Merge pull request #1523 from lifeforms/regexp-blog-url

lifeforms · web-flow · commit d70c985010b6 · 2019-08-26T12:38:31.000+02:00
update regexp-assemble blog URLs
diff --git a/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
@@ -346,7 +346,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
 # $((foo))  Arithmetic expansion
 #
 # Regexp generated from util/regexp-assemble/regexp-932130.data using Regexp::Assemble.
-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.
+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.
 #
 SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" \
     "id:932130,\
@@ -393,7 +393,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
 # http://ss64.com/nt/for.html
 #
 # Regexp generated from util/regexp-assemble/regexp-932140.data using Regexp::Assemble.
-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.
+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.
 #
 SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \b(?:if(?:/i)?(?: not)?(?: exist\b| defined\b| errorlevel\b| cmdextversion\b|(?: |\().*(?:\bgeq\b|\bequ\b|\bneq\b|\bleq\b|\bgtr\b|\blss\b|==))|for(?:/[dflr].*)? %+[^ ]+ in\(.*\)\s?do)" \
     "id:932140,\
diff --git a/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf b/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
@@ -323,7 +323,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
 # [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ]
 #
 # Regexp generated from util/regexp-assemble/regexp-933160.data using Regexp::Assemble.
-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.
+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.
+#
 # Note that after assemble, PHP function syntax pre/postfix is added to the Regexp::Assemble
 # output. Example: "@rx (?i)\bASSEMBLE_OUTPUT_HERE(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)"
 #
@@ -622,7 +623,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
 # [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ]
 #
 # Regexp generated from util/regexp-assemble/regexp-933161.data using Regexp::Assemble.
-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.
+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.
+#
 # Note that after assemble, PHP function syntax pre/postfix is added to the Regexp::Assemble
 # output. Example: "@rx (?i)\bASSEMBLE_OUTPUT_HERE(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)"
 #
diff --git a/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf b/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf
@@ -43,7 +43,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,skipAf
 # use multiMatch and t:base64decode.
 #
 # Regexp generated from util/regexp-assemble/regexp-934100.data using Regexp::Assemble.
-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.
+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.
 
 SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:(?:_(?:\$\$ND_FUNC\$\$_|_js_function)|(?:new\s+Function|\beval)\s*\(|String\s*\.\s*fromCharCode|function\s*\(\s*\)\s*{|this\.constructor)|module\.exports\s*=)" \
     "id:934100,\
diff --git a/util/regexp-assemble/regexp-assemble-v2.pl b/util/regexp-assemble/regexp-assemble-v2.pl
@@ -6,7 +6,7 @@
 # Requires Regexp::Assemble Perl module.
 # To install: cpan install Regexp::Assemble
 #
-# See: http://blog.modsecurity.org/2007/06/optimizing-regu.html
+# See: https://coreruleset.org/20190826/optimizing-regular-expressions/
 #
 
 use strict;
diff --git a/util/regexp-assemble/regexp-assemble.pl b/util/regexp-assemble/regexp-assemble.pl
@@ -6,15 +6,15 @@
 # Requires Regexp::Assemble Perl module.
 # To install: cpan install Regexp::Assemble
 #
-# See: http://blog.modsecurity.org/2007/06/optimizing-regu.html
+# See: https://coreruleset.org/20190826/optimizing-regular-expressions/
 #
 
 use strict;
 use Regexp::Assemble;
- 
+
 my $ra = Regexp::Assemble->new;
 while (<>)
 {
   $ra->add($_);
 }
-print $ra->as_string() . "\n"; 
+print $ra->as_string() . "\n";

