ddtrace 1.4.1 → 1.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +144 -1
- data/LICENSE-3rdparty.csv +1 -0
- data/ext/ddtrace_profiling_loader/ddtrace_profiling_loader.c +9 -2
- data/ext/ddtrace_profiling_loader/extconf.rb +17 -0
- data/ext/ddtrace_profiling_native_extension/NativeExtensionDesign.md +38 -2
- data/ext/ddtrace_profiling_native_extension/clock_id.h +1 -0
- data/ext/ddtrace_profiling_native_extension/clock_id_from_pthread.c +1 -0
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time.c +517 -42
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time.h +3 -0
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +208 -30
- data/ext/ddtrace_profiling_native_extension/collectors_stack.c +156 -46
- data/ext/ddtrace_profiling_native_extension/collectors_stack.h +11 -2
- data/ext/ddtrace_profiling_native_extension/extconf.rb +11 -1
- data/ext/ddtrace_profiling_native_extension/http_transport.c +83 -64
- data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +4 -4
- data/ext/ddtrace_profiling_native_extension/native_extension_helpers.rb +3 -4
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.c +59 -0
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.h +3 -0
- data/ext/ddtrace_profiling_native_extension/profiling.c +10 -0
- data/ext/ddtrace_profiling_native_extension/ruby_helpers.c +0 -1
- data/ext/ddtrace_profiling_native_extension/ruby_helpers.h +4 -2
- data/ext/ddtrace_profiling_native_extension/stack_recorder.c +45 -29
- data/ext/ddtrace_profiling_native_extension/stack_recorder.h +7 -7
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +1169 -275
- data/lib/datadog/appsec/assets/waf_rules/risky.json +78 -78
- data/lib/datadog/appsec/assets/waf_rules/strict.json +278 -88
- data/lib/datadog/appsec/configuration/settings.rb +0 -2
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +25 -20
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/request.rb +3 -0
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +46 -19
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +7 -6
- data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +11 -11
- data/lib/datadog/appsec/contrib/rails/request.rb +3 -0
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +14 -12
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +11 -11
- data/lib/datadog/appsec/event.rb +6 -10
- data/lib/datadog/appsec/instrumentation/gateway.rb +16 -2
- data/lib/datadog/appsec/processor.rb +18 -2
- data/lib/datadog/ci/ext/environment.rb +16 -4
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +0 -3
- data/lib/datadog/core/configuration/components.rb +28 -16
- data/lib/datadog/core/configuration/settings.rb +127 -8
- data/lib/datadog/core/configuration.rb +1 -1
- data/lib/datadog/core/diagnostics/environment_logger.rb +5 -1
- data/lib/datadog/core/header_collection.rb +41 -0
- data/lib/datadog/core/telemetry/collector.rb +0 -2
- data/lib/datadog/core/utils/compression.rb +5 -1
- data/lib/datadog/core/workers/async.rb +0 -2
- data/lib/datadog/core.rb +0 -54
- data/lib/datadog/opentracer/tracer.rb +4 -6
- data/lib/datadog/profiling/collectors/cpu_and_wall_time.rb +12 -2
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +5 -3
- data/lib/datadog/profiling/collectors/old_stack.rb +1 -1
- data/lib/datadog/profiling/exporter.rb +2 -4
- data/lib/datadog/profiling/http_transport.rb +1 -1
- data/lib/datadog/profiling.rb +1 -1
- data/lib/datadog/tracing/client_ip.rb +164 -0
- data/lib/datadog/tracing/configuration/ext.rb +14 -0
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +2 -0
- data/lib/datadog/tracing/contrib/aws/services.rb +0 -2
- data/lib/datadog/tracing/contrib/dalli/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +4 -0
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +3 -0
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +2 -2
- data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +2 -0
- data/lib/datadog/tracing/contrib/excon/middleware.rb +2 -0
- data/lib/datadog/tracing/contrib/ext.rb +25 -0
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +3 -2
- data/lib/datadog/tracing/contrib/grape/endpoint.rb +0 -2
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +5 -0
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +7 -1
- data/lib/datadog/tracing/contrib/grpc/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/hanami/action_tracer.rb +47 -0
- data/lib/datadog/tracing/contrib/hanami/configuration/settings.rb +22 -0
- data/lib/datadog/tracing/contrib/hanami/ext.rb +24 -0
- data/lib/datadog/tracing/contrib/hanami/integration.rb +44 -0
- data/lib/datadog/tracing/contrib/hanami/patcher.rb +33 -0
- data/lib/datadog/tracing/contrib/hanami/plugin.rb +23 -0
- data/lib/datadog/tracing/contrib/hanami/renderer_policy_tracing.rb +41 -0
- data/lib/datadog/tracing/contrib/hanami/router_tracing.rb +44 -0
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +2 -0
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +2 -0
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +2 -0
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +7 -0
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +4 -0
- data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +12 -0
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +16 -0
- data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +12 -0
- data/lib/datadog/tracing/contrib/pg/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/pg/instrumentation.rb +38 -21
- data/lib/datadog/tracing/contrib/propagation/sql_comment/comment.rb +43 -0
- data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +32 -0
- data/lib/datadog/tracing/contrib/propagation/sql_comment/mode.rb +28 -0
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +49 -0
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +35 -0
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +105 -43
- data/lib/datadog/tracing/contrib/redis/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/redis/instrumentation.rb +4 -2
- data/lib/datadog/tracing/contrib/redis/integration.rb +2 -1
- data/lib/datadog/tracing/contrib/redis/patcher.rb +40 -0
- data/lib/datadog/tracing/contrib/redis/tags.rb +5 -0
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +2 -0
- data/lib/datadog/tracing/contrib/sinatra/env.rb +12 -23
- data/lib/datadog/tracing/contrib/sinatra/ext.rb +7 -3
- data/lib/datadog/tracing/contrib/sinatra/patcher.rb +2 -2
- data/lib/datadog/tracing/contrib/sinatra/tracer.rb +8 -80
- data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +14 -9
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +92 -10
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/tracing/distributed/datadog_tags_codec.rb +84 -0
- data/lib/datadog/tracing/distributed/headers/datadog.rb +122 -30
- data/lib/datadog/tracing/distributed/headers/ext.rb +2 -0
- data/lib/datadog/tracing/flush.rb +57 -35
- data/lib/datadog/tracing/metadata/ext.rb +11 -9
- data/lib/datadog/tracing/metadata/tagging.rb +9 -0
- data/lib/datadog/tracing/propagation/http.rb +9 -1
- data/lib/datadog/tracing/sampling/ext.rb +31 -0
- data/lib/datadog/tracing/sampling/priority_sampler.rb +46 -4
- data/lib/datadog/tracing/sampling/rate_by_key_sampler.rb +8 -9
- data/lib/datadog/tracing/sampling/rate_by_service_sampler.rb +29 -5
- data/lib/datadog/tracing/sampling/rate_limiter.rb +3 -0
- data/lib/datadog/tracing/sampling/rate_sampler.rb +20 -3
- data/lib/datadog/tracing/sampling/rule_sampler.rb +4 -3
- data/lib/datadog/tracing/sampling/span/ext.rb +25 -0
- data/lib/datadog/tracing/sampling/span/matcher.rb +9 -0
- data/lib/datadog/tracing/sampling/span/rule.rb +82 -0
- data/lib/datadog/tracing/sampling/span/rule_parser.rb +104 -0
- data/lib/datadog/tracing/sampling/span/sampler.rb +75 -0
- data/lib/datadog/tracing/span_operation.rb +0 -2
- data/lib/datadog/tracing/trace_digest.rb +3 -0
- data/lib/datadog/tracing/trace_operation.rb +32 -3
- data/lib/datadog/tracing/trace_segment.rb +7 -2
- data/lib/datadog/tracing/tracer.rb +34 -6
- data/lib/datadog/tracing/writer.rb +7 -0
- data/lib/ddtrace/transport/trace_formatter.rb +7 -0
- data/lib/ddtrace/transport/traces.rb +3 -1
- data/lib/ddtrace/version.rb +1 -1
- metadata +36 -18
- data/lib/datadog/profiling/old_ext.rb +0 -42
- data/lib/datadog/profiling/transport/http/api/endpoint.rb +0 -85
- data/lib/datadog/profiling/transport/http/api/instance.rb +0 -38
- data/lib/datadog/profiling/transport/http/api/spec.rb +0 -42
- data/lib/datadog/profiling/transport/http/api.rb +0 -45
- data/lib/datadog/profiling/transport/http/builder.rb +0 -30
- data/lib/datadog/profiling/transport/http/client.rb +0 -37
- data/lib/datadog/profiling/transport/http/response.rb +0 -21
- data/lib/datadog/profiling/transport/http.rb +0 -118
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": "2.2",
|
|
3
3
|
"metadata": {
|
|
4
|
-
"rules_version": "1.
