fix(lfi-os-files): add .dockerenv, .DS_Store, META-INF/, WEB-INF/#4601
Merged
EsadCetiner merged 3 commits intoApr 8, 2026
Merged
Conversation
Contributor
|
📊 Quantitative test results for language: |
Xhoenix
reviewed
Mar 31, 2026
f88cf2a to
0a01e16
Compare
franbuehler
previously approved these changes
Apr 1, 2026
Contributor
franbuehler
left a comment
There was a problem hiding this comment.
This looks good to me.
EsadCetiner
requested changes
Apr 3, 2026
Member
EsadCetiner
left a comment
There was a problem hiding this comment.
Can you sync these changes with restricted-files.data and restricted-upload.data?
Member
|
ping @zoutjebot |
zoutjebot
pushed a commit
to zoutjebot/coreruleset
that referenced
this pull request
Apr 5, 2026
…tricted-upload data Syncs new entries from lfi-os-files.data to restricted-files.data and restricted-upload.data as requested in PR review. - restricted-files.data: add .dockerenv, META-INF/ - restricted-upload.data: add .dockerenv, META-INF/, WEB-INF/ Refs: coreruleset#4601
Contributor
Author
|
Synced. Added the new entries to both files: restricted-files.data:
restricted-upload.data:
All entries placed alphabetically to match existing file conventions. |
EsadCetiner
requested changes
Apr 7, 2026
Member
EsadCetiner
left a comment
There was a problem hiding this comment.
Looks good, just one minor change.
Add detection for additional sensitive file paths: - .dockerenv: Docker container detection file at filesystem root - .DS_Store: macOS directory metadata, can leak file listings - META-INF/: Java servlet container metadata directory - WEB-INF/: Java servlet container configuration (web.xml, classes) Java WEB-INF/META-INF paths are critical for Java application attacks (CVE-2018-1271, CVE-2020-17519, CVE-2021-21234) that use path traversal to access these directories. Refs: coreruleset#4584
…tricted-upload data Syncs new entries from lfi-os-files.data to restricted-files.data and restricted-upload.data as requested in PR review. - restricted-files.data: add .dockerenv, META-INF/ - restricted-upload.data: add .dockerenv, META-INF/, WEB-INF/ Refs: coreruleset#4601
Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
4966256 to
13c2329
Compare
fzipi
approved these changes
Apr 8, 2026
EsadCetiner
approved these changes
Apr 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds detection for Docker container files, macOS metadata leaks, and Java servlet container sensitive paths.
Context
Part of CVE-derived payload research FN improvements. See tracking issue #4584 for full context.
Refs: #4584