From f192e37b8a821e5b5826c088fb178feb70f74f5e Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Fri, 26 Jul 2024 09:52:54 +1000
Subject: [PATCH 1/3] fix: multiple false positives at pl-4

---
 plugins/sogo-rule-exclusions-before.conf      | 150 +++++++++++-------
 .../sogo-rule-exclusions-plugin/9520101.yaml  |   3 +-
 .../sogo-rule-exclusions-plugin/9520104.yaml  |   8 +-
 .../sogo-rule-exclusions-plugin/9520105.yaml  |  27 ++++
 .../sogo-rule-exclusions-plugin/9520110.yaml  |   3 +-
 .../sogo-rule-exclusions-plugin/9520111.yaml  |   2 +-
 .../sogo-rule-exclusions-plugin/9520120.yaml  |   3 +-
 .../sogo-rule-exclusions-plugin/9520121.yaml  |   3 +-
 .../sogo-rule-exclusions-plugin/9520130.yaml  |  56 ++++++-
 .../sogo-rule-exclusions-plugin/9520131.yaml  |  55 -------
 .../sogo-rule-exclusions-plugin/9520132.yaml  |   3 +-
 .../sogo-rule-exclusions-plugin/9520133.yaml  |   3 +-
 12 files changed, 195 insertions(+), 121 deletions(-)
 create mode 100644 tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
 delete mode 100644 tests/regression/sogo-rule-exclusions-plugin/9520131.yaml

diff --git a/plugins/sogo-rule-exclusions-before.conf b/plugins/sogo-rule-exclusions-before.conf
index 8420a80..f36c9e7 100644
--- a/plugins/sogo-rule-exclusions-before.conf
+++ b/plugins/sogo-rule-exclusions-before.conf
@@ -63,6 +63,10 @@ SecRule REQUEST_FILENAME "@streq /SOGo/connect" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS:userName,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.userName,\
+    ctl:ruleREmoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleREmoveTargetById=920273;REQUEST_BODY,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.password,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
@@ -89,22 +93,36 @@ SecRule REQUEST_FILENAME "@beginsWith /SOGo" \
 
 # Writing or saving an email
 # Email content can be anything
+# Some rules are disabled for all ARGS since the paramater name keeps on changing
 SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Mail/[0-9]/folderDrafts/newDraft[0-9\-]+/(?:send|save)$" \
     "id:9520104,\
     phase:1,\
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveTargetById=942131;ARGS:from,\
-    ctl:ruleRemoveTargetById=942131;ARGS:json.from,\
-    ctl:ruleRemoveTargetById=942131;ARGS:json.to.array_0,\
-    ctl:ruleRemoveTargetById=942131;ARGS:to.array_0,\
+    ctl:ruleRemoveTargetById=920273;ARGS,\
+    ctl:ruleRemoveTargetById=942131;ARGS,\
+    ctl:ruleRemoveTargetById=942432;ARGS,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.subject,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.text,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:subject,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:text,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
+# Entering an invalid password on login
+SecRule REQUEST_FILENAME "@streq /SOGo/so/passwordRecoveryEnabled" \
+    "id:9520105,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS:userName,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.userName,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
+    ver:'sogo-rule-exclusions-plugin/1.0.1'"
 #
 # [ SOGo Settings ]
 #
@@ -116,6 +134,8 @@ SecRule REQUEST_FILENAME "@streq /SOGo/so/changePassword" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.oldPassword,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.newPassword,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:oldPassword,\
@@ -123,29 +143,30 @@ SecRule REQUEST_FILENAME "@streq /SOGo/so/changePassword" \
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 # When changing settings in SOGo
+# Some rules are disabled for all ARGS_NAMES or ARGS since the
+# paramater keeps on changing and isn't predictable.
 SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Preferences/save$" \
     "id:9520111,\
     phase:1,\
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
-    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
+    ctl:ruleRemoveById=921180,\
+    ctl:ruleRemoveTargetById=920273;ARGS,\
+    ctl:ruleRemoveTargetById=931130;ARGS,\
+    ctl:ruleRemoveTargetById=932236;ARGS,\
+    ctl:ruleRemoveTargetById=942131;ARGS,\
+    ctl:ruleRemoveTargetById=942432;ARGS,\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES,\
+    ctl:ruleRemoveTargetById=942432;ARGS_NAMES,\
     ctl:ruleRemoveTargetById=920272;ARGS:defaults.SOGoTimeFormat,\
-    ctl:ruleRemoveTargetById=920273;ARGS:defaults.SOGoTimeFormat,\
     ctl:ruleRemoveTargetById=920272;ARGS:defaults.SOGoLongDateFormat,\
-    ctl:ruleRemoveTargetById=920273;ARGS:defaults.SOGoLongDateFormat,\
     ctl:ruleRemoveTargetById=920272;ARGS:defaults.SOGoShortDateFormat,\
-    ctl:ruleRemoveTargetById=920273;ARGS:defaults.SOGoShortDateFormat,\
     ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoTimeFormat,\
-    ctl:ruleRemoveTargetById=920273;ARGS:json.defaults.SOGoTimeFormat,\
     ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoLongDateFormat,\
-    ctl:ruleRemoveTargetById=920273;ARGS:json.defaults.SOGoLongDateFormat,\
     ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoShortDateFormat,\
-    ctl:ruleRemoveTargetById=920273;ARGS:json.defaults.SOGoShortDateFormat,\
-    ctl:ruleRemoveTargetById=931130;ARGS,\
-    ctl:ruleRemoveTargetById=932236;ARGS,\
-    ctl:ruleRemoveTargetById=942131;ARGS,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 #
@@ -154,21 +175,20 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Preferences/save$" \
 
 # When creating/modifying contacts
 # Adding websites for contacts
+# Some rules are disabled for all ARGS since the paramater keeps on changing
 SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/[^/]+\.vcf/saveAsContact$" \
     "id:9520120,\
     phase:1,\
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_0.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_1.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_2.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_3.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_4.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_5.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_6.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_7.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:urls.urls.value,\
+    ctl:ruleRemoveTargetById=920273;ARGS,\
+    ctl:ruleRemoveTargetById=931130;ARGS,\
+    ctl:ruleRemoveTargetById=942432;ARGS:id,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.id,\
+    ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 # When modifying properties for Addressbook
@@ -179,8 +199,21 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/save$" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS:cardDavURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:cardDavURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:cardDavURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:id,\
+    ctl:ruleRemoveTargetById=942432;ARGS:id,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.cardDavURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.cardDavURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.cardDavURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.id,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.id,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.owner,\
+    ctl:ruleRemoveTargetById=920273;ARGS:owner,\
+    ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 #
@@ -189,41 +222,21 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/save$" \
 
 # When creating/modifying a calendar task
 # Attaching external URLs to a calendar task
-SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:saveAsTask|save)$" \
+# Some rules are disabled for all ARGS because the paramater keeps on changing
+SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:occurence[0-9]+/save|save|saveAsAppointment|saveAsTask)$" \
     "id:9520130,\
     phase:1,\
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveTargetById=931130;ARGS:attachUrls.attachUrls.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_0.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_1.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_2.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_3.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_4.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_5.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_6.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_7.value,\
-    ver:'sogo-rule-exclusions-plugin/1.0.1'"
-
-# When creating/modifying a calendar event
-# Attaching external URLs to a calendar event
-SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:saveAsAppointment|occurence[0-9]+/save)$" \
-    "id:9520131,\
-    phase:1,\
-    pass,\
-    t:none,\
-    nolog,\