|
|
4
|
+
"rules_version": "1.4.1"
|
|
5
5
|
},
|
|
6
6
|
"rules": [
|
|
7
7
|
{
|
|
@@ -180,7 +180,7 @@
|
|
|
180
180
|
"address": "server.request.path_params"
|
|
181
181
|
}
|
|
182
182
|
],
|
|
183
|
-
"regex": "(
|
|
183
|
+
"regex": "(?:[;\\n\\r`]|\\$(?:\\(?\\(|{)|(?:\\|)?\\||\\(\\s*\\)|[<>]\\(|&?&|\\{)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:['\\\"])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:w[\\x5c'\\\"]*p[\\x5c'\\\"]*-[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*w[\\x5c'\\\"]*n[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*m[\\x5c'\\\"]*p)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*q[\\x5c'\\\"]*u[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|m[\\x5c'\\\"]*i[\\x5c'\\\"]*r[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*r)|s(?:[\\x5c'\\\"]*(?:b[\\x5c'\\\"]*_[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*e|c[\\x5c'\\\"]*p[\\x5c'\\\"]*u|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d|p[\\x5c'\\\"]*c[\\x5c'\\\"]*i|u[\\x5c'\\\"]*s[\\x5c'\\\"]*b|-[\\x5c'\\\"]*F|h[\\x5c'\\\"]*w|o[\\x5c'\\\"]*f))?|z[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|m[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|a)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s)|o[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*(?:(?:n[\\x5c'\\\"]*a[\\x5c'\\\"]*m|s[\\x5c'\\\"]*a[\\x5c'\\\"]*v)[\\x5c'\\\"]*e|i[\\x5c'\\\"]*n[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l)|c[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*e|l)[\\x5c'\\\"]*(?:\\s|<|>).*)|e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:(?:f[\\x5c'\\\"]*i[\\x5c'\\\"]*l|p[\\x5c'\\\"]*i[\\x5c'\\\"]*p)[\\x5c'\\\"]*e|e[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|(?:\\s|<|>).*)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*g(?:[\\x5c'\\\"]*i[\\x5c'\\\"]*n)?|c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*m|(?:\\s|<|>).*)|d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g|d[\\x5c'\\\"]*(?:\\s|<|>).*)|(?:[np]|i[\\x5c'\\\"]*n[\\x5c'\\\"]*k[\\x5c'\\\"]*s|y[\\x5c'\\\"]*n[\\x5c'\\\"]*x)[\\x5c'\\\"]*(?:\\s|<|>).*|u[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:5[\\x5c'\\\"]*\\.[\\x5c'\\\"]*[1234]|(?:\\s|<|>).*)|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t)?|t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e)|c[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:r[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*|o[\\x5c'\\\"]*s[\\x5c'\\\"]*e[\\x5c'\\\"]*r)|m[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:\\s|<|>).*)|p[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*c)|h[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:\\s|<|>).*|f[\\x5c'\\\"]*l[\\x5c'\\\"]*a[\\x5c'\\\"]*g[\\x5c'\\\"]*s|a[\\x5c'\\\"]*t[\\x5c'\\\"]*t[\\x5c'\\\"]*r|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d)|p[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*m[\\x5c'\\\"]*i[\\x5c'\\\"]*t|(?:\\s|<|>).*|a[\\x5c'\\\"]*n|i[\\x5c'\\\"]*o)|(?:a[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*s[\\x5c'\\\"]*h|t)|c)[\\x5c'\\\"]*(?:\\s|<|>).*|e[\\x5c'\\\"]*r[\\x5c'\\\"]*t[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*t|r[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*b|u[\\x5c'\\\"]*r[\\x5c'\\\"]*l|[89][\\x5c'\\\"]*9|s[\\x5c'\\\"]*h)|b[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*p[\\x5c'\\\"]*2)|u[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*(?:y[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*x|c[\\x5c'\\\"]*t[\\x5c'\\\"]*l)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:\\s|<|>).*|i[\\x5c'\\\"]*l[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*n)|s[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|t[\\x5c'\\\"]*a[\\x5c'\\\"]*r)|a[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*(?:\\s|<|>).*|s[\\x5c'\\\"]*h)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*k[\\x5c'\\\"]*s[\\x5c'\\\"]*w)|e[\\x5c'\\\"]*(?:x[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:\\s|<|>).*|a[\\x5c'\\\"]*n[\\x5c'\\\"]*d|o[\\x5c'\\\"]*r[\\x5c'\\\"]*t|r)|(?:e[\\x5c'\\\"]*c[\\x5c'\\\"]*)?(?:\\s|<|>).*)|n[\\x5c'\\\"]*(?:v(?:[\\x5c'\\\"]*-[\\x5c'\\\"]*u[\\x5c'\\\"]*p[\\x5c'\\\"]*d[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*e)?|d[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*f|s[\\x5c'\\\"]*w))|(?:a[\\x5c'\\\"]*s[\\x5c'\\\"]*y[\\x5c'\\\"]*_[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*l|v[\\x5c'\\\"]*a)[\\x5c'\\\"]*l|(?:c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|d)[\\x5c'\\\"]*(?:\\s|<|>).*|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|m[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*s|s[\\x5c'\\\"]*a[\\x5c'\\\"]*c)|f[\\x5c'\\\"]*(?:i(?:[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|(?:\\s|<|>).*)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:\\s|<|>).*|s[\\x5c'\\\"]*h))?|t[\\x5c'\\\"]*p[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*s|w[\\x5c'\\\"]*h[\\x5c'\\\"]*o|(?:\\s|<|>).*)|(?:e[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*h|l[\\x5c'\\\"]*o[\\x5c'\\\"]*c[\\x5c'\\\"]*k|c)[\\x5c'\\\"]*(?:\\s|<|>).*|u[\\x5c'\\\"]*n[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*o[\\x5c'\\\"]*n|o[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*h|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p)|i[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:(?:6[\\x5c'\\\"]*)?t[\\x5c'\\\"]*a[\\x5c'\\\"]*b[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*s|c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g)|r[\\x5c'\\\"]*b(?:[\\x5c'\\\"]*(?:2[\\x5c'\\\"]*[01234567]|1(?:[\\x5c'\\\"]*[89])?|3[\\x5c'\\\"]*0))?|f[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g|o[\\x5c'\\\"]*n[\\x5c'\\\"]*i[\\x5c'\\\"]*c[\\x5c'\\\"]*e|d[\\x5c'\\\"]*(?:\\s|<|>).*)|h[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|p[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*w[\\x5c'\\\"]*d)|o[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:n[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*e|i[\\x5c'\\\"]*d)|(?:e[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*p)[\\x5c'\\\"]*(?:\\s|<|>).*|i[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*y)|a[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*|p[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*e)|p[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:-[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t|(?:\\s|<|>).*)|d[\\x5c'\\\"]*d[\\x5c'\\\"]*u[\\x5c'\\\"]*s[\\x5c'\\\"]*e[\\x5c'\\\"]*r|r[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*h[\\x5c'\\\"]*(?:\\s|<|>).*|p)|(?:w[\\x5c'\\\"]*[ks]|t)[\\x5c'\\\"]*(?:\\s|<|>).*)|g[\\x5c'\\\"]*(?:(?:e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*f[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*l|m)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|o)[\\x5c'\\\"]*(?:\\s|<|>).*|z[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*p)|u[\\x5c'\\\"]*n[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p|c[\\x5c'\\\"]*c(?:[\\x5c'\\\"]*(?:\\s|<|>).*)?|i[\\x5c'\\\"]*t(?:[\\x5c'\\\"]*(?:\\s|<|>).*)?|d[\\x5c'\\\"]*b)|d[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*c[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*e[\\x5c'\\\"]*n[\\x5c'\\\"]*t|(?:i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|u)[\\x5c'\\\"]*(?:\\s|<|>).*|(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*s|p[\\x5c'\\\"]*k)[\\x5c'\\\"]*g|o[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*s|n[\\x5c'\\\"]*e)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*h)|j[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*r[\\x5c'\\\"]*n[\\x5c'\\\"]*a[\\x5c'\\\"]*l[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l|b[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*)|a[\\x5c'\\\"]*v[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:\\s|<|>).*|e[\\x5c'\\\"]*x[\\x5c'\\\"]*e[\\x5c'\\\"]*c)|k[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l[\\x5c'\\\"]*l[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*l[\\x5c'\\\"]*l|(?:\\s|<|>).*)|s[\\x5c'\\\"]*h)|G[\\x5c'\\\"]*E[\\x5c'\\\"]*T[\\x5c'\\\"]*(?:\\s|<|>).*|7[\\x5c'\\\"]*z(?:[\\x5c'\\\"]*[ar])?)\\b",
