From 9356d7ed2a1c2899b30f83ff6612b77c17406f28 Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Thu, 25 Jul 2024 10:45:22 +1000
Subject: [PATCH] fix: multiple pl-4 false positives (#24)

* fix: multiple pl-4 false positives

* fix: typo
---
 plugins/roundcube-rule-exclusions-before.conf | 60 ++++++++++++++++++-
 .../9519114.yaml                              |  2 +-
 .../9519130.yaml                              |  3 +-
 .../9519150.yaml                              |  3 +-
 .../9519156.yaml                              |  2 +-
 5 files changed, 63 insertions(+), 7 deletions(-)

diff --git a/plugins/roundcube-rule-exclusions-before.conf b/plugins/roundcube-rule-exclusions-before.conf
index 946cfd5..17766a0 100644
--- a/plugins/roundcube-rule-exclusions-before.conf
+++ b/plugins/roundcube-rule-exclusions-before.conf
@@ -183,7 +183,9 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
             ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_framed,\
             ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_task,\
             ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_action,\
+            ctl:ruleRemoveTargetById=920273;ARGS:_to,\
             ctl:ruleRemoveTargetById=942131;ARGS:_to,\
+            ctl:ruleRemoveTargetById=942432;ARGS:_to,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_subject,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_message"
 
@@ -232,12 +234,56 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
     chain"
     SecRule ARGS:_task "@streq addressbook" \
         "t:none,\
-        ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_framed,\
-        ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_task,\
         ctl:ruleRemoveTargetById=931130;ARGS:_website[],\
+        ctl:ruleRemoveTargetById=920273;ARGS:_website[],\
         ctl:ruleRemoveTargetById=931130;ARGS:_search_website,\
+        ctl:ruleRemoveTargetById=920273;ARGS:_im[],\
         ctl:ruleRemoveTargetById=931130;ARGS:_im[],\
-        ctl:ruleRemoveTargetById=931130;ARGS:_search_im"
+        ctl:ruleRemoveTargetById=931130;ARGS:_search_im,\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_country[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_country[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_country[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_email[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_email[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_email[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_im[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_im[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_im[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_locality[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_locality[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_locality[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_phone[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_phone[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_phone[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_region[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_region[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_region[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_street[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_street[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_street[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_subtype_address[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_subtype_address[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_subtype_address[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_subtype_email[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_subtype_email[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_subtype_email[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_subtype_im[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_subtype_im[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_subtype_im[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_subtype_phone[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_subtype_phone[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_subtype_phone[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_subtype_website[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_subtype_website[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_subtype_website[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_website[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_website[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_website[],\
+        ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_zipcode[],\
+        ctl:ruleRemoveTargetById=921220;ARGS_NAMES:_zipcode[],\
+        ctl:ruleRemoveTargetById=942432;ARGS_NAMES:_zipcode[],\
+        ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_framed,\
+        ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_task"
 
 #
 # [ Settings ]
@@ -250,6 +296,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS:_email,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_signature,\
     ver:'roundcube-rule-exclusions-plugin/1.0.2'"
 
@@ -316,6 +363,13 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
         chain"
         SecRule ARGS:_action "@streq plugin.managesieve-vacation" \
             "t:none,\
+            ctl:ruleRemoveTargetById=920273;ARGS:vacation_addresses[],\
+            ctl:ruleRemoveTargetById=920273;ARGS:vacation_datefrom,\
+            ctl:ruleRemoveTargetById=920273;ARGS:vacation_dateto,\
+            ctl:ruleRemoveTargetById=920273;ARGS:vacation_from,\
+            ctl:ruleRemoveTargetById=920273;ARGS_NAMES:vacation_addresses[],\
+            ctl:ruleRemoveTargetById=921220;ARGS_NAMES:vacation_addresses[],\
+            ctl:ruleRemoveTargetById=942432;ARGS_NAMES:vacation_addresses[],\
             ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_action,\
             ctl:ruleRemoveTargetById=921180;TX:paramcounter_ARGS_NAMES:_task,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:vacation_reason,\
diff --git a/tests/regression/roundcube-rule-exclusions-plugin/9519114.yaml b/tests/regression/roundcube-rule-exclusions-plugin/9519114.yaml
index 9b51037..a60c227 100644
--- a/tests/regression/roundcube-rule-exclusions-plugin/9519114.yaml
+++ b/tests/regression/roundcube-rule-exclusions-plugin/9519114.yaml
@@ -24,4 +24,4 @@ tests:
             version: HTTP/1.1
           output:
             no_log_contains: |
-              id "921180"|id "941101"|id "942131"
+              id "920273"|id "921180"|id "941101"|id "942131"|id "942432"
diff --git a/tests/regression/roundcube-rule-exclusions-plugin/9519130.yaml b/tests/regression/roundcube-rule-exclusions-plugin/9519130.yaml
index 4df3933..17bb53a 100644
--- a/tests/regression/roundcube-rule-exclusions-plugin/9519130.yaml
+++ b/tests/regression/roundcube-rule-exclusions-plugin/9519130.yaml
@@ -23,4 +23,5 @@ tests:
               _token=random&_framed=1&_photo=-del-&_task=addressbook&_action=save&_framed=1&_source=0&_gid=0&_search=test&_cid=1test&_prefix=test&_firstname=Test&_middlename=test&_surname=Test&_suffix=test&_name=test&_nickname=test&_organization=test&_department=test&_jobtitle=test&_subtype_email[]=home&_email[]=test&_subtype_phone[]=home&_phone[]=test&_subtype_address[]=home&_street[]=test&_locality[]=test&_zipcode[]=test&_country[]=test&_region[]=test&_subtype_website[]=homepage&_website[]=https://example.com/&_subtype_im[]=aim&_im[]=https://example.com/&_gender=test&_birthday=test&_notes=test
             version: HTTP/1.1
           output:
-            no_log_contains: id "931130"
+            no_log_contains: |
+              id "920273"|id "921180"|id "921220"|id "931130"|id "942432"
diff --git a/tests/regression/roundcube-rule-exclusions-plugin/9519150.yaml b/tests/regression/roundcube-rule-exclusions-plugin/9519150.yaml
index ef6a87e..1626267 100644
--- a/tests/regression/roundcube-rule-exclusions-plugin/9519150.yaml
+++ b/tests/regression/roundcube-rule-exclusions-plugin/9519150.yaml
@@ -23,4 +23,5 @@ tests:
               _token=random&_framed=1&_task=settings&_action=save-identity&_iid=3&_name=&_email=postmaster%40example.com&_organization=&_reply-to=&_bcc=&_standard=1&_signature=%3Cscript%3E
             version: HTTP/1.1
           output:
-            no_log_contains: id "941101"
+            no_log_contains: |
+              id "920273"|id "941101"
diff --git a/tests/regression/roundcube-rule-exclusions-plugin/9519156.yaml b/tests/regression/roundcube-rule-exclusions-plugin/9519156.yaml
index 4dd4345..76bc757 100644
--- a/tests/regression/roundcube-rule-exclusions-plugin/9519156.yaml
+++ b/tests/regression/roundcube-rule-exclusions-plugin/9519156.yaml
@@ -23,4 +23,4 @@ tests:
             version: HTTP/1.1
           output:
             no_log_contains: |
-              id "921180"|id "941101"
+              id "920273"|id "921180"|id "921220"|id "941101"|id "942432"