Comparing changes

Signed-off-by: Felipe Zipitria <[email protected]>

* feat: Remediation for Python SSTI This commit include the following: - Add new rule to the generic attack category to block the Python SSTI payloads - Add Some test cases to check if the rule works fine or not * Adding multiple of changes: - Add the {%%} and <%%> regex to the rule 934180 - Add more regression tests - Removed some unnecessary comments * Make the rule msg more generic not just python * Adding multiple changes after taking the final decision in the monthly meeting for June 2025 - Adjust the new rule to include only the {%%} and <%[=]?%> regex while preserving the old rule 941380 - Removed the removeWhiteSpaces filter - Adjusted the test for our new rule * Remove unnecessary characters from the regex * Remove additional trailing space * Re-Align with the main branch * Remove another trailing space * Update rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf Co-authored-by: Xhoenix <[email protected]> * Change the action version * Update rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf Co-authored-by: Felipe Zipitría <[email protected]> * Update rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf Co-authored-by: Felipe Zipitría <[email protected]> * Add a new tag for the ssti attack --------- Co-authored-by: Franziska Bühler <[email protected]> Co-authored-by: Xhoenix <[email protected]> Co-authored-by: Felipe Zipitría <[email protected]>

…967 in tests/docker-compose.yml (#4159) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

…c15d in tests/docker-compose.yml (#4158) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* update rule 942560 * update regex * Update 942560.yaml added test

Signed-off-by: Felipe Zipitria <[email protected]>

…(933150 PL-1, 933160 PL-1) (#3840) * fix: SprintForTheCause false positive by moving printf to 933160 (933150 PL-1, 933160 PL-1) * fix: update comments * chore: update regex * apply code review suggestions * up * fix: test numbering --------- Co-authored-by: Andrew Howe <[email protected]> Co-authored-by: Felipe Zipitría <[email protected]>

* feat: detect generic config filenames * feat: detect generic config filenames * feat: detect generic config filenames --------- Co-authored-by: Felipe Zipitría <[email protected]>

…0 PL-1, 932371 PL-2) (#4015) * fix: create a stricter sibling to 932370 and move `at` to PL-2 (932370 PL-1, 932371 PL-2) * fix: tests * fix: tests * fix: move pl-2 rule to pl-2 section * chore: update ver * chore: update tags * chore: update regex

* fix(942340): remove dot star Signed-off-by: Felipe Zipitria <[email protected]> * Update regex-assembly/942180.ra Co-authored-by: Max Leske <[email protected]> * fix: re-run crs-toolchain Signed-off-by: Felipe Zipitria <[email protected]> --------- Signed-off-by: Felipe Zipitria <[email protected]> Co-authored-by: Max Leske <[email protected]>

* update java-errors.data * added tests * move rule to regex assembly syntax * update regex * update regex * added test * update tests * Update regex-assembly/952110.ra Co-authored-by: Max Leske <[email protected]> * update regex --------- Co-authored-by: Felipe Zipitría <[email protected]> Co-authored-by: Max Leske <[email protected]>

* refactor(942340): move to regex assambly Signed-off-by: Felipe Zipitria <[email protected]> * Apply suggestions from code review Co-authored-by: Max Leske <[email protected]> * fix: add output in ra Signed-off-by: Felipe Zipitria <[email protected]> * fix: add ^ as xor Signed-off-by: Felipe Zipitria <[email protected]> * fix: except Signed-off-by: Felipe Zipitria <[email protected]> * fix: swap logical for sql Signed-off-by: Felipe Zipitria <[email protected]> * fix: add alternative for logical operators Signed-off-by: Felipe Zipitria <[email protected]> * fix: revert to original regex Signed-off-by: Felipe Zipitria <[email protected]> * Update regex-assembly/942340.ra Co-authored-by: Max Leske <[email protected]> Signed-off-by: Felipe Zipitria <[email protected]> * fix: format regex assembly file Signed-off-by: Felipe Zipitria <[email protected]> * Update regex-assembly/942340.ra Co-authored-by: Max Leske <[email protected]> * fix: run crs-toolchain Signed-off-by: Felipe Zipitria <[email protected]> * fix: apply code review comments Signed-off-by: Felipe Zipitria <[email protected]> * chore: finalize regex --------- Signed-off-by: Felipe Zipitria <[email protected]> Co-authored-by: Max Leske <[email protected]>

* fix(933160): remove dot star Signed-off-by: Felipe Zipitria <[email protected]> * Apply suggestions from code review Co-authored-by: Max Leske <[email protected]> * fix: re-run crs-toolchain Signed-off-by: Felipe Zipitria <[email protected]> * Apply suggestions from code review Co-authored-by: Max Leske <[email protected]> * Apply suggestions from code review * chore: run crs-toolchain update Signed-off-by: Felipe Zipitria <[email protected]> --------- Signed-off-by: Felipe Zipitria <[email protected]> Co-authored-by: Max Leske <[email protected]>

* feat: added rule to detect Bash Brace Expansion * added rule 932281(PL 2) * fix typo * updated msg and payloads * fix versions * Update regex-assembly/932280.ra Co-authored-by: Max Leske <[email protected]> * Update regex-assembly/932280.ra Co-authored-by: Max Leske <[email protected]> * Update regex-assembly/932280.ra Co-authored-by: Max Leske <[email protected]> * Update regex-assembly/932281.ra Co-authored-by: Max Leske <[email protected]> * Update rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf Co-authored-by: Max Leske <[email protected]> * Update rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf Co-authored-by: Max Leske <[email protected]> * Update rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf Co-authored-by: Max Leske <[email protected]> * Update rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf Co-authored-by: Max Leske <[email protected]> * update comments * update comments * fix linter error * fix lint error * Update REQUEST-932-APPLICATION-ATTACK-RCE.conf * Apply suggestions from code review Co-authored-by: Max Leske <[email protected]> * update comments * update version string * added missing tags --------- Co-authored-by: Max Leske <[email protected]> Co-authored-by: Felipe Zipitría <[email protected]>

* feat: added MongoDB operators * remove duplicate * regex update * added MongoDB operators * add operators and refactor * update regex assembly syntax * crs-toolchain regex update * added comments * chore: crs-toolchain regex format * Update regex-assembly/942290.ra Co-authored-by: Felipe Zipitría <[email protected]> --------- Co-authored-by: Felipe Zipitría <[email protected]>

* feat: added zmodload * regex update * update unix-shell.data * remove shell builtins * remove builtins * added sudo-rs/visudo-rs * regex update --all * added unix-shell-builtins.data * update rule and comments * added tokens * add rule 932162 * remove tokens * remove rule 932162 * update unix-shell-4andup --------- Co-authored-by: Max Leske <[email protected]> Co-authored-by: Felipe Zipitría <[email protected]>

Signed-off-by: Felipe Zipitria <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Comparing changes

Open a pull request

Commits on Jun 3, 2025

Commits on Jun 4, 2025

Commits on Jun 5, 2025

Commits on Jun 9, 2025

Commits on Jun 16, 2025

Commits on Jun 20, 2025

Commits on Jun 21, 2025

Commits on Jun 23, 2025

Commits on Jun 24, 2025

Commits on Jun 26, 2025

Commits on Jun 27, 2025

Commits on Jun 29, 2025

This comparison is taking too long to generate.

Uh oh!