Skip to content

fix(930130): comment out false positive prone entries#4607

Merged
fzipi merged 1 commit into
coreruleset:mainfrom
EsadCetiner:fix-restricted-files-fp
Apr 18, 2026
Merged

fix(930130): comment out false positive prone entries#4607
fzipi merged 1 commit into
coreruleset:mainfrom
EsadCetiner:fix-restricted-files-fp

Conversation

@EsadCetiner
Copy link
Copy Markdown
Member

@EsadCetiner EsadCetiner commented Apr 7, 2026

Proposed changes

This PR fixes some new false positives recently introduced by PR #4536 based on my own testing in production that mostly affect the loading of static files.

PR Checklist

  • I have read the CONTRIBUTING doc
  • I have added positive tests proving my fix/feature works as intended.
  • I have added negative tests that prove my fix/feature considers common cases that might end in false positives
  • In case you changed a regular expression, you are not adding a ReDOS for pcre. You can check this using regexploit
  • My test use the comment field to write the expected behavior
  • I have added documentation for the rule or change (when appropriate)

Further comments

For the reviewer

  • Positive and negative tests were added
  • Tests cover the intended fix/feature properly
  • No usage of dangerous constructs like ctl:requestBodyAccess=Off were used in the rule
  • In case a regular expression was changed, there is no ReDOS
  • Documentation is clear for the rule/change

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 7, 2026
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@HackingRepo
Copy link
Copy Markdown
Contributor

HackingRepo commented Apr 7, 2026

So @EsadCetiner, just those entries, others not

@EsadCetiner
Copy link
Copy Markdown
Member Author

EsadCetiner commented Apr 7, 2026

@HackingRepo Based on my testing

@HackingRepo
Copy link
Copy Markdown
Contributor

HackingRepo commented Apr 7, 2026
edited
Loading

maybe, actually reduced

@fzipi
Copy link
Copy Markdown
Member

fzipi commented Apr 18, 2026

Do we need to backport this one also?

@EsadCetiner
Copy link
Copy Markdown
Member Author

EsadCetiner commented Apr 18, 2026

@fzipi No, these false positives aren't part of the LTS.

@HackingRepo
Copy link
Copy Markdown
Contributor

HackingRepo commented Apr 18, 2026
edited
Loading

since the feature/pr itself not on LTS because is too big, so no need backporting for that FP, since LTS not affected

@fzipi fzipi force-pushed the fix-restricted-files-fp branch from 31444ee to 72c4cf0 Compare April 18, 2026 13:25
@fzipi fzipi added this pull request to the merge queue Apr 18, 2026
Merged via the queue into coreruleset:main with commit 4f3a06b Apr 18, 2026
8 checks passed
@EsadCetiner EsadCetiner deleted the fix-restricted-files-fp branch April 18, 2026 16:15
@HackingRepo HackingRepo mentioned this pull request Apr 20, 2026
Merged
@theseion theseion mentioned this pull request May 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@EsadCetiner @HackingRepo @fzipi