[feat]: register XXE_INJECTION detection rule with score 0.82
This commit is contained in:
parent
22c9f66dcf
commit
a12df57316
|
|
@ -5,11 +5,11 @@ rules.py
|
|||
Cold-start rule-based detection engine inspired by
|
||||
ModSecurity Core Rule Set
|
||||
|
||||
RuleEngine.score_request evaluates requests against 9
|
||||
RuleEngine.score_request evaluates requests against 10
|
||||
regex-based _PatternRules (LOG4SHELL 0.95, COMMAND_
|
||||
INJECTION 0.90, SQL_INJECTION 0.85, XSS 0.80, FILE_
|
||||
INCLUSION 0.75, SSRF 0.70, CRLF_INJECTION 0.65,
|
||||
PATH_TRAVERSAL 0.60, OPEN_REDIRECT 0.55),
|
||||
INCLUSION 0.75, XXE_INJECTION 0.82, SSRF 0.70, CRLF_
|
||||
INJECTION 0.65, PATH_TRAVERSAL 0.60, OPEN_REDIRECT 0.55),
|
||||
double-encoding detection (0.40), scanner user-agent
|
||||
signature matching (0.35), and 2 _ThresholdRules
|
||||
(RATE_ANOMALY >100 req/min 0.30, HIGH_ERROR_RATE >50%
|
||||
|
|
@ -46,6 +46,7 @@ from app.core.features.patterns import (
|
|||
SQLI,
|
||||
SSRF,
|
||||
XSS,
|
||||
XXE_INJECTION,
|
||||
)
|
||||
from app.core.features.signatures import SCANNER_USER_AGENTS
|
||||
from app.core.detection.ensemble import classify_severity as _classify_severity
|
||||
|
|
@ -78,6 +79,7 @@ _PATTERN_RULES: list[_PatternRule] = [
|
|||
_PatternRule("COMMAND_INJECTION", COMMAND_INJECTION, 0.90),
|
||||
_PatternRule("SQL_INJECTION", SQLI, 0.85),
|
||||
_PatternRule("XSS", XSS, 0.80),
|
||||
_PatternRule("XXE_INJECTION", XXE_INJECTION, 0.82),
|
||||
_PatternRule("FILE_INCLUSION", FILE_INCLUSION, 0.75),
|
||||
_PatternRule("SSRF", SSRF, 0.70),
|
||||
_PatternRule("PATH_TRAVERSAL", PATH_TRAVERSAL, 0.60),
|
||||
|
|
|
|||
Loading…
Reference in New Issue