Closed franbuehler closed 4 months ago
Meeting decision: I will review this.
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1671#issuecomment-584320407
I'm trying to get Verizon to test this rule on the CDN as a test case of a collaboration on testing rules. Sorry this takes time.
This PR solves issues #1607 and #1598 and adds new regression tests.
A "having" SQL statement only makes sense in combination with a SELECT statement somewhere.
The whole new regex is:
(?i:[\s()]case\s*?\(|\)\s*?like\s*?\(|select.*?having\s*?[^\s]+\s*?[^\w\s]|if\s?\([\d\w]\s*?[=<>~])
The important part is
select.*?having\s*?[^\s]+\s*?[^\w\s]
(original part was|having\s*?[^\s]+\s*?[^\w\s]
only)I'm not quite sure about my
.*?
maybe there would be a better option. But we definitely solve the reported false positives. A word boundary with\b
would not be sufficient.For info: We cover the
having
clause in 5 other rules too: