Skip to content

fix(942390): move to regex-assembly#4011

Open
fzipi wants to merge 17 commits into
mainfrom
rules/942390-use-lazy-regex
Open

fix(942390): move to regex-assembly#4011
fzipi wants to merge 17 commits into
mainfrom
rules/942390-use-lazy-regex

Conversation

@fzipi
Copy link
Copy Markdown
Member

@fzipi fzipi commented Feb 24, 2025
edited
Loading

what

  • try to optimize in regex-assembly format
  • try to infer the meaning of the regular expression
  • add more tests

why

  • document better the (possible) intention behind the rule

references

@fzipi fzipi requested review from Xhoenix and theseion February 24, 2025 00:13
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 24, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@fzipi fzipi added the 📖 documentation Improvements or additions to documentation label Feb 24, 2025
@fzipi fzipi force-pushed the rules/942390-use-lazy-regex branch from 7daba3b to 6309c3a Compare February 24, 2025 00:14
@fzipi
Copy link
Copy Markdown
Member Author

fzipi commented Feb 24, 2025

Test 2 is failing because of encoding :/

theseion
theseion requested changes Feb 24, 2025
View reviewed changes
Comment thread regex-assembly/942390.ra Outdated
fzipi
fzipi commented Feb 24, 2025
View reviewed changes
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml Outdated
@github-actions github-actions Bot added the Stale label Mar 27, 2025
@github-actions github-actions Bot closed this Apr 10, 2025
@Xhoenix Xhoenix reopened this Apr 10, 2025
@github-actions github-actions Bot removed the Stale label Apr 11, 2025
@github-actions github-actions Bot added the Stale label May 11, 2025
@Xhoenix Xhoenix removed the Stale label May 15, 2025
@github-actions github-actions Bot added the Stale label Jun 15, 2025
@github-actions github-actions Bot added the Stale label Jul 17, 2025
@github-actions github-actions Bot closed this Jul 31, 2025
@Xhoenix Xhoenix reopened this Jul 31, 2025
@github-actions github-actions Bot removed the Stale label Aug 1, 2025
@github-actions github-actions Bot added the Stale label Sep 1, 2025
@github-actions github-actions Bot closed this Sep 16, 2025
@Xhoenix Xhoenix reopened this Sep 18, 2025
@github-actions github-actions Bot removed the Stale label Sep 19, 2025
fzipi and others added 4 commits October 13, 2025 10:28
@fzipi
fix(942390): move to regex-assembly
b7bbb16 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi @theseion
Update regex-assembly/942390.ra
09604c9 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
@fzipi
Update tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942…
109f7cd 
…390.yaml
@fzipi
fix: update and simplify regex with similar cases and prefixes
7c7275f 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Copilot AI reviewed Jan 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors rule 942390 to use the regex-assembly format for better maintainability and documentation. The rule detects SQL injection attacks using OR and XOR logical operators.

Changes:

  • Migrated rule 942390 from inline regex to regex-assembly format with comprehensive documentation and examples
  • Updated error message to be more specific: "SQL Injection Attack using (X)OR"
  • Added 6 new test cases covering various OR/XOR injection patterns

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
regex-assembly/942390.ra New regex-assembly source file with documented patterns, variable definitions, and examples for detecting OR/XOR-based SQL injection
rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf Updated compiled regex and improved error message to specify (X)OR attacks
tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml Enhanced test 1 description and added 6 new test cases covering different OR/XOR attack variations

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread regex-assembly/942390.ra Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml
Comment thread regex-assembly/942390.ra Outdated
Comment thread rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf Outdated
@fzipi
Update regex-assembly/942390.ra
7854e16 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
fzipi
fzipi commented Feb 8, 2026
View reviewed changes
Comment thread regex-assembly/942390.ra Outdated
fzipi
fzipi commented Feb 8, 2026
View reviewed changes
Comment thread regex-assembly/942390.ra Outdated
fzipi
fzipi commented Feb 8, 2026
View reviewed changes
Comment thread regex-assembly/942390.ra Outdated
fzipi
fzipi commented Feb 8, 2026
View reviewed changes
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml Outdated
Xhoenix
Xhoenix reviewed Feb 8, 2026
View reviewed changes
Comment thread rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf Outdated
Xhoenix
Xhoenix reviewed Feb 8, 2026
View reviewed changes
Comment thread regex-assembly/942390.ra Outdated
fzipi
fzipi commented Feb 8, 2026
View reviewed changes
Comment thread regex-assembly/942390.ra Outdated
fzipi and others added 3 commits February 8, 2026 11:05
@fzipi
Apply suggestion from @fzipi
0c3f2c8
@pre-commit-ci
chore(formatting): auto fixes from pre-commit hooks
54ecc5b 
for more information, see https://pre-commit.ci
@fzipi
fix: tests
4e92a20 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi marked this pull request as ready for review February 8, 2026 14:15
@fzipi fzipi requested a review from Xhoenix February 8, 2026 14:15
@fzipi fzipi requested a review from theseion February 8, 2026 14:28
theseion
theseion requested changes Feb 9, 2026
View reviewed changes
Comment thread regex-assembly/942390.ra

##!> define x_or \bx?or\b
##!> define quotes [\'\"]
##!> define spaces \s+
Copy link
Copy Markdown
Contributor

@theseion theseion Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't quite the same as before, where some expressions used \s?, e.g., ...or1= could probably be parsed.

Copy link
Copy Markdown
Member Author

@fzipi fzipi Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

\bor\b\s?[0-9] never matches or1= because \b after r requires a non-word character next, and digits are word characters. So or1= is a blind spot in both the original and the PR. The \s? was always effectively \s.

@fzipi fzipi mentioned this pull request Mar 2, 2026
Closed
@fzipi fzipi mentioned this pull request Apr 6, 2026
Closed
@github-actions github-actions Bot added the Stale label Apr 26, 2026
@theseion theseion mentioned this pull request May 4, 2026
Closed
@github-actions github-actions Bot closed this May 26, 2026
@Xhoenix Xhoenix reopened this May 26, 2026
@github-actions github-actions Bot removed the Stale label May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@theseion theseion theseion requested changes

@Xhoenix Xhoenix Awaiting requested review from Xhoenix

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

📖 documentation Improvements or additions to documentation 🧙 regex-assembly

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fzipi @theseion @Xhoenix