Skip to content

feat: block 'trap' command#4422

Merged
fzipi merged 3 commits into
coreruleset:mainfrom
azurit:trap
Jan 23, 2026
Merged

feat: block 'trap' command#4422
fzipi merged 3 commits into
coreruleset:mainfrom
azurit:trap

Conversation

@azurit
Copy link
Copy Markdown
Member

@azurit azurit commented Jan 23, 2026

Proposed changes

Fixes #4421.

PR Checklist

  • I have read the CONTRIBUTING doc
  • I have added positive tests proving my fix/feature works as intended.
  • I have added negative tests that prove my fix/feature considers common cases that might end in false positives
  • In case you changed a regular expression, you are not adding a ReDOS for pcre. You can check this using regexploit
  • My test use the comment field to write the expected behavior
  • I have added documentation for the rule or change (when appropriate)

Further comments

For the reviewer

  • Positive and negative tests were added
  • Tests cover the intended fix/feature properly
  • No usage of dangerous constructs like ctl:requestBodyAccess=Off were used in the rule
  • In case a regular expression was changed, there is no ReDOS
  • Documentation is clear for the rule/change

@azurit azurit added the release:new-detection In this PR we introduce a new detection label Jan 23, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 23, 2026

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@fzipi fzipi added this pull request to the merge queue Jan 23, 2026
Merged via the queue into coreruleset:main with commit 447c48f Jan 23, 2026
8 checks passed
@theseion theseion mentioned this pull request Feb 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

release:new-detection In this PR we introduce a new detection

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

RCE Bypass: Via the trap command

2 participants

@azurit @fzipi