Rule 942151 "space (word)" false positive #3721
Description
Description
Something like Reserve Space (Room A) triggers rule 942151.
Apparently SPACE(N) is an SQL function that "returns a string consisting of N space characters, or NULL if N is NULL."
I wonder if there's a way to only flag this if it's a number in the parenthesis.
How to reproduce the misbehavior (-> curl call)
curl -i -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?test=Reserve%20Space%20(Room%20A)"HTTP/1.1 403 Forbidden
Date: Tue, 28 May 2024 19:38:15 GMT
Content-Type: text/plain; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-Unique-ID: ZlYyp_cfcCqiyFHbW66ETQAAAM8
x-backend: apache-nightly
x-crs-last-commit: none
942151 PL1 SQL Injection Attack: SQL function name detected
949110 PL1 Inbound Anomaly Score Exceeded (Total Score: 5)
980170 PL1 Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=5, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)
Your Environment
- CRS version: 4.3.0
- Paranoia level setting (e.g. PL1) : PL1