Replies: 1 comment
-
I bet the parser is terminating at |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a test case I am trying after updating to the latest HEAD after the ACL rules and profile were split and wondering what the expected behavior should be. The example I am trying combines both a disallowed extension and a path traversal attack and I expect it to flag both rules or just the disallowed extension since we are calling ACL process before profile process but in my case it is only flagging the path traversal. For reference the path I tried is something like this: "/abc/../abc/def/ghi/../../../../../../etc/passwd?/abc/def/ghi/desktop/0.8.231/yahoo-messenger-0.8.231-win32.exe" but it doesn't work as expected. I tried the same path with the previous code which uses the combined profile and ACL but I get the same result so I am thinking maybe it is a misunderstanding of how the test should behave on such an input and a different input might be necessary to test what I want. Do you have a suggestion for a test that has both something from ACL and profiles section to flag correctly?
Beta Was this translation helpful? Give feedback.
All reactions