fzipi
commented
1 month ago Ah, makes sense. Let's switch then to minimal.
Thanks for rising this up.
Closed andrzejswiatek closed 1 month ago
fzipi
commented
1 month ago Ah, makes sense. Let's switch then to minimal.
Thanks for rising this up.
andrzejswiatek
commented
1 month ago Thank you very much for your quick response
fzipi
commented
1 month ago BTW, the code should be update in the release/20240913. It is in the build process, you'll see the release coming out in 4-5 hours.
We use the owasp/modsecurity-crs:4.2-nginx-202405060805 image as a base image for our application. We deployed an application on Azure and the EDR (Microsoft Defender for Endpoint) has detected potential malwares in the following path on hosting machine: /var/lib/docker/overlay2/…/diff/opt/owasp-crs/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml.
Currently, the files used to build modsecurity-csr images use the full contents of the rules repository and therefore, the test files are present in one of the layers of the created docker image.
Related issue was raised some time ago on the core rule set repository and it seems like there exists minimalistic pack of ruleset produced (without tests files). However this minimalistic version is not used in the Dockerfile for owasp/modsecurity-crs build process. The ideal solution for us would be if official images would use minimal core rule set without tests files.