1
I have about ~4 years of experience in the world of software development; web apps (mostly fullstack), LPs, and some mobile apps. Still mostly 'young' experience compared to most of you.
After having seen the recent Github Universe, I began to quiver at the thought of my near-future career advances if I didn't submit to using the newest AI-tools like co-pilot. (Perhaps submit is the wrong word here as it could have negative connotations for some that do use it often).
What are you opinions on these new AI tools like chatgpt / co-pilot that, from the conferences and talks, seem to be able to be pretty much a pair programmer? Am I fool not using it? Why do I feel like if I do use it I won't learn as much as I do (or feel like I do) when I am having to shuffle through docs/forums for answers and questions?
Do you guys use it? How often? Any and all responses appreciated!
`evaluatePreconfiguredWaf('sqli-v33-stable', {'sensitivity': 1})`
Our client told us that all of the sudden they could not update a specific piece of data that had a certain word in it (it's a Japanese address, in Kanji). We checked through the load balancer logs and we found that this waf rule: owasp-crs-v030301-id942100-sqli was the one that was called from our network security policy.
We then set the policy waf rules to:
`evaluatePreconfiguredWaf('sqli-v33-stable', {'sensitivity': 1, 'opt_out_rule_ids': ['owasp-crs-v030301-id942100-sqli']})`
And it passed without any issue. We made sure that the change was reflected by also changing our priority level on this particular policy, and the log confirmed that by showing us the new priority level on all passing POST/GET requests.
The description for 942100-sqli is: SQL Injection Attack Detected via libinjection.
I was curious, why did it first let it pass and successfully insert the data but then caught it as a SQL injection when our client tried to update it? (there was about a month in time difference between inserting and trying to update).
I can assume that maybe GCP updated somethings on their end, influencing the sqli rule, but another weird part of it is that it works all the time on our staging cloud run. It has the same settings as our prod (including the initial sqli rules mentioned above). In staging, we can insert / update the same data with the same kanji without any issues.
Although it seems to have been solved by opting out of that specific rule, I wanted to ask why this was? Why did it start to catch it all of the sudden and why doesn't it work / catch the same things on staging? What is libinjection?
(cloud armor link: https://cloud.google.com/armor/docs/waf-rules)