File: //etc/modsecurity.d/owasp/regex-assembly/932230.ra
##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.
##! Word list for rule 932230 (RCE for commands of two and three character words)
##!
##! Per discussion in https://github.com/coreruleset/coreruleset/issues/2632, we decided
##! to extend the cmdline evasion regex, so we are applying the evasion to a subset of the
##! original 93210(0|5) rules: the subset of commands from two or three characters that might pose
##! a greater risk of false positives.
##!+ i
##!$ \b
##!> assemble
##!> include unix-shell-evasion-prefix
##!> cmdline unix
##!> include-except unix-shell-upto3 unix-shell-fps-pl1
##!<
##!<