Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: multiple false positives at pl-4 #10

Merged
merged 3 commits into from
Jul 26, 2024
Merged

fix: multiple false positives at pl-4 #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f192e37
fix: multiple false positives at pl-4
EsadCetiner Jul 25, 2024
3fa78a9
fix: linting errors
EsadCetiner Jul 25, 2024
5d81d60
fix: typos
EsadCetiner Jul 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 96 additions & 54 deletions plugins/sogo-rule-exclusions-before.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ SecRule REQUEST_FILENAME "@streq /SOGo/connect" \
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920273;ARGS:userName,\
ctl:ruleRemoveTargetById=920273;ARGS:json.userName,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.password,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"
Expand All @@ -89,22 +93,36 @@ SecRule REQUEST_FILENAME "@beginsWith /SOGo" \

# Writing or saving an email
# Email content can be anything
# Some rules are disabled for all ARGS since the paramater name keeps on changing
SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Mail/[0-9]/folderDrafts/newDraft[0-9\-]+/(?:send|save)$" \
"id:9520104,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=942131;ARGS:from,\
ctl:ruleRemoveTargetById=942131;ARGS:json.from,\
ctl:ruleRemoveTargetById=942131;ARGS:json.to.array_0,\
ctl:ruleRemoveTargetById=942131;ARGS:to.array_0,\
ctl:ruleRemoveTargetById=920273;ARGS,\
ctl:ruleRemoveTargetById=942131;ARGS,\
ctl:ruleRemoveTargetById=942432;ARGS,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.subject,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.text,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:subject,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:text,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

# Entering an invalid password on login
SecRule REQUEST_FILENAME "@streq /SOGo/so/passwordRecoveryEnabled" \
"id:9520105,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920273;ARGS:userName,\
ctl:ruleRemoveTargetById=920273;ARGS:json.userName,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"
#
# [ SOGo Settings ]
#
Expand All @@ -116,36 +134,39 @@ SecRule REQUEST_FILENAME "@streq /SOGo/so/changePassword" \
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.oldPassword,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.newPassword,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:oldPassword,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newPassword,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

# When changing settings in SOGo
# Some rules are disabled for all ARGS_NAMES or ARGS since the
# paramater keeps on changing and isn't predictable.
SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Preferences/save$" \
"id:9520111,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ctl:ruleRemoveById=921180,\
ctl:ruleRemoveTargetById=920273;ARGS,\
ctl:ruleRemoveTargetById=931130;ARGS,\
ctl:ruleRemoveTargetById=932236;ARGS,\
ctl:ruleRemoveTargetById=942131;ARGS,\
ctl:ruleRemoveTargetById=942432;ARGS,\
ctl:ruleRemoveTargetById=920273;ARGS_NAMES,\
ctl:ruleRemoveTargetById=942432;ARGS_NAMES,\
ctl:ruleRemoveTargetById=920272;ARGS:defaults.SOGoTimeFormat,\
ctl:ruleRemoveTargetById=920273;ARGS:defaults.SOGoTimeFormat,\
ctl:ruleRemoveTargetById=920272;ARGS:defaults.SOGoLongDateFormat,\
ctl:ruleRemoveTargetById=920273;ARGS:defaults.SOGoLongDateFormat,\
ctl:ruleRemoveTargetById=920272;ARGS:defaults.SOGoShortDateFormat,\
ctl:ruleRemoveTargetById=920273;ARGS:defaults.SOGoShortDateFormat,\
ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoTimeFormat,\
ctl:ruleRemoveTargetById=920273;ARGS:json.defaults.SOGoTimeFormat,\
ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoLongDateFormat,\
ctl:ruleRemoveTargetById=920273;ARGS:json.defaults.SOGoLongDateFormat,\
ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoShortDateFormat,\
ctl:ruleRemoveTargetById=920273;ARGS:json.defaults.SOGoShortDateFormat,\
ctl:ruleRemoveTargetById=931130;ARGS,\
ctl:ruleRemoveTargetById=932236;ARGS,\
ctl:ruleRemoveTargetById=942131;ARGS,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

#
Expand All @@ -154,21 +175,20 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Preferences/save$" \

# When creating/modifying contacts
# Adding websites for contacts
# Some rules are disabled for all ARGS since the paramater keeps on changing
SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/[^/]+\.vcf/saveAsContact$" \
"id:9520120,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_0.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_1.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_2.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_3.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_4.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_5.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_6.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.array_7.value,\
ctl:ruleRemoveTargetById=931130;ARGS:urls.urls.value,\
ctl:ruleRemoveTargetById=920273;ARGS,\
ctl:ruleRemoveTargetById=931130;ARGS,\
ctl:ruleRemoveTargetById=942432;ARGS:id,\
ctl:ruleRemoveTargetById=942432;ARGS:json.id,\
ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