-    ctl:ruleRemoveTargetById=931130;ARGS:attachUrls.attachUrls.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_0.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_1.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_2.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_2.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_3.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_4.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_5.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_6.value,\
-    ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_7.value,\
+    ctl:ruleRemoveTargetById=920273;ARGS,\
+    ctl:ruleRemoveTargetById=931130;ARGS,\
+    ctl:ruleRemoveTargetById=942432;ARGS,\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:json.$hasAlarm,\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:$hasAlarm,\
+    ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 # When modifying properties for Calendars
@@ -234,16 +247,41 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/save$" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS:color,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.color,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.name,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.owner,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webDavICSURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webDavICSURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.urls.webDavICSURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webDavXMLURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webDavXMLURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.urls.webDavXMLURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webDavURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webDavURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.urls.webDavURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.urls.calDavURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.urls.calDavURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.urls.calDavURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webCalendarURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webCalendarURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webCalendarURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:name,\
+    ctl:ruleRemoveTargetById=920273;ARGS:owner,\
+    ctl:ruleRemoveTargetById=920273;ARGS:urls.webDavICSURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:urls.webDavICSURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:urls.webDavXMLURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:urls.webDavXMLURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:urls.webDavXMLURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:urls.webDavURL,\
+    ctl:ruleRemoveTargetById=920273;ARGS:urls.calDavURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:urls.calDavURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:urls.calDavURL,\
+    ctl:ruleRemoveTargetById=942432;ARGS:urls.webDavICSURL,\
     ctl:ruleRemoveTargetById=931130;ARGS:urls.webCalendarURL,\
+    ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 # When adding a remote web calendar
@@ -253,8 +291,12 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/addWebCalendar$" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.url,\
     ctl:ruleRemoveTargetById=931130;ARGS:json.url,\
+    ctl:ruleRemoveTargetById=920273;ARGS:url,\
     ctl:ruleRemoveTargetById=931130;ARGS:url,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"
 
 #
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520101.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520101.yaml
index b9e87b0..f1e95b5 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520101.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520101.yaml
@@ -23,4 +23,5 @@ tests:
               { "userName": "postmaster@example.com", "password": "<script>", "domain": null, "rememberLogin": 0 }
             version: HTTP/1.1
           output:
-            no_log_contains: id "941110"
+            no_log_contains: |
+              id "920272"|id "920273"|id "941110"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520104.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520104.yaml
index b7d461b..027cf1a 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520104.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520104.yaml
@@ -23,7 +23,8 @@ tests:
               {"to":["postmaster  <postmaster@example.com>"],"cc":[],"bcc":[],"isHTML":1,"text":"<p>&lt;script&gt;</p>","from":"postmaster <postmaster@example.com>","locale":"en","subject":"<script>"}
             version: HTTP/1.1
           output:
-            no_log_contains: id "941110"
+            no_log_contains: |
+              id "920273"|id "942131"|id "942432"|id "941110"
   - test_title: 9520104-2
     desc: Saving an draft email
     stages:
@@ -41,5 +42,6 @@ tests:
             data: |