|
|
184
184
|
"options": {
|
|
185
185
|
"case_sensitive": true,
|
|
186
186
|
"min_length": 3
|
|
@@ -213,7 +213,7 @@
|
|
|
213
213
|
"address": "server.request.path_params"
|
|
214
214
|
}
|
|
215
215
|
],
|
|
216
|
-
"regex": "(
|
|
216
|
+
"regex": "(?:[;\\n\\r`]|(?:$\\(|<)\\(|(?:\\|)?\\||\\(\\s*\\)|\\$[(?:{]|&?&|>\\|\\{)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:['\\\"])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:s[\\\"\\^]*(?:y[\\\"\\^]*s[\\\"\\^]*(?:t[\\\"\\^]*e[\\\"\\^]*m[\\\"\\^]*(?:p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*(?:d[\\\"\\^]*a[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*p[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n|(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r[\\\"\\^]*m[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c|h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*d[\\\"\\^]*w[\\\"\\^]*a[\\\"\\^]*r)[\\\"\\^]*e|a[\\\"\\^]*d[\\\"\\^]*v[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*d)|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o)|k[\\\"\\^]*e[\\\"\\^]*y|d[\\\"\\^]*m)|h[\\\"\\^]*(?:o[\\\"\\^]*(?:w[\\\"\\^]*(?:g[\\\"\\^]*r[\\\"\\^]*p|m[\\\"\\^]*b[\\\"\\^]*r)[\\\"\\^]*s|r[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t)|e[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*s|u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|r[\\\"\\^]*p[\\\"\\^]*u[\\\"\\^]*b[\\\"\\^]*w|a[\\\"\\^]*r[\\\"\\^]*e|i[\\\"\\^]*f[\\\"\\^]*t)|e[\\\"\\^]*(?:t[\\\"\\^]*(?:(?:x[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|l[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*a[\\\"\\^]*l)|c[\\\"\\^]*p[\\\"\\^]*o[\\\"\\^]*l|l[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*t)|c[\\\"\\^]*(?:h[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*s[\\\"\\^]*k[\\\"\\^]*s|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|u[\\\"\\^]*b[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*l|s[\\\"\\^]*t)|(?:t[\\\"\\^]*a|o)[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*g[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f|l[\\\"\\^]*(?:e[\\\"\\^]*e[\\\"\\^]*p|m[\\\"\\^]*g[\\\"\\^]*r)|f[\\\"\\^]*c|v[\\\"\\^]*n)|p[\\\"\\^]*(?:s[\\\"\\^]*(?:s[\\\"\\^]*(?:h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|e[\\\"\\^]*r[\\\"\\^]*v[\\\"\\^]*i[\\\"\\^]*c[\\\"\\^]*e|u[\\\"\\^]*s[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*d)|l[\\\"\\^]*(?:o[\\\"\\^]*g[\\\"\\^]*(?:g[\\\"\\^]*e[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*n|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|i[\\\"\\^]*s[\\\"\\^]*t)|p[\\\"\\^]*(?:a[\\\"\\^]*s[\\\"\\^]*s[\\\"\\^]*w[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|g[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*s[\\\"\\^]*i[\\\"\\^]*d|e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c|f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o|k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l)|o[\\\"\\^]*(?:w[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*(?:s[\\\"\\^]*h[\\\"\\^]*e[\\\"\\^]*l[\\\"\\^]*l(?:[\\\"\\^]*_[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*e)?|c[\\\"\\^]*f[\\\"\\^]*g)|r[\\\"\\^]*t[\\\"\\^]*q[\\\"\\^]*r[\\\"\\^]*y|p[\\\"\\^]*d)|r[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*(?:(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*r[\\\"\\^]*m)|n[\\\"\\^]*(?:c[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*g|m[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*r)|o[\\\"\\^]*m[\\\"\\^]*p[\\\"\\^]*t)|a[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*(?:p[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g|(?:[\\s,;]|\\.|/|<|>).*)|e[\\\"\\^]*r[\\\"\\^]*(?:l(?:[\\\"\\^]*(?:s[\\\"\\^]*h|5))?|f[\\\"\\^]*m[\\\"\\^]*o[\\\"\\^]*n)|y[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n(?:[\\\"\\^]*(?:3(?:[\\\"\\^]*m)?|2))?|k[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*g[\\\"\\^]*r|h[\\\"\\^]*p(?:[\\\"\\^]*[57])?|u[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|r[\\\"\\^]*(?:e[\\\"\\^]*(?:(?:p[\\\"\\^]*l[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*e|n(?:[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*e)?|s[\\\"\\^]*e[\\\"\\^]*t)[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|g[\\\"\\^]*(?:s[\\\"\\^]*v[\\\"\\^]*r[\\\"\\^]*3[\\\"\\^]*2|e[\\\"\\^]*d[\\\"\\^]*i[\\\"\\^]*t|(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*n[\\\"\\^]*i)|c[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c|o[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*y[\\\"\\^]*w[\\\"\\^]*i[\\\"\\^]*z)|u[\\\"\\^]*(?:n[\\\"\\^]*(?:d[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*3[\\\"\\^]*2|a[\\\"\\^]*s)|b[\\\"\\^]*y[\\\"\\^]*(?:1(?:[\\\"\\^]*[89])?|2[\\\"\\^]*[012]))|a[\\\"\\^]*(?:s[\\\"\\^]*(?:p[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*e|d[\\\"\\^]*i[\\\"\\^]*a[\\\"\\^]*l)|r[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|m[\\\"\\^]*(?:(?:d[\\\"\\^]*i[\\\"\\^]*r[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|t[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*e)|o[\\\"\\^]*(?:u[\\\"\\^]*t[\\\"\\^]*e[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*y)|s[\\\"\\^]*(?:t[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*i|y[\\\"\\^]*n[\\\"\\^]*c)|d[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|t[\\\"\\^]*(?:a[\\\"\\^]*(?:s[\\\"\\^]*k[\\\"\\^]*(?:k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t|s[\\\"\\^]*c[\\\"\\^]*h[\\\"\\^]*d|m[\\\"\\^]*g[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n)|(?:i[\\\"\\^]*m[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*u|p[\\\"\\^]*m[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*i|e[\\\"\\^]*l[\\\"\\^]*n[\\\"\\^]*e|l[\\\"\\^]*i[\\\"\\^]*s)[\\\"\\^]*t|s[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c[\\\"\\^]*o|s[\\\"\\^]*h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d)[\\\"\\^]*n|y[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f|(?:[\\s,;]|\\.|/|<|>).*)|r[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t|e[\\\"\\^]*e))|w[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*f|m[\\\"\\^]*s[\\\"\\^]*d[\\\"\\^]*p|v[\\\"\\^]*a[\\\"\\^]*r|r[\\\"\\^]*[ms])|u[\\\"\\^]*(?:a[\\\"\\^]*(?:u[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*t|p[\\\"\\^]*p)|s[\\\"\\^]*a)|s[\\\"\\^]*c[\\\"\\^]*(?:r[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*t|u[\\\"\\^]*i)|e[\\\"\\^]*v[\\\"\\^]*t[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*l|m[\\\"\\^]*i[\\\"\\^]*(?:m[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*t|c)|a[\\\"\\^]*i[\\\"\\^]*t[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r|h[\\\"\\^]*o[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*i|g[\\\"\\^]*e[\\\"\\^]*t)|u[\\\"\\^]*(?:s[\\\"\\^]*(?:e[\\\"\\^]*r[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*l[\\\"\\^]*s[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*s|r[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*t)|n[\\\"\\^]*(?:r[\\\"\\^]*a[\\\"\\^]*r|z[\\\"\\^]*i[\\\"\\^]*p))|q[\\\"\\^]*(?:u[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*y[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*s|w[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a|g[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*p)|o[\\\"\\^]*(?:d[\\\"\\^]*b[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*d[\\\"\\^]*3[\\\"\\^]*2|c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*f)|p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e[\\\"\\^]*s)|v[\\\"\\^]*(?:o[\\\"\\^]*l[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*y)|x[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*s|o[\\\"\\^]*p[\\\"\\^]*y)|z[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)",
