fix: pl-2 cookie FP

EsadCetiner · Mar 5, 2024 · e25b740 · e25b740
1 parent bee2d48
commit e25b740
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 4 deletions.
diff --git a/plugins/sogo-rule-exclusions-before.conf b/plugins/sogo-rule-exclusions-before.conf
@@ -49,7 +49,10 @@ SecRule REQUEST_FILENAME "@beginsWith /SOGo/" \
     t:none,\
     nolog,\
     ctl:ruleRemoveTargetById=920272;REQUEST_HEADERS:cookie,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_HEADERS:cookie,\
+    ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:XSRF-TOKEN,\
     ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:XSRF-TOKEN,\
+    ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:0xHIGHFLYxSOGo,\
     ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:0xHIGHFLYxSOGo,\
     ver:'sogo-rule-exclusions-plugin/1.0.0'"
 

diff --git a/tests/regression/sogo-rule-exclusions-plugin/9520100.yaml b/tests/regression/sogo-rule-exclusions-plugin/9520100.yaml
@@ -6,7 +6,7 @@ meta:
   name: 9520100.yaml
 tests:
   - test_title: 9520100-1
-    desc: Disable 920272 for cookie header
+    desc: Disable 920272 and 920273 for cookie header
     stages:
       - stage:
           input:
@@ -15,12 +15,13 @@ tests:
               Host: localhost
               User-Agent: SOGo rule exclusions plugin
               Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-              cookie: \%
+              cookie: 0xHIGHFLYxSOGo=basic%20NmFxMHZ3UTNMaG5QSmh0ZitFRHNtTVl1SWwxZU5xMz%
             port: 80
             method: POST
             uri: /SOGo/
           output:
-            no_log_contains: id "920272"
+            no_log_contains: |
+              id "(?:920272|920273)"
   - test_title: 9520100-2
     desc: Disable 942450 for XSRF-TOKEN cookie
     stages:
@@ -31,13 +32,29 @@ tests:
               Host: localhost
               User-Agent: SOGo rule exclusions plugin
               Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-              cookie: XSRF-TOKEN=0x0806
+              cookie: XSRF-TOKEN=0x080069f28b16140b7e860c363fb8e777e796a0581a1d
             port: 80
             method: POST
             uri: /SOGo/
           output:
             no_log_contains: id "942450"
   - test_title: 9520100-3
+    desc: Disable 932236 for XSRF-TOKEN cookie
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: SOGo rule exclusions plugin
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              cookie: XSRF-TOKEN=ls69f28b16140b7e860c363fb8e777e796a0581a1d
+            port: 80
+            method: POST
+            uri: /SOGo/
+          output:
+            no_log_contains: id "932236"
+  - test_title: 9520100-4
     desc: Disable 942450 for 0xHIGHFLYxSOGo cookie
     stages:
       - stage:
@@ -53,3 +70,19 @@ tests:
             uri: /SOGo/
           output:
             no_log_contains: id "942450"
+  - test_title: 9520100-5
+    desc: Disable 932236 for 0xHIGHFLYxSOGo cookie
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: SOGo rule exclusions plugin
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              cookie: 0xHIGHFLYxSOGo=lsnbjdaf
+            port: 80
+            method: POST
+            uri: /SOGo/
+          output:
+            no_log_contains: id "932236"