               {"to":["postmaster  <postmaster@example.com>"],"cc":[],"bcc":[],"isHTML":1,"text":"<p>&lt;script&gt;</p>","from":"postmaster <postmaster@example.com>","locale":"en","subject":"<script>"}
             version: HTTP/1.1
-            output:
-            no_log_contains: id "941110"
+          output:
+            no_log_contains: |
+              id "920273"|id "942131"|id "942432"|id "941110"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
new file mode 100644
index 0000000..13a05a8
--- /dev/null
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
@@ -0,0 +1,27 @@
+---
+meta:
+  author: "Esad Cetiner"
+  description: "SOGo Rule Exclusions Plugin"
+  enabled: true
+  name: 9520105.yaml
+tests:
+  - test_title: 9520105-1
+    desc: Entering an invalid password
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: SOGo rule exclusions plugin
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: application/json;charset=UTF-8
+            port: 80
+            method: POST
+            uri: /SOGo/so/passwordRecoveryEnabled
+            data: |
+              {"userName":"postmaster@example.com","domain":null}
+            version: HTTP/1.1
+          output:
+            no_log_contains: |
+              id "920272"|id "920273"
\ No newline at end of file
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520110.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520110.yaml
index 397fb18..ee68356 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520110.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520110.yaml
@@ -23,4 +23,5 @@ tests:
               { "userName":null,"newPassword":"<script>","oldPassword":"<script>" }
             version: HTTP/1.1
           output:
-            no_log_contains: id "941110"
+            no_log_contains: |
+              id "920272"|id "920273"|id "941110"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520111.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520111.yaml
index d2770a6..1cfc95a 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520111.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520111.yaml
@@ -47,4 +47,4 @@ tests:
             version: HTTP/1.1
             output:
               no_log_contains: |
-                id "920272"|id "920273"|id "931130"|id "932236"|id "942131"
+                id "920272"|id "920273"|id "921180"|id "931130"|id "932236"|id "942131"|id "942432"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520120.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520120.yaml
index 24f6360..820fa5f 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520120.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520120.yaml
@@ -25,4 +25,5 @@ tests:
               "addresses":[{"type":"","postoffice":"","street":"","street2":"","locality":"","region":"","country":"","postalcode":""}],"birthday":"" }
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: |
+              id "920272"|id "920273"|id "931130"|id "942432"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520121.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520121.yaml
index 055bb97..00051fd 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520121.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520121.yaml
@@ -24,4 +24,5 @@ tests:
               "publicCardDavURL":"","cardDavURL":"https://sogo.example.com/SOGo/dav/postmaster@example.com/Contacts/1BE-65E5E580-B-1B22B300/","synchronize":1 }
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: |
+              id "920272"|id "920273|"id "931130"|id "932236"|id "942432"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml
index 33ae789..fe634ff 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml
@@ -27,7 +27,8 @@ tests:
               "location":"test","startDate":"2024-03-05","startTime":"02:30","endDate":"","endTime":"","dueTime":"02:30","completedDate":"2024-03-05"}
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: 
+              id "920273"|id "931130"|id "932236"|id "942432"
   - test_title: 9520130-2
     desc: Modifying an existing Calendar task
     stages:
@@ -51,4 +52,55 @@ tests:
               "$hasAlarm":false,"destinationCalendar":"personal","selected":false,"startTime":"02:30","endDate":"","endTime":"","dueTime":"02:30","completedDate":"2024-03-05"}
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: 
+              id "920273"|id "931130"|id "932236"|id "942432"
+  - test_title: 9520130-3
+    desc: Modifying an existing Calendar event
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: SOGo rule exclusions plugin
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: application/json;charset=UTF-8
+            port: 80
+            method: POST
+            uri: /SOGo/so/user@example.com/Calendar/mycalendar/calendar.ics/occurence42/save
+            data: |
+              {"categories":[],"repeat":{"frequency":"daily"},"alarm":{},"delta":60,"calendar":"Personal Calendar","location":"test","component":"vevent",
+              "endDate":"2024-03-06","isTransparent":1,"id":"1C0-65E5E880-17-2141CA00.ics","priority":4,"localizedEndDate":"Wednesday, March 06, 2024",