|
|
217
217
|
"options": {
|
|
218
218
|
"min_length": 4
|
|
219
219
|
}
|
|
@@ -246,11 +246,12 @@
|
|
|
246
246
|
}
|
|
247
247
|
],
|
|
248
248
|
"list": [
|
|
249
|
-
"powershell
|
|
250
|
-
"add-bitsfile",
|
|
249
|
+
"powershell",
|
|
251
250
|
"add-computer",
|
|
252
251
|
"add-content",
|
|
253
252
|
"add-history",
|
|
253
|
+
"add-jobtrigger",
|
|
254
|
+
"add-localgroupmember",
|
|
254
255
|
"add-member",
|
|
255
256
|
"add-pssnapin",
|
|
256
257
|
"add-type",
|
|
@@ -258,134 +259,243 @@
|
|
|
258
259
|
"clear-content",
|
|
259
260
|
"clear-eventlog",
|
|
260
261
|
"clear-history",
|
|
262
|
+
"clear-host",
|
|
261
263
|
"clear-item",
|
|
262
264
|
"clear-itemproperty",
|
|
265
|
+
"clear-recyclebin",
|
|
263
266
|
"clear-variable",
|
|
264
267
|
"compare-object",
|
|
265
|
-
"complete-bitstransfer",
|
|
266
268
|
"complete-transaction",
|
|
269
|
+
"compress-archive",
|
|
270
|
+
"connect-pssession",
|
|
267
271
|
"connect-wsman",
|
|
272
|
+
"convert-path",
|
|
273
|
+
"convert-string",
|
|
268
274
|
"convertfrom-csv",
|
|
275
|
+
"convertfrom-json",
|
|
276
|
+
"convertfrom-markdown",
|
|
277
|
+
"convertfrom-sddlstring",
|
|
269
278
|
"convertfrom-securestring",
|
|
279
|
+
"convertfrom-string",
|
|
270
280
|
"convertfrom-stringdata",
|
|
271
|
-
"convert-path",
|
|
272
281
|
"convertto-csv",
|
|
273
282
|
"convertto-html",
|
|
283
|
+
"convertto-json",
|
|
274
284
|
"convertto-securestring",
|
|
275
285
|
"convertto-xml",
|
|
276
286
|
"copy-item",
|
|
277
287
|
"copy-itemproperty",
|
|
288
|
+
"debug-job",
|
|
278
289
|
"debug-process",
|
|
290
|
+
"debug-runspace",
|
|
279
291
|
"disable-computerrestore",
|
|
292
|
+
"disable-experimentalfeature",
|
|
293
|
+
"disable-jobtrigger",
|
|
294
|
+
"disable-localuser",
|
|
280
295
|
"disable-psbreakpoint",
|
|
296
|
+
"disable-psremoting",
|
|
281
297
|
"disable-pssessionconfiguration",
|
|
298
|
+
"disable-pstrace",
|
|
299
|
+
"disable-pswsmancombinedtrace",
|
|
300
|
+
"disable-runspacedebug",
|
|
301
|
+
"disable-scheduledjob",
|
|
282
302
|
"disable-wsmancredssp",
|
|
303
|
+
"disable-wsmantrace",
|
|
304
|
+
"disconnect-pssession",
|
|
283
305
|
"disconnect-wsman",
|
|
284
306
|
"enable-computerrestore",
|
|
307
|
+
"enable-experimentalfeature",
|
|
308
|
+
"enable-jobtrigger",
|
|
309
|
+
"enable-localuser",
|
|
285
310
|
"enable-psbreakpoint",
|
|
286
311
|
"enable-psremoting",
|
|
287
312
|
"enable-pssessionconfiguration",
|
|
313
|
+
"enable-pstrace",
|
|
314
|
+
"enable-pswsmancombinedtrace",
|
|
315
|
+
"enable-runspacedebug",
|
|
316
|
+
"enable-scheduledjob",
|
|
288
317
|
"enable-wsmancredssp",
|
|
318
|
+
"enable-wsmantrace",
|
|
319
|
+
"enter-pshostprocess",
|
|
289
320
|
"enter-pssession",
|
|
321
|
+
"exit-pshostprocess",
|
|
290
322
|
"exit-pssession",
|
|
323
|
+
"expand-archive",
|
|
291
324
|
"export-alias",
|
|
325
|
+
"export-binarymilog",
|
|
292
326
|
"export-clixml",
|
|
293
327
|
"export-console",
|
|
294
328
|
"export-counter",
|
|
295
329
|
"export-csv",
|
|
296
330
|
"export-formatdata",
|
|
297
331
|
"export-modulemember",
|
|
332
|
+
"export-odataendpointproxy",
|
|
298
333
|
"export-pssession",
|
|
334
|
+
"find-command",
|
|
335
|
+
"find-dscresource",
|
|
336
|
+
"find-module",
|
|
337
|
+
"find-package",
|
|
338
|
+
"find-packageprovider",
|
|
339
|
+
"find-rolecapability",
|
|
340
|
+
"find-script",
|
|
299
341
|
"foreach-object",
|
|
300
342
|
"format-custom",
|
|
343
|
+
"format-hex",
|
|
301
344
|
"format-list",
|
|
302
345
|
"format-table",
|
|
303
346
|
"format-wide",
|
|
304
347
|
"get-acl",
|
|
305
348
|
"get-alias",
|
|
306
|
-
"get-applockerfileinformation",
|
|
307
|
-
"get-applockerpolicy",
|
|
308
349
|
"get-authenticodesignature",
|
|
309
|
-
"get-bitstransfer",
|
|
310
350
|
"get-childitem",
|
|
351
|
+
"get-cimassociatedinstance",
|
|
352
|
+
"get-cimclass",
|
|
353
|
+
"get-ciminstance",
|
|
354
|
+
"get-cimsession",
|
|
355
|
+
"get-clipboard",
|
|
356
|
+
"get-cmsmessage",
|
|
311
357
|
"get-command",
|
|
358
|
+
"get-computerinfo",
|
|
312
359
|
"get-computerrestorepoint",
|
|
313
360
|
"get-content",
|
|
361
|
+
"get-controlpanelitem",
|
|
314
362
|
"get-counter",
|
|
315
363
|
"get-credential",
|
|
364
|
+
"get-date",
|
|
365
|
+
"get-error",
|
|
316
366
|
"get-event",
|
|
317
367
|
"get-eventlog",
|
|
318
368
|
"get-eventsubscriber",
|
|
319
369
|
"get-executionpolicy",
|
|
370
|
+
"get-experimentalfeature",
|
|
371
|
+
"get-filehash",
|
|
320
372
|
"get-formatdata",
|
|
373
|
+
"get-help",
|
|
321
374
|
"get-history",
|
|
322
375
|
"get-host",
|
|
323
376
|
"get-hotfix",
|
|
377
|
+
"get-installedmodule",
|
|
378
|
+
"get-installedscript",
|
|
379
|
+
"get-isesnippet",
|
|
324
380
|
"get-item",
|
|
325
381
|
"get-itemproperty",
|
|
382
|
+
"get-itempropertyvalue",
|
|
326
383
|
"get-job",
|
|
384
|
+
"get-jobtrigger",
|
|
385
|
+
"get-localgroup",
|
|
386
|
+
"get-localgroupmember",
|
|
387
|
+
"get-localuser",
|
|
327
388
|
"get-location",
|
|
389
|
+
"get-logproperties",
|
|
390
|
+
"get-markdownoption",
|
|
328
391
|
"get-module",
|
|
329
|
-
"get-
|
|
330
|
-
"get-process",
|
|
392
|
+
"get-operationvalidation",
|
|
331
393
|
"get-psbreakpoint",
|
|
332
394
|
"get-pscallstack",
|
|
333
395
|
"get-psdrive",
|
|
396
|
+
"get-pshostprocessinfo",
|
|
334
397
|
"get-psprovider",
|
|
398
|
+
"get-psreadlinekeyhandler",
|
|
399
|
+
"get-psreadlineoption",
|
|
400
|
+
"get-psrepository",
|
|
335
401
|
"get-pssession",
|
|
402
|
+
"get-pssessioncapability",
|
|
336
403
|
"get-pssessionconfiguration",
|
|
337
404
|
"get-pssnapin",
|
|
405
|
+
"get-pssubsystem",
|
|
406
|
+
"get-package",
|
|
407
|
+
"get-packageprovider",
|
|
408
|
+
"get-packagesource",
|
|
409
|
+
"get-pfxcertificate",
|
|
410
|
+
"get-process",
|
|
338
411
|
"get-random",
|
|
412
|
+
"get-runspace",
|
|
413
|
+
"get-runspacedebug",
|
|
414
|
+
"get-scheduledjob",
|
|
415
|
+
"get-scheduledjoboption",
|
|
339
416
|
"get-service",
|
|
417
|
+
"get-timezone",
|
|
340
418
|
"get-tracesource",
|
|
341
419
|
"get-transaction",
|
|
342
|
-
"get-
|
|
420
|
+
"get-typedata",
|
|
343
421
|
"get-uiculture",
|
|
344
422
|
"get-unique",
|
|
423
|
+
"get-uptime",
|
|
345
424
|
"get-variable",
|
|
346
|
-
"get-
|
|
347
|
-
"get-wmiobject",
|
|
425
|
+
"get-verb",
|
|
348
426
|
"get-wsmancredssp",
|
|
349
427
|
