From 49e890698b35291509c2aca3be3e80ea3af2738d Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Mon, 4 Nov 2024 22:50:46 +1100
Subject: [PATCH] fix: false positive with response rule when opening mail
 inbox (#12)

---
 plugins/sogo-rule-exclusions-before.conf      | 13 ++++++++++
 .../sogo-rule-exclusions-plugin/9520106.yaml  | 24 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 tests/regression/sogo-rule-exclusions-plugin/9520106.yaml

diff --git a/plugins/sogo-rule-exclusions-before.conf b/plugins/sogo-rule-exclusions-before.conf
index bf9e045..a0cdbcb 100644
--- a/plugins/sogo-rule-exclusions-before.conf
+++ b/plugins/sogo-rule-exclusions-before.conf
@@ -123,6 +123,19 @@ SecRule REQUEST_FILENAME "@streq /SOGo/so/passwordRecoveryEnabled" \
     ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
     ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
+
+# Viewing mail inbox
+# SOGo is written in Objective-C and not PHP, disabling PHP
+# response rules is perfectly safe.
+SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Mail/view$" \
+    "id:9520106,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    ctl:ruleRemoveById=953100,\
+    ver:'sogo-rule-exclusions-plugin/1.0.1'"
+
 #
 # [ SOGo Settings ]
 #
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520106.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520106.yaml
new file mode 100644
index 0000000..b00f792
--- /dev/null
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520106.yaml
@@ -0,0 +1,24 @@
+---
+meta:
+  author: "Esad Cetiner"
+  description: "SOGo Rule Exclusions Plugin"
+  enabled: true
+  name: 9520106.yaml
+tests:
+  - test_title: 9520106-1
+    desc: Viewing mail inbox
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: SOGo rule exclusions plugin
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+            port: 80
+            method: GET
+            uri: /SOGo/so/email@example.com/Mail/view
+            data: Error reading the certificate. Please install a new certificate.
+            version: HTTP/1.1
+          output:
+            no_log_contains: id "953100"