feat(930140): add AI coding assistant artifact protection#4519
Merged
fzipi merged 4 commits intoMar 7, 2026
Merged
Conversation
…eset#4474) - Add rule 930140 (PL1 block) and ai-critical-artifacts.data. - Insert rule in REQUEST-930-APPLICATION-ATTACK-LFI.conf after 930130. References (supporting links for ai-critical-artifacts.data entries): Dot-folders: .claude/ https://code.claude.com/docs/en/settings https://code.claude.com/docs/en/hooks .cursor/ https://docs.cursor.com/context/rules-for-ai .continue/ https://docs.continue.dev/customize/deep-dives/configuration .aider/ https://aider.chat/docs/config.html .roo/ https://docs.roocode.com/features/mcp/using-mcp-in-roo .zed/ https://zed.dev/docs/reference/all-settings .cline/ https://docs.cline.bot/customization/cline-rules https://docs.cline.bot/mcp/adding-and-configuring-servers .kiro/ https://kiro.dev/docs/getting-started/first-project https://kiro.dev/docs/hooks .windsurf/ https://docs.windsurf.com .rovodev/ https://support.atlassian.com/rovo/docs/set-custom-instructions-for-code-reviews https://support.atlassian.com/rovo/docs/manage-rovo-dev-cli-settings/ .codex/ https://developers.openai.com/codex/config-basic .opencode/ https://opencode.ai/docs/config/ .a0proj/ https://www.agent-zero.ai/p/docs/projects/ https://github.com/agent0ai/agent-zero .plandex/ https://plandex.ai (plans, context) .fabric/ https://github.com/danielmiessler/fabric (patterns, fabric.env) .n8n/ https://docs.n8n.io/hosting/configuration/configuration-methods https://docs.n8n.io/hosting/configuration/configuration-examples/user-folder Context (issue & research): coreruleset#4474 https://ironpeak.be/blog/leaking-secrets-from-the-claud/ https://github.com/hazcod/claudleak Made-with: Cursor
Contributor
|
📊 Quantitative test results for language: |
for more information, see https://pre-commit.ci
fzipi
reviewed
Mar 3, 2026
Member
|
Looks good, we are still waiting for the removal of CHANGES.md from the PR. |
Made-with: Cursor
Contributor
Author
|
All done! Removed changes md - apologies was in my steering doc to track changes ;) noted for the future |
25 tasks
fzipi
reviewed
Mar 5, 2026
Member
fzipi
left a comment
There was a problem hiding this comment.
One last thing: can you also add the references into the data file so they get properly documented?
That way it will ve easier to update in the future instead of getting into this PR?
Member
|
Thanks @etiennemunnich for your PR! Merging. |
11 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
References (supporting links for ai-critical-artifacts.data entries):
Dot-folders:
.claude/ https://code.claude.com/docs/en/settings https://code.claude.com/docs/en/hooks
.cursor/ https://docs.cursor.com/context/rules-for-ai
.continue/ https://docs.continue.dev/customize/deep-dives/configuration
.aider/ https://aider.chat/docs/config.html
.roo/ https://docs.roocode.com/features/mcp/using-mcp-in-roo
.zed/ https://zed.dev/docs/reference/all-settings
.cline/ https://docs.cline.bot/customization/cline-rules https://docs.cline.bot/mcp/adding-and-configuring-servers
.kiro/ https://kiro.dev/docs/getting-started/first-project https://kiro.dev/docs/hooks
.windsurf/ https://docs.windsurf.com
.rovodev/ https://support.atlassian.com/rovo/docs/set-custom-instructions-for-code-reviews https://support.atlassian.com/rovo/docs/manage-rovo-dev-cli-settings/
.codex/ https://developers.openai.com/codex/config-basic
.opencode/ https://opencode.ai/docs/config/
.a0proj/ https://www.agent-zero.ai/p/docs/projects/ https://github.com/agent0ai/agent-zero
.plandex/ https://plandex.ai (plans, context)
.fabric/ https://github.com/danielmiessler/fabric (patterns, fabric.env)
.n8n/ https://docs.n8n.io/hosting/configuration/configuration-methods https://docs.n8n.io/hosting/configuration/configuration-examples/user-folder
Context (issue & research):
#4474
https://ironpeak.be/blog/leaking-secrets-from-the-claud/
https://github.com/hazcod/claudleak
Proposed changes
Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.
PR Checklist
commentfield to write the expected behaviorFurther comments
For the reviewer
Positive and negative tests were added
Tests cover the intended fix/feature properly
No usage of dangerous constructs like
ctl:requestBodyAccess=Offwere used in the ruleIn case a regular expression was changed, there is no ReDOS
Documentation is clear for the rule/change
Fixes Add protection for AI directory leaks #4474