"get-wsmaninstance",
|
|
428
|
+
"get-winevent",
|
|
429
|
+
"get-wmiobject",
|
|
350
430
|
"group-object",
|
|
351
431
|
"import-alias",
|
|
432
|
+
"import-binarymilog",
|
|
352
433
|
"import-clixml",
|
|
353
434
|
"import-counter",
|
|
354
435
|
"import-csv",
|
|
436
|
+
"import-isesnippet",
|
|
355
437
|
"import-localizeddata",
|
|
356
438
|
"import-module",
|
|
357
439
|
"import-pssession",
|
|
440
|
+
"import-packageprovider",
|
|
441
|
+
"import-powershelldatafile",
|
|
442
|
+
"install-module",
|
|
443
|
+
"install-package",
|
|
444
|
+
"install-packageprovider",
|
|
445
|
+
"install-script",
|
|
446
|
+
"invoke-asworkflow",
|
|
447
|
+
"invoke-cimmethod",
|
|
358
448
|
"invoke-command",
|
|
359
449
|
"invoke-expression",
|
|
360
450
|
"invoke-history",
|
|
361
451
|
"invoke-item",
|
|
362
|
-
"invoke-
|
|
363
|
-
"invoke-
|
|
452
|
+
"invoke-operationvalidation",
|
|
453
|
+
"invoke-restmethod",
|
|
364
454
|
"invoke-wsmanaction",
|
|
455
|
+
"invoke-webrequest",
|
|
456
|
+
"invoke-wmimethod",
|
|
365
457
|
"join-path",
|
|
458
|
+
"join-string",
|
|
366
459
|
"limit-eventlog",
|
|
367
460
|
"measure-command",
|
|
368
461
|
"measure-object",
|
|
369
462
|
"move-item",
|
|
370
463
|
"move-itemproperty",
|
|
371
464
|
"new-alias",
|
|
372
|
-
"new-
|
|
465
|
+
"new-ciminstance",
|
|
466
|
+
"new-cimsession",
|
|
467
|
+
"new-cimsessionoption",
|
|
373
468
|
"new-event",
|
|
374
469
|
"new-eventlog",
|
|
470
|
+
"new-filecatalog",
|
|
471
|
+
"new-guid",
|
|
472
|
+
"new-isesnippet",
|
|
375
473
|
"new-item",
|
|
376
474
|
"new-itemproperty",
|
|
475
|
+
"new-jobtrigger",
|
|
476
|
+
"new-localgroup",
|
|
477
|
+
"new-localuser",
|
|
377
478
|
"new-module",
|
|
378
479
|
"new-modulemanifest",
|
|
379
480
|
"new-object",
|
|
380
481
|
"new-psdrive",
|
|
482
|
+
"new-psrolecapabilityfile",
|
|
381
483
|
"new-pssession",
|
|
484
|
+
"new-pssessionconfigurationfile",
|
|
382
485
|
"new-pssessionoption",
|
|
486
|
+
"new-pstransportoption",
|
|
487
|
+
"new-psworkflowexecutionoption",
|
|
488
|
+
"new-psworkflowsession",
|
|
489
|
+
"new-scheduledjoboption",
|
|
490
|
+
"new-scriptfileinfo",
|
|
383
491
|
"new-service",
|
|
492
|
+
"new-temporaryfile",
|
|
384
493
|
"new-timespan",
|
|
385
494
|
"new-variable",
|
|
386
|
-
"new-webserviceproxy",
|
|
387
495
|
"new-wsmaninstance",
|
|
388
496
|
"new-wsmansessionoption",
|
|
497
|
+
"new-webserviceproxy",
|
|
498
|
+
"new-winevent",
|
|
389
499
|
"out-default",
|
|
390
500
|
"out-file",
|
|
391
501
|
"out-gridview",
|
|
@@ -394,93 +504,153 @@
|
|
|
394
504
|
"out-printer",
|
|
395
505
|
"out-string",
|
|
396
506
|
"pop-location",
|
|
507
|
+
"protect-cmsmessage",
|
|
508
|
+
"publish-module",
|
|
509
|
+
"publish-script",
|
|
397
510
|
"push-location",
|
|
398
511
|
"read-host",
|
|
399
512
|
"receive-job",
|
|
513
|
+
"receive-pssession",
|
|
514
|
+
"register-argumentcompleter",
|
|
515
|
+
"register-cimindicationevent",
|
|
400
516
|
"register-engineevent",
|
|
401
517
|
"register-objectevent",
|
|
518
|
+
"register-psrepository",
|
|
402
519
|
"register-pssessionconfiguration",
|
|
520
|
+
"register-packagesource",
|
|
521
|
+
"register-scheduledjob",
|
|
403
522
|
"register-wmievent",
|
|
404
|
-
"remove-
|
|
523
|
+
"remove-alias",
|
|
524
|
+
"remove-ciminstance",
|
|
525
|
+
"remove-cimsession",
|
|
405
526
|
"remove-computer",
|
|
406
527
|
"remove-event",
|
|
407
528
|
"remove-eventlog",
|
|
408
529
|
"remove-item",
|
|
409
530
|
"remove-itemproperty",
|
|
410
531
|
"remove-job",
|
|
532
|
+
"remove-jobtrigger",
|
|
533
|
+
"remove-localgroup",
|
|
534
|
+
"remove-localgroupmember",
|
|
535
|
+
"remove-localuser",
|
|
411
536
|
"remove-module",
|
|
412
537
|
"remove-psbreakpoint",
|
|
413
538
|
"remove-psdrive",
|
|
539
|
+
"remove-psreadlinekeyhandler",
|
|
414
540
|
"remove-pssession",
|
|
415
541
|
"remove-pssnapin",
|
|
542
|
+
"remove-service",
|
|
543
|
+
"remove-typedata",
|
|
416
544
|
"remove-variable",
|
|
417
|
-
"remove-wmiobject",
|
|
418
545
|
"remove-wsmaninstance",
|
|
546
|
+
"remove-wmiobject",
|
|
547
|
+
"rename-computer",
|
|
419
548
|
"rename-item",
|
|
420
549
|
"rename-itemproperty",
|
|
550
|
+
"rename-localgroup",
|
|
551
|
+
"rename-localuser",
|
|
421
552
|
"reset-computermachinepassword",
|
|
422
553
|
"resolve-path",
|
|
423
554
|
"restart-computer",
|
|
424
555
|
"restart-service",
|
|
425
556
|
"restore-computer",
|
|
426
|
-
"resume-
|
|
557
|
+
"resume-job",
|
|
427
558
|
"resume-service",
|
|
559
|
+
"save-help",
|
|
560
|
+
"save-module",
|
|
561
|
+
"save-package",
|
|
562
|
+
"save-script",
|
|
428
563
|
"select-object",
|
|
429
564
|
"select-string",
|
|
430
565
|
"select-xml",
|
|
431
566
|
"send-mailmessage",
|
|
432
567
|
"set-acl",
|
|
433
568
|
"set-alias",
|
|
434
|
-
"set-applockerpolicy",
|
|
435
569
|
"set-authenticodesignature",
|
|
436
|
-
"set-
|
|
570
|
+
"set-ciminstance",
|
|
571
|
+
"set-clipboard",
|
|
437
572
|
"set-content",
|
|
438
573
|
"set-date",
|
|
439
574
|
"set-executionpolicy",
|
|
440
575
|
"set-item",
|
|
441
576
|
"set-itemproperty",
|
|
577
|
+
"set-jobtrigger",
|
|
578
|
+
"set-localgroup",
|
|
579
|
+
"set-localuser",
|
|
442
580
|
"set-location",
|
|
581
|
+
"set-logproperties",
|
|
582
|
+
"set-markdownoption",
|
|
443
583
|
"set-psbreakpoint",
|
|
444
584
|
"set-psdebug",
|
|
585
|
+
"set-psreadlinekeyhandler",
|
|
586
|
+
"set-psreadlineoption",
|
|
587
|
+
"set-psrepository",
|
|
445
588
|
"set-pssessionconfiguration",
|
|
589
|
+
"set-packagesource",
|
|
590
|
+
"set-scheduledjob",
|
|
591
|
+
"set-scheduledjoboption",
|
|
446
592
|
"set-service",
|
|
447
593
|
"set-strictmode",
|
|
594
|
+
"set-timezone",
|
|
448
595
|
"set-tracesource",
|
|
449
596
|
"set-variable",
|
|
450
|
-
"set-wmiinstance",
|
|
451
597
|
"set-wsmaninstance",
|
|
452
598
|
"set-wsmanquickconfig",
|
|
599
|
+
"set-wmiinstance",
|
|
600
|
+
"show-command",
|
|
601
|
+
"show-controlpanelitem",
|
|
453
602
|
"show-eventlog",
|
|
603
|
+
"show-markdown",
|
|
454
604
|
"sort-object",
|
|
455
605
|
"split-path",
|
|
456
|
-
"start-bitstransfer",
|
|
457
606
|
"start-job",
|
|
458
607
|
"start-process",
|
|
459
608
|
"start-service",
|
|
460
609
|
"start-sleep",
|
|
610
|
+
"start-threadjob",
|
|
611
|
+
"start-trace",
|
|
461
612
|
"start-transaction",
|
|
462
613
|
"stop-computer",
|
|
463
614
|
"stop-job",
|
|
464
615
|
"stop-process",
|
|
465
616
|
"stop-service",
|
|
617
|
+
"stop-trace",
|
|
466
618
|
"stop-transcript",
|
|
467
|
-
"suspend-
|
|
619
|
+
"suspend-job",
|
|
468
620
|
"suspend-service",
|
|
621
|
+
"switch-process",
|
|
469
622
|
"tee-object",
|
|
470
|
-
"test-applockerpolicy",
|
|
471
623
|
"test-computersecurechannel",
|
|
472
624
|
"test-connection",
|
|
625
|
+
"test-filecatalog",
|
|
626
|
+
"test-json",
|
|
473
627
|
"test-modulemanifest",
|
|
628
|
+
"test-pssessionconfigurationfile",
|
|
474
629
|
"test-path",
|
|
630
|
+
"test-scriptfileinfo",
|
|
475
631
|
"test-wsman",
|
|
476
632
|
"trace-command",
|
|
633
|
+
"unblock-file",
|
|
477
634
|
"undo-transaction",
|
|
635
|
+
"uninstall-module",
|
|
636
|
+
"uninstall-package",
|
|
637
|
+
"uninstall-script",
|
|
638
|
+
"unprotect-cmsmessage",
|
|
478
639
|
"unregister-event",
|
|
640
|
+
"unregister-psrepository",
|
|
479
641
|
"unregister-pssessionconfiguration",
|
|
642
|
+
"unregister-packagesource",
|
|
643
|
+
"unregister-scheduledjob",
|
|
480
644
|
