Skip to content

fix: don't replace cmdline suffixes for 932220 and 932250 #4231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
theseion merged 2 commits into from
Aug 20, 2025
Merged

fix: don't replace cmdline suffixes for 932220 and 932250 #4231

theseion merged 2 commits into from
Aug 20, 2025

Conversation

@theseion
Copy link
Contributor

@theseion theseion commented Aug 10, 2025

During the refactoring of the RCE rules and the "upto3" and "4andup" data files, rules 932220 and 932250 were changed to accidentally include data files without cmdline suffixes, even thoug both rules use the cmdline processor. This commit fixes both rules, making them process the cmdline suffixes as originally intended.

@theseion theseion requested review from EsadCetiner and fzipi August 10, 2025 14:35
@github-actions
Copy link
Contributor

github-actions bot commented Aug 10, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

EsadCetiner
EsadCetiner reviewed Aug 10, 2025
View reviewed changes
Copy link
Member

@EsadCetiner EsadCetiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've just tested this locally and everything works as expected.

@theseion theseion mentioned this pull request Aug 10, 2025
Merged
@theseion
fix: don't replace cmdline suffixes for 932220 and 932250
90eb0cd 
During the refactoring of the RCE rules and the "upto3" and "4andup"
data files, rules 932220 and 932250 were changed to accidentally include
data files without cmdline suffixes, even though both rules use the
cmdline processor. This commit fixes both rules, making them process the
cmdline suffixes as originally intended.
@theseion
chore: apply review suggestions
9a04ced
@theseion theseion requested a review from EsadCetiner August 19, 2025 05:10
@theseion theseion added this pull request to the merge queue Aug 20, 2025
Merged via the queue into coreruleset:main with commit 59ed32c Aug 20, 2025
7 checks passed
@theseion theseion deleted the fix-932220-932250 branch August 20, 2025 06:09
@S0obi
Copy link
Contributor

S0obi commented Aug 20, 2025

@theseion is this PR linked to issue #4241 ?

@EsadCetiner
Copy link
Member

EsadCetiner commented Aug 20, 2025

@S0obi No, this fixes a bug where some suffixes aren't being applied correctly resulting in false negatives. I'll reference the PR in the issue when I have a fix.

@fzipi fzipi mentioned this pull request Sep 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EsadCetiner EsadCetiner EsadCetiner approved these changes

@fzipi fzipi Awaiting requested review from fzipi

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@theseion @S0obi @EsadCetiner