From e55cfccb9cbaf3584dc507d7afdd09be0df7796d Mon Sep 17 00:00:00 2001 From: azurit Date: Fri, 1 Mar 2024 12:50:37 +0100 Subject: [PATCH 1/5] Fixing FP --- plugins/wordpress-rule-exclusions-before.conf | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 7f21054..173adce 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -982,8 +982,6 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent" # Opening the plugins page -# The plugin page contains the text "Plugins extend and expand the functionality of WordPress. -# 953101 is matching "the function" SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \ "id:9507971,\ phase:4,\ @@ -991,11 +989,9 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \ t:none,\ nolog,\ ver:'wordpress-rule-exclusions-plugin/1.0.1',\ - chain" - SecRule RESPONSE_BODY "@contains plugins extend and expand the functionality of wordpress." \ - "t:none,\ - t:lowercase,\ - ctl:ruleRemoveById=953101" + ctl:ruleRemoveTargetById=951240;RESPONSE_BODY,\ + ctl:ruleRemoveTargetById=953100;RESPONSE_BODY,\ + ctl:ruleRemoveTargetById=953101;RESPONSE_BODY" SecMarker "END-WORDPRESS-ADMIN" From 09d309ec404241acccc43d32d0411734a9a0d404 Mon Sep 17 00:00:00 2001 From: azurit Date: Fri, 1 Mar 2024 16:14:33 +0100 Subject: [PATCH 2/5] Update plugins/wordpress-rule-exclusions-before.conf Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com> --- plugins/wordpress-rule-exclusions-before.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 173adce..9b44a2d 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -984,7 +984,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ # Opening the plugins page SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \ "id:9507971,\ - phase:4,\ + phase:1,\ pass,\ t:none,\ nolog,\ From 59058e6d02a2150a103505f0e095685c17a3d35d Mon Sep 17 00:00:00 2001 From: azurit Date: Fri, 1 Mar 2024 16:19:36 +0100 Subject: [PATCH 3/5] Tests --- .../9507971.yaml | 34 ++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml index 7931afb..3b0d8b5 100644 --- a/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml +++ b/tests/regression/wordpress-rule-exclusions-plugin/9507971.yaml @@ -1,6 +1,6 @@ --- meta: - author: "Esad Cetiner" + author: "Esad Cetiner, azurit" description: "Wordpress Rule Exclusions Plugin" enabled: true name: 9507971.yaml @@ -37,3 +37,35 @@ tests: data: "plugins extend and expand the functionality of wordpress" output: no_log_contains: id "953101" + - test_title: 9507971-3 + desc: Disable 953100 + stages: + - stage: + input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: OWASP CRS + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: GET + uri: /wp-admin/plugin-install.php + data: "Fixed: Call to a member function get_meta() on null error on WooCommerce order received page" + output: + no_log_contains: id "953100" + - test_title: 9507971-4 + desc: Disable 951240 + stages: + - stage: + input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: OWASP CRS + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: GET + uri: /wp-admin/plugin-install.php + data: "warnings

\x0a

=1.9=
\x0a* [Added] Donation link because I’m poor
\x0a* [Removed] errors and deprecating warnings

\x0a

=1.8.1=
\x0a* [Updated] Renamed function from ‚my_profile_update‘ to ‚apg_profile_update‘" + output: + no_log_contains: id "951240" From 0d52589c51d5ce16da02bf8a5542b3bfafd0ae49 Mon Sep 17 00:00:00 2001 From: azurit Date: Fri, 1 Mar 2024 16:22:46 +0100 Subject: [PATCH 4/5] Adding comment. --- plugins/wordpress-rule-exclusions-before.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 9b44a2d..12310cc 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -982,6 +982,8 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent" # Opening the plugins page +# Exclusion of rule 951240 together with test 9507971-4 can be remove after we drop +# support for CRS 3. SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \ "id:9507971,\ phase:1,\ From 2935654e230b377d5bac4073e105abc827d1ca47 Mon Sep 17 00:00:00 2001 From: azurit Date: Fri, 1 Mar 2024 16:57:34 +0100 Subject: [PATCH 5/5] Update plugins/wordpress-rule-exclusions-before.conf Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com> --- plugins/wordpress-rule-exclusions-before.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 12310cc..3ff99ea 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -982,7 +982,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent" # Opening the plugins page -# Exclusion of rule 951240 together with test 9507971-4 can be remove after we drop +# Exclusion of rule 951240 together with test 9507971-4 can be removed after we drop # support for CRS 3. SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \ "id:9507971,\