"update-formatdata",
|
|
645
|
+
"update-help",
|
|
481
646
|
"update-list",
|
|
647
|
+
"update-module",
|
|
648
|
+
"update-modulemanifest",
|
|
649
|
+
"update-script",
|
|
650
|
+
"update-scriptfileinfo",
|
|
482
651
|
"update-typedata",
|
|
483
652
|
"use-transaction",
|
|
653
|
+
"wait-debugger",
|
|
484
654
|
"wait-event",
|
|
485
655
|
"wait-job",
|
|
486
656
|
"wait-process",
|
|
@@ -489,13 +659,11 @@
|
|
|
489
659
|
"write-error",
|
|
490
660
|
"write-eventlog",
|
|
491
661
|
"write-host",
|
|
662
|
+
"write-information",
|
|
492
663
|
"write-output",
|
|
493
664
|
"write-progress",
|
|
494
665
|
"write-verbose",
|
|
495
|
-
"write-warning"
|
|
496
|
-
"-encodedcommand",
|
|
497
|
-
"-executionpolicy",
|
|
498
|
-
"-psconsolefile"
|
|
666
|
+
"write-warning"
|
|
499
667
|
]
|
|
500
668
|
},
|
|
501
669
|
"operator": "phrase_match"
|
|
@@ -527,7 +695,7 @@
|
|
|
527
695
|
"address": "server.request.path_params"
|
|
528
696
|
}
|
|
529
697
|
],
|
|
530
|
-
"regex": "(?:\\$(?:\\((?:\\(.*\\)|.*)\\)|\\{.*})|[<>]\\(.*\\))",
|
|
698
|
+
"regex": "(?:\\$(?:\\((?:\\(.*\\)|.*)\\)|\\{.*})|\\/\\w*\\[!?.+\\]|[<>]\\(.*\\))",
|
|
531
699
|
"options": {
|
|
532
700
|
"case_sensitive": true,
|
|
533
701
|
"min_length": 3
|
|
@@ -560,7 +728,7 @@
|
|
|
560
728
|
"address": "server.request.path_params"
|
|
561
729
|
}
|
|
562
730
|
],
|
|
563
|
-
"regex": "(?:^|=)\\s*(?:
|
|
731
|
+
"regex": "(?:(?:^|=)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:[\\\"'])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:z(?:[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*(?:a(?:[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*o|d[\\x5c'\\\"]*e[\\x5c'\\\"]*c))?|o[\\x5c'\\\"]*r[\\x5c'\\\"]*e)|(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|4(?:[\\x5c'\\\"]*c(?:[\\x5c'\\\"]*a[\\x5c'\\\"]*t)?)?|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s))?|s(?:[\\x5c'\\\"]*(?:b[\\x5c'\\\"]*_[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*e|c[\\x5c'\\\"]*p[\\x5c'\\\"]*u|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d|p[\\x5c'\\\"]*c[\\x5c'\\\"]*i|u[\\x5c'\\\"]*s[\\x5c'\\\"]*b|-[\\x5c'\\\"]*F|o[\\x5c'\\\"]*f))?|e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:(?:f[\\x5c'\\\"]*i[\\x5c'\\\"]*l|p[\\x5c'\\\"]*i[\\x5c'\\\"]*p)[\\x5c'\\\"]*e|e[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*o)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*g(?:[\\x5c'\\\"]*i[\\x5c'\\\"]*n)?|c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*m)|w[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*-[\\x5c'\\\"]*d[\\x5c'\\\"]*o[\\x5c'\\\"]*w[\\x5c'\\\"]*n[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*d)?|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t)?|y[\\x5c'\\\"]*n[\\x5c'\\\"]*x)|z[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*(?:(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*g|n[\\x5c'\\\"]*o[\\x5c'\\\"]*t)[\\x5c'\\\"]*e|d[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*s|c[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*k|m[\\x5c'\\\"]*p)|s[\\x5c'\\\"]*p[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*t|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|i[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*o|t[\\x5c'\\\"]*o[\\x5c'\\\"]*o[\\x5c'\\\"]*l))?|s[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*d(?:[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|(?:c[\\x5c'\\\"]*a|m)[\\x5c'\\\"]*t))?|h)|(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|r[\\x5c'\\\"]*u[\\x5c'\\\"]*n)|b[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*p[\\x5c'\\\"]*2(?:[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*v[\\x5c'\\\"]*e[\\x5c'\\\"]*r)?|e[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|x[\\x5c'\\\"]*e)|(?:f[\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|z)|u[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*n|n[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p[\\x5c'\\\"]*2|s[\\x5c'\\\"]*y[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*x)|s[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|t[\\x5c'\\\"]*a[\\x5c'\\\"]*r)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:3[\\x5c'\\\"]*2|6[\\x5c'\\\"]*4|n[\\x5c'\\\"]*c)|h))|s[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*n[\\x5c'\\\"]*v|s[\\x5c'\\\"]*i[\\x5c'\\\"]*d)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*m[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l|d)|h(?:[\\x5c'\\\"]*\\.[\\x5c'\\\"]*d[\\x5c'\\\"]*i[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*r[\\x5c'\\\"]*i[\\x5c'\\\"]*b)?|o[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*r[\\x5c'\\\"]*c[\\x5c'\\\"]*e|c[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|t[\\x5c'\\\"]*r[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*g[\\x5c'\\\"]*s|y[\\x5c'\\\"]*s[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l|c[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*e[\\x5c'\\\"]*d|p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p|u[\\x5c'\\\"]*d[\\x5c'\\\"]*o|s[\\x5c'\\\"]*h|v[\\x5c'\\\"]*n)|p[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*a[\\x5c'\\\"]*r(?:[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p))?|y[\\x5c'\\\"]*t[\\x5c'\\\"]*h[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*[23]?[\\x5c'\\\"]*(?:\\.[0-9.\\x5c'\\\"]+)?(?:[dmu]+)?|k[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*x[\\x5c'\\\"]*e[\\x5c'\\\"]*c|i[\\x5c'\\\"]*l[\\x5c'\\\"]*l)|r[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*n[\\x5c'\\\"]*v|f)|(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e|f[\\x5c'\\\"]*t)[\\x5c'\\\"]*p|e[\\x5c'\\\"]*r[\\x5c'\\\"]*l(?:[\\x5c'\\\"]*5)?|h[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*[57])?|(?:i[\\x5c'\\\"]*g|x)[\\x5c'\\\"]*z|o[\\x5c'\\\"]*p[\\x5c'\\\"]*d)|n[\\x5c'\\\"]*(?:c(?:[\\x5c'\\\"]*(?:\\.[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*d[\\x5c'\\\"]*i[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*a[\\x5c'\\\"]*l|o[\\x5c'\\\"]*p[\\x5c'\\\"]*e[\\x5c'\\\"]*n[\\x5c'\\\"]*b[\\x5c'\\\"]*s[\\x5c'\\\"]*d)|a[\\x5c'\\\"]*t))?|e[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:k[\\x5c'\\\"]*i[\\x5c'\\\"]*t[\\x5c'\\\"]*-[\\x5c'\\\"]*f[\\x5c'\\\"]*t[\\x5c'\\\"]*p|(?:s[\\x5c'\\\"]*t|c)[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|o[\\x5c'\\\"]*h[\\x5c'\\\"]*u[\\x5c'\\\"]*p|p[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*g|s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|t[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*u[\\x5c'\\\"]*t[\\x5c'\\\"]*e|i[\\x5c'\\\"]*n[\\x5c'\\\"]*g)|s[\\x5c'\\\"]*h)|r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*u[\\x5c'\\\"]*t[\\x5c'\\\"]*e(?:[\\x5c'\\\"]*6)?|(?:i[\\x5c'\\\"]*m[\\x5c'\\\"]*e[\\x5c'\\\"]*o[\\x5c'\\\"]*u|e[\\x5c'\\\"]*l[\\x5c'\\\"]*n[\\x5c'\\\"]*e)[\\x5c'\\\"]*t|a[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l(?:[\\x5c'\\\"]*f)?|r))|r[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e|e[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|a[\\x5c'\\\"]*l[\\x5c'\\\"]*p[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*h|n[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*e)|u[\\x5c'\\\"]*b[\\x5c'\\\"]*y(?:[\\x5c'\\\"]*(?:1(?:[\\x5c'\\\"]*[89])?|2[\\x5c'\\\"]*[012]))?