New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CVE-2018-2380 to comments of rules #1267

Merged
merged 1 commit into from Dec 25, 2018

Conversation

Projects
None yet
2 participants
@franbuehler
Copy link
Collaborator

franbuehler commented Dec 24, 2018

This PR adds the last CVE from issue #1259 to comments of rules:
CVE-2018-2380 (SAP CRM Java) triggers a lot of rules.

This PR only adds comments.

@dune73

This comment has been minimized.

Copy link
Collaborator

dune73 commented Dec 25, 2018

Thank you for the PR, @franbuehler. This looks very good. I wonder if we really want to add so many notes for all CVEs, but given this is part of an issue, let's merge these and then discuss things for the future. After all, Java injection is something we want to improve and these notes underline this.

Question: Would it make sense to create tests for each CVE, so we are sure the notes will be true in the future when we change the regexes?

@dune73 dune73 merged commit 8a312e6 into SpiderLabs:v3.2/dev Dec 25, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@franbuehler franbuehler deleted the franbuehler:add-comments-java-cve-2018-2380 branch Dec 25, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment