Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ascanrules: Path Traversal add details for dir match Alerts & reduce FPs #5824

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

kingthorin
Copy link
Member

@kingthorin kingthorin commented Oct 17, 2024

Overview

  • CHANGELOG > Added change note.
  • Message.properties > Added key/value pair supporting the new Alert details.
  • PathTraversalScanRule > Updated to include Other Info on Alerts when applicable, and pre-check the original message response to reduce false positives.
  • PathTraversalScanRuleUnitTest > Updated to assert Other Info or lack thereof where applicable, also assure appropriate skipping due to pre-conditions.

Related Issues

Checklist

  • [na] Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

@thc202
Copy link
Member

thc202 commented Oct 18, 2024

This does not seem to address the FP reported in the referenced issue.

@kingthorin
Copy link
Member Author

No it simply provides further context. IMHO it will be rare for all 5 of the nix matches to happen.

Do you want me to also exclude JS/CSS/Binary'ish because that's an option too which I could add to this PR.

@thc202
Copy link
Member

thc202 commented Oct 18, 2024

Not sure how rare is since JS chunks/libs tend to have lot of data, but we should not close the issue if it does not address it.

That would be better to address the issue (though the evidence match done beforehand should have caught the reported case, if actually static content).

@kingthorin
Copy link
Member Author

Okay I'll make further changes.

@kingthorin
Copy link
Member Author

This rule doesn't seem to pre-check the response. I'll tackle that as well.

@kingthorin
Copy link
Member Author

Addressed review, further pre-checks as discussed still coming 😁

@kingthorin kingthorin force-pushed the pathtrav-details branch 2 times, most recently from 6cdb014 to a9c8485 Compare October 19, 2024 20:55
@kingthorin kingthorin changed the title ascanrules: Path Traversal add Other Info for directory match Alerts ascanrules: Path Traversal add details for dir match Alerts & reduce FPs Oct 19, 2024
@kingthorin
Copy link
Member Author

Now w/ pre-checks.

- CHANGELOG > Added change note.
- Message.properties > Added key/value pair supporting the new Alert
details.
- PathTraversalScanRule > Updated to include Other Info on Alerts when
applicable, and pre-check the original message response to reduce false
positives.
- PathTraversalScanRuleUnitTest > Updated to assert Other Info or lack
thereof where applicable, also assure appropriate skipping due to
pre-conditions.

Signed-off-by: kingthorin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

False Positive - Path Traversal
2 participants