|m[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*s[\\x5c'\\\"]*e|d[\\x5c'\\\"]*i)[\\x5c'\\\"]*r|n[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*o|s[\\x5c'\\\"]*y[\\x5c'\\\"]*n[\\x5c'\\\"]*c|c[\\x5c'\\\"]*p)|u[\\x5c'\\\"]*(?:n[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*p[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|z[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*d|i[\\x5c'\\\"]*p)|(?:p[\\x5c'\\\"]*i[\\x5c'\\\"]*g|x)[\\x5c'\\\"]*z|l[\\x5c'\\\"]*z[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*a|4)|a[\\x5c'\\\"]*m[\\x5c'\\\"]*e|r[\\x5c'\\\"]*a[\\x5c'\\\"]*r|s[\\x5c'\\\"]*e[\\x5c'\\\"]*t)|s[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:(?:a[\\x5c'\\\"]*d|m[\\x5c'\\\"]*o)[\\x5c'\\\"]*d|d[\\x5c'\\\"]*e[\\x5c'\\\"]*l))|m[\\x5c'\\\"]*(?:y[\\x5c'\\\"]*s[\\x5c'\\\"]*q[\\x5c'\\\"]*l[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*u[\\x5c'\\\"]*m[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*s[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*w)?|h[\\x5c'\\\"]*o[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*p[\\x5c'\\\"]*y|a[\\x5c'\\\"]*d[\\x5c'\\\"]*m[\\x5c'\\\"]*i[\\x5c'\\\"]*n|s[\\x5c'\\\"]*h[\\x5c'\\\"]*o[\\x5c'\\\"]*w)|l[\\x5c'\\\"]*o[\\x5c'\\\"]*c[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*e|a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*q)|c[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:r[\\x5c'\\\"]*e[\\x5c'\\\"]*_[\\x5c'\\\"]*p[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*l[\\x5c'\\\"]*\\/[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p[\\x5c'\\\"]*d[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*s|m[\\x5c'\\\"]*m[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*d|p[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*c)|u[\\x5c'\\\"]*r[\\x5c'\\\"]*l|9[\\x5c'\\\"]*9|s[\\x5c'\\\"]*h|c)|x[\\x5c'\\\"]*(?:z(?:[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|d[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|e[\\x5c'\\\"]*c)|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e))?|a[\\x5c'\\\"]*r[\\x5c'\\\"]*g[\\x5c'\\\"]*s)|f[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*p[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*s|w[\\x5c'\\\"]*h[\\x5c'\\\"]*o)|i[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|e[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*h|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p)|g[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|e[\\x5c'\\\"]*x[\\x5c'\\\"]*e|i[\\x5c'\\\"]*p)|(?:u[\\x5c'\\\"]*n[\\x5c'\\\"]*z[\\x5c'\\\"]*i|r[\\x5c'\\\"]*e)[\\x5c'\\\"]*p|c[\\x5c'\\\"]*c)|e[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|v[\\x5c'\\\"]*a[\\x5c'\\\"]*l|x[\\x5c'\\\"]*e[\\x5c'\\\"]*c|n[\\x5c'\\\"]*v)|d[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*g|a[\\x5c'\\\"]*s[\\x5c'\\\"]*h|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|o[\\x5c'\\\"]*a[\\x5c'\\\"]*s)|j[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*b[\\x5c'\\\"]*s[\\x5c'\\\"]*\\s+[\\x5c'\\\"]*-[\\x5c'\\\"]*x|a[\\x5c'\\\"]*v[\\x5c'\\\"]*a)|w[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*i|g[\\x5c'\\\"]*e[\\x5c'\\\"]*t|3[\\x5c'\\\"]*m)|i[\\x5c'\\\"]*r[\\x5c'\\\"]*b(?:[\\x5c'\\\"]*(?:1(?:[\\x5c'\\\"]*[89])?|2[\\x5c'\\\"]*[012]))?|o[\\x5c'\\\"]*n[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*r|h[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*p)|v[\\x5c'\\\"]*i[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r|p[\\x5c'\\\"]*w)|7[\\x5c'\\\"]*z(?:[\\x5c'\\\"]*[ar])?|G[\\x5c'\\\"]*E[\\x5c'\\\"]*T|k[\\x5c'\\\"]*s[\\x5c'\\\"]*h)|\\$[\\x5c'\\\"]*(?:\\{[\\x5c'\\\"]*S[\\x5c'\\\"]*H[\\x5c'\\\"]*E[\\x5c'\\\"]*L[\\x5c'\\\"]*L[\\x5c'\\\"]*}|S[\\x5c'\\\"]*H[\\x5c'\\\"]*E[\\x5c'\\\"]*L[\\x5c'\\\"]*L))[\\x5c'\\\"]*(?:\\s|;|\\||&|<|>)",
|
|
564
732
|
"options": {
|
|
565
733
|
"case_sensitive": true,
|
|
566
734
|
"min_length": 3
|
|
@@ -608,7 +776,7 @@
|
|
|
608
776
|
]
|
|
609
777
|
}
|
|
610
778
|
],
|
|
611
|
-
"regex": ".*\\.(?:
|
|
779
|
+
"regex": ".*\\.ph(?:p\\d*|tml|ar|ps|t|pt)\\.*$",
|
|
612
780
|
"options": {
|
|
613
781
|
"case_sensitive": true,
|
|
614
782
|
"min_length": 4
|
|
@@ -676,10 +844,10 @@
|
|
|
676
844
|
"address": "server.request.path_params"
|
|
677
845
|
}
|
|
678
846
|
],
|
|
679
|
-
"regex": "(
|
|
847
|
+
"regex": "(?:\\(.+\\)\\(.+\\)|\\(.+\\)['\\\"][a-zA-Z-_0-9]+['\\\"]\\(.+\\)|\\[\\d+\\]\\(.+\\)|\\{\\d+\\}\\(.+\\)|\\$[^(?:\\),.;\\x5c/]+\\(.+\\)|[\\\"'][a-zA-Z0-9-_\\x5c]+[\\\"']\\(.+\\)|\\([^\\)]*string[^\\)]*\\)[a-zA-Z-_0-9\\\"'.{}\\[\\]\\s]+\\([^\\)]*\\));",
|
|
680
848
|
"options": {
|
|
681
849
|
"case_sensitive": true,
|
|
682
|
-
"min_length":
|
|
850
|
+
"min_length": 6
|
|
683
851
|
}
|
|
684
852
|
},
|
|
685
853
|
"operator": "match_regex"
|
|
@@ -815,29 +983,17 @@
|
|
|
815
983
|
]
|
|
816
984
|
},
|
|
817
985
|
{
|
|
818
|
-
"id": "crs-941-
|
|
819
|
-
"name": "
|
|
986
|
+
"id": "crs-941-190",
|
|
987
|
+
"name": "IE XSS Filters - Attack Detected",
|
|
820
988
|
"tags": {
|
|
821
989
|
"type": "xss",
|
|
822
|
-
"crs_id": "
|
|
990
|
+
"crs_id": "941190",
|
|
823
991
|
"category": "attack_attempt"
|
|
824
992
|
},
|
|
825
993
|
"conditions": [
|
|
826
994
|
{
|
|
827
995
|
"parameters": {
|
|
828
996
|
"inputs": [
|
|
829
|
-
{
|
|
830
|
-
"address": "server.request.headers.no_cookies",
|
|
831
|
-
"key_path": [
|
|
832
|
-
"user-agent"
|
|
833
|
-
]
|
|
834
|
-
},
|
|
835
|
-
{
|
|
836
|
-
"address": "server.request.headers.no_cookies",
|
|
837
|
-
"key_path": [
|
|
838
|
-
"referer"
|
|
839
|
-
]
|
|
840
|
-
},
|
|
841
997
|
{
|
|
842
998
|
"address": "server.request.query"
|
|
843
999
|
},
|
|
@@ -848,9 +1004,10 @@
|
|
|
848
1004
|
"address": "server.request.path_params"
|
|
849
1005
|
}
|
|
850
1006
|
],
|
|
851
|
-
"regex": "(
|
|
1007
|
+
"regex": "(?i:<style.*?>.*?(?:@[i\\x5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(?:\\x5c]|&#x?0*(?:40|28|92|5C);?)))",
|
|
852
1008
|
"options": {
|
|
853
|
-
"
|
|
1009
|
+
"case_sensitive": true,
|
|
1010
|
+
"min_length": 9
|
|
854
1011
|
}
|
|
855
1012
|
},
|
|
856
1013
|
"operator": "match_regex"
|
|
@@ -861,11 +1018,11 @@
|
|
|
861
1018
|
]
|
|
862
1019
|
},
|
|
863
1020
|
{
|
|
864
|
-
"id": "crs-941-
|
|
1021
|
+
"id": "crs-941-250",
|
|
865
1022
|
"name": "IE XSS Filters - Attack Detected",
|
|
866
1023
|
"tags": {
|
|
867
1024
|
"type": "xss",
|
|
868
|
-
"crs_id": "
|
|
1025
|
+
"crs_id": "941250",
|
|
869
1026
|
"category": "attack_attempt"
|
|
870
1027
|
},
|
|
871
1028
|
"conditions": [
|
|
@@ -882,10 +1039,10 @@
|
|
|
882
1039
|
"address": "server.request.path_params"
|
|
883
1040
|
}
|
|
884
1041
|
],
|
|
885
|
-
"regex": "(?i:<
|
|
1042
|
+
"regex": "(?i:<META[\\s/+].*?http-equiv[\\s/+]*=[\\s/+]*[\\\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))",
|
|
886
1043
|
"options": {
|
|
887
1044
|
"case_sensitive": true,
|
|
888
|
-
"min_length":
|
|
1045
|
+
"min_length": 18
|
|
889
1046
|
}
|
|
890
1047
|
},
|
|
891
1048
|
"operator": "match_regex"
|
|
@@ -896,11 +1053,11 @@
|
|
|
896
1053
|
]
|
|
897
1054
|
},
|
|
898
1055
|
{
|
|
899
|
-
"id": "crs-941-
|
|
1056
|
+
"id": "crs-941-260",
|
|
900
1057
|
"name": "IE XSS Filters - Attack Detected",
|
|
901
1058
|
"tags": {
|
|
902
1059
|
"type": "xss",
|
|
903
|
-
"crs_id": "
|
|
1060
|
+
"crs_id": "941260",
|
|
904
1061
|
"category": "attack_attempt"
|
|
905
1062
|
},
|
|
906
1063
|
"conditions": [
|
|
@@ -917,10 +1074,10 @@
|
|
|
917
1074
|
"address": "server.request.path_params"
|
|
918
1075
|
}
|
|
919
1076
|
],
|
|
920
|
-
"regex": "(?i:<META[\\s/+].*?
