Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

942380 regular suspected error

See original GitHub issue

Describe the bug

There may be a problem with the exists part of the 942380 rule. You can check the exists-related regularity in the /util/regexp-assemble/regexp-942380.data file: exists\s\sselect exists\sselect\Sif\s\( exists\sselect\Sifnull\s\( exists\sselect\Stop exists\sselect\Sconcat exists\ssystem\s\( exists\s\b(?i:having)\b\s+\d{1,10} exists\s'[^=]{1,10}' ( is not allowed to appear after exists. But I checked the MSSQL Explanation of exists: https://docs.microsoft.com/zh-cn/sql/t-sql/language-elements/exists-transact-sql?view=sql-server-ver15, also searched for exists in other databases Usage, exists must be followed by (, such as EXISTS (SELECT NULL). Maybe I didn’t find the corresponding detection payload, let’s take a look at it together~

Steps to reproduce

Expected behaviour

Actual behaviour

Additional context

Your Environment

CRS version v3.4/dev

CRS version (e.g., v3.2.0):
Paranoia level setting:
ModSecurity version (e.g., 2.9.3):
Web Server and version (e.g., apache 2.4.41):
Operating System and version:

Issue Analytics

State:
Created 2 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

2reactions

NiceYouKnowcommented, Jun 7, 2021

Ok, I will open a PR again. Thank you for your approval! 😉 Add a new rule： \bexists\s*?\(\s*?select\b

2reactions

franbuehlercommented, Jun 7, 2021

Yes, those strange existing regexes are an argument against extending them. I like a new, additional regex. Ah, and the word boundary after select is a great, maybe even before exists? \bexists\s*?\(\s*?select\b

Would you like to open a PR again? 😉 Please let me know if I shall open one?