From 2cb0726e13fbd94aa4f691d318e8d4063fe97456 Mon Sep 17 00:00:00 2001 From: azurit Date: Wed, 26 Jun 2024 10:25:16 +0200 Subject: [PATCH] fix: FP when searching for plugins (#48) * Update wordpress-rule-exclusions-before.conf * Create 9507972.yaml --- plugins/wordpress-rule-exclusions-before.conf | 16 +++++++++++++ .../9507972.yaml | 24 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 tests/regression/wordpress-rule-exclusions-plugin/9507972.yaml diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 9c7826e..b185733 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -1045,6 +1045,22 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \ ctl:ruleRemoveTargetById=953100;RESPONSE_BODY,\ ctl:ruleRemoveTargetById=953101;RESPONSE_BODY" +# Search for plugins +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9507972,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'wordpress-rule-exclusions-plugin/1.0.1',\ + chain" + SecRule ARGS:action "@streq search-install-plugins" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=942360;ARGS:s" + SecMarker "END-WORDPRESS-ADMIN" diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507972.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507972.yaml new file mode 100644 index 0000000..72d35b9 --- /dev/null +++ b/tests/regression/wordpress-rule-exclusions-plugin/9507972.yaml @@ -0,0 +1,24 @@ +--- +meta: + author: "azurit" + description: "Wordpress Rule Exclusions Plugin" + enabled: true + name: 9507972.yaml +tests: + - test_title: 9507972-1 + desc: + stages: + - stage: + input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + version: "HTTP/1.1" + uri: /post/wp-admin/admin-ajax.php + data: action=search-install-plugins&s=%20Insert%20Headers%20and%20Footers + output: + no_log_contains: id "942360"