Stephen Sigwart
Stephen Sigwart
I have a possible fix of adding a chain. Please let me know if you want me to open a PR for this. ``` chain" SecRule MATCHED_VARS "@rx \b([^\s]+)\s*\(" \...
> Your solution looks too complex and prone to errors. For example, you are not catching `$ddd=exec(` because you are searching for keyword `ddd=exec`. I'm a bit confused by this...
Thanks, @RedXanadu. I have already tweaked rules to prevent the FP in our code, so I'm fine with you closing this if you want. I do find it odd that...
That's great. Thank you.
I think this is referring to an issue I'm running into. Here are example files: **index.php** ```php class MyConfig { const VAR1 = 'MyConstant'; } $smarty = new Smarty(); $smarty->setTemplateDir('./templates');...
@Xhoenix, I didn't use that suggestion because the false positive could appear on a large number of fields and it was also too broad of an exclusion. I did find...
Sure. I'll close it. I do feel like this is a false positive that could be fairly common for other people, but it's not affecting me anymore since I have...
I'd be willing to attempt to fix this if a maintainer confirmed that what I have listed as the "Expected Behaviour" above is the desired behavior.
Thanks, @airween. I can create an exclusion. I just try to report things here in case others have similar issues.
I'm seeing the same issue on `systemd 252 (252.16-1.amzn2023.0.2)`. ## Steps to Reproduce ### 1. Create `/etc/systemd/system/gh31231-test.service` ``` [Service] Type=oneshot ExecStart=/bin/echo Running ``` ### 2. Create `/etc/systemd/system/gh31231-test.timer` - Set the...