Skip to content

fix(942200): prevent matches against user agent strings#4537

Merged
fzipi merged 3 commits into
coreruleset:mainfrom
theseion:4502-fix-942200-agatins-user-agent-strings
Mar 9, 2026
Merged

fix(942200): prevent matches against user agent strings#4537
fzipi merged 3 commits into
coreruleset:mainfrom
theseion:4502-fix-942200-agatins-user-agent-strings

Conversation

@theseion
Copy link
Copy Markdown
Contributor

@theseion theseion commented Mar 9, 2026

Make matching of parenthesis more restrictive

Refs #4476
Fixes #4502
Closes #4525

@theseion theseion requested a review from a team March 9, 2026 06:19
@theseion theseion added 🔧 fix Fixes a bug or problem release:fix labels Mar 9, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 9, 2026
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

EsadCetiner
EsadCetiner reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@EsadCetiner EsadCetiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just thinking a bit ahead, should we move these UA tests to 999999.yaml so these checks can run for all rules? These UAs really shouldn't be blocked under any circumstance, and it might help us catch similar issues in the future.

Xhoenix
Xhoenix reviewed Mar 9, 2026
View reviewed changes
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
fzipi
fzipi reviewed Mar 9, 2026
View reviewed changes
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
Comment thread tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml Outdated
fzipi
fzipi approved these changes Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fzipi
Copy link
Copy Markdown
Member

fzipi commented Mar 9, 2026

Good thinking @EsadCetiner.

@fzipi fzipi added this pull request to the merge queue Mar 9, 2026
Merged via the queue into coreruleset:main with commit 98b363c Mar 9, 2026
8 checks passed
@theseion theseion deleted the 4502-fix-942200-agatins-user-agent-strings branch March 10, 2026 06:09
@EsadCetiner EsadCetiner mentioned this pull request Apr 7, 2026
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Xhoenix Xhoenix Xhoenix left review comments

@EsadCetiner EsadCetiner EsadCetiner left review comments

@fzipi fzipi fzipi approved these changes

@M4tteoP M4tteoP M4tteoP approved these changes

Assignees

No one assigned

Labels

release:fix 🔧 fix Fixes a bug or problem

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

False positive for rule 942200 by Googlebot after upgrading to v4.24.0

5 participants

@theseion @fzipi @M4tteoP @Xhoenix @EsadCetiner