Original file line number	Diff line number	Diff line change
`@@ -346,7 +346,7 @@ SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAME`
`346`	`346`	`# $((foo)) Arithmetic expansion`
`347`	`347`	`#`
`348`	`348`	`# Regexp generated from util/regexp-assemble/regexp-932130.data using Regexp::Assemble.`
`349`		`-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.`
	`349`	`+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.`
`350`	`350`	`#`
`351`	`351`	`SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAMES\|ARGS\|XML:/* "@rx (?:\$(?:\((?:\(.\)\|.)\)\|\{.\})\|[<>]\(.\))" \`
`352`	`352`	`"id:932130,\`
`@@ -393,7 +393,7 @@ SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAME`
`393`	`393`	`# http://ss64.com/nt/for.html`
`394`	`394`	`#`
`395`	`395`	`# Regexp generated from util/regexp-assemble/regexp-932140.data using Regexp::Assemble.`
`396`		`-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.`
	`396`	`+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.`
`397`	`397`	`#`
`398`	`398`	`SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAMES\|ARGS\|XML:/* "@rx \b(?:if(?:/i)?(?: not)?(?: exist\b\| defined\b\| errorlevel\b\| cmdextversion\b\|(?: \|\().(?:\bgeq\b\|\bequ\b\|\bneq\b\|\bleq\b\|\bgtr\b\|\blss\b\|==))\|for(?:/[dflr].)? %+[^ ]+ in\(.*\)\s?do)" \`
`399`	`399`	`"id:932140,\`
Original file line number	Diff line number	Diff line change
`@@ -323,7 +323,8 @@ SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|REQUEST_F`
`323`	`323`	`# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ]`
`324`	`324`	`#`
`325`	`325`	`# Regexp generated from util/regexp-assemble/regexp-933160.data using Regexp::Assemble.`
`326`		`-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.`
	`326`	`+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.`
	`327`	`+#`
`327`	`328`	`# Note that after assemble, PHP function syntax pre/postfix is added to the Regexp::Assemble`
`328`	`329`	`# output. Example: "@rx (?i)\bASSEMBLE_OUTPUT_HERE(?:\s\|/\.\/\|//.\|#.)\(.*\)"`
`329`	`330`	`#`
`@@ -622,7 +623,8 @@ SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAME`
`622`	`623`	`# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ]`
`623`	`624`	`#`
`624`	`625`	`# Regexp generated from util/regexp-assemble/regexp-933161.data using Regexp::Assemble.`
`625`		`-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.`
	`626`	`+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.`
	`627`	`+#`
`626`	`628`	`# Note that after assemble, PHP function syntax pre/postfix is added to the Regexp::Assemble`
`627`	`629`	`# output. Example: "@rx (?i)\bASSEMBLE_OUTPUT_HERE(?:\s\|/\.\/\|//.\|#.)\(.*\)"`
`628`	`630`	`#`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,skipAf`
`43`	`43`	`# use multiMatch and t:base64decode.`
`44`	`44`	`#`
`45`	`45`	`# Regexp generated from util/regexp-assemble/regexp-934100.data using Regexp::Assemble.`
`46`		`-# See http://blog.modsecurity.org/2007/06/optimizing-regu.html for usage.`
	`46`	`+# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage.`
`47`	`47`
`48`	`48`	`SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|REQUEST_COOKIES_NAMES\|ARGS_NAMES\|ARGS\|XML:/* "@rx (?:(?:_(?:\$\$ND_FUNC\$\$_\|_js_function)\|(?:new\s+Function\|\beval)\s\(\|String\s\.\sfromCharCode\|function\s\(\s\)\s{\|this\.constructor)\|module\.exports\s*=)" \`
`49`	`49`	`"id:934100,\`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`# Requires Regexp::Assemble Perl module.`
`7`	`7`	`# To install: cpan install Regexp::Assemble`
`8`	`8`	`#`
`9`		`-# See: http://blog.modsecurity.org/2007/06/optimizing-regu.html`
	`9`	`+# See: https://coreruleset.org/20190826/optimizing-regular-expressions/`
`10`	`10`	`#`
`11`	`11`
`12`	`12`	`use strict;`
Original file line number	Diff line number	Diff line change
`@@ -6,15 +6,15 @@`
`6`	`6`	`# Requires Regexp::Assemble Perl module.`
`7`	`7`	`# To install: cpan install Regexp::Assemble`
`8`	`8`	`#`
`9`		`-# See: http://blog.modsecurity.org/2007/06/optimizing-regu.html`
	`9`	`+# See: https://coreruleset.org/20190826/optimizing-regular-expressions/`
`10`	`10`	`#`
`11`	`11`
`12`	`12`	`use strict;`
`13`	`13`	`use Regexp::Assemble;`
`14`		`-`
	`14`	`+`
`15`	`15`	`my $ra = Regexp::Assemble->new;`
`16`	`16`	`while (<>)`
`17`	`17`	`{`
`18`	`18`	`$ra->add($_);`
`19`	`19`	`}`
`20`		`-print $ra->as_string() . "\n";`
	`20`	`+print $ra->as_string() . "\n";`