FP when sharing special named folders in Android app

[mhastu]

When creating a sharing link in a folder in the Android client named e.g. "tmp" a false positive is created. ModSecurity: Warning. Matched phrase "/tmp/" at ARGS:path. [file "/etc/modsecurity/crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "116"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: /tmp/ found within ARGS:path: /tmp/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [uri "/ocs/v2.php/apps/files_sharing/api/v1/shares"]

[mhastu]

"fixed" it temporarily on my local machine by adding the following rule. pretty sure it is too relaxed but i don't have much time right now

SecRule REQUEST_FILENAME "@beginsWith /ocs/v2.php/apps/files_sharing/api/v1/shares" \
    "id:2,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveById=930120"

[mhastu]

Confirming that #77 fixes this issue. Thanks for the fast fix!