# When modifying properties for Addressbook
Expand All @@ -179,8 +199,21 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/save$" \
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920273;ARGS:cardDavURL,\
ctl:ruleRemoveTargetById=931130;ARGS:cardDavURL,\
ctl:ruleRemoveTargetById=942432;ARGS:cardDavURL,\
ctl:ruleRemoveTargetById=920273;ARGS:id,\
ctl:ruleRemoveTargetById=942432;ARGS:id,\
ctl:ruleRemoveTargetById=920273;ARGS:json.cardDavURL,\
ctl:ruleRemoveTargetById=931130;ARGS:json.cardDavURL,\
ctl:ruleRemoveTargetById=942432;ARGS:json.cardDavURL,\
ctl:ruleRemoveTargetById=920273;ARGS:json.id,\
ctl:ruleRemoveTargetById=942432;ARGS:json.id,\
ctl:ruleRemoveTargetById=920273;ARGS:json.owner,\
ctl:ruleRemoveTargetById=920273;ARGS:owner,\
ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

#
Expand All @@ -189,41 +222,21 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/save$" \

# When creating/modifying a calendar task
# Attaching external URLs to a calendar task
SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:saveAsTask|save)$" \
# Some rules are disabled for all ARGS because the paramater keeps on changing
SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:occurence[0-9]+/save|save|saveAsAppointment|saveAsTask)$" \
"id:9520130,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=931130;ARGS:attachUrls.attachUrls.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_0.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_1.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_2.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_3.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_4.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_5.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_6.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_7.value,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

# When creating/modifying a calendar event
# Attaching external URLs to a calendar event
SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:saveAsAppointment|occurence[0-9]+/save)$" \
"id:9520131,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=931130;ARGS:attachUrls.attachUrls.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_0.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_1.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_2.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_2.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_3.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_4.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_5.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_6.value,\
ctl:ruleRemoveTargetById=931130;ARGS:json.attachUrls.array_7.value,\
ctl:ruleRemoveTargetById=920273;ARGS,\
ctl:ruleRemoveTargetById=931130;ARGS,\
ctl:ruleRemoveTargetById=942432;ARGS,\
ctl:ruleRemoveTargetById=920273;ARGS_NAMES:json.$hasAlarm,\
ctl:ruleRemoveTargetById=920273;ARGS_NAMES:$hasAlarm,\
ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

# When modifying properties for Calendars
Expand All @@ -234,16 +247,41 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/save$" \
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920273;ARGS:color,\
ctl:ruleRemoveTargetById=920273;ARGS:json.color,\
ctl:ruleRemoveTargetById=920273;ARGS:json.name,\
ctl:ruleRemoveTargetById=920273;ARGS:json.owner,\
ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webDavICSURL,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webDavICSURL,\
ctl:ruleRemoveTargetById=942432;ARGS:json.urls.webDavICSURL,\
ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webDavXMLURL,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webDavXMLURL,\
ctl:ruleRemoveTargetById=942432;ARGS:json.urls.webDavXMLURL,\
ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webDavURL,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webDavURL,\
ctl:ruleRemoveTargetById=942432;ARGS:json.urls.webDavURL,\
ctl:ruleRemoveTargetById=920273;ARGS:json.urls.calDavURL,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.calDavURL,\
ctl:ruleRemoveTargetById=942432;ARGS:json.urls.calDavURL,\
ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webCalendarURL,\
ctl:ruleRemoveTargetById=931130;ARGS:json.urls.webCalendarURL,\
ctl:ruleRemoveTargetById=920273;ARGS:json.urls.webCalendarURL,\
ctl:ruleRemoveTargetById=920273;ARGS:name,\
ctl:ruleRemoveTargetById=920273;ARGS:owner,\
ctl:ruleRemoveTargetById=920273;ARGS:urls.webDavICSURL,\
ctl:ruleRemoveTargetById=931130;ARGS:urls.webDavICSURL,\
ctl:ruleRemoveTargetById=920273;ARGS:urls.webDavXMLURL,\
ctl:ruleRemoveTargetById=931130;ARGS:urls.webDavXMLURL,\
ctl:ruleRemoveTargetById=942432;ARGS:urls.webDavXMLURL,\
ctl:ruleRemoveTargetById=931130;ARGS:urls.webDavURL,\
ctl:ruleRemoveTargetById=920273;ARGS:urls.calDavURL,\
ctl:ruleRemoveTargetById=931130;ARGS:urls.calDavURL,\
ctl:ruleRemoveTargetById=942432;ARGS:urls.calDavURL,\
ctl:ruleRemoveTargetById=942432;ARGS:urls.webDavICSURL,\
ctl:ruleRemoveTargetById=931130;ARGS:urls.webCalendarURL,\
ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

