Felipe Zipitría

icon indicating a website link http://www.fing.edu.uy/~fzipi

icon company Facultad de Ingeniería, Universidad de la República icon location Montevideo, Uruguay

Results 581 comments of Felipe Zipitría

Javascript "console.log()" and "console.dir()" not being detected

Do we want to discuss this in the next meeting? Or just close it and we are done with this discussion here?

move crs-rules-check to its own repository

Created repo https://github.com/coreruleset/crs-linter.

chore: find rules without test

Yes, we should move this one, or better integrate it with the crs-linter. It is a very simple script that used the same basis from msc_pyparser.

chore: find rules without test

Once we do something about it, yes.

chore: find rules without test

> > Yes, we should move this one, or better integrate it with the crs-linter. It is a very simple script that used the same basis from msc_pyparser. > >...

SQL Injection in User-Agent

The User-Agent header is... problematic to say the least.

SQL Injection in User-Agent

Wow, this is a amazing, thanks for sharing. Let's dive on it and see what we can do!

feat: accidental firewall disability prevention

@dune73 @azurit Did we got a conclusion from our discussion in the meeting? Shall we keep this one open, move it to a plugin, or just close?

feat: improve detection of onwebkitplaybacktargetavailabilitychanged event

Hi @Osb0rn3. As it says in the file [here](https://github.com/coreruleset/coreruleset/blob/67b6c8e058c0163f6315927d3f199e3e6879de02/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf#L195), can you update the source file first? Then please apply the crs-toolchain to generate the updated regexp.

feat: improve detection of onwebkitplaybacktargetavailabilitychanged event

Tried to update the remote branch without success. Let's close this one as the reporter is not responsive. I'll try to address in a following PR.