fix: multiple false positives in nc deck web ui

coreruleset / nextcloud-rule-exclusions-plugin

Rule exclusion plugin for Nextcloud

Apache License 2.0

11 stars 7 forks source link

fix: multiple false positives in nc deck web ui #81

Closed EsadCetiner closed 2 months ago

EsadCetiner commented 2 months ago

closes #80

theseion commented 2 months ago

The last two failing ones have two issues:

the newline is blocked by 920272 (not listed in expectations)
the bytes are out of range for 920273

For both cases you would need to remove the REQUEST_BODY, which I don't think is a good idea. I propose you simply remove 920273 from the expectation lists and accept an FP at PL 4. As for the newline, you can modify the tests like so to remove the trailing newline (note the dash after |):

data: |-
  ...payload...

EsadCetiner commented 2 months ago

@theseion very annoying. Guess I'll leave it for the next poor soul to deal with.