Skip to content

Commit

Permalink
Update AppSec ruleset to v1.4.2
Browse files Browse the repository at this point in the history
  • Loading branch information
lloeki committed Nov 22, 2022
1 parent 693a8f9 commit 1f1d45d
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 48 deletions.
81 changes: 35 additions & 46 deletions lib/datadog/appsec/assets/waf_rules/recommended.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": "2.2",
"metadata": {
"rules_version": "1.4.1"
"rules_version": "1.4.2"
},
"rules": [
{
Expand Down Expand Up @@ -2853,51 +2853,6 @@
],
"transformers": []
},
{
"id": "crs-941-100",
"name": "XSS Attack Detected via libinjection",
"tags": {
"type": "xss",
"crs_id": "941100",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.headers.no_cookies",
"key_path": [
"user-agent"
]
},
{
"address": "server.request.headers.no_cookies",
"key_path": [
"referer"
]
},
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "grpc.server.request.message"
}
]
},
"operator": "is_xss"
}
],
"transformers": [
"removeNulls"
]
},
{
"id": "crs-941-110",
"name": "XSS Filter - Category 1: Script Tag Vector",
Expand Down Expand Up @@ -4363,6 +4318,40 @@
"keys_only"
]
},
{
"id": "dog-000-007",
"name": "Server side template injection: Velocity & Freemarker",
"tags": {
"type": "java_code_injection",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "server.request.headers.no_cookies"
},
{
"address": "grpc.server.request.message"
}
],
"regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
},
"operator": "match_regex"
}
],
"transformers": []
},
{
"id": "nfd-000-001",
"name": "Detect common directory discovery scans",
Expand Down
2 changes: 1 addition & 1 deletion lib/datadog/appsec/assets/waf_rules/risky.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": "2.2",
"metadata": {
"rules_version": "1.4.1"
"rules_version": "1.4.2"
},
"rules": [
{
Expand Down
47 changes: 46 additions & 1 deletion lib/datadog/appsec/assets/waf_rules/strict.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": "2.2",
"metadata": {
"rules_version": "1.4.1"
"rules_version": "1.4.2"
},
"rules": [
{
Expand Down Expand Up @@ -855,6 +855,51 @@
],
"transformers": []
},
{
"id": "crs-941-100",
"name": "XSS Attack Detected via libinjection",
"tags": {
"type": "xss",
"crs_id": "941100",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.headers.no_cookies",
"key_path": [
"user-agent"
]
},
{
"address": "server.request.headers.no_cookies",
"key_path": [
"referer"
]
},
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "grpc.server.request.message"
}
]
},
"operator": "is_xss"
}
],
"transformers": [
"removeNulls"
]
},
{
"id": "crs-941-130",
"name": "XSS Filter - Category 3: Attribute Vector",
Expand Down

0 comments on commit 1f1d45d

Please sign in to comment.