Felipe Zipitría
Felipe Zipitría
## For future CRS developers After thinking of a solution that involved changing the `cmdLine` processor to get additional coverage for evasions, we ended up with `[\x5c'\"\[]*(?:\$[a-z0-9_@?!#{*-]*)?(?:\x5c)?`. This covers the...
## Pendings for evasion RCE ruleset This will impact: - [x] rules/unix-shell.data - [x] data/932100.data - [x] data/932105.data - [x] data/932106.data (unchanged, small file) - [x] data/932150.data (unchanged, small file)...
We removed `ARGS_NAMES` from 932240.
All the techniques mentioned here were addressed. The changes made for supporting this made me think about taking a second look at the whole techniques we are covering. Creating a...
Take a look at the SSRF ruleset for examples on different ways to use IP/names.
It would be good, when you have time, to create a list of requirements on what/how you foresee we use this one. It would help others to implement the feature....
@lifeforms Hmmm... 🤔 Maybe https://github.com/coreruleset/coreruleset/blob/dbe1a7f1fc49d9d17c13dee535057788fe3b18e0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf#L314?
Coming from https://github.com/coreruleset/coreruleset/blob/v4.0/dev/util/regexp-assemble/data/932125.data
@lifeforms What do you think on the 932125 ruleset?
@lifeforms ping again.