|
|
1077
|
+
"regex": "(?i:<META[\\s/+].*?charset[\\s/+]*=)",
|
|
921
1078
|
"options": {
|
|
922
1079
|
"case_sensitive": true,
|
|
923
|
-
"min_length":
|
|
1080
|
+
"min_length": 14
|
|
924
1081
|
}
|
|
925
1082
|
},
|
|
926
1083
|
"operator": "match_regex"
|
|
@@ -931,11 +1088,11 @@
|
|
|
931
1088
|
]
|
|
932
1089
|
},
|
|
933
1090
|
{
|
|
934
|
-
"id": "crs-941-
|
|
935
|
-
"name": "
|
|
1091
|
+
"id": "crs-941-370",
|
|
1092
|
+
"name": "JavaScript global variable found",
|
|
936
1093
|
"tags": {
|
|
937
1094
|
"type": "xss",
|
|
938
|
-
"crs_id": "
|
|
1095
|
+
"crs_id": "941370",
|
|
939
1096
|
"category": "attack_attempt"
|
|
940
1097
|
},
|
|
941
1098
|
"conditions": [
|
|
@@ -952,25 +1109,23 @@
|
|
|
952
1109
|
"address": "server.request.path_params"
|
|
953
1110
|
}
|
|
954
1111
|
],
|
|
955
|
-
"regex": "(
|
|
1112
|
+
"regex": "(?:self|document|this|top|window)\\s*(?:/\\*|[\\[)]).+?(?:\\]|\\*/)",
|
|
956
1113
|
"options": {
|
|
957
1114
|
"case_sensitive": true,
|
|
958
|
-
"min_length":
|
|
1115
|
+
"min_length": 6
|
|
959
1116
|
}
|
|
960
1117
|
},
|
|
961
1118
|
"operator": "match_regex"
|
|
962
1119
|
}
|
|
963
1120
|
],
|
|
964
|
-
"transformers": [
|
|
965
|
-
"removeNulls"
|
|
966
|
-
]
|
|
1121
|
+
"transformers": []
|
|
967
1122
|
},
|
|
968
1123
|
{
|
|
969
|
-
"id": "crs-941-
|
|
970
|
-
"name": "
|
|
1124
|
+
"id": "crs-941-380",
|
|
1125
|
+
"name": "AngularJS client side template injection detected",
|
|
971
1126
|
"tags": {
|
|
972
|
-
"type": "
|
|
973
|
-
"crs_id": "
|
|
1127
|
+
"type": "js_code_injection",
|
|
1128
|
+
"crs_id": "941380",
|
|
974
1129
|
"category": "attack_attempt"
|
|
975
1130
|
},
|
|
976
1131
|
"conditions": [
|
|
@@ -987,10 +1142,10 @@
|
|
|
987
1142
|
"address": "server.request.path_params"
|
|
988
1143
|
}
|
|
989
1144
|
],
|
|
990
|
-
"regex": "
|
|
1145
|
+
"regex": "^{{[\\w\\s\\.]*[^\\w\\.\\s}][^}]*}}$",
|
|
991
1146
|
"options": {
|
|
992
1147
|
"case_sensitive": true,
|
|
993
|
-
"min_length":
|
|
1148
|
+
"min_length": 5
|
|
994
1149
|
}
|
|
995
1150
|
},
|
|
996
1151
|
"operator": "match_regex"
|
|
@@ -999,11 +1154,11 @@
|
|
|
999
1154
|
"transformers": []
|
|
1000
1155
|
},
|
|
1001
1156
|
{
|
|
1002
|
-
"id": "crs-
|
|
1003
|
-
"name": "
|
|
1157
|
+
"id": "crs-942-151",
|
|
1158
|
+
"name": "SQL function injection Attack",
|
|
1004
1159
|
"tags": {
|
|
1005
|
-
"type": "
|
|
1006
|
-
"crs_id": "
|
|
1160
|
+
"type": "sql_injection",
|
|
1161
|
+
"crs_id": "942151",
|
|
1007
1162
|
"category": "attack_attempt"
|
|
1008
1163
|
},
|
|
1009
1164
|
"conditions": [
|
|
@@ -1020,10 +1175,10 @@
|
|
|
1020
1175
|
"address": "server.request.path_params"
|
|
1021
1176
|
}
|
|
1022
1177
|
],
|
|
1023
|
-
"regex": "
|
|
1178
|
+
"regex": "\\b(?:s(?:q(?:lite_(?:compileoption_(?:used|get)|source_id)|rt)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|ub(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|e(?:ssion_user|c_to_time)|ys(?:tem_user|date)|ha[12]?|oundex|chema|pace|in)|c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|llation|alesce|t)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|ha(?:racte)?r_length|iel(?:ing)?|r32)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)|fnull)|l(?:o(?:ca(?:ltimestamp|te)|g(?:10|2)|ad_file|wer)|i(?:kel(?:ihood|y)|nestring)|ast_(?:inser_id|day)|e(?:as|f)t|case|trim|pad)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)|abase)|y(?:of(?:month|week|year)|name))|e(?:s_(?:de|en)crypt|grees|code)|count|ump)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|likely|hex)|tc_(?:time(?:stamp)?|date)|uid(?:_short)?|pdatexml|case)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im))|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|ulti(?:po(?:lygon|int)|linestring)|i(?:crosecon)?d|onthname|d5)|g(?:e(?:t_(?:format|lock)|ometrycollection)|(?:r(?:oup_conca|eates)|tid_subse)t)|p(?:o(?:(?:siti|lyg)on|w)|eriod_(?:diff|add)|rocedure_analyse|g_sleep)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|tan2?)|f(?:rom_(?:unixtime|base64|days)|i(?:el|n)d_in_set|ound_rows)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|b(?:i(?:t_(?:length|count|x?or|and)|n_to_num)|enchmark)|r(?:a(?:wtohex|dians|nd)|elease_lock|ow_count|trim|pad)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)|ight_string)|json(?:_(?:object|array))?|n(?:ame_const|ot_in|ullif)|var(?:_(?:sam|po)p|iance)|qu(?:arter|ote)|hex(?:toraw)?|yearweek|xmltype)\\W*\\(",
|
|
1024
1179
|
"options": {
|
|
1025
|
-
"case_sensitive":
|
|
1026
|
-
"min_length":
|
|
1180
|
+
"case_sensitive": false,
|
|
1181
|
+
"min_length": 4
|
|
1027
1182
|
}
|
|
1028
1183
|
},
|
|
1029
1184
|
"operator": "match_regex"
|
|
@@ -1063,6 +1218,41 @@
|
|
|
1063
1218
|
],
|
|
1064
1219
|
"transformers": []
|
|
1065
1220
|
},
|
|
1221
|
+
{
|
|
1222
|
+
"id": "crs-942-190",
|
|
1223
|
+
"name": "Detects MSSQL code execution and information gathering attempts",
|
|
1224
|
+
"tags": {
|
|
1225
|
+
"type": "sql_injection",
|
|
1226
|
+
"crs_id": "942190",
|
|
1227
|
+
"category": "attack_attempt"
|
|
1228
|
+
},
|
|
1229
|
+
"conditions": [
|
|
1230
|
+
{
|
|
1231
|
+
"parameters": {
|
|
1232
|
+
"inputs": [
|
|
1233
|
+
{
|
|
1234
|
+
"address": "server.request.query"
|
|
1235
|
+
},
|
|
1236
|
+
{
|
|
1237
|
+
"address": "server.request.body"
|
|
1238
|
+
},
|
|
1239
|
+
{
|
|
1240
|
+
"address": "server.request.path_params"
|
|
1241
|
+
},
|
|
1242
|
+
{
|
|
1243
|
+
"address": "grpc.server.request.message"
|
|
1244
|
+
}
|
|
1245
|
+
],
|
|
1246
|
+
"regex": "(?:\\b(?:u(?:nion(?:[\\w(?:\\s]*?select|\\sselect\\s@)|ser\\s*?\\([^\\)]*?)|(?:c(?:onnection_id|urrent_user)|database)\\s*?\\([^\\)]*?|s(?:chema\\s*?\\([^\\)]*?|elect.*?\\w?user\\()|into[\\s+]+(?:dump|out)file\\s*?[\\\"'`]|from\\W+information_schema\\W|exec(?:ute)?\\s+master\\.)|[\\\"'`](?:;?\\s*?(?:union\\b\\s*?(?:(?:distin|sele)ct|all)|having|select)\\b\\s*?[^\\s]|\\s*?!\\s*?[\\\"'`\\w])|\\s*?exec(?:ute)?.*?\\Wxp_cmdshell|\\Wiif\\s*?\\()",
|
|
1247
|
+
"options": {
|
|
1248
|
+
"min_length": 3
|
|
1249
|
+
}
|
|
1250
|
+
},
|
|
1251
|
+
"operator": "match_regex"
|
|
1252
|
+
}
|
|
1253
|
+
],
|
|
1254
|
+
"transformers": []
|
|
1255
|
+
},
|
|
1066
1256
|
{
|
|
1067
1257
|
"id": "crs-942-230",
|
|
1068
1258
|
"name": "Detects conditional SQL injection attempts",
|
|
@@ -1085,9 +1275,9 @@
|
|
|
1085
1275
|
"address": "server.request.path_params"
|
|
1086
1276
|
}
|
|
1087
1277
|
],
|
|
1088
|
-
"regex": "(
|
|
1278
|
+
"regex": "(?:select.*?having\\s*?[^\\s]+\\s*?[^\\w\\s]|[\\s(?:)]case\\s+when.*?then|\\)\\s*?like\\s*?\\()",
|
|
1089
1279
|
"options": {
|
|
1090
|
-
"case_sensitive":
|
|
1280
|
+
"case_sensitive": false,
|
|
1091
1281
|
"min_length": 5
|
|
1092
1282
|
}
|
|
1093
1283
|
},
|
|
@@ -1150,7 +1340,7 @@
|
|
|
1150
1340
|
"address": "server.request.path_params"
|
|
1151
1341
|
}
|
|
1152
1342
|
],
|
|
1153
|
-
"regex": "(?:;\\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|alter|load)\\b\\s*?[\\[(?:]?\\w{2,}|create\\s+function\\s
|
|
1343
|
+
"regex": "(?:;\\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|alter|load)\\b\\s*?[\\[(?:]?\\w{2,}|create\\s+function\\s.+\\sreturns)",
|
|
1154
1344
|
"options": {
|
|
1155
1345
|
"min_length": 7
|
|
1156
1346
|
}
|
|
@@ -1219,7 +1409,7 @@
|
|
|
1219
1409
|
"address": "server.request.path_params"
|
|
1220
1410
|
}
|
|
1221
1411
|
],
|
|
1222
|
-
"regex": "(
|
|
1412
|
+
"regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]|\\?)?|\\?\\.?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
|
|
1223
1413
|
"options": {
|
|
1224
1414
|
"min_length": 4
|
|
1225
1415
|
}
|
|
@@ -1250,7 +1440,7 @@
|
|
|
1250
1440
|
"address": "server.request.path_params"
|
|
1251
1441
|
}
|
|
1252
1442
|
],
|
|
1253
|
-
"regex": "(?:(?:^|[
|
|
1443
|
+
"regex": "(?:(?:^|[\\x5c/])\\.{2,3}[\\x5c/]|[\\x5c/]\\.{2,3}(?:[\\x5c/]|$))",
|
|
1254
1444
|
"options": {
|
|
1255
1445
|
"case_sensitive": true,
|
|
1256
1446
|
"min_length": 3
|