correction in 942190

franbuehler · franbuehler · commit 580e33b1e04a · 2017-10-30T18:22:10.000Z
diff --git a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
@@ -169,7 +169,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
 # to the Regexp::Assemble output:
 #   (?i:ASSEMBLE_OUTPUT)
 #
-SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:[\"'`](?:;?\s*?(?:(?:select|union)\b\s*?[^\s]|having\b\s*?)|\s*?!\s*?[\"'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select| select @)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|into[\s+]+(?:dump|out)file\s*?[\"'`]|\s*?exec(?:ute)?.*?\Wxp_cmdshell|from\W+information_schema\W|exec(?:ute)?\s+master\.|\wiif\s*?\())" \
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:[\"'`](?:;?\s*?(?:having|select|union)\b\s*?[^\s]|\s*?!\s*?[\"'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select| select @)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|into[\s+]+(?:dump|out)file\s*?[\"'`]|\s*?exec(?:ute)?.*?\Wxp_cmdshell|from\W+information_schema\W|exec(?:ute)?\s+master\.|\wiif\s*?\())" \
     "phase:2,\
     rev:'2',\
     ver:'OWASP_CRS/3.0.0',\
diff --git a/util/regexp-assemble/regexp-942190.data b/util/regexp-assemble/regexp-942190.data
@@ -1,5 +1,5 @@
 [\"'`]\s*?!\s*?[\"'`\w]
-[\"'`];?\s*?having\b\s*?[^\s)
+[\"'`];?\s*?having\b\s*?[^\s]
 [\"'`];?\s*?select\b\s*?[^\s]
 [\"'`];?\s*?union\b\s*?[^\s]
 \s*?exec.*?\Wxp_cmdshell

Original file line number	Diff line number	Diff line change
`@@ -169,7 +169,7 @@ SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAME`
`169`	`169`	`# to the Regexp::Assemble output:`
`170`	`170`	`# (?i:ASSEMBLE_OUTPUT)`
`171`	`171`	`#`
`172`		-SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAMES\|ARGS\|XML:/* "@rx (?i:(?:[\"'`](?:;?\s?(?:(?:select\|union)\b\s?[^\s]\|having\b\s?)\|\s?!\s?[\"'`\w])\|(?:c(?:onnection_id\|urrent_user)\|database)\s?\([^\)]?\|u(?:nion(?:[\w(\s]?select\| select @)\|ser\s?\([^\)]?)\|s(?:chema\s?\([^\)]?\|elect.?\w?user\()\|into[\s+]+(?:dump\|out)file\s?[\"'`]\|\s?exec(?:ute)?.?\Wxp_cmdshell\|from\W+information_schema\W\|exec(?:ute)?\s+master\.\|\wiif\s*?\())" \
	`172`	+SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAMES\|ARGS\|XML:/* "@rx (?i:(?:[\"'`](?:;?\s?(?:having\|select\|union)\b\s?[^\s]\|\s?!\s?[\"'`\w])\|(?:c(?:onnection_id\|urrent_user)\|database)\s?\([^\)]?\|u(?:nion(?:[\w(\s]?select\| select @)\|ser\s?\([^\)]?)\|s(?:chema\s?\([^\)]?\|elect.?\w?user\()\|into[\s+]+(?:dump\|out)file\s?[\"'`]\|\s?exec(?:ute)?.?\Wxp_cmdshell\|from\W+information_schema\W\|exec(?:ute)?\s+master\.\|\wiif\s?\())" \
`173`	`173`	`"phase:2,\`
`174`	`174`	`rev:'2',\`
`175`	`175`	`ver:'OWASP_CRS/3.0.0',\`