Skip to content

fix(933150): remove is_int from PHP function names list#4585

Merged
fzipi merged 2 commits into
coreruleset:mainfrom
zoutjebot:fix/933150-remove-is_int
Apr 5, 2026
Merged

fix(933150): remove is_int from PHP function names list#4585
fzipi merged 2 commits into
coreruleset:mainfrom
zoutjebot:fix/933150-remove-is_int

Conversation

@zoutjebot
Copy link
Copy Markdown
Contributor

@zoutjebot zoutjebot commented Mar 30, 2026

What

Remove is_int from php-function-names-933150.data.

Why

is_int() is extremely common in non-attack contexts: form validation, type checking, API parameter handling. Its presence causes false positives on legitimate PHP code and parameter values.

Other type-checking functions like is_numeric, is_string remain as they are less commonly seen in user-facing input.

Testing

Quantitative testing against our dataset (4500 legitimate requests) showed this is one of the most common FP triggers.

Refs: #4584

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 30, 2026
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@zoutjebot zoutjebot mentioned this pull request Mar 30, 2026
Open
@HackingRepo
Copy link
Copy Markdown
Contributor

HackingRepo commented Mar 30, 2026

yes /is_int?a=1 then will trigger it, So that is a good pr and fix for that FP

@HackingRepo
Copy link
Copy Markdown
Contributor

HackingRepo commented Mar 30, 2026
edited
Loading

also is_int not senstive by itself in php just check is that an integer

php > $integer = is_int(512);
php > echo($integer);
1
php > $name = is_int("RelunSec");
php > echo($name);
php >

Nothing senstive on that, if it is an int return it else nothing

@fzipi
Copy link
Copy Markdown
Member

fzipi commented Mar 30, 2026

Can you add tests? Positive and negative, so we cover both cases. Thanks!

Zoutje and others added 2 commits April 4, 2026 12:40
@fzipi
fix(933150): remove is_int from PHP function names list
96c34fe 
is_int() is extremely common in non-attack contexts (form validation,
type checking). Its presence causes false positives on legitimate PHP
code and parameter values.

Other type-checking functions like is_numeric, is_string remain as they
are less commonly seen in user-facing input.

Refs: coreruleset#4584
@claude @fzipi
test(933150): add positive and negative regression tests
794e901 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@fzipi fzipi force-pushed the fix/933150-remove-is_int branch from ea98f8a to 794e901 Compare April 4, 2026 15:40
@fzipi fzipi added this pull request to the merge queue Apr 5, 2026
Merged via the queue into coreruleset:main with commit 0b91d35 Apr 5, 2026
8 checks passed
@fzipi fzipi mentioned this pull request Apr 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zoutjebot @HackingRepo @fzipi