Skip to content

fix(942160): updating regex to deal with new payloads #4292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
azurit merged 14 commits into from
Oct 28, 2025
Merged

fix(942160): updating regex to deal with new payloads #4292

azurit merged 14 commits into from
Oct 28, 2025

Conversation

@touchweb-vincent
Copy link
Contributor

@touchweb-vincent touchweb-vincent commented Oct 17, 2025
edited by azurit
Loading

Hello,

Payloads incoming

New payloads detected by this PR:

sELecT slEep (20 dIv 3)
SeleCT sLeEp (mOD(10,5))
sELecT slEep (5 ^ 2)
sELecT slEep (3 * 2)
sELecT slEep (-3 * -2)
sELecT slEep (10 /6)
sELecT slEep ('10€@#={},~2')
sELecT slEep ("10")
sELecT slEep (10 +6)
sELecT slEep (10 -6)
sELecT slEep (10.2)
sELecT slEep (20 % 7)

@github-actions
Copy link
Contributor

github-actions bot commented Oct 17, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

touchweb-vincent and others added 10 commits October 17, 2025 07:03
@touchweb-vincent
-
663d41a 
Removed 't:removeCommentsChar' from SQLI detection rule.
@touchweb-vincent
Modify SQL injection tests to time-based payloads
6df6c18 
Updated multiple test descriptions to reflect time-based SQL injection payloads and added new tests for various time-based payload scenarios.
@touchweb-vincent
Fix regex pattern in SQLI rule
634708e
@touchweb-vincent
Refactor SQL injection tests and add new case
4b06d4e 
Updated SQL injection test cases to reflect changes in payloads and descriptions. Added new test case for time-based SQL injection detection.
@pre-commit-ci
chore(formatting): auto fixes from pre-commit hooks
61dfd9a 
for more information, see https://pre-commit.ci
@touchweb-vincent
Fix SQL injection test descriptions and URIs
2cb0fc8
@touchweb-vincent
Refactor SQL injection tests in 942160.yaml
7a57ad3 
Updated SQL injection test cases with new payloads and removed redundant tests.
@touchweb-vincent
Add SQL Injection time-based payload test case
cd6c1cc 
Added a test case for SQL Injection attack detection using a time-based payload.
@touchweb-vincent
Update SQL injection test payloads in 942160.yaml
12a619e
@touchweb-vincent
Update SQL injection test case URI encoding
d3aae9d
@touchweb-vincent touchweb-vincent changed the title fix(942160): adding new payloads fix(942160): updating regex to deal with new payloads Oct 17, 2025
@azurit azurit added this pull request to the merge queue Oct 28, 2025
Merged via the queue into coreruleset:main with commit fbca0e1 Oct 28, 2025
11 checks passed
@touchweb-vincent touchweb-vincent deleted the patch-12 branch October 29, 2025 13:37
@theseion theseion mentioned this pull request Nov 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azurit azurit azurit approved these changes

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@touchweb-vincent @azurit @fzipi