: :heavy_plus_sign: False Positive

#3192 - feat: Add PrestaShop config file

Pull Request - State: closed - Opened by jf-viguier over 1 year ago - 2 comments

#3191 - Fix C9K-230327

Issue - State: closed - Opened by dune73 over 1 year ago - 5 comments
Labels: :heavy_minus_sign: False Negative - Evasion

#3190 - fix: exclude well known user agents from unix commands

Pull Request - State: open - Opened by theseion over 1 year ago - 14 comments

#3189 - `curl` and `wget` are matched in User-Agent header

Issue - State: open - Opened by theseion over 1 year ago - 11 comments
Labels: :heavy_plus_sign: False Positive

#3188 - Add PrestaShop config files to lfi

Pull Request - State: closed - Opened by jf-viguier over 1 year ago - 5 comments

#3187 - fix: match word boundary after `fi`

Pull Request - State: closed - Opened by theseion over 1 year ago - 4 comments

#3186 - fix: require word boundary for `sh` in RCE rules

Pull Request - State: closed - Opened by theseion over 1 year ago - 11 comments

#3185 - fix: properly publish nightly release

Pull Request - State: closed - Opened by theseion over 1 year ago

#3184 - fix: change order of base64decode in NODEJS Attack

Pull Request - State: open - Opened by IppSec over 1 year ago - 3 comments

#3183 - Move Base64Decode to the start of the transform

Pull Request - State: closed - Opened by IppSec over 1 year ago - 1 comment

#3182 - Base64 Transform being at the end allows false negatives

Issue - State: closed - Opened by IppSec over 1 year ago - 8 comments
Labels: :heavy_minus_sign: False Negative - Evasion

#3181 - It does not allow almost any requests. Even the fonts

Issue - State: closed - Opened by blackmold9 over 1 year ago - 6 comments
Labels: :heavy_plus_sign: False Positive

#3180 - Rule 932200, now inspecting Referer headers, matches any query string that contains spaces

Issue - State: open - Opened by RedXanadu over 1 year ago - 15 comments
Labels: :heavy_plus_sign: False Positive

#3179 - fix: apply non-draft state to nightly release forcefully

Pull Request - State: closed - Opened by theseion over 1 year ago

#3178 - False positive response to Cyrillic characters in a string

Issue - State: closed - Opened by flexstat over 1 year ago - 12 comments
Labels: :heavy_plus_sign: False Positive

#3177 - chore: add source documentation and sync restricted-files.data

Pull Request - State: closed - Opened by theseion over 1 year ago - 1 comment

#3176 - fix(typo): Typo fix

Pull Request - State: closed - Opened by airween over 1 year ago

#3175 - chore: fix typos

Pull Request - State: closed - Opened by theseion over 1 year ago

#3174 - Useful information in error.log is overwritten by request data

Issue - State: closed - Opened by Xhoenix over 1 year ago - 16 comments
Labels: :heavy_plus_sign: False Positive

#3173 - AuditLog does not contain cookies

Issue - State: closed - Opened by jarofi over 1 year ago - 14 comments
Labels: :bug: bug

#3172 - False positive in ARGS_NAMES for strings starting with `sh` at PL1

Issue - State: closed - Opened by theseion over 1 year ago - 15 comments
Labels: :heavy_plus_sign: False Positive

#3171 - fix(ci): update nightly release version

Pull Request - State: closed - Opened by fzipi over 1 year ago

#3170 - feat(windows): update windows commands list

Pull Request - State: closed - Opened by franbuehler over 1 year ago - 10 comments
Labels: :zap: list update

#3169 - fix(FP): PostgreSQL error messages

Pull Request - State: closed - Opened by azurit over 1 year ago - 1 comment

#3168 - fix(FP): PostgreSQL error messages

Pull Request - State: closed - Opened by theseion over 1 year ago

#3167 - chore: add enlighting comments to 980170 tests

Pull Request - State: closed - Opened by theseion over 1 year ago

#3166 - chore: Update tests to match changes in go-ftw

Pull Request - State: closed - Opened by theseion over 1 year ago - 1 comment

#3165 - no-op: testing the CI

Pull Request - State: closed - Opened by fzipi over 1 year ago

#3164 - docs: Add link to youtube channel to website

Issue - State: open - Opened by dune73 over 1 year ago
Labels: :+1: Feature Request

#3163 - FP on let's encrypt validation agent

Issue - State: open - Opened by theMiddleBlue over 1 year ago - 11 comments
Labels: :heavy_plus_sign: False Positive

#3162 - fix(FP): PostgreSQL error messages

Pull Request - State: closed - Opened by azurit over 1 year ago - 15 comments

#3161 - fix(feat): strip comments during the parsing of crs-setup.conf.example

Pull Request - State: closed - Opened by airween over 1 year ago - 3 comments

#3160 - GSoC 2023 Ideas

Issue - State: open - Opened by fzipi over 1 year ago - 12 comments
Labels: :bulb: ideas

GitHub / coreruleset/coreruleset issues and pull requests