fix: FP when searching for plugins (#48)

* Update wordpress-rule-exclusions-before.conf * Create 9507972.yaml
coreruleset · Jun 26, 2024 · 2cb0726 · 2cb0726
1 parent 78c21af
commit 2cb0726
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
@@ -1045,6 +1045,22 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
     ctl:ruleRemoveTargetById=953100;RESPONSE_BODY,\
     ctl:ruleRemoveTargetById=953101;RESPONSE_BODY"
 
+# Search for plugins
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
+    "id:9507972,\
+    phase:2,\
+    pass,\
+    t:none,\
+    nolog,\
+    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
+    chain"
+    SecRule ARGS:action "@streq search-install-plugins" \
+        "t:none,\
+        chain"
+        SecRule &ARGS:action "@eq 1" \
+            "t:none,\
+            ctl:ruleRemoveTargetById=942360;ARGS:s"
+
 SecMarker "END-WORDPRESS-ADMIN"
 
 

diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507972.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507972.yaml
@@ -0,0 +1,24 @@
+---
+meta:
+  author: "azurit"
+  description: "Wordpress Rule Exclusions Plugin"
+  enabled: true
+  name: 9507972.yaml
+tests:
+  - test_title: 9507972-1
+    desc:
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: "OWASP CRS test agent"
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+            port: 80
+            method: POST
+            version: "HTTP/1.1"
+            uri: /post/wp-admin/admin-ajax.php
+            data: action=search-install-plugins&s=%20Insert%20Headers%20and%20Footers
+          output:
+            no_log_contains: id "942360"