Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Rule 942360 false-positive on Keyword alter
See original GitHub issue_Issue originally created by user shadow4040 on date 2018-01-22 08:21:29. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/997._
False Positive because of the keyword: alter (from SQL)
/modsecurity-crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: Alter found within ARGS:request.debtors.privatePerson.birthName: Alter XYZ "]
Issue Analytics
- State:
- Created 3 years ago
- Comments:16
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
User dune73 commented on date 2018-02-08 06:56:36:
We have FPs in the default installation. Your work allows us to keep this part of the rule in PL1. If we do not do that, I think we need to push it to PL2 which lowers the security at PL1.
There is a fair chance that we miss future development in the DBMS and a new keywords show up. However, we would still cover the basic alter keyword at PL2 as a stricter sibling, so I think we could live with that shortcoming (let’s rather cover 98% of an issue than 0% because we can not reach 100%).
If you do the PL, please include the name of the DBMS or maybe even the links to their documentation. That would help with future updates of the list of keywords.
User spartantri commented on date 2018-01-30 10:12:31:
yep, you’re right, also using non capturing groups maybe better as capturing those keywords may not be really required