Skip to content

fix(942120): update operators #3841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Oct 11, 2024
Merged

fix(942120): update operators #3841

merged 15 commits into from
Oct 11, 2024

Conversation

@Xhoenix
Copy link
Member

@Xhoenix Xhoenix commented Oct 2, 2024

Added fix for rule 942120.

@Xhoenix Xhoenix requested a review from a team October 2, 2024 10:48
@fzipi fzipi changed the title fix(security): sql operator bypass fix(942120): add double equal operator Oct 2, 2024
@fzipi
Copy link
Member

fzipi commented Oct 2, 2024

Thanks for the patch. Is there any other operator we are missing?

@fzipi
Copy link
Member

fzipi commented Oct 2, 2024

Does this even make sense then?

coreruleset/regex-assembly/942120.ra

Line 35 in 738694e

[<>=!]{1,2}\s*all\b

@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 2, 2024
edited
Loading

I looked at the operators from here.

Does this even make sense then?

coreruleset/regex-assembly/942120.ra

Line 35 in 738694e

[<>=!]{1,2}\s*all\b

No, that's unnecessary, going to remove it.

@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 2, 2024
edited
Loading

On a second thought, there are no tests for it, so can't say for sure exactly what they were targeting.

=all
!all
<all

@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 2, 2024

Test ID 26 exists. But then the expansion part {1,2} is unnecessary.

@fzipi
Copy link
Member

fzipi commented Oct 2, 2024

I think it will never match the ,2} part, right? Will previously match the other operators.

From that list we are missing:

@fzipi fzipi changed the title fix(942120): add double equal operator fix(942120): update operators Oct 2, 2024
@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 2, 2024

I'm going to remove <=>, add -> and remove {1,2}. Are you okay with this @fzipi ?

@fzipi
Copy link
Member

fzipi commented Oct 2, 2024

Sounds good to me!

@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 3, 2024

LGTM!

fzipi
fzipi reviewed Oct 4, 2024
View reviewed changes
Copy link
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can merge this one after updating tests, and then maybe work on moving operators to an include file?

@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 5, 2024
edited
Loading

Yeah, moving into an include file would make sense, but I've only referred into the operators for SQLite, and we may need to look into other database engines, for e.g mysql.

fzipi
fzipi reviewed Oct 5, 2024
View reviewed changes
Copy link
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is taking a nice shape now. Let's add to the test description a way of reading the test content more easily.

fzipi
fzipi previously approved these changes Oct 5, 2024
View reviewed changes
@fzipi fzipi mentioned this pull request Oct 7, 2024
Closed
theseion
theseion requested changes Oct 9, 2024
View reviewed changes
@azurit azurit requested a review from theseion October 9, 2024 07:48
theseion
theseion requested changes Oct 9, 2024
View reviewed changes
Xhoenix and others added 2 commits October 9, 2024 17:53
@Xhoenix
Copy link
Member Author

Xhoenix commented Oct 9, 2024

This is now ready. LGTM!

@dune73
Copy link
Member

dune73 commented Oct 9, 2024

We're getting there.

@Xhoenix Xhoenix added this pull request to the merge queue Oct 11, 2024
Merged via the queue into coreruleset:main with commit 71e0dff Oct 11, 2024
5 checks passed
@Xhoenix Xhoenix deleted the fix-sql-operator-bypass branch October 11, 2024 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theseion theseion theseion approved these changes

@fzipi fzipi fzipi left review comments

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Xhoenix @fzipi @dune73 @theseion