Description
This is the Agenda for the two Monthly CRS Chats.
The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-07-01, at 20:30 CEST. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2024-07-15. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).
Archived previous meetings and their decision are here.
What happened in the meantime since the chat last month
Outside development
Blog posts that mention OWASP CRS found by dev-on-duty, to be added for the next meeting (external references):
- ModSec-Learn: Boosting ModSecurity with Machine Learning
- I did not check the linked open source code and the dataset yet.
- Direct link to pdf.
- Link to tweet.
Inside development
Rules
- FIXME: Please fill in
CRS Sandbox
- FIXME: Please fill in
Security
- FIXME: Please fill in
Plugins
- FIXME: Please fill in
Documentation and Public Relations
- v4.4 release was deemed too small to require a blog post + announcements, social media, etc.
- Probably requires a new policy, as the current release procedure document asks for publication of a blog post + mailing list announcements etc. for a release
Project Administration and Sponsor relationships
- FIXME: Please fill in
Tools
- go-ftw v1.0.3 released
Testing incl. Seaweed and many future plans
- Updates on Seaweed were presented at the CRS Summit
- new version based on docker-compose and Golang for parsing results
- Support for platform platform specific tests using platform overrides has arrived. Includes improved schema for writing tests
Containers
- Issue with running Docker test containers in vanilla CRS repo following changes to make containers root-less. A solution has been found and is pending.
CRS Status Page
- Azure run failed and should be checked.
Project discussions and decisions
- CRS November Developer summit updates
- Who wants to take on Implement JavaScript prototype pollution detection #3415 ?
- Should CRS get involved with a new edition of the OWASP WAF Evaluation Criteria (-> https://owasp.org/www-project-wafec/)
Rules development, key project numbers
PRs that have been merged since the last meeting
- fix(security): alias false negative #3740
- chore: update code post-release #3748
- chore: create release v4.4.0 #3747
- feat: skip response rules if data are compressed #3742
- chore: update testing containers to release/20240609 #3739
- fix: replacing t:UrlDecode with t:UrlDecodeUni (921240 PL1, 932170 PL1, 932171 PL1, 932190 PL3, 932190 PL1, 933211 PL3, 941310 PL1, 941350 PL1) #3713
- fix: ignore checking compressed response body #3712
- fix(934140): update regex #3731
We merged 8 PRs since the last monthly project chat.
Open PRs
Open PRs marked DRAFT or work in progress or needs action
- fix: prevent invalid commands matches on 5 characters or less (932220 PL-2, 932230 PL-1, 932232 PL-3, 932235 PL-1, 932236 PL-2, 932237 PL-3, 932238 PL-3, 932239 PL-2, 932250 PL-1, 932260 PL-1) #3735
- feat: add test overrides for nginx #3369
- fix(security): resolve SQL injection protection bypass (942380 PL2) #3720
- feat: refactoring (944110 PL1) #3715
- feat: accidental firewall disability prevention #3650
- fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3) #3741
- feat: improve detection of onwebkitplaybacktargetavailabilitychanged event #3734
- fix: fp with user-agent containing ; pg (932239 PL2) #3727
Separate 2nd Meeting (Monday, 2024-07-15)
We generally cover 10 issues per month in a separate issue meeting. Add them as you see fit.
- Issue slot 1: Discussion about new rule 921240 for mod_proxy attacks #2841
- Issue slot 2: 941160 reacts to img #3770
- Issue slot 3: Proposal to close security issue KK4
Other topics
- simplified support for schemas by using dedicated file extensions for tests and override files? (feat: add CRS WAF schemas to catalog SchemaStore/schemastore#3904)
How to get to our slack and join the meeting?
If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .
Everybody is welcome to join our community chat.