Skip to content

Commit

Permalink
Implement new rule for bad request banner targeting ASP files
Browse files Browse the repository at this point in the history 
Fixes #161.
  • Loading branch information
@chesio
chesio committed Jul 29, 2024
1 parent 23d9b0b commit 873ccd1
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ WordPress 6.4 or newer is now required!
### Added

* Disable autoloading of plugin options when plugin is deactivated [#160](https://github.com/chesio/bc-security/issues/160).
* New built-in rule for bad request banner module that triggers when non-existing `.asp` or `.aspx` file is accessed [#161](https://github.com/chesio/bc-security/issues/161).
* Plugin has been tested with WordPress 6.6 [#157](https://github.com/chesio/bc-security/issues/157).

### Changed
Expand Down
9 changes: 9 additions & 0 deletions classes/BlueChip/Security/Modules/BadRequestsBanner/BuiltInRules.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ abstract class BuiltInRules

private const ARCHIVE_FILES_PATTERN = '\.(tgz|zip)$';

public const ASP_FILES = 'asp-files';

private const ASP_FILES_PATTERN = '\.aspx?$';

public const BACKUP_FILES = 'backup-files';

private const BACKUP_FILES_PATTERN = 'backup|(\.(back|old|tmp)$)';
Expand All @@ -28,6 +32,11 @@ abstract class BuiltInRules
public static function enlist(): array
{
return [
self::ASP_FILES => new BanRule(
__('Non-existent ASP files', 'bc-security'),
self::ASP_FILES_PATTERN,
__('(any URI targeting file with .asp or .aspx extension)', 'bc-security')
),
self::PHP_FILES => new BanRule(
__('Non-existent PHP files', 'bc-security'),
self::PHP_FILES_PATTERN,
Expand Down
31 changes: 31 additions & 0 deletions tests/unit/src/Cases/Modules/BadRequestsBanner/BuiltInRulesTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ public static function provideUris(): array
'data.tgz',
[
BuiltInRules::ARCHIVE_FILES => true,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -26,6 +27,7 @@ public static function provideUris(): array
'website-backup.zip',
[
BuiltInRules::ARCHIVE_FILES => true,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -35,6 +37,7 @@ public static function provideUris(): array
'wp-config.php.back',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -44,6 +47,7 @@ public static function provideUris(): array
'script.php.old',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -53,6 +57,7 @@ public static function provideUris(): array
'some/important/file.tmp',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -62,6 +67,7 @@ public static function provideUris(): array
'wp-content/theme/dummy/styles.css',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -71,6 +77,7 @@ public static function provideUris(): array
'plugin/non-existent/image.png',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -80,6 +87,27 @@ public static function provideUris(): array
'wp-content/themes/dummy/script.js',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'ASP file' => [
'backend.asp',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => true,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'ASPx file' => [
'login.aspx',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => true,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -89,6 +117,7 @@ public static function provideUris(): array
'_wp-config.php',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => true,
BuiltInRules::README_FILES => false,
Expand All @@ -98,6 +127,7 @@ public static function provideUris(): array
'humans.txt',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
Expand All @@ -107,6 +137,7 @@ public static function provideUris(): array
'wp-content/plugins/some-plugin/readme.txt',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::ASP_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => true,
Expand Down

0 comments on commit 873ccd1

Please sign in to comment.