Paranoia Level 1 does not catch sqlite expression (double ==)

### Description

The SQL injection `' or 1==1;--` is not detected in Paranoia Level 1, while the expression with only one equals character  (`' or 1=1;--`) is detected by rule 942100.

The option to use double "==" seems to be a specialty in sqlite ([sqlite docs](https://www.sqlite.org/lang_expr.html#:~:text=equals%20can%20be%20either%20=%20or%20==.)): 

Since its rather a trivial variation of regular sql syntax, I think this should be covered in rule 942100  / PL 1.

### How to reproduce 

```
curl --location 'https://sandbox.coreruleset.org/' \
--header 'x-format-output: txt-matched-rules' \
--data-urlencode 'username="or 1==1;--'
```
Furthermore one OWASP Juiceshop challenge is SQL injection on the admin Login. With both expressions the exploit is possible. 

### Environment

* Coraza 3.3.3 or ModSecurity for Apache 2.9.8 
* CRS 4.14.0


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Paranoia Level 1 does not catch sqlite expression (double ==) #4121

Description

How to reproduce

Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Paranoia Level 1 does not catch sqlite expression (double ==) #4121

Description

Description

How to reproduce

Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions