Skip to content

fix(930130): reduce false positive#4451

Merged
fzipi merged 5 commits into
coreruleset:mainfrom
touchweb-vincent:patch-15
Feb 10, 2026
Merged

fix(930130): reduce false positive#4451
fzipi merged 5 commits into
coreruleset:mainfrom
touchweb-vincent:patch-15

Conversation

@touchweb-vincent
Copy link
Copy Markdown
Contributor

@touchweb-vincent touchweb-vincent commented Feb 10, 2026
edited
Loading

Proposed changes

Hello,

In my opinion, filtering .pac in this dataset is not a good idea, as it also triggers files containing .pack, such as :

  • jquery.nivo.slider.pack.js
  • jquery.rating.pack.js

This PR also mitigated this FP on .history :

  • jquery.history.min.js

I suggest removing it.

What do you think?

PR Checklist

  • I have read the CONTRIBUTING doc
  • I have added positive tests proving my fix/feature works as intended.
  • I have added negative tests that prove my fix/feature considers common cases that might end in false positives
  • In case you changed a regular expression, you are not adding a ReDOS for pcre. You can check this using regexploit
  • My test use the comment field to write the expected behavior
  • I have added documentation for the rule or change (when appropriate)

Further comments

For the reviewer

  • Positive and negative tests were added
  • Tests cover the intended fix/feature properly
  • No usage of dangerous constructs like ctl:requestBodyAccess=Off were used in the rule
  • In case a regular expression was changed, there is no ReDOS
  • Documentation is clear for the rule/change

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 10, 2026
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

EsadCetiner
EsadCetiner previously requested changes Feb 10, 2026
View reviewed changes
Comment thread rules/restricted-files.data
@fzipi fzipi changed the title feat(930130): reduce false positive fix(930130): reduce false positive Feb 10, 2026
@fzipi fzipi dismissed EsadCetiner’s stale review February 10, 2026 18:10

Changes were made already.

@fzipi fzipi added this pull request to the merge queue Feb 10, 2026
Merged via the queue into coreruleset:main with commit f5c628c Feb 10, 2026
10 checks passed
@fzipi fzipi mentioned this pull request Feb 10, 2026
Closed
@touchweb-vincent touchweb-vincent deleted the patch-15 branch February 11, 2026 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

@EsadCetiner EsadCetiner Awaiting requested review from EsadCetiner

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@touchweb-vincent @fzipi @EsadCetiner