Closed correctmeifimwrong33 closed 2 years ago
zit-hb
commented
2 years ago It means "Information Disclosure". In the case of the Flask curly syntax I added it because it might be possible to leak configuration values.
Good point, it might make sense to specify somewhere what each tag stands for.
correctmeifimwrong33
commented
2 years ago Ah, thanks! Bit embarrassing, I feel like this should have occurred to me. If it helps for copy-pasting this onto e.g. the blacklist documentation page code, I made a little overview:
## Tag values
Each filter has tags associated which are typically abbreviations of attacks. These stand for:
- bash: Bash-related attacks
- css: Cascading Style Sheets
- dos: Denial of Service
- id: Information Disclosure
- ldap: LDAP protocol
- lfi: Local File Inclusion
- mongo: MongoDB injections
- mssql: MSSQL injections
- mysql: MySQL injections
- perl: Perl-related attacks
- pgsql: PostgreSQL injections
- php: PHP-related attacks
- rce: Remote Code Execution
- rfi: Remote File Inclusion
- spam: Attempts to send spam
- sqli: SQL-injection
- sqlite: SQLite injections
- tsql: Transact-SQL injections
- unix: \*nix-related attacks (Linux, Unix, etc.)
- win: Windows-related attacks
- xss: Cross-Site Scripting
- xxe: External Entities InjectionGreat, thanks for the help! I have committed it, so it will be automatically deployed in the next minutes.
What does
idmean as a tag? It is used here: https://github.com/zecure/shadowd/blob/master/misc/blacklist/filters.json#L28I only know it as 'identifier' which does not seem to make sense for this rule. Searching the documentation, the only page on which it is mentioned is on https://shadowd.zecure.org/documentation/blacklist/ which simply enumerates all the rules and tags.
Could it be a typo for something else, like was a character accidentally omitted? I did a quick check for which other tags have the letters 'i' and 'd' in it (
<file jq -r '.[].tags[]' | sort | uniq -c | sort -n):but there seems to be none.
What does this tag mean?