[feat]: register XXE_INJECTION detection rule with score 0.82

This commit is contained in:
surya 2026-07-04 21:36:08 +05:30
parent 22c9f66dcf
commit a12df57316
1 changed files with 5 additions and 3 deletions

View File

@ -5,11 +5,11 @@ rules.py
Cold-start rule-based detection engine inspired by
ModSecurity Core Rule Set
RuleEngine.score_request evaluates requests against 9
RuleEngine.score_request evaluates requests against 10
regex-based _PatternRules (LOG4SHELL 0.95, COMMAND_
INJECTION 0.90, SQL_INJECTION 0.85, XSS 0.80, FILE_
INCLUSION 0.75, SSRF 0.70, CRLF_INJECTION 0.65,
PATH_TRAVERSAL 0.60, OPEN_REDIRECT 0.55),
INCLUSION 0.75, XXE_INJECTION 0.82, SSRF 0.70, CRLF_
INJECTION 0.65, PATH_TRAVERSAL 0.60, OPEN_REDIRECT 0.55),
double-encoding detection (0.40), scanner user-agent
signature matching (0.35), and 2 _ThresholdRules
(RATE_ANOMALY >100 req/min 0.30, HIGH_ERROR_RATE >50%
@ -46,6 +46,7 @@ from app.core.features.patterns import (
SQLI,
SSRF,
XSS,
XXE_INJECTION,
)
from app.core.features.signatures import SCANNER_USER_AGENTS
from app.core.detection.ensemble import classify_severity as _classify_severity
@ -78,6 +79,7 @@ _PATTERN_RULES: list[_PatternRule] = [
_PatternRule("COMMAND_INJECTION", COMMAND_INJECTION, 0.90),
_PatternRule("SQL_INJECTION", SQLI, 0.85),
_PatternRule("XSS", XSS, 0.80),
_PatternRule("XXE_INJECTION", XXE_INJECTION, 0.82),
_PatternRule("FILE_INCLUSION", FILE_INCLUSION, 0.75),
_PatternRule("SSRF", SSRF, 0.70),
_PatternRule("PATH_TRAVERSAL", PATH_TRAVERSAL, 0.60),