Skip to content

feat(930120): adding conf file for PrestaShop 1.6 / 1.7 / 8+ & Magento 2 #4303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 24, 2025
Merged

feat(930120): adding conf file for PrestaShop 1.6 / 1.7 / 8+ & Magento 2 #4303

merged 4 commits into from
Oct 24, 2025

Conversation

@touchweb-vincent
Copy link
Contributor

@touchweb-vincent touchweb-vincent commented Oct 22, 2025

Hello,

Quick add

@github-actions
Copy link
Contributor

github-actions bot commented Oct 22, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

EsadCetiner
EsadCetiner requested changes Oct 23, 2025
View reviewed changes
Copy link
Member

@EsadCetiner EsadCetiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed you didn't add these 3 entries to restricted-files.dataandrestricted-upload.data, can you update those data files too?

@touchweb-vincent
Copy link
Contributor Author

touchweb-vincent commented Oct 23, 2025

Hello,

Done

@touchweb-vincent
Copy link
Contributor Author

touchweb-vincent commented Oct 23, 2025

I don't understand why 959100-3 is failling : https://github.com/touchweb-vincent/coreruleset/blob/patch-3/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml#L52

@EsadCetiner
Copy link
Member

EsadCetiner commented Oct 24, 2025

Interesting, I think there's a race condition with our CI pipeline, that change shouldn't have caused 959100-3 to fail. Tests now pass after re-running them.

@theseion Can you take a look at what might've caused this: https://github.com/coreruleset/coreruleset/actions/runs/18737486580/job/53447100629#step:4:379

EsadCetiner
EsadCetiner requested changes Oct 24, 2025
View reviewed changes
Copy link
Member

@EsadCetiner EsadCetiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add config/parameters.php to the other config files as well? You should be able to remove config/settings.inc.php as it's covered by our detection for generic config file names.

@theseion
Copy link
Contributor

theseion commented Oct 24, 2025

There's nothing we can do about that, unfortunately. Parsing logs is inherently brittle and we already try very hard to force the web server to flush the log before we try to read it. We're actually pretty lucky that we see these issues only a handful of times per year.

@theseion theseion added the 🚀 enhancement New feature or request label Oct 24, 2025
@theseion theseion changed the title fix(930120): adding conf file for PrestaShop 1.6 / 1.7 / 8+ & Magento 2 feat(930120): adding conf file for PrestaShop 1.6 / 1.7 / 8+ & Magento 2 Oct 24, 2025
@EsadCetiner EsadCetiner added the release:new-detection In this PR we introduce a new detection label Oct 24, 2025
@touchweb-vincent
Copy link
Contributor Author

touchweb-vincent commented Oct 24, 2025

config/settings.inc.php is not covered : curl -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level:4" "https://sandbox.coreruleset.org/?test=/config/settings.inc.php"

Where do you want me to add config/parameters.php ?

@EsadCetiner
Copy link
Member

EsadCetiner commented Oct 24, 2025

@touchweb-vincent Sorry, I meant the data files.

These should be added to restricted-upload.data

config/parameters.php
config/settings.inc.php

config/settings.inc.php is not covered

Yes your right, I missed that.

@touchweb-vincent
Copy link
Contributor Author

touchweb-vincent commented Oct 24, 2025

I didn't add them in restricted-upload.data because there are already present :

config/parameters.php :

coreruleset/rules/restricted-files.data

Line 335 in ae25972

/app/config/parameters.php

config/settings.inc.php :

coreruleset/rules/restricted-files.data

Line 334 in ae25972

/config/settings.inc.php

@EsadCetiner
Copy link
Member

EsadCetiner commented Oct 24, 2025

@touchweb-vincent

That's restricted-files.data, not restricted_upload.data

@touchweb-vincent
Copy link
Contributor Author

touchweb-vincent commented Oct 24, 2025

Same here :

parameters.php :

coreruleset/rules/restricted-upload.data

Line 345 in ae25972

parameters.php

settings.inc.php :

coreruleset/rules/restricted-upload.data

Line 361 in ae25972

settings.inc.php

@EsadCetiner EsadCetiner added this pull request to the merge queue Oct 24, 2025
Merged via the queue into coreruleset:main with commit 8670c69 Oct 24, 2025
10 of 11 checks passed
@touchweb-vincent touchweb-vincent deleted the patch-3 branch October 24, 2025 05:36
@theseion theseion mentioned this pull request Nov 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EsadCetiner EsadCetiner EsadCetiner approved these changes

Assignees

No one assigned

Labels

release:new-detection In this PR we introduce a new detection 🚀 enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@touchweb-vincent @EsadCetiner @theseion