Skip to content

JS "fetch" and "import" (partially) not being detected #3632

New issue
New issue
Closed
#4076
Closed
JS "fetch" and "import" (partially) not being detected#3632
#4076
Labels
➖ False Negative - Evasion
@dune73

Description

@dune73
dune73
opened on Mar 27, 2024

Description

$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d 'foo=fetch("https://jsonplaceholder.typicode.com/todos/1")'
-- no output --

$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d 'foo=import * as name from "module.js";'
-- no output --

$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d 'foo=import { sayHi, sayBye } from "./greeting.js";'
942100 PL1 SQL Injection Attack Detected via libinjection

Metadata

Metadata

Assignees

No one assigned

    Labels

    ➖ False Negative - Evasion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions