This is the Agenda for the Monthly CRS Chat.

The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, February 10, at 20:30 CET.

Items on the Agenda:

• Previous Meetings decisions: #1654 (comment)

PRs

• Problems with Travis
• PR #1679 new vuln scanner
• PR #1678 cleanup: Remove req msg dot
• PR #1675 solves issue #1605.
• PR #1674 solves issues #1607 and #1598 and adds regression tests for 942230.
• PR #1673 Xenforo
• PR #1668 Avoid embedded anchors in CRS rule 942330
• PR #1667: Work in progres
• PR #1663 RE2 compatibility for 920120
• PR #1659 Fix 930100 and 930110 (REQUEST_BODY)
• PR #1616 Revert #578: we are still waiting for the commit message update explaining why. :)
• More PRs need more work

Other items

• We are going to migrate our github away from SpiderLabs to an organization of our own. This is probably happening in March and Trustwave has agreed to support this migration. Support is vital because we meed TW to export the discussion history (issues and PRs).
• @fzipi has provided a draft for the new CAPEC tagging - but @dune73 failed to look into it.

Open Issues

In January, we decided to look into 10 issues at the chat every month. But only after the Other items. Pick the issues before the meeting and list them below.

• General problem with newly discovered DoS issues in our rules
• Issue slot 1: #1227 Ensure that all rules with ARGS also consider XML:*
• Issue slot 2: #610 Review severity levels of CRS to make sure all rules have severity levels
• Issue slot 3: #650 Consistent support for the "ver" action
• Issue slot 4: ...
• Issue slot 5: ...
• Issue slot 6: ...
• Issue slot 7: ...
• Issue slot 8: ...
• Issue slot 9: ...
• Issue slot 10: ...

Feel free to add items as you see fit either above, or below as comments.

If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNjExMTc3MTg0MzU4LWQ2Nzg3NGJiZGQ2MjRmNzkzN2Q4YzU1MWYyZTdjYjA2ZTA5M2RkNzE2ZjdkNzI5ZThhOWY5MjljYWZmYmY4ZjM .
Everybody is welcome to join our community chat.

Decisions

PRs

• Problems with Travis: We are unsure as to why this happens. @franbuehler will investigate this for an hour or two on Tuesday, if she fails, @dune73 will try and pick it up. Longterm, we want to replace Travis with github actions. @fzipitria is working on this.
• #1679 will be merged as soon as Travis works again
• #1678 will be merged as soon as Travis works again
• #1675 has been merged during the meeting by accident, it worked when tested locally.
• #1674 dune73 will review this; will be merged afterwards if Travis works again
• #1673 will be merged as soon as Travis works again
• #1668 @franbuehler will review this
• #1667 is a work in progress, thus skipped
• #1663 @dune73 will investigate the performance situation with this proposed update
• #1659 will be merged since @themiddle has tested this extensively
• #1616 is still waiting for an update
• #1310 will be merged after a rebase by @themiddle so the table is clean for more request splitting rules afterwards

Other issues

• We will be moving our repository to https://github.com/coreruleset in March
  The following people will work on this: @dune73, @lifeforms and @fzipitria
• Sponsoring is moving along, but there are issues with HQ
• CAPEC tagging is making progres thanks to @fzipitria and his student.
  @lifeforms and @dune73 will review 2nd draft.
  @dune73 shares a story how a CISO of a big bank bumped into one of his
  classes, saw one of the few rules with CAPEC tagging on the screen and
  got very excited that this is great and really what is needed for
  management and reports...
• The long absence of co-lead @csanders-git is affecting the project. We need to talk to him.

Issues

• #1665: Discussed this quite long. It's a serious problem, @dune73 came up with a simpler rule that @airween will now check
• #1227: @lifeforms volunteered
• #650: postponed (maybe @lifeforms if #1227 works nicely)
• #610: postponed (maybe @lifeforms if #1227 works nicely)
• #606: kill issue, we have not been able to do a PR for this, so we better give up for now
• #597: @emphazer, but he will probably take until end of March to provide PR
• #501: assigned to @themiddle, who is already running the rule in prod
• #437: axe it
• #369: can be removed in light of greater transformation PR
• #276: @dune73

Thank you @dune73 for leading the meeting and for your excellent work!!

Thank you very much. Glad we made so much progress.

Yesterday was a decisive meeting since we decided to tackle 10 issues per month. The start is now made. If we really manage to solve them, we have manged the turnaround and can look forward.