From e55cfccb9cbaf3584dc507d7afdd09be0df7796d Mon Sep 17 00:00:00 2001
From: azurit
Date: Fri, 1 Mar 2024 12:50:37 +0100
Subject: [PATCH 1/5] Fixing FP
---
plugins/wordpress-rule-exclusions-before.conf | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 7f21054..173adce 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -982,8 +982,6 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent"
# Opening the plugins page
-# The plugin page contains the text "Plugins extend and expand the functionality of WordPress.
-# 953101 is matching "the function"
SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
"id:9507971,\
phase:4,\
@@ -991,11 +989,9 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
t:none,\
nolog,\
ver:'wordpress-rule-exclusions-plugin/1.0.1',\
- chain"
- SecRule RESPONSE_BODY "@contains plugins extend and expand the functionality of wordpress." \
- "t:none,\
- t:lowercase,\
- ctl:ruleRemoveById=953101"
+ ctl:ruleRemoveTargetById=951240;RESPONSE_BODY,\
+ ctl:ruleRemoveTargetById=953100;RESPONSE_BODY,\
+ ctl:ruleRemoveTargetById=953101;RESPONSE_BODY"
SecMarker "END-WORDPRESS-ADMIN"
From 09d309ec404241acccc43d32d0411734a9a0d404 Mon Sep 17 00:00:00 2001
From: azurit
Date: Fri, 1 Mar 2024 16:14:33 +0100
Subject: [PATCH 2/5] Update plugins/wordpress-rule-exclusions-before.conf
Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
---
plugins/wordpress-rule-exclusions-before.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 173adce..9b44a2d 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -984,7 +984,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
# Opening the plugins page
SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
"id:9507971,\
- phase:4,\
+ phase:1,\
pass,\
t:none,\
nolog,\
From 59058e6d02a2150a103505f0e095685c17a3d35d Mon Sep 17 00:00:00 2001
From: azurit
Date: Fri, 1 Mar 2024 16:19:36 +0100
Subject: [PATCH 3/5] Tests
---
.../9507971.yaml | 34 ++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml
index 7931afb..3b0d8b5 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml
@@ -1,6 +1,6 @@
---
meta:
- author: "Esad Cetiner"
+ author: "Esad Cetiner, azurit"
description: "Wordpress Rule Exclusions Plugin"
enabled: true
name: 9507971.yaml
@@ -37,3 +37,35 @@ tests:
data: "plugins extend and expand the functionality of wordpress"
output:
no_log_contains: id "953101"
+ - test_title: 9507971-3
+ desc: Disable 953100
+ stages:
+ - stage:
+ input:
+ dest_addr: 127.0.0.1
+ headers:
+ Host: localhost
+ User-Agent: OWASP CRS
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ port: 80
+ method: GET
+ uri: /wp-admin/plugin-install.php
+ data: "Fixed: Call to a member function get_meta() on null error on WooCommerce order received page"
+ output:
+ no_log_contains: id "953100"
+ - test_title: 9507971-4
+ desc: Disable 951240
+ stages:
+ - stage:
+ input:
+ dest_addr: 127.0.0.1
+ headers:
+ Host: localhost
+ User-Agent: OWASP CRS
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ port: 80
+ method: GET
+ uri: /wp-admin/plugin-install.php
+ data: "warnings
\x0a=1.9=
\x0a* [Added] Donation link because I’m poor
\x0a* [Removed] errors and deprecating warnings
\x0a=1.8.1=
\x0a* [Updated] Renamed function from ‚my_profile_update‘ to ‚apg_profile_update‘"
+ output:
+ no_log_contains: id "951240"
From 0d52589c51d5ce16da02bf8a5542b3bfafd0ae49 Mon Sep 17 00:00:00 2001
From: azurit
Date: Fri, 1 Mar 2024 16:22:46 +0100
Subject: [PATCH 4/5] Adding comment.
---
plugins/wordpress-rule-exclusions-before.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 9b44a2d..12310cc 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -982,6 +982,8 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent"
# Opening the plugins page
+# Exclusion of rule 951240 together with test 9507971-4 can be remove after we drop
+# support for CRS 3.
SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
"id:9507971,\
phase:1,\
From 2935654e230b377d5bac4073e105abc827d1ca47 Mon Sep 17 00:00:00 2001
From: azurit
Date: Fri, 1 Mar 2024 16:57:34 +0100
Subject: [PATCH 5/5] Update plugins/wordpress-rule-exclusions-before.conf
Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
---
plugins/wordpress-rule-exclusions-before.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 12310cc..3ff99ea 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -982,7 +982,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent"
# Opening the plugins page
-# Exclusion of rule 951240 together with test 9507971-4 can be remove after we drop
+# Exclusion of rule 951240 together with test 9507971-4 can be removed after we drop
# support for CRS 3.
SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
"id:9507971,\