Skip to content

Commit

Permalink
Fixed false positive "Honor Note" matches SQL fragment "OR NOT"
Browse files Browse the repository at this point in the history
  • Loading branch information
@nielsbasjes
nielsbasjes committed Jun 27, 2017
1 parent f8f4872 commit ccccf7b
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 2 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG
View file
Expand Up @@ -123,7 +123,7 @@ v1.4
- Made the Analyzer Serializable which should make using it in distributed systems easier.
- Improve the detection of certain Robots and the old Tablet PC
- Fixed class of broken useragents.

- Fixed false positive "Honor Note" matches SQL fragment "OR NOT"



28 changes: 27 additions & 1 deletion analyzer/src/main/resources/UserAgents/Hackers-SQLInjections.yaml
View file
Expand Up @@ -159,7 +159,7 @@ config:

- matcher:
require:
- 'agent~"OR NOT"'
- 'agent~" OR NOT"'
extract: *setSQLInjection

- matcher:
Expand Down Expand Up @@ -487,3 +487,29 @@ config:
user_agent_string: '(select convert(int,CHAR(65)))'
expected: *isSQLInjection


# Validate false positive edge case that matched the substring "OR NOT" in "honOR NOTe 8"
- test:
input:
user_agent_string: 'Mozilla/5.0 (Linux; Android 6.1; Honor Note 8 Build/MXC89L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Safari/537.36'
expected:
DeviceClass : 'Tablet'
DeviceName : 'Huawei Honor Note 8'
DeviceBrand : 'Huawei'
OperatingSystemClass : 'Mobile'
OperatingSystemName : 'Android'
OperatingSystemVersion : '6.1'
OperatingSystemNameVersion : 'Android 6.1'
OperatingSystemVersionBuild : 'MXC89L'
LayoutEngineClass : 'Browser'
LayoutEngineName : 'Blink'
LayoutEngineVersion : '55.0'
LayoutEngineVersionMajor : '55'
LayoutEngineNameVersion : 'Blink 55.0'
LayoutEngineNameVersionMajor : 'Blink 55'
AgentClass : 'Browser'
AgentName : 'Chrome'
AgentVersion : '55.0.2883.91'
AgentVersionMajor : '55'
AgentNameVersion : 'Chrome 55.0.2883.91'
AgentNameVersionMajor : 'Chrome 55'

0 comments on commit ccccf7b

Please sign in to comment.