Skip to content

feat(930130): improvement of the detection of common debug or error files across CMS platforms#4426

Merged
fzipi merged 2 commits into
coreruleset:mainfrom
touchweb-vincent:patch-25
Jan 24, 2026
Merged

feat(930130): improvement of the detection of common debug or error files across CMS platforms#4426
fzipi merged 2 commits into
coreruleset:mainfrom
touchweb-vincent:patch-25

Conversation

@touchweb-vincent
Copy link
Copy Markdown
Contributor

@touchweb-vincent touchweb-vincent commented Jan 24, 2026

Proposed changes

Hello, since these files still contain particularly sensitive data, I suggest adding them explicitly by name. This will help mitigate cases where 920440 has not been enabled.

What do you think?

PR Checklist

  • I have read the CONTRIBUTING doc
  • I have added positive tests proving my fix/feature works as intended.
  • I have added negative tests that prove my fix/feature considers common cases that might end in false positives
  • In case you changed a regular expression, you are not adding a ReDOS for pcre. You can check this using regexploit
  • My test use the comment field to write the expected behavior
  • I have added documentation for the rule or change (when appropriate)

Further comments

For the reviewer

  • Positive and negative tests were added
  • Tests cover the intended fix/feature properly
  • No usage of dangerous constructs like ctl:requestBodyAccess=Off were used in the rule
  • In case a regular expression was changed, there is no ReDOS
  • Documentation is clear for the rule/change

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 24, 2026
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@touchweb-vincent
Update 930130.yaml with additional test cases
13ea1f3 
Added new tests for unauthorized access to wp-content log files.
@touchweb-vincent touchweb-vincent changed the title feat(930130): adding files feat(930130): improvement of the detection of common debug or error files across CMS platforms Jan 24, 2026
fzipi
fzipi approved these changes Jan 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds reasonable.

@fzipi fzipi added the release:new-detection In this PR we introduce a new detection label Jan 24, 2026
@fzipi fzipi added this pull request to the merge queue Jan 24, 2026
Merged via the queue into coreruleset:main with commit 6e0bbf6 Jan 24, 2026
10 checks passed
@touchweb-vincent touchweb-vincent deleted the patch-25 branch January 25, 2026 05:17
@theseion theseion mentioned this pull request Feb 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

release:new-detection In this PR we introduce a new detection

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@touchweb-vincent @fzipi