+              "localizedStartTime":"02:30","localizedEndTime":"03:30","sendAppointmentNotifications":1,"isErasable":1,"attachUrls":[{"value":"https://example.com/"}],
+              "comment":"test","userHasRSVP":0,"startDate":"2024-03-06","isAllDay":0,"localizedStartDate":"Wednesday, March 06, 2024","summary":"test",
+              "classification":"public","occurrenceId":"occurence1709710200","isEditable":1,"pid":"personal","type":"appointment","start":"2024-03-05T15:30:00.000Z",
+              "end":"2024-03-05T16:30:00.000Z","$hasAlarm":false,"destinationCalendar":"personal","selected":false,"delegatedTo":"","startTime":"02:30","endTime":"03:30",
+              "dueDate":"","dueTime":"","completedDate":""}
+            version: HTTP/1.1
+          output:
+            no_log_contains: 
+              id "920273"|id "931130"|id "932236"|id "942432"
+  - test_title: 9520130-4
+    desc: Creating an calendar event
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: SOGo rule exclusions plugin
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: application/json;charset=UTF-8
+            port: 80
+            method: POST
+            uri: /SOGo/so/user@example.com/Calendar/mycalendar/calendar.ics/saveAsAppointment
+            data: |
+              {"categories":[],"alarm":{},"delta":60,"pid":"personal","type":"appointment","start":"2024-03-04T15:15:00.000Z","end":"2024-03-04T16:15:00.000Z",
+              "$hasAlarm":false,"classification":"public","destinationCalendar":"personal","selected":false,"isNew":true,"id":"1C0-65E5E680-B-2141CA00.ics",
+              "sendAppointmentNotifications":1,"summary":"Stuff","location":"Somewhere","comment":"Come to somewhere, it's going to be awesome!","priority":2,
+              "isAllDay":1,"attachUrls":[{"value":"https://example.com/"}],"startDate":"2024-03-05","startTime":"02:15","endDate":"2024-03-05","endTime":"03:15",
+              "dueDate":"","dueTime":"","completedDate":""}
+            version: HTTP/1.1
+          output:
+            no_log_contains: 
+              id "920273"|id "931130"|id "932236"|id "942432"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520131.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520131.yaml
deleted file mode 100644
index fea00a7..0000000
--- a/tests/regression/sogo-rule-exclusions-plugin/9520131.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-meta:
-  author: "Esad Cetiner"
-  description: "SOGo Rule Exclusions Plugin"
-  enabled: true
-  name: 9520131.yaml
-tests:
-  - test_title: 9520131-1
-    desc: Modifying an existing Calendar event
-    stages:
-      - stage:
-          input:
-            dest_addr: 127.0.0.1
-            headers:
-              Host: localhost
-              User-Agent: SOGo rule exclusions plugin
-              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-              Content-Type: application/json;charset=UTF-8
-            port: 80
-            method: POST
-            uri: /SOGo/so/user@example.com/Calendar/mycalendar/calendar.ics/occurence42/save
-            data: |
-              {"categories":[],"repeat":{"frequency":"daily"},"alarm":{},"delta":60,"calendar":"Personal Calendar","location":"test","component":"vevent",
-              "endDate":"2024-03-06","isTransparent":1,"id":"1C0-65E5E880-17-2141CA00.ics","priority":4,"localizedEndDate":"Wednesday, March 06, 2024",
-              "localizedStartTime":"02:30","localizedEndTime":"03:30","sendAppointmentNotifications":1,"isErasable":1,"attachUrls":[{"value":"https://example.com/"}],
-              "comment":"test","userHasRSVP":0,"startDate":"2024-03-06","isAllDay":0,"localizedStartDate":"Wednesday, March 06, 2024","summary":"test",
-              "classification":"public","occurrenceId":"occurence1709710200","isEditable":1,"pid":"personal","type":"appointment","start":"2024-03-05T15:30:00.000Z",
-              "end":"2024-03-05T16:30:00.000Z","$hasAlarm":false,"destinationCalendar":"personal","selected":false,"delegatedTo":"","startTime":"02:30","endTime":"03:30",
-              "dueDate":"","dueTime":"","completedDate":""}
-            version: HTTP/1.1
-          output:
-            no_log_contains: id "931130"
-  - test_title: 9520131-2
-    desc: Creating an calendar event
-    stages:
-      - stage:
-          input:
-            dest_addr: 127.0.0.1
-            headers:
-              Host: localhost
-              User-Agent: SOGo rule exclusions plugin
-              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-              Content-Type: application/json;charset=UTF-8
-            port: 80
-            method: POST
-            uri: /SOGo/so/user@example.com/Calendar/mycalendar/calendar.ics/saveAsAppointment
-            data: |
-              {"categories":[],"alarm":{},"delta":60,"pid":"personal","type":"appointment","start":"2024-03-04T15:15:00.000Z","end":"2024-03-04T16:15:00.000Z",
