Skip to content

Instantly share code, notes, and snippets.

View dune73's full-sized avatar

Christian Folini dune73

99 followers · 2 following
View GitHub Profile
@dune73
dune73 / e-collecting-hackathon-overview.md
Last active October 27, 2025 23:14
Overview of Team Approaches for E-Collecting Hackathon Oct 31 / Nov 1, 2025
@dune73
dune73 / e-collecting-team-approach.md
Last active October 26, 2025 09:19
E-Collecting Hackathon Overview of all the Teams
@dune73
dune73 / ftw-quantitative-wrapper.sh
Created November 2, 2024 17:56
ftw-quantitative-wrapper.sh (Wrapper script to run ftw in quantitative testing mode across many languages)
#!/bin/bash
#
# Wrapper script to run ftw in quantitative testing mode across many languages.
# First it executes ftw and saves the results in JSON format.
# Then it loops over the locally saved results.
#
# strict bash behavior: seehttp://redsymbol.net/articles/unofficial-bash-strict-mode/
#set -euo pipefail
IFS=$'\n\t'
@dune73
dune73 / gist:0787d6bd8a957c307fb1a32cb6600928
Created March 28, 2024 10:51
CRS Release Policy Blog Post
# Towards a new OWASP CRS Release Policy
With the release of CRS 4.0.0 (2024-02-14), we have also started a line of
monthly releases. CRS 4.1.0 came out on March 21, so we're getting
into the habit. But there is a lot more to this than only a monthly
release and we have not explored these topics yet. This was also
highlighted in a public issue
(FIXME: Link https://github.com/coreruleset/coreruleset/issues/3624)
and a conversation in our Slack recently (OWASP Slack, channel #coreruleset).
@dune73
dune73 / gist:03bdb439392adb89dcb09c89e9600355
Created January 12, 2024 15:45
ServerName localhost
ServerAdmin root@localhost
ServerRoot /apache
User www-data
Group www-data
PidFile logs/httpd.pid
ServerTokens Prod
UseCanonicalName On
TraceEnable Off
@dune73
dune73 / tmp.py
Created December 12, 2023 10:19
#! /usr/bin/env python
import subprocess
import json
import datetime
import sys
import os
def get_issue(repository: str, number: int) -> dict:
command = f"""gh issue view \
@dune73
dune73 / gist:73fb80fce1373b466e00b80397f333d9
Created December 15, 2021 21:40
BEFORE CRS INCLUDE:
# Defense against CVE-2021-44228
# See https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/
SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/|XML://@ "@rx (?:\${[^}]{0,4}\${|\${(?:jndi|ctx))" \
"id:1005,\
phase:2,\
block,\
t:none,t:urlDecodeUni,t:cmdline,\
@dune73
dune73 / cve-2020-15598.patch
Created September 13, 2020 22:53
diff --git a/src/operators/rx.cc b/src/operators/rx.cc
index 43f6444b..b4fc6ff4 100644
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@@ -1,6 +1,6 @@
/*
* ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
@dune73
dune73 / testest
Created September 13, 2020 22:48
xxx
@dune73
dune73 / crs-kindergarden.txt
Created September 2, 2020 12:20
Draft proposal CRS-Kindergarden
Purpose
-------
This is a CRS side project with non-blocking rules in beta quality. The idea
is to allow people to use these rules in production and to provide
feedback so we can adjust them or include them at the right paranoia
level in the real releases.
Rules in Kindergarden are meant to do no harm, but they are still beta.