10000 fix: remove `self` command by EsadCetiner · Pull Request #4111 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: remove self command #4111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 7, 2025
Merged

fix: remove self command #4111

merged 4 commits into from
May 7, 2025

Conversation

EsadCetiner
Copy link
Member

There is a non-existent command that is being blocked by the Unix rules causing false positives in #4110. I can't find any indication that this command exists anywhere.

closes #4110

@github-actions GitHub Actions
Copy link
Contributor
github-actions bot commented May 1, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@theseion
Copy link
Contributor
theseion commented May 2, 2025

self appears to be a command from Tcl: https://wiki.tcl-lang.org/page/self+-+TclOO. This might not seem like something we should care about, however, there are a number of Tcl interpreters, one of which is "Cisco IOS": https://wiki.tcl-lang.org/page/What+is+Tcl. There's probably a reason for self being in that list.

That being said, it's probably still an edge case that we could drop. I'll put this on the agenda to discuss.

@fzipi fzipi mentioned this pull request May 5, 2025
Open
@franbuehler
Copy link
Contributor
franbuehler commented May 5, 2025
edited
Loading

In the monthly chat meeting from May 5th, we decided to drop the command self.
#4116

franbuehler
franbuehler previously approved these changes May 5, 2025
View reviewed changes
Copy link
Contributor
@franbuehler franbuehler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RedXanadu
Copy link
Member
RedXanadu commented May 5, 2025
edited
Loading

Doing some digging, it looks like the pattern for self only appeared in 2023 (added to regex-assembly/include/unix-shell-4andup-with-params.ra when we moved to script-based processing to generate that list, it seems).

I think self ever being added may have been a simple mistake.

Maybe it came from proc/self which is an entry in rules/unix-shell.data which is used as the source to crate the unix-4-and-up pattern file.

89c1b5812

@theseion
Copy link
Contributor
theseion commented May 6, 2025

Ah yes! /proc/self makes sense. Thanks @RedXanadu.

@EsadCetiner EsadCetiner changed the title fix: remove non-existant self command fix: remove self command May 6, 2025
@EsadCetiner EsadCetiner requested a review from franbuehler May 6, 2025 06:11
@EsadCetiner EsadCetiner added this pull request to the merge queue May 7, 2025
Merged via the queue into coreruleset:main with commit b3f9f9e May 7, 2025
6 checks passed
@EsadCetiner EsadCetiner deleted the fix-remove-self-command branch May 7, 2025 04:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theseion theseion theseion approved these changes

@franbuehler franbuehler Awaiting requested review from franbuehler

Assignees
No one assigned
Labels
release:fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

false positive: REQUEST-932-APPLICATION-ATTACK-RCE.conf
4 participants
@EsadCetiner @theseion @franbuehler @RedXanadu
0