-              "$hasAlarm":false,"classification":"public","destinationCalendar":"personal","selected":false,"isNew":true,"id":"1C0-65E5E680-B-2141CA00.ics",
-              "sendAppointmentNotifications":1,"summary":"Stuff","location":"Somewhere","comment":"Come to somewhere, it's going to be awesome!","priority":2,
-              "isAllDay":1,"attachUrls":[{"value":"https://example.com/"}],"startDate":"2024-03-05","startTime":"02:15","endDate":"2024-03-05","endTime":"03:15",
-              "dueDate":"","dueTime":"","completedDate":""}
-            version: HTTP/1.1
-          output:
-            no_log_contains: id "931130"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml
index f340524..e6bc319 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml
@@ -29,4 +29,5 @@ tests:
               "acls":{"objectEraser":1,"objectCreator":1},"isOwned":true,"isSubscription":false}
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: |
+            id "920272"|id "920273"|id "931130"|id "942432"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520133.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520133.yaml
index 8f73d73..4b23ebf 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520133.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520133.yaml
@@ -23,4 +23,5 @@ tests:
               {"url":"https://example.com/"}
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: |
+              id "920272"|id "920273"|id "931130"

From 3fa78a99bf06fd7871280a5d768ec11e47f163d5 Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Fri, 26 Jul 2024 09:55:10 +1000
Subject: [PATCH 2/3] fix: linting errors

---
 tests/regression/sogo-rule-exclusions-plugin/9520105.yaml | 2 +-
 tests/regression/sogo-rule-exclusions-plugin/9520130.yaml | 8 ++++----
 tests/regression/sogo-rule-exclusions-plugin/9520132.yaml | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
index 13a05a8..90c58a9 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
@@ -24,4 +24,4 @@ tests:
             version: HTTP/1.1
           output:
             no_log_contains: |
-              id "920272"|id "920273"
\ No newline at end of file
+              id "920272"|id "920273"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml
index fe634ff..72d734c 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520130.yaml
@@ -27,7 +27,7 @@ tests:
               "location":"test","startDate":"2024-03-05","startTime":"02:30","endDate":"","endTime":"","dueTime":"02:30","completedDate":"2024-03-05"}
             version: HTTP/1.1
           output:
-            no_log_contains: 
+            no_log_contains: |
               id "920273"|id "931130"|id "932236"|id "942432"
   - test_title: 9520130-2
     desc: Modifying an existing Calendar task
@@ -52,7 +52,7 @@ tests:
               "$hasAlarm":false,"destinationCalendar":"personal","selected":false,"startTime":"02:30","endDate":"","endTime":"","dueTime":"02:30","completedDate":"2024-03-05"}
             version: HTTP/1.1
           output:
-            no_log_contains: 
+            no_log_contains: |
               id "920273"|id "931130"|id "932236"|id "942432"
   - test_title: 9520130-3
     desc: Modifying an existing Calendar event
@@ -78,7 +78,7 @@ tests:
               "dueDate":"","dueTime":"","completedDate":""}
             version: HTTP/1.1
           output:
-            no_log_contains: 
+            no_log_contains: |
               id "920273"|id "931130"|id "932236"|id "942432"
   - test_title: 9520130-4
     desc: Creating an calendar event
@@ -102,5 +102,5 @@ tests:
               "dueDate":"","dueTime":"","completedDate":""}
             version: HTTP/1.1
           output:
-            no_log_contains: 
+            no_log_contains: |
               id "920273"|id "931130"|id "932236"|id "942432"
diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml
index e6bc319..1b0eca2 100644
--- a/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml
+++ b/tests/regression/sogo-rule-exclusions-plugin/9520132.yaml
@@ -30,4 +30,4 @@ tests:
             version: HTTP/1.1
           output:
             no_log_contains: |
-            id "920272"|id "920273"|id "931130"|id "942432"
+              id "920272"|id "920273"|id "931130"|id "942432"

From 5d81d60c1ff7075599ebddf05e95514b136c9a2d Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Fri, 26 Jul 2024 10:03:19 +1000
Subject: [PATCH 3/3] fix: typos

---
 plugins/sogo-rule-exclusions-before.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/sogo-rule-exclusions-before.conf b/plugins/sogo-rule-exclusions-before.conf
index f36c9e7..bf9e045 100644
--- a/plugins/sogo-rule-exclusions-before.conf
+++ b/plugins/sogo-rule-exclusions-before.conf
@@ -65,8 +65,8 @@ SecRule REQUEST_FILENAME "@streq /SOGo/connect" \
     nolog,\
     ctl:ruleRemoveTargetById=920273;ARGS:userName,\
     ctl:ruleRemoveTargetById=920273;ARGS:json.userName,\
-    ctl:ruleREmoveTargetById=920272;REQUEST_BODY,\
-    ctl:ruleREmoveTargetById=920273;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.password,\
     ver:'sogo-rule-exclusions-plugin/1.0.1'"