# When adding a remote web calendar
Expand All @@ -253,8 +291,12 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/addWebCalendar$" \
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=920273;ARGS:json.url,\
ctl:ruleRemoveTargetById=931130;ARGS:json.url,\
ctl:ruleRemoveTargetById=920273;ARGS:url,\
ctl:ruleRemoveTargetById=931130;ARGS:url,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'sogo-rule-exclusions-plugin/1.0.1'"

#
Expand Down
3 changes: 2 additions & 1 deletion tests/regression/sogo-rule-exclusions-plugin/9520101.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,5 @@ tests:
{ "userName": "[email protected]", "password": "<script>", "domain": null, "rememberLogin": 0 }
version: HTTP/1.1
output:
no_log_contains: id "941110"
no_log_contains: |
id "920272"|id "920273"|id "941110"
8 changes: 5 additions & 3 deletions tests/regression/sogo-rule-exclusions-plugin/9520104.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ tests:
{"to":["postmaster <[email protected]>"],"cc":[],"bcc":[],"isHTML":1,"text":"<p>&lt;script&gt;</p>","from":"postmaster <[email protected]>","locale":"en","subject":"<script>"}
version: HTTP/1.1
output:
no_log_contains: id "941110"
no_log_contains: |
id "920273"|id "942131"|id "942432"|id "941110"
- test_title: 9520104-2
desc: Saving an draft email
stages:
Expand All @@ -41,5 +42,6 @@ tests:
data: |
{"to":["postmaster <[email protected]>"],"cc":[],"bcc":[],"isHTML":1,"text":"<p>&lt;script&gt;</p>","from":"postmaster <[email protected]>","locale":"en","subject":"<script>"}
version: HTTP/1.1
output:
no_log_contains: id "941110"
output:
no_log_contains: |
id "920273"|id "942131"|id "942432"|id "941110"
27 changes: 27 additions & 0 deletions tests/regression/sogo-rule-exclusions-plugin/9520105.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
meta:
author: "Esad Cetiner"
description: "SOGo Rule Exclusions Plugin"
enabled: true
name: 9520105.yaml
tests:
- test_title: 9520105-1
desc: Entering an invalid password
stages:
- stage:
input:
dest_addr: 127.0.0.1
headers:
Host: localhost
User-Agent: SOGo rule exclusions plugin
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Content-Type: application/json;charset=UTF-8
port: 80
method: POST
uri: /SOGo/so/passwordRecoveryEnabled
data: |
{"userName":"[email protected]","domain":null}
version: HTTP/1.1
output:
no_log_contains: |
id "920272"|id "920273"
3 changes: 2 additions & 1 deletion tests/regression/sogo-rule-exclusions-plugin/9520110.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,5 @@ tests:
{ "userName":null,"newPassword":"<script>","oldPassword":"<script>" }
version: HTTP/1.1
output:
no_log_contains: id "941110"
no_log_contains: |
id "920272"|id "920273"|id "941110"
2 changes: 1 addition & 1 deletion tests/regression/sogo-rule-exclusions-plugin/9520111.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,4 @@ tests:
version: HTTP/1.1
output:
no_log_contains: |
id "920272"|id "920273"|id "931130"|id "932236"|id "942131"
id "920272"|id "920273"|id "921180"|id "931130"|id "932236"|id "942131"|id "942432"
3 changes: 2 additions & 1 deletion tests/regression/sogo-rule-exclusions-plugin/9520120.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,5 @@ tests:
"addresses":[{"type":"","postoffice":"","street":"","street2":"","locality":"","region":"","country":"","postalcode":""}],"birthday":"" }
version: HTTP/1.1
output:
no_log_contains: id "931130"
no_log_contains: |
id "920272"|id "920273"|id "931130"|id "942432"
3 changes: 2 additions & 1 deletion tests/regression/sogo-rule-exclusions-plugin/9520121.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,5 @@ tests:
"publicCardDavURL":"","cardDavURL":"https://sogo.example.com/SOGo/dav/[email protected]/Contacts/1BE-65E5E580-B-1B22B300/","synchronize":1 }
version: HTTP/1.1
output:
no_log_contains: id "931130"
no_log_contains: |
id "920272"|id "920273|"id "931130"|id "932236"|id "942432"
Loading